I have a problem with a REST API script which was working for 3 months and now the script aborts with an error. On the line "ips_rules = api_ipsrule.list_intrusion_prevention_rules(api_version).intrusion_prevention_rules" the script aborts with the following error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "E:\PythonInstall\lib\site-packages\deepsecurity\api\intrusion_prevention_rules_api.py", line 380, in list_intrusion_prevention_rules
(data) = self.list_intrusion_prevention_rules_with_http_info(api_version, **kwargs) # noqa: E501
File "E:\PythonInstall\lib\site-packages\deepsecurity\api\intrusion_prevention_rules_api.py", line 458, in list_intrusion_prevention_rules_with_http_info
collection_formats=collection_formats)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 322, in call_api
_preload_content, _request_timeout)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 153, in __call_api
_request_timeout=_request_timeout)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 343, in request
headers=headers)
File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 238, in GET
query_params=query_params)
File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 228, in request
raise ApiException(http_resp=r)
deepsecurity.rest.ApiException: (500)
Reason:
HTTP response headers: HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1;mode=block', 'Cache-Control': 'no-cache,no-store', 'Pragma': 'no-cache', 'X-DSM-Version': 'Deep Security/11.2.225', 'Content-Type': 'application/json', 'Content-Length': '35', 'Date': 'Mon, 07 Oct 2019 12:23:51 GMT', 'Connection': 'close'})
HTTP response body: {"message":"Internal server error"}
Script
Script:
from __future__ import print_function
import sys, warnings
import deepsecurity
import datetime
import logging
import smtplib
from deepsecurity.rest import ApiException
from pprint import pprint
deepsecurity.Configuration.verify_ssl = False
# Setup
if not sys.warnoptions:
warnings.simplefilter("ignore")
configuration = deepsecurity.Configuration()
configuration.host = 'https://HOST:4119/api'
# Authentication
configuration.api_key["api-secret-key"] = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# Initialization
logger = logging.getLogger()
handler = logging.StreamHandler()
formatter = logging.Formatter(
'%(asctime)s %(name)-12s %(levelname)-8s %(message)s')
handler.setFormatter(formatter)
logger.addHandler(handler)
logger.setLevel(logging.INFO)
handler_file = logging.FileHandler("e:\\script\\log\\log.txt")
handler_file.setLevel(logging.DEBUG)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
handler_file.setFormatter(formatter)
logger.addHandler(handler_file)
logger.info("Start Initialization DSCycleStart")
api_version = 'v1'
api_ipsrule = deepsecurity.IntrusionPreventionRulesApi(deepsecurity.ApiClient(configuration))
filename = "e:\\script\\config\\ruleids_dscycle.txt"
open(filename, 'w').close()
f = open(filename, "a")
logger.info("Start First")
ips_rules = api_ipsrule.list_intrusion_prevention_rules(api_version).intrusion_prevention_rules
for rule in ips_rules:
f.write(str(rule.id) + "\n")
highestid = rule.id
logger.info("Start Second")
# BC there is a limit of 5000 per query, it has to be done twice to get up to 10000
search_criteria = deepsecurity.SearchCriteria()
search_criteria.id_value = highestid
search_criteria.id_test = "greater-than"
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
ips_rules = api_ipsrule.search_intrusion_prevention_rules(api_version, search_filter=search_filter).intrusion_prevention_rules
for rule in ips_rules:
f.write(str(rule.id) + "\n")
logger.info("Finish DSCycleStart")
Any idea what have changed or what I can do?
I have an idea of what could be happening here. About a month ago, there was a brief period of time where a Deep Security Rules Update (DSRU) available for download contained rules which were missing some metadata. This did not impact the functionality of the rules, but does cause an issue with fetching them from the API. The DSRU was corrected, so the currently available 19-044 has complete metadata. The API has also been improved to avoid this risk in future releases.
To confirm if you have the affected version, I recommend you see if you have intrusion prevention rules which are missing their "issued date" (would show as N/A in the GUI). If you do have the version with missing metadata, you can solve the API problem by rolling back to a DSRU from before 19-044, then applying the latest DSRU.
P.S. I work for Trend Micro in Deep Security R&D