I have a problem with a REST API Script, which was working until I upgraded Deep Security from 11.2.225 to 20.0.366. The error occurs on the line "for computer in api_comp.search_computers(api_version, search_filter=search_filter).computers:" the error which appears, when executing the script looks like this:
2021-06-21 13:38:00,529 root INFO Start Initialization
2021-06-21 13:38:00,536 root INFO Start read RuleIDs from DSCycle File
2021-06-21 13:38:00,539 root INFO Start read RuleIDs from Exception List File
2021-06-21 13:38:00,614 root INFO get all subpolicies of DS3
2021-06-21 13:38:01,997 root INFO get all applicationtypes for further filtering
2021-06-21 13:38:02,053 root INFO start policy DS3 Windows
Traceback (most recent call last):
File "E:\Script\ApplyNewIPSRulesInCycle.py", line 144, in <module>
for computer in api_comp.search_computers(api_version, search_filter=search_filter).computers:
File "E:\PythonInstall\lib\site-packages\deepsecurity\api\computers_api.py", line 614, in
search_computers
(data) = self.search_computers_with_http_info(api_version, **kwargs) # noqa: E501
File "E:\PythonInstall\lib\site-packages\deepsecurity\api\computers_api.py", line 698, in
search_computers_with_http_info
collection_formats=collection_formats)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 322, in call_api
_preload_content, _request_timeout)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 153, in __call_api
_request_timeout=_request_timeout)
File "E:\PythonInstall\lib\site-packages\deepsecurity\api_client.py", line 365, in request
body=body)
File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 275, in POST
body=body)
File "E:\PythonInstall\lib\site-packages\deepsecurity\rest.py", line 228, in request
raise ApiException(http_resp=r)
deepsecurity.rest.ApiException: (400)
Reason:
HTTP response headers: HTTPHeaderDict({'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection':
'1;mode=block', 'Cache-Control': 'no-cache,no-store', 'Pragma': 'no-cache', 'X-DSM-Version':
'Deep Security/20.0.366', 'Content-Type': 'application/json', 'Content-Length': '82', 'Date':
'Mon, 21 Jun 2021 11:38:01 GMT', 'Connection': 'close'})
HTTP response body: {"message":"Invalid SearchFilter: choiceTest is not supported for field
policyID"}
Needed Part of the Script:
# Get all subpolicies of basepolicy
logger.info("get all subpolicies of %s", basePolicy_d.name)
all_subpolicies = []
tempnew_policies = []
temp_policies = api_policy.search_policies(api_version, search_filter=search_filter).policies
while len(temp_policies) > 0:
for p in temp_policies:
search_criteria.numeric_value = p.id
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
tempnew_policies.extend(api_policy.search_policies(api_version, search_filter=search_filter).policies)
all_subpolicies.extend(temp_policies)
temp_policies = tempnew_policies
tempnew_policies = []
# Get all ApplicationTypes with incoming direction
search_criteria = deepsecurity.SearchCriteria()
search_criteria.field_name = "direction"
search_criteria.choice_test = "equal"
search_criteria.choice_value = "incoming"
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
appltypesid = []
logger.info("get all applicationtypes for further filtering")
appltypes = api_appltype.search_application_types(api_version, search_filter=search_filter).application_types
for a in appltypes:
appltypesid.append(a.id)
f = open("e:\\script\\export\\export.txt", "a")
# Go trough all the policies that are under the D-Group
for policy in all_subpolicies:
logger.info("start policy %s", policy.name)
mailmsg_add = ""
# Get all computers in that policy
search_criteria.field_name = "policyID"
search_criteria.numeric_value = policy.id
search_filter = deepsecurity.SearchFilter(None, [search_criteria])
rulesToAdd = []
for computer in api_comp.search_computers(api_version, search_filter=search_filter).computers:
try:
# Get all Recommendations per Computer
recommendation_comp = api_rec_comp.list_intrusion_prevention_rule_ids_on_computer(computer.id, api_version)
if recommendation_comp.recommended_to_assign_rule_ids is not None:
for rule_id in recommendation_comp.recommended_to_assign_rule_ids:
# Check if ConnectionDirection of recommended IPS is incoming
rule = api_ipsrule.describe_intrusion_prevention_rule(rule_id, api_version)
logger.debug("check rule %s for list of policy %s", (str(rule.id) + ": " + rule.name), policy.name)
if rule.application_type_id in appltypesid and rule.id in dscycle_ruleids and rule.id not in exception_ruleids:
# TODO:Add to a list per Policy to add new policies
if rule.id not in rulesToAdd:
mailmsg_add += "- add rule " + (str(rule.id) + ": " + rule.name) + " \r\n"
logger.info("add rule %s to list of policy %s", (str(rule.id) + ": " + rule.name), policy.name)
rulesToAdd.append(rule.id)
f.write(policy.name + ";" + computer.host_name + ";" + str(rule.id) + ": " + rule.name + "\n")
except Exception as e:
logging.exception("Exception on Computer ", computer.id)
Does anyone have an idea on why this is failing, what has changed and what I can do?
The logs tell us the problem is happening within the policy loop. And the error message ("Invalid SearchFilter: choiceTest is not supported for field policyID") tells us the problem is the SearchFilter includes a choiceTest when trying to search on the policyID field.
Looking at the code, I see the search_criteria variable is re-used. That means the third time it's used, it's carrying over the choiceTest value from the second time it was used.
Try something like this (creating a new search criteria):
# Get all computers in that policy
search_criteria_policy = deepsecurity.SearchCriteria()
search_criteria_policy.field_name = "policyID"
search_criteria_policy.numeric_value = policy.id
P.S. I work in Trend Micro R&D