nexpose_java_api icon indicating copy to clipboard operation
nexpose_java_api copied to clipboard

Published 20 hours ago verified publisher icon rapid7

Library assumes XML being returned, not always true

Open brandonprry opened this issue 12 years ago • 0 comments

The library currently assumes that the response will be XML, this isn't true for ad-hoc reports. Reports are returned in a multipart MIME message. The library currently breaks wen trying to pull down an ad-hoc report with a SAX error.

The following code repro's the issue:

import org.rapid7.nexpose.api.APIException;
import org.rapid7.nexpose.api.APIResponse;
import org.rapid7.nexpose.api.APISession;
import org.rapid7.nexpose.api.APISession.APISupportedVersion;
import org.rapid7.nexpose.api.ReportAdhocGenerateRequest;
import org.rapid7.nexpose.api.ReportConfigRequest;
import org.rapid7.nexpose.api.ReportListingRequest;
import org.rapid7.nexpose.api.generators.IContentGenerator;
import org.rapid7.nexpose.api.generators.ReportFiltersContentGenerator;
import org.rapid7.nexpose.api.generators.ReportFiltersContentGenerator.ReportFilter;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;

public class Main
{

   /**
    * @param args
    */
   public static void main(String[] args)
   throws Exception
   {
      URL url;
      APISession session;
      
      try
      {
         url = new URL("https://127.0.0.1:3780");
         session = new APISession(url, "xml", APISupportedVersion.V1_2, "username", "password");
      }
      catch (MalformedURLException ex)
      {
         throw new Exception(ex);
      }
      
      try
      {
         session.login(null);
      }
      catch (Exception e)
      {
         System.exit(1);
      }
      
      String sessionID = session.getSessionID();
      ReportFiltersContentGenerator filters = new ReportFiltersContentGenerator();
      
      List f = new ArrayList();
      f.add(new ReportFilter("site", "1"));
      filters.setFilters(f);
      
      ReportAdhocGenerateRequest req = new ReportAdhocGenerateRequest(sessionID, null, "pdf", "audit-report", null, filters);
      //String fdsa = req.toXML();
      APIResponse resp = session.executeAPIRequest(req);
      
      String requestXML = req.toXML();
      resp = session.sendRawXMLRequest(requestXML, APISupportedVersion.V1_0);
      String xml = resp.getResponse();
      System.out.println(xml);
   }
   /////////////////////////////////////////////////////////////////////////
   // Public methods
   /////////////////////////////////////////////////////////////////////////

   /////////////////////////////////////////////////////////////////////////
   // Non-public methods
   /////////////////////////////////////////////////////////////////////////

   /////////////////////////////////////////////////////////////////////////
   // Non-public fields
   /////////////////////////////////////////////////////////////////////////

}

brandonprry avatar Aug 01 '12 19:08 brandonprry