wazuh-api
wazuh-api copied to clipboard
Wrong paths when querying Windows agent configuration
Hi team,
I've seen that the character \
is scaped on every path when querying Windows agent configuration.
# curl -u foo/bar -k "https://localhost:55000/agents/034/config/wmodules/wmodules?pretty"
{
"error": 0,
"data": {
"wmodules": [
{
"syscollector": {
"hardware": "yes",
"processes": "yes",
"network": "yes",
"interval": 3600,
"disabled": "yes",
"scan-on-start": "yes",
"packages": "yes",
"os": "yes",
"ports": "yes",
"ports_all": "no"
}
},
{
"cis-cat": {
"interval": 86400,
"disabled": "yes",
"scan-on-start": "yes",
"ciscat_path": "C:\\cis-cat",
"java_path": "\\\\server\\jre\\bin\\java.exe",
"timeout": 1800
}
},
{
"osquery": {
"config_path": "C:\\ProgramData\\osquery\\osquery.conf",
"log_path": "C:\\ProgramData\\osquery\\log\\osqueryd.results.log",
"disabled": "yes",
"bin_path": "C:\\ProgramData\\osquery\\osqueryd",
"run_daemon": "yes",
"add_labels": "yes"
}
}
]
}
}
Best regards, Cerv1.
Hello @Cerv1,
Those escape characters are added by Python's XML Etree library. Here's a screenshot debugging our XML reader with Pycharm:
As you can see, those characters are already added when we're reading the XML. We should add something like this:
option_value.replace('\\','\')
Best regards, Marta