05-22-2021 12:58 PM
Hi,
When doing some unittesting on a PR in a python library I got a strange error.
As soon as I searched a networkdevice with a filter that contained "update" I got 500 from ISE.
After some troubleshooting (off-course in my code for a long time) I saw that there was an exception on "insecure filter data".
Do anyone know if this is by design, or if it is a bug?
{ "ERSResponse": { "operation": "GET-getAll-networkdevice", "messages": [ { "title": "Operation search NETWORK_DEVICE failed. Look at the debug logs for more information", "type": "ERROR", "code": "CRUD operation exception" } ], "link": { "rel": "related", "href": "https://192.168.1.27:9060/ers/config/networkdevice?filter=name.EQ.whateverupdatewhatever", "type": "application/xml" } } }
2021-05-22 21:19:52,394 ERROR [ers-http-pool1][] ers.app.impl.handlers.NetworkDeviceCRUDHandler -::::- Error while listing NetworkDevices - com.cisco.cpm.ers.api.exception.ERSValidationException: Insecure filter data:whateverupdatewhatever,
--
Regards Falk
Solved! Go to Solution.
05-24-2021 03:29 PM
I was able to successfully POST a network device named 'update' and do a GET by id and name for it
GET https://ise.securitydemo.net:9060/ers/config/networkdevice/name/update { "NetworkDevice": { "id": "98eaec70-bcd9-11eb-85b5-c680612b853f", "name": "update", "description": "use the word update for Andreas Falk", "authenticationSettings": { "networkProtocol": "RADIUS", "radiusSharedSecret": "C1sco12345", "enableKeyWrap": false, "dtlsRequired": false, "keyInputFormat": "ASCII", "enableMultiSecret": "false" }, "tacacsSettings": { "sharedSecret": "C1sco12345", "connectModeOptions": "OFF" }, "profileName": "Cisco", "coaPort": 0, "NetworkDeviceIPList": [ { "ipaddress": "1.2.3.4", "mask": 32 } ], "NetworkDeviceGroupList": [ "Location#All Locations", "IPSEC#Is IPSEC Device#No", "Device Type#All Device Types", "Department#Department", "Regions#Regions", "Operation#Operation" ] } }
However when I tried to search with the substring "update" it failed like you said! 8-(
GET https://ise.securitydemo.net:9060/ers/config/networkdevice?filter=name.CONTAINS.update
{ "ERSResponse": { "operation": "GET-getAll-networkdevice", "messages": [ { "title": "Operation search NETWORK_DEVICE failed. Look at the debug logs for more information", "type": "ERROR", "code": "CRUD operation exception" } ], "link": { "rel": "related", "href": "https://ise.securitydemo.net:9060/ers/config/networkdevice?filter=name.CONTAINS.update", "type": "application/xml" } } }
If I use a shorter substring ('updat') it works fine so this sounds like a bug to me!
GET https://ise.securitydemo.net:9060/ers/config/networkdevice?filter=name.CONTAINS.updat HTTP/1.1 200 OK
{ "SearchResult": { "total": 1, "resources": [ { "id": "98eaec70-bcd9-11eb-85b5-c680612b853f", "name": "update", "description": "use the word update for Andreas Falk", "link": { "rel": "self", "href": "https://ise.securitydemo.net:9060/ers/config/networkdevice/98eaec70-bcd9-11eb-85b5-c680612b853f", "type": "application/json" } } ] } }
05-24-2021 03:29 PM
I was able to successfully POST a network device named 'update' and do a GET by id and name for it
GET https://ise.securitydemo.net:9060/ers/config/networkdevice/name/update { "NetworkDevice": { "id": "98eaec70-bcd9-11eb-85b5-c680612b853f", "name": "update", "description": "use the word update for Andreas Falk", "authenticationSettings": { "networkProtocol": "RADIUS", "radiusSharedSecret": "C1sco12345", "enableKeyWrap": false, "dtlsRequired": false, "keyInputFormat": "ASCII", "enableMultiSecret": "false" }, "tacacsSettings": { "sharedSecret": "C1sco12345", "connectModeOptions": "OFF" }, "profileName": "Cisco", "coaPort": 0, "NetworkDeviceIPList": [ { "ipaddress": "1.2.3.4", "mask": 32 } ], "NetworkDeviceGroupList": [ "Location#All Locations", "IPSEC#Is IPSEC Device#No", "Device Type#All Device Types", "Department#Department", "Regions#Regions", "Operation#Operation" ] } }
However when I tried to search with the substring "update" it failed like you said! 8-(
GET https://ise.securitydemo.net:9060/ers/config/networkdevice?filter=name.CONTAINS.update
{ "ERSResponse": { "operation": "GET-getAll-networkdevice", "messages": [ { "title": "Operation search NETWORK_DEVICE failed. Look at the debug logs for more information", "type": "ERROR", "code": "CRUD operation exception" } ], "link": { "rel": "related", "href": "https://ise.securitydemo.net:9060/ers/config/networkdevice?filter=name.CONTAINS.update", "type": "application/xml" } } }
If I use a shorter substring ('updat') it works fine so this sounds like a bug to me!
GET https://ise.securitydemo.net:9060/ers/config/networkdevice?filter=name.CONTAINS.updat HTTP/1.1 200 OK
{ "SearchResult": { "total": 1, "resources": [ { "id": "98eaec70-bcd9-11eb-85b5-c680612b853f", "name": "update", "description": "use the word update for Andreas Falk", "link": { "rel": "self", "href": "https://ise.securitydemo.net:9060/ers/config/networkdevice/98eaec70-bcd9-11eb-85b5-c680612b853f", "type": "application/json" } } ] } }
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide