cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

7440
Views
27
Helpful
13
Replies
Cisco Employee

PSIRT - openVuln API Authorization Error

Hello PSIRT API team.

any assistance, or guidance, with regards to the below "Not Authorized" response from the openVuln API REST request would be greatly appreciated.

oAuth2.0 Token request

client_id=vjjw9...p9d4bs&grant_type=client_credentials&client_secret=PhdNGK...ThNF3A

Url: https://cloudsso.cisco.com/as/token.oauth2

<Response [200]>

<<class 'requests.cookies.RequestsCookieJar'>[<Cookie PF=b7Y6PySpJjVrPP96S6HA1w for cloudsso.cisco.com/>]>

openVuln API request

URL: https://api.cisco.com/security/advisories/cvrf/all

{'Authorization': 'Bearer b7Y6PySpJjVrPP96S6HA1w'}

[Request: Return Headers]{'Content-Length': '23', 'X-Mashery-Error-Code': 'ERR_403_NOT_AUTHORIZED', 'Server': 'Mashery Proxy', 'X-Error-Detail-Header': 'Not Authorized', 'X-Mashery-Message-ID': '6e4f0ecd-e8ad-47dd-8425-fe4aff058f6f', 'Connection': 'close', 'Date': 'Sat, 19 Mar 2016 18:22:30 GMT', 'Content-Type': 'text/xml'}

[Request: Return Content] <h1>Not Authorized</h1>

Also tried with Postman...

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: PSIRT - openVuln API Authorization Error

Dave,

Sorry it took so long, docker issues.

Here's the code:

#!/usr/local/bin/python

import oauth2 as oauth

import json

import urllib.request

print('OAuth example into Cisco.com')

consumer = oauth.Consumer(key="yourclientidhere",secret="yourclientsecrethere")

request_token_url = "https://cloudsso.cisco.com/as/token.oauth2?grant_type=client_credentials&client_id=yourclientidhere&client_secret=yourclientsecrethere"

client = oauth.Client(consumer)

resp, content = client.request(request_token_url, "POST")

print(content)

j = json.loads(content.decode('utf-8'))

print(j['access_token'])

req = urllib.request.Request('https://api.cisco.com/security/advisories/cvrf/all')

req.add_header('Accept','application/json')

req.add_header('Authorization','Bearer '+j['access_token'])

resp = urllib.request.urlopen(req)

adv = resp.read()

advdata = json.loads(adv.decode('utf-8'))

for advisory in advdata['advisories']:

    print(advisory)

View solution in original post

13 REPLIES 13
Cisco Employee

Re: PSIRT - openVuln API Authorization Error

Followed up with user offline and demonstrated the API access. Additional examples are located here:

Accessing the Cisco PSIRT openVuln API Using curl

Beginner

Re: PSIRT - openVuln API Authorization Error

Hi,

I don't suppose there are any examples of accessing the Cisco PSIRT openVuln API using python?

Beginner

Re: PSIRT - openVuln API Authorization Error

David,

I just managed to get a python example working yesterday using the oauth2 module installed via pip. Used urllib to perform the API call once I had the token and added authorisation headers with the token.

I don't have the code on my as its in a docker container.

I am cheating a little as the token URL wants a POST but I am supplying the additional parameters as part of the URL. Still works.

I am able to receive the JSON from the first API call listed and interate through the results.

If you want I can fire up my container and extract out the code. It's pretty rough.

RYan

Beginner

Re: PSIRT - openVuln API Authorization Error

Hi Ryan,

If you could extract out the code that would be very useful.

Thanks

Dave

Beginner

Re: PSIRT - openVuln API Authorization Error

Dave,

Sorry it took so long, docker issues.

Here's the code:

#!/usr/local/bin/python

import oauth2 as oauth

import json

import urllib.request

print('OAuth example into Cisco.com')

consumer = oauth.Consumer(key="yourclientidhere",secret="yourclientsecrethere")

request_token_url = "https://cloudsso.cisco.com/as/token.oauth2?grant_type=client_credentials&client_id=yourclientidhere&client_secret=yourclientsecrethere"

client = oauth.Client(consumer)

resp, content = client.request(request_token_url, "POST")

print(content)

j = json.loads(content.decode('utf-8'))

print(j['access_token'])

req = urllib.request.Request('https://api.cisco.com/security/advisories/cvrf/all')

req.add_header('Accept','application/json')

req.add_header('Authorization','Bearer '+j['access_token'])

resp = urllib.request.urlopen(req)

adv = resp.read()

advdata = json.loads(adv.decode('utf-8'))

for advisory in advdata['advisories']:

    print(advisory)

View solution in original post

Cisco Employee

Re: PSIRT - openVuln API Authorization Error

rruckley This is great! I added a few comments and posted it in GitHub at https://github.com/CiscoPSIRT/openVulnAPI

Beginner

Re: PSIRT - openVuln API Authorization Error

Omar,

Happy to contribute. My next goal is to turn this into a microservice that can be consumed by internal tools.

Ryan

Beginner

Re: PSIRT - openVuln API Authorization Error

Hi rruckley,

That is brilliant, thanks for the help.

Beginner

Re: PSIRT - openVuln API Authorization Error

This may be a dumb question, but how do I verify that I have actually been given access to the openVuln API? I get the same "Not Authorized" header returned when I attempt to actually retrieve records whether I use cURL or Postman. I followed the steps listed in the API console to get access tokens, but I never saw the openVuln API listed.

Cisco Employee

Re: PSIRT - openVuln API Authorization Error

Hi Erick,

If you go to https://apiconsole.cisco.com/apps/myapps you should see the authorized application you registered along with the status.

Screen Shot 2016-09-21 at 1.13.58 PM.png

Beginner

Re: PSIRT - openVuln API Authorization Error

Hey Omar, I don't see the Cisco PSIRT openVuln API to request access to on the API Console. Any Idea why?

Cisco Employee

Re: PSIRT - openVuln API Authorization Error

The API should be open for any active customer (i.e., a customer with an active Cisco contract) and Cisco partners. If you do not see the option at https://apiconsole.cisco.com/apps/myapis ; you may want to open a case at: http://www.cisco.com/c/en/us/support/index.html or by calling 800-553-2447.

Hope this helps.

Regards,

Omar

Highlighted
Enthusiast

Re: PSIRT - openVuln API Authorization Error

The code generates this error.

SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

Suggestions?

Thanks all!

Update-------------------

This appears to be an issue in Python 3.6 with how SSL is handled.  I am able to generate the key in 2.7 however the use of Request appears to not be valid in 2.7.  Does anyone know what vert changes need to be made to accept the Cisco cert for the key URL?

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here
This widget could not be displayed.