Testing unauthenticated RESTAPI file scans on the same box
search cancel

Testing unauthenticated RESTAPI file scans on the same box

book

Article ID: 270398

calendar_today

Updated On:

Products

Protection Engine for Cloud Services

Issue/Introduction

Testing unauthenticated RESTAPI file scans

Environment

Release : 9.0.0

Resolution

  1. Navigate to the folder containing application.properties
    The default location for application.properties is C:\Program Files\Symantec\Scan Engine\RestAPI

  2. In application.properties, disable authentication 
  3. Restart restapi
  4. Use curl to submit a file to restapi
  5. After testing is complete, revert changes and restart restapi to apply

 

In application.properties, to disable authentication within SPE 9 RESTAPI, make the following changes 

sperestapi.auth.enabled=false
sperestapi.auth.filescanning.enabled=false

 

To use curl to submit a file to restapi

curl -k -X POST "http://localhost:8008/spe/api/v1/scan-file" -H "accept: application/xml" -H "Content-Type: multipart/form-data" -F "[email protected]"

Expected output:

<FileScanResult><scanStatus>SCAN_SUCCESS</scanStatus><fileScanned>Data.txt</fileScanned><fileStatus>CLEAN</fileStatus><fileQuarantineStatus>NOT_AVAILABLE</fileQuarantineStatus><totalInfections>0</totalInfections><virusDefinitionDate>2023-08-29T00:00:00.000+00:00</virusDefinitionDate><virusDefinitionRevisionNumber>008</virusDefinitionRevisionNumber><bytesScanned>-1</bytesScanned><totalFilesScanned>-1</totalFilesScanned><trueTypeOfFile>NA</trueTypeOfFile></FileScanResult>

Note: the example text file used in this test did not contain the EICAR Test String.

 

Additional Information

What is curl?

The test tool curl name means "Client for URL". The Curl project began in 1996. Many administrators view this tool as a basic utility for network troubleshooting. The curl utility is available on both Windows and Linux.

 

What happens if authentication is still enabled?

curl output will be similar to: 

<Map><timestamp>2023-08-01T22:04:15.687+00:00</timestamp><status>401</status><error>Unauthorized</error><message>Unauthorized</message><path>/spe/api/v1/scan-file</path></Map>

 

Can I use Linux curl to test from another Linux or Windows box?

Yes, just substitute the IP address of the SPE Server test box in place of localhost in the curl command above.

 

After I prove that REST API performs scans, how can I prove authenticated scans work with REST API?

See the Help topic: How to scan files using the REST API


Where can I find out more about the REST API of SPE?

https://apidocs.securitycloud.symantec.com/# 

 

How does SPE 9 REST API work with streaming?

  1. Client application gets the file and stores it.
  2. Client application then includes the file path in a scan request to REST API.
  3. REST API will then send that file to SPE in stream mode.

 

 

Powered by Wolken Software