Issue: Invalid Header Character in X-XSRF-TOKEN

[chla-conscia]

Issue: Invalid Header Character in X-XSRF-TOKEN

Description:
I encountered an error while running the py3_sure.py script for performing an SD-WAN audit and upgrade readiness check. The script fails during the preliminary data collection stage due to an invalid character in the X-XSRF-TOKEN header.

Steps to Reproduce:

1. Run the script with the following command:

   python3 py3_sure.py -d -u user.name

2. Provide the necessary password when prompted.

Observed Behavior:
The script terminates with the following error message:

ERROR: Error Collecting Preliminary Data.
Please check error details in log file: sdwan_sure/sure_logs_<timestamp>.log.

The log file contains:

ERROR: Invalid return character or leading space in header: X-XSRF-TOKEN
Traceback (most recent call last):
  File "py3_sure.py", line 2032, in <module>
    controllers = json.loads(getRequestpy3(version_tuple, vmanage_lo_ip, jsessionid , 'system/device/controllers', args.vmanage_port, tokenid))
  File "py3_sure.py", line 182, in getRequestpy3
    response = requests.request("GET", url , headers=headers, verify=False)
  File "/usr/lib/python3.8/site-packages/requests/api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 516, in request
    prep = self.prepare_request(req)
  File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 449, in prepare_request
    p.prepare(
  File "/usr/lib/python3.8/site-packages/requests/models.py", line 315, in prepare
    self.prepare_headers(headers)
  File "/usr/lib/python3.8/site-packages/requests/models.py", line 449, in prepare_headers
    check_header_validity(header)
  File "/usr/lib/python3.8/site-packages/requests/utils.py", line 947, in check_header_validity
    raise InvalidHeader("Invalid return character or leading space in header: %s" % name)
requests.exceptions.InvalidHeader: Invalid return character or leading space in header: X-XSRF-TOKEN

Expected Behavior:
The script should execute without errors and collect the preliminary data successfully.

Possible Cause:
The X-XSRF-TOKEN header seems to contain invalid characters or leading/trailing whitespace, which causes the requests library to raise an InvalidHeader exception.

Proposed Solution:
Strip any leading/trailing whitespace from the tokenID before including it in the headers. I modified the getRequestpy3 function to include this change:

def getRequestpy3(version_tuple, vManageIP, JSessionID, mount_point, Port, tokenID=None):
    if Port is None:
        url = "https://{}:8443/dataservice/{}".format(vManageIP, mount_point)
    else:
        url = "https://{}:{}/dataservice/{}".format(vManageIP, Port, mount_point)

    if version_tuple[0:2] < (19, 2):
        headers = {
            'Cookie': JSessionID
        }
    else:
        if tokenID:
            tokenID = tokenID.strip()  # Strip leading/trailing whitespace
        headers = {
            'X-XSRF-TOKEN': tokenID,
            'Cookie': JSessionID
        }
    print(f"DEBUG: Headers - {headers}")  # Debug print statement
    response = requests.request("GET", url, headers=headers, verify=False)
    data = response.content
    if response.status_code == 200:
        return data.decode()
    else:
        print('  Please verify if the vManage IP/URL is correct and JSessionID/CSRFToken is valid')

Additional Information:

• Script version: 3.2.0

vManage# show version 
20.9.4.1
vManage# vshell
vManage:~$ python3 --version
Python 3.8.13
vManage:~$ cat /etc/os-release 
ID=viptela

Please let me know if you need any further details or if there's any other way I can assist in resolving this issue.

Thank you.

---