Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Text/plain response can't be parsed, masking the response actual value #1154

Open
davidt99 opened this issue May 5, 2024 · 3 comments
Open

Text/plain response can't be parsed, masking the response actual value #1154

davidt99 opened this issue May 5, 2024 · 3 comments
Assignees
@jshcodes
Labels
API usage General API usage issues and questions bug 🐛 Something isn't working RTR Real Time Response issues and questions

Comments

@davidt99
Copy link
Contributor

davidt99 commented May 5, 2024

Describe the bug
I came across a response from the government cloud (I tried to initiate an RTR session), and the response was as follows:
Status code: 403
Content type: text/plain
Content: Remote response feature is not enabled
The issue is that this error is not returned to the calling code because on line #289, it assumes the response is in JSON.
Eventually, it falls back to "No content was received for this request.".

I am not sure how to actually fix this. I assume the text/plain is somewhat backward compatibility code for older instances of CrowdStrike. I would suggest either fixing this in the backend (@jshcodes, I assume you have the ability to make this happen) or fallback to create the Result object with somewhat this format "errors": [{"message": response.text, "code": response.status_code}], Timeouts act in a similar way.

Environment (please complete the following information):

  • OS: MacOS
  • Python: 3.11
  • FalconPy: 1.4.3
@davidt99 davidt99 added the bug 🐛 Something isn't working label May 5, 2024
@crowdstrikedcs
Copy link
Member

Hi @davidt99 thanks for bringing this to our attention! I will investigate what's coming back in the response and see about either having this updated on the API or SDK side.

@jshcodes
Copy link
Member

jshcodes commented May 8, 2024

Hi @davidt99 -

Can we see an example of the code you're executing? I'd like to confirm I'm comparing apples to apples in my local testing.

The result object may need to be updated to handle unusual text responses regardless, as this may happen in other scenarios.

Thank you for reporting this! 🙇

@jshcodes jshcodes self-assigned this May 8, 2024
@jshcodes jshcodes added RTR Real Time Response issues and questions API usage General API usage issues and questions labels May 8, 2024
@davidt99
Copy link
Contributor Author

davidt99 commented May 9, 2024

It was just a simple init_session of rtr:

rtr: falconpy.RealTimeResponse
response = rtr.init_session(device_id=device_id, offline_queued=False)

If you are using responses for mocking, this is the code you can use to simulate:

with responses.RequestsMock() as mock:
    mock.add('POST', 'https://api.crowdstrike.com/real-time-response/entities/sessions/v1', body='Remote response feature is not enabled', content_type='text/plain', status=403)
    requests.post('https://api.crowdstrike.com/real-time-response/entities/sessions/v1')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jshcodes jshcodes

Labels
API usage General API usage issues and questions bug 🐛 Something isn't working RTR Real Time Response issues and questions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davidt99 @crowdstrikedcs @jshcodes