Question about POST request to /api/stored-libraries/ in python

[EmilienPer02]

Hello,
I'm trying to upload a custom library using your API .
My script is in python and uses "requests".
When I'm trying to send the file, I have the error "Missing filename" that requests me to add a Content-Disposition in header.
When I add it, I have a invalidLibraryFileError.
In the frontend, I'm able to send the file so the file is good.

Do you have a POC script in python using requests to send a library via your API to /api/stored-libraries/ via a POST request?

Thank

[nas-tabchiche]

Hi @EmilienPer02,

Thank you for reaching out.

The invalidLibraryFileError indicates that the file was successfully transmitted to the backend, but the library validation process failed. You might be able to get more details about what went wrong by checking the backend logs, as they should provide additional context for the error.

A common issue we’ve observed in similar cases is a malformation in the library YAML file. If the file is not sensitive, could you share it with us? This would help us investigate the specific issue and identify any malformed parts.

Regards

[EmilienPer02]

Hello,
Thank for your answer.
I used your yml file (Tiber-eu.yaml: https://github.com/intuitem/ciso-assistant-community/blob/main/backend/library/libraries/tiber-eu-2018.yaml ) and a custom file. But I have the issue ({"error": "invalidLibraryFileError"}) with both. I can't check blacklog (I don't have access to it).

My script is roundly the following
`
import requests

url="https://exemple.com/api/stored-libraries/"

headers={ 'accept': 'application/json', 'Referer': 'https://exemple.com', 'Authorization': 'Bearer ', 'X-Csrftoken': '<CSRF_TOKEN>', 'Content-Disposition': 'attachment; filename="tiber-eu-2018.yaml"'}

cookies={'csrftoken':<CSRF_TOKEN>,'sessionid':<SESSION_ID>}

data=None
json_data={}
files={'file':open("tiber-eu-2018.yaml", 'r')}
requests.post(url, headers=headers,data=data, json=json_data,cookies=cookies,files=files)`

If I remove 'Content-Disposition' from headers, I have an other issue ({"detail":"Missing filename. Request should include a Content-Disposition header with a filename parameter."}

[nas-tabchiche]

Hi @EmilienPer02,

Thanks for sharing your script! I believe the issue lies in how the file is being sent.
The /api/stored-libraries/upload/ endpoint expects the file to be sent directly in the request body (using the data argument), not via the files argument, which sends it as multipart/form-data.

Additionally:

• The Authorization header should use Token <your auth token> instead of Bearer.
• You don’t need to include cookies (csrftoken or sessionid) when using the API, as authentication is handled via the Authorization header.

Here’s an example of how your script could look:

import requests

TOKEN = "<your auth token>"

url = "https://example.com/api/stored-libraries/upload/"

headers = {
    "Authorization": f"Token {TOKEN}",
    "Content-Disposition": 'attachment; filename="tiber-eu-2018.yaml"'
}

file_path = "tiber-eu-2018.yaml"

with open(file_path, "rb") as file:
    response = requests.post(url, headers=headers, data=file)

print(f"Status Code: {response.status_code}")
print(f"Response: {response.json()}")

I am expecting something like this to work. You should receive an empty response with status code 200 if the upload and storage of the library is successful.

If the issue persists, feel free to reach out.

[EmilienPer02]

Thank for your help.
By using /api/stored-libraries/upload/ , I'm able to send a file (doesn't work with /api/stored-libraries/).
But , The server's answer is empty with a code 200 instead of following the API schema documentation.
And the library is well uploaded.

Could you help me by:

1. Explain me why the answer is empty
2. How to use /api/stored-libraries/ instead of /api/stored-libraries/upload/?

Thank