python脚本调用api实战_python脚本调用fortigate API完整代码

最新推荐文章于 2024-12-10 10:52:54 发布
最新推荐文章于 2024-12-10 10:52:54 发布
阅读量1k 收藏
点赞数
文章标签: python脚本调用api实战
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_42301008/article/details/112893384
版权
该博客展示了如何使用Python脚本通过requests模块调用Fortigate API。首先定义了几个异常类,然后创建了一个FortiGate类,用于处理与FortiOS设备的连接、登录、登出以及发起HTTP请求。此外,还提供了CollectIp类来读取IP地址,并使用InvokeFortigate类将IP添加到Fortigate防火墙地址组。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

python通过requests模块可以发起get和post请求,调用第三方API接口,下面是调用fortigate API的例子代码:

#!/usr/bin/env python

# coding=utf-8

import json

import requests

from requests.exceptions import ConnectionError as ReqConnError

import inspect, sys, os, gzip, re, traceback

import logging.handlers

class FGTBaseException(Exception):

"""Wrapper to catch the unexpected"""

def __init__(self, msg=None, *args, **kwargs):

if msg is None:

msg = "An exception occurred within pyfmg"

super(FGTBaseException, self).__init__(msg, *args, **kwargs)

class FGTValidSessionException(FGTBaseException):

"""Raised when a call is made, but there is no valid login instance"""

def __init__(self, method, url, *args, **kwargs):

msg = "A call using the {method} method was requested to {url} on a FortiOS instance that had no " \

"valid session or was not connected. Paramaters were:\n{params}". \

format(method=method, url=url, params=kwargs)

super(FGTValidSessionException, self).__init__(msg, *args, **kwargs)

class FGTValueError(ValueError):

"""Catch value errors such as bad timeout values"""

def __init__(self, *args, **kwargs):

super(FGTValueError, self).__init__(*args, **kwargs)

class FGTResponseNotFormedCorrect(KeyError):

"""Used only if a response does not have a standard format as based on FGT response guidelines"""

def __init__(self, *args, **kwargs):

super(FGTResponseNotFormedCorrect, self).__init__(*args, **kwargs)

class FGTConnectionError(ReqConnError):

"""Wrap requests Connection error so requests is not a dependency outside this module"""

def __init__(self, *args, **kwargs):

super(FGTConnectionError, self).__init__(*args, **kwargs)

class FortiGate(object):

def __init__(self, host, user, passwd=None, debug=False, use_ssl=True, verify_ssl=False, timeout=300,

disable_request_warnings=False, apikey=None):

super(FortiGate, self).__init__()

self._host = host

self._user = user

self._req_id = 0

self._url = None

self._session = None

self._sid = None

self._timeout = timeout

self._debug = debug

self._use_ssl = use_ssl

self._verify_ssl = verify_ssl

self._apikeyused = True if passwd is None and apikey is not None else False

self._passwd = passwd if passwd is not None else apikey

if disable_request_warnings:

pass

#requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

@property

def api_key_used(self):

return self._apikeyused

@api_key_used.setter

def api_key_used(self, val):

self._apikeyused = val

@property

def debug(self):

return self._debug

@debug.setter

def debug(self, val):

self._debug = val

@property

def req_id(self):

return self._req_id

@req_id.setter

def req_id(self, val):

self._req_id = val

def _update_request_id(self, reqid=0):

self.req_id = reqid if reqid != 0 else self.req_id + 1

@property

def sid(self):

return self._sid

@sid.setter

def sid(self, val):

self._sid = val

@property

def verify_ssl(self):

return self._verify_ssl

@verify_ssl.setter

def verify_ssl(self, val):

self._verify_ssl = val

@property

def timeout(self):

return self._timeout

@timeout.setter

def timeout(self, val):

self._timeout = val

@staticmethod

def jprint(json_obj):

try:

return json.dumps(json_obj, indent=2, sort_keys=True)

except TypeError as te:

return json.dumps({"Type Information": te.message})

def dprint(self, msg, s=None):

if self.debug:

print(msg)

if s is not None:

print(self.jprint(s) + "\n")

pass

def _set_sid(self, response):

if self.api_key_used:

self.sid = "apikeyusednosidavailable"

return

for cookie in response.cookies:

if cookie.name == "ccsrftoken":

csrftoken = cookie.value[1:-1]

# print(csrftoken)

self._session.headers.update({"X-CSRFTOKEN": csrftoken})

if "APSCOOKIE_" in cookie.name:

self.sid = cookie.value

def _set_url(self, url, *args):

if "logincheck" in url or "logout" in url:

self._url = "{proto}://{host}/{url}".format(proto="https" if self._use_ssl else "http",

host=self._host, url=url)

else:

if url[0] == "/":

url = url[1:]

self._url = "{proto}://{host}/api/v2/{url}".format(proto="https" if self._use_ssl else "http",

host=self._host, url=url)

if len(args) > 0:

self._url = "{url}?".format(url=self._url)

try:

self._url = self._url + "&".join(args)

except:

pass

def __handle_login_values(self, response):

# response first character defines if login was successful

# 0 Log in failure. Most likely an incorrect username/password combo.

# 1 Successful log in*

# 2 Admin is now locked out

# 3 Two-factor Authentication is needed**

try:

if response.status_code == 200:

if response.text == "" or response.text[0] == "0":

return -1, {"status_code": response.status_code,

"message": "Failed Login - Most likely incorrect username/password used"}

elif response.text[0] == "1":

self._set_sid(response)

return 0, {"status_code": response.status_code, "message": "Login Successful"}

elif response.text[0] == "2":

return -1, {"status_code": response.status_code, "message": "Admin Locked Out"}

elif response.text[0] == "3":

return -1, {"status_code": response.status_code, "message": "Two-factor Required"}

else:

return -1, {"status_code": response.status_code, "message": "Unknown Error Occurred"}

else:

return -1, {"status_code": response.status_code,

"message": "Login Failed Status Code {} Returned".format(response.status_code)}

except IndexError as err:

self.dprint("Index error in response: {err_type} {err}\n\n".format(err_type=type(err), err=err))

raise FGTResponseNotFormedCorrect(err)

def __handle_response_login(self, response):

login_response = self.__handle_login_values(response)

self.dprint("RESPONSE:", login_response[1])

return login_response

def __handle_response_logout(self, response):

self._sid = None

self._req_id = 0

if response.status_code == 200:

self.dprint("RESPONSE:", {"status_code": response.status_code, "message": "Logout Successful"})

return 0, {"status_code": response.status_code, "message": "Logout Successful"}

else:

self.dprint("RESPONSE:", {"status_code": response.status_code, "message": "Logout Failed"})

return -1, {"status_code": response.status_code, "message": "Logout Failed"}

def _handle_response(self, response):

if "logincheck" in self._url:

return self.__handle_response_login(response)

elif "logout" in self._url:

return self.__handle_response_logout(response)

else:

try:

if "text" in response:

if type(response["text"]["results"]) is list:

result = response["text"]["results"][0]

else:

result = response["text"]["results"]

self.dprint("RESPONSE:", result)

if "http_status" in response:

return response["http_status"], result

else:

return response["status"], result

else:

if "http_status" in response:

self.dprint("RESPONSE:", response)

return response["http_status"], response

else:

self.dprint("RESPONSE:", response)

return response["status"], response

except IndexError as err:

self.dprint("Index error in response: {err_type} {err}\n\n".format(err_type=type(err), err=err))

raise FGTResponseNotFormedCorrect(err)

except Exception as e:

print("Response parser error: {err_type} {err}".format(err_type=type(e), err=e))

return -1, e

def _post_request(self, method, url, params):

class InterResponse(object):

def __init__(self):

self.status_code = 200

self.text = "1"

if self.sid is None and "logincheck" not in url:

raise FGTValidSessionException(method, params)

self._update_request_id()

if self.api_key_used:

headers = {"content-type": "application/json",

"Authorization": "Bearer {apikey}".format(apikey=self._passwd)}

self._session.headers.update(headers)

else:

headers = {"content-type": "application/json"}

self._session.headers.update(headers)

try:

if "logincheck" in self._url:

if self.api_key_used:

iresponse = InterResponse()

return self._handle_response(iresponse)

else:

method_to_call = getattr(self._session, method)

json_request = "username={uname}&secretkey={pword}&ajax=1".format(uname=self._user,

pword=self._passwd)

self.dprint("{method} REQUEST: {url} for user {uname} with password {passwd} ".

format(method=method.upper(), url=self._url, uname=self._user, passwd=self._passwd))

response = method_to_call(self._url, headers=headers, data=json_request, verify=self.verify_ssl,

timeout=self.timeout)

elif "logout" in self._url:

if self.api_key_used:

iresponse = InterResponse()

return self._handle_response(iresponse)

else:

self._session.headers = None

method_to_call = getattr(self._session, method)

self.dprint("{method} REQUEST: {url}".format(method=method.upper(), url=self._url, uname=self._user,

passwd=self._passwd))

response = method_to_call(self._url, headers=headers, verify=self.verify_ssl, timeout=self.timeout)

else:

json_request = {}

if params is not None:

json_request = params

method_to_call = getattr(self._session, method)

self.dprint("{method} REQUEST: {url}".format(method=method.upper(), url=self._url), json_request)

response = method_to_call(self._url, headers=headers, data=json.dumps(json_request),

verify=self.verify_ssl, timeout=self.timeout).json()

except ReqConnError as err:

self.dprint("Connection error: {err_type} {err}\n\n".format(err_type=type(err), err=err))

raise FGTConnectionError(err)

except ValueError as err:

self.dprint("Value error: {err_type} {err}\n\n".format(err_type=type(err), err=err))

raise FGTValueError(err)

except KeyError as err:

self.dprint("Key error in response: {err_type} {err}\n\n".format(err_type=type(err), err=err))

raise FGTResponseNotFormedCorrect(err)

except Exception as err:

self.dprint("Response parser error: {err_type} {err}".format(err_type=type(err), err=err))

raise FGTBaseException(err)

return self._handle_response(response)

def login(self):

self._session = requests.session()

login_response = self.post("logincheck")

if login_response[0] == 0:

return login_response

elif login_response[0] == -1 and login_response[1]["message"] == "Two-factor Required":

# todo send a login again after getting the 2FA key

#pass

return login_response

else:

self._sid = None

return login_response

def logout(self):

return self.post("logout")

def __enter__(self):

self.login()

return self

def __exit__(self):

self.logout()

def common_datagram_params(self, url, *args, **kwargs):

self._set_url(url, *args)

params = {}

if kwargs:

keylist = list(kwargs)

for k in keylist:

kwargs[k.replace("__", "-")] = kwargs.pop(k)

params.update(kwargs)

return params

def get(self, url, *args, **kwargs):

# print(self._session.headers)

return self._post_request("get", url, self.common_datagram_params(url, *args, **kwargs))

def post(self, url, *args, **kwargs):

return self._post_request("post", url, self.common_datagram_params(url, *args, **kwargs))

def put(self, url, *args, **kwargs):

return self._post_request("put", url, self.common_datagram_params(url, *args, **kwargs))

def delete(self, url, *args, **kwargs):

return self._post_request("delete", url, self.common_datagram_params(url, *args, **kwargs))

def __str__(self):

if self.sid is not None:

return "FortiOS instance connnected to {host}.".format(host=self._host)

return "FortiOS object with no valid connection to a FortiOS appliance."

def __repr__(self):

if self.sid is not None:

return "{classname}(host={host}, pwd omitted, debug={debug}, use_ssl={use_ssl}, " \

"verify_ssl={verify_ssl}, timeout={timeout})".format(classname=self.__class__.__name__,

host=self._host, debug=self._debug,

use_ssl=self._use_ssl, timeout=self._timeout,

verify_ssl=self._verify_ssl)

return "FortiOS object with no valid connection to a FortiOS appliance."

class CollectIp(object):

def __init__(self, rfile):

super(CollectIp, self).__init__()

self._rfile = rfile

def read_gz_file(self):

block_ips = []

#

if os.path.exists(self._rfile):

reg = re.compile(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})')

fin = gzip.open(self._rfile, 'rb')

line = fin.readline('results.csv')

while line:

item = re.findall(reg, line)

if item and len(item) > 0 :

block_ips.append(item[0])

line = fin.readline('results.csv')

fin.close()

else:

logger.info("the file [{file}] is not exist!".format(file=self._rfile))

return block_ips

class InvokeFortigate(object):

def __init__(self, host, gpname, ip_list, forsapi):

super(InvokeFortigate, self).__init__()

self._host = host

self._gpname = gpname

self._ip_list = ip_list

self._forsapi = forsapi

def add_address(self, name, ip):

param={

"json" : {

'name' : name,

'subnet' : ip

}

}

url="/cmdb/firewall/address?vdom=root"

return self._forsapi.post(url, param)

def update_group(self, addr_list):

param={

"json" : {

"member" : addr_list

}

}

url="/cmdb/firewall/addrgrp/{gpname}?vdom=root".format(gpname=self._gpname)

return self._forsapi.post(url, param)

def block(self):

if self._ip_list:

addr_list = []

for ip in self._ip_list:

name="block_{ip}".format(ip=ip.replace(".", "_"))

ip="{ip}/32".format(ip=ip)

#

res = self.add_address(name, ip)

if res[0] == 200:

addr_list.append({'name': name})

else:

logger.info('add [{ip}] to address failure, reason: {reason}'.format(ip=ip, reason=res[1]))

#

#

if addr_list:

gres = self.update_group(addr_list)

if gres[0] == 200:

addr_list.append({'name': name})

else:

logger.info('update address group [{gpname}] failure, reason: {reason}'.format(gpname=self._gpname, reason=gres[1]))

if __name__ == '__main__':

#

host='192.168.1.196'

username='admin'

password='123456'

addrgrp_name='GRP_001'

#

logging.basicConfig(level=logging.DEBUG)

logger = logging.getLogger('block_ip')

#

this_file = inspect.getfile(inspect.currentframe())

dirpath = os.path.abspath(os.path.dirname(this_file))

log_path = os.path.join(dirpath,'block_logs')

if not os.path.exists(log_path):

os.makedirs(log_path)

log_file = os.path.join(log_path,'block_ip.log')

#

handler = logging.handlers.TimedRotatingFileHandler(log_file, "midnight", 1, 30)

formatter = logging.Formatter('%(asctime)s %(name)-12s %(levelname)-8s %(message)s')

handler.setFormatter(formatter)

logger.addHandler(handler)

logger.setLevel(logging.INFO)

logger.info('begin')

#

try:

#results_file = sys.argv[8]

results_file='D:/results.csv.gz'

#

collectip = CollectIp(results_file)

ips = collectip.read_gz_file();

logger.info(ips)

#

forsapi = FortiGate(host, username, password, use_ssl=False)

#

logger.info('login [{host}]'.format(host=host))

rs = forsapi.login()

if(rs[0] == 0):

iforti = InvokeFortigate(host, addrgrp_name, ips, forsapi)

iforti.block()

#

logger.info('logout')

forsapi.logout()

else:

logger.info('login failure')

except Exception as err:

logger.info("error: {error}".format(error=traceback.format_exc()))

logger.info('end')

Charnychi
关注
python简单脚本调用fortigate API / FortiGate 60C API - Python helper
Smart_Xie1的博客
03-27 3252
目录前言环境参考链接正文基础部分功能部分功能一: 查看防火墙状态功能二: 获取现有的policy功能三: 发布一条policy功能四: 更新一条policy功能五: 添加一个object(address)功能六: 查询一个group功能七: 将一个IPAddress添加到指定组中一点建议后话 前言 有时候我们需要在SOAR/SOC中集成对防火墙的控制。 本文将介绍如何用python调用Forti...
Python脚本编写测试接口api:利用requests库测试post协议,入参是json类型的接口
shenshenruoxi的博客
03-27 1078
利用Python的requests库测试接口api 1.导入requests库 1.1requests库可以用cmd命令直接输入 pip install requests 1.2用pycharm安装requests库可以直接在这个工具上面安装 点击File-settings,找到Project,点击右上角的+可以搜索安装,如下图 2.在程序中引入requests库 import request...
简单python脚本实例-对Python实现简单的API接口实例讲解
q6q6q的专栏
10-28 691
get方法代码实现# coding:utf-8import jsonfrom urlparse import parse_qsfrom wsgiref.simple_server import make_server# 定义函数,参数是函数的两个参数,都是python本身定义的,默认就行了。def application(environ, start_response):# 定义文件请求的类型和当...
Fortinet-FortiOSAPI:用于与Fortigate防火墙(FortiOS)配置API进行交互PHP库
04-01
Fortinet Fortigate配置API(FortiOS) 用于与Fortigate防火墙(FortiOS)API(CMDB,日志和监视器)进行交互PHP库。 该库可以检索,创建,更新和删除防火墙上的配置。 您可以在上找到所有受支持的方法,您将需要一个帐户来浏览信息。 目录 入门 获取 。 使用composer composer require benclerc/fortinet-fortiosapi安装库。 将以下内容添加到应用程序的主PHP文件中, require 'vendor/autoload.php'; 。 使用防火墙的主机名,用户名和密码实例化Config类。 $configFirewall = new \Fortinet\Config('123.123.123.123', 'admin', 'password'); 。 使用先前创建的Config对象实例化F
OpenDayLight-API-Script:Python脚本,使用OpayDayLIght API,以显示甚至编辑拓扑信息
02-05
OpenDayLight-API脚本 使用OpayDayLIght APIPython脚本,以显示甚至编辑拓扑信息。 要求 如何使用 运行OpenDayLight 运行Mininet并将其连接到ODL控制器,即$ sudo mn --topo=tree,2 --controller=remote,ip=<CONTROLLER> 通过检查“拓扑”选项卡确保OpenDayLight和Mininet已连接。您应该能够看到拓扑的开关和流。 在odl_script.py中将全局变量更改为控制器的信息。 (baseUrl,baseIP) 使用$ python odl_script.py运行
Python库 | fortiosapi-0.6.2-py2.py3-none-any.whl
02-16
通过`fortiosapi`,开发者可以编写Python脚本,实现对FortiOS设备的自动化配置、状态查询、策略更新等功能,极大地提升了运维效率。 在Python中,whl文件是一种预编译的Python包格式,它包含了Python模块的二进制...
PyPI 官网下载 | PyFortiAPI-0.2.1.tar.gz
01-15
PyFortiAPI就是这样一款强大的工具,它允许用户通过Python代码与Fortinet设备进行交互,如FortiGate防火墙、FortiAnalyzer日志分析器等。这款库是Python社区中的一个宝贵资源,可以从PyPI(Python Package Index)...
Ansible常用操作-ansible模块
最新发布
zc20050706的博客
12-10 1311
Ansible是一款开源的自动化运维工具,本章节来了解Ansible常用操作及操作说明。
运维工程师常用术语
2301_77292637的博客
11-07 956
• ELK Stack(Elasticsearch, Logstash, Kibana):一个用于日志管理的强大工具集,Elasticsearch用于搜索和分析大量日志数据,Logstash用于数据收集和日志解析,Kibana提供可视化界面。• Serverless Computing:无服务器计算,允许开发者编写和运行代码而无需显式地预配或管理服务器。• StatefulSets:在Kubernetes中,用于管理有状态应用,它允许Pod具有稳定的、唯一的网络标识,并且可以在节点故障后从之前的状态恢复。
Python ❀ 使用代码实现API接口调用详解
无糖可乐没有灵魂
01-17 6646
本文主要讲解常用API接口如何使用python实现。:Application Programming Interface,是的缩写,意思是一些预设好的函数或方法,这些预设好的函数或方法允许第三方程序通过网络来调用数据或提供基于数据的服务。
FortiGate产品实施一本通_V4_0.chm
05-27
FortiGate是全新的下一代防火墙,在整个硬件架构和系统上面都有新的设计,在性能和功能上面都有了很大提升,具有性能高、接口丰富、功能齐全、安全路由交换一体化、性价比高等优势。
fortigate飞塔防火墙手册内含官方cookbook及常用命令行
11-08
fortigate飞塔防火墙手册内含官方cookbook及常用命令行
Python请求接口
qq_33816292的博客
03-09 237
代码Python请求接口。
python fortran混编 ctypes_使用pythonctypes实现fortran与python的接口
weixin_29053383的博客
01-13 284
经验:fortran大约3个月python-intermediate:在此之前从未在python中使用过ctypes模块我在寻找一种方法,在python中使用fortran代码进行博士研究,然后使用matplotlib在运行中对可视化进行计算。在THIS POST有帮助(这说明可以使用ctypes模块在python中使用/调用fortran代码,而且fortran函数有绑定到它们的替代名称,这在逻...
Python示例代码及高质量api接口对接
Merissa_的博客
08-09 485
在这个示例中,我们首先定义了API的URL和请求头。然后,我们使用call_api函数发送了一个GET请求,返回的响应包含了商品列表数据。最后,我们遍历列表,并打印出每个商品的名称和价格。函数内部使用try-except块来捕获可能发生的请求异常,并使用raise_for_status()方法抛出HTTP错误。首先,我们需要导入Python的requests库,它是一个常用的HTTP请求库,可以方便地发送HTTP请求和处理响应。接下来,我们可以定义一个函数,用于发送接口请求并处理响应。
教程篇(5.0) 09. RESTful API ❀ FortiEDR ❀ Fortinet 网络安全专家 NSE 5
防火墙技术专栏
06-29 1189
在本课中,你将学习如何使用FortiEDR RESTful API
python 常用API
lbaihao的专栏
05-08 1569
1.在程序开发中,常常会遇到这样的需求:在执行对象中的某个方法,或者在调用对象的某个变量,但是由于一些原因,我们无法确定或者并不知道该方法或者变量是否存在,这时我们需要一个特殊的方法或者机制来访问或操作该未知的方法或变量,这种机制就被称之为反射。 ...
教程篇(7.0) 01. FortiGate安全 & 简介及初始配置 ❀ Fortinet 网络安全专家 NSE 4
热门推荐
防火墙技术专栏
01-20 1万+
在本课中,你将了解FortiGate管理基础知识,以及你可以启用的用于扩展功能的FortiGate组件。这一课还包括关于FortiGate如何以及在何处适合你现有的网络架构的细节。
飞塔python REST API 演示.示例
weixin_72314662的博客
07-22 738
在使用飞塔过程中,参数可通过get进行爬取。可获取与客户参数较为符合的参数类型联动封禁策略思想:创建告警IP相应的地址对象创建地址组将地址对象进行归类创建策略将地址组添加至相应封禁策略中。
FortiOS API PHP库:管理和配置Fortinet Fortigate防火墙
尽管文档没有提供完整的示例代码,但可以假设接下来将使用Config实例化其他类来执行具体的API操作。 4. 标签解析: - **php-library**:指示Fortinet-FortiOSAPI是一个PHP语言编写的库。 - **firewall**:表明该库...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值