Escaping curl command in Windows - windows

I'm trying to run a curl command from the command line in Windows, but for the life of me I can't figure out how I'm supposed to escape it.
I'm executing this:
C:\WINDOWS\system32>curl --anyauth --user user:password -X POST -d "{\"rest-api\":{\"name\":\"BizSimDebug3\"}}" -H "Content-type: application/xml" http://localhost:8002/v1/rest-apis
And I'm getting this:
<rapi:error xmlns:rapi="http://marklogic.com/rest-api">
<rapi:status-code>400</rapi:status-code>
<rapi:status>Bad Request</rapi:status>
<rapi:message-code>RESTAPI-INVALIDCONTENT</rapi:message-code>
<rapi:message>Your bootstrap payload caused the server to throw an error. Underlying error message: XDMP-DOCROOTTEXT: xdmp:get-request-body() -- Invalid root text "{&quot;rest-api&quot;:{&quot;name&quot;:&quot;BizSimDebug3&quot;}}" at line 1</rapi:message>
</rapi:error>
Is there something else I need to do to escape the inner quotes in the -d flag? Or am I overlooking the real issue entirely?

This works in Windows:
curl -i -X POST -H "Content-Type: application/json" -d "{\"Field1\": 123, \"Field2\": 456 }" "http://localhost:8080"

The XDMP-DOCROOTTEXT error indicates the server is trying to parse the payload as XML and failing.
The Content-Type header is telling the server that you're sending XML, but the payload is JSON.
Try changing the Content-Type header to application/json

Quoting is hell. By "Windows Command Line and your prompt I presume you mean cmd.com ?. That doest quote the same as linux shells.
For this simplistic experiment I recommend going for 2 kinds of quotes to avoid escaping But even then its unlikely to work
curl --anyauth --user user:password -X POST -d "{'rest-api':{'name':'BizSimDebug3'}}" -H "Content-type: application/xml" http://localhost:8002/v1/rest-apis
Better luck might be had by going with a unix-like shell such as running cygwin (http://www.cygwin.com/) or maybe xmlsh (www.xmlsh.org) which escape like linux does.
You really are going to have a nightmare running anything complex through the windows command line natively.
-David

Related

Curl using Environment variables in GitLab-ci.yml

I'm trying to send a slack notification using the .gitlab-ci.yml and I need to pass the Commit's message in the message like this:
"The version ${CI_COMMIT_TAG} Version is available!"
But i'm still not able to get the environment variable desired when receiving the notification on my channel and passing it like this in the file:
script:
- "curl -X POST -H 'Content-type: application/json' --data '{\"text\":\"The version ${CI_COMMIT_TAG} version is available!\"} ' https://hooks.slack.com/services/....../......"
Do you have any clues ? I'm not used to Curl and Yaml
Thanks and Have a good day!
--data '...'
Variable expansion in bash does not work within single quotes. Use double quotes instead.
Alternatively, use a data file to avoid formatting JSON inline:
curl -d "#data.json" ...

How do I format a variable inside the broken double quotes of a curl command?

I am trying to test the Sumo Logic API by updating the information of my collector. The second curl command is the one that is causing the issue 'curl: (55) Failed sending PUT request'. It works in my terminal but not in the bash script.
#!/bin/bash
readonly etag=$(curl -u '<accessId>:<accessKey>' -I -X GET https://api.sumologic.com/api/v1/collectors/<id> | grep -Fi etag | awk '{print $2}' | tr -d \''"\')
echo ${etag}
curl -vvv -u '<accessId>:<accessKey>' -X PUT -H "Content-Type: application/json" -H "If-Match: \"${etag}\"" -T updated_collector.json https://api.sumologic.com/api/v1/collectors/<id>
set -x
The first curl command is assigned to the variable called 'etag' which stores the necessary etag. The etag is used in the second curl command to make a request to update the information stored in the 'updated_collector.json'. The updated_collector.json file is not the issue as I have successfully updated the information via the terminal with it. I suspect the content-type is not being sent in the header because someone ran the script on their end and it was not showing that information with the -vvv tag.
Here you can find the Sumo Logic Collector API Methods and Examples from which I got the curl commands to test the API: https://help.sumologic.com/APIs/Collector-Management-API/Collector-API-Methods-and-Examples
Update: I retieved the etag and then ran the second command in a bash script. I manually inserted the etag into the ${etag} portion of the second curl command. I then ran the script and it worked. Therefore, the etag variable isn't correctly formatted inside the second curl command. I do not know how to fix this.
The issue was partially the syntax but after fixing that, I was still getting an error. "If-Match: \"${etag}\" in my command should be "If-Match: ${etag}" instead. I had to add the --http1.1 flag for it to work. I'm sure this is a sumo logic issue. I am able to execute GET requests no problem using http2.0.

curl in windows read function returned funny value

I am using the following command to upload file to an endpoint
curl -X POST -H "authorization: Basic base64encode" -H "Content-Type:
multipart/form-data" -H "X-Atlassian-Token: nocheck" -F
"file=#c:/Users/User/Desktop/testresults.xml" https://jira.test-
server.ag/rest/api/latest/issue/man-287/attachments
the command under mac works without problems, under windows I become the following error
curl: (26) read function returned funny value
curl version
curl 7.64.0 (x86_64-w64-mingw32) libcurl/7.64.0 OpenSSL/1.1.1a
installed using https://chocolatey.org
I ran into the same problem when I used curl on the Windows Subsystem for Linux on Windows 10. I had to change the path from C:\Temp\File.txt to /mnt/c/Temp/File.txt.
Check if you can access the file in your shell e.g. with dir c:\path\to\file.txt and if it fails then you know that you have to fix the path first.

how to access whole nessus through shell script

I am trying to do a script to get me access of advance scan option of nessus in localhost. So I want advance scan operation through shell script without GUI. I want all operations like login, advance scan and export report are performed through shell script without GUI access.
Why do you want to do it with bash script?
You can do this much easier with the nessus API.
Have a look at the link below
https://github.com/jfalken/nessus_enterprise_rest_client
the simplest way of doing automatisation in nessus is to use the nessus API.
its located at https://NessusServerIP:8834/ - if you visit it, you will be greeted by the API-Documentation.
There are various API-Implementations available - if you google 'Nessus API client' you'll get a glimpse.
If you, as you said, want to to run bash-skripts than the simplest way is probably using CURL for the API-Requests.
A typical workflow will look like this:
authorize yourself to the NessusAPI (either via TOKEN or API-Key)
launch or configure a scan (and wait until it finished)
export a report (and wait until it finished)
download the exported report
CURL #1 (authorize using token):
curl -X POST --data '{"username":"NessusUser","password":"YourPassword"}' -k "https://NessusServerIp:8834/session"
--header "Content-Type:application/json" | python -m json.tool
..which will yield you following JSON yielding an Token which you need for the other API-Calls:
{"token": "e411e443521adee4496d79823a510cc68c5bf05aeda6e6eb"}
CURL #2 (launch a scan):
curl -X POST -H 'X-Cookie: token=e411e443521adee4496d79823a510cc68c5bf05aeda6e6eb' -H 'Content-Type:application/json'
--data '{"scan_id":"21", "alt_targets":[127.0.0.1]}'
-k "https://NessusServerIp:8834/scans/21/launch" | python -m json.tool
...which will be answered with a JSON like this, containing the ID of the just startet scan:
{"scan_uuid":"c1c30d8f-5f79-2e4b-2d03-05b8b3c595f1e768e03195abdfa2"}
CURL #3 (exporting a scan):
curl -X POST -H 'X-Cookie: token=766ef7a2302780c189ba563b89c5eb3706140c0ef1e4de8b' -H
'Content-Type:application/json' --data '{"scan_id":"33", "format":"html"}' -k
"https://NessusServerIP:8834/scans/33/export" | python -m json.tool
...which will yield this JSON response, containing a token to the exported file and the file_id:
{"token":"3e13ab381c480caa1e377411c0b561970c46e5d78894c5a0cb2be0e7f00fefe0","file":1434780027}
...so now we are ready to download the report. in this case, since i have specified "format: html" in the last call, its a .html you will need to safe the outcome into.
Curl #4 (download exported report):
curl -X GET -H 'X-Cookie: token=7d155aef4359d02addea29d8d56bca4a5045ca61efeb38ee' -H 'Content-Type:application/json'
--data '{"scan_id":"21", "alt_targets":127.0.0.1}'
-k "https://NessusServerIP:8834/scans/17/export/945237343/download" > report.html
...which should leave you with a report.html in the folder you started your script.
Now... how do you automatize this? Well write a Bash-Skript, put in this calls, parse the answers to extract the information you need - and then enjoy! :)
ps: i use the python -m json.tool to beautify the otherwise not very beautiful output of CURL.
Hope i have helped,
Gewure

How to post PUT request under the Windows using curl?

I need to post XML data via curl.exe under windows using PUT request.
In the curl help I found:
-d/--data <data> HTTP POST data (H)
What should I supply for <data>?
curl sample calls
# with inlining plain data
curl -X PUT -d "payload" http://localhost
# referrring file
curl -X PUT -d #myXmlFile.xml http://localhost
If your windows curl-port does not support it go for cygwin. It is a linux-like environment for windows and also offers "a proper" curl.
In windows, if a double-quoted argument itself contains a double quote character, the double quote must be doubled.
For example, enter 'This is "quoted" payload' as "This is ""quoted"" payload" which is very different than in Unix.
Example:
curl -X PUT -d "This is ""quoted"" payload" http://localhost
in windows you'll need to put the # inside the quotes for the file you're sending:
curl -XPUT --data-binary "#uploadme.txt"
otherwise you'll get weird errors as it tries to use the content of the file as the url:
curl: (6) Couldn't resolve host 'upload'
curl: (6) Couldn't resolve host 'me!'
(uploadme.txt contains "upload me!")
on Windows CMD, curl refers to C:\Windows\System32\curl.exe so you can use
curl -X PUT -d "payload" http://localhost
instead on Windows PowerShell curl refers to Invoke-WebRequest so it is not working with curl syntax. you can use curl.exe on PowerShell to call C:\Windows\System32\curl.exe so it will solve the issue.
curl.exe -X PUT -d "payload" http://localhost

Resources