我尝试使用静态或动态文件分析 API (https://api.labs.sophos.com/doc/analysis/file/static),但总是得到响应:BAD REQUEST
以下是我的请求和例外示例:
$headers
Name Value
---- -----
Authorization <Auth token>
Content-Type multipart/form-data
$formData
Name Value
---- -----
file C:\Temp\mexnixzv.gsk\outlook.exe
name file
filename outlook.exe
report_format json
$uri
https://de.api.labs.sophos.com/analysis/file/static/v1/
Invoke-WebRequest -URI $uri -Method POST -Headers $headers -Form $formData -UseDefaultCredentials
$_.Exception
Response : StatusCode: 400, ReasonPhrase: 'BAD REQUEST', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Connection: keep-alive
Date: Wed, 25 Sep 2024 07:16:05 GMT
Access-Control-Allow-Headers: Authorization, X-Correlation-ID, *
Server: Sophos Intelix
Content-Security-Policy: default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'
Referrer-Policy: same-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Request-ID: db629807-65b5-4937-940e-0e62bd548320
X-Rate-Limit-Value: 30
X-Rate-Limit-Period: 60
X-Rate-Limit-Requests-Left: 29
X-Rate-Limit-End: 0.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
X-Cache: Error from cloudfront
Via: 1.1 cf058b286fa80390c08073fa68269f12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: TXL50-P1
X-Amz-Cf-Id: 5vr6sgHb7DeHswIg9F9WAqwzhSesGbw8CvudJEqP7husRI2gKUKVIg==
Content-Type: application/json
Content-Length: 120
}
HttpRequestError : Unknown
StatusCode : BadRequest
TargetSite : Void ThrowTerminatingError(System.Management.Automation.ErrorRecord)
Message : Response status code does not indicate success: 400 (BAD REQUEST).
Data : {}
InnerException :
HelpLink :
Source : System.Management.Automation
HResult : -2146233088
StackTrace : at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
我尝试过不同的文件格式(excel、csv、jpg)、不同的大小(几个MB和几个字节)和不同的方法(PowerShell、curl、直接在网站上https://api.labs.sophos.com/文档/分析/文件/静态)。响应始终相同:400,BAD REQUEST 我做错了什么或者 API 方面有什么问题吗?
恐怕您的请求格式不正确。我会像这样执行提交工作流程:
param(
[Parameter(Position=0, Mandatory=$true)]
[string]$filePath,
[Parameter(Position=1, Mandatory=$true)]
[string]$clientId,
[Parameter(Position=2, Mandatory=$true)]
[string]$clientSecret,
[Parameter(Position=3)]
[string]$authEndPoint = 'https://api.labs.sophos.com/oauth2/token',
[Parameter(Position=4)]
[string]$submissionEndPoint = 'https://de.api.labs.sophos.com/analysis/file/static/v1/'
)
$ErrorActionPreference = 'Stop'
$resp = Invoke-RestMethod `
-Uri $authEndPoint `
-Method Post `
-Headers @{
'Content-Type'='application/x-www-form-urlencoded';
'Authorization'="Basic $([Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes($clientId + ':' + $clientSecret)))"
} `
-Body 'grant_type=client_credentials'
$boundary = [Guid]::NewGuid().ToString()
$resp = Invoke-RestMethod `
-Uri $submissionEndPoint `
-Method Post `
-Headers @{
'Content-Type'="multipart/form-data; boundary=$boundary";
'Authorization'=$resp.access_token
} `
-Body @"
--$boundary
Content-Disposition: form-data; name="file"; filename="$([IO.Path]::GetFileName($filePath))"
Content-Type: application/octet-stream
$([IO.File]::ReadAllBytes($filePath))
--$boundary--
"@
Write-Host $resp