From e7eecf034610d003c7ed88b03b4a766ec24b9ad7 Mon Sep 17 00:00:00 2001 From: Admin MPCZ Date: Tue, 5 May 2026 16:43:22 +0200 Subject: [PATCH] fix(qualys): search_assets_api utilise XML body au lieu de JSON (API 5.0 attend XML, JSON donnait 400). Message d erreur enrichi avec le debut de la reponse --- app/services/qualys_service.py | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/app/services/qualys_service.py b/app/services/qualys_service.py index 31a7bef..f48c90e 100644 --- a/app/services/qualys_service.py +++ b/app/services/qualys_service.py @@ -49,23 +49,31 @@ def search_assets_api(db, query, field="name", operator="CONTAINS", force_refres proxies = {"https": qualys_proxy, "http": qualys_proxy} if qualys_proxy else None try: + from xml.sax.saxutils import escape as xml_escape + xml_body = ( + "" + "200" + "" + f"" + f"{xml_escape(query)}" + "" + "" + ) r = requests.post( f"{qualys_url}/qps/rest/5.0/search/am/hostasset", - json={"ServiceRequest": { - "preferences": {"limitResults": 200}, - "filters": {"Criteria": [ - {"field": field, "operator": operator, "value": query} - ]} - }}, + data=xml_body, auth=(qualys_user, qualys_pass), verify=False, timeout=60, proxies=proxies, - headers={"Content-Type": "application/json"} + headers={"Content-Type": "text/xml", "X-Requested-With": "PatchCenter"} ) except Exception as e: return {"ok": False, "msg": f"Erreur API: {e}", "assets": []} if r.status_code != 200 or "SUCCESS" not in r.text: - return {"ok": False, "msg": f"API HTTP {r.status_code}", "assets": []} + # Inclure le début du body pour faciliter le diagnostic + return {"ok": False, + "msg": f"API HTTP {r.status_code} — {r.text[:200]}", + "assets": []} assets = _parse_assets_full(r.text) result = {"ok": True, "msg": f"{len(assets)} résultat(s)", "assets": assets, "from_cache": False}