Support Questions

Find answers, ask questions, and share your expertise

The request was rejected because the URL contained a potentially malicious String

avatar
Explorer

When using the Python SDK to create an InstanceTemplate if the bootstrap_scripts contain any special characters the API will reject it :

 

 

cloudera.director.common.rest.ApiException: (500)
Reason: Server Error
HTTP response headers: HTTPHeaderDict({'Connection': 'close', 'Content-Type': 'application/json;charset=utf-8'})
HTTP response body: {
  "timestamp" : 1563826656470,
  "status" : 500,
  "error" : "Internal Server Error",
  "message" : "org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL contained a potentially malicious String \"%5C\"",

 

An example bootstrap script that fails is if you put:

 

wget https://www.google.com

 

Spring Security will reject this as a malicious URL since it is being encoded in the URL and not being put in the body it appears.

 

However, if you define the InstanceTemplate and don't create it in Director via the InstanceTemplatesAPI but rather just immediately pass it to the VirtualInstance in a ClusterTemplate or DeploymentTemplate then there is no issue. Of course it will not appear in the templates tab in Director of that environment in this situation.

 

 

Is there any way to turn off (or limit) the Spring firewall in application.properties or should I try to modify the python sdk to send the data in the body?

1 ACCEPTED SOLUTION

avatar
Explorer

As it turns out this was my screwup -- I tried to get the template (to verify it's existence) with the InstanceTemplate object instead of the string name before creating it with my defined InstanceTemplate object.

 

Apologies for any inconvenience!

 

 

View solution in original post

1 REPLY 1

avatar
Explorer

As it turns out this was my screwup -- I tried to get the template (to verify it's existence) with the InstanceTemplate object instead of the string name before creating it with my defined InstanceTemplate object.

 

Apologies for any inconvenience!