2

I have already seen this same question on stackoverflow, but did not find any answer which works :

I use Requests package to connect to CISCO APIC controller and collect json/xml configs via REST API ;

everything works perfectly except when the password used to connect to the APIC includes a "&" character;

I took a tcpdump to check what was sent at time of login, and the password is properly sent with the "&" included

Here is the code extract used to do the Login :

APIC_USER = "admin"
APIC_PW = "azer&tyu"
APIC_IP = 10.1.1.1
login_data = '''<?xml version="1.0" encoding="UTF-8"?>
<imdata totalCount="1">
<aaaUser name="''' + APIC_USER + '''" pwd="''' + APIC_PW + '''"/>
</imdata>'''
APIC_URL = 'http://' + APIC_IP + '/api/'    
session = requests.session()
result = session.post(APIC_URL + 'aaaLogin.xml', data=login_data, verify=False)

Here is the tcpdump output during a test :

POST /api/aaaLogin.xml HTTP/1.1
Host: 10.1.1.1
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.13.0
Content-Length: 140

<?xml version="1.0" encoding="UTF-8"?>
..<imdata totalCount="1">
..<aaaUser name="admin" pwd="azer&tyu"/>

..</imdata>HTTP/1.1 401 Unauthorized
Server: -/-
Date: Wed, 20 Sep 2017 12:48:21 GMT
Content-Type: application/xml
Content-Length: 129
Connection: keep-alive

thanks for any help

bigstyx
  • 123
  • 1
  • 1
  • 6
  • '&' is an illegal character that breaks XML. You can escape it to '&' [Previous answer](https://stackoverflow.com/questions/730133/invalid-characters-in-xml) – Kyle Sep 20 '17 at 19:27
  • thanks for your answer ; I have tried to use &amp instead of & in the password passed to the HTTP Post, but the problem was still the same as before ; any other idea ? – bigstyx Sep 22 '17 at 16:27
  • Did you do "&amp" or "&" ? – Kyle Sep 22 '17 at 19:48
  • Hello Kyle, it works with "&" actually ! thanks a lot for your help – bigstyx Oct 13 '17 at 15:55

0 Answers0