-1

I'm new to C# and Refit and I encountered an issue I can't solve. I need to convert the following CURL request to Refit (It must be refit)

curl -X 'POST' \
  'https://www.hybrid-analysis.com/api/v2/quick-scan/file' \
  -H 'accept: application/json' \
  -H 'user-agent: Mozilla 5.0' \
  -H 'api-key: p36a6qk6119e21dfxf2repsy918df0b2mt5cifpra922df944eg2iim292b1f961' \
  -H 'Content-Type: multipart/form-data' \
  -F 'scan_type=all' \
  -F 'file=@Ziv.pdf;type=application/pdf'

The error I get each time:

"{"validation_errors":[{"field":"scan_type","errors":["This value should not be blank."]},{"field":"file","errors":["This value should not be blank."]}],"message":"Input data validation has failed. Please check 'validation_errors' field to get more data."}"

Main code: (The headers are correct for sure)

IHybridAnalysisAPIClient hybrid_analysis_client = BuilderAndServiceHybridAnalysis.GetHybridAnalysisAPIClient();


            // Request Headers 2
            var hybrid_analysis_upload_file_api_headers = new Dictionary<string, string>
            {
                {"api-key", "p36a6qk6119e21dfxf2repsy918df0b2mt5cifpra922df944eg2iim292b1f961"},
                {"Accept", "application/json"},
                {"User-Agent", "Mozilla 5.0"},
                {"Content-Type", "multipart/form-data"}
            };
            byte[] readText = File.ReadAllBytes(@"C:\Users\ariels\Downloads\Ziv.pdf");

            ByteArrayPart file_bytes = new ByteArrayPart(readText, @"C:\Users\ariels\Downloads\Ziv.pdf");

            var response = await hybrid_analysis_client.UploadFile(hybrid_analysis_upload_file_api_headers, "all", file_bytes);

Interface:

        [Multipart]
        [Post("/api/v2/quick-scan/file")]
        Task<Root4> UploadFile([HeaderCollection] IDictionary<string, string> headers,
                                    [AliasAs("scan_type")] string scan_type,
                                    [AliasAs("file")] IEnumerable<ByteArrayPart> file);

Feel free to use the API key, it was created for U guys.

Rebecca
  • 27
  • 4

2 Answers2

0

I don't know the refit breakdown but your errors are due to using Linux style commands rather than windows style calling, leading to "This value should not be blank." which suggests the secondary lines after \ are not read.

You appear to be running on Windows so cUrl syntax would be different

enter image description here

@curl -X POST https://www.hybrid-analysis.com/api/v2/quick-scan/file ^
More? -H "api-key: p36a6qk6119e21dfxf2repsy918df0b2mt5cifpra922df944eg2iim292b1f961" ^
More? -H "accept: application/json" -H "user-agent: Falcon Sandbox" ^
More? -H "Content-Type: multipart/form-data" -F scan_type=all -F "file=@Ziv.pdf;type=application/pdf" >report.json

Points to note @curl means the command will not be echoed just the progress and result.

  • You should use -v whilst testing, ideally before -X POST (which is probably not needed per that verbose reply)
  • Windows uses EOL ^ continuation whereas \ is UNIX line continuation character
  • Parameters with spaces should commonly be "double quoted", but not those that don't need them

Response: with my dummy file via commandline can be redirected using > "file path\filename"

{"id":"62f055c48aeb2a07a81f50c7","sha256":"7c0cc49a9416432b93cf321140ad028af24393a047708f55860f4aa8e49fe551","scanners":[{"name":"CrowdStrike Falcon Static Analysis (ML)","status":"malicious","error_message":null,"progress":100,"total":null,"positives":null,"percent":70,"anti_virus_results":[]},{"name":"Metadefender","status":"clean","error_message":null,"progress":100,"total":26,"positives":0,"percent":0,"anti_virus_results":[]},{"name":"VirusTotal","status":"no-result","error_message":null,"progress":100,"total":null,"positives":null,"percent":null,"anti_virus_results":[]}],"whitelist":[{"id":"internal","value":false}],"reports":[],"finished":true}

Side Note I got a 570 70 malware score for a file I had built and know is 100% clean. !

Ziv.pdf Size:54KiB Type:pdf Mime:application/pdf SHA256:7c0cc49a9416432b93cf321140ad028af24393a047708f55860f4aa8e49fe551 Last Anti-Virus Scan:08/08/2022 00:16:04 (UTC) malicious 70%
Without any explanation why. (But, I know it has an embed object)

K J
  • 8,045
  • 3
  • 14
  • 36
  • Hey, thanks for the quick response. The CURL request I showed, is just for people to know what they need to test (headers and data) when doing refit implementation. The actual command isn't a factor for me at the moment. – Rebecca Aug 08 '22 at 04:31
0

Looks like Refit doesn't do that. Just use the following

// Not Refit
using (var httpClient = new HttpClient())
{
    using (var request = new HttpRequestMessage(new HttpMethod("POST"), "https://www.hybrid-analysis.com/api/v2/quick-scan/file"))
    {
        request.Headers.TryAddWithoutValidation("accept", "application/json");
        request.Headers.TryAddWithoutValidation("user-agent", "Mozilla/5.0");
        request.Headers.TryAddWithoutValidation("api-key", "XXX");

        var multipartContent = new MultipartFormDataContent();
        multipartContent.Add(new StringContent("all"), "scan_type");
        var file1 = new ByteArrayContent(File.ReadAllBytes(@"C:\Users\ariels\Downloads\Ziv.pdf"));
        file1.Headers.Add("Content-Type", "application/pdf");
        multipartContent.Add(file1, "file", Path.GetFileName("Ziv.pdf"));
        multipartContent.Add(new StringContent("true"), "no_share_third_party");
        multipartContent.Add(new StringContent("false"), "allow_community_access");
        multipartContent.Add(new StringContent("Test"), "comment");
        multipartContent.Add(new StringContent("Test"), "submit_name");
        request.Content = multipartContent;

        var response = await httpClient.SendAsync(request);
        //Console.WriteLine(JsonConvert.SerializeObject(response, Formatting.Indented));
    }
}
Markus Meyer
  • 3,327
  • 10
  • 22
  • 35
Ariel Silver
  • 51
  • 1
  • 8