Using CLAPI in allowlist management

There are three main steps for adding a new command and confirming that it has been successfully added.

  1. Acquire the CSRF token before adding a new command into the allowlist.

    On the command line, run:

    curl -G https://127.0.0.1:15067/clapi/api/security/csrf -k 
    --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -c cookie.out -v

    Results:

    • There is feedback on the command line.
    • The file cookie.out is created.
    • There is feedback “{ "csrf": "04c0d8c5-de00-4f3c-bffb-a7ef292921ef" }HTTP/1.1 200 OK” on the command line.
      Note: The CSRF token session is different for each call. You must replace the next step's CSRF token session of cases with the actual one.
  2. Update the allowlist. There are four APIs for updating the command/commands. Replace the {siteName} with a real site name such as “helloworld”.
    • To update the command allowlist entries, on the command line, run:
      curl https://127.0.0.1:15067/clapi/v3/api/admin/server-admin/{siteName}/allowlist-config -k
      --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx"
      --header "X-CSRF-TOKEN: 04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -d @$SITEDIR/test/
      	serveradmin_setAllowListConfig.json --request POST -v

      This results in “HTTP/1.1 200 OK” feedback on the command line.

      If you require adding the ls command, then the file content in the $SITEDIR/test/serveradmin_setAllowListConfig.json file is:

      {"entries": [{"name": "ls.exe","note": "this is note for command ls","path":
      "C:\\cygwin\\bin\\ls.exe"}, {"name": "ps.exe","note": "this is note for command ps","path":
      "C:\\cygwin\\bin\\ps.exe"}]}
    • To add a new command, on the command line, run:
      curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries?type=command 
      -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" --header "X-CSRF-TOKEN: 
      04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -H "Content-Type:application/json" 
      -d @$HCISITEDIR/test/serveradmin_addAllowlistEntry.json --request POST -v

      This results in “HTTP/1.1 200 OK” feedback on the command line.

      If you require adding the ls command, then the file content in the $SITEDIR/test/serveradmin_addAllowlistEntry.json file is:

      {"name": "ls.exe","note": "this is note for command ls", "path":
      "C:\\cygwin\\bin\\ls.exe"}
    • To update the node of a command, run:
      curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries/{entryId}
      ?type=command -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" 
      -d @$HCISITEDIR/test/serveradmin_updateAllowlistEntry.json --header "X-CSRF-TOKEN: 
      04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out --request PUT -v

      This results in “HTTP/1.1 200 OK” feedback on the command line.

      If you require updating the note of the ls command, then the file content in the $SITEDIR/test/serveradmin_updateAllowlistEntry.json is:

      {"note": "this is updated note for command ls"}
    • To delete a command, run:
      curl https://127.0.0.1:15067/clapi/v3/api/server-admin/{siteName}/allowlist-config/entries/{entryId}
      ?type=command -k --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" --header "X-CSRF-TOKEN: 
      04c0d8c5-de00-4f3c-bffb-a7ef292921ef" -b cookie.out -H "Content-Type:application/json" –request DELETE -v

      This results in “HTTP/1.1 200 OK” feedback on the command line.

  3. On the command line, run:
    curl -G https://127.0.0.1:15067/clapi/v3/api/admin/server-admin/{siteName}/allowlist-config -k
    --header "Authorization:Basic YWRtaW5pc3RyYXRvcjpQQHNzd29yZDAx" -v

    Results:

    • On the command line, there is feedback: “HTTP/1.1 200 OK”..
    • On the command line, there is feedback:
      {"entries": [{"id": 1, "name": "ls.exe","note": "this is note for command ls","path": 
      "C:\\cygwin\\bin\\ls.exe", "digest": "2427ae41e4649b934ca495991b7852b855e3b0c44298fc1c149afbf4c8996fb9"}, 
      {"id": 2, "name": "ps.exe","note": "this is note for command ps","path": "C:\\\cygwin\bin\\ps.exe","digest": 
      "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"}]}