永洪社区

标题: 调用API报错 [打印本页]

作者: 驰骋原野 时间: 2024-8-8 09:59
标题: 调用API报错
用swagger规范调用永洪API老是报参数存在非法字符，这个怎么解决
<?xml version="1.0" encoding="UTF-8"?> <results><result><level>6</level><message>参数包含非法字符</message></result></results>

作者: yhdata_lyaa 时间: 2024-8-8 10:20
调用的哪个api,怎么写的发出来看看呢

作者: 驰骋原野 时间: 2024-8-8 10:22

yhdata_lyaa 发表于 2024-8-8 10:20
调用的哪个api,怎么写的发出来看看呢

{
  "openapi": "3.1.0",
  "info": {
"title": "Yonghong BI Get Dashboard Tree",
"description": "API to Get Yonghong BI Dashboard Treem",
"version": "v1.0.0"
  },
  "servers": [
{
   "url": "http://xxxx:xxx"
}
  ],
  "paths": {
"/bi/api": {
   "post": {
      "description": "Get Yonghong BI Dashboard Tree",
      "operationId": "GetDBTree",
      "parameters": [
      {
         "name": "action",
         "in": "query",
         "description": "Action to be performed",
         "required": true,
         "schema": {
            "type": "string",
            "example": "updateDbTree"
         }
      },
      ],
   }
}
  }
}

作者: yhdata_lyaa 时间: 2024-8-8 10:48
这是哪个，用postman调用会报错吗

作者: 驰骋原野 时间: 2024-8-8 11:28

yhdata_lyaa 发表于 2024-8-8 10:48
这是哪个，用postman调用会报错吗

用的Dify 自定义工具

作者: yhdata_lyaa 时间: 2024-8-8 13:25
是用的哪个api,这个吗https://www.yonghongtech.com/rea ... i_getdblistall.html

作者: 驰骋原野 时间: 2024-8-8 13:52
是的，用哪个都一样会报这个错，很奇怪

作者: yhdata_lyaa 时间: 2024-8-8 14:00
参数包含非法字符，参数咋写的

作者: 驰骋原野 时间: 2024-8-8 14:52

参数就这样写的，没有其他非法字符

作者: yhdata_lyaa 时间: 2024-8-8 15:07
api测试是可以用的，参考看看

作者: 驰骋原野 时间: 2024-8-9 14:21

yhdata_lyaa 发表于 2024-8-8 15:07
api测试是可以用的，参考看看

截取了报错的永洪日志，但我看tomcat访问请求的参数是没问题

[2024-08-09 14:16:51.268] |-[INFO] |-[f9e5143858704ba08b651d0c2fc56eaf] |-[SYSTEM] |-[g5.io.tracker.FileTrackerManager.doTracker(FileTrackerManager.java:199)] |-[OTHER: tracker not run, do tracker, fs is null = true, trackerCacheMap is null = false]
[2024-08-09 14:16:55.326] |-[INFO] |-[9ec25d32e4fa46ac8c35ad25d52cd891] |-[SYSTEM] |-[g5.sv.util.WebUtil.check(WebUtil.java:2963)] |-[OTHER: Parameter [1.1 afd24e78138d (squid/4.13)] contains an invalid value: afd24e78138d (squid/4.13) for key: via]
[2024-08-09 14:16:55.327] |-[ERROR] |-[a866c98920b64b0d8d98fb15c08f5edb] |-[SYSTEM] |-[g5.sv.httpapi.YonghongWebApi.execute(YonghongWebApi.java:140)] |-[ERROR: [ErrCode: 0]  参数包含非法字符]
g5.sv.util.WebUtil$XSSAttackException: 参数包含非法字符
      at g5.sv.util.WebUtil.check(WebUtil.java:2965) ~[product-20220929.jar:?]
      at g5.sv.PortalRequest.checkHeaders(PortalRequest.java:857) ~[product-20220929.jar:?]
      at g5.sv.PortalRequest.initGet(PortalRequest.java:198) ~[product-20220929.jar:?]
      at g5.sv.PortalRequest.<init>(PortalRequest.java:43) ~[product-20220929.jar:?]
      at g5.sv.httpapi.YonghongWebApi.execute(YonghongWebApi.java:105) ~[product-20220929.jar:?]
      at g5.sv.httpapi.YonghongWebApi.doPost(YonghongWebApi.java:75) ~[product-20220929.jar:?]
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:681) ~[servlet-api.jar:4.0.FR]
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) ~[servlet-api.jar:4.0.FR]
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) ~[catalina.jar:9.0.64]
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.64]
      at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-websocket.jar:9.0.64]
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) ~[catalina.jar:9.0.64]
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) ~[catalina.jar:9.0.64]
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) ~[catalina.jar:9.0.64]
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) ~[catalina.jar:9.0.64]
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) ~[catalina.jar:9.0.64]
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) ~[catalina.jar:9.0.64]
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[catalina.jar:9.0.64]
      at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) ~[catalina.jar:9.0.64]
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) ~[catalina.jar:9.0.64]
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) ~[catalina.jar:9.0.64]
      at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) ~[tomcat-coyote.jar:9.0.64]
      at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-coyote.jar:9.0.64]
      at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) ~[tomcat-coyote.jar:9.0.64]
      at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1787) ~[tomcat-coyote.jar:9.0.64]
      at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.64]
      at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-util.jar:9.0.64]
      at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-util.jar:9.0.64]
      at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.64]
      at java.lang.Thread.run(Thread.java:834) ~[?:?]

作者: yhdata_lyaa 时间: 2024-8-9 14:40

驰骋原野发表于 2024-8-9 14:21
截取了报错的永洪日志，但我看tomcat访问请求的参数是没问题

[2024-08-09 14:16:51.268] |- |-[f9e51438 ...

提工单看看呢，让技术分析下对应的日志

作者: 驰骋原野 时间: 2024-8-9 17:00

yhdata_lyaa 发表于 2024-8-9 14:40
提工单看看呢，让技术分析下对应的日志

查出来是带了via这个代理服务器自动添加的参数，这个参数值含有空格等特殊字符，但dify调用时没有经过代理服务器的，不知道怎么会有这个，永洪的API能否设置忽略这个参数

"via": "1.1 afd24e78138d (squid/4.13)"

欢迎光临永洪社区 (https://club.yonghongtech.com/)