Splunk Dev

Developing Splunk app in Add-On Builder using pyopenssl

ohbuckeyeio
Path Finder

Hello,

I am trying to build a new app using the Add-On Builder and am having problems getting OpenSSL functioning with my input. Has anyone successfully accomplished this and has the commands they can share?

This is the command I am using to import the module to "myapp/bin/lib"

/Applications/Splunk/bin/splunk cmd pip3 install pyopenssl --target /Applications/Splunk/etc/apps/myapp/bin/lib --trusted-host pypi.org --trusted-host files.pythonhosted.org

 I then use this in myapp's code:

from lib.OpenSSL import SSL

 This is the error I get when testing:

File "/Applications/Splunk/etc/apps/myapp/bin/lib/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
ModuleNotFoundError: No module named 'OpenSSL'

Labels (1)
0 Karma
1 Solution

ohbuckeyeio
Path Finder

It looks like the cryptography module, when installed, becomes specific to your OS's security considerations. In addition, I was unable to get OpenSSL to install on my Mac without having issues with the cryptography module's trust. This would have caused problems trying to package this up for migration to other machines, so I pivoted to using popen and the OS's version of pyOpenSSL.

Here is the code from the modular input:

 

ta_home = os.path.dirname(os.path.dirname(__file__))
cert_crawler=ta_home+"/bin/certificate_crawler.py"
python_path="/usr/bin/python3"

openssl_reply = Popen([helper.get_arg('python_path'), cert_crawler]+host_args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
                
output,error = openssl_reply.communicate()

 

 certificate_crawler.py

Then accepts the arguments, passing them to a readCerts() function to perform the socket.do_handshake()

 

from optparse import OptionParser

#Parse options passed by the calling modular input
parser = OptionParser()
(options, args) = parser.parse_args()

host = args[0]
ip = args[1]
port = args[2]
timeout_seconds = args[3]

result = readCerts(host,ip,port,timeout_seconds)

 

View solution in original post

0 Karma

ohbuckeyeio
Path Finder

It looks like the cryptography module, when installed, becomes specific to your OS's security considerations. In addition, I was unable to get OpenSSL to install on my Mac without having issues with the cryptography module's trust. This would have caused problems trying to package this up for migration to other machines, so I pivoted to using popen and the OS's version of pyOpenSSL.

Here is the code from the modular input:

 

ta_home = os.path.dirname(os.path.dirname(__file__))
cert_crawler=ta_home+"/bin/certificate_crawler.py"
python_path="/usr/bin/python3"

openssl_reply = Popen([helper.get_arg('python_path'), cert_crawler]+host_args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
                
output,error = openssl_reply.communicate()

 

 certificate_crawler.py

Then accepts the arguments, passing them to a readCerts() function to perform the socket.do_handshake()

 

from optparse import OptionParser

#Parse options passed by the calling modular input
parser = OptionParser()
(options, args) = parser.parse_args()

host = args[0]
ip = args[1]
port = args[2]
timeout_seconds = args[3]

result = readCerts(host,ip,port,timeout_seconds)

 

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...