Splunk Dev

Developing Splunk app in Add-On Builder using pyopenssl

ohbuckeyeio
Path Finder

Hello,

I am trying to build a new app using the Add-On Builder and am having problems getting OpenSSL functioning with my input. Has anyone successfully accomplished this and has the commands they can share?

This is the command I am using to import the module to "myapp/bin/lib"

/Applications/Splunk/bin/splunk cmd pip3 install pyopenssl --target /Applications/Splunk/etc/apps/myapp/bin/lib --trusted-host pypi.org --trusted-host files.pythonhosted.org

 I then use this in myapp's code:

from lib.OpenSSL import SSL

 This is the error I get when testing:

File "/Applications/Splunk/etc/apps/myapp/bin/lib/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
ModuleNotFoundError: No module named 'OpenSSL'

Labels (1)
0 Karma
1 Solution

ohbuckeyeio
Path Finder

It looks like the cryptography module, when installed, becomes specific to your OS's security considerations. In addition, I was unable to get OpenSSL to install on my Mac without having issues with the cryptography module's trust. This would have caused problems trying to package this up for migration to other machines, so I pivoted to using popen and the OS's version of pyOpenSSL.

Here is the code from the modular input:

 

ta_home = os.path.dirname(os.path.dirname(__file__))
cert_crawler=ta_home+"/bin/certificate_crawler.py"
python_path="/usr/bin/python3"

openssl_reply = Popen([helper.get_arg('python_path'), cert_crawler]+host_args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
                
output,error = openssl_reply.communicate()

 

 certificate_crawler.py

Then accepts the arguments, passing them to a readCerts() function to perform the socket.do_handshake()

 

from optparse import OptionParser

#Parse options passed by the calling modular input
parser = OptionParser()
(options, args) = parser.parse_args()

host = args[0]
ip = args[1]
port = args[2]
timeout_seconds = args[3]

result = readCerts(host,ip,port,timeout_seconds)

 

View solution in original post

0 Karma

ohbuckeyeio
Path Finder

It looks like the cryptography module, when installed, becomes specific to your OS's security considerations. In addition, I was unable to get OpenSSL to install on my Mac without having issues with the cryptography module's trust. This would have caused problems trying to package this up for migration to other machines, so I pivoted to using popen and the OS's version of pyOpenSSL.

Here is the code from the modular input:

 

ta_home = os.path.dirname(os.path.dirname(__file__))
cert_crawler=ta_home+"/bin/certificate_crawler.py"
python_path="/usr/bin/python3"

openssl_reply = Popen([helper.get_arg('python_path'), cert_crawler]+host_args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
                
output,error = openssl_reply.communicate()

 

 certificate_crawler.py

Then accepts the arguments, passing them to a readCerts() function to perform the socket.do_handshake()

 

from optparse import OptionParser

#Parse options passed by the calling modular input
parser = OptionParser()
(options, args) = parser.parse_args()

host = args[0]
ip = args[1]
port = args[2]
timeout_seconds = args[3]

result = readCerts(host,ip,port,timeout_seconds)

 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...