Developing for Splunk Platform

Developing Splunk app in Add-On Builder using pyopenssl

ohbuckeyeio
Path Finder

Hello,

I am trying to build a new app using the Add-On Builder and am having problems getting OpenSSL functioning with my input. Has anyone successfully accomplished this and has the commands they can share?

This is the command I am using to import the module to "myapp/bin/lib"

/Applications/Splunk/bin/splunk cmd pip3 install pyopenssl --target /Applications/Splunk/etc/apps/myapp/bin/lib --trusted-host pypi.org --trusted-host files.pythonhosted.org

 I then use this in myapp's code:

from lib.OpenSSL import SSL

 This is the error I get when testing:

File "/Applications/Splunk/etc/apps/myapp/bin/lib/OpenSSL/__init__.py", line 8, in <module>
from OpenSSL import crypto, SSL
ModuleNotFoundError: No module named 'OpenSSL'

Labels (1)
0 Karma
1 Solution

ohbuckeyeio
Path Finder

It looks like the cryptography module, when installed, becomes specific to your OS's security considerations. In addition, I was unable to get OpenSSL to install on my Mac without having issues with the cryptography module's trust. This would have caused problems trying to package this up for migration to other machines, so I pivoted to using popen and the OS's version of pyOpenSSL.

Here is the code from the modular input:

 

ta_home = os.path.dirname(os.path.dirname(__file__))
cert_crawler=ta_home+"/bin/certificate_crawler.py"
python_path="/usr/bin/python3"

openssl_reply = Popen([helper.get_arg('python_path'), cert_crawler]+host_args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
                
output,error = openssl_reply.communicate()

 

 certificate_crawler.py

Then accepts the arguments, passing them to a readCerts() function to perform the socket.do_handshake()

 

from optparse import OptionParser

#Parse options passed by the calling modular input
parser = OptionParser()
(options, args) = parser.parse_args()

host = args[0]
ip = args[1]
port = args[2]
timeout_seconds = args[3]

result = readCerts(host,ip,port,timeout_seconds)

 

View solution in original post

0 Karma

ohbuckeyeio
Path Finder

It looks like the cryptography module, when installed, becomes specific to your OS's security considerations. In addition, I was unable to get OpenSSL to install on my Mac without having issues with the cryptography module's trust. This would have caused problems trying to package this up for migration to other machines, so I pivoted to using popen and the OS's version of pyOpenSSL.

Here is the code from the modular input:

 

ta_home = os.path.dirname(os.path.dirname(__file__))
cert_crawler=ta_home+"/bin/certificate_crawler.py"
python_path="/usr/bin/python3"

openssl_reply = Popen([helper.get_arg('python_path'), cert_crawler]+host_args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
                
output,error = openssl_reply.communicate()

 

 certificate_crawler.py

Then accepts the arguments, passing them to a readCerts() function to perform the socket.do_handshake()

 

from optparse import OptionParser

#Parse options passed by the calling modular input
parser = OptionParser()
(options, args) = parser.parse_args()

host = args[0]
ip = args[1]
port = args[2]
timeout_seconds = args[3]

result = readCerts(host,ip,port,timeout_seconds)

 

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...