search

CheckPointSW / cp_mgmt_api_python_sdk

Check Point API Python Development Kit simplifies the use of the Check Point Management APIs.
Apache License 2.0
92 stars 59 forks source link

Python 3.12 AttributeError: module 'ssl' has no attribute 'wrap_socket' #56

Closed vehemont closed 11 months ago

vehemont commented 12 months ago

Hi,

When I attempt to use the library on Python 3.12 I receive the following error:

Enter server IP address or hostname:192.168.12.5
Enter username: admin
Enter password: 
Traceback (most recent call last):
  File "c:\Users\brad\Documents\GitHub\nvdlib\nvdlib\nvdlib\tests\testapi.py", line 67, in <module>
    main()
  File "c:\Users\brad\Documents\GitHub\nvdlib\nvdlib\nvdlib\tests\testapi.py", line 41, in main    
    login_res = client.login(username, password)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^                                       n
  File "C:\Program Files\Python312\Lib\site-packages\cpapi\mgmt_api.py", line 324, in api_ payload)call                                                                                      ^^^^^^^^^
    conn = self.get_https_connection()                                                    mon_login_logic
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\cpapi\mgmt_api.py", line 771, in get_https_connection                                                                          call
    self.conn = self.create_https_connection()
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Program Files\Python312\Lib\site-packages\cpapi\mgmt_api.py", line 765, in creahttps_connectionte_https_connection
    conn.connect()
  File "C:\Program Files\Python312\Lib\site-packages\cpapi\mgmt_api.py", line 787, in connte_https_connectionect
    self.sock = ssl.wrap_socket(self.sock, self.key_file, self.cert_file, cert_reqs=ssl.CEectRT_NONE)                                                                                  RT_NONE)
                ^^^^^^^^^^^^^^^
AttributeError: module 'ssl' has no attribute 'wrap_socket'

I believe this is due to ssl.wrap_socket being deprecated in favor of ssl.SSLContext.wrap_socket as stated in the What's New for Python 3.12: https://docs.python.org/3.12/whatsnew/3.12.html#ssl

Remove the ssl.wrap_socket() function, deprecated in Python 3.7: instead, create a ssl.SSLContext object and call its ssl.SSLContext.wrap_socket method. Any package that still uses ssl.wrap_socket() is broken and insecure. The function neither sends a SNI TLS extension nor validates server hostname. Code is subject to CWE-295: Improper Certificate Validation. (Contributed by Victor Stinner in gh-94199.)

vehemont commented 12 months ago

I think this can be worked around by editing mgmt_api.py line 787 of the library. I am not familiar with the inner workings of this library or the SSL module to know if this is an appropriate change.

https://github.com/CheckPointSW/cp_mgmt_api_python_sdk/blob/325c7a724a3f8edd0e0ad1bba8b05c7bd2da5a76/cpapi/mgmt_api.py#L787

To the following:

context = ssl.SSLContext()
self.sock = context.wrap_socket(self.sock)
chkp-edenbr commented 11 months ago

Hi @vehemont, Thanks for notifying us, we'll look into it, and update you. Regards, Eden

chkp-edenbr commented 11 months ago

Hi @vehemont , We've added a fix available in the new released version v1.8.0 Thanks, Eden