From 95d476edb04ed05008aaa9631768f918c166c168 Mon Sep 17 00:00:00 2001 From: chkp-yazanb <113822306+chkp-yazanb@users.noreply.github.com> Date: Tue, 22 Nov 2022 11:07:28 +0200 Subject: [PATCH 1/6] align with CME - for pycodestyle issues (#50) --- cpapi/api_exceptions.py | 2 +- cpapi/mgmt_api.py | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cpapi/api_exceptions.py b/cpapi/api_exceptions.py index 6b6145a..625a01f 100644 --- a/cpapi/api_exceptions.py +++ b/cpapi/api_exceptions.py @@ -15,4 +15,4 @@ def __init__(self, value): class TimeoutException(APIException): def __init__(self, value): - APIException.__init__(self, value, None) \ No newline at end of file + APIException.__init__(self, value, None) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 5323121..3552b7f 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -179,8 +179,7 @@ def _common_login_logic(self, credentials, continue_last_session, domain, read_o self.api_version = login_res.data["api-server-version"] return login_res - def login_with_api_key(self, api_key, continue_last_session=False, domain=None, read_only=False, - payload=None): + def login_with_api_key(self, api_key, continue_last_session=False, domain=None, read_only=False, payload=None): """ performs a 'login' API call to the management server @@ -349,7 +348,8 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= res = APIResponse("", False, err_message=err_message) else: res = APIResponse("", False, err_message=err) - except (http_client.CannotSendRequest, http_client.BadStatusLine, ConnectionAbortedError, BrokenPipeError, IOError) as e: + except (http_client.CannotSendRequest, http_client.BadStatusLine, + ConnectionAbortedError, BrokenPipeError, IOError) as e: self.conn = self.create_https_connection() self.conn.request("POST", url, _data, _headers) response = self.conn.getresponse() @@ -455,8 +455,8 @@ def gen_api_query(self, command, details_level="standard", container_keys=None, for key in container_keys: all_objects[key] = [] iterations = 0 # number of times we've made an API call - limit = 50 # page size to get for each api call - offset = 0 # skip n objects in the database + limit = 50 # page size to get for each api call + offset = 0 # skip n objects in the database if payload is None: payload = {} else: @@ -591,7 +591,7 @@ def check_tasks_status(task_result): :return: """ for task in task_result.data["tasks"]: - if task["status"] == "failed" or task["status"] == "partially succeeded" or task["status"] == "in progress": + if task["status"] == "failed" or task["status"] == "partially succeeded" or task["status"] == "in progress": task_result.set_success_status(False) break @@ -610,7 +610,7 @@ def check_fingerprint(self): local_fingerprint = self.read_fingerprint_from_file(self.server) server_fingerprint = self.get_server_fingerprint() - #Check if fingerprint is passed and matches + # Check if fingerprint is passed and matches if self.fingerprint == server_fingerprint: return True From 459779536ef05af05e1670d7fd8611a154d340c4 Mon Sep 17 00:00:00 2001 From: chkp-olgami <109672880+chkp-olgami@users.noreply.github.com> Date: Wed, 24 May 2023 12:23:35 +0300 Subject: [PATCH 2/6] Added option to use all HTTP methods (#54) * Added option to use all rest API methods * Added comment --- cpapi/mgmt_api.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 3552b7f..9a6a834 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -274,7 +274,7 @@ def login_as_root(self, domain=None, payload=None): except (WindowsError) as err: raise APIClientException("Could not login as root:\n" + str(type(err)) + " - " + str(err)) - def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout=-1): + def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout=-1, method="POST"): """ performs a web-service API request to the management server @@ -287,6 +287,7 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= when wait_for_task=False, it is up to the user to call the "show-task" API and check the status of the command. :param timeout: Optional positive timeout (in seconds) before stop waiting for the task even if not completed. + :param method: The HTTP method to use. Defaults is `POST`. :return: APIResponse object :side-effects: updates the class's uid and server variables """ @@ -336,7 +337,7 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= response = None try: # Send the data to the server - conn.request("POST", url, _data, _headers) + conn.request(method, url, _data, _headers) # Get the reply from the server response = conn.getresponse() res = APIResponse.from_http_response(response) From 325c7a724a3f8edd0e0ad1bba8b05c7bd2da5a76 Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Wed, 24 May 2023 12:25:42 +0300 Subject: [PATCH 3/6] Update setup.py --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index f233af3..b274b14 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name="cp-mgmt-api-sdk", - version="1.6.0", + version="1.7.0", author="API team", author_email="api_team@checkpoint.com", license='Apache 2.0', From 2f471a7905d5c4f7baa6274202b9222a1bbfd3eb Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Mon, 27 Nov 2023 14:16:00 +0200 Subject: [PATCH 4/6] Python 3.12 ssl compatibility fix (#57) * Add sg file * Revert "Add sg file" This reverts commit 726298c13acc2f51fccda85035d2b56c23ef4f4f. * Python 3.12 ssl compatibility fix --- cpapi/mgmt_api.py | 6 +++--- setup.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 9a6a834..83d2396 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -748,8 +748,8 @@ def read_fingerprint_from_file(server, filename="fingerprints.txt"): return "" def create_https_connection(self): - context = ssl.create_default_context() - context.check_hostname = True + context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS) + context.verify_mode = ssl.CERT_NONE # create https connection if self.proxy_host and self.proxy_port: conn = HTTPSConnection(self.proxy_host, self.proxy_port, context=context) @@ -784,7 +784,7 @@ class HTTPSConnection(http_client.HTTPSConnection): """ def connect(self): http_client.HTTPConnection.connect(self) - self.sock = ssl.wrap_socket(self.sock, self.key_file, self.cert_file, cert_reqs=ssl.CERT_NONE) + self.sock = self._context.wrap_socket(self.sock, server_hostname=self.host) def get_fingerprint_hash(self): if self.sock is None: diff --git a/setup.py b/setup.py index b274b14..9b5a5b1 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name="cp-mgmt-api-sdk", - version="1.7.0", + version="1.8.0", author="API team", author_email="api_team@checkpoint.com", license='Apache 2.0', From 24be1e88544c5cf2fef8415b07b8db6558033bbe Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Thu, 6 Feb 2025 14:16:01 +0200 Subject: [PATCH 5/6] hide api-key from debug file (#61) * Add sg file * Revert "Add sg file" This reverts commit 726298c13acc2f51fccda85035d2b56c23ef4f4f. * hide api-key from debug file --- cpapi/mgmt_api.py | 5 ++++- setup.py | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/cpapi/mgmt_api.py b/cpapi/mgmt_api.py index 83d2396..dc42370 100644 --- a/cpapi/mgmt_api.py +++ b/cpapi/mgmt_api.py @@ -368,7 +368,10 @@ def api_call(self, command, payload=None, sid=None, wait_for_task=True, timeout= # would not appear as plaintext in the debug file. if command == "login": json_data = compatible_loads(_data) - json_data["password"] = "****" + if "password" in json_data: + json_data["password"] = "****" + if "api-key" in json_data: + json_data["api-key"] = "****" _data = json.dumps(json_data) if self.debug_file: diff --git a/setup.py b/setup.py index 9b5a5b1..b35bd99 100644 --- a/setup.py +++ b/setup.py @@ -3,7 +3,7 @@ setup( name="cp-mgmt-api-sdk", - version="1.8.0", + version="1.9.0", author="API team", author_email="api_team@checkpoint.com", license='Apache 2.0', From 5db24fe8b5db2605daf8028e6780604751012eb2 Mon Sep 17 00:00:00 2001 From: chkp-edenbr <94056191+chkp-edenbr@users.noreply.github.com> Date: Thu, 6 Feb 2025 14:27:26 +0200 Subject: [PATCH 6/6] Update workflow.yml (#62) --- .github/workflows/workflow.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index 334832c..8536ad8 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -5,9 +5,6 @@ on: - pull_request jobs: - code-analysis: - uses: CheckPointSW/org-templates/.github/workflows/code-analysis.yml@main - secrets: inherit build-n-publish: name: Build and publish Python 🐍 distributions 📦 to PyPI