https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/583535#M10353 <P>Cross posting with&nbsp;<A href="https://community.splunk.com/t5/Developing-for-Splunk-Enterprise/Update-jquery-version/m-p/583115" target="_self">Update jquery version</A>&nbsp;which sounds like the same issue. I'm also hunting for some SMEs who can help.</P> Thu, 03 Feb 2022 11:54:40 GMT sloshburch 2022-02-03T11:54:40Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/582985#M10350 <P>I'm trying to address the new "<SPAN>check_for_vulnerable_javascript_library_usage"</SPAN>&nbsp;check in AppInspect as it's required for apps to run in Splunk Cloud after February. However, I get results like:</P><BLOCKQUOTE><P>3rd party CORS request may execute</P><P>parseHTML() executes scripts in event handlers</P><P>jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution</P><P>Regex in its jQuery.htmlPrefilter sometimes may introduce XSS</P><P>Regex in its jQuery.htmlPrefilter sometimes may introduce XSS</P></BLOCKQUOTE><P>&nbsp;which doesn't really tell me how to proceed. Is there a way I can figure out what's actually causing these&nbsp;errors?</P> Fri, 28 Jan 2022 20:05:00 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/582985#M10350 pwu_splunk 2022-01-28T20:05:00Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/582987#M10351 <P>This manual may help.&nbsp;&nbsp;<A href="https://dev.splunk.com/enterprise/docs/developapps/visualizedata/updatejquery/" target="_blank">https://dev.splunk.com/enterprise/docs/developapps/visualizedata/updatejquery/</A></P> Fri, 28 Jan 2022 20:35:04 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/582987#M10351 richgalloway 2022-01-28T20:35:04Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/582991#M10352 <P>Unfortunately, this is in an app that's already been upgraded to jQuery 3.6.0. My guess is that there's some library in the app that uses copy-and-paste jQuery code without having it as an explicit dependency, and I don't really know how to figure out which offending library that is.<BR /><BR />Also, the search strings aren't one-to-one with the offending strings, and I don't have visibility into the translation. Technically, as a Splunk employee, I can get access, but I'm filing this here to help non-Splunkers.</P> Fri, 28 Jan 2022 20:46:11 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/582991#M10352 pwu_splunk 2022-01-28T20:46:11Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/583535#M10353 <P>Cross posting with&nbsp;<A href="https://community.splunk.com/t5/Developing-for-Splunk-Enterprise/Update-jquery-version/m-p/583115" target="_self">Update jquery version</A>&nbsp;which sounds like the same issue. I'm also hunting for some SMEs who can help.</P> Thu, 03 Feb 2022 11:54:40 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/583535#M10353 sloshburch 2022-02-03T11:54:40Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/583602#M10354 <P>I see you're a fellow splunk employee so let's do the back and forth over internal chat. Happy to post the resolution here once we arrive at a solution. If you hit any of the cloud vetting or prodsec channels I will see it.<BR /><BR />Also, in future please use internal communication channels for anything related to prodsec.&nbsp;<BR /><BR />ty!&nbsp;<BR />-D</P> Thu, 03 Feb 2022 17:00:51 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/583602#M10354 doc_holiday 2022-02-03T17:00:51Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/583769#M10355 <P>We've moved this to internal discussion. Search "Alpha Kilo India" on Slack.</P> Fri, 04 Feb 2022 19:52:32 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/583769#M10355 pwu_splunk 2022-02-04T19:52:32Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/585030#M10356 <P><SPAN>If the common.js came from the&nbsp;</SPAN><A href="https://splunkbase.splunk.com/app/2962/" target="_self" rel="nofollow noopener noreferrer">Splunk Add-on Builder</A><SPAN>&nbsp;then you can ignore it for now. We're investigating false positives from that and we (Splunk) needs to provide a fix to either the&nbsp;check_for_vulnerable_javascript_library_usage or the code that&nbsp;</SPAN><A href="https://splunkbase.splunk.com/app/2962/" target="_self" rel="nofollow noopener noreferrer">Splunk Add-on Builder</A><SPAN>&nbsp;adds to your app.</SPAN></P> Mon, 14 Feb 2022 19:16:31 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/585030#M10356 sloshburch 2022-02-14T19:16:31Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/587681#M10357 <P>This is sometimes caused by the behavior of AppInspect versions prior to 4.1.0.&nbsp; See this post for more info:&nbsp;<A href="https://community.splunk.com/t5/Developing-for-Splunk-Enterprise/Suggestions-on-how-we-can-upgrade-the-jquery-version-in-this/m-p/587680#M9798" target="_blank">https://community.splunk.com/t5/Developing-for-Splunk-Enterprise/Suggestions-on-how-we-can-upgrade-the-jquery-version-in-this/m-p/587680#M9798</A></P> Fri, 04 Mar 2022 16:41:44 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/587681#M10357 jowenssi 2022-03-04T16:41:44Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/587705#M10358 <P>Additional guidance at <A href="https://community.splunk.com/t5/Developing-for-Splunk-Cloud/How-to-fix-AppInspect-check-for-vulnerable-javascript-library/m-p/587702" target="_self">How to fix AppInspect check_for_vulnerable_javascript_library_usage from Add-on Builder content</A>&nbsp;</P> Fri, 04 Mar 2022 19:33:47 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/587705#M10358 sloshburch 2022-03-04T19:33:47Z https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/591702#M10359 <P>Hi @<SPAN>pwu_splunk,&nbsp;</SPAN></P><P>Even I am facing the same error with my app and inspite of upgrading the jquery in all my XML, I am still getting this issue.&nbsp;</P><UL><LI><PRE>Regex in its jQuery.htmlPrefilter sometimes may introduce XSS Regex in its jQuery.htmlPrefilter sometimes may introduce XSS</PRE></LI></UL><P>Can you please suggest what was done to fix this error? I havent used Add on Builder as mine is an custom app.</P><P>Thanks,</P><P>Arjit.&nbsp;&nbsp;</P><P>&nbsp;</P> Thu, 31 Mar 2022 07:12:15 GMT https://community.splunk.com/t5/Splunk-Dev/How-do-I-address-quot-check-for-vulnerable-javascript-library/m-p/591702#M10359 arjitg 2022-03-31T07:12:15Z