All Apps and Add-ons

Can you please make compatible for Splunk Cloud?

cameronjust
Path Finder

Hi,

Love the visualization and we would like to incorporate it into some Splunk Cloud dashboards. I've asked Splunk support to install it but they said it fails a few minor tests.

Correspondence with support below


Hello Cameron

Thank you for your recent Splunk Cloud App request. Our Splunk Cloud operations and security teams have determined that the App you've requested is not compatible and/or secure within the Splunk Cloud service architecture. Please see their comments below:

Review fails vetting and cannot be installed.

This is a preliminary report. More issues may be found upon further review.
Thank you for your app install request. Your app did not meet security and functionality requirements for Splunk Cloud for the following reasons:
Blocking issue:

  1. There is no validation for the value of Caption, which can be attacked by stored XSS. Please add a validation for it. File: appserver/static/visualizations/departures-board-viz/visualzation.js: 10415

Once these issues are remedied you can resubmit your app for review.

If you wish to make changes to the app, you can find documentation and utilities to assist you here: http://dev.splunk.com/view/appinspect/SP-CAAAE9U

We look forward to working with you in the future to develop and install Apps that will further improve your Splunk Cloud experience.?If you have any immediate questions or concerns, please let me know. If there are no questions at this time, please let me know and I will close this case.

Best Regards,
xxxxxxxxx

Splunk Support

I had a look at the code myself to see if I could fix but these new methods of creating visualisations with npm make it hard to make changes without the original sourcecode.

Thanks

Tags (1)
0 Karma
1 Solution

spavin
Path Finder

Hi,

I have updated the app to make sure that the caption is HTML encoded - download version 1.0.1.

With this change, you can no longer have XSS due to malicious code in the caption text.

alt text

The app passes AppInspect checks, so hopefully this is enough for the Cloud team to approve it.

Let me know how you get on - it would be great to get the app cloud approved.

Cheers

Daniel

View solution in original post

0 Karma

spavin
Path Finder

Hi,

I have updated the app to make sure that the caption is HTML encoded - download version 1.0.1.

With this change, you can no longer have XSS due to malicious code in the caption text.

alt text

The app passes AppInspect checks, so hopefully this is enough for the Cloud team to approve it.

Let me know how you get on - it would be great to get the app cloud approved.

Cheers

Daniel

0 Karma

cameronjust
Path Finder

Thanks Daniel,

Yep I submitted it again when another of my colleagues pointed out that you have updated it to 1.0.1 that day. Hopefully it makes it through this time.

I'll let you know how it goes.

0 Karma

cameronjust
Path Finder

It got approved and is up in the cloud. Executives are a bit excited by the moving pictures.

Thanks Daniel

0 Karma

spavin
Path Finder

That's great news, glad I could help.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...