How to fix vetting issues while uploading app to c...

AL3Z · ‎01-18-2024

Hi,

Which I am trying to upload the custom app to splunk cloud it is not passing the vetting, how we can fix this issue?

I have tried this in the Linux

COPYFILE_DISABLE=1 tar --format ustar -cvzf <appname>.tar.gz <appname_directory>

[ Failure Summary ]
Failures will block the Cloud Vetting. They must be fixed.
check_for_bin_files
This file has execute permissions for owners, groups, or others. File: README/ta_mandiant_advantage_account.conf.spec
This file has execute permissions for owners, groups, or others. File: appserver/static/correlation_details_multiselect.js
This file has execute permissions for owners, groups, or others. File: README/ta_mandiant_advantage_settings.conf.spec
This file has execute permissions for owners, groups, or others. File: README/inputs.conf.spec
This file has execute permissions for owners, groups, or others. File: static/appIcon.png
This file has execute permissions for owners, groups, or others. File: README/addon_builder.conf.spec
This file has execute permissions for owners, groups, or others. File: default/collections.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/correlation_details_button.css
This file has execute permissions for owners, groups, or others. File: third_party/pytz_lic.txt
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/threat_intelligence_matched_events.xml
This file has execute permissions for owners, groups, or others. File: default/searchbnf.conf
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/inputs.xml
This file has execute permissions for owners, groups, or others. File: appserver/static/js/jquery_mandiant.js
This file has execute permissions for owners, groups, or others. File: app.manifest
This file has execute permissions for owners, groups, or others. File: default/ta_mandiant_advantage_settings.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/datamodel_hook.js
This file has execute permissions for owners, groups, or others. File: metadata/default.meta
This file has execute permissions for owners, groups, or others. File: default/web.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/alerts_input_hook.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/0.licenses.txt
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/account_hook.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/1.licenses.txt
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/threat_intelligence_matched_events_summary.xml
This file has execute permissions for owners, groups, or others. File: default/app.conf
This file has execute permissions for owners, groups, or others. File: default/server.conf
This file has execute permissions for owners, groups, or others. File: default/inputs.conf
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/security_validation_overview.xml
This file has execute permissions for owners, groups, or others. File: appserver/templates/base.html
This file has execute permissions for owners, groups, or others. File: appserver/static/js/jquery-3.5.0.min.js
This file has execute permissions for owners, groups, or others. File: default/commands.conf
This file has execute permissions for owners, groups, or others. File: splunkbase.manifest
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/entry_page.js
This file has execute permissions for owners, groups, or others. File: static/appIcon_2x.png
This file has execute permissions for owners, groups, or others. File: appserver/static/indicator_info_send.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/vuln_fields_hook.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/3.js
This file has execute permissions for owners, groups, or others. File: static/appLogo_2x.png
This file has execute permissions for owners, groups, or others. File: TA-mandiant-advantage.aob_meta
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/0.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/mktoform.js
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/matched_events_hook.js
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/vulnerability_details.xml
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/globalConfig.json
This file has execute permissions for owners, groups, or others. File: appserver/static/correlation_details_button.js
This file has execute permissions for owners, groups, or others. File: appserver/static/vulnerability_overview.css
This file has execute permissions for owners, groups, or others. File: static/appIconAlt_2x.png
This file has execute permissions for owners, groups, or others. File: default/transforms.conf
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/configuration.xml
This file has execute permissions for owners, groups, or others. File: static/appIconAlt.png
This file has execute permissions for owners, groups, or others. File: appserver/static/img/mandiant_img2.png
This file has execute permissions for owners, groups, or others. File: default/savedsearches.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/entry_page.licenses.txt
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/3.licenses.txt
This file has execute permissions for owners, groups, or others. File: CP_mandiant_advantage.tar.gz
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/5.js
This file has execute permissions for owners, groups, or others. File: static/appLogo.png
This file has execute permissions for owners, groups, or others. File: appserver/static/js/underscore-min.js
This file has execute permissions for owners, groups, or others. File: default/addon_builder.conf
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/custom/input_hook.js
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/dtm_alerts.xml
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/1.js
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/asm_issues.xml
This file has execute permissions for owners, groups, or others. File: third_party/tenacity_lic.txt
This file has execute permissions for owners, groups, or others. File: appserver/static/pop_up.js
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/threat_intelligence_overview.xml
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/vulnerability_overview.xml
This file has execute permissions for owners, groups, or others. File: default/props.conf
This file has execute permissions for owners, groups, or others. File: README.txt
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/security_validation_details.xml
This file has execute permissions for owners, groups, or others. File: default/data/ui/nav/default.xml
This file has execute permissions for owners, groups, or others. File: appserver/static/js/build/4.js
This file has execute permissions for owners, groups, or others. File: default/restmap.conf
This file has execute permissions for owners, groups, or others. File: default/macros.conf
This file has execute permissions for owners, groups, or others. File: default/data/ui/views/asm_entities.xml

Thanks in advance

gcusello · ‎01-18-2024

Hi @AL3Z,

how do you created your app, in Linux or in Windows?

open you tar.gz file in Linux and the the correct grants that you can see in another app download from splunkbase:

folder 755,
files 644.

in other words, you probably have grants 777 for your files that isn't acceptable for Splunk Cloud.

Ciao.

Giuseppe

AL3Z · ‎01-18-2024

@gcusello

Hello,

I actually untarred the file in Windows using 7zip. Afterward, I employed the Ubuntu app from the app store and executed the following command:

bash

COPYFILE_DISABLE=1 tar --format ustar -cvzf <appname>.tar.gz <appname_directory>
Despite using "chmod 644 appname," the permissions persist at 777. Any suggestions on how to rectify this?

Thanks

gcusello · ‎01-19-2024

Hi @AL3Z ,

as I said, you have to set 644 for all conf files and 755 for folders.

As also @PickleRick said, do this ation on a Linux server.

Ciao.

Giuseppe

AL3Z · ‎01-20-2024

@gcusello @PickleRick ,

I have changed the permissions sucessfully but after installing it is throwing a new error

Something went wrong!
Failed to load current state for selected entity in form!

Details
Error: Request failed with status code 500
ERR0005

How do we fix this issue any idea?

Thanks in advance.

gcusello · ‎01-20-2024

Hi @AL3Z ,

where is the issue: in the upload procedure or in dashboard running?

if in upload procedure, the message should say what's the object with the issue.

In in dashboard running, there's something wrong or missing in the dashboard.

Ciao.

Giuseppe

AL3Z · ‎01-20-2024

@gcusello,

Yes it is in the dashboard running, Do you want me to paste the source code of dashboard here ?

PickleRick · ‎01-20-2024

That's another story. In order to keep the forums tidy, please create a separate thread for a new problem. Describe precisely what's going on and we'll see if we can help you.

gcusello · ‎01-20-2024

Hi @AL3Z ,

this means that the issue on the upload procedure is solved, now you have to debug your code to understand if there's something wrong or missing, e.g. an image or a JS.

If you need help, you should share the dashboard code (only if it's in Classical Dashboard).

Ciao.

Giuseppe

PickleRick · ‎01-19-2024

Don't use windows for manipulating unix-related files/archives. It's the same problem as with managing apps with deployment server run on Windows box - windows doesn't handle unix file permissions properly and even if you run WSL-based ubuntu to access your windows filesystem, it won't work properly since windows file permissions don't "match" unix ones.

Just copy your tar archive to the _inside_ of your WSL instance and untar it there.

gcusello · ‎01-18-2024

Hi @AL3Z,

don't untar the app in windows, copy it in Ubuntu and untar it in Ubuntu, so you can modify it as you want and you can give to files and folders the correct grants.

Than tar it (tar.gz) and copy the tarred file in the machine that you will use for the upload (also windows).

In other words, passing in windows erase the grants, so, when you try to upload it in Splunk Cloud it has wrong grants.

It's the same issue that you have if you try to use a Windows Deployment Server to deploy apps to Linux servers.

Ciao.

Giuseppe

How to fix vetting issues while uploading app to cloud ?

Linux

modular input

props.conf

scripted input

transforms.conf

Windows

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio