How the Splunk APIs deal with files

jsun · ‎10-28-2020

Hi Everyone,

I am new to Splunk Cloud App development. I have got some Splunk Cloud warning messages after AppInspect from Splunk Cloud Team, which are mostly related to manage file access in Python code. After I searched the document and Google, I came out a way but not sure if it works. Could anyone point me out if the follwoing way works to avoid the warning message?

try:
from splunk.clilib.bundle_paths import make_splunkhome_path
except ImportError:
from splunk.appserver.mrsparkle.lib.util import make_splunkhome_path

_file = make_splunkhome_path(["var", "log", "splunk", log_file_name])
with open(_file, 'w') as filehandler:
filehandler.write("content need to write to file")

FYI, the warning messages were refering the "Method used to write/manipulate/remove to/from files outside of the app dir".

Thanks.

John

richgalloway · ‎10-28-2020

This is one of the limitations of AppInspect. Such warnings are supposed to be resolved during manual inspection by Splunk.

---
If this reply helps you, Karma would be appreciated.

jsun · ‎11-03-2020

Thanks.

How the Splunk APIs deal with files

app

appinspect

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk