Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk add on builder app validation

Varalakshmi
New Member
‎12-19-2023 11:40 PM

Hi,

We have created an application using splunk add on builder(https://apps.splunk.com/app/2962/).

Created a python script for the alert action. while validating the application created(add-on) we are getting two errors rest of the test cases are passed. 

Sharing the errors below-

First Error: {"validation_id": "v_1703053121_88", "ta_name": "TA-testaddon", "rule_name": "Validate app certification", "category": "app_cert_validation", "ext_data": {"is_visible": true}, "message_id": "7004", "description": "Check that no files have *nix write permissions for all users (xx2, xx6, xx7). Splunk recommends 644 for all app files outside of the bin/ directory, 644 for scripts within the bin/ directory that are invoked using an interpreter (e.g. python my_script.py or sh my_script.sh), and 755 for scripts within the bin/ directory that are invoked directly (e.g. ./my_script.sh or ./my_script). Since appinspect 1.6.1, check that no files have nt write permissions for all users..", "sub_category": "Source code and binaries standards", "solution": "There are multiple errors for this check. Please check \"messages\" for details.", "messages": "[{\"result\": \"warning\", \"message\": \"Suppressed 813 failure messages\", \"message_filename\": null, \"message_line\": null}, {\"result\": \"failure\", \"message\": \"A posix world-writable file was found. File: bin/ta_testaddon/aob_py3/splunktalib/splunk_cluster.py\", \"message_filename\": null, \"message_line\": null}]", "severity": "Fatal", "status": "Fail", "validation_time": 1703053540}

 

Second Error: {"validation_id": "v_1703053679_83", "ta_name": "TA-testaddon", "rule_name": "Validate app certification", "category": "app_cert_validation", "ext_data": {"is_visible": true}, "message_id": "7002", "description": "Check that the dashboards in your app have a valid version attribute.", "sub_category": "jQuery vulnerabilities", "solution": "Change the version attribute in the root node of your Simple XML dashboard default/data/ui/views/home.xml to `<version=1.1>`. Earlier dashboard versions introduce security vulnerabilities into your apps and are not permitted in Splunk Cloud File: default/data/ui/views/home.xml", "severity": "Fatal", "status": "Fail", "validation_time": 1703053994}

Kindly help in resolving this

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-05-2024 05:45 AM

Hi

based on those warnings

  1. You have some files on your app which have something else on umask that 0644 (owner r+w; group + other only read). You should fix this to avoid security issue.
  2. You have at leas one dashboard which haven't "<... version=1.1>" element on it's header

r. Ismo

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...