Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk add on builder app validation

Varalakshmi
New Member
‎12-19-2023 11:40 PM

Hi,

We have created an application using splunk add on builder(https://apps.splunk.com/app/2962/).

Created a python script for the alert action. while validating the application created(add-on) we are getting two errors rest of the test cases are passed. 

Sharing the errors below-

First Error: {"validation_id": "v_1703053121_88", "ta_name": "TA-testaddon", "rule_name": "Validate app certification", "category": "app_cert_validation", "ext_data": {"is_visible": true}, "message_id": "7004", "description": "Check that no files have *nix write permissions for all users (xx2, xx6, xx7). Splunk recommends 644 for all app files outside of the bin/ directory, 644 for scripts within the bin/ directory that are invoked using an interpreter (e.g. python my_script.py or sh my_script.sh), and 755 for scripts within the bin/ directory that are invoked directly (e.g. ./my_script.sh or ./my_script). Since appinspect 1.6.1, check that no files have nt write permissions for all users..", "sub_category": "Source code and binaries standards", "solution": "There are multiple errors for this check. Please check \"messages\" for details.", "messages": "[{\"result\": \"warning\", \"message\": \"Suppressed 813 failure messages\", \"message_filename\": null, \"message_line\": null}, {\"result\": \"failure\", \"message\": \"A posix world-writable file was found. File: bin/ta_testaddon/aob_py3/splunktalib/splunk_cluster.py\", \"message_filename\": null, \"message_line\": null}]", "severity": "Fatal", "status": "Fail", "validation_time": 1703053540}

 

Second Error: {"validation_id": "v_1703053679_83", "ta_name": "TA-testaddon", "rule_name": "Validate app certification", "category": "app_cert_validation", "ext_data": {"is_visible": true}, "message_id": "7002", "description": "Check that the dashboards in your app have a valid version attribute.", "sub_category": "jQuery vulnerabilities", "solution": "Change the version attribute in the root node of your Simple XML dashboard default/data/ui/views/home.xml to `<version=1.1>`. Earlier dashboard versions introduce security vulnerabilities into your apps and are not permitted in Splunk Cloud File: default/data/ui/views/home.xml", "severity": "Fatal", "status": "Fail", "validation_time": 1703053994}

Kindly help in resolving this

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎01-05-2024 05:45 AM

Hi

based on those warnings

  1. You have some files on your app which have something else on umask that 0644 (owner r+w; group + other only read). You should fix this to avoid security issue.
  2. You have at leas one dashboard which haven't "<... version=1.1>" element on it's header

r. Ismo

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...