Splunk Enterprise

URA reports incompatanility with JQuery 3.5

fatsug
Contributor

I get weekly email updates with results from weekly URA scans. After noticing that we had outdated apps we rolled out updates for three public apps, Sankey Diagram, Scalable Vector Graphics and Splunk Dashboard Examples.

In our testing environment URA is now content and all apps pass jQuery scans without issues. However, in our production environment URA scan still fails in all three apps.

It does not specify which files or of there is a problem om one or all instances so I don’t know what is causing the results. I have double and triple checked the apps comparing hash values for every file both on the deployment server and on all individual test and production search heads.

Everything except for the “install hash” in “meta.local” is identical in both test and production environment. Apps are all identical between cluster members in test and production environment respectively.

There are not additional files present on any search head in the production environment.

Why is URA still failing these apps only in the production environment? How can I identify the reason for the scan failures as I they should all pass in both environments, being identical and all.

Any and all suggestions are most welcome

All the best

Labels (2)
0 Karma
1 Solution

marnall
Motivator

You can export the results of the scan in JSON format, then look inside for the individual checks and their results. Find entries with "Result":"BLOCKER", as the messages should indicate why the app is failing the check, and should include the problematic file path.

I use Notepad++ with the JStools extension to JSFormat and make the json file readable.

 

View solution in original post

marnall
Motivator

You can export the results of the scan in JSON format, then look inside for the individual checks and their results. Find entries with "Result":"BLOCKER", as the messages should indicate why the app is failing the check, and should include the problematic file path.

I use Notepad++ with the JStools extension to JSFormat and make the json file readable.

 

fatsug
Contributor

Sorry for the delay

Exporting the scan results did provide additional information, as with most other apps the problem is with "backups" of older versions of the app

".../default.old.20240828…i/views/attribution.xml"

So URA is triggering on "old" folders which are no longer active. The remaining questions hence is "to delete or not to delete"? I know I've participated in these discussions before.

For "private" apps I could normally just ignore a specific search path for an app, this is not possible for the "splunk base app". So either I have to ingore the "failing" (false positives) apps completely, or manually delete "old" folders.

What is the "best praxis" here?

0 Karma
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...