search

scalyr / dataset-addon-for-splunk

The DataSet Add-on for Splunk provides integration with
Apache License 2.0
3 stars 10 forks source link

[MAPPS-2235] fix: appInspect issues handling #137

Closed saurabh-dongare-s1 closed 2 months ago

saurabh-dongare-s1 commented 2 months ago

Jira Link: https://sentinelone.atlassian.net/browse/MAPPS-2235

🥅 Goal

To resolve the AppInspect failures, which were intermittent and throwing 2 errors every time it showed up as mentioned below:

A default value of 25 for max-messages will be used. Cloud operations simple application check This group serves to help validate simple applications in an effort to try and automate the validation process for cloud operations. Check that all executable binary files have matching source code. For any binary files, there should be a source code provided with the same name. Or, there should be a decalaration of what the binary file is all about in the app's REAMDE. Details for passing this check will be returned if you fail it. FAILURE: is a binary file (Format: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=70e32f6b4c4800da2508b2effef36317496b3985, not stripped) but fail to find any source file nor reference info. Please attach source code of this binary in the package, OR include any information of those binaries under "# Binary File Declaration" section (You might need create one) in your App's REAMDE. We will manually review the source code of the binary. File: lib/charset_normalizer/md.cpython-38-x86_64-linux-gnu.so FAILURE: is a binary file (Format: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d620613002feba08d85f784992a95efca90d1d2c, not stripped) but fail to find any source file nor reference info. Please attach source code of this binary in the package, OR include any information of those binaries under "# Binary File Declaration" section (You might need create one) in your App's REAMDE. We will manually review the source code of the binary. File: lib/charset_normalizer/md__mypyc.cpython-38-x86_64-linux-gnu.so Source code and binaries standards Check that no files have *nix write permissions for all users (xx2, xx6, xx7). Splunk recommends 644 for all app files outside of the bin/ directory, 644 for scripts within the bin/ directory that are invoked using an interpreter (e.g. python my_script.py or sh my_script.sh), and 755 for scripts within the bin/ directory that are invoked directly (e.g. ./my_script.sh or ./my_script). Since appinspect 1.6.1, check that no files have nt write permissions for all users. FAILURE: A posix world-writable file was found. File: default/data/ui/views/inputs.xml FAILURE: A posix world-writable file was found. File: default/data/ui/views/configuration.xml FAILURE: A posix world-writable file was found. File: appserver/static/alerticon.png FAILURE: A posix world-writable file was found. File: appserver/static/js/dependencies.txt FAILURE: A posix world-writable file was found. File: appserver/static/js/build/entry_page.js FAILURE: A posix world-writable file was found. File: appserver/static/js/build/3.js FAILURE: A posix world-writable file was found. File: appserver/static/js/build/3.licenses.txt FAILURE: A posix world-writable file was found. File: appserver/static/js/build/entry_page.licenses.txt FAILURE: A posix world-writable file was found. File: appserver/static/js/build/1.licenses.txt FAILURE: A posix world-writable file was found. File: appserver/static/js/build/0.licenses.txt FAILURE: A posix world-writable file was found. File: appserver/static/js/build/4.js FAILURE: A posix world-writable file was found. File: appserver/static/js/build/0.js FAILURE: A posix world-writable file was found. File: appserver/static/js/build/1.js FAILURE: A posix world-writable file was found. File: appserver/static/js/build/5.js FAILURE: A posix world-writable file was found. File: appserver/templates/base.html TA_dataset Report Summary: error: 0 failure: 2 skipped: 0 manual_check: 32 not_applicable: 80 warning: 5 success: 149 Total: 268 Please note that more issues could be found out later during the optional manual review process.

🛠️ Solution

  1. For the issue with binaries they were coming from the UCC packing meaning when the UCC creates the lib folder for all dependencies it also adds a couple of binaries (not in our control). Splunk suggested to add source code details for these in the README.md which we did for Splunk's manual review.
  2. For the issue with world-writable files, again this is not in our control, this is how UCC prepared the files. When investigating we saw that the UCC version was quite old, and when upgraded to the latest version, the files were created properly without world-writable permissions resolving the issues.

Please note that with the use of latest version of UCC few UI changes were introduced from Splunk's end. Like "*" added for required fields, etc.

🏫 Testing

saurabh-dongare-s1 commented 2 months ago

Not needed anymore as there is a new PR by @munna-shaik-s1