search

splunk / addonfactory-ucc-generator

A framework to generate UI-based Splunk Add-ons.
https://splunk.github.io/addonfactory-ucc-generator/
Apache License 2.0
59 stars 22 forks source link

[Known issue] Compatibility issue of UCC library with Python 3.9 that might cause Splunk crash #1339

Open artemrys opened 1 week ago

artemrys commented 1 week ago

Description

Overview

The UCC engineering team discovered that some technology add-ons that use UCC (specifically splunktaucclib) might have a compatibility issue with Python 3.9 (running modular input will crash and might cause Splunk to crash as well).

splunktaucclib (https://github.com/splunk/addonfactory-ucc-library) is a Python library that is a part of the UCC framework ecosystem and used in all UCC-based technology add-ons. It provides out-of-the-box REST handler support for technology add-ons.

Historically, it has included one module for data collection. The team discovered that disabling the stdout buffer doesn't work for Python 3.9 (the fix was released as part of the 6.2.2 version). At the same time, the functionality works for Python version 3.7 and versions greater than 3.10. The problem can be reproduced with pure Python code without the technology add-on’s code. As a solution, the engineering team removed the disabling buffer and decided to flush buffers immediately.

How to know whether your TA is impacted

A customer of technology add-ons might encounter a critical issue if all the following conditions are met:

Resolution steps

The fix is to update splunktaucclib to at least the 6.2.2 version and release a new version of the technology add-on.

What UCC version are you using?

N/A

Additional System Info

All

pmeyerson commented 1 week ago

Can Splunk provide a listing of potentially vulnerable splunkbase apps? It can be pretty time consuming for admins to track down this info for every app they have.

antoni-splunk commented 1 week ago

Thank you for raising this point. Currently, we don’t have a direct way to provide a comprehensive list of all apps based on the UCC framework. While we are working on adding telemetry capabilities, it’s not yet at a stage where we can leverage it to get detailed information on this.

At the same time, we're looking at other approaches to help get this data. I’ll keep you updated.

pmeyerson commented 1 week ago

Thanks! Even if it's just a list of splunk base apps that's a huge help. A little concerned as I didn't see this mentioned as known issue for 9.3.0 release. If the issue hadn't been raised here we could be impacted by other apps and never known