Skip to content

Commit 1a5ee99

Browse files
echipachenkoechipachenko
authored
fix: Splunk metadata parsing logic: config stanzas must be loaded from the system app (#432)
Method get_conf_stanzas internally calls `$SPLUNK_HOME/bin/splunk cmd btool server list` This command leads to accumulated output. It reads server.conf files from all apps. Such behaviour may lead to invalid results, if an app has different (not supported) format in the conf file. I suggest to change login and read configs only from the system app: `$SPLUNK_HOME/bin/splunk cmd btool server list --app=system`
1 parent 32e838f commit 1a5ee99

File tree

1 file changed

+26
-11
lines changed

1 file changed

+26
-11
lines changed

solnlib/splunkenv.py

Lines changed: 26 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@
3939
]
4040

4141
ETC_LEAF = "etc"
42+
APP_SYSTEM = "system"
43+
APP_HEC = "splunk_httpinput"
4244

4345
# See validateSearchHeadPooling() in src/libbundle/ConfSettings.cpp
4446
on_shared_storage = [
@@ -73,8 +75,8 @@ def _get_shared_storage() -> Optional[str]:
7375
"""
7476

7577
try:
76-
state = get_conf_key_value("server", "pooling", "state")
77-
storage = get_conf_key_value("server", "pooling", "storage")
78+
state = get_conf_key_value("server", "pooling", "state", APP_SYSTEM)
79+
storage = get_conf_key_value("server", "pooling", "storage", APP_SYSTEM)
7880
except KeyError:
7981
state = "disabled"
8082
storage = None
@@ -154,7 +156,7 @@ def get_splunk_host_info() -> Tuple:
154156
Tuple of (server_name, host_name).
155157
"""
156158

157-
server_name = get_conf_key_value("server", "general", "serverName")
159+
server_name = get_conf_key_value("server", "general", "serverName", APP_SYSTEM)
158160
host_name = socket.gethostname()
159161
return server_name, host_name
160162

@@ -180,12 +182,14 @@ def get_splunkd_access_info() -> Tuple[str, str, int]:
180182
Tuple of (scheme, host, port).
181183
"""
182184

183-
if is_true(get_conf_key_value("server", "sslConfig", "enableSplunkdSSL")):
185+
if is_true(
186+
get_conf_key_value("server", "sslConfig", "enableSplunkdSSL", APP_SYSTEM)
187+
):
184188
scheme = "https"
185189
else:
186190
scheme = "http"
187191

188-
host_port = get_conf_key_value("web", "settings", "mgmtHostPort")
192+
host_port = get_conf_key_value("web", "settings", "mgmtHostPort", APP_SYSTEM)
189193
host_port = host_port.strip()
190194
host_port_split_parts = host_port.split(":")
191195
host = ":".join(host_port_split_parts[:-1])
@@ -206,7 +210,7 @@ def get_scheme_from_hec_settings() -> str:
206210
scheme (str)
207211
"""
208212
try:
209-
ssl_enabled = get_conf_key_value("inputs", "http", "enableSSL")
213+
ssl_enabled = get_conf_key_value("inputs", "http", "enableSSL", APP_HEC)
210214
except KeyError:
211215
raise KeyError(
212216
"Cannot get enableSSL setting form conf: 'inputs' and stanza: '[http]'. "
@@ -237,13 +241,16 @@ def get_splunkd_uri() -> str:
237241
return f"{scheme}://{host}:{port}"
238242

239243

240-
def get_conf_key_value(conf_name: str, stanza: str, key: str) -> Union[str, List, dict]:
244+
def get_conf_key_value(
245+
conf_name: str, stanza: str, key: str, app_name: Optional[str] = None
246+
) -> Union[str, List, dict]:
241247
"""Get value of `key` of `stanza` in `conf_name`.
242248
243249
Arguments:
244250
conf_name: Config file.
245251
stanza: Stanza name.
246252
key: Key name.
253+
app_name: Application name. Optional.
247254
248255
Returns:
249256
Config value.
@@ -252,16 +259,19 @@ def get_conf_key_value(conf_name: str, stanza: str, key: str) -> Union[str, List
252259
KeyError: If `stanza` or `key` doesn't exist.
253260
"""
254261

255-
stanzas = get_conf_stanzas(conf_name)
262+
stanzas = get_conf_stanzas(conf_name, app_name)
256263
return stanzas[stanza][key]
257264

258265

259-
def get_conf_stanza(conf_name: str, stanza: str) -> dict:
266+
def get_conf_stanza(
267+
conf_name: str, stanza: str, app_name: Optional[str] = None
268+
) -> dict:
260269
"""Get `stanza` in `conf_name`.
261270
262271
Arguments:
263272
conf_name: Config file.
264273
stanza: Stanza name.
274+
app_name: Application name. Optional.
265275
266276
Returns:
267277
Config stanza.
@@ -270,15 +280,16 @@ def get_conf_stanza(conf_name: str, stanza: str) -> dict:
270280
KeyError: If stanza doesn't exist.
271281
"""
272282

273-
stanzas = get_conf_stanzas(conf_name)
283+
stanzas = get_conf_stanzas(conf_name, app_name)
274284
return stanzas[stanza]
275285

276286

277-
def get_conf_stanzas(conf_name: str) -> dict:
287+
def get_conf_stanzas(conf_name: str, app_name: Optional[str] = None) -> dict:
278288
"""Get stanzas of `conf_name`
279289
280290
Arguments:
281291
conf_name: Config file.
292+
app_name: Application name. Optional.
282293
283294
Returns:
284295
Config stanzas.
@@ -299,6 +310,10 @@ def get_conf_stanzas(conf_name: str) -> dict:
299310
conf_name,
300311
"list",
301312
]
313+
314+
if app_name:
315+
btool_cli.append(f"--app={app_name}")
316+
302317
p = subprocess.Popen( # nosemgrep: python.lang.security.audit.dangerous-subprocess-use.dangerous-subprocess-use
303318
btool_cli, stdout=subprocess.PIPE, stderr=subprocess.PIPE
304319
)

0 commit comments

Comments
 (0)