Skip to content

Commit b95b0df

Browse files
echipachenkoechipachenko
committed
fix splunk metadata parsing logic: config stanzas must be loaded from the system app
1 parent 32e838f commit b95b0df

File tree

1 file changed

+20
-11
lines changed

1 file changed

+20
-11
lines changed

solnlib/splunkenv.py

Lines changed: 20 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@
3939
]
4040

4141
ETC_LEAF = "etc"
42+
APP_SYSTEM = "system"
43+
APP_HEC = "splunk_httpinput"
4244

4345
# See validateSearchHeadPooling() in src/libbundle/ConfSettings.cpp
4446
on_shared_storage = [
@@ -73,8 +75,8 @@ def _get_shared_storage() -> Optional[str]:
7375
"""
7476

7577
try:
76-
state = get_conf_key_value("server", "pooling", "state")
77-
storage = get_conf_key_value("server", "pooling", "storage")
78+
state = get_conf_key_value("server", "pooling", "state", APP_SYSTEM)
79+
storage = get_conf_key_value("server", "pooling", "storage", APP_SYSTEM)
7880
except KeyError:
7981
state = "disabled"
8082
storage = None
@@ -154,7 +156,7 @@ def get_splunk_host_info() -> Tuple:
154156
Tuple of (server_name, host_name).
155157
"""
156158

157-
server_name = get_conf_key_value("server", "general", "serverName")
159+
server_name = get_conf_key_value("server", "general", "serverName", APP_SYSTEM)
158160
host_name = socket.gethostname()
159161
return server_name, host_name
160162

@@ -180,12 +182,12 @@ def get_splunkd_access_info() -> Tuple[str, str, int]:
180182
Tuple of (scheme, host, port).
181183
"""
182184

183-
if is_true(get_conf_key_value("server", "sslConfig", "enableSplunkdSSL")):
185+
if is_true(get_conf_key_value("server", "sslConfig", "enableSplunkdSSL", APP_SYSTEM)):
184186
scheme = "https"
185187
else:
186188
scheme = "http"
187189

188-
host_port = get_conf_key_value("web", "settings", "mgmtHostPort")
190+
host_port = get_conf_key_value("web", "settings", "mgmtHostPort", APP_SYSTEM)
189191
host_port = host_port.strip()
190192
host_port_split_parts = host_port.split(":")
191193
host = ":".join(host_port_split_parts[:-1])
@@ -206,7 +208,7 @@ def get_scheme_from_hec_settings() -> str:
206208
scheme (str)
207209
"""
208210
try:
209-
ssl_enabled = get_conf_key_value("inputs", "http", "enableSSL")
211+
ssl_enabled = get_conf_key_value("inputs", "http", "enableSSL", APP_HEC)
210212
except KeyError:
211213
raise KeyError(
212214
"Cannot get enableSSL setting form conf: 'inputs' and stanza: '[http]'. "
@@ -237,13 +239,14 @@ def get_splunkd_uri() -> str:
237239
return f"{scheme}://{host}:{port}"
238240

239241

240-
def get_conf_key_value(conf_name: str, stanza: str, key: str) -> Union[str, List, dict]:
242+
def get_conf_key_value(conf_name: str, stanza: str, key: str, app_name: Optional[str] = None) -> Union[str, List, dict]:
241243
"""Get value of `key` of `stanza` in `conf_name`.
242244
243245
Arguments:
244246
conf_name: Config file.
245247
stanza: Stanza name.
246248
key: Key name.
249+
app_name: Application name. Optional.
247250
248251
Returns:
249252
Config value.
@@ -252,16 +255,17 @@ def get_conf_key_value(conf_name: str, stanza: str, key: str) -> Union[str, List
252255
KeyError: If `stanza` or `key` doesn't exist.
253256
"""
254257

255-
stanzas = get_conf_stanzas(conf_name)
258+
stanzas = get_conf_stanzas(conf_name, app_name)
256259
return stanzas[stanza][key]
257260

258261

259-
def get_conf_stanza(conf_name: str, stanza: str) -> dict:
262+
def get_conf_stanza(conf_name: str, stanza: str, app_name: Optional[str] = None) -> dict:
260263
"""Get `stanza` in `conf_name`.
261264
262265
Arguments:
263266
conf_name: Config file.
264267
stanza: Stanza name.
268+
app_name: Application name. Optional.
265269
266270
Returns:
267271
Config stanza.
@@ -270,15 +274,16 @@ def get_conf_stanza(conf_name: str, stanza: str) -> dict:
270274
KeyError: If stanza doesn't exist.
271275
"""
272276

273-
stanzas = get_conf_stanzas(conf_name)
277+
stanzas = get_conf_stanzas(conf_name, app_name)
274278
return stanzas[stanza]
275279

276280

277-
def get_conf_stanzas(conf_name: str) -> dict:
281+
def get_conf_stanzas(conf_name: str, app_name: Optional[str] = None) -> dict:
278282
"""Get stanzas of `conf_name`
279283
280284
Arguments:
281285
conf_name: Config file.
286+
app_name: Application name. Optional.
282287
283288
Returns:
284289
Config stanzas.
@@ -299,6 +304,10 @@ def get_conf_stanzas(conf_name: str) -> dict:
299304
conf_name,
300305
"list",
301306
]
307+
308+
if app_name:
309+
btool_cli.append(f"--app={app_name}")
310+
302311
p = subprocess.Popen( # nosemgrep: python.lang.security.audit.dangerous-subprocess-use.dangerous-subprocess-use
303312
btool_cli, stdout=subprocess.PIPE, stderr=subprocess.PIPE
304313
)

0 commit comments

Comments
 (0)