Security best practices

As you design your Splunk app, be sure to reference the security guidelines listed below. The Splunk App Certification team recommends following these guidelines.

Improper resource shutdown or release

The most common vulnerability found during the app certification security review phase is "Improper resource shutdown or release." In the code example below, if an attacker can cause an error in either the open() or readline() commands, they could create a denial of service by consuming resources that are never released.

if not os.path.exists(full_path):
            self.doAction(full_path, header)
        else:
            f = open(full_path)
            oldORnew = f.readline().split(",")
            f.close()

Fixing the problem requires the use of a try/except/finally block. Code in the finally block is always executed, under all conditions. If there are no errors, it is called once the try block is complete. If an exception is caught, the finally block executes after code in the except block.

if not os.path.exists(full_path):
            self.doAction(full_path, header)
        else:
            try:
                f = open(full_path)
                oldORnew = f.readline().split(",")
            except:
                #handle the error
            finally:
                f.close()

Additional Resources