What's new in Splunk AppInspect

The current version of the Splunk AppInspect CLI tool and API is 1.4.1. This topic summarizes the changes included in each version of the CLI tool and API.

v1.4.1 (2017-03-13)

This section of "What's new" details what has changed in version 1.4.1 of the Splunk AppInspect CLI tool and API:

  • Bug fix: Some users were encountering "ImportError: 'module' object has no attribute 'main'" when running splunk-appinspect in certain environments.

v1.4.0 (2017-02-28)

This section of "What's new" details what has changed in version 1.4.0 of the Splunk AppInspect CLI tool and API:

General improvements

  • AppInspect now generates a clear error when the app fails because default/app.conf is missing instead of silently failing.
  • Previously, if you used the "cloud" tag, the default bin/readme.txt file would be flagged for manual review. This has been removed and apps with just this file in the bin directory will not be flagged for manual review.
  • Checks for Automatic updates and platform specific binaries no longer report a manual check if the bin/ and architecture-specific binary directories are empty or non-existent. In these cases the checks will return not_applicable rather than manual_check.
  • Previously the check check_metadata_white_list returned a manual_check if there were non .meta files in the metadata directory. Now that check correctly returns a failure.
  • Checks in the ITSI group have been improved to reduce false positives. ITSI checks will now run only if the app is an ITSI module.
  • Previous versions of AppInspect returned an exit code that reflected the number of failed checks as the exit code for the app. AppInspect v1.3.0 and later changes this behavior that so that the exit code follows these rules:
    • If AppInspect completes correctly, it returns a error code 0 (zero).
    • If AppInspect has errors but completed the run, return an error code of 1.
    • If AppInspect has errors that prevent it from completing the run, return an error code of 2.
    • If AppInspect is provided an bundle without an app.conf file or the bundle isn't an app at all, return an error code of 3.
  • Empty local/ directories will no longer cause AppInspect to produce a manual_check result.
  • Apps can no longer create create roles that grant administrative permissions. AppInspect prevents apps from defining roles that:
    • Create a role with admin_all_objects = enabled in any stanza.
    • Create a role that inherits from admin: importRoles = admin.
    • Create a role that inherits from sc_admin: importRoles = sc_admin.
    • Create a role with change_authentication = enabled.

Check changes

  • Added check_app_icon_is_png to test whether the image is an image in Portable Network Graphics format ("a PNG").
  • Added check_app_icon_dimensions to test whether the image matches Splunk requirements.
  • Added check_app_icon_2x_is_png to test whether image is a PNG.
  • Added check_app_icon_2x_dimensions to test whether the image matches Splunk requirements.
  • Added check_app_icon_alt_is_png to test whether image is a PNG.
  • Added check_app_icon_alt_dimensions to test whether the image matches Splunk requirements.
  • Added check_app_icon_alt_2x_is_png to test whether image is a PNG.
  • Added check_app_icon_alt_2x_dimensions to test whether the image matches Splunk requirements.
  • Added check_app_logo_is_png to test whether the image is a PNG.
  • Added check_app_logo_dimensions to test whether the image matches Splunk requirements.
  • Added check_app_logo_2x_is_png to test whether the image is a PNG.
  • Added check_app_logo_2x_dimensions to test whether the image matches Splunk requirements.
  • Added check_that_directory_name_matches_package_id in order to confirm that extracted packages match the name listed in the app.conf [package] stanza.
  • Added check_authorize_conf_admin_all_objects_privileges to validate that excessive administrative privileges are not provided.
  • Added check_for_empty_saved_search_description to identify empty descriptions in saved searches.
  • Refined check_for_questionable_commands to match with more accuracy, and a broader set.
  • Refined the check for verifying that the metadata directory only contains *.meta files to return a failure for each non-.meta file rather than a manual check, since these files should never be included.
  • Refined the check for default/limits.conf from a manual check to a failure if the file exists.
  • Refined check for auto-update features output.
  • Refined check_platform_specific_binaries to exclude root level bin directory.
  • Refined check_for_splunk_js_header_and_footer_view to be a warning instead of failure, as deprecation does not mean removed from Splunk core support.
  • Refined check_for_appropiate_inputs_monitor_stanza to provide the application path.
  • Refined ITSI checks to only run on packages starting with DA-ITSI.
  • Refined versioning support for checks.
  • Refined tagging support for checks.
  • Removed the check_app_icon test and replaced it with more rigorous tests.
  • Removed default exclusion of ITSI checks. They will now be run in addition to other tests.

Dependency changes

  • Added dependency for 'dimensions' library.
  • Removed dependency for 'six'.
  • Changed lxml dependency to target newest version for better platform distribution support.

Documentation changes

  • Added documentation and doc strings for testing.
  • Added doc strings to the checks.py class.
  • Added doc strings to the validator.py class
  • Added a doc string for the ModularInputs class.
  • Typo fixes have been applied.
  • Grammar changes have been applied.

User experience changes

  • Added exit code based on app_package_handler being empty.
  • Added exit code based on success execution of AppInspect.
  • Added exit code based on errors in validation_report object.
  • Refined AppInspect to provide more explicit exit codes for failures.
  • Refined help menu output in order to indicate valid values allowed.

v1.3.1 (2016-11-21)

This section of "What's new" details what has changed in version 1.3.1 of the Splunk AppInspect CLI tool and API:

General improvements

  • Improved automated screening of apps for Splunk Cloud. Running the inspect command with the cloud tag will now indicate whether an app will need manual review before it can be installed in Splunk Cloud. For instance:
    splunk-appinspect inspect --mode precert --included-tags cloud <app>
  • Updated validation status to indicate checks complete and in flight.
  • Created the ability to get CLI version using the following command:
    splunk-appinpect list version
  • Added README files to whitelist for root directory and data/ui/views directory.

New checks

  • Added check for whether an app is using features that have been deprecated or removed in Splunk Enterprise 6.5.
  • Refined automated screening of inputs.conf for Splunk Cloud.
  • Added check to verify ITSI module file and folder structure. These checks are excluded by default. Use --included-tag itsi to include.
  • (AppInspect API only.) Added check to determine whether modular inputs (default/inputs.conf) and specification files (README/inputs.conf.spec) match.
  • Added automated detection of JavaScript and Perl to scripting language checks.

Improved checks

  • Changed destructive commands check to a manual check if potential destructive commands are found.
  • Finding the sudo command now reports a manual check rather than a failure.
  • Any link.uri values in workflowactions.conf that do not start with https:// or http:// now report a manual check rather than failure. URIs starting with "http://" still fail this check.
  • Checks to validate lookups now allow .csv.default.
  • Checks for hard coded paths now exclude .csv files.
  • Errors are now returned for the "invalid JSON in JSON files" check to help troubleshoot what caused the malformed issue.
  • Improved exception handling to check for empty lookup files.
  • Improved non-UTF-8 character exception handling.

Bug fixes

  • Fixed issue with Windows environment using the *nix file command.
  • Fixed issue with certain checks overlapping in the final AppInspect report output when run on Windows.

v1.2.0 (2016-09-27)

  • Initial public release.