Join our upcoming App Dev Community Office Hours on January 16thRegister here

 Security best practices for apps in Splunk Cloud Platform and Splunk Enterprise

As you design your Splunk app, be sure to reference the security guidelines listed below. Splunk recommends following these guidelines.

Ensure proper resource shutdown or release. In the code example below, if an attacker can cause an error in either the open() or readline() commands, they could create a denial of service by consuming resources that are never released.

if not os.path.exists(full_path):
            self.doAction(full_path, header)
        else:
            f = open(full_path)
            oldORnew = f.readline().split(",")
            f.close()

Fixing the problem requires the use of a try/except/finally block. Code in the finally block is always run, under all conditions. If there are no errors, it is called once the try block is complete. If an exception is caught, the finally block runs after code in the except block.

if not os.path.exists(full_path):
            self.doAction(full_path, header)
        else:
            try:
                f = open(full_path)
                oldORnew = f.readline().split(",")
            except:
                #handle the error
            finally:
                f.close()

 See also