Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Components - splunk #15966

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

New Components - splunk #15966

wants to merge 4 commits into from

Conversation

michelle0927
Copy link
Collaborator

@michelle0927 michelle0927 commented Mar 19, 2025
edited by coderabbitai bot
Loading

Resolves #15893

Note to QA (@vunguyenhung ): Set the selfSigned prop to true for testing.

Summary by CodeRabbit

  • New Features

    • Introduced new actions to create events, run searches, and retrieve search job statuses, giving users enhanced control for managing Splunk operations.
    • Added sources to capture new alerts, search events, and search results, enabling more robust real-time monitoring with deduplication.
    • Expanded Splunk configuration options, allowing for customizable job parameters, index management, saved searches, and self-signed certificate handling.

  • Chores

    • Updated integration version and dependencies to boost performance and maintainability.

@vercel Vercel
Copy link

vercel bot commented Mar 19, 2025

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments
Name Status Preview Comments Updated (UTC)
docs-v2 ⬜️ Ignored (Inspect) Mar 19, 2025 5:42pm
pipedream-docs ⬜️ Ignored (Inspect) Mar 19, 2025 5:42pm
pipedream-docs-redirect-do-not-edit ⬜️ Ignored (Inspect) Mar 19, 2025 5:42pm

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 19, 2025
edited
Loading

Walkthrough

This pull request introduces a series of new Splunk modules. It adds several action modules (create-event, run-search, get-search-job-status) and multiple source modules (new-alert-fired, new-search-event, new-search-result, and a common base) that integrate with Splunk. Additionally, the Splunk application module has been expanded with new property definitions and methods for interacting with the Splunk API, and the package configuration has been updated to bump the version and add new dependencies.

Changes

File(s) Change Summary
components/splunk/actions/…/create-event.mjs, components/splunk/actions/…/get-search-job-status.mjs, components/splunk/actions/…/run-search.mjs New action modules exported as default objects with properties (key, name, description, version, type, props) and asynchronous run methods for creating events, running search queries, and retrieving search job status.
components/splunk/sources/common/base.mjs, components/splunk/sources/new-alert-fired/new-alert-fired.mjs, components/splunk/sources/new-search-event/new-search-event.mjs, components/splunk/sources/new-search-result/new-search-result.mjs New source modules added with default exports for handling Splunk data. The common base provides shared properties and methods, while the other modules define sources with metadata, deduplication strategies, and run methods that process events, alerts, or search results.
components/splunk/splunk.app.mjs Expanded propDefinitions to include jobId, indexName, savedSearchName, selfSigned, and query; added multiple new methods (_baseUrl, _makeRequest, listJobs, etc.) for API interactions; removed authKeys.
components/splunk/package.json Version bumped from 0.0.1 to 0.1.0 and new dependencies (@pipedream/platform, https, md5) have been added.

Sequence Diagram(s)
Loading 
sequenceDiagram
    participant User
    participant CreateEvent as Create Event Action
    participant SplunkAPI as Splunk API
    User->>CreateEvent: Trigger "Create Event" action
    CreateEvent->>SplunkAPI: Call sendEvent(index, eventData, source, sourcetype)
    SplunkAPI-->>CreateEvent: Return success response
    CreateEvent-->>User: Emit summary message

sequenceDiagram
    participant Scheduler
    participant NewAlert as New Alert Source
    participant SplunkSys as Splunk App
    Scheduler->>NewAlert: Poll for fired alerts
    NewAlert->>SplunkSys: Call listFiredAlerts()
    SplunkSys-->>NewAlert: Return alert data
    NewAlert->>NewAlert: Generate metadata for each alert
    NewAlert-->>Scheduler: Emit alert events

Assessment against linked issues

Objective Addressed Explanation
Actions: create-event, run-search, get-search-job-status [#15893]
Sources: new-alert-instant and new-search-result [#15893]

Suggested labels

action

Suggested reviewers

  • jcortes

Poem

I'm a little rabbit, hopping through the code,
With Splunk actions and sources easing my load.
Events send and alerts chime, a merry parade,
Search queries and results elegantly displayed.
Through the forest of functions I softly roam,
In the garden of logic I've found my home.
Hoppity cheers to this PR—code blooms like a poem!

Warning

There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

components/splunk/actions/create-event/create-event.mjs

Oops! Something went wrong! :(

ESLint: 8.57.1

Error [ERR_MODULE_NOT_FOUND]: Cannot find package 'jsonc-eslint-parser' imported from /eslint.config.mjs
at packageResolve (node:internal/modules/esm/resolve:839:9)
at moduleResolve (node:internal/modules/esm/resolve:908:18)
at defaultResolve (node:internal/modules/esm/resolve:1038:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:557:12)
at ModuleLoader.resolve (node:internal/modules/esm/loader:525:25)
at ModuleLoader.getModuleJob (node:internal/modules/esm/loader:246:38)
at ModuleJob._link (node:internal/modules/esm/module_job:126:49)

components/splunk/sources/common/base.mjs

Oops! Something went wrong! :(

ESLint: 8.57.1

Error [ERR_MODULE_NOT_FOUND]: Cannot find package 'jsonc-eslint-parser' imported from /eslint.config.mjs
at packageResolve (node:internal/modules/esm/resolve:839:9)
at moduleResolve (node:internal/modules/esm/resolve:908:18)
at defaultResolve (node:internal/modules/esm/resolve:1038:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:557:12)
at ModuleLoader.resolve (node:internal/modules/esm/loader:525:25)
at ModuleLoader.getModuleJob (node:internal/modules/esm/loader:246:38)
at ModuleJob._link (node:internal/modules/esm/module_job:126:49)

components/splunk/sources/new-alert-fired/new-alert-fired.mjs

Oops! Something went wrong! :(

ESLint: 8.57.1

Error [ERR_MODULE_NOT_FOUND]: Cannot find package 'jsonc-eslint-parser' imported from /eslint.config.mjs
at packageResolve (node:internal/modules/esm/resolve:839:9)
at moduleResolve (node:internal/modules/esm/resolve:908:18)
at defaultResolve (node:internal/modules/esm/resolve:1038:11)
at ModuleLoader.defaultResolve (node:internal/modules/esm/loader:557:12)
at ModuleLoader.resolve (node:internal/modules/esm/loader:525:25)
at ModuleLoader.getModuleJob (node:internal/modules/esm/loader:246:38)
at ModuleJob._link (node:internal/modules/esm/module_job:126:49)

  • 5 others

Tip

⚡🧪 Multi-step agentic review comment chat (experimental)
  • We're introducing multi-step agentic chat in review comments. This experimental feature enhances review discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments.
    - To enable this feature, set early_access to true under in the settings.
✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Mar 19, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 5

🧹 Nitpick comments (13)
components/splunk/actions/create-event/create-event.mjs (2)

44-57: Add error handling to the run method

Consider adding try/catch block around the API call to handle potential errors gracefully and provide better error messages to users.

 async run({ $ }) {
+  try {
     const response = await this.splunk.sendEvent({
       $,
       selfSigned: this.selfSigned,
       params: {
         index: this.indexName,
         source: this.source,
         sourcetype: this.sourcetype,
       },
       data: this.eventData,
     });
     $.export("$summary", `Event sent to index ${this.indexName} successfully`);
     return response;
+  } catch (error) {
+    $.export("$summary", `Failed to send event: ${error.message}`);
+    throw error;
+  }
 },

55-55: Include more details in the success summary

Consider adding more context to the success message to help users understand what was sent.

-    $.export("$summary", `Event sent to index ${this.indexName} successfully`);
+    $.export("$summary", `Event sent to index "${this.indexName}" successfully${this.source ? ` with source "${this.source}"` : ""}`);
components/splunk/actions/get-search-job-status/get-search-job-status.mjs (1)

27-35: Add error handling to the run method

Consider adding try/catch block around the API call to handle potential errors gracefully and provide better error messages to users.

 async run({ $ }) {
+  try {
     const response = await this.splunk.getSearchJobStatus({
       $,
       selfSigned: this.selfSigned,
       jobId: this.jobId,
     });
     $.export("$summary", `Successfully retrieved status for job ID ${this.jobId}`);
     return response;
+  } catch (error) {
+    $.export("$summary", `Failed to retrieve job status: ${error.message}`);
+    throw error;
+  }
 },
components/splunk/actions/run-search/run-search.mjs (3)

32-32: Fix formatting in latestTime description

There's extra leading whitespace in the latestTime description that should be removed for consistency with the earliestTime description.

-      description: "  Specify a time string. Sets the latest (exclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to [Time modifiers](https://docs.splunk.com/Documentation/Splunk/9.4.1/SearchReference/SearchTimeModifiers) for search for information and examples of specifying a time string.",
+      description: "Specify a time string. Sets the latest (exclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to [Time modifiers](https://docs.splunk.com/Documentation/Splunk/9.4.1/SearchReference/SearchTimeModifiers) for search for information and examples of specifying a time string.",

36-48: Add error handling to the run method

Consider adding try/catch block around the API call to handle potential errors gracefully and provide better error messages to users.

 async run({ $ }) {
+  try {
     const response = await this.splunk.executeSearchQuery({
       $,
       selfSigned: this.selfSigned,
       data: {
         search: this.query,
         earliest_time: this.earliestTime,
         latest_time: this.latestTime,
       },
     });
     $.export("$summary", `Executed Splunk search query: ${this.query}`);
     return response;
+  } catch (error) {
+    $.export("$summary", `Failed to execute search query: ${error.message}`);
+    throw error;
+  }
 },

46-46: Include more context in success summary

Consider adding more information to the success message, such as the time range if specified.

-    $.export("$summary", `Executed Splunk search query: ${this.query}`);
+    $.export("$summary", `Executed Splunk search query: ${this.query}${this.earliestTime ? ` from ${this.earliestTime}` : ""}${this.latestTime ? ` to ${this.latestTime}` : ""}`);
components/splunk/sources/new-search-result/new-search-result.mjs (1)

13-19: Consider enhancing the metadata generation with result timestamps.

The generateMeta method currently uses Date.now() for the timestamp, which represents when the event was processed rather than when it occurred. If the Splunk result contains its own timestamp, consider using that for more accurate event sequencing.

generateMeta(result) {
  return {
    id: result.sid,
    summary: `New Search Results with SID: ${result.sid}`,
-   ts: Date.now(),
+   ts: result._time ? new Date(result._time).getTime() : Date.now(),
  };
},
components/splunk/sources/new-search-event/new-search-event.mjs (1)

14-20: Enhance event metadata for better information and deduplication.

The current metadata generation has several areas for improvement:

  1. The summary is generic and could be more informative
  2. Using MD5 of the entire event might not be the most efficient approach if a unique field is available
  3. The timestamp should ideally come from the event itself when available
generateMeta(event) {
+  // Extract a more meaningful summary from the event if possible
+  const eventName = event.name || event._raw?.slice(0, 30) || "Unknown";
+  
+  // Use a specific field if available, or fall back to MD5 hash
+  const eventId = event.id || event._cd || md5(JSON.stringify(event));
+  
+  // Use event timestamp if available, fall back to current time
+  const eventTime = event._time ? new Date(event._time).getTime() : Date.now();
+  
  return {
-    id: md5(JSON.stringify(event)),
-    summary: "New Search Event",
-    ts: Date.now(),
+    id: eventId,
+    summary: `New Search Event: ${eventName}`,
+    ts: eventTime,
  };
},
components/splunk/sources/new-alert-fired/new-alert-fired.mjs (1)

13-19: Use alert timestamp for more accurate event sequencing.

The current implementation uses the current time for the event timestamp rather than the actual time when the alert was triggered. If the alert object contains its own timestamp, it would be more accurate to use that.

generateMeta(alert) {
+  // Use the alert's trigger time if available
+  const alertTime = alert.trigger_time || alert.triggered_at || Date.now();
  return {
    id: alert.id,
    summary: `New Alert Fired: ${alert.name}`,
-   ts: Date.now(),
+   ts: alertTime,
  };
},
components/splunk/splunk.app.mjs (4)

8-74: Fix minor spelling issue in the documentation.

In the description for query (line 73), "sytax" should be "syntax". This helps keep the documentation polished and clear.

- description: "The Splunk search query. Example: `search *`. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/SearchReference/Search) for more information about search command sytax."
+ description: "The Splunk search query. Example: `search *`. [See the documentation](https://docs.splunk.com/Documentation/Splunk/9.4.1/SearchReference/Search) for more information about search command syntax."

65-69: Document security implications.

While allowing self-signed certificates (via selfSigned) is sometimes necessary, it poses security risks in production environments. Consider providing a cautionary note in user-facing documentation to emphasize these risks and encourage secure certificates whenever possible.

105-128: Use consistent naming in resource methods.

While the listJobs, listIndexes, listSavedSearches, and listFiredAlerts methods have uniform naming, consider a shared pattern for request parameters (e.g., passing opts consistently). This keeps the API predictable.

160-166: Validate input before sending events.

sendEvent posts data to Splunk. Consider adding minimal validation (e.g., verifying a non-empty payload) to prevent unintended or malformed events.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2d7c0ac and c6094bf.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (9)
  • components/splunk/actions/create-event/create-event.mjs (1 hunks)
  • components/splunk/actions/get-search-job-status/get-search-job-status.mjs (1 hunks)
  • components/splunk/actions/run-search/run-search.mjs (1 hunks)
  • components/splunk/package.json (2 hunks)
  • components/splunk/sources/common/base.mjs (1 hunks)
  • components/splunk/sources/new-alert-fired/new-alert-fired.mjs (1 hunks)
  • components/splunk/sources/new-search-event/new-search-event.mjs (1 hunks)
  • components/splunk/sources/new-search-result/new-search-result.mjs (1 hunks)
  • components/splunk/splunk.app.mjs (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (3)
  • GitHub Check: Verify TypeScript components
  • GitHub Check: pnpm publish
  • GitHub Check: Publish TypeScript components
🔇 Additional comments (9)
components/splunk/package.json (2)

3-3: Version update looks good

The version bump from 0.0.1 to 0.1.0 follows semantic versioning practices, correctly indicating this is a minor feature update rather than just a patch.

15-18:

✅ Verification successful

Verify necessity of the 'https' dependency

The 'https' module is a native Node.js module that should be available without explicit installation. Consider removing this dependency unless you're using a specific version or feature not available in the native module.

Additionally, note that MD5 is considered cryptographically weak for security-sensitive applications. If you're using it for non-security purposes like generating unique identifiers, that's acceptable.

🏁 Script executed:

#!/bin/bash
# Check if the 'https' module is used in a non-standard way in the codebase

echo "Checking for custom usage of 'https' module..."
rg -A 3 -B 3 "import.*https" --type js

Length of output: 2741

Action: Remove explicit installation of the native 'https' module

After verifying the codebase, there’s no evidence of any non-standard or custom usage of the 'https' module that would justify keeping its explicit installation in the dependencies. Since Node.js provides 'https' natively, it's safe to remove it from components/splunk/package.json unless a specific version or extended functionality is actually required. Additionally, please ensure that the use of MD5 (if any) is limited to non-security-related purposes, due to its known cryptographic weaknesses.

  • File: components/splunk/package.json (Lines 15–18)
components/splunk/actions/create-event/create-event.mjs (1)

1-58: Well-structured new action module

The Create Event action is well-organized, following Pipedream's component patterns with appropriate documentation links, clear property definitions, and a clean implementation.

components/splunk/actions/get-search-job-status/get-search-job-status.mjs (1)

1-36: Well-structured new action module

The Get Search Job Status action is well-organized, following Pipedream's component patterns with appropriate documentation links, clear property definitions, and a clean implementation.

components/splunk/actions/run-search/run-search.mjs (1)

1-49: Well-structured new action module

The Run Search action is well-organized, following Pipedream's component patterns with appropriate documentation links, clear property definitions, and a clean implementation.

components/splunk/sources/new-alert-fired/new-alert-fired.mjs (1)

21-38:

✅ Verification successful

Limit and filter alert processing for better performance.

The current implementation collects all alerts without any filtering or limits, which could lead to processing a large number of alerts and impact performance.

async run() {
+  // Use pagination parameters to limit and filter alerts
+  const paginationParams = {
+    count: 20, // Process a reasonable number of alerts
+    offset: 0,
+    // Only retrieve relatively recent alerts
+    timeRange: "-24h",
+  };
+
  const results = this.splunk.paginate({
    resourceFn: this.splunk.listFiredAlerts,
    args: {
      selfSigned: this.selfSigned,
+     ...paginationParams,
    },
  });

  const alerts = [];
+ let count = 0;
  for await (const item of results) {
    alerts.push(item);
+   count++;
+   // Additional safeguard to prevent processing too many alerts
+   if (count >= 50) break;
  }

  alerts.forEach((alert) => {
    const meta = this.generateMeta(alert);
    this.$emit(alert, meta);
  });
},

🏁 Script executed:

#!/bin/bash
# Check if the Splunk listFiredAlerts method supports pagination and time range parameters
rg -A 10 "listFiredAlerts\s*\([^)]*\)\s*{" components/splunk/

Length of output: 189

Below is a revised shell script using a corrected regex pattern that should properly match the definition of the listFiredAlerts method. Please run the script to manually verify whether this method supports additional pagination parameters (like count, offset, and a timeRange) as suggested in the review comment.

Next Steps:

  • Run the revised shell script to check the method’s signature.
  • Based on the output, verify that the Splunk API indeed supports the additional parameters before proceeding with the refactor.

Once you confirm the method supports these parameters, you can safely adopt the refactoring changes suggested in the review.

🏁 Script executed:

#!/bin/bash
# Corrected regex pattern to search for the definition of listFiredAlerts
rg -A 10 'listFiredAlerts\s*\([^)]*\)\s*\{' components/splunk/

Length of output: 827

Action Required: Confirm Pagination Parameters in Alert Processing

After verifying the implementation of listFiredAlerts in components/splunk/splunk.app.mjs, we see that the method accepts an opts object and spreads its properties into the request. This confirms that passing additional options (including pagination parameters like count, offset, and timeRange) is supported.

  • Verified Location:

    • components/splunk/splunk.app.mjs – The listFiredAlerts(opts = {}) method spreads opts into the request.

  • Key Considerations:

    • The suggested approach to limit and filter alerts by spreading paginationParams into the arguments of listFiredAlerts is valid.
    • The additional safeguard in the loop (using a counter and breaking after 50 alerts) is an extra measure to protect against excessive processing.

Please ensure that the backend API correctly interprets these pagination parameters. Once confirmed, you can incorporate the diff snippet below to improve performance by limiting alert processing:

 async run() {
+  // Use pagination parameters to limit and filter alerts
+  const paginationParams = {
+    count: 20, // Process a reasonable number of alerts at once
+    offset: 0,
+    // Only retrieve alerts from the past 24 hours
+    timeRange: "-24h",
+  };
 
   const results = this.splunk.paginate({
     resourceFn: this.splunk.listFiredAlerts,
     args: {
       selfSigned: this.selfSigned,
+      ...paginationParams,
     },
   });
 
   const alerts = [];
+  let count = 0;
   for await (const item of results) {
     alerts.push(item);
+    count++;
+    // Additional safeguard to prevent processing too many alerts
+    if (count >= 50) break;
   }
 
   alerts.forEach((alert) => {
     const meta = this.generateMeta(alert);
     this.$emit(alert, meta);
   });
 },
components/splunk/splunk.app.mjs (3)

80-104: Review certificate-rejection override for potential security impact.

The _makeRequest() method sets rejectUnauthorized: false if selfSigned is true. This can allow MITM attacks. If this is only for local dev or test scenarios, confirm it’s properly documented or restricted from production usage.

129-159: Confirm request methods.

executeSearchQuery uses POST, but getSearchJobStatus, getSearchResults, and getSearchEvents use GET by default. Ensure both the method and endpoint path align with Splunk’s expectations (e.g., older Splunk versions might differ in endpoints).

77-79:

❓ Verification inconclusive

Ensure base URL correctness.

The _baseUrl() method constructs a URL that appends :${this.$auth.api_port}. Confirm that user-supplied values don’t inadvertently include a port, which could cause malformed URLs.

🏁 Script executed:

#!/bin/bash
# Searching for references to `api_url` in the repo to confirm usage consistency.
rg -A 3 '\$auth\.api_url'

Length of output: 2818

Attention: Validate API URL Inputs in Splunk App

Please double-check that the value provided in this.$auth.api_url does not already include a port. Unlike other components that simply append additional path segments, the Splunk app explicitly concatenates :${this.$auth.api_port} to the URL when constructing the base endpoint. If the API URL already embeds a port, it could yield a malformed URL (e.g., duplicating port information). Ensure that any user-supplied values are sanitized or validated accordingly.

  • Location: components/splunk/splunk.app.mjs (Lines 77-79)

luancazarine
luancazarine approved these changes Mar 19, 2025
View reviewed changes
Copy link
Collaborator

@luancazarine luancazarine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @michelle0927, LGTM! Ready for QA!

@vunguyenhung
Copy link
Collaborator

Hi @michelle0927, could you remove the Self-signed prop on each action/source and use the variable this.splunk.$auth.self_signed on the app? I've recently added this so that end-user only need to specify self_signed once

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot]

@luancazarine luancazarine

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Components] splunk
3 participants
@michelle0927 @vunguyenhung @luancazarine