Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Known issue] Compatibility issue of UCC library with Python 3.9 that might cause Splunk crash #1339

Closed
artemrys opened this issue Sep 12, 2024 · 4 comments
Closed

[Known issue] Compatibility issue of UCC library with Python 3.9 that might cause Splunk crash #1339

artemrys opened this issue Sep 12, 2024 · 4 comments
Labels
known-issue Known issue

Comments

@artemrys
Copy link
Member

Description

Overview

The UCC engineering team discovered that some technology add-ons that use UCC (specifically splunktaucclib) might have a compatibility issue with Python 3.9 (running modular input will crash and might cause Splunk to crash as well).

splunktaucclib (https://github.com/splunk/addonfactory-ucc-library) is a Python library that is a part of the UCC framework ecosystem and used in all UCC-based technology add-ons. It provides out-of-the-box REST handler support for technology add-ons.

Historically, it has included one module for data collection. The team discovered that disabling the stdout buffer doesn't work for Python 3.9 (the fix was released as part of the 6.2.2 version). At the same time, the functionality works for Python version 3.7 and versions greater than 3.10. The problem can be reproduced with pure Python code without the technology add-on’s code. As a solution, the engineering team removed the disabling buffer and decided to flush buffers immediately.

How to know whether your TA is impacted

A customer of technology add-ons might encounter a critical issue if all the following conditions are met:

  • The customer uses Splunk with Python 3.9 enabled
  • Splunk Enterprise 9.3.x
  • Splunk Cloud 9.2.2403
  • splunktaucclib version lower than v6.2.2 is used
    • splunktaucclib.data_collection.ta_mod_input module is used to run the modular input

Resolution steps

The fix is to update splunktaucclib to at least the 6.2.2 version and release a new version of the technology add-on.

What UCC version are you using?

N/A

Additional System Info

All
@artemrys artemrys added the known-issue Known issue label Sep 12, 2024
@artemrys artemrys pinned this issue Sep 12, 2024
@pmeyerson
Copy link

Can Splunk provide a listing of potentially vulnerable splunkbase apps? It can be pretty time consuming for admins to track down this info for every app they have.

@antoni-splunk
Copy link

Thank you for raising this point. Currently, we don’t have a direct way to provide a comprehensive list of all apps based on the UCC framework. While we are working on adding telemetry capabilities, it’s not yet at a stage where we can leverage it to get detailed information on this.

At the same time, we're looking at other approaches to help get this data. I’ll keep you updated.

@pmeyerson
Copy link

Thanks! Even if it's just a list of splunk base apps that's a huge help. A little concerned as I didn't see this mentioned as known issue for 9.3.0 release. If the issue hadn't been raised here we could be impacted by other apps and never known

@artemrys
Copy link
Member Author

UCC v5.52.0 was released 2 weeks back and it requires to have splunktaucclib at least v6.4.0 which has a fix for this issue.

I am going to close this one but keep it pinned to the top of issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
known-issue Known issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@artemrys @pmeyerson @antoni-splunk