Skip to content

[Draft]: Spike: CSPL-3458: initial code changes for zeroD #1470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Draft]: Spike: CSPL-3458: initial code changes for zeroD #1470

wants to merge 1 commit into from

Conversation

vivekr-splunk
Copy link
Collaborator

No description provided.

initial code changes for zeroD
96219cf 
Signed-off-by: Vivek Reddy <[email protected]>
@vivekr-splunk vivekr-splunk changed the title Spike: CSPL-3458: initial code changes for zeroD [Draft]: Spike: CSPL-3458: initial code changes for zeroD Mar 18, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 18, 2025
View reviewed changes
pkg/splunk/client/enterprise.go
SetBaseURL(managementURI).
SetBasicAuth(username, password).
SetRetryCount(3).
SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}),

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.

Copilot Autofix

AI about 1 month ago

To fix the problem, we need to ensure that TLS certificate verification is enabled. This involves setting InsecureSkipVerify to false and properly configuring the client to use valid certificates. If the certificates are self-signed or from a private CA, we should add the CA certificate to the client's trusted pool.

  1. Change the InsecureSkipVerify setting to false.
  2. If necessary, load the CA certificate and add it to the client's trusted pool.
Suggested changeset 1
pkg/splunk/client/enterprise.go

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/pkg/splunk/client/enterprise.go b/pkg/splunk/client/enterprise.go
--- a/pkg/splunk/client/enterprise.go
+++ b/pkg/splunk/client/enterprise.go
@@ -96,3 +96,5 @@
 			SetRetryCount(3).
-			SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}),
+			SetTLSClientConfig(&tls.Config{InsecureSkipVerify: false}),
+			// Add logic to load CA certificates if needed
+			// .SetRootCertificate("/path/to/ca-cert.pem"),
 	}
EOF
@@ -96,3 +96,5 @@
SetRetryCount(3).
SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true}),
SetTLSClientConfig(&tls.Config{InsecureSkipVerify: false}),
// Add logic to load CA certificates if needed
// .SetRootCertificate("/path/to/ca-cert.pem"),
}
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@vivekr-splunk