From c5bb64ed71e7370cd4ad57f50aa1c63364c3efd5 Mon Sep 17 00:00:00 2001
From: Splunk Git Pusher <splunk@splunk.local>
Date: Sun, 1 Feb 2026 20:57:48 +0100
Subject: [PATCH] test_passage en HTTPS

Pushed by: admin
License: 1CFBBDCA-31F (Starter)
Timestamp: 2026-02-01T20:57:48.612105
---
 .../README/alert_actions.conf.spec            |  47 ++++++++++++++
 .../README/savedsearches.conf.spec            |   7 +++
 .../appserver/static/webhook.png              | Bin 0 -> 2410 bytes
 apps/alert_webhook/bin/webhook.py             |  59 ++++++++++++++++++
 apps/alert_webhook/default/alert_actions.conf |  11 ++++
 apps/alert_webhook/default/app.conf           |  18 ++++++
 .../default/data/ui/alerts/webhook.html       |  21 +++++++
 apps/alert_webhook/default/restmap.conf       |   4 ++
 apps/alert_webhook/local/alert_actions.conf   |   2 +
 apps/alert_webhook/metadata/default.meta      |  13 ++++
 10 files changed, 182 insertions(+)
 create mode 100755 apps/alert_webhook/README/alert_actions.conf.spec
 create mode 100755 apps/alert_webhook/README/savedsearches.conf.spec
 create mode 100755 apps/alert_webhook/appserver/static/webhook.png
 create mode 100755 apps/alert_webhook/bin/webhook.py
 create mode 100755 apps/alert_webhook/default/alert_actions.conf
 create mode 100755 apps/alert_webhook/default/app.conf
 create mode 100755 apps/alert_webhook/default/data/ui/alerts/webhook.html
 create mode 100755 apps/alert_webhook/default/restmap.conf
 create mode 100755 apps/alert_webhook/local/alert_actions.conf
 create mode 100755 apps/alert_webhook/metadata/default.meta

diff --git a/apps/alert_webhook/README/alert_actions.conf.spec b/apps/alert_webhook/README/alert_actions.conf.spec
new file mode 100755
index 00000000..db935a4b
--- /dev/null
+++ b/apps/alert_webhook/README/alert_actions.conf.spec
@@ -0,0 +1,47 @@
+[webhook]
+
+param.user_agent = <string>
+* The value of the User-Agent HTTP header that the Splunk platform sends
+  to the webhook receiver.
+* No default.
+
+enable_allowlist = <boolean>
+* Whether or not the Splunk platform alert webhook uses the webhook allowlist
+  when it performs a webhook query.
+* The webhook allowlist defines the URLs for which webhook
+  alert actions can send HTTP POST requests.
+* A value of "true" means that the webhook allowlist is turned on, and
+  that the Splunk platform lets the webhook action query against any endpoint.
+  See the CAUTION later in this description for details.
+* A value of "false" means that the webhook allowlist is turned off.
+* While this setting is valid within the alert-actions.conf file
+  within the alert_webhook app, it is also available in the
+  alert-actions.conf file in Splunk Enterprise.
+* CAUTION: Be mindful when using this setting. If you give the setting
+  a value of "true", you must also configure the 'allowlist.<name>' setting.
+  Failure to do so is a security risk, as the webhook alert action can then
+  query against any REST endpoint, including external endpoints that are not
+  in your control and could be malicious.
+* Default (for Splunk Cloud Platform): true
+* Default (for all other Splunk products including Splunk Enterprise): false
+
+allowlist.<name> = <regular expression>
+* A list of endpoints upon which the Splunk platform webhook action can query.
+* Each allowlist entry must begin with the string "allowlist." and must be
+  on its own line.
+* The <name> component of an allowlist entry can be any string, but must be
+  unique for each entry.
+* Values are regular expression strings which must match URLs which you allow
+  the webhook action to access.
+* Following is an example allowlist:
+  * allowlist.endpoint1 = ^https:\/\/10\.201\..*\/
+    * This allowlist entry lets the webhook action access URLs of endpoints that
+      begin with the string "https://10.201" and end with a forward slash (/).
+  * allowlist.endpoint2 = ^https:\/\/(.*\.|)company.com\/?.*\/
+    * This allowlist entry lets the webhook action access URLs of endpoints that
+      begin with the string "https://", contain any machine within the domain
+      "company.com", and end with a forward slash (/).
+* CAUTION: If you don't specify an allowlist after configuring the 'enable_allowlist'
+  setting with a value of "true", the Splunk platform lets the webhook
+  action query against any endpoint, which is a security risk.
+* No default.
diff --git a/apps/alert_webhook/README/savedsearches.conf.spec b/apps/alert_webhook/README/savedsearches.conf.spec
new file mode 100755
index 00000000..a20b8e5a
--- /dev/null
+++ b/apps/alert_webhook/README/savedsearches.conf.spec
@@ -0,0 +1,7 @@
+# Webook alert action settings
+
+action.webhook = [0|1]
+* Enable webhook action
+
+action.webhook.param.url = <string>
+* URL to send the HTTP POST request to. Must be accessible from the Splunk server.
\ No newline at end of file
diff --git a/apps/alert_webhook/appserver/static/webhook.png b/apps/alert_webhook/appserver/static/webhook.png
new file mode 100755
index 0000000000000000000000000000000000000000..6f2dba2cf786b8fcd19a4454b27a1bc4a5b11d0a
GIT binary patch
literal 2410
zcmV-w36=JVP)<h;3K|Lk000e1NJLTq001xm001xu1^@s7AO*=000001b5ch_0Itp)
z=>Px;BuPX;RA>e5S$&XPMG^1WkNZfXa3Iku5|BC|TA&GEMzks)9;O7N7;?KPqE<;I
z{1M%^cZB$rA`7t$m4w{wQCa~~T8arW?=I0RiTHuJ1PG!i5G9I=Ncd1ATtX$e%YE#Q
zzn-`A-oCeQ-(BvGGJj;McBiMOyQh1mr>AEg(WqsmJdbj6nxTssfQCeh`sfH{cbv|+
zgxew1rIb$#x2*xo-sU1QQW1Ve)M9Sv&Q5UE)t>DVRtGZn8kfsQWkmUqrje0D1|-d1
zPF=DiMy$md^fpbIk@rwd(Y4;=9s?AZ0dQFIAyUNl&DNs?gqR8O(2Ayla1N2U%|m*S
zGv}GE3n(du=&q$Nf$#<0-I-cToA%bz!M-}`?>_(`+Mdz~#lKRV3VH@QQ#X-i->aG0
zJ~RO0J_y+yKDpk=ClzE?F=Ou;U9XH>u8Ek*vOgbYXkZ=0`^%)RCLxZLwX1+%mIKZx
z_8-D10waJVPWNcSgt#e;!ND0rExE-<lzng;S>5yCU+{onVJ5?9`YicI5a(A(U~5~_
zb2^0`5hx|+lYJDUOW@X@q?p*HX)Jq~@+rstd1T&DCuJGCT9$o3DRm>ZMnBB`26d!5
zCdVS4pRdWYDuh{GH&VtvR)G&7qAjrG!_c;a+S3mQms>B2W&e&u>}Kj%8tSDymftM`
zqoa2T;>gc5`ixW@)AK0c5pTuCwkY92an;*F2j=!y<Z0CzydM7)aj+!BKQ6{EtNExU
z55uA-;M-S_pubZ*elu;l?paT?19=0mpk(~rIubhv-U4_{qdQQLGpudd9KrWu1AWeP
zdq*o{ILur2Yg(|O;F=F<K98e{pl2YsspJgq03J(5_F~^Z;vq_qQli3x+PW9&-i*8q
zJcsf7o^H3wvxBtW6dB1GyP1UgwmuGpcmP^CVcGPX+LC_+&BdmvYfcf?U;CO5cdGG!
zpMlCn4pS-H{b4E=e?+8a;3$2P>g%tjI~N}cBMsuBV-ZtZ@)c5r9;8Db)tfFx>vTqA
z*=vKsPP}c|?Ro&ix$@^z4XFK{{eF}ZZGlo*B+fIaRn}{PLvJ2+H&Q%y1r_OuQRI&j
zt_^pQwi-~^mYhZHEl**i&Gg|z8qpRQ1|hl)sOx<Cd6E+6!{{Y?070))tGx*4?^dK6
ztq6iI!;72)Xn%bzaLYy?B8no1YYB((OxFsRjN6PKV~Hlri6Rb@9umdRy7J<&>*-L}
zzufkO0oFKJELoto?H2~oVQv3`!)F4~d`-wlW=8%1bH2HPF_~zjp^^Wfe?KgI7mm*F
zBdoVo&;j9viVX5cK~KZ)n_WWI-ki-YvIKDEs%Q}<>tCY6z-sIXixP=hIG3F>y+l?@
zPWh0*%`~5Crd8cDXt4NOFdqf(he5e+JD)z&g^9AXa{ITmRpm;9z!`u~FhTP)!|}q)
z9;0~5g9A|8_SrNt@{Gm`@f>Zu?qXzmTM$}q$1JQd)Xo5WTWmn;QCSvfRM<j~jCj;a
zU8Ea{_y#JB^Z*VFz-R9v#fx+YEa}7aIEj93>;tZp;96MrE^NF7Za)LXLKAq)X247l
zAMC89QfuKg<#Ws7`Vlbg_6f@Es-xV(g-CIBg6D%IYTv8-i%L?G=9bfXUc{FlRoD#+
z)?m6e(P28Dl-L6SoQpaZF{jlvmsIgLbpEtD%3L$(3bW)sC~_8P8(ka#ZvcbktFls`
zLC>ogU<GxiDs!c*yb^A?*RbeX&@ZvLi+s3KjZ-slQqKTy#jpOf0S;fe5hhXb$q{b-
z<efx=-^Dh*rcAfvfCunvaB-YL2x_B_^!+Ywg22QKaPDn<9yCF*$4SIfxHE?*1Dr!W
zMz<p}eH{t3z~y~8<y-EXp#C9oZmbg7J^BZrtV&QUJ|Budu31-ZpH9PtJAqF_&ndX-
z{Rzt6Mjb6bc12sZglnZR`Ub?tRW5!U!1z~yA9#tD<7ireG~qjX?2NQfcZBL8#6fCM
zGbxuI()%K7AB4-jgX-clY5meyLV3o3jLsRO1(+l2KpEL(Ww0MqYC0WDI(fbjoF+Pa
z!wMPO_{;bW5au$X;M1j&PkjMy@sMe{wV)wN#IK|cOJ2~ptbH|R|5B{pbNT|~5}r6P
zei!1gEO{#wSr4U=7sM7)XUpGwDsc9By!br!!xV~(dDNbI)Ym@=jfok+3gmXao%)XT
zLdi?e!c$iLbh_&kuXC3!d@n81U(j>TWJMk$n(OhqkdgA{(Q^UL!72<OZ*24_&ou4n
z0Yn<m;F(et??sNe(XdWNJ^BjhS1-CAlZ$*6seS3Qj2@gX;Y9lpE{7?unxO2fkxDtK
z=rX-e^6ABqv}5cHH^51*Ic_&#qaA_r8!>1PosN4+E`3zXzI8_v4GzP<;ULNQ1<tpq
zF^rnAAAr11M^XxUkZN!f+mQZuBpo^{4KSBiLBGbM!BsGTL!Q4_@*J!NU$SEO4)Y$&
zeAtD{&okDRbM4%Lv*L1ScYs84HgzmHT#emtfVaeJ;J0^ZCM~e=EEM*xHIB4lyngV@
zNN+Xak$CNXVl`-*p=>`Us)weib+j)1U(M${obQ7XHB^(l&<()>q5e(GS0yfdCo{#l
zga?)9-Xx6LX2?#cw&X9si^zmeH2mPsxs+0^bc_z-^7&0Ii$k)&-cwlR!Qsu-<U99n
z)2rh-&C(Z2!sEG9dQmxsl@MhW_c<ji=U_KHZJLpFrBjxZe+&&?8FtY9_~63jJpCW?
z=Qn^asib~|sIrG{>3*NynEBKVcn(>G=aBW_Ur>_KOSQ38ZVq!x_qjAu+yh>8i>pE}
zx+O+k@kaonUi_x%w)giULh;AlW)Z2kE<(Dv0N~#P-0Aq<lYkI`u#pq-FIJ5(TJZwk
z13m(Jyer4%R-DEx(~@_C=1Y*bgBnsT#P4!Zg}*i(N7Pez?h(R9vY4($UTJ`#bPVBq
zeZE0esdq#1Wuc0fGh}586xxbk4U}U4zMGPXoiz1RFH+<0<Mii$T!g+QSbg?_GtrOJ
zJl2dm!@hDcLAbgBLCVQ$=XNFN&>Po6$s6#y910^t#p8_-|HKfFAuMm9O{u+;HQXsV
cZ}klP4=;@x4x(YLi~s-t07*qoM6N<$g01MA&j0`b

literal 0
HcmV?d00001

diff --git a/apps/alert_webhook/bin/webhook.py b/apps/alert_webhook/bin/webhook.py
new file mode 100755
index 00000000..aaf5d820
--- /dev/null
+++ b/apps/alert_webhook/bin/webhook.py
@@ -0,0 +1,59 @@
+from __future__ import annotations
+import sys
+import json
+import csv
+import gzip
+from collections import OrderedDict
+from future.moves.urllib.request import urlopen, Request
+from future.moves.urllib.error import HTTPError, URLError
+
+def send_webhook_request(url, body, user_agent=None) -> bool:
+    if url is None:
+        sys.stderr.write("ERROR No URL provided\n")
+        return False
+    sys.stderr.write("INFO Sending POST request to url=%s with size=%d bytes payload\n" % (url, len(body)))
+    sys.stderr.write("DEBUG Body: %s\n" % body)
+    try:
+        if sys.version_info >= (3, 0) and type(body) == str:
+            body = body.encode()
+        settings = {"Content-Type": "application/json"}
+        if user_agent is not None:
+            settings['User-Agent'] = user_agent
+        req = Request(url, body, settings)
+        res = urlopen(req)
+        if 200 <= res.code < 300:
+            sys.stderr.write("INFO Webhook receiver responded with HTTP status=%d\n" % res.code)
+            return True
+        else:
+            sys.stderr.write("ERROR Webhook receiver responded with HTTP status=%d\n" % res.code)
+            return False
+    except HTTPError as e:
+        sys.stderr.write("ERROR Error sending webhook request: %s\n" % e)
+    except URLError as e:
+        sys.stderr.write("ERROR Error sending webhook request: %s\n" % e)
+    except ValueError as e:
+        sys.stderr.write("ERROR Invalid URL: %s\n" % e)
+    return False
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2 or sys.argv[1] != "--execute":
+        sys.stderr.write("FATAL Unsupported execution mode (expected --execute flag)\n")
+        sys.exit(1)
+    try:
+        settings = json.loads(sys.stdin.read())
+        url = settings['configuration'].get('url')
+        body = OrderedDict(
+            sid=settings.get('sid'),
+            search_name=settings.get('search_name'),
+            app=settings.get('app'),
+            owner=settings.get('owner'),
+            results_link=settings.get('results_link'),
+            result=settings.get('result')
+        )
+        user_agent = settings['configuration'].get('user_agent', 'Splunk')
+        if not send_webhook_request(url, json.dumps(body), user_agent=user_agent):
+            sys.exit(2)
+    except Exception as e:
+        sys.stderr.write("ERROR Unexpected error: %s\n" % e)
+        sys.exit(3)
diff --git a/apps/alert_webhook/default/alert_actions.conf b/apps/alert_webhook/default/alert_actions.conf
new file mode 100755
index 00000000..a0722bfc
--- /dev/null
+++ b/apps/alert_webhook/default/alert_actions.conf
@@ -0,0 +1,11 @@
+[webhook]
+python.version = latest
+is_custom = 1
+label = Webhook
+description = Generic HTTP POST to a specified URL
+icon_path = webhook.png
+payload_format = json
+
+param.user_agent = Splunk/$server.guid$
+
+enable_allowlist = false
diff --git a/apps/alert_webhook/default/app.conf b/apps/alert_webhook/default/app.conf
new file mode 100755
index 00000000..e1174fe5
--- /dev/null
+++ b/apps/alert_webhook/default/app.conf
@@ -0,0 +1,18 @@
+#   Version 10.0.2
+#
+# Splunk app configuration file
+#
+
+[ui]
+is_visible = 0
+label = Webhook Alert Action
+
+[launcher]
+author = Splunk
+description = Webhook Alert Action
+version=10.0.2
+
+[install]
+state = enabled
+is_configured = 1
+allows_disable = false
diff --git a/apps/alert_webhook/default/data/ui/alerts/webhook.html b/apps/alert_webhook/default/data/ui/alerts/webhook.html
new file mode 100755
index 00000000..4d6ef3d2
--- /dev/null
+++ b/apps/alert_webhook/default/data/ui/alerts/webhook.html
@@ -0,0 +1,21 @@
+<form class="form-horizontal form-complex">
+    <div class="control-group">
+        <label class="control-label" for="webhook_url">URL</label>
+
+        <div class="controls">
+            <input type="text" class="input-xlarge" name="action.webhook.param.url" id="webhook_url" placeholder="https://your.server.com/foo/bar" />
+        </div>
+    </div>
+    <div class="control-group">
+        <div class="controls">
+            <span class="help-block" style="display: block; position: static; width: auto; margin-left: 0;">
+                Specified URL to send JSON payload via HTTP POST
+                (ex., https://your.server.com/api/v1/webhook). 
+                <br />
+                <a href="{{SPLUNKWEB_URL_PREFIX}}/help?location=learnmore.alert.action.webhook" target="_blank"
+                   title="Splunk help">Learn More <i class="icon-external"></i></a>
+                
+            </span>
+        </div>
+    </div>
+</form>
\ No newline at end of file
diff --git a/apps/alert_webhook/default/restmap.conf b/apps/alert_webhook/default/restmap.conf
new file mode 100755
index 00000000..caf77848
--- /dev/null
+++ b/apps/alert_webhook/default/restmap.conf
@@ -0,0 +1,4 @@
+[validation:savedsearch]
+# Require url to be set if webhook action is enabled
+action.webhook = case('action.webhook' != "1", null(), 'action.webhook.param.url' == "action.webhook.param.url" OR 'action.webhook.param.url' == "", "No Webhook URL specified",  1==1, null())
+action.webhook.param.url = validate( match('action.webhook.param.url', "^https?://[^\s]+$"), "Webhook URL is invalid")
\ No newline at end of file
diff --git a/apps/alert_webhook/local/alert_actions.conf b/apps/alert_webhook/local/alert_actions.conf
new file mode 100755
index 00000000..285c8917
--- /dev/null
+++ b/apps/alert_webhook/local/alert_actions.conf
@@ -0,0 +1,2 @@
+[webhook]
+
diff --git a/apps/alert_webhook/metadata/default.meta b/apps/alert_webhook/metadata/default.meta
new file mode 100755
index 00000000..ddb8b569
--- /dev/null
+++ b/apps/alert_webhook/metadata/default.meta
@@ -0,0 +1,13 @@
+# Application-level permissions
+
+[]
+access = read : [ * ], write : [ admin, power ]
+
+[alert_actions]
+export = system
+
+[alerts]
+export = system
+
+[restmap]
+export = system
\ No newline at end of file