Check gs.log in script

ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt

@@ -1 +1 @@
-CuNEYHj5RbBsjVJxohTMD1xntLLtuzW06YrIQxv_dnuv66Z-CP9Yyz94aT1y6VMee62ueoZ-zoVm79qzmSN0EDnNTIajGUE-L9E8z-wSmPjpDRK6unp5pT-WyQru961HXU1NDT6tYoVYpmHPnC1pxK1hGqlJ5xCFlFjoYHaWTOMQ-jgr2lppwmOLGMGR7znGbC3ffVubbJzVWxZF2A54U5qoSwKmMb-Sl6nBVJvbZz8finGJvOBn8WzxH6DP_rUNqXJ4ZflVbC2EWzi2mlf_jhEvu35jXElgy6I7myTSoOJvWiK8J6arVkKEt1MNTtewGnDrFnAbFFZ53T08x7UafmirFgZuS4MbzwCYGQ_dX9IlcB-5OLXuB1JYApTLKEJnT364IFKOpAgwzZm5F9dhRAYQG6qVRonDCHrXl1ZJ1WFEMgDCksXtQpTcc53Fe-cH348-sbttOrFExqMtN8HmrJxdjJWFQB0WIPnb7BLMIc6qvc0QIfku9KZpHSlse1cttB-pn_l5UM07YLgjoWCB2wvGaLkZdjDOT0MZizytu7SaAs0SFgm4Q2g4p3xTJ9C78cM24TaT0oQ_gIehRDaf-ETeb4XCdMj1hpaRB4PR2JquoRXJvkfZ7bB6l0ahyfDeQvKqk2cmDf0Mt2CKXeALoAOwe3vhtLMTXKOL1NBAjm4
+FjJIjoi_0gdGHom8Aj2XQBVRRTuclvMn_rcKpFnMlho9ZWjD5-RthW6iZxN_OAskdPmG6Uf6ruhNJ-wMseEOeYe5xwr3qSdDTjprYpYUxdlTz3BCec5LJAVqe42CXyfSzdnaVQqdZ4ds9GENnH8EuTYCZtkysqgP24l6M-m9cd20xAErQmMY_QGCYFxFo7yTjQZWkg127oFOFy6NZiMAnFbwgpoE7cD_3pPn_QMnfih3w9AfdIc_2LO8ow4A2gv2oly4U07QpZhRARuvJC29p4L2-GwzjYR6L95698nylx313pTHOhV58ZvqmphRAiTSWSa_hy6Uc57WqNGygqUTUD3ht8TgViY5HyrJsPg8h34mnt5aYMdDQMxGS4WtZxJkSKyoBXvSvA2IL_9rwz7T0vK1nDaReKrheBFTxasrck1jrMic4Ms5eG4FXoSUkh7-NJ01KtyRdJm3KV14KWOKChepK7a7Akxlm3PNuqX9EFx_hDlLxjae6rhYAtduMC91JJqAjrhhLGXAQ97HZWETwA_mfZh95087VsKqRSiyTdW5YpBgL5jKCMTeQhA1mMbYFBBih67_b-DumbKo10lriHK70LLfOjvOa2ZWNaz8zLXLEh5fXIx_OAgX5LSmuFAOngLTrj8L2zIbWWF0cBo2B82LNZd8f1kHQfE26nVsL9U

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_7593193c5315521000b51901a0490ec5.xml

@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_script_only_check">
+    <scan_script_only_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <category>manageability</category>
+        <description>In general, you should use the array literal notation when possible. It is easier to read, it gives the compiler a chance to optimize your code, and it's mostly faster too.</description>
+        <documentation_url/>
+        <finding_type>scan_finding</finding_type>
+        <name>Don't use new Array()</name>
+        <priority>3</priority>
+        <resolution_details>Validated new Array() pattern on Business rules, Client scripts and Script includes</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function(finding, current) {
+
+    var grBr = new GlideRecord('sys_script'); //Business rule
+    grBr.addActiveQuery();
+    grBr.query();
+    while (grBr.next()) {
+        var scriptContent = grBr.getValue('script');
+        // Regular expression to check for 'new Array()'
+        var pattern = /new\s+Array\s*\(/;
+        if (pattern.test(scriptContent)) {
+            finding.increment();
+        }
+
+    }
+
+    var grCl = new GlideRecord('sys_script_client'); //Client script
+    grCl.addActiveQuery();
+    grCl.query();
+    while (grCl.next()) {
+        var scriptContent1 = grCl.getValue('script');
+        // Regular expression to check for 'new Array()'
+        var pattern1 = /new\s+Array\s*\(/;
+        if (pattern1.test(scriptContent1)) {
+            finding.increment();
+        }
+
+    }
+
+    var grSi = new GlideRecord('sys_script_include'); //Script Include
+    grSi.addActiveQuery();
+    grSi.query();
+    while (grSi.next()) {
+        var scriptContent2 = grSi.getValue('script');
+        // Regular expression to check for 'new Array()'
+        var pattern2 = /new\s+Array\s*\(/;
+        if (pattern2.test(scriptContent2)) {
+            finding.increment();
+        }
+
+    }
+
+
+
+})(finding, current);]]></script>
+        <short_description>Don't use new Array()</short_description>
+        <sys_class_name>scan_script_only_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-14 18:14:56</sys_created_on>
+        <sys_id>7593193c5315521000b51901a0490ec5</sys_id>
+        <sys_mod_count>2</sys_mod_count>
+        <sys_name>Don't use new Array()</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_script_only_check_7593193c5315521000b51901a0490ec5</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-14 18:18:21</sys_updated_on>
+    </scan_script_only_check>
+    <sys_translated_text action="delete_multiple" query="documentkey=7593193c5315521000b51901a0490ec5"/>
+    <sys_es_latest_script action="INSERT_OR_UPDATE">
+        <id>7593193c5315521000b51901a0490ec5</id>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-14 18:14:55</sys_created_on>
+        <sys_id>86771d305355521000b51901a0490e92</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-14 18:14:55</sys_updated_on>
+        <table>scan_script_only_check</table>
+        <use_es_latest>true</use_es_latest>
+    </sys_es_latest_script>
+</record_update>

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_ad6c55385355521000b51901a0490ec4.xml

@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_script_only_check">
+    <scan_script_only_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <category>manageability</category>
+        <description>The gs.info() statement can be used to write information to the system log. It is generally used when debugging. Using gs.info() statements will pollute the system log. Prior to promoting artifacts to a production instance, debugging statement should - in most cases - be removed.</description>
+        <documentation_url/>
+        <finding_type>scan_finding</finding_type>
+        <name>Check gs.log</name>
+        <priority>3</priority>
+        <resolution_details>This script validates gs.log() statement present in Business rules, client scripts and script includes</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function(finding, current) {
+
+	var pattern = /gs\.log\s*\(/;//gs.log() pattern
+
+    var grBr = new GlideRecord('sys_script'); //Business rule
+    grBr.addActiveQuery();
+    grBr.query();
+    while (grBr.next()) {
+        var scriptContent = grBr.getValue('script');           
+        if (pattern.test(scriptContent)) {
+            finding.increment();
+        }
+
+    }
+
+    var grCl = new GlideRecord('sys_script_client'); //Client script
+    grCl.addActiveQuery();
+    grCl.query();
+    while (grCl.next()) {
+        var scriptContent1 = grCl.getValue('script');
+          if (pattern.test(scriptContent1)) {
+            finding.increment();
+        }
+
+    }
+
+    var grSi = new GlideRecord('sys_script_include'); //Script Include
+    grSi.addActiveQuery();
+    grSi.query();
+    while (grSi.next()) {
+        var scriptContent2 = grSi.getValue('script');
+        if (pattern.test(scriptContent2)) {
+            finding.increment();
+        }
+
+    }
+
+})(finding, current);]]></script>
+        <short_description>Scripts should not contain gs.info statements</short_description>
+        <sys_class_name>scan_script_only_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-14 18:41:51</sys_created_on>
+        <sys_id>ad6c55385355521000b51901a0490ec4</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_name>Check gs.log</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_script_only_check_ad6c55385355521000b51901a0490ec4</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-14 18:41:51</sys_updated_on>
+    </scan_script_only_check>
+    <sys_translated_text action="delete_multiple" query="documentkey=ad6c55385355521000b51901a0490ec4"/>
+    <sys_es_latest_script action="INSERT_OR_UPDATE">
+        <id>ad6c55385355521000b51901a0490ec4</id>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-14 18:41:51</sys_created_on>
+        <sys_id>28ad95385355521000b51901a0490e07</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-14 18:41:51</sys_updated_on>
+        <table>scan_script_only_check</table>
+        <use_es_latest>true</use_es_latest>
+    </sys_es_latest_script>
+</record_update>

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_357638f05391521000b51901a0490e6e.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>true</advanced>
+        <category>upgradability</category>
+        <conditions table="sys_properties">name=sn_atf.runner.enabled^value=false^EQ<item endquery="false" field="name" goto="false" newquery="false" operator="=" or="false" value="sn_atf.runner.enabled"/>
+            <item endquery="false" field="value" goto="false" newquery="false" operator="=" or="false" value="false"/>
+            <item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
+        </conditions>
+        <description>Automate your testing with ServiceNow's Automated Test Framework to ensure functionality after updates and deployments.</description>
+        <documentation_url/>
+        <finding_type>scan_finding</finding_type>
+        <name>Encourage ATFs</name>
+        <priority>2</priority>
+        <resolution_details>https://docs.servicenow.com/bundle/xanadu-application-development/page/administer/auto-test-framework/task/atf-enable-tests.html&#13;
+&#13;
+https://www.servicenow.com/community/developer-forum/how-to-get-type-of-instance-via-script/m-p/2029442</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (finding, current) {
+     // Checks if we are in a non-production instance
+	if (gs.getProperty("glide.installation.production") === "false")
+		finding.increment();
+
+})(finding, current);]]></script>
+        <short_description>Validate ATFs are enabled in sub production instances</short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-14 16:09:20</sys_created_on>
+        <sys_id>357638f05391521000b51901a0490e6e</sys_id>
+        <sys_mod_count>4</sys_mod_count>
+        <sys_name>Encourage ATFs</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_357638f05391521000b51901a0490e6e</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-14 16:26:20</sys_updated_on>
+        <table>sys_properties</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+    <sys_translated_text action="delete_multiple" query="documentkey=357638f05391521000b51901a0490e6e"/>
+    <sys_es_latest_script action="INSERT_OR_UPDATE">
+        <id>357638f05391521000b51901a0490e6e</id>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-14 16:09:19</sys_created_on>
+        <sys_id>96baf8785391521000b51901a0490e96</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-14 16:09:19</sys_updated_on>
+        <table>scan_table_check</table>
+        <use_es_latest>true</use_es_latest>
+    </sys_es_latest_script>
+</record_update>

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_e65c4d305315521000b51901a0490e38.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>true</advanced>
+        <category>manageability</category>
+        <conditions/>
+        <description>Always avoid using native js "document" object for DOM manipulation in service portal. Instead we should use AngularJS equivalent capabilities to achieve the same.</description>
+        <documentation_url/>
+        <finding_type>scan_finding</finding_type>
+        <name>Avoid using javascript "document" object in Portal</name>
+        <priority>1</priority>
+        <resolution_details/>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (finding, current) {
+	var regex = /gel\s*\(|[\s\w\d]document\.[a-zA-Z]+|\.onchange\s*\(|\.onclick\s*\(|\$.+?\s*\(|Event\.|jQuery\s*\(/g;
+
+	var scriptValue = current.getValue("client_script") || "";
+	var matches = scriptValue.match(regex);
+
+	if (matches) {
+		matches.forEach(function(match) {
+			finding.increment();
+		});
+	}
+})(finding, current);]]></script>
+        <short_description>Avoid using javascript "document" object in Portal</short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-14 17:36:18</sys_created_on>
+        <sys_id>e65c4d305315521000b51901a0490e38</sys_id>
+        <sys_mod_count>2</sys_mod_count>
+        <sys_name>Avoid using javascript "document" object in Portal</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_e65c4d305315521000b51901a0490e38</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-14 17:44:48</sys_updated_on>
+        <table>sp_widget</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+    <sys_translated_text action="delete_multiple" query="documentkey=e65c4d305315521000b51901a0490e38"/>
+    <sys_es_latest_script action="INSERT_OR_UPDATE">
+        <id>e65c4d305315521000b51901a0490e38</id>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2024-10-14 17:36:18</sys_created_on>
+        <sys_id>54ae89b05315521000b51901a0490e99</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2024-10-14 17:36:18</sys_updated_on>
+        <table>scan_table_check</table>
+        <use_es_latest>true</use_es_latest>
+    </sys_es_latest_script>
+</record_update>