- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 05-14-2023 11:28 PM
Hi All,
This is my personalized list of golden rules which I refer to whenever I m doing some development.
It has 4 Components which are as given below :
- Definition : Definition of development entity
- Severity : severity of implementation of definition
- Area of Impact : Which area on ServiceNow platform it will have impact on
- Affected elements : Which elements this definition will have affect on
I have represented in the tabular format for the ease in understanding
|
Definition |
Severity |
Area of impact |
Affected element |
|
Business Rules defined on the Global table |
High |
Scalability |
Business Rule |
|
Unused Inactivity Monitors |
High |
Performance |
Inactivity Monitors |
|
Potential Recursive Business Rules |
High |
Performance |
Business Rule |
|
Synchronous AJAX call (getReference, getXMLWait) in Client Scripts |
High |
Performance |
Client Script |
|
GlideRecord usage on Client Scripts |
High |
Performance |
Client Script / Portal Widget |
|
Too many fields in a Form Section |
Medium |
Performance |
Form Section |
|
Business Rules using GlideRecord and getRowCount |
Medium |
Scalability |
Business Rule |
|
High Security Settings plugin disabled |
High |
Security |
Plugin |
|
Client Scripts with the console.log debugging method |
Medium |
Performance |
Client Script |
|
Client Scripts without function |
Medium |
Scalability |
Client Script |
|
Document Object Model (DOM) manipulation in Client Scripts |
High |
Manageability |
Client Scripts |
|
Document Object Model (DOM) manipulation in Client Scripts |
High |
Manageability |
Portal Widget - Client Script |
|
Modules pointing to big tables without filter |
Medium |
Performance |
Module |
|
Document Object Model (DOM) manipulation in Client UI Actions |
High |
Manageability |
UI Action |
|
The default system User Preference "Rows per Page" set above 100 |
Medium |
Performance |
User Preference |
|
JDBC Data Sources with "Use last run datetime" option unchecked |
Warning |
Performance |
Data Source |
|
Transform Maps with "Run business rules" option enabled |
Low |
Performance |
Transform Map |
|
Business Rules with debugging statements in production |
Low |
Scalability |
Business Rule |
|
Business Rules using eval function |
Low |
Security |
Business Rule |
|
The "Log/trace level of TaskSLAController" System Property not set to "notice" |
Low |
Performance |
System Property |
|
UI Policy Actions without field effects |
Low |
Performance |
UI Policy Action |
|
Client Scripts defined on the Global table |
High |
Scalability |
Client Script |
|
Business Rules using the SOAP getResponse method |
High |
Performance |
Business Rule |
|
Contextual Security Plugin disabled |
High |
Security |
Plugin |
|
The "Update on Iterate" System Property enabled |
Medium |
Performance |
System Property |
|
The "Go To search" System Property set to "contains" operator |
Low |
Performance |
System Property |
|
Debugging properties enabled in production environments |
Low |
Performance |
System Property |
|
The "Security Manager" System Property default behaviour set to "Allow Access" |
High |
Security |
System Property |
|
Client Scripts with empty script field |
Low |
Performance |
Client Script |
|
Document Object Model (DOM) manipulation in UI Policies |
High |
Manageability |
UI Policy |
|
Server UI Actions using GlideRecord and getRowCount |
Medium |
Scalability |
UI Action |
|
Script Includes using GlideRecord and getRowCount |
Medium |
Scalability |
Script Include |
|
Client UI Actions using GlideRecord |
High |
Performance |
UI Action |
|
UI Policies using GlideRecord |
High |
Performance |
UI Policy |
|
Synchronous AJAX call (getReference, getXMLWait) in UI Policies |
High |
Performance |
UI Policy |
| Synchronous AJAX call (getReference, getXMLWait) in Catalog UI Policies | High | Performance | Catalog UI Policy |
|
Synchronous AJAX call (getReference, getXMLWait) in Client UI Actions |
High |
Performance |
UI Action |
|
Business Rules with hard-coded sys_ids |
Medium |
Manageability |
Business Rule |
|
Users with too many rows per page |
Medium |
Performance |
User Preference |
|
Client Scripts with hard-coded sys_ids |
Medium |
Manageability |
Client Script |
|
Script Includes with hard-coded sys_ids |
Medium |
Manageability |
Script Include |
|
UI Policies with hard-coded sys_ids |
Medium |
Manageability |
UI Policy |
|
UI Actions with hard-coded sys_ids |
Medium |
Manageability |
UI Action |
|
Transform Maps with hard-coded sys_ids |
Medium |
Manageability |
Table Transform Map |
|
Transform Scripts with hard-coded sys_ids |
Medium |
Manageability |
Transform Script |
|
The "Items per Page" System Property includes options over 100 |
Medium |
Performance |
System Property |
|
The "Database Rotation" Plugin disabled |
Medium |
Manageability |
Plugin |
|
ACL Rules using GlideRecord |
Medium |
Performance |
Access Control |
|
The "Database Rotation with Default Tables" Plugin disabled |
Medium |
Manageability |
Plugin |
|
SOAP Timeout Value over 500 minutes |
High |
Performance |
System Property |
|
The "Auto-Complete Wait Time" System Property exceeds 750ms |
Medium |
Performance |
System Property |
|
Forms with too many sections |
Low |
Performance |
Forms |
|
The "Auto-complete Search" System Property set to "contains" operator |
Low |
Manageability |
System Property |
|
Script Includes with debugging statements in production |
Low |
Scalability |
Script Include |
|
UI Actions with debugging statements |
Low |
Scalability |
UI Action |
|
Business Rules without function |
High |
Scalability |
Business Rule |
|
Synchronous Business Rules making SOAP or REST calls |
High |
Performance |
Business Rule |
|
Synchronous Business Rules making SOAP or REST calls |
High |
Performance |
Portal Widget - Server Script |
|
Synchronous AJAX call (getReference, getXMLWait) in Catalog Client Scripts |
High |
Performance |
Catalog Client Script |
|
GlideRecord usage on Catalog Client Scripts |
High |
Performance |
Catalog Client Script |
|
Catalog Client Scripts with the console.log debugging method |
Medium |
Performance |
Catalog Client Script |
|
Catalog Client Scripts without function |
Medium |
Scalability |
Catalog Client Script |
|
Document Object Model (DOM) manipulation in Catalog Client Scripts |
High |
Manageability |
Catalog Client Script |
|
Catalog Client Scripts with empty script field |
Low |
Performance |
Catalog Client Script |
|
Catalog Client Scripts with hard-coded sys_ids |
Medium |
Manageability |
Catalog Client Script |
|
Notification Email Scripts with hard-coded sys_ids |
Medium |
Manageability |
Notification Email Scripts |
|
Portal Widgets with hard-coded sys_ids |
Medium |
Manageability |
Portal Widget - Client and Server Scripts |
|
Angular Providers with hard-coded sys_ids |
Medium |
Manageability |
Angular Providers |
|
Workflows with over 50 activities |
Medium |
Performance |
Workflow |
|
Workflows with over 10 Timer activities |
Medium |
Performance |
Workflow |
|
UI Scripts with hard-coded sys_ids |
Medium |
Manageability |
UI Script |
|
Synchronous AJAX call (getReference, getXMLWait) in UI Scripts |
High |
Performance |
UI Script |
|
GlideRecord usage on UI Scripts |
High |
Performance |
UI Script |
|
Workflows with Notification Activities |
Medium |
Manageability |
Workflow |
|
UI Scripts with the console.log debugging method |
Medium |
Performance |
UI Script |
|
UI Scripts without function |
Medium |
Scalability |
UI Script |
|
Document Object Model (DOM) manipulation in UI Scripts |
High |
Manageability |
UI Script |
| onBefore Business Rules should not update records on other tables. | High | Performance | BusinessRule |
| onBefore Transform Scripts should only update the target table. | High | Performance | Transform Script |
|
UI Scripts with empty script field |
Low |
Performance |
UI Script |
| Scripts should not use gs.sql | High | Manageability | Script Include |
| Scripts should not use gs.sql | High | Manageability | Business Rule |
| Scripts should not use gs.sql | High | Manageability | Portal Widget - Server side script |
| Scripts should not use gs.sql | High | Manageability | Access Control |
| Scripts should not use gs.sql | High | Manageability | UI Action |
| Scripts should not use gs.sql | High | Manageability | Transform Map |
| Scripts should not use gs.sql | High | Manageability | Transform Script |
| Scripts should not use gs.sql | High | Manageability | Record Producer |
|
Catalog UI Policy Actions without field effects |
Low |
Performance |
Catalog Ui Policy Action |
|
Document Object Model (DOM) manipulation in Catalog UI Policies |
High |
Manageability |
Catalog UI policy |
|
Catalog UI Policies using GlideRecord |
High |
Performance |
Catalog UI policy |
|
Synchronous AJAX call (getReference, getXMLWait) in Catalog UI Policies |
High |
Performance |
Catalog UI policy |
|
Catalog UI Policies with hard-coded sys_ids |
Medium |
Manageability |
Catalog UI policy |
| Inbound Email Actions with hard-coded sys_ids. | Medium | Manageability | Inbound Email Action |
| Inbound Email Actions using GlideRecord and getRowCount. | Medium | Scalability | Inbound Email Action |
| Event Script Action with hard-coded sys_ids. | Medium | Manageability | Script Action |
| Event Script Action using GlideRecord and getRowCount. | Medium | Scalability | Script Action |
| SOAP Request Strict Security should be enabled | High | Security | System Property |
| Java Package Collection mode and Collection mode override properties should be disabled | High | Security | System Property |
| Client Generated Scripts Sandbox should be enabled | High | Security | System Property |
| Cookies – HTTP Only should be enabled | High | Security | System Property |
| Escape HTML should be enabled | High | Security | System Property |
| CSV Request Authorization should be enabled | High | Security | System Property |
| SSLv2/SSLv3 should be disabled | High | Security | System Property |
| AJAXGlideRecord ACL Checking should be enabled | High | Security | System Property |
| SLA logging level should be set to "notice" | High | Performance | System Property |
| Basic Auth SOAP Requests setting should be enabled | High | Security | System Property |
| Old UI enabled or being used |
High |
Security | System Property |
| Script Request Authorization should be enabled | High | Security | System Property |
| Escape Jelly should be enabled | High | Security | System Property |
| Allow Javascript tags in Embedded HTML property should be disabled | High | Security | System Property |
| Enable AJAXEvaluate should be disabled | High | Security | System Property |
| Anti-CSRF Token setting should be enabled | High | Security | System Property |
| Escape XML should be enabled | High | Security | System Property |
| HTML Sanitizer property should be enabled | High | Security | System Property |
| Check UI Action Conditions check before Execution should be enabled | High | Security | System Property |
|
Client Scripts should not use unsupported |
High | Manageability | Client Scripts |
| Catalog Client Scripts should not use unsupported scripting APIs |
High | Manageability | Catalog Client Scripts |
| Creating custom tables in the global scope should be avoided. | Warning | Manageability | Tables |
| GlideRecord API usage in Scripted REST API Resource. | High | Security | Scripted REST API Resource |
| REST API Resource modifying data without Authentication check. | High | Security | Scripted REST API Resource |
| REST API Resource modifying data without Authorization check. | High | Security | Scripted REST API Resource |
| Modified Out of the Box Element | Warning | Manageability |
All elements |
Please be sure to bookmark this article as well as mark it as Helpful if you thought it was helpful.
Regards,
Amit Gujarathi
- 1,956 Views
