how to identify any sysid in script include table using instance scan

String
Kilo Sage

‎01-14-2022 01:00 AM

Hi all,

Am new to instance scan ,Please guide me how to check sysid (any hard coded sys id ) in script include ,And will run instance scan ,so it will identify the bad practice of writing sysid in script include 

Labels:
0 Helpfuls
  • 1,538 Views
14 REPLIES 14

Maik Skoddow
Tera Patron
Tera Patron

‎01-14-2022 01:07 AM

Hi

use a Linter Check with the following code

(function(engine) {

  engine.rootNode.visit(function(node) {
    if (node.getTypeName() === "STRING") {
      var theString = node.toSource();
      
      // Looks for all occurences of a sys_id including as standalone strings
      // or those that are part of an encoded query where sys_id might be prefixed
      // With operator of = or STARTSWITH or IN or INSTANCEOF, etc
      var pattern = /("|'|=|h|H|n|N|f|F|,)[a-z0-9]{32}("|'|\^|,|@)/gm;
      
      var regExp = new RegExp(pattern);
      var matchFound = regExp.test(theString);
      if (matchFound)
        engine.finding.incrementWithNode(node);
    }
  });

})(engine);

Kind regards
Maik

String
Kilo Sage
In response to Maik Skoddow

‎01-14-2022 01:10 AM

hi @Maik Skoddow  thanks for your quick response ,why can't we use table check ?

 

0 Helpfuls

Curtis2
Giga Guru
In response to Maik Skoddow

‎12-21-2022 11:05 AM

Can this same script be used in a Scan Table check?

0 Helpfuls

SaschaWildgrube
ServiceNow Employee
ServiceNow Employee
In response to Curtis2

‎01-12-2023 08:18 AM

Check out the earlier response from Mark, he shared a variant if the check as a table scan check. But again the question is, why would you limit the check to a specific table?

If you want to get a head-start on a check suite: check out the CodeSanity app:

https://www.wildgrube.com/servicenow-codesanity

 

0 Helpfuls