how to identify any sysid in script include table using instance scan

String · ‎01-14-2022

Hi all,

Am new to instance scan ,Please guide me how to check sysid (any hard coded sys id ) in script include ,And will run instance scan ,so it will identify the bad practice of writing sysid in script include

Mark Roethof · ‎01-14-2022

Hi there,

You can use a Scan Table Check for this, if you only want this for Script Includes. If you would like this also for other scripting then a Linter Check is certainly an option.

A Linter Check is way more difficult though. One of the advantages though, scripting inside commented code will be ignored. Obviously there's a huge difference in running time between a Linter Check and a Scan Table Check (Scan Table Check will run way faster).

I'll have a look if I have a Scan Check in place for what you are asking. Or... check my Instance Scan articles, almost 30 already.

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark
2020, 2021 ServiceNow Community MVP
2020, 2021 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

Mark Roethof · ‎01-14-2022

And to add on Linter Check, be aware this only checks script fields. So for example if you have a hardcoded sys_id in the in a Workflow Run Script utility or in a script field of Flow Designer... this won't be checked! Because these are in the sys_variable_value table which is in fact not in a script field!

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark
2020, 2021 ServiceNow Community MVP
2020, 2021 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

Mark Roethof · ‎01-14-2022

Here's for Script Include only:

+ Script field:

(function (engine) {

    // Define variables
	var regex = /['"]{1}[0-9a-f]{32}['"]{1}/g;

	// Create scan finding
	if(engine.current.script.match(regex)) {
		engine.finding.increment();
	}

})(engine);

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark
2020, 2021 ServiceNow Community MVP
2020, 2021 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

String · ‎01-17-2022

Hi @Mark Roethof

I have use the above code in Table check but not getting Test finding

But when I use below code (not a good pratice) am getting test finding

(function(finding) {

var regexp = /[0-9a-f]{32}/;
var gr = new GlideRecord('sys_script_include');
gr.query();
while (gr.next()) {
if (gr.script.match(regexp)) {
finding.setCurrentSource(gr);
finding.increment();
}
}

})(finding);

Mark Roethof · ‎01-17-2022

I did test the Table Check shared. Can you share a screenshot of the full Table Check that did not work?

Also do keep in mind: Out-of-the-box artifacts which have not been updated yet, won't be seen as an issue when using a Table Check like I suggested.

If my answer helped you in any way, please then mark it as helpful.

Kind regards,
Mark
2020, 2021 ServiceNow Community MVP
2020, 2021 ServiceNow Developer MVP

---

LinkedIn
Community article, blog, video list

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field