Instance scan - Column type check

shivaadapa · ‎01-12-2024

Hi

I am trying to serach for querying against 'sys_object_source' table in all the script fields in the instance. But the above code is not working please help me.
Help me to provide how to keep correct regular expressions.

Mark Roethof · ‎01-12-2024

O really small though essential typo I made, here is working tested code:

(function (engine) {

	// Remove code comments
	var commentsRegEx = /\/\*[\s\S]*?\*\/|([^:]|^)\/\/.*$/gm;
	var commentsRemovedValue = engine.columnValue.replace(commentsRegEx, '');

	var search_regex = /\bGlideRecord\(['"]sys_object_source['"]\)/gm;

	// Create scan finding
	if(search_regex.test(commentsRemovedValue)) {
		engine.finding.increment();
	}

})(engine);

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

View solution in original post

Mark Roethof · ‎01-12-2024

Did you apply the second script I shared? Looking at your results, you didn't and you applied the first script I shared.

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

shivaadapa · ‎01-17-2024

Hi @Mark Roethof

I tried the given code by you, but i am not getting correct findings:

(function (engine) {

// Remove code comments

var commentsRegEx = /\/\*[\s\S]*?\*\/|([^:]|^)\/\/.*$/gm;

var commentsRemovedValue = engine.columnValue.replace(commentsRegEx, '');

var search_regex = /\bGlideRecord$['"]sys_object_source['"]$/;

// Create scan finding

if(search_regex.test(commentsRemovedValue)) {

engine.finding.increment();

}

})(engine);

please help me regarding this.

Is it possible to do it in linter check?

Mark Roethof · ‎01-17-2024

I tested the second code I shared and am getting the correct/expected findings. So question is, what is your definition of not getting the correct findings? What would you have expected? What are you now getting? Please describe this clearly.

Can you use Linter Check also? Don't know, haven't tried for such a case yet. You can check for GlideRecord occurrence, though if you can then also check for the table name, I haven't tried. Maybe you can try and share that knowledge 🙂

Please also handle your other open questions. Reply, mark answers as helpful, mark an answer as correct if it was solved.

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field

shivaadapa · ‎01-17-2024

Hi @Mark Roethof

I checked of the some of the script fields in script includes in that so many records(min 10records) contain query on sys_object_source table. but by using your code i am getting only 2findings.

Mark Roethof · ‎01-18-2024

Can you share examples? And are all of those records custom? Or out-of-the-box?

It might also well be that the scripting notation in those records is a minor bit different, so perhaps the regex needs to be expanded. Though for that you need to share examples.

Kind regards,

Mark Roethof

Independent ServiceNow Consultant

10x ServiceNow MVP

---

~444 Articles, Blogs, Videos, Podcasts, Share projects - Experiences from the field