Script to remove/redact PHI/PII gets error even when elevated and in sandbox

RBlor
Mega Guru

‎08-21-2024 03:26 PM

I am trying to setup a script to remove and redact PHI and PII in my instance. When running in sandbox, i get an error even when i am running with elevated privelage and as admin:

 

 

(function() {
    // Define the table to scan and the fields to check
    var tableName = 'incident';
    var fieldsToCheck = ['description', 'short_description', 'comments'];

    // Define regex patterns for PII
    var piiPatterns = [
        // Date of Birth (DOB) - various formats
        /\b(0[1-9]|1[0-2])\/(0[1-9]|[12][0-9]|3[01])\/\d{4}\b/,  // MM/DD/YYYY
        /\b(0[1-9]|[12][0-9]|3[01])\/(0[1-9]|1[0-2])\/\d{4}\b/,  // DD/MM/YYYY
        /\b\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])\b/,   // YYYY-MM-DD

        // Other PHI (add more patterns as needed)
        // /\b...your_phi_pattern_here...\b/

        // Social Security Numbers (SSNs)
        /\b\d{3}-\d{2}-\d{4}\b/, 

        // Credit Card Numbers (Visa, MasterCard, Amex)
        /\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13})\b/ 
    ];

    var gr = new GlideRecord(tableName);
    gr.query();
    while (gr.next()) {
        var recordUpdated = false;

        fieldsToCheck.forEach(function(field) { // Traditional function declaration
            if (gr[field]) {
                var fieldValue = gr[field].toString();
                piiPatterns.forEach(function(pattern) { // Traditional function declaration
                    if (pattern.test(fieldValue)) {
                        fieldValue = fieldValue.replace(pattern, '[REDACTED]');
                        recordUpdated = true;
                    }
                });
                gr[field] = fieldValue;
            }
        });

        if (recordUpdated) {
            gr.update();
        }
    }

    gs.log('PHI/PII removal script completed for table: ' + tableName);
})();

 

 

the error i recieve is below: 

Security restricted: Sandbox: using Function is restricted by security policy!
Sandbox: using Function is restricted by security policy!: no thrown error
Evaluator.evaluateString() problem: java.lang.SecurityException: Sandbox: using Function is restricted by security policy!: com.glide.script.RhinoSandboxScope.handleError(RhinoSandboxScope.java:139)
com.glide.script.RhinoSandboxScope.shouldAllow(RhinoSandboxScope.java:100)
com.glide.script.RhinoSandboxScope.get(RhinoSandboxScope.java:70)
org.mozilla.javascript.ScriptableObject.getProperty(ScriptableObject.java:2097)
org.mozilla.javascript.ScriptableObject.getClassPrototype(ScriptableObject.java:1987)
org.mozilla.javascript.TopLevel.getBuiltinPrototype(TopLevel.java:137)
org.mozilla.javascript.ScriptableObject.getFunctionPrototype(ScriptableObject.java:1959)
org.mozilla.javascript.ScriptRuntime.setFunctionProtoAndParent(ScriptRuntime.java:3887)
org.mozilla.javascript.NativeFunction.initScriptFunction(NativeFunction.java:25)
org.mozilla.javascript.InterpretedFunction.createFunction(InterpretedFunction.java:111)
org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1784)
org.mozilla.javascript.Interpreter.interpret(Interpreter.java:830)
org.mozilla.javascript.InterpretedFunction.lambda$call$0(InterpretedFunction.java:160)
com.glide.caller.gen.null_null_script.call(Unknown Source)
com.glide.script.ScriptCaller.call(ScriptCaller.java:22)
org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:159)
org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:597)
org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3573)
org.mozilla.javascript.InterpretedFunction.exec(InterpretedFunction.java:172)
com.glide.script.ScriptEvaluator.execute(ScriptEvaluator.java:405)
com.glide.script.ScriptEvaluator.evaluateString(ScriptEvaluator.java:215)
com.glide.script.ScriptEvaluator.evaluateString(ScriptEvaluator.java:136)
com.glide.script.fencing.GlideScopedEvaluator.evaluateScript(GlideScopedEvaluator.java:363)
com.glide.script.fencing.GlideScopedEvaluator.evaluateScript(GlideScopedEvaluator.java:250)
com.glide.script.fencing.GlideScopedEvaluator.evaluateScript(GlideScopedEvaluator.java:229)
com.glide.processors.ScriptProcessor.evaluateScript0(ScriptProcessor.java:399)
com.glide.processors.ScriptProcessor.lambda$evaluateScriptWithRecordingOption$0(ScriptProcessor.java:382)
com.glide.rollback.recording.RollbackRecorder.execute(RollbackRecorder.java:67)
com.glide.processors.ScriptProcessor.evaluateScriptWithRecordingOption(ScriptProcessor.java:382)
com.glide.processors.ScriptProcessor.evaluateScript(ScriptProcessor.java:362)
com.glide.processors.ScriptProcessor.runScript(ScriptProcessor.java:261)
com.glide.processors.ScriptProcessor.process(ScriptProcessor.java:219)
com.glide.processors.AProcessor.runProcessor(AProcessor.java:734)
com.glide.processors.AProcessor.processTransaction(AProcessor.java:292)
com.glide.processors.ProcessorRegistry.process0(ProcessorRegistry.java:187)
com.glide.processors.ProcessorRegistry.process(ProcessorRegistry.java:175)
com.glide.ui.GlideServletTransaction.process(GlideServletTransaction.java:58)
com.glide.sys.Transaction.run(Transaction.java:2645)
com.glide.ui.HTTPTransaction.run(HTTPTransaction.java:30)
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
java.base/java.lang.Thread.run(Thread.java:829)
 
Background message, type:error, message: Sandbox: using Function is restricted by security policy!

 
-------------------------------------------------



Not sure how to move forward with this any help is welcome. 

0 Helpfuls
  • 577 Views
3 REPLIES 3

Sheldon  Swift
ServiceNow Employee
ServiceNow Employee

‎08-21-2024 03:58 PM

Hi @RBlor - Where are you running the script? Minimally, gs.log() and gr.update() are restricted in sandbox...I'm not even sure you can run that while loop. See: Configuring Script sandbox property

0 Helpfuls

RBlor
Mega Guru
In response to Sheldon  Swift

‎08-21-2024 04:23 PM

i see i was just trying to test the script in a sandbox subprod enviroment. what is the best way  approach the script ? 

0 Helpfuls

Sheldon  Swift
ServiceNow Employee
ServiceNow Employee
In response to RBlor

‎08-21-2024 04:42 PM

Understanding you’re not in production, you could comment the gr.update() and replace it with gs.info() to log the INC number—and optionally which field(s) would be updated—then run it as a background script.

 


You might also consider simply running the script and using rollback contexts to roll back the updates.

0 Helpfuls