Packages call removal tool

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • Activate and run the Packages Call Removal Tool (com.glide.script.packages_call_removal) plugin, and then consider whether each of the proposed changes should be completed or rejected.

    The Packages Call Removal Tool is a plugin that:
    • Scans scripts for package calls to ServiceNow AI Platform Java classes.
    • Proposes changes to replace them with preferred GlideScriptable names.
    • Facilitates the script changes.
    Note:
    If this record is a base system record, using the recommendation from the tool causes the item to be marked as customer_update. However, it may still be useful to use this tool because it flags Packages,xxx calls.
    The Packages Call Removal Tool might report some package calls used in sa_mapping_ext_commands and sa_custom_operation. These package calls belong to the MID Server. As there are no classes, the code runs in MID Server. If you find any of the following listed package calls in the Errors section, mark them as Rejected (Ignored). The tool doesn't report that package call again.
    • Packages.com.snc.sw.util.JSONUtil.toJSONPlain(file_content);
    • Packages.com.snc.sw.util.JSONUtil.toJSONPlain(file_name);
    • Packages.com.snc.sw.commands.HttpCallHandler;
    • Packages.com.snc.sw.dto.ProviderType.SSH

    More information

    Attribute Description
    Plugin Name com.glide.script.packages_call_removal
    Configuration type System Definition > Plugins
    Purpose To remove/replace unauthorized package/member calls with Glide Acceptable (GlideScriptable) names that only allow authorized access to data.
    Recommended value Active
    Functional ImpactThis remediation would replace the package calls with GlideScriptable APIs, and can affect the customizations that include package calls. The tool doesn’t actually replace package calls automatically. Instead, it provides suggestions that are stored into the packages_call_item table. Your administrator can then decide whether to accept or reject the proposed change.
    Security risk (Medium) Client-side API calls that result in data retrieval or object access on server are deemed to be dangerous from a security standpoint. They should be validated for authorization and restriction for sensitive object access.

    Steps to configure

    1. Navigate to System Definition > Plugins

      Packages call removal tool 1

    2. Search for the plugin ID = com.glide.script.packages_call_removal.

      Packages call removal tool 2

    3. Click Activate/Upgrade to activate the plugin.

      Packages call removal tool 3

    4. To check inclusion list package calls and inclusion list member calls, complete the actions outlined in the Steps to Configure sections in the following topics: