Merge pull request #36 from niamccash/check-for-alt-value-in-getproperty

Check for alt value in getproperty

Author: earlduque

README.md

@@ -123,6 +123,10 @@ api.controller = function ($rootScope, $scope) {
 };
 ```
 
+### Provide alternate value when fetching Glide property
+Recommendation to provide alternate/default value when calling gs.getProperty() to avoid errors if the property is not set. 
+
+
 ## Category: Security
 
 ### Tables without ACLs

ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt

@@ -1 +1 @@
-aQgfvSnhfC1wVpuKQWhyhUbVCWpldAIXeFWQKJua_aMBJoo85rtlMi5xn9KG5nidXKThCkM8feBrcyFJeo-VtULwIXM7nd5AhwRgHc-VCp5tkNM4hsqpmD28YvfJ-rPIJYR_mUqcUwW_ID_GEKPARpUmsJXWMf-jmcc-ObkNNXJvYdzC2bWesQhNmYZP8gmjejTCkz-ID2_yOqqtcrxakfHtzadbAlixtE6-Ips8WZJwkFKogWjfXbeRFkkt2Q38ElCebT3gI8d3EFmdRZLHW20jpzYWgOR4HbGWM4zWyWoOlfcPGgYwheLugrwtDHodWMf6VDAvnmLqHCORandvFfF8o2Ci794mag0lIWxXsQ3Jzl5gZMb4Hu2I9wFSw0sJzwfYUnD1DB-gLlKaRN-0rWcW2b8ik8yt26GVcMXoqUdX514AFoPk4RO-Q-QpoEaBJ5RskOvepYP62AZ8zMb3wDqJUTJRfy3_uQQXMOmIHTI8HSVUL54ddI2uRrfEtvBlYldjHECjFOu716btBVX9WW828DhvbDtGE2VA4cKz4O4LRWQenhRdbhdWcPKAcAYSMLyliNLMkABTEd6OfpJD_GPA5AGlgb12DZtneAqIUEFFzpuS1fQMZLOd8ceXGo4o1bk-W6fH8PiNGkK2Xtyb93W2UXBvDNRxKlNWVeaIEVY
+ZCv9qMuUECPrTGsjutWyjVM6cefm_yWSCqBvdU5jOa9uSn7hiI95_m0V8_jlfMEU2FiFlapN-Ss6Q_K-REFvJw12mEIr5QB3H8K0mrWENPYVncsHXtvXlfBikpUcSt21sf_7WU5JFeDIzLXNmeLSiQFFVVcvbTX50yMmURQ9pr9IZJUeKj9a-gbJqYsQxZg0BggN9TxjY3gZzjmLc6mH7aPl_QarAd_mhvzNTODSrAKl3C3SPzdJiPggT_KyR4ZzjwbOpUnQj05jprKUXFkJ9JqbaIHyPHZW7IUuy0vHZa4Qu1_Yv1DS16MfyqYSZZJSXHTOQv1dL6BtpZnhVAm5DJ5QLNrkcALIX9lG6Ij3nL_W8CF9utf39dUlmrQcD43S03VUaB9931k44KoSylO60i3UIxSs_-hqaI1nrtKOogaTtN47-Gw66GqS_OmduFl5gZsNAkjZcf2Cp8IdBgia4wUzThFjDVIBvyDsdmCJs6egUXHw9OMf1YCdp4WS-819ePV4gAJzFs0yoM6uYMhLocgkVBVQI0VeNxIWcm-9ztoLxZ4n2V6vqg9f-Q7UKVLSdbPOBbwXhzU7J50BsMwE8mZ5GhzJ1wnbavlZs_oyyhyZZOJHO1mSLNLpHzvC58AE87ur5OZCoc3tUlkl38lZSChiTMa_Ds9RajkJT5A0uyE

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_4986078c2f6330d05dcb59ab2799b6d9.xml

@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_linter_check">
+    <scan_linter_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <attributes/>
+        <category>performance</category>
+        <description>Providing an alternate, default value when calling gs.getProperty() helps mitigate risk of errors when property does not exist.</description>
+        <documentation_url/>
+        <finding_type>scan_finding</finding_type>
+        <name>Provide alternate value when fetching Glide property</name>
+        <priority>3</priority>
+        <resolution_details>Consider providing an alternate. default  value when using gs.getProperty() in case the property does not exist</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (engine) {
+
+	/** 
+	  * The following to exclude certain tables like sys_script_execution_history 
+	  * from being part of this scan is NOT possible here due to app scoping issues
+	  * (https://github.com/ServiceNowDevProgram/example-instancescan-checks/issues/9)
+	  */
+	//var excludedTablesProp = gs.getProperty(/* custom property name here */);
+	//var excludedTables = excludedTablesProp.split(',');
+	//var tableName = engine.current.getTableName();
+	//if (!new ArrayUtil().contains(excludedTables, tableName)) {
+	
+    engine.rootNode.visit(function(node) {
+		
+		// Find an occurrence of the getProperty function
+		if (node.getNameIdentifier() && node.getNameIdentifier() === 'getProperty') {
+
+			// Walk up the AST tree to check if function is called on GlideSystem 
+			if (node.getParent().getTypeName() === 'GETPROP' 
+				&& node.getParent().toSource() === 'gs.getProperty') {
+				
+				var argsProvided = 0;
+				
+				// Walk up to grandparent to check for the arguments provided
+				node.getParent().getParent().visit(function(childnode) {
+					// Case 1: Finds argument specified as a string, including when 
+					// default value is provided as number or boolean
+					// eg. gs.getProperty('value1', 'value2');
+					if (childnode.getTypeName() === 'STRING' || childnode.getTypeName() === 'NUMBER' 
+						|| childnode.getTypeName() === 'TRUE' || childnode.getTypeName() === 'FALSE') {
+						argsProvided ++;
+					}
+					// Case 2: Find argument specified as a variable
+					// eg. gs.getProperty(propertyName, defaultValue);
+					else if (childnode.getTypeName() === 'NAME' && childnode.getNameIdentifier()
+						&& childnode.getNameIdentifier() !== 'gs' 
+						&& childnode.getNameIdentifier() !== 'getProperty') {
+						argsProvided++;
+					}
+
+				});
+				if (argsProvided != 2) {
+					engine.finding.incrementWithNode(node);
+				}
+			}				
+		}
+	});
+
+})(engine);]]></script>
+        <short_description>Provide alternate value when fetching Glide property</short_description>
+        <sys_class_name>scan_linter_check</sys_class_name>
+        <sys_created_by>nia.mccash</sys_created_by>
+        <sys_created_on>2021-10-27 13:39:00</sys_created_on>
+        <sys_id>4986078c2f6330d05dcb59ab2799b6d9</sys_id>
+        <sys_name>Provide alternate value when fetching Glide property</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_linter_check_4986078c2f6330d05dcb59ab2799b6d9</sys_update_name>
+    </scan_linter_check>
+</record_update>