From 66f0ddeadf47022186f63d0afbc191714e6751ec Mon Sep 17 00:00:00 2001
From: fn20200323 <20200323@qwedc.eu.org>
Date: Thu, 28 Oct 2021 21:05:41 +0200
Subject: [PATCH] Report roles verification for public ones

---
 README.md                                     |  3 ++
 ...check_1e7511642f2330100b40bea62799b6f1.xml | 38 +++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 scan_script_only_check_1e7511642f2330100b40bea62799b6f1.xml

diff --git a/README.md b/README.md
index b57a566..baf1a29 100644
--- a/README.md
+++ b/README.md
@@ -122,6 +122,9 @@ Monitor users with role `admin` (not locked out) that are not logged for longer
 After deactivation of Groups there can be still some users.
 Group offer membership but also can provide some roles that after deactivation should be considered as no longer needed.
 
+### Report with public role can expose data to unauthenticated clients
+For table that store reports definition there is also posibility to assign roles. It is possible that by default it is added `public` role. It means that even not authorized clients can access such report and sometimes with exposed data that shouldn't be accessible.
+
 
 ## Category: User Experience
 
diff --git a/scan_script_only_check_1e7511642f2330100b40bea62799b6f1.xml b/scan_script_only_check_1e7511642f2330100b40bea62799b6f1.xml
new file mode 100644
index 0000000..e97918a
--- /dev/null
+++ b/scan_script_only_check_1e7511642f2330100b40bea62799b6f1.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<unload unload_date="2021-10-28 19:04:18">
+<scan_script_only_check action="INSERT_OR_UPDATE">
+<active>true</active>
+<attributes display_value="Public reports to be verified ">906611642f2330100b40bea62799b6b7</attributes>
+<category>security</category>
+<description>It is worthy to check all reports that are with role public - as they can expose data to unauthenticated users via:
+ https : / / &lt;instance&gt;.service-now.com/sys_report_display.do?sysparm_report_id=&lt;sysID&gt;</description>
+<documentation_url/>
+<name>Public reports to be verified </name>
+<priority>2</priority>
+<resolution_details/>
+<script><![CDATA[(function(finding) {
+
+    var grSysReport = new GlideRecord('sys_report');
+    grSysReport.addEncodedQuery("roles=public");
+    grSysReport.query();
+    while (grSysReport.next()) {
+        finding.setCurrentSource(grSysReport);
+        finding.increment();
+    }
+
+})(finding);]]></script>
+<short_description>Candidates of publicly available reports (without needs to authorize) that shoul</short_description>
+<sys_class_name>scan_script_only_check</sys_class_name>
+<sys_created_by>admin</sys_created_by>
+<sys_created_on>2021-10-28 18:46:02</sys_created_on>
+<sys_id>1e7511642f2330100b40bea62799b6f1</sys_id>
+<sys_mod_count>1</sys_mod_count>
+<sys_name>Public reports to be verified </sys_name>
+<sys_package display_value="Global" source="global">global</sys_package>
+<sys_policy/>
+<sys_scope display_value="Global">global</sys_scope>
+<sys_update_name>scan_script_only_check_1e7511642f2330100b40bea62799b6f1</sys_update_name>
+<sys_updated_by>admin</sys_updated_by>
+<sys_updated_on>2021-10-28 18:50:32</sys_updated_on>
+</scan_script_only_check>
+</unload>