Skip to content

Check for alt value in getproperty #36

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Sep 30, 2022
Merged

Check for alt value in getproperty #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3d7f621
Added linter check for 'Provide alternate value when fetching Glide p…
niamccash Sep 30, 2022
cec8a29
Updated category for new linter check added for 'Provide alternate va…
niamccash Sep 30, 2022
d7232dd
Updated with info for new gs.getProperty Linter check
niamccash Sep 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,10 @@ api.controller = function ($rootScope, $scope) {
};
```

### Provide alternate value when fetching Glide property
Recommendation to provide alternate/default value when calling gs.getProperty() to avoid errors if the property is not set.


## Category: Security

### Tables without ACLs
Expand Down
2 changes: 1 addition & 1 deletion ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
aQgfvSnhfC1wVpuKQWhyhUbVCWpldAIXeFWQKJua_aMBJoo85rtlMi5xn9KG5nidXKThCkM8feBrcyFJeo-VtULwIXM7nd5AhwRgHc-VCp5tkNM4hsqpmD28YvfJ-rPIJYR_mUqcUwW_ID_GEKPARpUmsJXWMf-jmcc-ObkNNXJvYdzC2bWesQhNmYZP8gmjejTCkz-ID2_yOqqtcrxakfHtzadbAlixtE6-Ips8WZJwkFKogWjfXbeRFkkt2Q38ElCebT3gI8d3EFmdRZLHW20jpzYWgOR4HbGWM4zWyWoOlfcPGgYwheLugrwtDHodWMf6VDAvnmLqHCORandvFfF8o2Ci794mag0lIWxXsQ3Jzl5gZMb4Hu2I9wFSw0sJzwfYUnD1DB-gLlKaRN-0rWcW2b8ik8yt26GVcMXoqUdX514AFoPk4RO-Q-QpoEaBJ5RskOvepYP62AZ8zMb3wDqJUTJRfy3_uQQXMOmIHTI8HSVUL54ddI2uRrfEtvBlYldjHECjFOu716btBVX9WW828DhvbDtGE2VA4cKz4O4LRWQenhRdbhdWcPKAcAYSMLyliNLMkABTEd6OfpJD_GPA5AGlgb12DZtneAqIUEFFzpuS1fQMZLOd8ceXGo4o1bk-W6fH8PiNGkK2Xtyb93W2UXBvDNRxKlNWVeaIEVY
ZCv9qMuUECPrTGsjutWyjVM6cefm_yWSCqBvdU5jOa9uSn7hiI95_m0V8_jlfMEU2FiFlapN-Ss6Q_K-REFvJw12mEIr5QB3H8K0mrWENPYVncsHXtvXlfBikpUcSt21sf_7WU5JFeDIzLXNmeLSiQFFVVcvbTX50yMmURQ9pr9IZJUeKj9a-gbJqYsQxZg0BggN9TxjY3gZzjmLc6mH7aPl_QarAd_mhvzNTODSrAKl3C3SPzdJiPggT_KyR4ZzjwbOpUnQj05jprKUXFkJ9JqbaIHyPHZW7IUuy0vHZa4Qu1_Yv1DS16MfyqYSZZJSXHTOQv1dL6BtpZnhVAm5DJ5QLNrkcALIX9lG6Ij3nL_W8CF9utf39dUlmrQcD43S03VUaB9931k44KoSylO60i3UIxSs_-hqaI1nrtKOogaTtN47-Gw66GqS_OmduFl5gZsNAkjZcf2Cp8IdBgia4wUzThFjDVIBvyDsdmCJs6egUXHw9OMf1YCdp4WS-819ePV4gAJzFs0yoM6uYMhLocgkVBVQI0VeNxIWcm-9ztoLxZ4n2V6vqg9f-Q7UKVLSdbPOBbwXhzU7J50BsMwE8mZ5GhzJ1wnbavlZs_oyyhyZZOJHO1mSLNLpHzvC58AE87ur5OZCoc3tUlkl38lZSChiTMa_Ds9RajkJT5A0uyE
76 changes: 76 additions & 0 deletions ...7c41b9abc10ce0f62c3b24bcbaa/update/scan_linter_check_4986078c2f6330d05dcb59ab2799b6d9.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_linter_check">
<scan_linter_check action="INSERT_OR_UPDATE">
<active>true</active>
<attributes/>
<category>performance</category>
<description>Providing an alternate, default value when calling gs.getProperty() helps mitigate risk of errors when property does not exist.</description>
<documentation_url/>
<finding_type>scan_finding</finding_type>
<name>Provide alternate value when fetching Glide property</name>
<priority>3</priority>
<resolution_details>Consider providing an alternate. default value when using gs.getProperty() in case the property does not exist</resolution_details>
<run_condition/>
<score_max>100</score_max>
<score_min>0</score_min>
<score_scale>1</score_scale>
<script><![CDATA[(function (engine) {

/**
* The following to exclude certain tables like sys_script_execution_history
* from being part of this scan is NOT possible here due to app scoping issues
* (https://github.com/ServiceNowDevProgram/example-instancescan-checks/issues/9)
*/
//var excludedTablesProp = gs.getProperty(/* custom property name here */);
//var excludedTables = excludedTablesProp.split(',');
//var tableName = engine.current.getTableName();
//if (!new ArrayUtil().contains(excludedTables, tableName)) {

engine.rootNode.visit(function(node) {

// Find an occurrence of the getProperty function
if (node.getNameIdentifier() && node.getNameIdentifier() === 'getProperty') {

// Walk up the AST tree to check if function is called on GlideSystem
if (node.getParent().getTypeName() === 'GETPROP'
&& node.getParent().toSource() === 'gs.getProperty') {

var argsProvided = 0;

// Walk up to grandparent to check for the arguments provided
node.getParent().getParent().visit(function(childnode) {
// Case 1: Finds argument specified as a string, including when
// default value is provided as number or boolean
// eg. gs.getProperty('value1', 'value2');
if (childnode.getTypeName() === 'STRING' || childnode.getTypeName() === 'NUMBER'
|| childnode.getTypeName() === 'TRUE' || childnode.getTypeName() === 'FALSE') {
argsProvided ++;
}
// Case 2: Find argument specified as a variable
// eg. gs.getProperty(propertyName, defaultValue);
else if (childnode.getTypeName() === 'NAME' && childnode.getNameIdentifier()
&& childnode.getNameIdentifier() !== 'gs'
&& childnode.getNameIdentifier() !== 'getProperty') {
argsProvided++;
}

});
if (argsProvided != 2) {
engine.finding.incrementWithNode(node);
}
}
}
});

})(engine);]]></script>
<short_description>Provide alternate value when fetching Glide property</short_description>
<sys_class_name>scan_linter_check</sys_class_name>
<sys_created_by>nia.mccash</sys_created_by>
<sys_created_on>2021-10-27 13:39:00</sys_created_on>
<sys_id>4986078c2f6330d05dcb59ab2799b6d9</sys_id>
<sys_name>Provide alternate value when fetching Glide property</sys_name>
<sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
<sys_policy/>
<sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
<sys_update_name>scan_linter_check_4986078c2f6330d05dcb59ab2799b6d9</sys_update_name>
</scan_linter_check>
</record_update>