From fdd93defd6f99a56a0a54dd695a6b8d7f9ae22a4 Mon Sep 17 00:00:00 2001
From: admin <admin@example.com>
Date: Tue, 10 Oct 2023 04:11:43 -0700
Subject: [PATCH 1/4] Added scan check for Running Business rules for transform
 map

---
 ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt |  2 +-
 ...check_e19656212ff1311002eb2ca62799b639.xml | 41 +++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_e19656212ff1311002eb2ca62799b639.xml

diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
index b704213..4e6c252 100644
--- a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
+++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
@@ -1 +1 @@
-IY4GU8kOs-cZd20LM9KzufTF8KpvhhPs1hQ-YbLAnWLZctdh80RFXi2aSkVJsjJDsNKlSzRqAyomAXYlUwwFeCGj77Grl9D5LzqPwFOyKUcYlwmP_s1PaEm0f5hPHsHP5Iph2pKt4d5Au5u5v4K_esgBCGfJ6K-J4zPs0cesugCPHZwx6EbPf8HUH8TlwerxKMaFGPeidk9qTwC0IIKLmT2dKN2YCZqrgrnmSZZkVbxCNXoBOSeS6ndW47pGOcZAsgUDDla-dOQb8e10ZeymJI_4zG3sISo-pYOul91JqVBhR1Kz4r5o18DL-XziSHUbl8_QCplLzqBqun0VtPSwilHFuqIHM13uYI9CwEiDYaM816gb0oyRXe8lWzh4t626OW0z3cZ6TPiOrwdpQQLB2GmjDjs5OcFDcWvGaMr5pnEkltvRKEwYp-6tLEqIYGAsSGgHFn0sXtmqpyRtJX5CnzeKKE6I3cxlU0959fOhRJTKgkAfSmlqmZDV3yyXrJzuRZcUosVkCFIOwwMge8SOpIuBZdncO_kqnF6cW5VJx9539V9TpTP4MNiFPMJXOhxWPdcCLrieW2b6O5cFcO6FkiwPAoOIue8XOUVXq7Sc0ZUV_ehqdT4AG9zsrB82nFGrTbB4vvPkeCBaMoteUD6cucNuE2xw8UiJkVbtIo-RZG8
\ No newline at end of file
+APBZ6N-mXQqTnbxQsCc2BHSyXp9Boqw2IPsl8t_tiGfkZCie3Y_HBRDI1ohtO9n5IZjYoWFKvqlA7F7fyv96kTOlFKK6GyU-tdiUoEqcOGb6K1x9t2oX4vonME33VyIwpeelR7UEPVuU9fQofwdQKQ0g-16C3mEXbfGXvhmgI7kxGU4eJl06omxI8VrED2HXXpiEPV76_WMvd14z3Iddfk2uo2ygohHSAtREtUmG4IZJVbcu4Hc4nWbhOEPeA1jYNPFFcvTK3iwpX8FUgYNRTYQfrCg1BSy8AoozxzFjn8_WX0mi10IhJzRZwrJCXfWhhVQoGdiCvYCqcogxDtNaDUzxkw20MbNXo6-AZpcJMH1EovFOJOS0CzqJ-KdnOKhSooYh7emFWG8xFZrzZi149t4Dq3aWft40Z4g7AjpgXt_7EO_NvCXBaHnXMwSOaiA-PoW2JL_FKI3AIduUybr3xPwQYP4Zbz2UzQtVVMOMeMFTs7JAqoHNkOG-jQNRAa_Bbq4cY_Ru6leaPdKEKVa3IDl1mf9ug7dcVhfkFDszOWRdRWDmJGi-ptN5twYZ_5IFEqIl_9YmylsKX-JobM4bDl-80xGd2v7z96Yj2oZg0ArGuO7EG6BwdQkmT-fvSwrBFawNWPX-OSdoRXoCc217pNPfsXFVNqBZ-sLza74ikRM
\ No newline at end of file
diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_e19656212ff1311002eb2ca62799b639.xml b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_e19656212ff1311002eb2ca62799b639.xml
new file mode 100644
index 0000000..323d167
--- /dev/null
+++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_e19656212ff1311002eb2ca62799b639.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>false</advanced>
+        <category>performance</category>
+        <conditions table="sys_transform_map">run_business_rules=true^active=true^EQ<item endquery="false" field="run_business_rules" goto="false" newquery="false" operator="=" or="false" value="true"/>
+            <item endquery="false" field="active" goto="false" newquery="false" operator="=" or="false" value="true"/>
+            <item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
+        </conditions>
+        <description>Running business rules during transform may cause the transform to take longer than expected, or cause the instance to slow down.</description>
+        <documentation_url>https://docs.servicenow.com/bundle/vancouver-integrate-applications/page/administer/technical-best-practice/concept/c_TroubleshootImportSetPerformance.html</documentation_url>
+        <finding_type>scan_finding</finding_type>
+        <name>Running Business Rules on Transform Maps </name>
+        <priority>1</priority>
+        <resolution_details> Do not run items like business rules, workflows, approval engines, and so on during a transform unless you want all insert and update business rules, notifications, and workflows to run. For example, when importing all data from an old system, you may not want notifications to run. To disable these items from running and to cease auditing and field normalization within the transform map for that import, deselect the Run business rules check box.</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (engine) {
+
+    // Add your code here
+
+})(engine);]]></script>
+        <short_description>Running Business Rules on Transform Maps </short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2023-10-10 11:06:48</sys_created_on>
+        <sys_id>e19656212ff1311002eb2ca62799b639</sys_id>
+        <sys_mod_count>1</sys_mod_count>
+        <sys_name>Running Business Rules on Transform Maps </sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_e19656212ff1311002eb2ca62799b639</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2023-10-10 11:08:53</sys_updated_on>
+        <table>sys_transform_map</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+</record_update>

From 11dee72235aa3d175b4433788f7187bb94069cbb Mon Sep 17 00:00:00 2001
From: admin <admin@example.com>
Date: Wed, 11 Oct 2023 06:53:35 -0700
Subject: [PATCH 2/4] Scan check for "Use GlideRecordSecure instead of
 GlideRecord API for CCSI"

---
 ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt |  2 +-
 ...check_076448b12ffd311002eb2ca62799b628.xml | 43 +++++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_076448b12ffd311002eb2ca62799b628.xml

diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
index 4e6c252..9c51344 100644
--- a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
+++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
@@ -1 +1 @@
-APBZ6N-mXQqTnbxQsCc2BHSyXp9Boqw2IPsl8t_tiGfkZCie3Y_HBRDI1ohtO9n5IZjYoWFKvqlA7F7fyv96kTOlFKK6GyU-tdiUoEqcOGb6K1x9t2oX4vonME33VyIwpeelR7UEPVuU9fQofwdQKQ0g-16C3mEXbfGXvhmgI7kxGU4eJl06omxI8VrED2HXXpiEPV76_WMvd14z3Iddfk2uo2ygohHSAtREtUmG4IZJVbcu4Hc4nWbhOEPeA1jYNPFFcvTK3iwpX8FUgYNRTYQfrCg1BSy8AoozxzFjn8_WX0mi10IhJzRZwrJCXfWhhVQoGdiCvYCqcogxDtNaDUzxkw20MbNXo6-AZpcJMH1EovFOJOS0CzqJ-KdnOKhSooYh7emFWG8xFZrzZi149t4Dq3aWft40Z4g7AjpgXt_7EO_NvCXBaHnXMwSOaiA-PoW2JL_FKI3AIduUybr3xPwQYP4Zbz2UzQtVVMOMeMFTs7JAqoHNkOG-jQNRAa_Bbq4cY_Ru6leaPdKEKVa3IDl1mf9ug7dcVhfkFDszOWRdRWDmJGi-ptN5twYZ_5IFEqIl_9YmylsKX-JobM4bDl-80xGd2v7z96Yj2oZg0ArGuO7EG6BwdQkmT-fvSwrBFawNWPX-OSdoRXoCc217pNPfsXFVNqBZ-sLza74ikRM
\ No newline at end of file
+AJInFJMOarSNZgy4eVPEI6ZUZTQO4buAfQ2jkBnzn77pHO8fWCuHP6neLRGKEC7iHlLsbGUl7is0NbkoHxzYWRkTwTxhYVY8p9qCuZPB6YXTBkKDo8X2oq-DOGp4hb5uwk5ES8I7a5hNCsIupO6JhrWFLLh9qeaJE6_nOsE-dMhwybJBxSvcaKmrcNqz51GJVu2Xb924Gs7sa1p1UzRVoKKd1z51VqR_oDCNJThz-yAlVdbnTqEKTdU9D98hy8yFXdRNPBow85OFDE3XWTjcfikcrqdULj0MLLarAcUvTuUgMfGBdFJYbnVNpxi7tVUR1SQ2aehcEujbsK-xJEY9kxmygBiddEm1KK1qiSlPJxRpEYo2doHSfVsxddkjkJyz8Ulja82BKj3D4i2EsUR75GcJzwmfgafdoO-pPRRarwYzGDUbWpe1iCTbmJHSZ_OxJTiJTiWGET89NVxYQZ80w3xSAPg7eyjtv4O3ezYEb4fAAQTiRH-6DwihD62dtq9qXKirZdtq9sa8mBL6UQJ_u5EqIeNo7bvkflLQgojzcUf4pM5pc_VHEgfmpEah9Qv6T98rIPOdMkH_dAB5q3uvbmBcPdOy_pNXjNEyLa28W5X9WA6nG3Qu3C0sW-oupQc1u2VgLrFj1hXAkdFHKn-oBIzWc6_--zdSXs70dzyZFBg
\ No newline at end of file
diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_076448b12ffd311002eb2ca62799b628.xml b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_076448b12ffd311002eb2ca62799b628.xml
new file mode 100644
index 0000000..dc51983
--- /dev/null
+++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_076448b12ffd311002eb2ca62799b628.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>false</advanced>
+        <category>security</category>
+        <conditions table="sys_script_include">active=true^client_callable=true^scriptLIKEnew GlideRecord(^ORscriptLIKEnew GlideRecord (^EQ<item endquery="false" field="active" goto="false" newquery="false" operator="=" or="false" value="true"/>
+            <item endquery="false" field="client_callable" goto="false" newquery="false" operator="=" or="false" value="true"/>
+            <item endquery="false" field="script" goto="false" newquery="false" operator="LIKE" or="false" value="new GlideRecord("/>
+            <item endquery="false" field="script" goto="false" newquery="false" operator="LIKE" or="true" value="new GlideRecord ("/>
+            <item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
+        </conditions>
+        <description>Using GlideRecord API in Client Callable Script Include for database query exposes data security risk</description>
+        <documentation_url>https://docs.servicenow.com/bundle/utah-api-reference/page/script/server-scripting/concept/c_ScriptIncludes.html#title_client-callable-script-includes</documentation_url>
+        <finding_type>scan_finding</finding_type>
+        <name>Use GlideRecordSecure instead of GlideRecord API for CCSI</name>
+        <priority>2</priority>
+        <resolution_details>Use GlideRecordSecure API to ensure the security checks are performed and unauthorized access of data is prevented as it will automatically enforce ACLs.</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (engine) {
+
+    // Add your code here
+
+})(engine);]]></script>
+        <short_description>Use GlideRecordSecure instead of GlideRecord API for Client Callable Script Inc</short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2023-10-10 19:52:19</sys_created_on>
+        <sys_id>076448b12ffd311002eb2ca62799b628</sys_id>
+        <sys_mod_count>3</sys_mod_count>
+        <sys_name>Use GlideRecordSecure instead of GlideRecord API for CCSI</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_076448b12ffd311002eb2ca62799b628</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2023-10-11 13:38:32</sys_updated_on>
+        <table>sys_script_include</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+</record_update>

From 66a29e18b3b0f6e6d46382b76498b9e61a41a020 Mon Sep 17 00:00:00 2001
From: aman2519 <50793474+aman2519@users.noreply.github.com>
Date: Wed, 11 Oct 2023 19:27:57 +0530
Subject: [PATCH 3/4] Update README.md

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index cb5ac3b..2d94be7 100644
--- a/README.md
+++ b/README.md
@@ -236,6 +236,9 @@ Review the users whose employement end date is in the past and the user is still
  - Tables should be secured with access controls, data in the table should be limited access to only necessary audience.
  - Make sure that all tables should have ACL's. Rules for access control lists (ACLs) restrict access to data by requiring users to pass a set of requirements before they can interact with it.
 
+### Use GlideRecordSecure instead of GlideRecord API for CCSI
+Use GlideRecordSecure API to ensure the security checks are performed and unauthorized access of data is prevented as it will automatically enforce ACLs.
+
 ## Category: User Experience
 
 ### Added a Number Prefix which already exists

From 264a2b0266a55430177ab0d64509e09626c71471 Mon Sep 17 00:00:00 2001
From: niamccash <39105458+niamccash@users.noreply.github.com>
Date: Wed, 11 Oct 2023 10:22:19 -0400
Subject: [PATCH 4/4] Update README.md

Expanded CCSI abbreviation to its full text for clarity
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 2d94be7..8ab8b2f 100644
--- a/README.md
+++ b/README.md
@@ -236,7 +236,7 @@ Review the users whose employement end date is in the past and the user is still
  - Tables should be secured with access controls, data in the table should be limited access to only necessary audience.
  - Make sure that all tables should have ACL's. Rules for access control lists (ACLs) restrict access to data by requiring users to pass a set of requirements before they can interact with it.
 
-### Use GlideRecordSecure instead of GlideRecord API for CCSI
+### Use GlideRecordSecure instead of GlideRecord API for Client Callable Script Include
 Use GlideRecordSecure API to ensure the security checks are performed and unauthorized access of data is prevented as it will automatically enforce ACLs.
 
 ## Category: User Experience