Check gliderecordsecure

README.md

@@ -242,6 +242,9 @@ Review the users whose employement end date is in the past and the user is still
 ### Set glide.invalid_query.returns_no_rows to true
 The "glide.invalid_query.returns_no_rows" property provides a safeguard against queries running which could return unintended data which could then be deleted, manipulated or used incorrectly. It is recommended to have this property exist and be set to true. When this property does not exist an invalid query will return all rows. 
 
+### Use GlideRecordSecure instead of GlideRecord API for Client Callable Script Include
+Use GlideRecordSecure API to ensure the security checks are performed and unauthorized access of data is prevented as it will automatically enforce ACLs.
+
 ## Category: User Experience
 
 ### Added a Number Prefix which already exists

ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt

@@ -1 +1 @@
-APBZ6N-mXQqTnbxQsCc2BHSyXp9Boqw2IPsl8t_tiGfkZCie3Y_HBRDI1ohtO9n5IZjYoWFKvqlA7F7fyv96kTOlFKK6GyU-tdiUoEqcOGb6K1x9t2oX4vonME33VyIwpeelR7UEPVuU9fQofwdQKQ0g-16C3mEXbfGXvhmgI7kxGU4eJl06omxI8VrED2HXXpiEPV76_WMvd14z3Iddfk2uo2ygohHSAtREtUmG4IZJVbcu4Hc4nWbhOEPeA1jYNPFFcvTK3iwpX8FUgYNRTYQfrCg1BSy8AoozxzFjn8_WX0mi10IhJzRZwrJCXfWhhVQoGdiCvYCqcogxDtNaDUzxkw20MbNXo6-AZpcJMH1EovFOJOS0CzqJ-KdnOKhSooYh7emFWG8xFZrzZi149t4Dq3aWft40Z4g7AjpgXt_7EO_NvCXBaHnXMwSOaiA-PoW2JL_FKI3AIduUybr3xPwQYP4Zbz2UzQtVVMOMeMFTs7JAqoHNkOG-jQNRAa_Bbq4cY_Ru6leaPdKEKVa3IDl1mf9ug7dcVhfkFDszOWRdRWDmJGi-ptN5twYZ_5IFEqIl_9YmylsKX-JobM4bDl-80xGd2v7z96Yj2oZg0ArGuO7EG6BwdQkmT-fvSwrBFawNWPX-OSdoRXoCc217pNPfsXFVNqBZ-sLza74ikRM
+AJInFJMOarSNZgy4eVPEI6ZUZTQO4buAfQ2jkBnzn77pHO8fWCuHP6neLRGKEC7iHlLsbGUl7is0NbkoHxzYWRkTwTxhYVY8p9qCuZPB6YXTBkKDo8X2oq-DOGp4hb5uwk5ES8I7a5hNCsIupO6JhrWFLLh9qeaJE6_nOsE-dMhwybJBxSvcaKmrcNqz51GJVu2Xb924Gs7sa1p1UzRVoKKd1z51VqR_oDCNJThz-yAlVdbnTqEKTdU9D98hy8yFXdRNPBow85OFDE3XWTjcfikcrqdULj0MLLarAcUvTuUgMfGBdFJYbnVNpxi7tVUR1SQ2aehcEujbsK-xJEY9kxmygBiddEm1KK1qiSlPJxRpEYo2doHSfVsxddkjkJyz8Ulja82BKj3D4i2EsUR75GcJzwmfgafdoO-pPRRarwYzGDUbWpe1iCTbmJHSZ_OxJTiJTiWGET89NVxYQZ80w3xSAPg7eyjtv4O3ezYEb4fAAQTiRH-6DwihD62dtq9qXKirZdtq9sa8mBL6UQJ_u5EqIeNo7bvkflLQgojzcUf4pM5pc_VHEgfmpEah9Qv6T98rIPOdMkH_dAB5q3uvbmBcPdOy_pNXjNEyLa28W5X9WA6nG3Qu3C0sW-oupQc1u2VgLrFj1hXAkdFHKn-oBIzWc6_--zdSXs70dzyZFBg

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_076448b12ffd311002eb2ca62799b628.xml

@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>false</advanced>
+        <category>security</category>
+        <conditions table="sys_script_include">active=true^client_callable=true^scriptLIKEnew GlideRecord(^ORscriptLIKEnew GlideRecord (^EQ<item endquery="false" field="active" goto="false" newquery="false" operator="=" or="false" value="true"/>
+            <item endquery="false" field="client_callable" goto="false" newquery="false" operator="=" or="false" value="true"/>
+            <item endquery="false" field="script" goto="false" newquery="false" operator="LIKE" or="false" value="new GlideRecord("/>
+            <item endquery="false" field="script" goto="false" newquery="false" operator="LIKE" or="true" value="new GlideRecord ("/>
+            <item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
+        </conditions>
+        <description>Using GlideRecord API in Client Callable Script Include for database query exposes data security risk</description>
+        <documentation_url>https://docs.servicenow.com/bundle/utah-api-reference/page/script/server-scripting/concept/c_ScriptIncludes.html#title_client-callable-script-includes</documentation_url>
+        <finding_type>scan_finding</finding_type>
+        <name>Use GlideRecordSecure instead of GlideRecord API for CCSI</name>
+        <priority>2</priority>
+        <resolution_details>Use GlideRecordSecure API to ensure the security checks are performed and unauthorized access of data is prevented as it will automatically enforce ACLs.</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (engine) {
+
+    // Add your code here
+
+})(engine);]]></script>
+        <short_description>Use GlideRecordSecure instead of GlideRecord API for Client Callable Script Inc</short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>admin</sys_created_by>
+        <sys_created_on>2023-10-10 19:52:19</sys_created_on>
+        <sys_id>076448b12ffd311002eb2ca62799b628</sys_id>
+        <sys_mod_count>3</sys_mod_count>
+        <sys_name>Use GlideRecordSecure instead of GlideRecord API for CCSI</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_076448b12ffd311002eb2ca62799b628</sys_update_name>
+        <sys_updated_by>admin</sys_updated_by>
+        <sys_updated_on>2023-10-11 13:38:32</sys_updated_on>
+        <table>sys_script_include</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+</record_update>