Merge branch 'master' into master

koratalas · web-flow · commit 1c61eb0e7045 · 2024-10-09T12:29:02.000+05:30
diff --git a/README.md b/README.md
@@ -149,7 +149,6 @@ GlideLDAP API usage is unsupported by ServiceNow and hence should be avoided, ra
 ### Check for Orphaned Tickets
 Tickets from tables such as Incident, Change Request, Problem, and other task-related tables should always have an Assignment Group specified. These tickets represent issues or requests that require attention and action. Leaving the Assignment Group field empty can result in unresolved issues or delays in implementing fixes, as no team will be accountable for the resolution. Since the Assignment Group is meant to designate the responsible team for managing these tickets, it should never be left blank.
 
-
 ## Category: Upgradability
 
 ### Call GlideRecord using new
@@ -306,6 +305,9 @@ In general, variables in JavaScript should be properly declared (e.g. using “v
 ### Don't show unpublished knowledge articles
 Unpublished knowledge articles may contain sensitive information that should not be visible to anyone with read access. By preventing access to unpublished articles, reviewers are given the opportunity to verify the content before it is made accessible. This ensures that only properly reviewed and approved information is available to users with read access.
 
+### Scripts in ACLs should be cleared when Advanced is not checked
+Scripts in ACLs ARE executed regardless of whether or not the Advanced checked box is checked off. As such, unnecessary scripts should be cleared from the field OR the Advanced checkbox should be checked in cases where scripts are required to provide better visibility to admins for troubleshooting purposes.
+
 ## Category: User Experience
 
 ### Added a Number Prefix which already exists
diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
@@ -1 +1,2 @@
-UBvFrDYpp6F473PapuKpJKvmmOUFgHEiVD5h695pnIT46m0IVAx59x1ktpNoZWBTXgM7AdJP1coxhN00Shmw9bNXm_HzYL92UD4dYmuICsujNrQr31qwCPeozLHR3BkzlPvWytL5BfPWcqGU-XSsarhtGPDjxgC2FP4hthcVI3uLDUY6HVQ8NAuLvOL3sEcCUuAMpVy6ZZjVZMVULf47a0Q8uS3aVM-Nn2UB4i5ifDA10sVReTr6N9HxC3A54aCwdMBDEY8krcVl7O_2q2QNS2UPoXc2Os0PxlJCzfBZYgvdq2Wa07TUEPv9hM_Gd-MYKC_9tJpmGuiIwkdUKo1Sdg0zrfTBq5bK03aonAUQ3YohDTcbHXyDJ0vXycn1eb4wgzzgZwlY5yILELwfm3t4_A1KYANrO3IC_ImJNe3nj8GGhuKVhdAVxfbrfjmcredgTeCIY5AyzzhR815b2zX0PPxvYYJOIVTajm6GWIH8yvUwV5q1lSrMYHw4nDIRsDUjH30qpg7EIV4ivBtO-lrCmwbXCsv6wpXJWqbtReK82OCZEWN3ovn1RYThAD55WAJkMt40_D0X7t1afak0eKUDTDK_V8lSQSeZ9d_D6cMtr2QlgZgHxX7jdmkn8KK0f9TCa07z4J5s4TJUFUxkriPZDimd3NcG3gpIJzV3AJOgqeE
+UBvFrDYpp6F473PapuKpJKvmmOUFgHEiVD5h695pnIT46m0IVAx59x1ktpNoZWBTXgM7AdJP1coxhN00Shmw9bNXm_HzYL92UD4dYmuICsujNrQr31qwCPeozLHR3BkzlPvWytL5BfPWcqGU-XSsarhtGPDjxgC2FP4hthcVI3uLDUY6HVQ8NAuLvOL3sEcCUuAMpVy6ZZjVZMVULf47a0Q8uS3aVM-Nn2UB4i5ifDA10sVReTr6N9HxC3A54aCwdMBDEY8krcVl7O_2q2QNS2UPoXc2Os0PxlJCzfBZYgvdq2Wa07TUEPv9hM_Gd-MYKC_9tJpmGuiIwkdUKo1Sdg0zrfTBq5bK03aonAUQ3YohDTcbHXyDJ0vXycn1eb4wgzzgZwlY5yILELwfm3t4_A1KYANrO3IC_ImJNe3nj8GGhuKVhdAVxfbrfjmcredgTeCIY5AyzzhR815b2zX0PPxvYYJOIVTajm6GWIH8yvUwV5q1lSrMYHw4nDIRsDUjH30qpg7EIV4ivBtO-lrCmwbXCsv6wpXJWqbtReK82OCZEWN3ovn1RYThAD55WAJkMt40_D0X7t1afak0eKUDTDK_V8lSQSeZ9d_D6cMtr2QlgZgHxX7jdmkn8KK0f9TCa07z4J5s4TJUFUxkriPZDimd3NcG3gpIJzV3AJOgqeE
+
diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_9d4676f6c34d52d08dbc32f1b4013165.xml b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_9d4676f6c34d52d08dbc32f1b4013165.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
+    <scan_table_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <advanced>false</advanced>
+        <category>security</category>
+        <conditions table="sys_security_acl">advanced=false^scriptISNOTEMPTY^active=true^EQ<item endquery="false" field="advanced" goto="false" newquery="false" operator="=" or="false" value="false"/>
+            <item endquery="false" field="script" goto="false" newquery="false" operator="ISNOTEMPTY" or="false" value=""/>
+            <item endquery="false" field="active" goto="false" newquery="false" operator="=" or="false" value="true"/>
+            <item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
+        </conditions>
+        <description>Scripts in ACLs ARE executed regardless of whether or not the Advanced checked box is checked off. As such, unnecessary scripts should be cleared from the field OR the Advanced checkbox should be checked in cases where scripts are required to provide better visibility to admins for troubleshooting purposes.</description>
+        <documentation_url>https://docs.servicenow.com/csh?topicname=t_CreateAnACLRule.html&amp;version=latest</documentation_url>
+        <finding_type>scan_finding</finding_type>
+        <name>Scripts in ACLs Should be Cleared when Advanced is not checked</name>
+        <priority>3</priority>
+        <resolution_details>Clear the Script box data if the script is unnecessary and Advanced is not checked off&#13;
+OR&#13;
+Check off the Advanced check box if there is a script in the Script box that is required for the ACL.</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function (engine) {
+
+    // Add your code here
+
+})(engine);]]></script>
+        <short_description>Scripts in ACLs Should be Cleared when Advanced is not checked</short_description>
+        <sys_class_name>scan_table_check</sys_class_name>
+        <sys_created_by>nia.mccash</sys_created_by>
+        <sys_created_on>2024-10-08 20:03:00</sys_created_on>
+        <sys_id>9d4676f6c34d52d08dbc32f1b4013165</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_name>Scripts in ACLs Should be Cleared when Advanced is not checked</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_table_check_9d4676f6c34d52d08dbc32f1b4013165</sys_update_name>
+        <sys_updated_by>nia.mccash</sys_updated_by>
+        <sys_updated_on>2024-10-08 20:03:00</sys_updated_on>
+        <table>sys_security_acl</table>
+        <use_manifest>false</use_manifest>
+    </scan_table_check>
+    <sys_translated_text action="delete_multiple" query="documentkey=9d4676f6c34d52d08dbc32f1b4013165"/>
+</record_update>

Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		-UBvFrDYpp6F473PapuKpJKvmmOUFgHEiVD5h695pnIT46m0IVAx59x1ktpNoZWBTXgM7AdJP1coxhN00Shmw9bNXm_HzYL92UD4dYmuICsujNrQr31qwCPeozLHR3BkzlPvWytL5BfPWcqGU-XSsarhtGPDjxgC2FP4hthcVI3uLDUY6HVQ8NAuLvOL3sEcCUuAMpVy6ZZjVZMVULf47a0Q8uS3aVM-Nn2UB4i5ifDA10sVReTr6N9HxC3A54aCwdMBDEY8krcVl7O_2q2QNS2UPoXc2Os0PxlJCzfBZYgvdq2Wa07TUEPv9hM_Gd-MYKC_9tJpmGuiIwkdUKo1Sdg0zrfTBq5bK03aonAUQ3YohDTcbHXyDJ0vXycn1eb4wgzzgZwlY5yILELwfm3t4_A1KYANrO3IC_ImJNe3nj8GGhuKVhdAVxfbrfjmcredgTeCIY5AyzzhR815b2zX0PPxvYYJOIVTajm6GWIH8yvUwV5q1lSrMYHw4nDIRsDUjH30qpg7EIV4ivBtO-lrCmwbXCsv6wpXJWqbtReK82OCZEWN3ovn1RYThAD55WAJkMt40_D0X7t1afak0eKUDTDK_V8lSQSeZ9d_D6cMtr2QlgZgHxX7jdmkn8KK0f9TCa07z4J5s4TJUFUxkriPZDimd3NcG3gpIJzV3AJOgqeE
	`1`	+UBvFrDYpp6F473PapuKpJKvmmOUFgHEiVD5h695pnIT46m0IVAx59x1ktpNoZWBTXgM7AdJP1coxhN00Shmw9bNXm_HzYL92UD4dYmuICsujNrQr31qwCPeozLHR3BkzlPvWytL5BfPWcqGU-XSsarhtGPDjxgC2FP4hthcVI3uLDUY6HVQ8NAuLvOL3sEcCUuAMpVy6ZZjVZMVULf47a0Q8uS3aVM-Nn2UB4i5ifDA10sVReTr6N9HxC3A54aCwdMBDEY8krcVl7O_2q2QNS2UPoXc2Os0PxlJCzfBZYgvdq2Wa07TUEPv9hM_Gd-MYKC_9tJpmGuiIwkdUKo1Sdg0zrfTBq5bK03aonAUQ3YohDTcbHXyDJ0vXycn1eb4wgzzgZwlY5yILELwfm3t4_A1KYANrO3IC_ImJNe3nj8GGhuKVhdAVxfbrfjmcredgTeCIY5AyzzhR815b2zX0PPxvYYJOIVTajm6GWIH8yvUwV5q1lSrMYHw4nDIRsDUjH30qpg7EIV4ivBtO-lrCmwbXCsv6wpXJWqbtReK82OCZEWN3ovn1RYThAD55WAJkMt40_D0X7t1afak0eKUDTDK_V8lSQSeZ9d_D6cMtr2QlgZgHxX7jdmkn8KK0f9TCa07z4J5s4TJUFUxkriPZDimd3NcG3gpIJzV3AJOgqeE
	`2`	`+`