From 06076f5da31d748ead98561bf0ef4c8db23e37bf Mon Sep 17 00:00:00 2001
From: "daniel.aagren.seehartrai.madsen"
 <8853612+DanielMadsenDK@users.noreply.github.com>
Date: Thu, 3 Oct 2024 12:04:57 -0700
Subject: [PATCH 1/2] Implemented a check to determine if unpublished knowledge
 articles are accessible.

---
 ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt |  1 +
 ...check_46f6b819834592106137b6cfeeaad352.xml | 55 +++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
 create mode 100644 ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_46f6b819834592106137b6cfeeaad352.xml

diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
new file mode 100644
index 0000000..f62fca1
--- /dev/null
+++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt
@@ -0,0 +1 @@
+GMk-wMVtcl0e4HaeuZQZANxo2HAMeWyfhL8rbFLl_woCVyXOjsXdR7O1LSNRPaNARvxgRvjRsKeUMqXi-LPK4EoClDxNqk3Wx6qpPBGYVmhF9S7jsLROWoO5Rj1jiSisMbIsOVFuPN_ts_kAcUOlpwRSywuUD0Go7N2jHUFGg45f63KMtuZQRGtfAWwxSNNpZ9gtoq4JYulVrcmKdf_bKDyX1bSlzCzeXiL8ezaAI_l2Zj2hHdxsqF5hUEZLNFugquKGb_fR7WLoPsz2a8dJejAFgKLGI_Foz1ZekVncgM8k0Kbx13zj8ZYdn5BVnKE6gLQL12k2cr6Xr6ohpUJrLHpEdBaLri5zcAhQo35qtifNeIzKxZrfkoG72CJ2rgXkbjXwZjxVbQtwN1beAznnjjsw3nmQ7DyR3ytpRq_8X1nTg9NZ7qwmp8iYFEGm3A9vaZ2Gan1bgkcvFG5Kne80TqOTh2ev1oTZ1YI1xKYa7fQutdvMPSt-MEr5oj8Eu3uxtn0RVcKVMXOEh5WSDEBB69BmLGm1GIggD9gpCY6-a3_tvQ8Eb5CycVyH02LWYkgZJJOhB0ueIUo-_ldLl7BmTynkXFF0zouPxPQdKYb5jNfzXRi5p-okzqjdDsHP5XnV8ZnyEs_xdvSQHTHCnr7-AxjdnvzPtCTKH5mFzbLhID4
\ No newline at end of file
diff --git a/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_46f6b819834592106137b6cfeeaad352.xml b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_46f6b819834592106137b6cfeeaad352.xml
new file mode 100644
index 0000000..07c6900
--- /dev/null
+++ b/ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_script_only_check_46f6b819834592106137b6cfeeaad352.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_script_only_check">
+    <scan_script_only_check action="INSERT_OR_UPDATE">
+        <active>true</active>
+        <category>security</category>
+        <description>Unpublished knowledge articles may contain sensitive information that should not be visible to anyone with read access. By preventing access to unpublished articles, reviewers are given the opportunity to verify the content before it is made accessible. This ensures that only properly reviewed and approved information is available to users with read access.</description>
+        <documentation_url>https://docs.servicenow.com/bundle/vancouver-servicenow-platform/page/product/knowledge-management/reference/r_KnowledgeProperties.html</documentation_url>
+        <finding_type>scan_finding</finding_type>
+        <name>Don't show unpublished knowledge articles</name>
+        <priority>2</priority>
+        <resolution_details>Set the glide.knowman.show_unpublished property to false.</resolution_details>
+        <run_condition/>
+        <score_max>100</score_max>
+        <score_min>0</score_min>
+        <score_scale>1</score_scale>
+        <script><![CDATA[(function(finding) {
+    var targetProperty = 'glide.knowman.show_unpublished';
+    var expectedValue = 'false';
+    var defaultValue = 'true';
+
+    var propertyValue = gs.getProperty(targetProperty, defaultValue);
+
+    if (propertyValue.toLowerCase() != expectedValue.toLowerCase()) {
+        var gr = new GlideRecord('sys_properties');
+        gr.get('name', targetProperty);
+        finding.setCurrentSource(gr);
+        finding.increment();
+    }
+})(finding);]]></script>
+        <short_description>Don't show unpublished knowledge articles</short_description>
+        <sys_class_name>scan_script_only_check</sys_class_name>
+        <sys_created_by>daniel.aagren.seehartrai.madsen</sys_created_by>
+        <sys_created_on>2024-10-03 18:56:04</sys_created_on>
+        <sys_id>46f6b819834592106137b6cfeeaad352</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_name>Don't show unpublished knowledge articles</sys_name>
+        <sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
+        <sys_policy/>
+        <sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
+        <sys_update_name>scan_script_only_check_46f6b819834592106137b6cfeeaad352</sys_update_name>
+        <sys_updated_by>daniel.aagren.seehartrai.madsen</sys_updated_by>
+        <sys_updated_on>2024-10-03 18:56:04</sys_updated_on>
+    </scan_script_only_check>
+    <sys_translated_text action="delete_multiple" query="documentkey=46f6b819834592106137b6cfeeaad352"/>
+    <sys_es_latest_script action="INSERT_OR_UPDATE">
+        <id>46f6b819834592106137b6cfeeaad352</id>
+        <sys_created_by>daniel.aagren.seehartrai.madsen</sys_created_by>
+        <sys_created_on>2024-10-03 18:56:04</sys_created_on>
+        <sys_id>6d677855834592106137b6cfeeaad3d3</sys_id>
+        <sys_mod_count>0</sys_mod_count>
+        <sys_updated_by>daniel.aagren.seehartrai.madsen</sys_updated_by>
+        <sys_updated_on>2024-10-03 18:56:04</sys_updated_on>
+        <table>scan_script_only_check</table>
+        <use_es_latest>true</use_es_latest>
+    </sys_es_latest_script>
+</record_update>

From 2913bb81bbfba3619ae5c14cf474a16ca1dd8e8d Mon Sep 17 00:00:00 2001
From: Daniel Aagren Seehartrai Madsen
 <8853612+DanielMadsenDK@users.noreply.github.com>
Date: Thu, 3 Oct 2024 21:08:24 +0200
Subject: [PATCH 2/2] Added new instance scan description to readme

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 1a1734c..d34a19a 100644
--- a/README.md
+++ b/README.md
@@ -300,6 +300,9 @@ Use GlideRecordSecure API to ensure the security checks are performed and unauth
 ### For loop iterators "i" should be declared
 In general, variables in JavaScript should be properly declared (e.g. using “var”). The declaration defines the scope of the variable, ensuring it's accessible only within the intended block. This prevents unintended variable pollution and conflicts. Especially in for loops, often an iterator “i” is used and not properly declared. For example “for (i=0; i<10; i++)” instead of “for (var i=0; i<10; i++)”.  As a result, this could unintentionally alter the value of other 'i' iterators in different for loops.
 
+### Don't show unpublished knowledge articles
+Unpublished knowledge articles may contain sensitive information that should not be visible to anyone with read access. By preventing access to unpublished articles, reviewers are given the opportunity to verify the content before it is made accessible. This ensures that only properly reviewed and approved information is available to users with read access.
+
 ## Category: User Experience
 
 ### Added a Number Prefix which already exists