Skip to content

Commit 7df11f5

Browse files
niamccashniamccash
committed
Added Table check for scripts in ACLs
1 parent f9b2063 commit 7df11f5

File tree

2 files changed

+46
-1
lines changed

2 files changed

+46
-1
lines changed

ca8467c41b9abc10ce0f62c3b24bcbaa/checksum.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
UyeJAZLOPzkqTZioReDZ3QqkmprUdOX4RrzwUqB3iBIUZXID2pxZdDd8-zzVgJ8zrY3LhCdiW5tdvLasslCHZd532Pq7cRCZZuHLjQ-iJ8wlTMmybRT2u-1I429W1lv-sjEOZqeo3oo_RPq12pyxgtGJLOW5I9cPTZrOnLp6VxT4LSRCeliudBQ_8CwylpHtVIGiRDXrerTEk9jAitMPfkJu6qpO-UxLWs0UGIdOZQBmqpOWMww9NtzjI3azrpbzkSBYvqyKR-SJaiDrk77xyN7jfAMg7IZcWd4umGYlrfmLjI_SNPLuLZYpPXAMpjOMd_cAjzh1_R3279D26M9aA0JdhPUNTIJYgn_qht0i8GR249Wx72B57wY8Oi7IhDJYg4guUFeAzK16zCfqGS0ATMaRXHejSgTXZUGe6hm0emFqvHRiYOsS9EmHoJSXCi59YopRy3yIbsaw3-IN2yVOKQiLr41KqxL-M_rD6oYVN3rvS1DQ9IPEzuR6ezCIhY02LP8DvqPF9I33GgUjsGyDk8HYttR-2bQaItpfJz3StKRG6r7oMpaZ_Rp-aUlD4o-TgzUlYGCvSSwqk7IqCFP44WCjVj7Z9AieehbONdFJsMxgTCuWvgmobMRHp5O98ZdyNhoYN_28qSCuRYMOzmwE1ZBVObCNKBS6VyF5P8qCxqw
1+
TwPIfPENOuLil6KD5FUVu54iV2MjqWceWiQUkVELNuFs3Sq_QhkNtp-PljeTyLJy38WAf4gHwyuX8uiJYn8G8wXwz5jLOC3O20gEgcg3aF16JEHjDIjicZYr4Sd2rVtQ4AVtewUl7D3NuSxRemQbxjipqE0fNarad7iNxXLgPreuxuNmvDgd53vJVB0rE4ETm1nCa2PxdC8WKiBqIcd-v_Br9ISl8F3WDEcg3kV1o60X4hSJ-rcaEQBy8A4NozrFCOr7lQ8pVOblP2ps6XV878QSYeJVok_osAhmzcg2yk1qHoLJ18PwD2H4oycqn4ll_ZxIOcODQnkgzJ45nEHoqPKxE2ByPyUe5xodU6RWfs0_oIQPA3Ji2Z2eQg9SEl5RpkAte1McYwwVD0XAjlkXIYokaPpKHP7LSt2_iqFKMu7C87TNwFFdRzdfCpimJeq2ntMIt2Cf3635rH2xdWM9RNh_Ho1Kj7rMEj8j3u6k5M0FR4LyFsSZba3INlEAdCAgZRWohDEFBJDBp406my2awZmdWKBEI1JJVh-8UKMGEl2pnBjSVk9zZQafcx5GVqwL99a2mRgN2-dU6ozwZfIj1dI4i2ijj86Wm__itnrK8aDSka_iuYMukWveyhCpy5geYSHmnB3cjhkyI4uyoUkkllCE8jPiLarGuhrKR_4fFRg

ca8467c41b9abc10ce0f62c3b24bcbaa/update/scan_table_check_9d4676f6c34d52d08dbc32f1b4013165.xml

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,45 @@
1+
<?xml version="1.0" encoding="UTF-8"?><record_update table="scan_table_check">
2+
<scan_table_check action="INSERT_OR_UPDATE">
3+
<active>true</active>
4+
<advanced>false</advanced>
5+
<category>security</category>
6+
<conditions table="sys_security_acl">advanced=false^scriptISNOTEMPTY^active=true^EQ<item endquery="false" field="advanced" goto="false" newquery="false" operator="=" or="false" value="false"/>
7+
<item endquery="false" field="script" goto="false" newquery="false" operator="ISNOTEMPTY" or="false" value=""/>
8+
<item endquery="false" field="active" goto="false" newquery="false" operator="=" or="false" value="true"/>
9+
<item endquery="true" field="" goto="false" newquery="false" operator="=" or="false" value=""/>
10+
</conditions>
11+
<description>Scripts in ACLs ARE executed regardless of whether or not the Advanced checked box is checked off. As such, unnecessary scripts should be cleared from the field OR the Advanced checkbox should be checked in cases where scripts are required to provide better visibility to admins for troubleshooting purposes.</description>
12+
<documentation_url>https://docs.servicenow.com/csh?topicname=t_CreateAnACLRule.html&amp;version=latest</documentation_url>
13+
<finding_type>scan_finding</finding_type>
14+
<name>Scripts in ACLs Should be Cleared when Advanced is not checked</name>
15+
<priority>3</priority>
16+
<resolution_details>Clear the Script box data if the script is unnecessary and Advanced is not checked off&#13;
17+
OR&#13;
18+
Check off the Advanced check box if there is a script in the Script box that is required for the ACL.</resolution_details>
19+
<run_condition/>
20+
<score_max>100</score_max>
21+
<score_min>0</score_min>
22+
<score_scale>1</score_scale>
23+
<script><![CDATA[(function (engine) {
24+
25+
// Add your code here
26+
27+
})(engine);]]></script>
28+
<short_description>Scripts in ACLs Should be Cleared when Advanced is not checked</short_description>
29+
<sys_class_name>scan_table_check</sys_class_name>
30+
<sys_created_by>nia.mccash</sys_created_by>
31+
<sys_created_on>2024-10-08 20:03:00</sys_created_on>
32+
<sys_id>9d4676f6c34d52d08dbc32f1b4013165</sys_id>
33+
<sys_mod_count>0</sys_mod_count>
34+
<sys_name>Scripts in ACLs Should be Cleared when Advanced is not checked</sys_name>
35+
<sys_package display_value="Example Instance Checks" source="x_appe_exa_checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_package>
36+
<sys_policy/>
37+
<sys_scope display_value="Example Instance Checks">ca8467c41b9abc10ce0f62c3b24bcbaa</sys_scope>
38+
<sys_update_name>scan_table_check_9d4676f6c34d52d08dbc32f1b4013165</sys_update_name>
39+
<sys_updated_by>nia.mccash</sys_updated_by>
40+
<sys_updated_on>2024-10-08 20:03:00</sys_updated_on>
41+
<table>sys_security_acl</table>
42+
<use_manifest>false</use_manifest>
43+
</scan_table_check>
44+
<sys_translated_text action="delete_multiple" query="documentkey=9d4676f6c34d52d08dbc32f1b4013165"/>
45+
</record_update>

0 commit comments

Comments
 (0)