Name
global.EncryptionCommons
Description
Core methods to get a default list of encryptable fields, meant to be leveraged by both Edge and Column Level Encryption.
Script
var EncryptionCommons = Class.create();
EncryptionCommons.prototype = {
initialize: function() {
},
/*
Lists all fields that can be encrypted for a given table
Takes an additionalValidator as parameter that can be passed to apply additional checks
The validator should take the fieldName as parameters and return true if the field can be encrypted
Note that we are passing the ED, available as 'this' in the validator
*/
getEncryptableFieldsForTable: function(tableName, additionalValidator) {
if (gs.nil(tableName)) {
gs.warn('getEncryptableFieldsForTable called with empty table name');
return [];
}
var descriptor = GlideTableDescriptor.get(tableName);
if (!descriptor.isValid()) {
gs.warn('getEncryptableFieldsForTable called on an invalid table');
return [];
}
var elements = descriptor.getSchemaList();
var encryptableFields = [];
for (var i = 0, len = elements.size(); i < len; i++) {
var ed = elements.get(i);
var fieldName = ed.getName();
var isNumber = fieldName == 'number';
try {
// don't allow columns starting with 'sys' or named 'number', virtual fields, or choice fields to be encrypted
if (fieldName.startsWith('sys') || fieldName.startsWith('edge_') || isNumber || ed.isVirtual() || ed.isChoiceTable())
continue;
// Inherited date and date/time fields cannot be marked for encryption
if (ed.getInternalType() == 'glide_date' || ed.getInternalType() == 'glide_date_time') {
if (ed.getFirstTableName() != tableName)
continue;
}
//either there is no validator and we add to the list, or we run the validator
// anonymous function can get variable number of parameters
// pass THIS object to validator
if (additionalValidator === undefined || additionalValidator.call(ed, fieldName, this))
encryptableFields.push(fieldName);
} catch (e) {
gs.debug('EncryptionCommons failed to process ' + tableName + '.' + fieldName);
gs.debug(e);
}
}
return encryptableFields;
},
addToArrayTablesWithBooleanAttributeSetToTrue: function(array, attributeName) {
var tableDefinition = new GlideRecord('sys_dictionary');
tableDefinition.addQuery('internal_type', 'collection');
tableDefinition.addQuery('attributes', 'CONTAINS', attributeName);
tableDefinition.query();
while (tableDefinition.next()) {
var tableName = tableDefinition.getValue('name');
if (GlideTableDescriptor.get(tableName).getED().getBooleanAttribute(attributeName)) {
array.push(tableName);
}
}
return array;
},
/**
* Returns true if the table is marked for auditing, false otherwise.
*/
isTableAudited : function(tableName) {
var auditor = new GlideAuditor(tableName, null);
return auditor.auditTable();
},
getUsableCryptoModules: function() {
var moduleIDs = "";
var moduleGR = new GlideRecord("sys_kmf_crypto_module");
moduleGR.addQuery("name", "!=", "column_level_encryption");
if (!gs.hasRole("maint"))
moduleGR.addQuery("internal_module", "false");
moduleGR.query();
while (moduleGR.next()) {
var moduleID = moduleGR.getUniqueValue();
if (moduleGR.getValue("parent_crypto_module") == "620aed380b233300af4deaf1a3673a09" &&
moduleGR.getValue("crypto_module_lifecycle_state") == "published") {
moduleIDs += moduleID + ",";
} else if (moduleGR.getValue("parent_crypto_module") != "620aed380b233300af4deaf1a3673a09"){
moduleIDs += moduleID + ",";
}
}
if (moduleIDs.length > 0) {
moduleIDs = moduleIDs.substring(0, moduleIDs.length - 1);
}
return moduleIDs;
},
type: 'EncryptionCommons'
};
Sys ID
dffc03e137b33200d62004368e41f10f