Name
sn_vsc.VSCComplianceUtil
Description
No description available
Script
var VSCComplianceUtil = Class.create();
VSCComplianceUtil.prototype = {
initialize: function() {},
/**
* Check if property value matches with the currentVal being passed as function parameter and update compliance state of configuration respectively.
*
* @param {string} propertyName - The property name of the configuration
* @param {string} recValue - Recommended value for configuration
* @param {string} defaultValue - Default value for configuration
*/
evaluateCompliance: function(propertyName, recValue, defaultValue) {
var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
var propVal = gs.getProperty(propertyName) || defaultValue;
grConfig.get('config_name', propertyName);
if (propVal.toLowerCase().toString() == recValue) {
grConfig.config_configure = true;
} else {
grConfig.config_configure = false;
}
// Fetch current property value and set to defaultValue if property has not been set yet
grConfig.config_current_value = propVal;
var settingArr = grConfig.config_setting.split(","); //Each dependency can belong to multiple configurations
grConfig.update();
this.updateSettingCompliance(settingArr);
},
/**
*Evaluate criteria in configuration groups and set compliance state of configuration whenever configuration is updated.
*
*@param {List} settingArr - List of all settings that configuration belongs to
*/
updateSettingCompliance: function(settingArr) {
var grSetting = new GlideRecord('sn_vsc_instance_hardening_settings');
for (var i = 0; i < settingArr.length; i++) {
var compliant = false;
var grp = new GlideRecord('sn_vsc_security_configuration_groups');
grp.addQuery('grp_setting', settingArr[i]);
grp.query();
while (grp.next() && !compliant) { //For each group within configuration
var configs = grp.grp_list.split(",");
var encodedQuery = "config_configure=true^sys_id=" + configs.join("^ORsys_id=");
var gr = new GlideRecord('sn_vsc_security_check_configurations');
gr.addEncodedQuery(encodedQuery);
gr.query();
compliant = configs.length === gr.getRowCount();
}
grSetting.get(settingArr[i]);
grSetting.compliance_status = compliant ? 'compliant' : 'non-compliant'; //If any group has all configurations as compliant, then set setting as compliant
grSetting.update();
}
},
/**
* Check if property exists and not contain empty value.
*
* @param {string} propertyName Name of system property
*/
checkNotNill: function(propertyName) {
var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
grConfig.get('config_name', propertyName);
if (!gs.nil(gs.getProperty(propertyName))) {
grConfig.config_configure = true;
} else {
grConfig.config_configure = false;
}
grConfig.config_current_value = gs.getProperty(propertyName);
var settingArr = grConfig.config_setting.split(","); //Each configuration can belong to multiple settings
grConfig.update();
this.updateSettingCompliance(settingArr);
},
/**
*Check if Plugin is active and registered
*
*@param {string} pluginName Name of plugin.
*/
checkPlugin: function(pluginName) {
var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
grConfig.get('config_name', pluginName);
if (GlidePluginManager.isActive(pluginName)) {
grConfig.config_configure = true;
} else {
grConfig.config_configure = false;
}
var settingArr = grConfig.config_setting.split(","); //Each configuration can belong to multiple settings
grConfig.update();
this.updateSettingCompliance(settingArr);
},
/**
* Execute all records from Security Check Configurations table, update the compliance state of configurations respectively.
*/
runComplianceCheck: function() {
var evaluator = new GlideScopedEvaluator();
var grSetting = new GlideRecord('sn_vsc_instance_hardening_settings');
grSetting.query();
while (grSetting.next()) {
var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
grConfig.addQuery('config_setting', 'CONTAINS', grSetting.sys_id);
grConfig.query();
while (grConfig.next()) {
var settingArr = grConfig.config_setting.split(","); //Each configuration can belong to multiple settings
evaluator.evaluateScript(grConfig, 'config_evaluation_script', null);
this.updateSettingCompliance(settingArr);
}
}
},
/**
*Update current value of configurations with user defined value on UI
*
*@param {object} responses Array of objects containing dependency name and its value.
*/
activateConfigurations: function(responses) {
var result = '';
var evaluator = new GlideScopedEvaluator();
for (var obj in responses) {
var gr_dep = new GlideRecord('sn_vsc_security_check_configurations');
gr_dep.addEncodedQuery('config_name='+obj+'^config_link=NULL');
gr_dep.query();
if (gr_dep.next()) {
var vars = {
'userInput': responses[obj]
};
result = evaluator.evaluateScript(gr_dep, 'config_remediation_script', vars);
}
}
return result;
},
/**
*Update compliance state of plugins and tabular configs
*
*@param {setting} sysId of settings
*/
activateSpecialConfigs: function(setting) {
var evaluator = new GlideScopedEvaluator();
var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
grConfig.addEncodedQuery('config_setting=' + setting + '^config_link!=NULL');
grConfig.query();
while (grConfig.next()) {
evaluator.evaluateScript(grConfig, 'config_remediation_script');
}
},
/**
* Check if property value matches with the default value being passed as function parameter and update compliance state of configuration respectively.
*
* @param {string} propertyName - The property name of the configuration
* @param {string} recValue - Recommended value for configuration
* @param {string} defaultValue - Default value for configuration
*/
evaluateTextValues : function(propertyName, recValue, defaultValue){
var complianceState = true;
var recValues = recValue.split(",");
// set defaut value if the property does not exist
var sysPropertyVal = gs.getProperty(propertyName);
if (sysPropertyVal == null){
sysPropertyVal = defaultValue;
}
propValues = sysPropertyVal.split(",");
var grConfig = new GlideRecord("sn_vsc_security_check_configurations");
grConfig.get("config_name", propertyName);
if (recValues.length != propValues.length) {
complianceState = false;
} else {
for (var i in propValues){
if (recValues.indexOf(propValues[i].trim()) == -1){
complianceState = false;
break;
}
}
}
grConfig.config_current_value = sysPropertyVal;
grConfig.config_configure = complianceState;
grConfig.update();
var settingArr = grConfig.config_setting.split(","); //Each dependency can belong to multiple configurations
this.updateSettingCompliance(settingArr); // updated related Hardening setting state
},
/**
* Check if the scanned date already has a scan result , if yes update with the latest scan result, else create one.
* @param {string} scanResult - scan_result record
*/
setLatestScanSummary : function(scanResult){
var suiteId = '';
var gr_exec = new GlideRecord('scan_suite_execution');
gr_exec.addQuery('result', current.sys_id);
gr_exec.query();
if (gr_exec.next()) {
suiteId = gr_exec.suite;
}
var gr_sc_suite = new GlideRecord('label_entry');
gr_sc_suite.addEncodedQuery('table=scan_check_suite^table_key=' + suiteId);
gr_sc_suite.query();
if (gr_sc_suite.next() || suiteId == '833655cc1b94101046e87733cd4bcb4e') {
var result_created = new GlideDateTime(current.sys_created_on.getDisplayValue()).getDate();
var gr = new GlideRecord('sn_vsc_scan_summary');
gr.addQuery('result_created_on', result_created);
gr.addQuery('suite', suiteId);
gr.query();
if (gr.next()) {
gr.result = current.sys_id;
gr.update();
} else {
gr.initialize();
gr.result = current.sys_id;
gr.result_created_on = result_created;
gr.suite = suiteId;
gr.insert();
}
}
},
/***
* Check if the property value is set with recommended integer value, and mark the compliance state of the configuration
* @param {string} configName - configuration name
* @param {string} propertyName - property name
* @param {integer} recVal - recommended value
* @param {integer} defaultVal - default value
* @param {string} condition - condition to be evaluated
*/
evaluateConditionalValue: function(configName, propertyName, recVal, defaultVal, condition) {
var propVal = gs.getProperty(propertyName, defaultVal);
var res = false;
if (condition == '>=') {
res = propVal >= recVal ? true : false;
} else if (condition == '<=') {
res = propVal <= recVal ? true : false;
} else if (condition == '==') {
res = propVal == recVal ? true : false;
} else if (condition == '!=') {
res = propVal != recVal ? true : false;
} else if (condition == '<') {
res = propVal < recVal ? true : false;
} else if (condition == '>') {
res = propVal > recVal ? true : false;
}
var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
grConfig.get('config_name', configName);
grConfig.config_configure = res;
grConfig.config_current_value = propVal;
grConfig.update();
// update related hardening settings
var settingArr = grConfig.config_setting.split(",");
new sn_vsc.VSCComplianceUtil().updateSettingCompliance(settingArr);
},
type: 'VSCComplianceUtil'
};
Sys ID
a09f09265300111095d2ddeeff7b1204