Name

sn_vsc.VSCComplianceUtil

Description

No description available

Script

var VSCComplianceUtil = Class.create();
VSCComplianceUtil.prototype = {
  initialize: function() {},
  /**
   * Check if property value matches with the currentVal being passed as function parameter and update compliance state of configuration respectively.
   *
   * @param {string} propertyName - The property name of the configuration
   * @param {string} recValue - Recommended value for configuration
   * @param {string} defaultValue - Default value for configuration
   */
  evaluateCompliance: function(propertyName, recValue, defaultValue) {
      var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
      var propVal = gs.getProperty(propertyName) || defaultValue;
      grConfig.get('config_name', propertyName);
      if (propVal.toLowerCase().toString() == recValue) {
          grConfig.config_configure = true;
      } else {
          grConfig.config_configure = false;
      }

      // Fetch current property value and set to defaultValue if property has not been set yet
      grConfig.config_current_value = propVal;
      var settingArr = grConfig.config_setting.split(","); //Each dependency can belong to multiple configurations
      grConfig.update();
      this.updateSettingCompliance(settingArr);
  },

  /**
   *Evaluate criteria in configuration groups and set compliance state of configuration whenever configuration is updated.
   *
   *@param {List} settingArr - List of all settings that configuration belongs to
   */
  updateSettingCompliance: function(settingArr) {
      var grSetting = new GlideRecord('sn_vsc_instance_hardening_settings');
      for (var i = 0; i < settingArr.length; i++) {
          var compliant = false;
          var grp = new GlideRecord('sn_vsc_security_configuration_groups');
          grp.addQuery('grp_setting', settingArr[i]);
          grp.query();
          while (grp.next() && !compliant) { //For each group within configuration
              var configs = grp.grp_list.split(",");
              var encodedQuery = "config_configure=true^sys_id=" + configs.join("^ORsys_id=");
              var gr = new GlideRecord('sn_vsc_security_check_configurations');
              gr.addEncodedQuery(encodedQuery);
              gr.query();
              compliant = configs.length === gr.getRowCount();
          }
          grSetting.get(settingArr[i]);
          grSetting.compliance_status = compliant ? 'compliant' : 'non-compliant'; //If any group has all configurations as compliant, then set setting as compliant
          grSetting.update();
      }
  },

  /**
   * Check if property exists and not contain empty value.
   *
   * @param {string} propertyName Name of system property
   */
  checkNotNill: function(propertyName) {
      var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
      grConfig.get('config_name', propertyName);
      if (!gs.nil(gs.getProperty(propertyName))) {
          grConfig.config_configure = true;
      } else {
          grConfig.config_configure = false;
      }
      grConfig.config_current_value = gs.getProperty(propertyName);
      var settingArr = grConfig.config_setting.split(","); //Each configuration can belong to multiple settings
      grConfig.update();
      this.updateSettingCompliance(settingArr);
  },

  /**
   *Check if Plugin is active and registered
   *
   *@param {string} pluginName Name of plugin.
   */
  checkPlugin: function(pluginName) {
      var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
      grConfig.get('config_name', pluginName);
      if (GlidePluginManager.isActive(pluginName)) {
          grConfig.config_configure = true;
      } else {
          grConfig.config_configure = false;
      }
      var settingArr = grConfig.config_setting.split(","); //Each configuration can belong to multiple settings
      grConfig.update();
      this.updateSettingCompliance(settingArr);
  },

  /**
   * Execute all records from Security Check Configurations table, update the compliance state of configurations respectively.
   */
  runComplianceCheck: function() {
      var evaluator = new GlideScopedEvaluator();
      var grSetting = new GlideRecord('sn_vsc_instance_hardening_settings');
      grSetting.query();
      while (grSetting.next()) {
          var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
          grConfig.addQuery('config_setting', 'CONTAINS', grSetting.sys_id);
          grConfig.query();
          while (grConfig.next()) {
              var settingArr = grConfig.config_setting.split(","); //Each configuration can belong to multiple settings
              evaluator.evaluateScript(grConfig, 'config_evaluation_script', null);
              this.updateSettingCompliance(settingArr);
          }
      }
  },

  /**
   *Update current value of configurations with user defined value on UI
   *
   *@param {object} responses Array of objects containing dependency name and its value.
   */
  activateConfigurations: function(responses) {
      var result = '';
      var evaluator = new GlideScopedEvaluator();
      for (var obj in responses) {
          var gr_dep = new GlideRecord('sn_vsc_security_check_configurations');
  		gr_dep.addEncodedQuery('config_name='+obj+'^config_link=NULL');
          gr_dep.query();
          if (gr_dep.next()) {
              var vars = {
                  'userInput': responses[obj]
              };
              result = evaluator.evaluateScript(gr_dep, 'config_remediation_script', vars);
          }
      }
      return result;
  },

  /**
   *Update compliance state of plugins and tabular configs
   *
   *@param {setting} sysId of settings
   */
  activateSpecialConfigs: function(setting) {
      var evaluator = new GlideScopedEvaluator();
      var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
      grConfig.addEncodedQuery('config_setting=' + setting + '^config_link!=NULL');
      grConfig.query();
      while (grConfig.next()) {
          evaluator.evaluateScript(grConfig, 'config_remediation_script');
      }
  },
  /**
   * Check if property value matches with the default value being passed as function parameter and update compliance state of configuration respectively.
   *
   * @param {string} propertyName - The property name of the configuration
   * @param {string} recValue - Recommended value for configuration
   * @param {string} defaultValue - Default value for configuration
   */
  evaluateTextValues : function(propertyName, recValue, defaultValue){
  	var complianceState = true;
  	var recValues = recValue.split(",");
  	// set defaut value if the property does not exist
  	var sysPropertyVal = gs.getProperty(propertyName);
  	if (sysPropertyVal == null){
  		sysPropertyVal = defaultValue;
  	}
  	propValues = sysPropertyVal.split(",");
  	var grConfig = new GlideRecord("sn_vsc_security_check_configurations");
  	grConfig.get("config_name", propertyName);
  	if (recValues.length != propValues.length) {
  		complianceState = false;
  	} else {
  		for (var i in propValues){
  			if (recValues.indexOf(propValues[i].trim()) == -1){
  				complianceState = false;
  				break;
  			}
  		}
  	}
  	grConfig.config_current_value = sysPropertyVal;
  	grConfig.config_configure = complianceState;
  	grConfig.update();
  	var settingArr = grConfig.config_setting.split(","); //Each dependency can belong to multiple configurations
      this.updateSettingCompliance(settingArr); // updated related Hardening setting state
  },
  
  /**
   * Check if the scanned date already has a scan result , if yes update with the latest scan result, else create one.
   * @param {string} scanResult - scan_result record
   */
  setLatestScanSummary : function(scanResult){
  	var suiteId = '';
  	var gr_exec = new GlideRecord('scan_suite_execution');
  	gr_exec.addQuery('result', current.sys_id);
  	gr_exec.query();
  	if (gr_exec.next()) {
  		suiteId = gr_exec.suite;
  	}
  	var gr_sc_suite = new GlideRecord('label_entry');
  	gr_sc_suite.addEncodedQuery('table=scan_check_suite^table_key=' + suiteId);
  	gr_sc_suite.query();
  	if (gr_sc_suite.next() || suiteId == '833655cc1b94101046e87733cd4bcb4e') {
  		var result_created = new GlideDateTime(current.sys_created_on.getDisplayValue()).getDate();
  		var gr = new GlideRecord('sn_vsc_scan_summary');
  		gr.addQuery('result_created_on', result_created);
  		gr.addQuery('suite', suiteId);
  		gr.query();
  		if (gr.next()) {
  			gr.result = current.sys_id;
  			gr.update();
  		} else {
  			gr.initialize();
  			gr.result = current.sys_id;
  			gr.result_created_on = result_created;
  			gr.suite = suiteId;
  			gr.insert();
  		}
  	}
  },
  /***
   * Check if the property value is set with recommended integer value, and mark the compliance state of the configuration
   * @param {string} configName - configuration name 
   * @param {string} propertyName - property name 
   * @param {integer} recVal - recommended value
   * @param {integer} defaultVal - default value
   * @param {string} condition - condition to be evaluated
   */
  evaluateConditionalValue: function(configName, propertyName, recVal, defaultVal, condition) {
  	var propVal = gs.getProperty(propertyName, defaultVal);
  	var res = false;
  	
  	if (condition == '>=') {
  		res = propVal >= recVal ? true : false;
  	} else if (condition == '<=') {
  		res = propVal <= recVal ? true : false;
  	} else if (condition == '==') {
  		res = propVal == recVal ? true : false;
  	} else if (condition == '!=') {
  		res = propVal != recVal ? true : false;
  	} else if (condition == '<') {
  		res = propVal < recVal ? true : false;
  	} else if (condition == '>') {
  		res = propVal > recVal ? true : false;
  	}

  	var grConfig = new GlideRecord('sn_vsc_security_check_configurations');
  	grConfig.get('config_name', configName);
  	grConfig.config_configure = res;
  	grConfig.config_current_value = propVal;
  	grConfig.update();

  	// update related hardening settings
  	var settingArr = grConfig.config_setting.split(",");
  	new sn_vsc.VSCComplianceUtil().updateSettingCompliance(settingArr);
  },
  type: 'VSCComplianceUtil'
};

Sys ID

a09f09265300111095d2ddeeff7b1204

Offical Documentation

Official Docs: