Skip to content

Instantly share code, notes, and snippets.

View cmcdevitt's full-sized avatar
🏠
Working from home

Chris McDevitt cmcdevitt

🏠
Working from home
View GitHub Profile
@cmcdevitt
cmcdevitt / add_vit.js
Last active June 27, 2022 21:32
Add Vulnerable Item
var vul = '7e4e6fb5879c99102d0b422e0ebb352d';//Sys id of a Third-Party item
var ci = 'fbb85b1d475c191077f53008946d4336';//ip-ac0a0411.secops.com
var vi = new GlideRecord('sn_vul_vulnerable_item');
vi.initilize();
vi.setValue('vulnerability', vul);
vi.setValue('cmdb_ci', ci);
vi.setValue('source', 'Script');
vi.insert();
@cmcdevitt
cmcdevitt / checkOauth.js
Created May 17, 2022 12:54
Test for Inbound oAuth connection Servicenow
/*
Make this part of a Scripted REST API for ServiceNow
As of 2022 SN does not enforce an oAuth connection so you need to check for it.
*/
validateOAuth: function(request) {
try {
var authReturn = '';
var authHeader = request.headers.authorization;
if (authHeader.indexOf("Basic") > -1) {
authReturn = '401-001';
@cmcdevitt
cmcdevitt / force_cache.js
Created May 12, 2022 13:57
Force Cache Update for Client Scripts on ServiceNow
/*
Source:
https://community.servicenow.com/community?id=community_article&sys_id=0eb79438db0e93804fc2f4621f961918
*/
var gdt = new Date();
var gdtString = gdt.toString().replace(/ /g,'_').replace(/:/g,'_');
var timeZone = gdtString.replace(/.*[(](.*)[)].*/,'$1');
var dateFinal = gdtString.slice(0,25) + timeZone;
gs.addInfoMessage('System Property glide.lastplugin updated. ' +
@cmcdevitt
cmcdevitt / callAJAX.js
Created May 5, 2022 20:56
ServiceNow AJAX Client and Server
/*
Client Side
UI Action
Client = checked
Action name = your_choice
OnClick = onClickFormButton()
*/
function onClickFormButton() {
g_form.clearMessages();
@cmcdevitt
cmcdevitt / rerunCILookupRules.js
Created April 26, 2022 13:13
Rerun CI Lookup Rules on Select Items
var re_run_arr = [];
var re_run_str = '';
var di = new GlideRecord('sn_sec_cmn_src_ci');
di.addEncodedQuery('number=SDI000000001318');//Identify Items to re run the rules
di.query();
while(di.next()){
re_run_arr.push(di.getUniqueValue());//Collect an Array of sys_id
}
re_run_str = re_run_arr.join();
new sn_sec_cmn.CILookupUtil().reRunCILookupRules(re_run_str);//Re run the rules
@cmcdevitt
cmcdevitt / onBefore_Transfrom.js
Created April 14, 2022 18:02
onBefore Transform Script
(function runTransformScript(source, map, log, target /*undefined onStart*/ ) {
/*
Test and Reject
Required Incomming Fields:
internal_ip_address
source
cve
Recommened Fields:
server
@cmcdevitt
cmcdevitt / enc_dec.js
Created April 6, 2022 19:55
Encrypt and Decrypt to a Password(2 Way Encrypted) Field
/*
sn_cmdb_ci_class_chris_one.list
u_password
Field Type: 'Password(2 Way Encrypted)'
Built an run in a scope
*/
var pw = 'hell0_World!';
var gr = new GlideRecord('sn_cmdb_ci_class_chris_one');
gr.get('731b72d447c2c51077f53008946d4324');
gs.info("***CM setting password: " + pw);
@cmcdevitt
cmcdevitt / di_missing_vi.js
Created April 6, 2022 09:44
Identify Discovered Items that are not associated with a Vulnerable Item
/*
Sample script to find Discovered Items that are not referenced by a Vulnerable Item
A VI has a Reference to a DI
*/
var DI_TABLE = 'sn_sec_cmn_src_ci';
var VIT_TABLE = 'sn_vul_vulnerable_item';
var found = false;
var count = 0;
var grVI = new GlideRecord(VIT_TABLE);
//GlideRecord is just fine, I was testing PageGlideRecord at the same time
@cmcdevitt
cmcdevitt / pagedGlideRecord.js
Last active October 20, 2022 19:46
Page PagedGideRecord
//Work out your script before using....
//A 'pageSize' of 5000 is inherited from PageGlideRecord
var count = 0;
var table = 'sn_vul_vulnerable_item';
var viGR = new sn_vul.PagedGlideRecord(table);
viGR.setSortField("sys_id");//Sort Field is manadatory!
//viGR.query(); <-- You would think... but DO NOT use this.
while(viGR.next()){
gs.info(viGR.gr.getValue('number'));//NOTE the dotwalk .gr.
count++;
@cmcdevitt
cmcdevitt / cve_custom_number.js
Last active April 5, 2022 16:02
Generate Custom CVE Number
/*
Typical CVE-yyyy-xxxx
Empty Placeholder CVE-9999-00001
-- Start with an existing record as a default record for incomming data with missing CVE
--i.e. if the incoming data is missing a custom CVE use the placeholder record
-- Each VIT needs a Vulnerability. This is for external pentest teams whos data we are turning into VITs, but there is no 'pentest' library
-- Build a library on the fly
*/
var MAX_CVE_DIGITS = 5;