CodeSanity 1.1.0

Welcome to CodeSanity - created and maintained by Sascha Wildgrube.

Features

Contains a number of instance scan checks to validate source code.

Disclaimer

CodeSanity is NOT an officially supported ServiceNow product.

CodeSanity does NOT come with any kind of warranty. If you use it, you own it!

System Requirements

Quebec or Rome
Access to GitHub.com
DevTools 1.37.0

Installation

Create an account on GitHub - if not done already)
Create a personal access token for your GitHub account.
Paris or later: Add credentials to access GitHub - use "Basic Auth".
Fork the repository https://github.com/saschawildgrube/servicenow-devtools.
Go to Studio and import the DevTools application from source control.
Fork the repository https://github.com/saschawildgrube/servicenow-codesanity.
Go to Studio and import the CodeSanity application from source control.

Extending the CodeSanity scan suite

Change the scope to the app which should contain your new check - this should NOT be the CodeSanity app.
Select "Add new check" in the menu.
Create and save the new check - it will automatically be added to the CodeSanity scan suite.

Instance Scan Checks contained in the CodeSanity app

CodeSanity - Application names in code
Checks if application names are used as string literals in code
CodeSanity - Avoid eval()
Checks if the eval() function is used.
CodeSanity - bracket-dot anti-pattern
Checks for the bracket-dot anti-pattern
CodeSanity - Date() without parameter
Checks if the constructor of Date() is used without parameters
CodeSanity - short_description in conditions
Checks if the field "short_description" is used in a condition statement
CodeSanity - String concatenation anti-pattern
Checks against the string concatenation anti-pattern
CodeSanity - Sys IDs in scripts
Check for the Sys ID in script anti-pattern
CodeSanity - Throwing exceptions
Checks if a script throws an exception
CodeSanity - Variables in conditions
Checks if variables are used in scripted conditions
CodeSanity - [0] anti-pattern
Check for the [0] anti-pattern

Helpful links on Instance Scan

License

Licensed under the Apache License, Version 2.0 (the "License")

You may not use CodeSanity except in compliance with the License.

You may obtain a copy of the License at: https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Release Notes

1.1.0 - 2022-04-19

DevTools 1.37.0 is now required.
Priority of all checks is now set to "Critical".
Refactored CodeSanity's own code not to trigger any findings other than in the honey pot script include "AntiPatterns".
Added a check against the use of application names in source code.
Added a check if the field "short_description" is used in a condition statement.
Added a check against using the Date class constructor without parameters.
Added a check against the bracket-dot anti-pattern.
Added a check against the string concatenation anti-pattern.
Several exceptions have been added for the check against Sys IDs in scripts as some specific functions will need to contain Sys IDs no matter what.
Corrected a defect in the check against Sys IDs in source code.

1.0.0 - 2022-03-15

First baselined version