Skip to main content

Prevent high volume spam api calls on task table: my version for Incident table

 condition:

!gs.hasRole('itil') || !gs.isInteractive()


script:


(function executeRule(current, previous /*null when async*/ ) { //--see STRY0010718 for full background "Pentest - Limits on non-ITIL user API Calls" //--CONDITION: !gs.hasRole('itil') || !gs.isInteractive() var thresholdPeriod = parseInt(gs.getProperty('integ.threshold.period')); //--in seconds var maxTransactions = parseInt(gs.getProperty('integ.threshold.value')); //--max allowed transactions var bDebug = (gs.getProperty('integ.threshold.debug_logging') == 'true'); if (bDebug) { gs.log(current.number + '; user: ' + gs.getUserName() + '; thresholdPeriod: ' + thresholdPeriod + ';maxTransactions: ' + maxTransactions + '; isInteractive: ' + gs.isInteractive() + '; user has itil role: ' + gs.hasRole('itil'), 'busRule: MTH Limit API Calls'); } var grINC = new GlideRecord('incident'); var qryStr = 'opened_by=' + gs.getUserID(); qryStr += '^sys_created_onONToday@javascript:gs.beginningOfToday()@javascript:gs.endOfToday()'; grINC.addEncodedQuery(qryStr); grINC.orderByDesc('number'); grINC.query(); var icount = grINC.getRowCount(); if (icount > 0 && (icount >= maxTransactions)) { if (grINC.next()) { var dateBack = new GlideDateTime(); var dateINC = new GlideDateTime(grINC.sys_created_on); var secondsElapsed = gs.dateDiff(dateINC, dateBack, true); if (bDebug) { gs.log(current.number + '; count: ' + icount + '; maxTransactions: ' + maxTransactions, 'busRule: MTH Limit API Calls'); } if (secondsElapsed < thresholdPeriod) { gs.logError(current.number + '; user: ' + gs.getUserName() + '; Number of permitted Transactions per thresholdPeriod [' + thresholdPeriod + ' ] seconds has been exceeded for table: INCIDENT', 'busRule: MTH Limit API Calls'); current.setAbortAction(true); } } } })(current, previous);

Comments

Post a Comment

Popular posts from this blog

ServiceNow check for null or nil or empty (or not)

Haven't tested these all recently within global/local scopes, so feel free to have a play! option 1 use an encoded query embedded in the GlideRecord , e.g.  var grProf = new GlideRecord ( 'x_cls_clear_skye_i_profile' ); grProf . addQuery ( 'status=1^ owner=NULL ' ); grProf . query (); even better use the glideRecord  addNotNullQuery or addNullQuery option 2 JSUtil.nil / notNil (this might be the most powerful. See this link ) example: if ( current . operation () == 'insert' && JSUtil . notNil ( current . parent ) && ! current . work_effort . nil ())  option 3 there might be times when you need to get inside the GlideRecord and perform the check there, for example if the code goes down 2 optional routes depending on null / not null can use gs.nil : var grAppr = new GlideRecord ( 'sysapproval_approver' ); var grUser = new GlideRecord ( 'sys_user' ); if ( grUser . get ( 'sys_id' , current . approver )){
Post a Comment
Read more

Get URL Parameter - server side script (portal or classic UI)

Classic UI : var sURL_editparam = gs . action . getGlideURI (). getMap (). get ( ' sysparm_aparameter ' ); if ( sURL_editparam == 'true' ) { gs . addInfoMessage ( 'parameter passed ); } Portal : var sURL_editparam = $sp . getParameter ( " sysparm_aparameter " ); if ( sURL_editparam == 'true' ) { gs . addInfoMessage ( 'parameter passed ); }
20 comments
Read more