Skip to content

Commit

Permalink
Add new test cases to cover partial no such event edge case
Browse files Browse the repository at this point in the history
  • Loading branch information
@adhilto
adhilto committed Aug 28, 2024
1 parent 549ac6c commit 0e9f20a
Show file tree
Hide file tree
Showing 2 changed files with 159 additions and 3 deletions.
72 changes: 72 additions & 0 deletions Testing/RegoTests/gmail/gmail05_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1284,3 +1284,75 @@ test_AttachmentSafety_InCorrect_V2 if {
"Emails with encrypted attachments from untrusted senders are kept in the inbox</li></ul>"])
}

test_AttachmentSafety_Inorrect_V3 if {
# Test Spoofing and Authentication Protections when one setting is missing events
PolicyId := "GWS.GMAIL.5.5v0.3"
Output := tests with input as {
"gmail_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:24.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "Attachment safety Encrypted attachment protection setting action"
},
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:25.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "Attachment safety Attachment with scripts protection action"
},
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
}
# Note: no event for "Attachment safety Anomalous attachment protection setting action"
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])
}


test_AttachmentSafety_Inorrect_V4 if {
# Test Spoofing and Authentication Protections when all settings have no events
PolicyId := "GWS.GMAIL.5.5v0.3"
Output := tests with input as {
"gmail_logs": {"items": [

]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])
}
90 changes: 87 additions & 3 deletions Testing/RegoTests/gmail/gmail07_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2421,6 +2421,90 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V1 if {
}

test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V2 if {
# Test Spoofing and Authentication Protections when only one setting doesn't have enents
PolicyId := "GWS.GMAIL.7.7v0.3"
Output := tests with input as {
"gmail_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:24.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": concat("", [
"Spoofing and authentication safety Protect against domain spoofing based on similar ",
"domain names action"
])
},
{"name": "NEW_VALUE", "value": "Quarantine"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:25.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value":
"Spoofing and authentication safety Protect against spoofing of employee names action"
},
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:26.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": concat("", [
"Spoofing and authentication safety Protect against inbound emails spoofing your ",
"domain action"
])
},
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:27.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value":
"Spoofing and authentication safety Protect against any unauthenticated emails action"
},
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
# Note that "Spoofing and authentication safety Protect your Groups from inbound emails spoofing your
# domain action" is missing
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])
}

test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V3 if {
# Test Spoofing and Authentication Protections when there's only one event and it's wrong
PolicyId := "GWS.GMAIL.7.7v0.3"
Output := tests with input as {
Expand Down Expand Up @@ -2455,7 +2539,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V2 if {
"Automatically enable all future added settings is set to disabled</li></ul>"])
}

test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V3 if {
test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V4 if {
# Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong
PolicyId := "GWS.GMAIL.7.7v0.3"
Output := tests with input as {
Expand Down Expand Up @@ -2506,7 +2590,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V3 if {
"Automatically enable all future added settings is set to disabled</li></ul>"])
}

test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V4 if {
test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V5 if {
# Test Spoofing and Authentication Protections when there's only one event and it's wrong
PolicyId := "GWS.GMAIL.7.7v0.3"
Output := tests with input as {
Expand Down Expand Up @@ -2541,7 +2625,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V4 if {
"Automatically enable all future added settings is set to disabled</li></ul>"])
}

test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V5 if {
test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V6 if {
# Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong
PolicyId := "GWS.GMAIL.7.7v0.3"
Output := tests with input as {
Expand Down

0 comments on commit 0e9f20a

Please sign in to comment.