Invert no such event rule for gmail 5.5

cisagov · Aug 28, 2024 · 59452bb · 59452bb
1 parent 53f65ac
commit 59452bb
Showing 1 changed file with 12 additions and 21 deletions.
diff --git a/rego/Gmail.rego b/rego/Gmail.rego
@@ -500,28 +500,19 @@ if {
 #
 # Baseline GWS.GMAIL.5.5v0.3
 #--
-default NoSuchEvent5_5(_) := true
-
-NoSuchEvent5_5(TopLevelOU) := false if {
-    # No such event...
+NoSuchEvent5_5 := true if {
     SettingName := "Attachment safety Encrypted attachment protection setting action"
-    Events := utils.FilterEventsOU(LogEvents, SettingName, TopLevelOU)
-    count(Events) != 0
-}
-
-NoSuchEvent5_5(TopLevelOU) := false if {
-    # No such event...
+    Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU)
+    count(Events) == 0
+} else := true if {
     SettingName := "Attachment safety Attachment with scripts protection action"
-    Events := utils.FilterEventsOU(LogEvents, SettingName, TopLevelOU)
-    count(Events) != 0
-}
-
-NoSuchEvent5_5(TopLevelOU) := false if {
-    # No such event...
+    Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU)
+    count(Events) == 0
+} else := true if {
     SettingName := "Attachment safety Anomalous attachment protection setting action"
-    Events := utils.FilterEventsOU(LogEvents, SettingName, TopLevelOU)
-    count(Events) != 0
-}
+    Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU)
+    count(Events) == 0
+} else := false
 
 GetFriendlyValue5_5(NewValueA, NewValueB, NewValueC) :=
     "Emails with encrypted attachments from untrusted senders are kept in the inbox"
@@ -568,7 +559,7 @@ tests contains {
 }
 if {
     DefaultSafe := false
-    NoSuchEvent5_5(utils.TopLevelOU)
+    NoSuchEvent5_5
 }
 
 tests contains {
@@ -580,7 +571,7 @@ tests contains {
     "NoSuchEvent": false
 }
 if {
-    not NoSuchEvent5_5(utils.TopLevelOU)
+    not NoSuchEvent5_5
     Status := count(NonCompliantOUs5_5) == 0
 }
 #--