Skip to content

Commit

Permalink
Remove GWS.CHAT.5.1 (#322)
Browse files Browse the repository at this point in the history 
* Changed 5.1 to a SHOULD and added a note

* Fixed statement

* Removed Chat Policy Group 5

* Remove old Chat.5.1 from Rego

* Updated TOC

---------

Co-authored-by: Alden Hilton <[email protected]>
  • Loading branch information
@jkaufman-mitre @adhilto
jkaufman-mitre and adhilto authored Jul 19, 2024
1 parent d463678 commit 94657a0
Show file tree
Hide file tree
Showing 6 changed files with 822 additions and 1,165 deletions.
230 changes: 4 additions & 226 deletions Testing/RegoTests/chat/chat05_test.rego
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,244 +4,22 @@ import future.keywords
#
# GWS.CHAT.5.1v0.2
#--
test_External_Chat_App_Setting_Correct_V1 if {
# Test external chat app setting setting when there's only one event
PolicyId := "GWS.CHAT.5.1v0.2"
Output := tests with input as {
"chat_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Chat app Settings - Chat apps enabled"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
}

test_External_Chat_App_Setting_Correct_V2 if {
# Test external chat app setting when there's multiple events and the most most recent is correct
test_FromList_Correct_V1 if {
# Test enforcing MFA when there's only one event set to only key
PolicyId := "GWS.CHAT.5.1v0.2"
Output := tests with input as {
"chat_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Chat app Settings - Chat apps enabled"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Chat app Settings - Chat apps enabled"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
}


test_External_Chat_App_Setting_Incorrect_V1 if {
# Test external chat app setting when there are no relevant events
PolicyId := "GWS.CHAT.5.1v0.2"
Output := tests with input as {
"chat_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Something else"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])
}

test_External_Chat_App_Setting_Incorrect_V2 if {
# Test external chat app setting there's only one event and it's wrong
PolicyId := "GWS.CHAT.5.1v0.2"
Output := tests with input as {
"chat_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Chat app Settings - Chat apps enabled"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Test Top-Level OU: ",
"Allow users to install Chat apps is set to true</li></ul>"])
}

test_External_Chat_App_Setting_Incorrect_V3 if {
# Test external chat app setting there are multiple events and the most recent is wrong
PolicyId := "GWS.CHAT.5.1v0.2"
Output := tests with input as {
"chat_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Chat app Settings - Chat apps enabled"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Chat app Settings - Chat apps enabled"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
},
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Test Top-Level OU: ",
"Allow users to install Chat apps is set to true</li></ul>"])
}

test_External_Chat_App_Setting_Incorrect_V4 if {
# Test no event for top-level OU but an event for a different OU
PolicyId := "GWS.CHAT.5.1v0.2"
Output := tests with input as {
"chat_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Chat app Settings - Chat apps enabled"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
},
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])
}

test_External_Chat_App_Setting_Incorrect_V5 if {
# Test multiple OUs
PolicyId := "GWS.CHAT.5.1v0.2"
Output := tests with input as {
"chat_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Chat app Settings - Chat apps enabled"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Chat app Settings - Chat apps enabled"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
},
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul>",
"<li>Test Second-Level OU: Allow users to install Chat apps is set to true</li>",
"<li>Test Top-Level OU: Allow users to install Chat apps is set to true</li>",
"</ul>"
])
RuleOutput[0].ReportDetails == "Currently not able to be tested automatically; please manually check."
}
#--
Loading

0 comments on commit 94657a0

Please sign in to comment.