From bace0704a7ee3e3cf54dc8212e35a1e9a5136954 Mon Sep 17 00:00:00 2001 From: Alden Hilton Date: Mon, 15 Jan 2024 17:22:04 -0800 Subject: [PATCH] Removed code for old GWS.DRIVEDOCS.2.1v0.1 --- Testing/RegoTests/drive/drive02_test.rego | 345 +++------------------- rego/Drive.rego | 75 ++--- 2 files changed, 52 insertions(+), 368 deletions(-) diff --git a/Testing/RegoTests/drive/drive02_test.rego b/Testing/RegoTests/drive/drive02_test.rego index f61ec950..c3d6ed5d 100644 --- a/Testing/RegoTests/drive/drive02_test.rego +++ b/Testing/RegoTests/drive/drive02_test.rego @@ -4,284 +4,9 @@ import future.keywords # # GWS.DRIVEDOCS.2.1v0.1 #-- -test_Sharing_Correct_V1 if { - # Test sharing setting when there's only one event - PolicyId := "GWS.DRIVEDOCS.2.1v0.1" - Output := tests with input as { - "drive_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} - -test_Sharing_Correct_V2 if { - # Test sharing setting when there's multiple events and the most most recent is correct - PolicyId := "GWS.DRIVEDOCS.2.1v0.1" - Output := tests with input as { - "drive_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} - -test_Sharing_Correct_V3 if { - # Test sharing setting when there's multiple OUs - PolicyId := "GWS.DRIVEDOCS.2.1v0.1" - Output := tests with input as { - "drive_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} - -test_Sharing_Incorrect_V1 if { - # Test sharing setting when there are no relevant events - PolicyId := "GWS.DRIVEDOCS.2.1v0.1" - Output := tests with input as { - "drive_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == concat("", [ - "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", - "While we are unable to determine the state from the logs, the default setting ", - "is non-compliant; manual check recommended." - ]) -} - -test_Sharing_Incorrect_V2 if { - # Test sharing setting when there's only one event and it's wrong - PolicyId := "GWS.DRIVEDOCS.2.1v0.1" - Output := tests with input as { - "drive_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." -} - -test_Sharing_Incorrect_V3 if { - # Test sharing setting when there are multiple events and the most recent is wrong - PolicyId := "GWS.DRIVEDOCS.2.1v0.1" - Output := tests with input as { - "drive_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." -} - -test_Sharing_Incorrect_V4 if { - # Test sharing setting when top OU is correct but secondary isn't - PolicyId := "GWS.DRIVEDOCS.2.1v0.1" - Output := tests with input as { - "drive_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." -} - -test_Sharing_Incorrect_V5 if { - # Test sharing setting when top OU is missing - PolicyId := "GWS.DRIVEDOCS.2.1v0.1" - Output := tests with input as { - "drive_logs": {"items": [ - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation CanCreateSharedDrives"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == concat("", [ - "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", - "While we are unable to determine the state from the logs, the default setting ", - "is non-compliant; manual check recommended." - ]) -} - -# -# GWS.DRIVEDOCS.2.2v0.1 -#-- test_Managers_Correct_V1 if { # Test sharing setting when there's only one event - PolicyId := "GWS.DRIVEDOCS.2.2v0.1" + PolicyId := "GWS.DRIVEDOCS.2.1v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -309,7 +34,7 @@ test_Managers_Correct_V1 if { test_Managers_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct - PolicyId := "GWS.DRIVEDOCS.2.2v0.1" + PolicyId := "GWS.DRIVEDOCS.2.1v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -347,7 +72,7 @@ test_Managers_Correct_V2 if { test_Managers_Correct_V3 if { # Test sharing setting when there's multiple OUs - PolicyId := "GWS.DRIVEDOCS.2.2v0.1" + PolicyId := "GWS.DRIVEDOCS.2.1v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -385,7 +110,7 @@ test_Managers_Correct_V3 if { test_Managers_Incorrect_V1 if { # Test sharing setting when there are no relevant events - PolicyId := "GWS.DRIVEDOCS.2.2v0.1" + PolicyId := "GWS.DRIVEDOCS.2.1v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -417,7 +142,7 @@ test_Managers_Incorrect_V1 if { test_Managers_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong - PolicyId := "GWS.DRIVEDOCS.2.2v0.1" + PolicyId := "GWS.DRIVEDOCS.2.1v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -445,7 +170,7 @@ test_Managers_Incorrect_V2 if { test_Managers_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong - PolicyId := "GWS.DRIVEDOCS.2.2v0.1" + PolicyId := "GWS.DRIVEDOCS.2.1v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -483,7 +208,7 @@ test_Managers_Incorrect_V3 if { test_Managers_Incorrect_V4 if { # Test sharing setting when top OU is correct but secondary isn't - PolicyId := "GWS.DRIVEDOCS.2.2v0.1" + PolicyId := "GWS.DRIVEDOCS.2.1v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -521,7 +246,7 @@ test_Managers_Incorrect_V4 if { test_Managers_Incorrect_V5 if { # Test sharing setting when top OU is missing - PolicyId := "GWS.DRIVEDOCS.2.2v0.1" + PolicyId := "GWS.DRIVEDOCS.2.1v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -552,11 +277,11 @@ test_Managers_Incorrect_V5 if { } # -# GWS.DRIVEDOCS.2.3v0.1 +# GWS.DRIVEDOCS.2.2v0.1 #-- test_Outside_Correct_V1 if { # Test sharing setting when there's only one event - PolicyId := "GWS.DRIVEDOCS.2.3v0.1" + PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -587,7 +312,7 @@ test_Outside_Correct_V1 if { test_Outside_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct - PolicyId := "GWS.DRIVEDOCS.2.3v0.1" + PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -631,7 +356,7 @@ test_Outside_Correct_V2 if { test_Outside_Correct_V3 if { # Test sharing setting when there's multiple OUs - PolicyId := "GWS.DRIVEDOCS.2.3v0.1" + PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -675,7 +400,7 @@ test_Outside_Correct_V3 if { test_Outside_Incorrect_V1 if { # Test sharing setting when there are no relevant events - PolicyId := "GWS.DRIVEDOCS.2.3v0.1" + PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -707,7 +432,7 @@ test_Outside_Incorrect_V1 if { test_Outside_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong - PolicyId := "GWS.DRIVEDOCS.2.3v0.1" + PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -738,7 +463,7 @@ test_Outside_Incorrect_V2 if { test_Outside_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong - PolicyId := "GWS.DRIVEDOCS.2.3v0.1" + PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -782,7 +507,7 @@ test_Outside_Incorrect_V3 if { test_Outside_Incorrect_V4 if { # Test sharing setting when top OU is correct but secondary isn't - PolicyId := "GWS.DRIVEDOCS.2.3v0.1" + PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -826,7 +551,7 @@ test_Outside_Incorrect_V4 if { test_Outside_Incorrect_V5 if { # Test sharing setting when top OU is missing - PolicyId := "GWS.DRIVEDOCS.2.3v0.1" + PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -860,11 +585,11 @@ test_Outside_Incorrect_V5 if { } # -# GWS.DRIVEDOCS.2.4v0.1 +# GWS.DRIVEDOCS.2.3v0.1 #-- test_SharedDrive_Correct_V1 if { # Test sharing setting when there's only one event - PolicyId := "GWS.DRIVEDOCS.2.4v0.1" + PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -895,7 +620,7 @@ test_SharedDrive_Correct_V1 if { test_SharedDrive_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct - PolicyId := "GWS.DRIVEDOCS.2.4v0.1" + PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -939,7 +664,7 @@ test_SharedDrive_Correct_V2 if { test_SharedDrive_Correct_V3 if { # Test sharing setting when there's multiple OUs - PolicyId := "GWS.DRIVEDOCS.2.4v0.1" + PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -983,7 +708,7 @@ test_SharedDrive_Correct_V3 if { test_SharedDrive_Incorrect_V1 if { # Test sharing setting when there are no relevant events - PolicyId := "GWS.DRIVEDOCS.2.4v0.1" + PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1015,7 +740,7 @@ test_SharedDrive_Incorrect_V1 if { test_SharedDrive_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong - PolicyId := "GWS.DRIVEDOCS.2.4v0.1" + PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1046,7 +771,7 @@ test_SharedDrive_Incorrect_V2 if { test_SharedDrive_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong - PolicyId := "GWS.DRIVEDOCS.2.4v0.1" + PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1090,7 +815,7 @@ test_SharedDrive_Incorrect_V3 if { test_SharedDrive_Incorrect_V4 if { # Test sharing setting when top OU is correct but secondary isn't - PolicyId := "GWS.DRIVEDOCS.2.4v0.1" + PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1134,7 +859,7 @@ test_SharedDrive_Incorrect_V4 if { test_SharedDrive_Incorrect_V5 if { # Test sharing setting when top OU is missing - PolicyId := "GWS.DRIVEDOCS.2.4v0.1" + PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1168,11 +893,11 @@ test_SharedDrive_Incorrect_V5 if { } # -# GWS.DRIVEDOCS.2.5v0.1 +# GWS.DRIVEDOCS.2.4v0.1 #-- test_Viewers_Correct_V1 if { # Test sharing setting when there's only one event - PolicyId := "GWS.DRIVEDOCS.2.5v0.1" + PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1200,7 +925,7 @@ test_Viewers_Correct_V1 if { test_Viewers_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct - PolicyId := "GWS.DRIVEDOCS.2.5v0.1" + PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1238,7 +963,7 @@ test_Viewers_Correct_V2 if { test_Viewers_Correct_V3 if { # Test sharing setting when there's multiple OUs - PolicyId := "GWS.DRIVEDOCS.2.5v0.1" + PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1276,7 +1001,7 @@ test_Viewers_Correct_V3 if { test_Viewers_Incorrect_V1 if { # Test sharing setting when there are no relevant events - PolicyId := "GWS.DRIVEDOCS.2.5v0.1" + PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1308,7 +1033,7 @@ test_Viewers_Incorrect_V1 if { test_Viewers_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong - PolicyId := "GWS.DRIVEDOCS.2.5v0.1" + PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1336,7 +1061,7 @@ test_Viewers_Incorrect_V2 if { test_Viewers_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong - PolicyId := "GWS.DRIVEDOCS.2.5v0.1" + PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1374,7 +1099,7 @@ test_Viewers_Incorrect_V3 if { test_Viewers_Incorrect_V4 if { # Test sharing setting when top OU is correct but secondary isn't - PolicyId := "GWS.DRIVEDOCS.2.5v0.1" + PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { "drive_logs": {"items": [ { @@ -1412,7 +1137,7 @@ test_Viewers_Incorrect_V4 if { test_Viewers_Incorrect_V5 if { # Test sharing setting when top OU is missing - PolicyId := "GWS.DRIVEDOCS.2.5v0.1" + PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { "drive_logs": {"items": [ { diff --git a/rego/Drive.rego b/rego/Drive.rego index b857667f..2ece7df3 100644 --- a/rego/Drive.rego +++ b/rego/Drive.rego @@ -342,7 +342,7 @@ if { #-- NonCompliantOUs2_1 contains OU if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation CanCreateSharedDrives", OU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", OU) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false @@ -359,7 +359,7 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation CanCreateSharedDrives", utils.TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) count(Events) == 0 } @@ -372,7 +372,7 @@ tests contains { "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation CanCreateSharedDrives", utils.TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -383,7 +383,7 @@ if { #-- NonCompliantOUs2_2 contains OU if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", OU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_cross_domain_access", OU) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false @@ -400,7 +400,8 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) + SettingName := "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } @@ -413,7 +414,8 @@ tests contains { "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) + SettingName := "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_2) == 0 } @@ -424,7 +426,7 @@ if { #-- NonCompliantOUs2_3 contains OU if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_cross_domain_access", OU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_direct_access", OU) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false @@ -433,7 +435,7 @@ NonCompliantOUs2_3 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.2.3v0.1", - "Criticality": "Should", + "Criticality": "Shall", "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, @@ -441,21 +443,21 @@ tests contains { } if { DefaultSafe := false - SettingName := "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + SettingName := "Shared Drive Creation new_team_drive_restricts_direct_access" Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.3v0.1", - "Criticality": "Should", + "Criticality": "Shall", "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_3), "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_3}, "RequirementMet": Status, "NoSuchEvent": false } if { - SettingName := "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + SettingName := "Shared Drive Creation new_team_drive_restricts_direct_access" Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_3) == 0 @@ -467,10 +469,10 @@ if { #-- NonCompliantOUs2_4 contains OU if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_direct_access", OU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", OU) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) - contains("true", LastEvent.NewValue) == false + contains("false", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -484,8 +486,7 @@ tests contains { } if { DefaultSafe := false - SettingName := "Shared Drive Creation new_team_drive_restricts_direct_access" - Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) count(Events) == 0 } @@ -497,52 +498,10 @@ tests contains { "RequirementMet": Status, "NoSuchEvent": false } -if { - SettingName := "Shared Drive Creation new_team_drive_restricts_direct_access" - Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) - count(Events) > 0 - Status := count(NonCompliantOUs2_4) == 0 -} -#-- - -# -# Baseline GWS.DRIVEDOCS.2.5v0.1 -#-- -NonCompliantOUs2_5 contains OU if { - some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - contains("false", LastEvent.NewValue) == false - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - -tests contains { - "PolicyId": "GWS.DRIVEDOCS.2.5v0.1", - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) - count(Events) == 0 -} - -tests contains { - "PolicyId": "GWS.DRIVEDOCS.2.5v0.1", - "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_5), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_5}, - "RequirementMet": Status, - "NoSuchEvent": false -} if { Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs2_5) == 0 + Status := count(NonCompliantOUs2_4) == 0 } #--