From c9a1d9e395d95a9b9f02950499cd153235f8720c Mon Sep 17 00:00:00 2001 From: Alden Hilton Date: Thu, 25 Jul 2024 09:55:47 -0700 Subject: [PATCH] Rego changes for 1.6 --- Testing/RegoTests/drive/drive06_test.rego | 6 +- rego/Drive.rego | 99 ++++++++++++----------- 2 files changed, 53 insertions(+), 52 deletions(-) diff --git a/Testing/RegoTests/drive/drive06_test.rego b/Testing/RegoTests/drive/drive06_test.rego index 973db6d3..0f073611 100644 --- a/Testing/RegoTests/drive/drive06_test.rego +++ b/Testing/RegoTests/drive/drive06_test.rego @@ -252,7 +252,7 @@ test_DriveFs_Setting_InCorrect_V1 if { not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", - ""]) + ""]) } test_DriveFs_Setting_InCorrect_V2 if { @@ -311,7 +311,7 @@ test_DriveFs_Setting_InCorrect_V2 if { not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", - ""]) + ""]) } test_DriveFs_Setting_InCorrect_V3 if { @@ -390,5 +390,5 @@ test_DriveFs_Setting_InCorrect_V3 if { not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", - ""]) + ""]) } \ No newline at end of file diff --git a/rego/Drive.rego b/rego/Drive.rego index 4777fb55..106a2809 100644 --- a/rego/Drive.rego +++ b/rego/Drive.rego @@ -1035,18 +1035,22 @@ if { # # Baseline GWS.DRIVEDOCS.6.1v0.2 #-- + +GetFriendlyValue6_1(CompanyOnly, DesktopEnabled) := + "Drive for Desktop is enabled and can be used on any device." if { + CompanyOnly == "false" + DesktopEnabled == "true" + } + else := "Drive for Desktop is disabled" if { + DesktopEnabled == "false" + } + else := "Drive for Desktop is enabled but only on approved devices." if { + CompanyOnly == "true" + DesktopEnabled == "true" + } + default NoSuchEvent6_1(_) := true -GetFriendlyValue6_1(Value_B, Value_A) := -"Drive for Desktop is enabled, but can be used on any device." if { - Value_B == "false" -} -else := "Drive for Desktop is disabled" if { - Value_A == "false" -} -else := "Drive for Desktop is enabled, and only on approved devices." if { - Value_A == "true" -} NoSuchEvent6_1(TopLevelOU) := false if { Events := utils.FilterEventsOU(LogEvents, "DriveFsSettingsProto drive_fs_enabled", TopLevelOU) @@ -1054,7 +1058,6 @@ NoSuchEvent6_1(TopLevelOU) := false if { } NoSuchEvent6_1(TopLevelOU) := false if { - # No such event... Events := utils.FilterEventsOU(LogEvents, "DriveFsSettingsProto company_owned_only_enabled", TopLevelOU) count(Events) != 0 @@ -1062,49 +1065,47 @@ NoSuchEvent6_1(TopLevelOU) := false if { NonCompliantOUs6_1 contains { "Name": OU, - "Value": GetFriendlyValue6_1(LastEvent_B.NewValue, LastEvent_A.NewValue) + "Value": GetFriendlyValue6_1(LastCompanyOnlyEvent.NewValue, LastDriveEnabledEvent.NewValue) } if { - some OU in utils.OUsWithEvents - Events_A := utils.FilterEventsOU(LogEvents, - "DriveFsSettingsProto drive_fs_enabled", OU) - count(Events_A) > 0 - LastEvent_A := utils.GetLastEvent(Events_A) - LastEvent_A.NewValue != "DELETE_APPLICATION_SETTING" - - Events_B := utils.FilterEventsOU(LogEvents, - "DriveFsSettingsProto company_owned_only_enabled", OU) - count(Events_B) > 0 - LastEvent_B := utils.GetLastEvent(Events_B) - LastEvent_B.NewValue != "DELETE_APPLICATION_SETTING" - - - LastEvent_A.NewValue == "true" - LastEvent_B.NewValue != "true" - -} + some OU in utils.OUsWithEvents + + DriveEnabledEvents := utils.FilterEventsOU(LogEvents, + "DriveFsSettingsProto drive_fs_enabled", OU) + count(DriveEnabledEvents) > 0 + LastDriveEnabledEvent := utils.GetLastEvent(DriveEnabledEvents) + LastDriveEnabledEvent.NewValue != "DELETE_APPLICATION_SETTING" + + CompanyOnlyEvents := utils.FilterEventsOU(LogEvents, + "DriveFsSettingsProto company_owned_only_enabled", OU) + count(CompanyOnlyEvents) > 0 + LastCompanyOnlyEvent := utils.GetLastEvent(CompanyOnlyEvents) + LastCompanyOnlyEvent.NewValue != "DELETE_APPLICATION_SETTING" + + LastDriveEnabledEvent.NewValue == "true" + LastCompanyOnlyEvent.NewValue != "true" + } NonCompliantGroups6_1 contains { "Name": Group, - "Value": GetFriendlyValue6_1(LastEvent_B.NewValue, LastEvent_A.NewValue) + "Value": GetFriendlyValue6_1(LastCompanyOnlyEvent.NewValue, LastDriveEnabledEvent.NewValue) } if { - some Group in utils.GroupsWithEvents - Events_A := utils.FilterEventsGroup(LogEvents, - "DriveFsSettingsProto drive_fs_enabled", Group) - count(Events_A) > 0 - LastEvent_A := utils.GetLastEvent(Events_A) - LastEvent_A.NewValue != "DELETE_APPLICATION_SETTING" - - Events_B := utils.FilterEventsGroup(LogEvents, - "DriveFsSettingsProto company_owned_only_enabled", Group) - count(Events_B) > 0 - LastEvent_B := utils.GetLastEvent(Events_B) - LastEvent_B.NewValue != "DELETE_APPLICATION_SETTING" - - LastEvent_A.NewValue == "true" - LastEvent_B.NewValue != "true" - - -} + some Group in utils.GroupsWithEvents + + DriveEnabledEvents := utils.FilterEventsGroup(LogEvents, + "DriveFsSettingsProto drive_fs_enabled", Group) + count(DriveEnabledEvents) > 0 + LastDriveEnabledEvent := utils.GetLastEvent(DriveEnabledEvents) + LastDriveEnabledEvent.NewValue != "DELETE_APPLICATION_SETTING" + + CompanyOnlyEvents := utils.FilterEventsGroup(LogEvents, + "DriveFsSettingsProto company_owned_only_enabled", Group) + count(CompanyOnlyEvents) > 0 + LastCompanyOnlyEvent := utils.GetLastEvent(CompanyOnlyEvents) + LastCompanyOnlyEvent.NewValue != "DELETE_APPLICATION_SETTING" + + LastDriveEnabledEvent.NewValue == "true" + LastCompanyOnlyEvent.NewValue != "true" + } tests contains { "PolicyId": "GWS.DRIVEDOCS.6.1v0.2",