From e531c4848b0b2c1cb76f71e523554ced941c12a8 Mon Sep 17 00:00:00 2001 From: Alden Hilton Date: Tue, 2 Jan 2024 14:10:05 -0500 Subject: [PATCH] Import utils package instead of individual rules --- Testing/run_unit_tests.py | 3 - rego/Calendar.rego | 67 +++--- rego/Chat.rego | 106 +++++----- rego/Classroom.rego | 78 ++++--- rego/Commoncontrols.rego | 288 +++++++++++++------------ rego/Drive.rego | 262 +++++++++++------------ rego/Gmail.rego | 435 +++++++++++++++++++------------------- rego/Groups.rego | 94 ++++---- rego/Meet.rego | 64 +++--- rego/Sites.rego | 19 +- rego/Utils.rego | 4 +- 11 files changed, 691 insertions(+), 729 deletions(-) diff --git a/Testing/run_unit_tests.py b/Testing/run_unit_tests.py index da063748..23c8f49d 100644 --- a/Testing/run_unit_tests.py +++ b/Testing/run_unit_tests.py @@ -7,9 +7,6 @@ import argparse from sys import platform -# to_do move items from the commented out list below as the tests -# are implemented so they will be run by default - gws_baselines = [ "gmail", "calendar", diff --git a/rego/Calendar.rego b/rego/Calendar.rego index 9019a311..cf25a8f0 100644 --- a/rego/Calendar.rego +++ b/rego/Calendar.rego @@ -1,12 +1,7 @@ package calendar + +import data.utils import future.keywords -import data.utils.TopLevelOU -import data.utils.FilterEvents -import data.utils.GetLastEvent -import data.utils.OUsWithEvents -import data.utils.ReportDetailsOUs -import data.utils.FilterEventsNoOU -import data.utils.NoSuchEventDetails ################## # GWS.CALENDAR.1 # @@ -16,13 +11,13 @@ import data.utils.NoSuchEventDetails # Baseline GWS.CALENDAR.1.1v0.1 #-- NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "SHOW_ONLY_FREE_BUSY_INFORMATION" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -30,27 +25,27 @@ NonCompliantOUs1_1 contains OU if { tests contains { "PolicyId": "GWS.CALENDAR.1.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs.", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CALENDAR.1.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -77,40 +72,40 @@ tests contains { # Baseline GWS.CALENDAR.2.1v0.1 #-- NonCompliantOUs2_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ENABLE_EXTERNAL_GUEST_PROMPT", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ENABLE_EXTERNAL_GUEST_PROMPT", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" } tests contains { "PolicyId": "GWS.CALENDAR.2.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ENABLE_EXTERNAL_GUEST_PROMPT", TopLevelOU) + Events := utils.FilterEvents("ENABLE_EXTERNAL_GUEST_PROMPT", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CALENDAR.2.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ENABLE_EXTERNAL_GUEST_PROMPT", TopLevelOU) + Events := utils.FilterEvents("ENABLE_EXTERNAL_GUEST_PROMPT", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -162,14 +157,14 @@ ExtSharingSecondaryCalSettingDetailsStr(LastEvent) := Description if { tests contains { "PolicyId": "GWS.CALENDAR.3.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsNoOU("SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR") + Events := utils.FilterEventsNoOU("SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR") count(Events) == 0 } @@ -182,9 +177,9 @@ tests contains { "NoSuchEvent": false } if { - Events := FilterEventsNoOU("SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR") + Events := utils.FilterEventsNoOU("SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR") count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) Status := LastEvent.NewValue == "SHOW_ONLY_FREE_BUSY_INFORMATION" } #-- @@ -230,14 +225,14 @@ CalInteropManSettingDetailsStr(LastEvent) := Description if { tests contains { "PolicyId": "GWS.CALENDAR.4.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsNoOU("ENABLE_EWS_INTEROP") + Events := utils.FilterEventsNoOU("ENABLE_EWS_INTEROP") count(Events) == 0 } @@ -250,9 +245,9 @@ tests contains { "NoSuchEvent": false } if { - Events := FilterEventsNoOU("ENABLE_EWS_INTEROP") + Events := utils.FilterEventsNoOU("ENABLE_EWS_INTEROP") count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) Status := LastEvent.NewValue == "false" } #-- @@ -277,13 +272,13 @@ tests contains { NonCompliantOUs5_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("CalendarAppointmentSlotAdminSettingsProto payments_enabled", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("CalendarAppointmentSlotAdminSettingsProto payments_enabled", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" } @@ -293,27 +288,27 @@ NonCompliantOUs5_1 contains OU if { tests contains { "PolicyId": "GWS.CALENDAR.5.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs.", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("CalendarAppointmentSlotAdminSettingsProto payments_enabled", TopLevelOU) + Events := utils.FilterEvents("CalendarAppointmentSlotAdminSettingsProto payments_enabled", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CALENDAR.5.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("CalendarAppointmentSlotAdminSettingsProto payments_enabled", TopLevelOU) + Events := utils.FilterEvents("CalendarAppointmentSlotAdminSettingsProto payments_enabled", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } diff --git a/rego/Chat.rego b/rego/Chat.rego index 5b1f2ca4..99fb48e8 100644 --- a/rego/Chat.rego +++ b/rego/Chat.rego @@ -1,11 +1,7 @@ package chat + +import data.utils import future.keywords -import data.utils.TopLevelOU -import data.utils.FilterEvents -import data.utils.GetLastEvent -import data.utils.OUsWithEvents -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails ############## # GWS.CHAT.1 # @@ -15,40 +11,40 @@ import data.utils.NoSuchEventDetails # Baseline GWS.CHAT.1v1 #-- NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ChatArchivingProto chatsDefaultToOffTheRecord", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ChatArchivingProto chatsDefaultToOffTheRecord", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.CHAT.1.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents( "ChatArchivingProto chatsDefaultToOffTheRecord", TopLevelOU) + Events := utils.FilterEvents( "ChatArchivingProto chatsDefaultToOffTheRecord", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CHAT.1.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents( "ChatArchivingProto chatsDefaultToOffTheRecord", TopLevelOU) + Events := utils.FilterEvents( "ChatArchivingProto chatsDefaultToOffTheRecord", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -58,40 +54,40 @@ if { # Baseline GWS.CHAT.1.2v0.1 #-- NonCompliantOUs1_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents( "ChatArchivingProto allow_chat_archiving_setting_modification", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents( "ChatArchivingProto allow_chat_archiving_setting_modification", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.CHAT.1.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents( "ChatArchivingProto allow_chat_archiving_setting_modification", TopLevelOU) + Events := utils.FilterEvents( "ChatArchivingProto allow_chat_archiving_setting_modification", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CHAT.1.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents( "ChatArchivingProto allow_chat_archiving_setting_modification", TopLevelOU) + Events := utils.FilterEvents( "ChatArchivingProto allow_chat_archiving_setting_modification", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_2) == 0 } @@ -106,13 +102,13 @@ if { # Baseline GWS.CHAT.2.2v0.1 #-- NonCompliantOUs2_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents( "DynamiteFileSharingSettingsProto external_file_sharing_setting", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents( "DynamiteFileSharingSettingsProto external_file_sharing_setting", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "NO_FILES" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -120,27 +116,27 @@ NonCompliantOUs2_1 contains OU if { tests contains { "PolicyId": "GWS.CHAT.2.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents( "DynamiteFileSharingSettingsProto external_file_sharing_setting", TopLevelOU) + Events := utils.FilterEvents( "DynamiteFileSharingSettingsProto external_file_sharing_setting", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CHAT.2.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents( "DynamiteFileSharingSettingsProto external_file_sharing_setting", TopLevelOU) + Events := utils.FilterEvents( "DynamiteFileSharingSettingsProto external_file_sharing_setting", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -154,40 +150,40 @@ if { # Baseline GWS.CHAT.3.1v0.1 #-- NonCompliantOUs3_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents( "RoomOtrSettingsProto otr_state", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents( "RoomOtrSettingsProto otr_state", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) not contains("DEFAULT_ON_THE_RECORD ALWAYS_ON_THE_RECORD", LastEvent.NewValue) } tests contains { "PolicyId": "GWS.CHAT.3.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents( "RoomOtrSettingsProto otr_state", TopLevelOU) + Events := utils.FilterEvents( "RoomOtrSettingsProto otr_state", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CHAT.3.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents( "RoomOtrSettingsProto otr_state", TopLevelOU) + Events := utils.FilterEvents( "RoomOtrSettingsProto otr_state", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } @@ -201,40 +197,40 @@ if { # Baseline GWS.CHAT.4.1v0.1 #-- NonCompliantOUs4_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents( "RestrictChatProto restrictChatToOrganization", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents( "RestrictChatProto restrictChatToOrganization", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.CHAT.4.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents( "RestrictChatProto restrictChatToOrganization", TopLevelOU) + Events := utils.FilterEvents( "RestrictChatProto restrictChatToOrganization", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CHAT.4.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents( "RestrictChatProto restrictChatToOrganization", TopLevelOU) + Events := utils.FilterEvents( "RestrictChatProto restrictChatToOrganization", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } @@ -244,40 +240,40 @@ if { # Baseline GWS.CHAT.4.2v0.1 #-- NonCompliantOUs4_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents( "RestrictChatProto externalChatRestriction", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents( "RestrictChatProto externalChatRestriction", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "NO_RESTRICTION" } tests contains { "PolicyId": "GWS.CHAT.4.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents( "RestrictChatProto externalChatRestriction", TopLevelOU) + Events := utils.FilterEvents( "RestrictChatProto externalChatRestriction", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CHAT.4.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents( "RestrictChatProto externalChatRestriction", TopLevelOU) + Events := utils.FilterEvents( "RestrictChatProto externalChatRestriction", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_2) == 0 } @@ -291,40 +287,40 @@ if { # GWS.CHAT.5.1v0.1 #-- NonCompliantOUs5_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents( "Chat app Settings - Chat apps enabled", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents( "Chat app Settings - Chat apps enabled", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.CHAT.5.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents( "Chat app Settings - Chat apps enabled", TopLevelOU) + Events := utils.FilterEvents( "Chat app Settings - Chat apps enabled", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CHAT.5.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents( "Chat app Settings - Chat apps enabled", TopLevelOU) + Events := utils.FilterEvents( "Chat app Settings - Chat apps enabled", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } diff --git a/rego/Classroom.rego b/rego/Classroom.rego index d309fbbc..61a65358 100644 --- a/rego/Classroom.rego +++ b/rego/Classroom.rego @@ -1,11 +1,7 @@ package classroom + +import data.utils import future.keywords -import data.utils.TopLevelOU -import data.utils.FilterEvents -import data.utils.GetLastEvent -import data.utils.OUsWithEvents -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails ################### # GWS.CLASSROOM.1 # @@ -15,41 +11,41 @@ import data.utils.NoSuchEventDetails # Baseline GWS.CLASSROOM.1.1v0.1 #-- NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ClassMembershipSettingsGroup who_can_join_classes", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ClassMembershipSettingsGroup who_can_join_classes", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "1" } tests contains { "PolicyId": "GWS.CLASSROOM.1.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ClassMembershipSettingsGroup who_can_join_classes", TopLevelOU) + Events := utils.FilterEvents("ClassMembershipSettingsGroup who_can_join_classes", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CLASSROOM.1.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ClassMembershipSettingsGroup who_can_join_classes", TopLevelOU) + Events := utils.FilterEvents("ClassMembershipSettingsGroup who_can_join_classes", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -59,40 +55,40 @@ if { # Baseline GWS.CLASSROOM.1.2v0.1 #-- NonCompliantOUs1_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ClassMembershipSettingsGroup which_classes_can_users_join", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ClassMembershipSettingsGroup which_classes_can_users_join", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "1" } tests contains { "PolicyId": "GWS.CLASSROOM.1.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ClassMembershipSettingsGroup which_classes_can_users_join", TopLevelOU) + Events := utils.FilterEvents("ClassMembershipSettingsGroup which_classes_can_users_join", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CLASSROOM.1.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ClassMembershipSettingsGroup which_classes_can_users_join", TopLevelOU) + Events := utils.FilterEvents("ClassMembershipSettingsGroup which_classes_can_users_join", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_2) == 0 } @@ -106,13 +102,13 @@ if { # Baseline GWS.CLASSROOM.2.1v0.1 #-- NonCompliantOUs2_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ApiDataAccessSettingProto api_access_enabled", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ApiDataAccessSettingProto api_access_enabled", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -120,27 +116,27 @@ NonCompliantOUs2_1 contains OU if { tests contains { "PolicyId": "GWS.CLASSROOM.2.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ApiDataAccessSettingProto api_access_enabled", TopLevelOU) + Events := utils.FilterEvents("ApiDataAccessSettingProto api_access_enabled", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CLASSROOM.2.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ApiDataAccessSettingProto api_access_enabled", TopLevelOU) + Events := utils.FilterEvents("ApiDataAccessSettingProto api_access_enabled", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -154,13 +150,13 @@ if { # Baseline GWS.CLASSROOM.3.1v0.1 #-- NonCompliantOUs3_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("RosterImportSettingsProto sis_integrator", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("RosterImportSettingsProto sis_integrator", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "SIS_INTEGRATOR_NONE" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -168,27 +164,27 @@ NonCompliantOUs3_1 contains OU if { tests contains { "PolicyId": "GWS.CLASSROOM.3.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := true - Events := FilterEvents("RosterImportSettingsProto sis_integrator", TopLevelOU) + Events := utils.FilterEvents("RosterImportSettingsProto sis_integrator", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CLASSROOM.3.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("RosterImportSettingsProto sis_integrator", TopLevelOU) + Events := utils.FilterEvents("RosterImportSettingsProto sis_integrator", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } @@ -202,13 +198,13 @@ if { # Baseline GWS.CLASSROOM.4.1v0.1 #-- NonCompliantOUs4_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("StudentUnenrollmentSettingsProto who_can_unenroll_students", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("StudentUnenrollmentSettingsProto who_can_unenroll_students", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -216,27 +212,27 @@ NonCompliantOUs4_1 contains OU if { tests contains { "PolicyId": "GWS.CLASSROOM.4.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := true - Events := FilterEvents("StudentUnenrollmentSettingsProto who_can_unenroll_students", TopLevelOU) + Events := utils.FilterEvents("StudentUnenrollmentSettingsProto who_can_unenroll_students", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CLASSROOM.4.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("StudentUnenrollmentSettingsProto who_can_unenroll_students", TopLevelOU) + Events := utils.FilterEvents("StudentUnenrollmentSettingsProto who_can_unenroll_students", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } diff --git a/rego/Commoncontrols.rego b/rego/Commoncontrols.rego index 59fbc49e..62ae1538 100644 --- a/rego/Commoncontrols.rego +++ b/rego/Commoncontrols.rego @@ -1,13 +1,7 @@ package commoncontrols + +import data.utils import future.keywords -import data.utils.TopLevelOU -import data.utils.GetLastEvent -import data.utils.FilterEvents -import data.utils.OUsWithEvents -import data.utils.ReportDetailsOUs -import data.utils.FilterEventsNoOU -import data.utils.NoSuchEventDetails -import data.utils.ReportDetailsBoolean FilterEventsAlt(EventName) := Events if { # Many of the events for common controls are structured differently. @@ -88,37 +82,37 @@ if { # two different settings simultaneously. NoSuchEvent1_1 := true if { # No such event... - Events := FilterEventsAltOU("ENFORCE_STRONG_AUTHENTICATION", TopLevelOU) + Events := FilterEventsAltOU("ENFORCE_STRONG_AUTHENTICATION", utils.TopLevelOU) count(Events) == 0 } NoSuchEvent1_1 := true if { # No such event... - Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", utils.TopLevelOU) count(Events) == 0 } default NoSuchEvent1_1 := false NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("ENFORCE_STRONG_AUTHENTICATION", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" } NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ONLY_SECURITY_KEY" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -126,7 +120,7 @@ NonCompliantOUs1_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -139,7 +133,7 @@ if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false @@ -155,13 +149,13 @@ if { #-- NonCompliantOUs1_2 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "1 week" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -169,27 +163,27 @@ NonCompliantOUs1_2 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_2) == 0 } @@ -200,13 +194,13 @@ if { #-- NonCompliantOUs1_3 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DISABLE_USERS_TO_TRUST_DEVICE" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -214,27 +208,27 @@ NonCompliantOUs1_3 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_3}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_3) == 0 } @@ -245,40 +239,40 @@ if { #-- NonCompliantOUs1_4 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "ANY" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_4) == 0 } @@ -302,7 +296,7 @@ tests contains { "No relevant event in the current logs. While we are unable ", "to determine the state from the logs, the default setting ", "is non-compliant; manual check recommended." - ]), # Custom message instead of NoSuchEventDetails function, + ]), # Custom message instead of utils.NoSuchEventDetails function, # as this setting isn't controlled at the OU level "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, @@ -317,7 +311,7 @@ if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.2.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsBoolean(Status), + "ReportDetails": utils.ReportDetailsBoolean(Status), "ActualValue": {"TOGGLE_CAA_ENABLEMENT": LastEvent.NewValue}, "RequirementMet": Status, "NoSuchEvent": false @@ -325,7 +319,7 @@ tests contains { if { Events := FilterEventsAlt("TOGGLE_CAA_ENABLEMENT") count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) Status := LastEvent.NewValue == "ENABLED" } #-- @@ -352,13 +346,13 @@ tests contains { #-- NonCompliantOUs3_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SsoPolicyProto challenge_selection_behavior", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SsoPolicyProto challenge_selection_behavior", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "PERFORM_CHALLENGE_SELECTION" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -366,27 +360,27 @@ NonCompliantOUs3_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.3.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SsoPolicyProto challenge_selection_behavior", TopLevelOU) + Events := utils.FilterEvents("SsoPolicyProto challenge_selection_behavior", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.3.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SsoPolicyProto challenge_selection_behavior", TopLevelOU) + Events := utils.FilterEvents("SsoPolicyProto challenge_selection_behavior", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } @@ -411,13 +405,13 @@ IsGoodLimit(ActualLim) := false if { } NonCompliantOUs4_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Session management settings - Session length in seconds", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Session management settings - Session length in seconds", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DELETE_APPLICATION_SETTING" not IsGoodLimit(LastEvent.NewValue) } @@ -425,27 +419,27 @@ NonCompliantOUs4_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.4.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Session management settings - Session length in seconds", TopLevelOU) + Events := utils.FilterEvents("Session management settings - Session length in seconds", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.4.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Session management settings - Session length in seconds", TopLevelOU) + Events := utils.FilterEvents("Session management settings - Session length in seconds", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } @@ -460,13 +454,13 @@ if { #-- NonCompliantOUs5_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Password Management - Enforce strong password", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Password Management - Enforce strong password", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "on" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -474,26 +468,26 @@ NonCompliantOUs5_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Password Management - Enforce strong password", TopLevelOU) + Events := utils.FilterEvents("Password Management - Enforce strong password", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Password Management - Enforce strong password", TopLevelOU) + Events := utils.FilterEvents("Password Management - Enforce strong password", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } @@ -504,13 +498,13 @@ tests contains { #-- NonCompliantOUs5_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Password Management - Minimum password length", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Password Management - Minimum password length", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DELETE_APPLICATION_SETTING" Minimum := to_number(LastEvent.NewValue) Minimum < 12 @@ -519,27 +513,27 @@ NonCompliantOUs5_2 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Password Management - Minimum password length", TopLevelOU) + Events := utils.FilterEvents("Password Management - Minimum password length", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Password Management - Minimum password length", TopLevelOU) + Events := utils.FilterEvents("Password Management - Minimum password length", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_2) == 0 } @@ -550,13 +544,13 @@ if { #-- NonCompliantOUs5_3 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Password Management - Enforce password policy at next login", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Password Management - Enforce password policy at next login", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "true" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -564,27 +558,27 @@ NonCompliantOUs5_3 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Password Management - Enforce password policy at next login", TopLevelOU) + Events := utils.FilterEvents("Password Management - Enforce password policy at next login", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_3}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Password Management - Enforce password policy at next login", TopLevelOU) + Events := utils.FilterEvents("Password Management - Enforce password policy at next login", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_3) == 0 } @@ -595,13 +589,13 @@ if { #-- NonCompliantOUs5_4 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Password Management - Enable password reuse", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Password Management - Enable password reuse", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -609,27 +603,27 @@ NonCompliantOUs5_4 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Password Management - Enable password reuse", TopLevelOU) + Events := utils.FilterEvents("Password Management - Enable password reuse", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Password Management - Enable password reuse", TopLevelOU) + Events := utils.FilterEvents("Password Management - Enable password reuse", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_4) == 0 } @@ -640,13 +634,13 @@ if { #-- NonCompliantOUs5_5 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Password Management - Password reset frequency", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Password Management - Password reset frequency", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "0" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -654,27 +648,27 @@ NonCompliantOUs5_5 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.5v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Password Management - Password reset frequency", TopLevelOU) + Events := utils.FilterEvents("Password Management - Password reset frequency", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.5v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_5), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_5}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Password Management - Password reset frequency", TopLevelOU) + Events := utils.FilterEvents("Password Management - Password reset frequency", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_5) == 0 } @@ -778,13 +772,13 @@ tests contains { #-- NonCompliantOUs9_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("AdminAccountRecoverySettingsProto Enable admin account recovery", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("AdminAccountRecoverySettingsProto Enable admin account recovery", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -792,26 +786,26 @@ NonCompliantOUs9_2 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.9.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("AdminAccountRecoverySettingsProto Enable admin account recovery", TopLevelOU) + Events := utils.FilterEvents("AdminAccountRecoverySettingsProto Enable admin account recovery", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.9.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs9_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("AdminAccountRecoverySettingsProto Enable admin account recovery", TopLevelOU) + Events := utils.FilterEvents("AdminAccountRecoverySettingsProto Enable admin account recovery", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs9_2) == 0 } @@ -939,7 +933,7 @@ HighRiskBlocked contains Service if { # Filter for just that service FilteredEvents := {Event | some Event in APIAccessEvents; Event.ServiceName == Service} # Get the most recent change - Event := GetLastEvent(FilteredEvents) + Event := utils.GetLastEvent(FilteredEvents) # If the most recent change is ALLOW, this service is unrestricted Event.EventName == "DISALLOW_SERVICE_FOR_OAUTH2_ACCESS" } @@ -954,7 +948,7 @@ UnrestrictedServices11_2 contains Service if { # Filter for just that service FilteredEvents := {Event | some Event in APIAccessEvents; Event.ServiceName == Service} # Get the most recent change - Event := GetLastEvent(FilteredEvents) + Event := utils.GetLastEvent(FilteredEvents) # If the most recent change is ALLOW... and the _HIGH_RISK # version of the service is not blocked, then the app is unrestricted Event.EventName == "ALLOW_SERVICE_FOR_OAUTH2_ACCESS" @@ -1017,7 +1011,7 @@ UnrestrictedServices11_3 contains Service if { # Filter for just that service FilteredEvents := {Event | some Event in APIAccessEvents; Event.ServiceName == Service} # Get the most recent change - Event := GetLastEvent(FilteredEvents) + Event := utils.GetLastEvent(FilteredEvents) # If the most recent change is ALLOW..., even if the _HIGH_RISK # version of the service is blocked, then the app is unrestricted # for the purposes of 11.3, so we don't need to check the high @@ -1086,40 +1080,40 @@ if { } NonCompliantOUs11_4 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == OU} count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.EventName != "UNTRUST_DOMAIN_OWNED_OAUTH2_APPS" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.11.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == TopLevelOU} + Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == utils.TopLevelOU} count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.11.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs11_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs11_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs11_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == TopLevelOU} + Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == utils.TopLevelOU} count(Events) > 0 Status := count(NonCompliantOUs11_4) == 0 } @@ -1148,40 +1142,40 @@ if { } NonCompliantOUs11_5 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := [Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == OU] count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.EventName != "BLOCK_ALL_THIRD_PARTY_API_ACCESS" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.11.5v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := {Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == TopLevelOU} + Events := {Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == utils.TopLevelOU} count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.11.5v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs11_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs11_5), "ActualValue": {"NonCompliantOUs": NonCompliantOUs11_5}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := {Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == TopLevelOU} + Events := {Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == utils.TopLevelOU} count(Events) > 0 Status := count(NonCompliantOUs11_5) == 0 } @@ -1216,37 +1210,37 @@ tests contains { # Custom NoSuchEvent function needed as we're checking # two different settings simultaneously. NoSuchEvent12_2 := true if { - Events := FilterEvents("Apps Access Setting Allowlist access", TopLevelOU) + Events := utils.FilterEvents("Apps Access Setting Allowlist access", utils.TopLevelOU) count(Events) == 0 } NoSuchEvent12_2 := true if { - Events := FilterEvents("Apps Access Setting allow_all_internal_apps", TopLevelOU) + Events := utils.FilterEvents("Apps Access Setting allow_all_internal_apps", utils.TopLevelOU) count(Events) == 0 } default NoSuchEvent12_2 := false NonCompliantOUs12_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Apps Access Setting Allowlist access", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Apps Access Setting Allowlist access", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ALLOW_SPECIFIED" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } NonCompliantOUs12_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Apps Access Setting allow_all_internal_apps", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Apps Access Setting allow_all_internal_apps", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1254,7 +1248,7 @@ NonCompliantOUs12_2 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.12.2v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -1267,7 +1261,7 @@ if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.12.2v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs12_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs12_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs12_2}, "RequirementMet": Status, "NoSuchEvent": false @@ -1288,13 +1282,13 @@ if { #-- NonCompliantOUs13_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DENIED" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1308,27 +1302,27 @@ NonCompliantOUs13_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.13.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", TopLevelOU) + Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.13.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs13_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs13_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs13_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", TopLevelOU) + Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs13_1) == 0 } @@ -1342,20 +1336,20 @@ Apps := {"Blogger", "Google Books", "Google Pay", "Google Photos", "Google Play" "Google Play Console", "Location History", "YouTube"} AppsAllowingTakoutOU contains App { - Events := FilterEventsNoOU("UserTakeoutSettingsProto User Takeout ") + Events := utils.FilterEventsNoOU("UserTakeoutSettingsProto User Takeout ") some App in Apps Filtered := {Event | some Event in Events; Event.AppName == App; Event.OrgUnit == data.OrgUnit} # Note the data.OrgUnit. This means this # rule will only work if called like this: # AppsAllowingTakoutOU with data.OrgUnit as ExampleOrgUnit - LastEvent := GetLastEvent(Filtered) + LastEvent := utils.GetLastEvent(Filtered) LastEvent.NewValue != "Disabled" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } NonCompliantOUs14_1 contains OU { - some OU in OUsWithEvents - Events := FilterEvents("UserTakeoutSettingsProto User Takeout ", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("UserTakeoutSettingsProto User Takeout ", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have @@ -1373,7 +1367,7 @@ tests contains { "Criticality": "Shall", "ReportDetails": concat("", [ "For apps with individual admin control: ", - NoSuchEventDetails(DefaultSafe, TopLevelOU) + utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU) ]), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, @@ -1381,7 +1375,7 @@ tests contains { } if { DefaultSafe := true - Events := FilterEvents("UserTakeoutSettingsProto User Takeout ", TopLevelOU) + Events := utils.FilterEvents("UserTakeoutSettingsProto User Takeout ", utils.TopLevelOU) count(Events) == 0 } @@ -1390,14 +1384,14 @@ tests contains { "Criticality": "Shall", "ReportDetails": concat("", [ "For apps with individual admin control: ", - ReportDetailsOUs(NonCompliantOUs14_1) + utils.ReportDetailsOUs(NonCompliantOUs14_1) ]), "ActualValue": {"NonCompliantOUs": NonCompliantOUs14_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("UserTakeoutSettingsProto User Takeout ", TopLevelOU) + Events := utils.FilterEvents("UserTakeoutSettingsProto User Takeout ", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs14_1) == 0 } @@ -1445,40 +1439,42 @@ tests contains { #-- NonCompliantOUs16_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ENABLED" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.16.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"", TopLevelOU) + SettingName := "Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"" + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.16.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs16_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs16_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs16_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"", TopLevelOU) + SettingName := "Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"" + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs16_1) == 0 } @@ -1524,40 +1520,40 @@ tests contains { #-- NonCompliantOUs18_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.18.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", TopLevelOU) + Events := utils.FilterEvents("CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.18.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs18_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs18_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs18_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", TopLevelOU) + Events := utils.FilterEvents("CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs18_1) == 0 } diff --git a/rego/Drive.rego b/rego/Drive.rego index c51d9704..2550a2a2 100644 --- a/rego/Drive.rego +++ b/rego/Drive.rego @@ -1,11 +1,7 @@ package drive + +import data.utils import future.keywords -import data.utils.TopLevelOU -import data.utils.GetLastEvent -import data.utils.FilterEvents -import data.utils.OUsWithEvents -import data.utils.NoSuchEventDetails -import data.utils.ReportDetailsOUs ################### # GWS.DRIVEDOCS.1 # @@ -16,10 +12,10 @@ import data.utils.ReportDetailsOUs #-- # TODO: OU inheritence implementation pending after SCB updates, refer to #328 NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) SettingValue := "SHARING_NOT_ALLOWED SHARING_NOT_ALLOWED_BUT_MAY_RECEIVE_FILES INHERIT_FROM_PARENT" contains(SettingValue, LastEvent.NewValue) == false } @@ -27,27 +23,27 @@ NonCompliantOUs1_1 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.1.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -57,37 +53,37 @@ if { # Baseline GWS.DRIVEDOCS.1.2v0.1 #-- NonCompliantOUs1_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("SHARING_NOT_ALLOWED INHERIT_FROM_PARENT", LastEvent.NewValue) == false } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.2v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.2v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_2) == 0 } @@ -97,37 +93,37 @@ if { # Baseline GWS.DRIVEDOCS.1.3v0.1 #-- NonCompliantOUs1_3 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("SHARING_ALLOWED INHERIT_FROM_PARENT", LastEvent.NewValue) == true } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.3v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.3v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_3}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_3) == 0 } @@ -137,37 +133,37 @@ if { # Baseline GWS.DRIVEDOCS.1.4v0.1 #-- NonCompliantOUs1_4 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("NOT_ALLOWED INHERIT_FROM_PARENT", LastEvent.NewValue) == false } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", TopLevelOU) + Events := utils.FilterEvents("SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", TopLevelOU) + Events := utils.FilterEvents("SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_4) == 0 } @@ -177,37 +173,37 @@ if { # Baseline GWS.DRIVEDOCS.1.5v0.1 #-- NonCompliantOUs1_5 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("PUBLISHING_TO_WEB", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("PUBLISHING_TO_WEB", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("ALLOWED", LastEvent.NewValue) == true } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.5v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("PUBLISHING_TO_WEB", TopLevelOU) + Events := utils.FilterEvents("PUBLISHING_TO_WEB", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.5v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_5), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_5}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("PUBLISHING_TO_WEB", TopLevelOU) + Events := utils.FilterEvents("PUBLISHING_TO_WEB", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_5) == 0 } @@ -217,37 +213,37 @@ if { # Baseline GWS.DRIVEDOCS.1.6v0.1 #-- NonCompliantOUs1_6 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SHARING_ACCESS_CHECKER_OPTIONS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SHARING_ACCESS_CHECKER_OPTIONS", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("NAMED_PARTIES_ONLY DOMAIN_OR_NAMED_PARTIES INHERIT_FROM_PARENT", LastEvent.NewValue) == false } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.6v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SHARING_ACCESS_CHECKER_OPTIONS",TopLevelOU) + Events := utils.FilterEvents("SHARING_ACCESS_CHECKER_OPTIONS",utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.6v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_6), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_6), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_6}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SHARING_ACCESS_CHECKER_OPTIONS", TopLevelOU) + Events := utils.FilterEvents("SHARING_ACCESS_CHECKER_OPTIONS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_6) == 0 } @@ -257,10 +253,10 @@ if { # Baseline GWS.DRIVEDOCS.1.7v0.1 #-- NonCompliantOUs1_7 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) SettingValue := "CROSS_DOMAIN_FROM_INTERNAL_ONLY CROSS_DOMAIN_MOVES_BLOCKED INHERIT_FROM_PARENT" contains(SettingValue, LastEvent.NewValue) == false } @@ -268,27 +264,27 @@ NonCompliantOUs1_7 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.1.7v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", TopLevelOU) + Events := utils.FilterEvents("SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.7v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_7), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_7), "ActualValue": {"NonComplaintOUs": NonCompliantOUs1_7}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", TopLevelOU) + Events := utils.FilterEvents("SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_7) == 0 } @@ -298,10 +294,10 @@ if { # Baseline GWS.DRIVEDOCS.1.8v0.1 #-- NonCompliantOUs1_8 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("DEFAULT_LINK_SHARING_FOR_NEW_DOCS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("DEFAULT_LINK_SHARING_FOR_NEW_DOCS", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "PRIVATE" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -309,27 +305,27 @@ NonCompliantOUs1_8 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.1.8v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("DEFAULT_LINK_SHARING_FOR_NEW_DOCS",TopLevelOU) + Events := utils.FilterEvents("DEFAULT_LINK_SHARING_FOR_NEW_DOCS",utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.8v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_8), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_8), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_8}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("DEFAULT_LINK_SHARING_FOR_NEW_DOCS", TopLevelOU) + Events := utils.FilterEvents("DEFAULT_LINK_SHARING_FOR_NEW_DOCS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_8) == 0 } @@ -343,10 +339,10 @@ if { # Baseline GWS.DRIVEDOCS.2.1v0.1 #-- NonCompliantOUs2_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Shared Drive Creation CanCreateSharedDrives", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Shared Drive Creation CanCreateSharedDrives", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -354,27 +350,27 @@ NonCompliantOUs2_1 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.2.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Shared Drive Creation CanCreateSharedDrives", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation CanCreateSharedDrives", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Shared Drive Creation CanCreateSharedDrives", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation CanCreateSharedDrives", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -384,10 +380,10 @@ if { # Baseline GWS.DRIVEDOCS.2.2v0.1 #-- NonCompliantOUs2_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Shared Drive Creation new_team_drive_admin_only", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_admin_only", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -395,27 +391,27 @@ NonCompliantOUs2_2 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.2.2v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Shared Drive Creation new_team_drive_admin_only", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.2v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_2), "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Shared Drive Creation new_team_drive_admin_only", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_2) == 0 } @@ -425,10 +421,10 @@ if { # Baseline GWS.DRIVEDOCS.2.3v0.1 #-- NonCompliantOUs2_3 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Shared Drive Creation new_team_drive_restricts_cross_domain_access", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_restricts_cross_domain_access", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -436,27 +432,27 @@ NonCompliantOUs2_3 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.2.3v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Shared Drive Creation new_team_drive_restricts_cross_domain_access", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_restricts_cross_domain_access", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.3v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_3), "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_3}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Shared Drive Creation new_team_drive_restricts_cross_domain_access", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_restricts_cross_domain_access", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_3) == 0 } @@ -466,10 +462,10 @@ if { # Baseline GWS.DRIVEDOCS.2.4v0.1 #-- NonCompliantOUs2_4 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Shared Drive Creation new_team_drive_restricts_direct_access", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_restricts_direct_access", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -477,27 +473,27 @@ NonCompliantOUs2_4 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.2.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Shared Drive Creation new_team_drive_restricts_direct_access", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_restricts_direct_access", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_4), "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Shared Drive Creation new_team_drive_restricts_direct_access", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_restricts_direct_access", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_4) == 0 } @@ -507,10 +503,10 @@ if { # Baseline GWS.DRIVEDOCS.2.5v0.1 #-- NonCompliantOUs2_5 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Shared Drive Creation new_team_drive_restricts_download", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_restricts_download", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("false", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -518,27 +514,27 @@ NonCompliantOUs2_5 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.2.5v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Shared Drive Creation new_team_drive_restricts_download", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.5v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_5), "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_5}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Shared Drive Creation new_team_drive_restricts_download", TopLevelOU) + Events := utils.FilterEvents("Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_5) == 0 } @@ -554,27 +550,27 @@ if { #-- NoSuchEvent3_1(TopLevelOU) := true if { # No such event... - Events_A := FilterEvents("Link Security Update Settings allow_less_secure_link_user_restore", TopLevelOU) + Events_A := utils.FilterEvents("Link Security Update Settings allow_less_secure_link_user_restore", TopLevelOU) count(Events_A) == 0 } NoSuchEvent3_1(TopLevelOU) := true if { # No such event... - Events := FilterEvents("Link Security Update Settings less_secure_link_option", TopLevelOU) + Events := utils.FilterEvents("Link Security Update Settings less_secure_link_option", TopLevelOU) count(Events) == 0 } default NoSuchEvent3_1(_) := false NonCompliantOUs3_1 contains OU if { - some OU in OUsWithEvents - Events_A := FilterEvents("Link Security Update Settings allow_less_secure_link_user_restore", OU) + some OU in utils.OUsWithEvents + Events_A := utils.FilterEvents("Link Security Update Settings allow_less_secure_link_user_restore", OU) count(Events_A) > 0 - LastEvent_A := GetLastEvent(Events_A) + LastEvent_A := utils.GetLastEvent(Events_A) - Events_B := FilterEvents("Link Security Update Settings less_secure_link_option", OU) + Events_B := utils.FilterEvents("Link Security Update Settings less_secure_link_option", OU) count(Events_B) > 0 - LastEvent_B := GetLastEvent(Events_B) + LastEvent_B := utils.GetLastEvent(Events_B) true in { LastEvent_A.NewValue != "false", @@ -585,26 +581,26 @@ NonCompliantOUs3_1 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.3.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - NoSuchEvent3_1(TopLevelOU) + NoSuchEvent3_1(utils.TopLevelOU) } tests contains { "PolicyId": "GWS.DRIVEDOCS.3.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), "ActualValue" : {"NonComplaintOUs": NonCompliantOUs3_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - not NoSuchEvent3_1(TopLevelOU) + not NoSuchEvent3_1(utils.TopLevelOU) Status := count(NonCompliantOUs3_1) == 0 } #-- @@ -617,10 +613,10 @@ if { # Baseline GWS.DRIVEDOCS.4.1v0.1 #-- NonCompliantOUs4_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ENABLE_DRIVE_APPS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ENABLE_DRIVE_APPS", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -628,14 +624,14 @@ NonCompliantOUs4_1 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.4.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ENABLE_DRIVE_APPS", TopLevelOU) + Events := utils.FilterEvents("ENABLE_DRIVE_APPS", utils.TopLevelOU) count(Events) == 0 } @@ -643,13 +639,13 @@ if { tests contains { "PolicyId": "GWS.DRIVEDOCS.4.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), "ActualValue": {"NonComplaintOUs": NonCompliantOUs4_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ENABLE_DRIVE_APPS", TopLevelOU) + Events := utils.FilterEvents("ENABLE_DRIVE_APPS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } @@ -664,10 +660,10 @@ if { # Baseline GWS.DRIVEDOCS.5.1v0.1 #-- NonCompliantOUs5_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ENABLE_DOCS_ADD_ONS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ENABLE_DOCS_ADD_ONS", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -675,14 +671,14 @@ NonCompliantOUs5_1 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.5.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ENABLE_DOCS_ADD_ONS", TopLevelOU) + Events := utils.FilterEvents("ENABLE_DOCS_ADD_ONS", utils.TopLevelOU) count(Events) == 0 } @@ -690,13 +686,13 @@ if { tests contains { "PolicyId": "GWS.DRIVEDOCS.5.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), "ActualValue": {"NonComplaintOUs": NonCompliantOUs5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ENABLE_DOCS_ADD_ONS", TopLevelOU) + Events := utils.FilterEvents("ENABLE_DOCS_ADD_ONS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } @@ -712,26 +708,26 @@ if { default NoSuchEvent6_1(_) := true NoSuchEvent6_1(TopLevelOU) := false if { - Events := FilterEvents("DriveFsSettingsProto drive_fs_enabled", TopLevelOU) + Events := utils.FilterEvents("DriveFsSettingsProto drive_fs_enabled", TopLevelOU) count(Events) != 0 } NoSuchEvent6_1(TopLevelOU) := false if { # No such event... - Events := FilterEvents("DriveFsSettingsProto company_owned_only_enabled", TopLevelOU) + Events := utils.FilterEvents("DriveFsSettingsProto company_owned_only_enabled", TopLevelOU) count(Events) != 0 } NonCompliantOUs6_1 contains OU if { - some OU in OUsWithEvents - Events_A := FilterEvents("DriveFsSettingsProto drive_fs_enabled", OU) + some OU in utils.OUsWithEvents + Events_A := utils.FilterEvents("DriveFsSettingsProto drive_fs_enabled", OU) count(Events_A) > 0 - LastEvent_A := GetLastEvent(Events_A) + LastEvent_A := utils.GetLastEvent(Events_A) LastEvent_A.NewValue != "DELETE_APPLICATION_SETTING" - Events_B := FilterEvents("DriveFsSettingsProto company_owned_only_enabled", OU) + Events_B := utils.FilterEvents("DriveFsSettingsProto company_owned_only_enabled", OU) count(Events_B) > 0 - LastEvent_B := GetLastEvent(Events_B) + LastEvent_B := utils.GetLastEvent(Events_B) LastEvent_B.NewValue != "DELETE_APPLICATION_SETTING" true in { @@ -743,26 +739,26 @@ NonCompliantOUs6_1 contains OU if { tests contains { "PolicyId": "GWS.DRIVEDOCS.6.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - NoSuchEvent6_1(TopLevelOU) + NoSuchEvent6_1(utils.TopLevelOU) } tests contains { "PolicyId": "GWS.DRIVEDOCS.6.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_1), "ActualValue" : {"NonComplaintOUs": NonCompliantOUs6_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - not NoSuchEvent6_1(TopLevelOU) + not NoSuchEvent6_1(utils.TopLevelOU) Status := count(NonCompliantOUs6_1) == 0 } #-- diff --git a/rego/Gmail.rego b/rego/Gmail.rego index 9a4a6fd9..5ce67204 100644 --- a/rego/Gmail.rego +++ b/rego/Gmail.rego @@ -1,12 +1,7 @@ package gmail + +import data.utils import future.keywords -import data.utils.TopLevelOU -import data.utils.GetLastEvent -import data.utils.FilterEvents -import data.utils.OUsWithEvents -import data.utils.ReportDetailsOUs -import data.utils.FilterEventsNoOU -import data.utils.NoSuchEventDetails Format(Array) := format_int(count(Array), 10) @@ -37,40 +32,40 @@ AllDomains contains Domain.domain if { # Baseline GWS.GMAIL.1.1v0.1 #-- NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.GMAIL.1.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := true - Events := FilterEvents("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.1.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", TopLevelOU) + Events := utils.FilterEvents("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -237,14 +232,14 @@ if { # Baseline GWS.GMAIL.5.1v0.1 #-- NonCompliantOUs5_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -252,28 +247,28 @@ NonCompliantOUs5_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false SettingName := "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.5.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } @@ -282,14 +277,14 @@ if { # Baseline GWS.GMAIL.5.2v0.1 #-- NonCompliantOUs5_2 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Attachment safety Enable: protect against attachments with scripts from untrusted senders" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -297,7 +292,7 @@ NonCompliantOUs5_2 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -305,21 +300,21 @@ tests contains { if { DefaultSafe := false SettingName := "Attachment safety Enable: protect against attachments with scripts from untrusted senders" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.5.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_2}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Attachment safety Enable: protect against attachments with scripts from untrusted senders" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_2) == 0 } @@ -347,14 +342,14 @@ EncryptedAttachmentSettingDetailsStr(LastEvent) := Description if { # Baseline GWS.GMAIL.5.3v0.1 #-- NonCompliantOUs5_3 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Attachment safety Enable: Protect against anomalous attachment types in emails" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -362,7 +357,7 @@ NonCompliantOUs5_3 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -370,21 +365,21 @@ tests contains { if { DefaultSafe := false SettingName := "Attachment safety Enable: Protect against anomalous attachment types in emails" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.5.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_3}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Attachment safety Enable: Protect against anomalous attachment types in emails" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_3) == 0 } @@ -394,13 +389,13 @@ if { # Baseline GWS.GMAIL.5.4v0.1 #-- NonCompliantOUs5_4 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Attachment safety Enable: automatically enables all future added settings", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Attachment safety Enable: automatically enables all future added settings", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -408,27 +403,29 @@ NonCompliantOUs5_4 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.4v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Attachment safety Enable: automatically enables all future added settings", TopLevelOU) + SettingName := "Attachment safety Enable: automatically enables all future added settings" + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.5.4v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Attachment safety Enable: automatically enables all future added settings", TopLevelOU) + SettingName := "Attachment safety Enable: automatically enables all future added settings" + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_4) == 0 } @@ -441,35 +438,35 @@ default NoSuchEvent5_5(_) := true NoSuchEvent5_5(TopLevelOU) := false if { # No such event... - Events := FilterEvents("Attachment safety Encrypted attachment protection setting action", TopLevelOU) + Events := utils.FilterEvents("Attachment safety Encrypted attachment protection setting action", TopLevelOU) count(Events) != 0 } NoSuchEvent5_5(TopLevelOU) := false if { # No such event... - Events := FilterEvents("Attachment safety Attachment with scripts protection action", TopLevelOU) + Events := utils.FilterEvents("Attachment safety Attachment with scripts protection action", TopLevelOU) count(Events) != 0 } NoSuchEvent5_5(TopLevelOU) := false if { # No such event... - Events := FilterEvents("Attachment safety Anomalous attachment protection setting action", TopLevelOU) + Events := utils.FilterEvents("Attachment safety Anomalous attachment protection setting action", TopLevelOU) count(Events) != 0 } NonCompliantOUs5_5 contains OU if { - some OU in OUsWithEvents - Events_A := FilterEvents("Attachment safety Encrypted attachment protection setting action", OU) + some OU in utils.OUsWithEvents + Events_A := utils.FilterEvents("Attachment safety Encrypted attachment protection setting action", OU) count(Events_A) > 0 - LastEvent_A := GetLastEvent(Events_A) + LastEvent_A := utils.GetLastEvent(Events_A) - Events_B := FilterEvents("Attachment safety Attachment with scripts protection action", OU) + Events_B := utils.FilterEvents("Attachment safety Attachment with scripts protection action", OU) count(Events_B) > 0 - LastEvent_B := GetLastEvent(Events_B) + LastEvent_B := utils.GetLastEvent(Events_B) - Events_C := FilterEvents("Attachment safety Anomalous attachment protection setting action", OU) + Events_C := utils.FilterEvents("Attachment safety Anomalous attachment protection setting action", OU) count(Events_C) > 0 - LastEvent_C := GetLastEvent(Events_C) + LastEvent_C := utils.GetLastEvent(Events_C) true in [ LastEvent_A.NewValue == "Show warning", @@ -481,26 +478,26 @@ NonCompliantOUs5_5 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.5v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - NoSuchEvent5_5(TopLevelOU) + NoSuchEvent5_5(utils.TopLevelOU) } tests contains { "PolicyId": "GWS.GMAIL.5.5v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_5), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_5}, "RequirementMet": Status, "NoSuchEvent": false } if { - not NoSuchEvent5_5(TopLevelOU) + not NoSuchEvent5_5(utils.TopLevelOU) Status := count(NonCompliantOUs5_5) == 0 } #-- @@ -526,14 +523,14 @@ tests contains { # Baseline GWS.GMAIL.6.1v0.1 #-- NonCompliantOUs6_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Links and external images safety Enable: identify links behind shortened URLs" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -541,7 +538,7 @@ NonCompliantOUs6_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.6.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -549,21 +546,21 @@ tests contains { if { DefaultSafe := false SettingName := "Links and external images safety Enable: identify links behind shortened URLs" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.6.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_1}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Links and external images safety Enable: identify links behind shortened URLs" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_1) == 0 } @@ -573,10 +570,10 @@ if { # Baseline GWS.GMAIL.6.2v0.1 #-- NonCompliantOUs6_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("Links and external images safety Enable: scan linked images", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("Links and external images safety Enable: scan linked images", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -584,27 +581,27 @@ NonCompliantOUs6_2 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.6.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("Links and external images safety Enable: scan linked images", TopLevelOU) + Events := utils.FilterEvents("Links and external images safety Enable: scan linked images", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.6.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("Links and external images safety Enable: scan linked images", TopLevelOU) + Events := utils.FilterEvents("Links and external images safety Enable: scan linked images", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_2) == 0 } @@ -614,14 +611,14 @@ if { # Baseline GWS.GMAIL.6.3v0.1 #-- NonCompliantOUs6_3 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := concat("", [ "Links and external images safety Enable: show warning prompt for click on links to ", "unstrusted domains" # NOTE: "unstrusted" really is the spelling the API uses ]) - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -629,7 +626,7 @@ NonCompliantOUs6_3 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.6.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -640,14 +637,14 @@ if { "Links and external images safety Enable: show warning prompt for click on links to ", "unstrusted domains" # NOTE: "unstrusted" really is the spelling the API uses ]) - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.6.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_3}, "RequirementMet": Status, "NoSuchEvent": false @@ -657,7 +654,7 @@ if { "Links and external images safety Enable: show warning prompt for click on links to ", "unstrusted domains" # NOTE: "unstrusted" really is the spelling the API uses ]) - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_3) == 0 } @@ -667,14 +664,14 @@ if { # Baseline GWS.GMAIL.6.4v0.1 #-- NonCompliantOUs6_4 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Links and external images safety Enable: automatically enables all future added settings" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -682,7 +679,7 @@ NonCompliantOUs6_4 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.6.4v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -690,21 +687,21 @@ tests contains { if { DefaultSafe := false SettingName := "Links and external images safety Enable: automatically enables all future added settings" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.6.4v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_4}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Links and external images safety Enable: automatically enables all future added settings" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_4) == 0 } @@ -731,14 +728,14 @@ tests contains { # Baseline GWS.GMAIL.7.1v0.1 #-- NonCompliantOUs7_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := concat("", [ "Spoofing and authentication safety Enable: protect against domain spoofing using ", "similar domain names" ]) - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -746,7 +743,7 @@ NonCompliantOUs7_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -757,14 +754,14 @@ if { "Spoofing and authentication safety Enable: protect against domain spoofing using ", "similar domain names" ]) - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_1}, "RequirementMet": Status, "NoSuchEvent": false @@ -774,7 +771,7 @@ if { "Spoofing and authentication safety Enable: protect against domain spoofing using ", "similar domain names" ]) - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_1) == 0 } @@ -784,14 +781,14 @@ if { # Baseline GWS.GMAIL.7.2v0.1 #-- NonCompliantOUs7_2 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Spoofing and authentication safety Enable: protect against spoofing of employee names" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -799,7 +796,7 @@ NonCompliantOUs7_2 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -807,21 +804,21 @@ tests contains { if { DefaultSafe := false SettingName := "Spoofing and authentication safety Enable: protect against spoofing of employee names" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_2}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Spoofing and authentication safety Enable: protect against spoofing of employee names" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_2) == 0 } @@ -831,14 +828,14 @@ if { # Baseline GWS.GMAIL.7.3v0.1 #-- NonCompliantOUs7_3 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -846,7 +843,7 @@ NonCompliantOUs7_3 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -854,21 +851,21 @@ tests contains { if { DefaultSafe := false SettingName := "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_3}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_3) == 0 } @@ -878,14 +875,14 @@ if { # Baseline GWS.GMAIL.7.4v0.1 #-- NonCompliantOUs7_4 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -893,7 +890,7 @@ NonCompliantOUs7_4 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -901,21 +898,21 @@ tests contains { if { DefaultSafe := false SettingName := "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_4}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_4) == 0 } @@ -926,17 +923,17 @@ if { #-- NonCompliantOUs7_5 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := concat("", [ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", "spoofing your domain" ]) - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -944,7 +941,7 @@ NonCompliantOUs7_5 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.5v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -955,14 +952,14 @@ if { "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", "spoofing your domain" ]) - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.5v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_5), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_5}, "RequirementMet": Status, "NoSuchEvent": false @@ -972,7 +969,7 @@ if { "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", "spoofing your domain" ]) - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_5) == 0 } @@ -990,14 +987,14 @@ NoSuchEvent7_6(TopLevelOU) := false if { "Spoofing and authentication safety Protect against domain spoofing based on similar ", "domain names action" ]) - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, TopLevelOU) count(Events) != 0 } NoSuchEvent7_6(TopLevelOU) := false if { # No such event... SettingName := "Spoofing and authentication safety Protect against spoofing of employee names action" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, TopLevelOU) count(Events) != 0 } @@ -1007,14 +1004,14 @@ NoSuchEvent7_6(TopLevelOU) := false if { "Spoofing and authentication safety Protect against domain spoofing based on similar ", "domain names action" ]) - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, TopLevelOU) count(Events) != 0 } NoSuchEvent7_6(TopLevelOU) := false if { # No such event... SettingName := "Spoofing and authentication safety Protect against any unauthenticated emails action" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, TopLevelOU) count(Events) != 0 } @@ -1024,43 +1021,43 @@ NoSuchEvent7_6(TopLevelOU) := false if { "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ", "your domain action" ]) - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, TopLevelOU) count(Events) != 0 } NonCompliantOUs7_6 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingA := concat("", [ "Spoofing and authentication safety Protect against domain spoofing based on ", "similar domain names action" ]) - EventsA := FilterEvents(SettingA, OU) + EventsA := utils.FilterEvents(SettingA, OU) count(EventsA) > 0 - LastEventA := GetLastEvent(EventsA) + LastEventA := utils.GetLastEvent(EventsA) SettingB := "Spoofing and authentication safety Protect against spoofing of employee names action" - EventsB := FilterEvents(SettingB, OU) + EventsB := utils.FilterEvents(SettingB, OU) count(EventsB) > 0 - LastEventB := GetLastEvent(EventsB) + LastEventB := utils.GetLastEvent(EventsB) SettingC := "Spoofing and authentication safety Protect against inbound emails spoofing your domain action" - EventsC := FilterEvents(SettingC, OU) + EventsC := utils.FilterEvents(SettingC, OU) count(EventsC) > 0 - LastEventC := GetLastEvent(EventsC) + LastEventC := utils.GetLastEvent(EventsC) SettingD := "Spoofing and authentication safety Protect against any unauthenticated emails action" - EventsD := FilterEvents(SettingD, OU) + EventsD := utils.FilterEvents(SettingD, OU) count(EventsD) > 0 - LastEventD := GetLastEvent(EventsD) + LastEventD := utils.GetLastEvent(EventsD) SettingE := concat("", [ "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ", "your domain action" ]) - EventsE := FilterEvents(SettingE, OU) + EventsE := utils.FilterEvents(SettingE, OU) count(EventsE) > 0 - LastEventE := GetLastEvent(EventsE) + LastEventE := utils.GetLastEvent(EventsE) # OU is non-compliant if any of the following are true true in [ @@ -1076,26 +1073,26 @@ NonCompliantOUs7_6 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.6v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - NoSuchEvent7_6(TopLevelOU) + NoSuchEvent7_6(utils.TopLevelOU) } tests contains { "PolicyId": "GWS.GMAIL.7.6v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_6), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_6), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_6}, "RequirementMet": Status, "NoSuchEvent": false } if { - not NoSuchEvent7_6(TopLevelOU) + not NoSuchEvent7_6(utils.TopLevelOU) Status := count(NonCompliantOUs7_6) == 0 } #-- @@ -1105,14 +1102,14 @@ if { #-- NonCompliantOUs7_7 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Spoofing and authentication safety Enable: automatically enables all future added settings" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1120,7 +1117,7 @@ NonCompliantOUs7_7 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.7v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": false, "NoSuchEvent": true @@ -1128,21 +1125,21 @@ tests contains { if { DefaultSafe := false SettingName := "Spoofing and authentication safety Enable: automatically enables all future added settings" - Events := FilterEventsNoOU(SettingName) + Events := utils.FilterEventsNoOU(SettingName) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.7v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_7), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_7), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_7}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Spoofing and authentication safety Enable: automatically enables all future added settings" - Events := FilterEventsNoOU(SettingName) + Events := utils.FilterEventsNoOU(SettingName) count(Events) > 0 Status := count(NonCompliantOUs7_7) == 0 } @@ -1171,40 +1168,40 @@ tests contains { # Baseline GWS.GMAIL.8.1v0.1 #-- NonCompliantOUs8_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ENABLE_EMAIL_USER_IMPORT", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ENABLE_EMAIL_USER_IMPORT", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.GMAIL.8.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ENABLE_EMAIL_USER_IMPORT", TopLevelOU) + Events := utils.FilterEvents("ENABLE_EMAIL_USER_IMPORT", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.8.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs8_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs8_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs8_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ENABLE_EMAIL_USER_IMPORT", TopLevelOU) + Events := utils.FilterEvents("ENABLE_EMAIL_USER_IMPORT", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs8_1) == 0 } @@ -1218,10 +1215,10 @@ if { # Baseline GWS.GMAIL.9.1v0.1 #-- NonCompliantOUs9_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("IMAP_ACCESS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("IMAP_ACCESS", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DISABLED" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1229,27 +1226,27 @@ NonCompliantOUs9_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.9.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("IMAP_ACCESS", TopLevelOU) + Events := utils.FilterEvents("IMAP_ACCESS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.9.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs9_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("IMAP_ACCESS", TopLevelOU) + Events := utils.FilterEvents("IMAP_ACCESS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs9_1) == 0 } @@ -1259,13 +1256,13 @@ if { # Baseline GWS.GMAIL.9.2v0.1 #-- NonCompliantOUs9_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ENABLE_POP_ACCESS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ENABLE_POP_ACCESS", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1273,27 +1270,27 @@ NonCompliantOUs9_2 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.9.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ENABLE_POP_ACCESS", TopLevelOU) + Events := utils.FilterEvents("ENABLE_POP_ACCESS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.9.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs9_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ENABLE_POP_ACCESS", TopLevelOU) + Events := utils.FilterEvents("ENABLE_POP_ACCESS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs9_2) == 0 } @@ -1308,10 +1305,10 @@ if { # Baseline GWS.GMAIL.10.1v0.1 #-- NonCompliantOUs10_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ENABLE_OUTLOOK_SYNC", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ENABLE_OUTLOOK_SYNC", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1319,27 +1316,27 @@ NonCompliantOUs10_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.10.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ENABLE_OUTLOOK_SYNC", TopLevelOU) + Events := utils.FilterEvents("ENABLE_OUTLOOK_SYNC", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.10.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs10_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs10_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs10_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ENABLE_OUTLOOK_SYNC", TopLevelOU) + Events := utils.FilterEvents("ENABLE_OUTLOOK_SYNC", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs10_1) == 0 } @@ -1355,13 +1352,13 @@ if { #-- NonCompliantOUs11_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("ENABLE_EMAIL_AUTOFORWARDING", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("ENABLE_EMAIL_AUTOFORWARDING", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1369,27 +1366,27 @@ NonCompliantOUs11_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.11.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("ENABLE_EMAIL_AUTOFORWARDING", TopLevelOU) + Events := utils.FilterEvents("ENABLE_EMAIL_AUTOFORWARDING", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.11.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs11_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs11_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs11_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("ENABLE_EMAIL_AUTOFORWARDING", TopLevelOU) + Events := utils.FilterEvents("ENABLE_EMAIL_AUTOFORWARDING", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs11_1) == 0 } @@ -1404,40 +1401,40 @@ if { # Baseline GWS.GMAIL.12.1v0.1 #-- NonCompliantOUs12_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "1" } tests contains { "PolicyId": "GWS.GMAIL.12.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", TopLevelOU) + Events := utils.FilterEvents("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.12.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs12_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs12_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs12_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", TopLevelOU) + Events := utils.FilterEvents("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs12_1) == 0 } @@ -1452,40 +1449,40 @@ if { # Baseline GWS.GMAIL.13.1v0.1 #-- NonCompliantOUs13_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("OUTBOUND_RELAY_ENABLED", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("OUTBOUND_RELAY_ENABLED", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.GMAIL.13.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("OUTBOUND_RELAY_ENABLED", TopLevelOU) + Events := utils.FilterEvents("OUTBOUND_RELAY_ENABLED", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.13.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs13_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs13_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs13_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("OUTBOUND_RELAY_ENABLED", TopLevelOU) + Events := utils.FilterEvents("OUTBOUND_RELAY_ENABLED", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs13_1) == 0 } @@ -1500,13 +1497,13 @@ if { # Baseline GWS.GMAIL.14.1v0.1 #-- NonCompliantOUs14_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("OutOfDomainWarningProto disable_untrusted_recipient_warning", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("OutOfDomainWarningProto disable_untrusted_recipient_warning", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1514,27 +1511,27 @@ NonCompliantOUs14_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.14.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("OutOfDomainWarningProto disable_untrusted_recipient_warning", TopLevelOU) + Events := utils.FilterEvents("OutOfDomainWarningProto disable_untrusted_recipient_warning", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.14.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs14_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs14_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs14_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("OutOfDomainWarningProto disable_untrusted_recipient_warning", TopLevelOU) + Events := utils.FilterEvents("OutOfDomainWarningProto disable_untrusted_recipient_warning", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs14_1) == 0 } @@ -1579,7 +1576,7 @@ tests contains { "NoSuchEvent": true } if { - Events := FilterEventsNoOU("EMAIL_SPAM_ALLOWLIST") + Events := utils.FilterEventsNoOU("EMAIL_SPAM_ALLOWLIST") count(Events) == 0 } @@ -1592,9 +1589,9 @@ tests contains { "NoSuchEvent": false } if { - Events := FilterEventsNoOU("EMAIL_SPAM_ALLOWLIST") + Events := utils.FilterEventsNoOU("EMAIL_SPAM_ALLOWLIST") count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) Status := LastEvent.NewValue == "[]" } #-- @@ -1608,14 +1605,14 @@ if { # Baseline GWS.GMAIL.16.1v0.1 #-- NonCompliantOUs16_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1623,7 +1620,7 @@ NonCompliantOUs16_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.16.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -1631,21 +1628,21 @@ tests contains { if { DefaultSafe := false SettingName := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.16.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs16_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs16_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs16_1}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs16_1) == 0 } @@ -1660,13 +1657,13 @@ if { # Baseline GWS.GMAIL.17.1v0.1 #-- NonCompliantOUs17_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("AttachmentDeepScanningSettingsProto deep_scanning_enabled", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("AttachmentDeepScanningSettingsProto deep_scanning_enabled", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1675,27 +1672,27 @@ NonCompliantOUs17_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.17.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("AttachmentDeepScanningSettingsProto deep_scanning_enabled", TopLevelOU) + Events := utils.FilterEvents("AttachmentDeepScanningSettingsProto deep_scanning_enabled", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.17.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs17_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs17_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs17_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("AttachmentDeepScanningSettingsProto deep_scanning_enabled", TopLevelOU) + Events := utils.FilterEvents("AttachmentDeepScanningSettingsProto deep_scanning_enabled", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs17_1) == 0 } diff --git a/rego/Groups.rego b/rego/Groups.rego index 7c7c6b8f..c65ae779 100644 --- a/rego/Groups.rego +++ b/rego/Groups.rego @@ -1,11 +1,7 @@ package groups + +import data.utils import future.keywords -import data.utils.TopLevelOU -import data.utils.GetLastEvent -import data.utils.FilterEvents -import data.utils.OUsWithEvents -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails NoGroupsDetails(Groups) := "No Groups found in Organization." if { count(Groups) == 0 @@ -28,40 +24,40 @@ ReportDetailsGroups(Groups) := Message if { # Baseline GWS.GROUPS.1.1v0.1 #-- NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("GroupsSharingSettingsProto collaboration_policy", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("GroupsSharingSettingsProto collaboration_policy", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "CLOSED" } tests contains { "PolicyId": "GWS.GROUPS.1.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("GroupsSharingSettingsProto collaboration_policy", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto collaboration_policy", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GROUPS.1.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("GroupsSharingSettingsProto collaboration_policy", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto collaboration_policy", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -76,40 +72,40 @@ if { # Baseline GWS.GROUPS.2.1v0.1 #-- NonCompliantOUs2_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("GroupsSharingSettingsProto owners_can_allow_external_members", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("GroupsSharingSettingsProto owners_can_allow_external_members", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" } tests contains { "PolicyId": "GWS.GROUPS.2.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("GroupsSharingSettingsProto owners_can_allow_external_members", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto owners_can_allow_external_members", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GROUPS.2.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), "ActualValue": {"NonCompliantOUs":NonCompliantOUs2_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("GroupsSharingSettingsProto owners_can_allow_external_members", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto owners_can_allow_external_members", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -123,40 +119,42 @@ if { # Baseline GWS.GROUPS.3.1v0.1 #-- NonCompliantOUs3_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" } tests contains { "PolicyId": "GWS.GROUPS.3.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public", TopLevelOU) + SettingName := "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GROUPS.3.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public", TopLevelOU) + SettingName := "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } @@ -171,40 +169,40 @@ if { # Baseline GWS.GROUPS.4.1v0.1 #-- NonCompliantOUs4_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("GroupsSharingSettingsProto who_can_create_groups", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("GroupsSharingSettingsProto who_can_create_groups", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ADMIN_ONLY" } tests contains { "PolicyId": "GWS.GROUPS.4.1v0.1", "Criticality": "Should", - "ReportDetails":NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails":utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("GroupsSharingSettingsProto who_can_create_groups", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto who_can_create_groups", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GROUPS.4.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("GroupsSharingSettingsProto who_can_create_groups", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto who_can_create_groups", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } @@ -219,40 +217,40 @@ if { # Baseline GWS.GROUPS.5.1v0.1 #-- NonCompliantOUs5_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("GroupsSharingSettingsProto default_view_topics_access_level", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("GroupsSharingSettingsProto default_view_topics_access_level", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "MEMBERS" } tests contains { "PolicyId": "GWS.GROUPS.5.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("GroupsSharingSettingsProto default_view_topics_access_level", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto default_view_topics_access_level", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GROUPS.5.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("GroupsSharingSettingsProto default_view_topics_access_level", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto default_view_topics_access_level", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } @@ -267,40 +265,40 @@ if { # Baseline GWS.GROUPS.6.1v0.1 #-- NonCompliantOUs6_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("GroupsSharingSettingsProto allow_unlisted_groups", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("GroupsSharingSettingsProto allow_unlisted_groups", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" } tests contains { "PolicyId": "GWS.GROUPS.6.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue":"No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("GroupsSharingSettingsProto allow_unlisted_groups", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto allow_unlisted_groups", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GROUPS.6.1v0.1", "Criticality": "Shall", - "ReportDetails":ReportDetailsOUs(NonCompliantOUs6_1), + "ReportDetails":utils.ReportDetailsOUs(NonCompliantOUs6_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("GroupsSharingSettingsProto allow_unlisted_groups", TopLevelOU) + Events := utils.FilterEvents("GroupsSharingSettingsProto allow_unlisted_groups", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_1) == 0 } diff --git a/rego/Meet.rego b/rego/Meet.rego index b415ac7b..e90bdb25 100644 --- a/rego/Meet.rego +++ b/rego/Meet.rego @@ -1,11 +1,7 @@ package meet + +import data.utils import future.keywords -import data.utils.TopLevelOU -import data.utils.GetLastEvent -import data.utils.FilterEvents -import data.utils.OUsWithEvents -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails ############## # GWS.MEET.1 # @@ -15,10 +11,10 @@ import data.utils.NoSuchEventDetails # Baseline GWS.MEET.1.1v0.1 #-- NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SafetyDomainLockProto users_allowed_to_join", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SafetyDomainLockProto users_allowed_to_join", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "ALL" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -26,27 +22,27 @@ NonCompliantOUs1_1 contains OU if { tests contains { "PolicyId": "GWS.MEET.1.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SafetyDomainLockProto users_allowed_to_join", TopLevelOU) + Events := utils.FilterEvents("SafetyDomainLockProto users_allowed_to_join", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.MEET.1.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SafetyDomainLockProto users_allowed_to_join", TopLevelOU) + Events := utils.FilterEvents("SafetyDomainLockProto users_allowed_to_join", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 # as long as it is not all, this is disabled. @@ -62,10 +58,10 @@ if { # Baseline GWS.MEET.2.1v0.1 #-- NonCompliantOUs2_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SafetyAccessLockProto meetings_allowed_to_join", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SafetyAccessLockProto meetings_allowed_to_join", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "ALL" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -73,27 +69,27 @@ NonCompliantOUs2_1 contains OU if { tests contains { "PolicyId": "GWS.MEET.2.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SafetyAccessLockProto meetings_allowed_to_join", TopLevelOU) + Events := utils.FilterEvents("SafetyAccessLockProto meetings_allowed_to_join", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.MEET.2.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SafetyAccessLockProto meetings_allowed_to_join", TopLevelOU) + Events := utils.FilterEvents("SafetyAccessLockProto meetings_allowed_to_join", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -108,10 +104,10 @@ if { # Baseline GWS.MEET.3.1v0.1 #-- NonCompliantOUs3_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEvents("SafetyModerationLockProto host_management_enabled", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents("SafetyModerationLockProto host_management_enabled", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -119,27 +115,27 @@ NonCompliantOUs3_1 contains OU if { tests contains { "PolicyId": "GWS.MEET.3.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEvents("SafetyModerationLockProto host_management_enabled", TopLevelOU) + Events := utils.FilterEvents("SafetyModerationLockProto host_management_enabled", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.MEET.3.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEvents("SafetyModerationLockProto host_management_enabled", TopLevelOU) + Events := utils.FilterEvents("SafetyModerationLockProto host_management_enabled", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } @@ -153,11 +149,11 @@ if { # Baseline GWS.MEET.4.1v0.1 #-- NonCompliantOUs4_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Warn for external participants External or unidentified participants in a meeting are given a label" - Events := FilterEvents(SettingName, OU) + Events := utils.FilterEvents(SettingName, OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -165,7 +161,7 @@ NonCompliantOUs4_1 contains OU if { tests contains { "PolicyId": "GWS.MEET.4.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -173,21 +169,21 @@ tests contains { if { DefaultSafe := false SettingName := "Warn for external participants External or unidentified participants in a meeting are given a label" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.MEET.4.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Warn for external participants External or unidentified participants in a meeting are given a label" - Events := FilterEvents(SettingName, TopLevelOU) + Events := utils.FilterEvents(SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } diff --git a/rego/Sites.rego b/rego/Sites.rego index ce1d307c..19be2b1c 100644 --- a/rego/Sites.rego +++ b/rego/Sites.rego @@ -1,10 +1,7 @@ package sites + +import data.utils import future.keywords -import data.utils.TopLevelOU -import data.utils.GetLastEvent -import data.utils.OUsWithEvents -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails FilterEventsOU(OrgUnit) := FilteredEvents if { # If there exists at least the root OU and 1 more OU @@ -70,13 +67,13 @@ if { # Baseline GWS.SITES.1.1v0.1 #-- NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsOU(OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -84,27 +81,27 @@ NonCompliantOUs1_1 contains OU if { tests contains { "PolicyId": "GWS.SITES.1.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU(TopLevelOU) + Events := FilterEventsOU(utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.SITES.1.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU(TopLevelOU) + Events := FilterEventsOU(utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } diff --git a/rego/Utils.rego b/rego/Utils.rego index 430e1e19..241c7781 100644 --- a/rego/Utils.rego +++ b/rego/Utils.rego @@ -252,9 +252,7 @@ FilterEvents(SettingName, OrgUnit) := FilteredEvents if { } # Filter the events by just SettingName, ignoring OU -FilterEventsNoOU(SettingName) := FilteredEvents if { - FilteredEvents := { +FilterEventsNoOU(SettingName) := { Event | some Event in SettingChangeEvents; Event.Setting == SettingName - } }