diff --git a/.github/workflows/run_opa_tests.yml b/.github/workflows/run_opa_tests.yml index 9d1005f4..66452086 100644 --- a/.github/workflows/run_opa_tests.yml +++ b/.github/workflows/run_opa_tests.yml @@ -32,3 +32,11 @@ jobs: - name: Run OPA Tests run: opa test rego/*.rego Testing/RegoTests/**/*.rego -v + + - name: Setup Regal + uses: StyraInc/setup-regal@v0.2.0 + with: + version: v0.15.0 + + - name: Run Regal Lint + run: regal lint --format github rego Testing diff --git a/.regal/config.yaml b/.regal/config.yaml new file mode 100644 index 00000000..04f267ab --- /dev/null +++ b/.regal/config.yaml @@ -0,0 +1,60 @@ +# Regal linter configuration +# All rules documented here: +# https://docs.styra.com/regal/category/rules +rules: + custom: + naming-convention: + # Codifying the conventions used in this project. + # By all means, change this to be less restrictive + # if you wish. + level: error + conventions: + - pattern: '^[A-Z]+[a-zA-Z0-9_]+$|^tests$|^test_|^check_' + targets: + - rule + - pattern: '^[A-Z]+[a-zA-Z0-9_]+$' + targets: + - function + - pattern: '^[a-z]+$' + targets: + - package + idiomatic: + no-defined-entrypoint: + # This is a good practice for documentation, and + # compilation to Wasm/IR, but not a requirement. + # Safe to ignore. + level: ignore + imports: + implicit-future-keywords: + # This rule is on it's way out anyway, as future + # versions of OPA will make these keywords standard. + level: ignore + style: + external-reference: + # This rule is quite opinionated / style preference + # safe to ignore. + level: ignore + file-length: + level: ignore + no-whitespace-comment: + # This repo is actually good about this, but frequently + # uses '#--' as a delimeter of sorts. That should be OK, + # and the next version of Regal will allow for exceptions + # like this: https://github.com/StyraInc/regal/issues/379 + level: ignore + opa-fmt: + level: ignore + prefer-snake-case: + # This is the default style preference for Rego, but since + # the style of this project better matches the domain it is + # modeling, we'll ignore this rule in favor of the custom + # naming-convention rule defined above. + level: ignore + rule-length: + level: ignore + todo-comment: + level: ignore + testing: + test-outside-test-package: + # This is just a style preference + level: ignore \ No newline at end of file diff --git a/Testing/RegoTests/calendar/calendar01_test.rego b/Testing/RegoTests/calendar/calendar01_test.rego index de2761f6..503b6d4a 100644 --- a/Testing/RegoTests/calendar/calendar01_test.rego +++ b/Testing/RegoTests/calendar/calendar01_test.rego @@ -26,7 +26,7 @@ test_ExtSharingPrimaryCal_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -66,7 +66,7 @@ test_ExtSharingPrimaryCal_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -102,11 +102,11 @@ test_ExtSharingPrimaryCal_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -153,18 +153,18 @@ test_ExtSharingPrimaryCal_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_ExtSharingPrimaryCal_Correct_V4 if { +test_ExtSharingPrimaryCal_Correct_V5 if { # Test external sharing for primary, inherit from parent PolicyId := "GWS.CALENDAR.1.1v0.1" Output := tests with input as { @@ -204,11 +204,11 @@ test_ExtSharingPrimaryCal_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -237,11 +237,15 @@ test_ExtSharingPrimaryCal_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_ExtSharingPrimaryCal_Incorrect_V2 if { @@ -266,7 +270,7 @@ test_ExtSharingPrimaryCal_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -306,7 +310,7 @@ test_ExtSharingPrimaryCal_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -314,7 +318,8 @@ test_ExtSharingPrimaryCal_Incorrect_V3 if { } test_ExtSharingPrimaryCal_Incorrect_V4 if { - # Test external sharing for primary calendars when there is no event for the Top-level OU but there is one for a different OU + # Test external sharing for primary calendars when there is no event for the Top-level OU + # but there is one for a different OU PolicyId := "GWS.CALENDAR.1.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -335,15 +340,20 @@ test_ExtSharingPrimaryCal_Incorrect_V4 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_ExtSharingPrimaryCal_Incorrect_V5 if { - # Test external sharing for primary calendars when the Top-Level OU is compliant, but a secondary OU is non-compliant + # Test external sharing for primary calendars when the Top-Level OU is compliant, + # but a secondary OU is non-compliant PolicyId := "GWS.CALENDAR.1.1v0.1" Output := tests with input as { "calendar_logs": {"items": [ @@ -375,11 +385,10 @@ test_ExtSharingPrimaryCal_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - print(RuleOutput[0].ReportDetails) RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." } @@ -399,7 +408,7 @@ test_External_Sharing_Options_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/calendar/calendar02_test.rego b/Testing/RegoTests/calendar/calendar02_test.rego index b772105d..d0fdf576 100644 --- a/Testing/RegoTests/calendar/calendar02_test.rego +++ b/Testing/RegoTests/calendar/calendar02_test.rego @@ -26,7 +26,7 @@ test_ExtInvitationsWarning_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -66,7 +66,7 @@ test_ExtInvitationsWarning_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -102,11 +102,11 @@ test_ExtInvitationsWarning_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -153,11 +153,11 @@ test_ExtInvitationsWarning_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -186,11 +186,15 @@ test_ExtInvitationsWarning_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_ExtInvitationsWarning_Incorrect_V2 if { @@ -215,7 +219,7 @@ test_ExtInvitationsWarning_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -255,7 +259,7 @@ test_ExtInvitationsWarning_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -284,11 +288,15 @@ test_ExtInvitationsWarning_Incorrect_V4 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_ExtInvitationsWarning_Incorrect_V5 if { @@ -324,11 +332,10 @@ test_ExtInvitationsWarning_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." } - #-- \ No newline at end of file diff --git a/Testing/RegoTests/calendar/calendar03_test.rego b/Testing/RegoTests/calendar/calendar03_test.rego index 14608fb2..060d701b 100644 --- a/Testing/RegoTests/calendar/calendar03_test.rego +++ b/Testing/RegoTests/calendar/calendar03_test.rego @@ -1,7 +1,6 @@ package calendar import future.keywords - # # Policy 1 #-- @@ -27,11 +26,14 @@ test_ExtSharingSecondaryCal_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Only free busy/information for secondary calendars is shared outside Test Top-Level Domain" + RuleOutput[0].ReportDetails == concat("", [ + "Only free busy/information for secondary calendars ", + " is shared outside Test Top-Level Domain" + ]) } test_ExtSharingSecondaryCal_Correct_V2 if { @@ -67,11 +69,14 @@ test_ExtSharingSecondaryCal_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Only free busy/information for secondary calendars is shared outside Test Top-Level Domain" + RuleOutput[0].ReportDetails == concat("", [ + "Only free busy/information for secondary calendars ", + "is shared outside Test Top-Level Domain" + ]) } test_ExtSharingSecondaryCal_Incorrect_V1 if { @@ -96,11 +101,15 @@ test_ExtSharingSecondaryCal_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Sharing options for secondary calendars are set to the default value." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_ExtSharingSecondaryCal_Incorrect_V2 if { @@ -125,11 +134,14 @@ test_ExtSharingSecondaryCal_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "All information for secondary calendars is shared outside Test Top-Level Domain but outsiders cannot change calendars." + RuleOutput[0].ReportDetails == concat("", [ + "All information for secondary calendars ", + " is shared outside Test Top-Level Domain but outsiders cannot change calendars." + ]) } test_ExtSharingSecondaryCal_Incorrect_V3 if { @@ -165,11 +177,14 @@ test_ExtSharingSecondaryCal_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "All information for secondary calendars is shared outside Test Top-Level Domain but outsiders cannot change calendars." + RuleOutput[0].ReportDetails == concat("", [ + "All information for secondary calendars ", + " is shared outside Test Top-Level Domain but outsiders cannot change calendars." + ]) } # @@ -187,7 +202,7 @@ test_ExternalSharingOptions_Secondary__Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/calendar/calendar04_test.rego b/Testing/RegoTests/calendar/calendar04_test.rego index f5aa82aa..9ce1d4d3 100644 --- a/Testing/RegoTests/calendar/calendar04_test.rego +++ b/Testing/RegoTests/calendar/calendar04_test.rego @@ -27,11 +27,12 @@ test_CalInteropMan_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Calendar interop is not enabled for Test Top-Level Domain" + RuleOutput[0].ReportDetails == + "Calendar interop is not enabled for Test Top-Level Domain" } test_CalInteropMan_Correct_V2 if { @@ -67,11 +68,12 @@ test_CalInteropMan_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Calendar interop is not enabled for Test Top-Level Domain" + RuleOutput[0].ReportDetails == + "Calendar interop is not enabled for Test Top-Level Domain" } test_CalInteropMan_Incorrect_V1 if { @@ -96,11 +98,15 @@ test_CalInteropMan_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Calendar Interop Management settings are set to the default value." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_CalInteropMan_Incorrect_V2 if { @@ -125,7 +131,7 @@ test_CalInteropMan_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -165,7 +171,7 @@ test_CalInteropMan_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -188,7 +194,7 @@ test_OAuth_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/calendar/calendar05_test.rego b/Testing/RegoTests/calendar/calendar05_test.rego index b6ea0dc7..6700b74f 100644 --- a/Testing/RegoTests/calendar/calendar05_test.rego +++ b/Testing/RegoTests/calendar/calendar05_test.rego @@ -25,7 +25,7 @@ test_CalendarAppointmentSlot_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -63,7 +63,7 @@ test_CalendarAppointmentSlot_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -97,11 +97,11 @@ test_CalendarAppointmentSlot_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -129,11 +129,15 @@ test_CalendarAppointmentSlot_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_CalendarAppointmentSlot_Incorrect_V2 if { @@ -157,7 +161,7 @@ test_CalendarAppointmentSlot_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -195,7 +199,7 @@ test_CalendarAppointmentSlot_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -223,7 +227,7 @@ test_CalendarAppointmentSlot_Incorrect_V4 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -257,11 +261,11 @@ test_CalendarAppointmentSlot_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/chat/chat01_test.rego b/Testing/RegoTests/chat/chat01_test.rego index 0baa185b..b2a2b4a3 100644 --- a/Testing/RegoTests/chat/chat01_test.rego +++ b/Testing/RegoTests/chat/chat01_test.rego @@ -25,7 +25,7 @@ test_History_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -63,7 +63,7 @@ test_History_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -97,11 +97,11 @@ test_History_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -145,11 +145,11 @@ test_History_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -193,12 +193,11 @@ test_History_Correct_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -226,11 +225,15 @@ test_History_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_History_Incorrect_V2 if { @@ -254,7 +257,7 @@ test_History_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -292,7 +295,7 @@ test_History_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -320,11 +323,15 @@ test_History_Incorrect_V4 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } #-- @@ -359,7 +366,7 @@ test_History_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -379,7 +386,10 @@ test_Change_History_Setting_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -391,7 +401,7 @@ test_Change_History_Setting_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -407,7 +417,10 @@ test_Change_History_Setting_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -417,7 +430,10 @@ test_Change_History_Setting_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -429,7 +445,7 @@ test_Change_History_Setting_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -445,7 +461,10 @@ test_Change_History_Setting_Correct_V3 if { "id": {"time": "2020-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -456,7 +475,10 @@ test_Change_History_Setting_Correct_V3 if { "events": [{ "name": "DELETE_APPLICATION_SETTING", "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, ] }] @@ -465,7 +487,10 @@ test_Change_History_Setting_Correct_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, ] @@ -473,12 +498,11 @@ test_Change_History_Setting_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -506,11 +530,15 @@ test_Change_History_Setting_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_Change_History_Setting_Incorrect_V2 if { @@ -522,7 +550,10 @@ test_Change_History_Setting_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -534,7 +565,7 @@ test_Change_History_Setting_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -550,7 +581,10 @@ test_Change_History_Setting_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -560,7 +594,10 @@ test_Change_History_Setting_Incorrect_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -572,7 +609,7 @@ test_Change_History_Setting_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -589,7 +626,10 @@ test_Change_History_Setting_Incorrect_V4 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -599,7 +639,10 @@ test_Change_History_Setting_Incorrect_V4 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -607,11 +650,11 @@ test_Change_History_Setting_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -628,7 +671,10 @@ test_Change_History_Setting_Incorrect_V5 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "ChatArchivingProto allow_chat_archiving_setting_modification"}, + { + "name": "SETTING_NAME", + "value": "ChatArchivingProto allow_chat_archiving_setting_modification" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -640,10 +686,14 @@ test_Change_History_Setting_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } #-- \ No newline at end of file diff --git a/Testing/RegoTests/chat/chat02_test.rego b/Testing/RegoTests/chat/chat02_test.rego index b7d98615..2038b0d9 100644 --- a/Testing/RegoTests/chat/chat02_test.rego +++ b/Testing/RegoTests/chat/chat02_test.rego @@ -13,7 +13,10 @@ test_External_File_Sharing_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "NO_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -25,7 +28,7 @@ test_External_File_Sharing_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -33,7 +36,8 @@ test_External_File_Sharing_Correct_V1 if { } test_External_File_Sharing_Correct_V2 if { - # Test users are not allowed to share files externally when there's multiple events and the most most recent is correct + # Test users are not allowed to share files externally when there's multiple events + # and the most most recent is correct PolicyId := "GWS.CHAT.2.1v0.1" Output := tests with input as { "chat_logs": {"items": [ @@ -41,7 +45,10 @@ test_External_File_Sharing_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "NO_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -51,7 +58,10 @@ test_External_File_Sharing_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "ALLOW_ALL_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -63,7 +73,7 @@ test_External_File_Sharing_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -79,7 +89,10 @@ test_External_File_Sharing_Correct_V3 if { "id": {"time": "2020-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "NO_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -89,7 +102,10 @@ test_External_File_Sharing_Correct_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "ALLOW_ALL_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, ] @@ -100,18 +116,21 @@ test_External_File_Sharing_Correct_V3 if { "events": [{ "name": "DELETE_APPLICATION_SETTING", "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, ] }] } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -139,11 +158,15 @@ test_External_File_Sharing_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_External_File_Sharing_Incorrect_V2 if { @@ -155,7 +178,10 @@ test_External_File_Sharing_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "ALLOW_ALL_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -167,7 +193,7 @@ test_External_File_Sharing_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -183,7 +209,10 @@ test_External_File_Sharing_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "IMAGES_ONLY"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -195,7 +224,7 @@ test_External_File_Sharing_Incorrect_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -211,7 +240,10 @@ test_External_File_Sharing_Incorrect_V4 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "ALLOW_ALL_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -221,7 +253,10 @@ test_External_File_Sharing_Incorrect_V4 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "NO_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -233,7 +268,7 @@ test_External_File_Sharing_Incorrect_V4 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -249,7 +284,10 @@ test_External_File_Sharing_Incorrect_V5 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "IMAGES_ONLY"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -259,7 +297,10 @@ test_External_File_Sharing_Incorrect_V5 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "NO_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -271,7 +312,7 @@ test_External_File_Sharing_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -287,7 +328,10 @@ test_External_File_Sharing_Incorrect_V6 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "NO_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Some other OU"}, ] @@ -299,11 +343,15 @@ test_External_File_Sharing_Incorrect_V6 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_External_File_Sharing_Incorrect_V7 if { @@ -315,7 +363,10 @@ test_External_File_Sharing_Incorrect_V7 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "ALLOW_ALL_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Some other OU"}, ] @@ -325,7 +376,10 @@ test_External_File_Sharing_Incorrect_V7 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting"}, + { + "name": "SETTING_NAME", + "value": "DynamiteFileSharingSettingsProto external_file_sharing_setting" + }, {"name": "NEW_VALUE", "value": "NO_FILES"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -337,7 +391,7 @@ test_External_File_Sharing_Incorrect_V7 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/chat/chat03_test.rego b/Testing/RegoTests/chat/chat03_test.rego index e9e325fd..ea0f5af1 100644 --- a/Testing/RegoTests/chat/chat03_test.rego +++ b/Testing/RegoTests/chat/chat03_test.rego @@ -25,7 +25,7 @@ test_Space_History_Setting_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -53,7 +53,7 @@ test_Space_History_Setting_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -91,7 +91,7 @@ test_Space_History_Setting_Correct_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -129,7 +129,7 @@ test_Space_History_Setting_Correct_V4 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -157,11 +157,15 @@ test_Space_History_Setting_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_Space_History_Setting_Incorrect_V2 if { @@ -185,7 +189,7 @@ test_Space_History_Setting_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -213,7 +217,7 @@ test_Space_History_Setting_Incorrect_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -251,7 +255,7 @@ test_Space_History_Setting_Incorrect_V4 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -289,7 +293,7 @@ test_Space_History_Setting_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -317,11 +321,15 @@ test_Space_History_Setting_Incorrect_V6 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_Space_History_Setting_Incorrect_V7 if { @@ -355,7 +363,7 @@ test_Space_History_Setting_Incorrect_V7 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/chat/chat04_test.rego b/Testing/RegoTests/chat/chat04_test.rego index 33a50e29..ea986436 100644 --- a/Testing/RegoTests/chat/chat04_test.rego +++ b/Testing/RegoTests/chat/chat04_test.rego @@ -25,7 +25,7 @@ test_External_Chat_Setting_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -63,7 +63,7 @@ test_External_Chat_Setting_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -101,7 +101,7 @@ test_External_Chat_Setting_Correct_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -145,11 +145,11 @@ test_External_Chat_Setting_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -177,11 +177,15 @@ test_External_Chat_Setting_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_External_Chat_Setting_Incorrect_V2 if { @@ -205,7 +209,7 @@ test_External_Chat_Setting_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -243,7 +247,7 @@ test_External_Chat_Setting_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -281,11 +285,15 @@ test_External_Chat_Setting_Incorrect_V4 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_External_Chat_Setting_Incorrect_V5 if { @@ -319,7 +327,7 @@ test_External_Chat_Setting_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -351,7 +359,7 @@ test_AllowListed_Setting_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -389,7 +397,7 @@ test_AllowListed_Setting_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -433,11 +441,11 @@ test_AllowListed_Setting_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -465,11 +473,15 @@ test_AllowListed_Setting_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_AllowListed_Setting_Incorrect_V2 if { @@ -493,7 +505,7 @@ test_AllowListed_Setting_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -531,7 +543,7 @@ test_AllowListed_Setting_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -559,11 +571,15 @@ test_AllowListed_Setting_Incorrect_V4 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_AllowListed_Setting_Incorrect_V5 if { @@ -597,7 +613,7 @@ test_AllowListed_Setting_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/chat/chat05_test.rego b/Testing/RegoTests/chat/chat05_test.rego index 10d031b8..97007808 100644 --- a/Testing/RegoTests/chat/chat05_test.rego +++ b/Testing/RegoTests/chat/chat05_test.rego @@ -25,7 +25,7 @@ test_External_Chat_App_Setting_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -63,7 +63,7 @@ test_External_Chat_App_Setting_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -92,11 +92,15 @@ test_External_Chat_App_Setting_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_External_Chat_App_Setting_Incorrect_V2 if { @@ -120,7 +124,7 @@ test_External_Chat_App_Setting_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -158,7 +162,7 @@ test_External_Chat_App_Setting_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -186,11 +190,15 @@ test_External_Chat_App_Setting_Incorrect_V4 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_External_Chat_App_Setting_Incorrect_V5 if { @@ -224,7 +232,7 @@ test_External_Chat_App_Setting_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/chat/chat06_test.rego b/Testing/RegoTests/chat/chat06_test.rego index 8a8991d5..dbf398bb 100644 --- a/Testing/RegoTests/chat/chat06_test.rego +++ b/Testing/RegoTests/chat/chat06_test.rego @@ -16,7 +16,7 @@ test_FromList_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/classroom/classroom01_test.rego b/Testing/RegoTests/classroom/classroom01_test.rego index a43dd204..08b9233c 100644 --- a/Testing/RegoTests/classroom/classroom01_test.rego +++ b/Testing/RegoTests/classroom/classroom01_test.rego @@ -27,7 +27,7 @@ test_JoinClassroom_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -68,7 +68,7 @@ test_JoinClassroom_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -97,7 +97,7 @@ test_JoinClassroom_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -138,7 +138,7 @@ test_JoinClassroom_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -167,11 +167,15 @@ test_JoinClassroom_Incorrect_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } #-- @@ -202,7 +206,7 @@ test_WhichClasses_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -243,7 +247,7 @@ test_WhichClasses_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -272,7 +276,7 @@ test_WhichClasses_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -312,7 +316,7 @@ test_WhichClasses_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -341,9 +345,13 @@ test_WhichClasses_Incorrect_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } \ No newline at end of file diff --git a/Testing/RegoTests/classroom/classroom02_test.rego b/Testing/RegoTests/classroom/classroom02_test.rego index 82d4b3e8..b35834e7 100644 --- a/Testing/RegoTests/classroom/classroom02_test.rego +++ b/Testing/RegoTests/classroom/classroom02_test.rego @@ -27,7 +27,7 @@ test_APIAccess_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -68,7 +68,7 @@ test_APIAccess_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -102,11 +102,11 @@ test_APIAccess_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -150,11 +150,11 @@ test_APIAccess_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -183,7 +183,7 @@ test_APIAccess_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -224,7 +224,7 @@ test_APIAccess_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -254,11 +254,15 @@ test_APIAccess_Incorrect_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_APIAccess_Incorrect_V4 if { # Test allow API Access is disabled when there are multiple OU and a secondary OU is wrong @@ -287,11 +291,11 @@ test_APIAccess_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -320,11 +324,15 @@ test_APIAccess_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_APIAccess_Incorrect_V6 if { @@ -348,7 +356,7 @@ test_APIAccess_Incorrect_V6 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -386,7 +394,7 @@ test_APIAccess_Incorrect_V7 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -420,11 +428,11 @@ test_APIAccess_Incorrect_V8 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -453,10 +461,14 @@ test_APIAccess_Incorrect_V9 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } #-- diff --git a/Testing/RegoTests/classroom/classroom03_test.rego b/Testing/RegoTests/classroom/classroom03_test.rego index 6d3d935f..eefe9c04 100644 --- a/Testing/RegoTests/classroom/classroom03_test.rego +++ b/Testing/RegoTests/classroom/classroom03_test.rego @@ -27,7 +27,7 @@ test_CleverRosterDisabled_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -68,7 +68,7 @@ test_CleverRosterDisabled_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -102,11 +102,11 @@ test_CleverRosterDisabled_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -150,11 +150,11 @@ test_CleverRosterDisabled_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -183,7 +183,7 @@ test_CleverRosterDisabled_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -224,7 +224,7 @@ test_CleverRosterDisabled_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -254,11 +254,15 @@ test_CleverRosterDisabled_Incorrect_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is compliant; manual check recommended." + ]) } test_CleverRosterDisabled_Incorrect_V4 if { # Test allow Clever Roster is disabled when there are multiple OU and a secondary OU is wrong @@ -287,11 +291,11 @@ test_CleverRosterDisabled_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -320,11 +324,15 @@ test_CleverRosterDisabled_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is compliant; manual check recommended." + ]) } test_CleverRosterDisabled_Incorrect_V6 if { @@ -348,7 +356,7 @@ test_CleverRosterDisabled_Incorrect_V6 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -386,7 +394,7 @@ test_CleverRosterDisabled_Incorrect_V7 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -420,11 +428,11 @@ test_CleverRosterDisabled_Incorrect_V8 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -453,10 +461,14 @@ test_CleverRosterDisabled_Incorrect_V9 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is compliant; manual check recommended." + ]) } #-- diff --git a/Testing/RegoTests/classroom/classroom04_test.rego b/Testing/RegoTests/classroom/classroom04_test.rego index bc78f090..1fbcd91e 100644 --- a/Testing/RegoTests/classroom/classroom04_test.rego +++ b/Testing/RegoTests/classroom/classroom04_test.rego @@ -27,7 +27,7 @@ test_UnenrollStudents_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -68,7 +68,7 @@ test_UnenrollStudents_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -102,11 +102,11 @@ test_UnenrollStudents_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -150,11 +150,11 @@ test_UnenrollStudents_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -183,7 +183,7 @@ test_UnenrollStudents_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -224,7 +224,7 @@ test_UnenrollStudents_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -254,11 +254,15 @@ test_UnenrollStudents_Incorrect_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is compliant; manual check recommended." + ]) } test_UnenrollStudents_Incorrect_V4 if { # Test allow only teachers can unenroll students when there are multiple OU and a secondary OU is wrong @@ -287,11 +291,11 @@ test_UnenrollStudents_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -320,11 +324,15 @@ test_UnenrollStudents_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is compliant; manual check recommended." + ]) } test_UnenrollStudents_Incorrect_V6 if { @@ -348,7 +356,7 @@ test_UnenrollStudents_Incorrect_V6 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -386,7 +394,7 @@ test_UnenrollStudents_Incorrect_V7 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -420,11 +428,11 @@ test_UnenrollStudents_Incorrect_V8 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -453,10 +461,14 @@ test_UnenrollStudents_Incorrect_V9 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is compliant; manual check recommended." + ]) } #-- diff --git a/Testing/RegoTests/commoncontrols/commoncontrols03_test.rego b/Testing/RegoTests/commoncontrols/commoncontrols03_test.rego index 71be89eb..55a47f41 100644 --- a/Testing/RegoTests/commoncontrols/commoncontrols03_test.rego +++ b/Testing/RegoTests/commoncontrols/commoncontrols03_test.rego @@ -250,7 +250,7 @@ test_SSO_Incorrect_V4 if { "is non-compliant; manual check recommended." ])} -test_SSO_Incorrect_V4 if { +test_SSO_Incorrect_V5 if { # Test multiple OUs PolicyId := "GWS.COMMONCONTROLS.3.1v0.1" Output := tests with input as { diff --git a/Testing/RegoTests/commoncontrols/commoncontrols04_test.rego b/Testing/RegoTests/commoncontrols/commoncontrols04_test.rego index 183a76f9..6d453d15 100644 --- a/Testing/RegoTests/commoncontrols/commoncontrols04_test.rego +++ b/Testing/RegoTests/commoncontrols/commoncontrols04_test.rego @@ -319,7 +319,7 @@ test_Limit_Incorrect_V4 if { "is non-compliant; manual check recommended." ])} -test_Limit_Incorrect_V4 if { +test_Limit_Incorrect_V5 if { # Test no relevant events in top-level OU PolicyId := "GWS.COMMONCONTROLS.4.1v0.1" Output := tests with input as { diff --git a/Testing/RegoTests/commoncontrols/commoncontrols14_test.rego b/Testing/RegoTests/commoncontrols/commoncontrols14_test.rego index 95f0d03a..28f0f1eb 100644 --- a/Testing/RegoTests/commoncontrols/commoncontrols14_test.rego +++ b/Testing/RegoTests/commoncontrols/commoncontrols14_test.rego @@ -213,9 +213,9 @@ test_Individual_Correct_V5 if { RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId; Result.Criticality == "Shall"] - # Note the additional filter: this is because - # there are actually two tests with the same requirement string for this one, - # as it has both a testable portion and a not-implementable portion + # Note the additional filter: this is because + # there are actually two tests with the same requirement string for this one, + # as it has both a testable portion and a not-implementable portion count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/drive/drive01_test.rego b/Testing/RegoTests/drive/drive01_test.rego index 10dac0c4..d0226086 100644 --- a/Testing/RegoTests/drive/drive01_test.rego +++ b/Testing/RegoTests/drive/drive01_test.rego @@ -25,8 +25,7 @@ test_Sharing_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -64,7 +63,7 @@ test_Sharing_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -98,11 +97,11 @@ test_Sharing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -130,12 +129,15 @@ test_Sharing_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_Sharing_Incorrect_V2 if { @@ -159,8 +161,7 @@ test_Sharing_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -198,7 +199,7 @@ test_Sharing_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -232,11 +233,11 @@ test_Sharing_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -264,18 +265,22 @@ test_Sharing_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } +#-- # # GWS.DRIVEDOCS.1.2v0.1 #-- -test_SharingChecker_Correct_V1 if { +test_Receiving_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.1.2v0.1" Output := tests with input as { @@ -296,15 +301,14 @@ test_SharingChecker_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V2 if { +test_Receiving_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.1.2v0.1" Output := tests with input as { @@ -335,14 +339,14 @@ test_SharingChecker_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V3 if { +test_Receiving_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.1.2v0.1" Output := tests with input as { @@ -369,18 +373,18 @@ test_SharingChecker_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Incorrect_V1 if { +test_Receiving_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.1.2v0.1" Output := tests with input as { @@ -401,15 +405,18 @@ test_SharingChecker_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_SharingChecker_Incorrect_V2 if { +test_Receiving_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.1.2v0.1" Output := tests with input as { @@ -430,14 +437,14 @@ test_SharingChecker_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V3 if { +test_Receiving_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.1.2v0.1" Output := tests with input as { @@ -468,14 +475,14 @@ test_SharingChecker_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V4 if { +test_Receiving_Incorrect_V4 if { # Test sharing setting when there are multiple OUs, top OU is compliant but secondary isn't PolicyId := "GWS.DRIVEDOCS.1.2v0.1" Output := tests with input as { @@ -502,18 +509,18 @@ test_SharingChecker_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_SharingChecker_Incorrect_V5 if { +test_Receiving_Incorrect_V5 if { # Test sharing setting when top level OU is not present PolicyId := "GWS.DRIVEDOCS.1.2v0.1" Output := tests with input as { @@ -534,17 +541,21 @@ test_SharingChecker_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } # # GWS.DRIVEDOCS.1.3v0.1 #-- -test_SharingChecker_Correct_V1 if { +test_Warnings_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.1.3v0.1" Output := tests with input as { @@ -565,15 +576,14 @@ test_SharingChecker_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V2 if { +test_Warnings_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.1.3v0.1" Output := tests with input as { @@ -604,14 +614,14 @@ test_SharingChecker_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V3 if { +test_Warningsr_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.1.3v0.1" Output := tests with input as { @@ -638,18 +648,18 @@ test_SharingChecker_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Incorrect_V1 if { +test_Warnings_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.1.3v0.1" Output := tests with input as { @@ -670,15 +680,18 @@ test_SharingChecker_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_SharingChecker_Incorrect_V2 if { +test_Warnings_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.1.3v0.1" Output := tests with input as { @@ -699,14 +712,14 @@ test_SharingChecker_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V3 if { +test_Warningsr_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.1.3v0.1" Output := tests with input as { @@ -737,14 +750,14 @@ test_SharingChecker_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V4 if { +test_Warnings_Incorrect_V4 if { # Test sharing setting when Top OU is correct but not secondary OU PolicyId := "GWS.DRIVEDOCS.1.3v0.1" Output := tests with input as { @@ -771,18 +784,18 @@ test_SharingChecker_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_SharingChecker_Incorrect_V5 if { +test_Warnings_Incorrect_V5 if { # Test sharing setting when Top OU is not present PolicyId := "GWS.DRIVEDOCS.1.3v0.1" Output := tests with input as { @@ -803,17 +816,21 @@ test_SharingChecker_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } # # GWS.DRIVEDOCS.1.4v0.1 #-- -test_SharingChecker_Correct_V1 if { +test_NonGoogle_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.1.4v0.1" Output := tests with input as { @@ -834,15 +851,14 @@ test_SharingChecker_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V2 if { +test_NonGoogle_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.1.4v0.1" Output := tests with input as { @@ -873,14 +889,14 @@ test_SharingChecker_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V3 if { +test_NonGoogle_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.1.4v0.1" Output := tests with input as { @@ -907,18 +923,18 @@ test_SharingChecker_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Incorrect_V1 if { +test_NonGoogle_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.1.4v0.1" Output := tests with input as { @@ -939,15 +955,18 @@ test_SharingChecker_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_SharingChecker_Incorrect_V2 if { +test_NonGoogle_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.1.4v0.1" Output := tests with input as { @@ -968,14 +987,14 @@ test_SharingChecker_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V3 if { +test_NonGoogle_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.1.4v0.1" Output := tests with input as { @@ -1006,14 +1025,14 @@ test_SharingChecker_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V4 if { +test_NonGoogle_Incorrect_V4 if { # Test sharing setting when Top OU is correct but not secondary OU PolicyId := "GWS.DRIVEDOCS.1.4v0.1" Output := tests with input as { @@ -1040,18 +1059,18 @@ test_SharingChecker_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_SharingChecker_Incorrect_V5 if { +test_NonGoogle_Incorrect_V5 if { # Test sharing setting when Top OU is not present PolicyId := "GWS.DRIVEDOCS.1.4v0.1" Output := tests with input as { @@ -1072,17 +1091,21 @@ test_SharingChecker_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } # # GWS.DRIVEDOCS.1.5v0.1 #-- -test_SharingChecker_Correct_V1 if { +test_Link_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.1.5v0.1" Output := tests with input as { @@ -1103,15 +1126,14 @@ test_SharingChecker_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V2 if { +test_Link_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.1.5v0.1" Output := tests with input as { @@ -1142,14 +1164,14 @@ test_SharingChecker_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V3 if { +test_Link_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.1.5v0.1" Output := tests with input as { @@ -1176,18 +1198,18 @@ test_SharingChecker_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Incorrect_V1 if { +test_Link_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.1.5v0.1" Output := tests with input as { @@ -1208,15 +1230,18 @@ test_SharingChecker_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_SharingChecker_Incorrect_V2 if { +test_Link_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.1.5v0.1" Output := tests with input as { @@ -1237,14 +1262,14 @@ test_SharingChecker_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V3 if { +test_Link_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.1.5v0.1" Output := tests with input as { @@ -1275,14 +1300,14 @@ test_SharingChecker_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V4 if { +test_Link_Incorrect_V4 if { # Test sharing setting when Top OU is correct but not secondary OU PolicyId := "GWS.DRIVEDOCS.1.5v0.1" Output := tests with input as { @@ -1309,18 +1334,18 @@ test_SharingChecker_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_SharingChecker_Incorrect_V5 if { +test_Link_Incorrect_V5 if { # Test sharing setting when Top OU is not present PolicyId := "GWS.DRIVEDOCS.1.5v0.1" Output := tests with input as { @@ -1341,16 +1366,21 @@ test_SharingChecker_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } +#-- + # # GWS.DRIVEDOCS.1.6v0.1 #-- - test_SharingChecker_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.1.6v0.1" @@ -1372,8 +1402,7 @@ test_SharingChecker_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -1411,7 +1440,7 @@ test_SharingChecker_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -1445,11 +1474,11 @@ test_SharingChecker_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -1477,12 +1506,15 @@ test_SharingChecker_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_SharingChecker_Incorrect_V2 if { @@ -1506,7 +1538,7 @@ test_SharingChecker_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -1544,7 +1576,7 @@ test_SharingChecker_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -1578,11 +1610,11 @@ test_SharingChecker_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -1610,17 +1642,21 @@ test_SharingChecker_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } # # GWS.DRIVEDOCS.1.7v0.1 #-- -test_SharingChecker_Correct_V1 if { +test_CrossDomain_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.1.7v0.1" Output := tests with input as { @@ -1641,15 +1677,14 @@ test_SharingChecker_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V2 if { +test_CrossDomain_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.1.7v0.1" Output := tests with input as { @@ -1680,14 +1715,14 @@ test_SharingChecker_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V3 if { +test_CrossDomain_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.1.7v0.1" Output := tests with input as { @@ -1714,18 +1749,18 @@ test_SharingChecker_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Incorrect_V1 if { +test_CrossDomain_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.1.7v0.1" Output := tests with input as { @@ -1746,15 +1781,18 @@ test_SharingChecker_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_SharingChecker_Incorrect_V2 if { +test_CrossDomain_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.1.7v0.1" Output := tests with input as { @@ -1775,14 +1813,14 @@ test_SharingChecker_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V3 if { +test_CrossDomain_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.1.7v0.1" Output := tests with input as { @@ -1813,14 +1851,14 @@ test_SharingChecker_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V4 if { +test_CrossDomain_Incorrect_V4 if { # Test sharing setting when Top OU is correct but not secondary OU PolicyId := "GWS.DRIVEDOCS.1.7v0.1" Output := tests with input as { @@ -1847,18 +1885,18 @@ test_SharingChecker_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_SharingChecker_Incorrect_V5 if { +test_CrossDomain_Incorrect_V5 if { # Test sharing setting when Top OU is not present PolicyId := "GWS.DRIVEDOCS.1.7v0.1" Output := tests with input as { @@ -1879,17 +1917,22 @@ test_SharingChecker_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } +#-- # # GWS.DRIVEDOCS.1.8v0.1 #-- -test_SharingChecker_Correct_V1 if { +test_Default_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.1.8v0.1" Output := tests with input as { @@ -1910,15 +1953,14 @@ test_SharingChecker_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V2 if { +test_Default_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.1.8v0.1" Output := tests with input as { @@ -1949,14 +1991,14 @@ test_SharingChecker_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Correct_V3 if { +test_Default_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.1.8v0.1" Output := tests with input as { @@ -1983,18 +2025,18 @@ test_SharingChecker_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SharingChecker_Incorrect_V1 if { +test_Default_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.1.8v0.1" Output := tests with input as { @@ -2015,15 +2057,18 @@ test_SharingChecker_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_SharingChecker_Incorrect_V2 if { +test_Default_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.1.8v0.1" Output := tests with input as { @@ -2044,14 +2089,14 @@ test_SharingChecker_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V3 if { +test_Default_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.1.8v0.1" Output := tests with input as { @@ -2082,14 +2127,14 @@ test_SharingChecker_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_SharingChecker_Incorrect_V4 if { +test_Default_Incorrect_V4 if { # Test sharing setting when Top OU is correct but not secondary OU PolicyId := "GWS.DRIVEDOCS.1.8v0.1" Output := tests with input as { @@ -2116,18 +2161,18 @@ test_SharingChecker_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_SharingChecker_Incorrect_V5 if { +test_Default_Incorrect_V5 if { # Test sharing setting when Top OU is not present PolicyId := "GWS.DRIVEDOCS.1.8v0.1" Output := tests with input as { @@ -2148,9 +2193,13 @@ test_SharingChecker_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } \ No newline at end of file diff --git a/Testing/RegoTests/drive/drive02_test.rego b/Testing/RegoTests/drive/drive02_test.rego index 7d482b00..f61ec950 100644 --- a/Testing/RegoTests/drive/drive02_test.rego +++ b/Testing/RegoTests/drive/drive02_test.rego @@ -25,8 +25,7 @@ test_Sharing_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -64,7 +63,7 @@ test_Sharing_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -98,11 +97,11 @@ test_Sharing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -130,12 +129,15 @@ test_Sharing_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_Sharing_Incorrect_V2 if { @@ -159,7 +161,7 @@ test_Sharing_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -197,7 +199,7 @@ test_Sharing_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -231,11 +233,11 @@ test_Sharing_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -263,17 +265,21 @@ test_Sharing_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } # -# Baseline 2.2 - Policy 2 +# GWS.DRIVEDOCS.2.2v0.1 #-- -test_Sharing_Correct_V1 if { +test_Managers_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { @@ -294,15 +300,14 @@ test_Sharing_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Correct_V2 if { +test_Managers_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { @@ -333,14 +338,14 @@ test_Sharing_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Correct_V3 if { +test_Managers_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { @@ -367,18 +372,18 @@ test_Sharing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Incorrect_V1 if { +test_Managers_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { @@ -399,15 +404,18 @@ test_Sharing_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_Sharing_Incorrect_V2 if { +test_Managers_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { @@ -428,14 +436,14 @@ test_Sharing_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_Sharing_Incorrect_V3 if { +test_Managers_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { @@ -466,14 +474,14 @@ test_Sharing_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_Sharing_Incorrect_V4 if { +test_Managers_Incorrect_V4 if { # Test sharing setting when top OU is correct but secondary isn't PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { @@ -500,18 +508,18 @@ test_Sharing_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_Sharing_Incorrect_V5 if { +test_Managers_Incorrect_V5 if { # Test sharing setting when top OU is missing PolicyId := "GWS.DRIVEDOCS.2.2v0.1" Output := tests with input as { @@ -532,17 +540,21 @@ test_Sharing_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } # -# Baseline 2.2 - Policy 3 +# GWS.DRIVEDOCS.2.3v0.1 #-- -test_Sharing_Correct_V1 if { +test_Outside_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { @@ -551,7 +563,10 @@ test_Sharing_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -563,15 +578,14 @@ test_Sharing_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Correct_V2 if { +test_Outside_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { @@ -580,7 +594,10 @@ test_Sharing_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -590,7 +607,10 @@ test_Sharing_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -602,14 +622,14 @@ test_Sharing_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Correct_V3 if { +test_Outside_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { @@ -618,7 +638,10 @@ test_Sharing_Correct_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -628,7 +651,10 @@ test_Sharing_Correct_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, ] @@ -636,18 +662,18 @@ test_Sharing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Incorrect_V1 if { +test_Outside_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { @@ -668,15 +694,18 @@ test_Sharing_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_Sharing_Incorrect_V2 if { +test_Outside_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { @@ -685,7 +714,10 @@ test_Sharing_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -697,14 +729,14 @@ test_Sharing_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_Sharing_Incorrect_V3 if { +test_Outside_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { @@ -713,7 +745,10 @@ test_Sharing_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -723,7 +758,10 @@ test_Sharing_Incorrect_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -735,14 +773,14 @@ test_Sharing_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_Sharing_Incorrect_V4 if { +test_Outside_Incorrect_V4 if { # Test sharing setting when top OU is correct but secondary isn't PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { @@ -751,7 +789,10 @@ test_Sharing_Incorrect_V4 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -761,7 +802,10 @@ test_Sharing_Incorrect_V4 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -769,18 +813,18 @@ test_Sharing_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_Sharing_Incorrect_V5 if { +test_Outside_Incorrect_V5 if { # Test sharing setting when top OU is missing PolicyId := "GWS.DRIVEDOCS.2.3v0.1" Output := tests with input as { @@ -789,7 +833,10 @@ test_Sharing_Incorrect_V5 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -801,17 +848,21 @@ test_Sharing_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } # -# Baseline 2.2 - Policy 4 +# GWS.DRIVEDOCS.2.4v0.1 #-- -test_Sharing_Correct_V1 if { +test_SharedDrive_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { @@ -820,7 +871,10 @@ test_Sharing_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -832,15 +886,14 @@ test_Sharing_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Correct_V2 if { +test_SharedDrive_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { @@ -849,7 +902,10 @@ test_Sharing_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -859,7 +915,10 @@ test_Sharing_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -871,14 +930,14 @@ test_Sharing_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Correct_V3 if { +test_SharedDrive_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { @@ -887,7 +946,10 @@ test_Sharing_Correct_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -897,7 +959,10 @@ test_Sharing_Correct_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, ] @@ -905,18 +970,18 @@ test_Sharing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Incorrect_V1 if { +test_SharedDrive_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { @@ -937,15 +1002,18 @@ test_Sharing_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_Sharing_Incorrect_V2 if { +test_SharedDrive_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { @@ -954,7 +1022,10 @@ test_Sharing_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -966,14 +1037,14 @@ test_Sharing_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_Sharing_Incorrect_V3 if { +test_SharedDrive_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { @@ -982,7 +1053,10 @@ test_Sharing_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -992,7 +1066,10 @@ test_Sharing_Incorrect_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -1004,14 +1081,14 @@ test_Sharing_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_Sharing_Incorrect_V4 if { +test_SharedDrive_Incorrect_V4 if { # Test sharing setting when top OU is correct but secondary isn't PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { @@ -1020,7 +1097,10 @@ test_Sharing_Incorrect_V4 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -1030,7 +1110,10 @@ test_Sharing_Incorrect_V4 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -1038,18 +1121,18 @@ test_Sharing_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_Sharing_Incorrect_V5 if { +test_SharedDrive_Incorrect_V5 if { # Test sharing setting when top OU is missing PolicyId := "GWS.DRIVEDOCS.2.4v0.1" Output := tests with input as { @@ -1058,7 +1141,10 @@ test_Sharing_Incorrect_V5 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_direct_access"}, + { + "name": "SETTING_NAME", + "value": "Shared Drive Creation new_team_drive_restricts_direct_access" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -1070,17 +1156,21 @@ test_Sharing_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } # -# Baseline 2.2 - Policy 5 +# GWS.DRIVEDOCS.2.5v0.1 #-- -test_Sharing_Correct_V1 if { +test_Viewers_Correct_V1 if { # Test sharing setting when there's only one event PolicyId := "GWS.DRIVEDOCS.2.5v0.1" Output := tests with input as { @@ -1101,15 +1191,14 @@ test_Sharing_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Correct_V2 if { +test_Viewers_Correct_V2 if { # Test sharing setting when there's multiple events and the most most recent is correct PolicyId := "GWS.DRIVEDOCS.2.5v0.1" Output := tests with input as { @@ -1140,14 +1229,14 @@ test_Sharing_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Correct_V3 if { +test_Viewers_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.2.5v0.1" Output := tests with input as { @@ -1174,18 +1263,18 @@ test_Sharing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_Sharing_Incorrect_V1 if { +test_Viewers_Incorrect_V1 if { # Test sharing setting when there are no relevant events PolicyId := "GWS.DRIVEDOCS.2.5v0.1" Output := tests with input as { @@ -1206,15 +1295,18 @@ test_Sharing_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -test_Sharing_Incorrect_V2 if { +test_Viewers_Incorrect_V2 if { # Test sharing setting when there's only one event and it's wrong PolicyId := "GWS.DRIVEDOCS.2.5v0.1" Output := tests with input as { @@ -1235,14 +1327,14 @@ test_Sharing_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_Sharing_Incorrect_V3 if { +test_Viewers_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.2.5v0.1" Output := tests with input as { @@ -1273,14 +1365,14 @@ test_Sharing_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_Sharing_Incorrect_V4 if { +test_Viewers_Incorrect_V4 if { # Test sharing setting when top OU is correct but secondary isn't PolicyId := "GWS.DRIVEDOCS.2.5v0.1" Output := tests with input as { @@ -1307,18 +1399,18 @@ test_Sharing_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_Sharing_Incorrect_V5 if { +test_Viewers_Incorrect_V5 if { # Test sharing setting when top OU is missing PolicyId := "GWS.DRIVEDOCS.2.5v0.1" Output := tests with input as { @@ -1339,9 +1431,13 @@ test_Sharing_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } \ No newline at end of file diff --git a/Testing/RegoTests/drive/drive03_test.rego b/Testing/RegoTests/drive/drive03_test.rego index 94f00c01..c836a665 100644 --- a/Testing/RegoTests/drive/drive03_test.rego +++ b/Testing/RegoTests/drive/drive03_test.rego @@ -13,7 +13,10 @@ test_Sharing_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -35,8 +38,7 @@ test_Sharing_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0]) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -52,7 +54,10 @@ test_Sharing_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -72,7 +77,10 @@ test_Sharing_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -84,7 +92,7 @@ test_Sharing_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -100,7 +108,10 @@ test_Sharing_Correct_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -120,7 +131,10 @@ test_Sharing_Correct_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, ] @@ -138,11 +152,11 @@ test_Sharing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -170,12 +184,15 @@ test_Sharing_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_Sharing_Incorrect_V2 if { @@ -187,7 +204,10 @@ test_Sharing_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -210,7 +230,7 @@ test_Sharing_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -226,7 +246,10 @@ test_Sharing_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -246,7 +269,10 @@ test_Sharing_Incorrect_V3 if { "id": {"time": "2021-12-20T00:02:27.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -258,7 +284,7 @@ test_Sharing_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -274,7 +300,10 @@ test_Sharing_Incorrect_V4 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -304,7 +333,10 @@ test_Sharing_Incorrect_V4 if { "id": {"time": "2021-12-20T00:02:27.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -312,12 +344,11 @@ test_Sharing_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -333,7 +364,10 @@ test_Sharing_Incorrect_V5 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Link Security Update Settings allow_less_secure_link_user_restore"}, + { + "name": "SETTING_NAME", + "value": "Link Security Update Settings allow_less_secure_link_user_restore" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -355,9 +389,13 @@ test_Sharing_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } diff --git a/Testing/RegoTests/drive/drive04_test.rego b/Testing/RegoTests/drive/drive04_test.rego index d4790df9..f5092fb5 100644 --- a/Testing/RegoTests/drive/drive04_test.rego +++ b/Testing/RegoTests/drive/drive04_test.rego @@ -25,8 +25,7 @@ test_Security_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -64,7 +63,7 @@ test_Security_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -98,11 +97,11 @@ test_Security_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -130,12 +129,15 @@ test_Security_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_Security_Incorrect_V2 if { @@ -159,7 +161,7 @@ test_Security_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -197,7 +199,7 @@ test_Security_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -231,11 +233,11 @@ test_Security_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -263,9 +265,13 @@ test_Security_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } \ No newline at end of file diff --git a/Testing/RegoTests/drive/drive05_test.rego b/Testing/RegoTests/drive/drive05_test.rego index 452325ad..510495b7 100644 --- a/Testing/RegoTests/drive/drive05_test.rego +++ b/Testing/RegoTests/drive/drive05_test.rego @@ -25,8 +25,7 @@ test_Sharing_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput[0].ReportDetails) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -64,7 +63,7 @@ test_Sharing_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -98,11 +97,11 @@ test_Sharing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -130,12 +129,15 @@ test_Sharing_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_Sharing_Incorrect_V2 if { @@ -159,7 +161,7 @@ test_Sharing_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -197,7 +199,7 @@ test_Sharing_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -231,18 +233,18 @@ test_Sharing_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." } -test_Sharing_Incorrect_V4 if { +test_Sharing_Incorrect_V5 if { # Test sharing setting when top level OU is missing PolicyId := "GWS.DRIVEDOCS.5.1v0.1" Output := tests with input as { @@ -263,9 +265,13 @@ test_Sharing_Incorrect_V4 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } \ No newline at end of file diff --git a/Testing/RegoTests/drive/drive06_test.rego b/Testing/RegoTests/drive/drive06_test.rego index 65ca4837..4908120f 100644 --- a/Testing/RegoTests/drive/drive06_test.rego +++ b/Testing/RegoTests/drive/drive06_test.rego @@ -51,11 +51,11 @@ test_DriveFs_Setting_Correct_V1 if { }, ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -103,7 +103,7 @@ test_DriveFs_Setting_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -167,11 +167,11 @@ test_DriveFs_Setting_Correct_V3 if { }, ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -209,7 +209,7 @@ test_DriveFs_Setting_Correct_V4 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -247,7 +247,7 @@ test_DriveFs_Setting_InCorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -301,11 +301,11 @@ test_DriveFs_Setting_InCorrect_V2 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -379,11 +379,11 @@ test_DriveFs_Setting_InCorrect_V3 if { }, ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/drive/drive07_test.rego b/Testing/RegoTests/drive/drive07_test.rego index ec573a71..e70bb1e8 100644 --- a/Testing/RegoTests/drive/drive07_test.rego +++ b/Testing/RegoTests/drive/drive07_test.rego @@ -15,7 +15,7 @@ test_Rule_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/gmail/gmail01_test.rego b/Testing/RegoTests/gmail/gmail01_test.rego index 28d3a1df..21ea436f 100644 --- a/Testing/RegoTests/gmail/gmail01_test.rego +++ b/Testing/RegoTests/gmail/gmail01_test.rego @@ -98,7 +98,7 @@ test_MailDelegation_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -262,7 +262,7 @@ test_MailDelegation_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail05_test.rego b/Testing/RegoTests/gmail/gmail05_test.rego index 960ccbc4..3b06cdd1 100644 --- a/Testing/RegoTests/gmail/gmail05_test.rego +++ b/Testing/RegoTests/gmail/gmail05_test.rego @@ -2,143 +2,10 @@ package gmail import future.keywords # -# GWS.GMAIL.5.2v0.1 +# GWS.GMAIL.5.1v0.1 #-- -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Correct_V1 if { - # Test Attachment Protections when there's only one event - PolicyId := "GWS.GMAIL.5.2v0.1" - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} - -test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V2 if { - # Test Attachment Protections when there's multiple events and the most recent is correct - PolicyId := "GWS.GMAIL.5.2v0.1" - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} - -test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if { - # Test Attachment Protections when there's correct events in multiple OUs - PolicyId := "GWS.GMAIL.5.2v0.1" - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} -test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Correct_V4 if { +test_Encrypted_Correct_V1 if { # Test inheritance PolicyId := "GWS.GMAIL.5.1v0.1" Output := tests with input as { @@ -187,7 +54,7 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -198,123 +65,8 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Correct_V4 if { RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V1 if { - # Test Attachment Protections when there are no relevant events - PolicyId := "GWS.GMAIL.5.2v0.1" - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == concat("", [ - "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", - "While we are unable to determine the state from the logs, the default setting ", - "is non-compliant; manual check recommended." - ]) -} -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V2 if { - # Test Attachment Protections when there's only one event and it's wrong - PolicyId := "GWS.GMAIL.5.2v0.1" - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." -} - -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V3 if { - # Test Attachment Protections when there are multiple events and the most recent is wrong - PolicyId := "GWS.GMAIL.5.2v0.1" - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." -} - -test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V4 if { +test_Encrypted_Incorrect_V1 if { # Test Attachment Protections when there's only one event and it's wrong PolicyId := "GWS.GMAIL.5.1v0.1" Output := tests with input as { @@ -346,7 +98,7 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V4 if { RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." } -test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V5 if { +test_Encrypted_Incorrect_V2 if { # Test Attachment Protections when there are multiple events and the most recent is wrong PolicyId := "GWS.GMAIL.5.1v0.1" Output := tests with input as { @@ -381,7 +133,7 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -393,11 +145,10 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V5 if { } #-- - # # GWS.GMAIL.5.2v0.1 #-- -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Correct_V1 if { +test_Scripts_Correct_V1 if { # Test Attachment Protections when there's only one event PolicyId := "GWS.GMAIL.5.2v0.1" Output := tests with input as { @@ -431,7 +182,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Correct_V1 if { RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V2 if { +test_Scripts_Correct_V2 if { # Test Attachment Protections when there's multiple events and the most recent is correct PolicyId := "GWS.GMAIL.5.2v0.1" Output := tests with input as { @@ -481,7 +232,7 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V2 if { RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if { +test_Scripts_Correct_V3 if { # Test Attachment Protections when there's correct events in multiple OUs PolicyId := "GWS.GMAIL.5.2v0.1" Output := tests with input as { @@ -520,7 +271,7 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -531,57 +282,7 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if { RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V4 if { - # Test Attachment Protections when there's correct events in multiple OUs - PolicyId := "GWS.GMAIL.5.2v0.1" - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." -} - -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V1 if { +test_Scripts_Incorrect_V1 if { # Test Attachment Protections when there are no relevant events PolicyId := "GWS.GMAIL.5.2v0.1" Output := tests with input as { @@ -613,7 +314,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V1 if { ]) } -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V2 if { +test_Scripts_Incorrect_V2 if { # Test Attachment Protections when there's only one event and it's wrong PolicyId := "GWS.GMAIL.5.2v0.1" Output := tests with input as { @@ -647,7 +348,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V2 if { RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V3 if { +test_Scripts_Incorrect_V3 if { # Test Attachment Protections when there are multiple events and the most recent is wrong PolicyId := "GWS.GMAIL.5.2v0.1" Output := tests with input as { @@ -696,96 +397,11 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V3 if { not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } - -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V4 if { - # Test Attachment Protections when there's only one event and it's wrong - PolicyId := "GWS.GMAIL.5.2v0.1" - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." -} - -test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V5 if { - # Test Attachment Protections when there are multiple events and the most recent is wrong - PolicyId := "GWS.GMAIL.5.2v0.1" - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] - count(RuleOutput) == 1 - not RuleOutput[0].RequirementMet - not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." -} - +#-- # # GWS.GMAIL.5.3v0.1 #-- - test_AttachmentProtectionAnomalousAttachment_Correct_V1 if { # Test Attachment Protections when there's only one event PolicyId := "GWS.GMAIL.5.3v0.1" @@ -894,7 +510,7 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -938,7 +554,7 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1120,7 +736,7 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -1243,7 +859,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1287,7 +903,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1469,7 +1085,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail06_test.rego b/Testing/RegoTests/gmail/gmail06_test.rego index 53d5c2db..b0f81c24 100644 --- a/Testing/RegoTests/gmail/gmail06_test.rego +++ b/Testing/RegoTests/gmail/gmail06_test.rego @@ -113,7 +113,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -157,7 +157,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -339,7 +339,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -463,7 +463,7 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -615,7 +615,7 @@ test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -714,7 +714,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if { RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if { +test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V3 if { # Test Links and External Images Protections when there's multiple events and the most recent is correct PolicyId := "GWS.GMAIL.6.3v0.1" Output := tests with input as { @@ -753,7 +753,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -765,7 +765,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if { } -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V3 if { +test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V4 if { # Test Links and External Images Protections when there's multiple events and the most recent is correct PolicyId := "GWS.GMAIL.6.3v0.1" Output := tests with input as { @@ -804,7 +804,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1004,7 +1004,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -1142,7 +1142,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1192,7 +1192,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1342,7 +1342,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail07_test.rego b/Testing/RegoTests/gmail/gmail07_test.rego index 11bf5683..13835e63 100644 --- a/Testing/RegoTests/gmail/gmail07_test.rego +++ b/Testing/RegoTests/gmail/gmail07_test.rego @@ -128,7 +128,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -178,7 +178,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -378,7 +378,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -508,7 +508,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -554,7 +554,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -742,7 +742,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -880,7 +880,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -930,7 +930,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1130,7 +1130,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V5 if } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -1259,7 +1259,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1270,7 +1270,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if { RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if { +test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V4 if { # Test Spoofing and Authentication Protections when there's correct events in multiple OUs PolicyId := "GWS.GMAIL.7.4v0.1" Output := tests with input as { @@ -1305,7 +1305,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1494,7 +1494,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -1632,7 +1632,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V3 } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1682,7 +1682,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V4 } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -1882,7 +1882,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_ } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -2305,7 +2305,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -2355,7 +2355,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -2555,7 +2555,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail08_test.rego b/Testing/RegoTests/gmail/gmail08_test.rego index c3f43a6b..b6dd6706 100644 --- a/Testing/RegoTests/gmail/gmail08_test.rego +++ b/Testing/RegoTests/gmail/gmail08_test.rego @@ -98,7 +98,7 @@ test_UserEmailUploads_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -262,7 +262,7 @@ test_UserEmailUploads_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail09_test.rego b/Testing/RegoTests/gmail/gmail09_test.rego index 12a11c38..59086abf 100644 --- a/Testing/RegoTests/gmail/gmail09_test.rego +++ b/Testing/RegoTests/gmail/gmail09_test.rego @@ -99,7 +99,7 @@ test_ImapAccess_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -137,7 +137,7 @@ test_ImapAccess_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -300,7 +300,7 @@ test_ImapAccess_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } @@ -408,7 +408,7 @@ test_PopAccess_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -419,7 +419,7 @@ test_PopAccess_Correct_V3 if { RuleOutput[0].ReportDetails == "Requirement met in all OUs." } -test_PopAccess_Correct_V3 if { +test_PopAccess_Correct_V4 if { # Test POP Access when there's correct events in multiple OUs PolicyId := "GWS.GMAIL.9.2v0.1" Output := tests with input as { @@ -446,7 +446,7 @@ test_PopAccess_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -610,7 +610,7 @@ test_PopAccess_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail10_test.rego b/Testing/RegoTests/gmail/gmail10_test.rego index ce2243a4..00a3f2b7 100644 --- a/Testing/RegoTests/gmail/gmail10_test.rego +++ b/Testing/RegoTests/gmail/gmail10_test.rego @@ -98,7 +98,7 @@ test_GoogleWorkspaceSync_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -136,7 +136,7 @@ test_GoogleWorkspaceSync_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -300,7 +300,7 @@ test_GoogleWorkspaceSync_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail11_test.rego b/Testing/RegoTests/gmail/gmail11_test.rego index acea4f4f..26b2b567 100644 --- a/Testing/RegoTests/gmail/gmail11_test.rego +++ b/Testing/RegoTests/gmail/gmail11_test.rego @@ -98,7 +98,7 @@ test_AutomaticForwarding_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -136,7 +136,7 @@ test_AutomaticForwarding_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -300,7 +300,7 @@ test_AutomaticForwarding_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail12_test.rego b/Testing/RegoTests/gmail/gmail12_test.rego index 4bfc528a..dd8a0300 100644 --- a/Testing/RegoTests/gmail/gmail12_test.rego +++ b/Testing/RegoTests/gmail/gmail12_test.rego @@ -98,7 +98,7 @@ test_ImageUrlProxyWhitelist_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -262,7 +262,7 @@ test_ImageUrlProxyWhitelist_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail13_test.rego b/Testing/RegoTests/gmail/gmail13_test.rego index 811c8f40..814c7d59 100644 --- a/Testing/RegoTests/gmail/gmail13_test.rego +++ b/Testing/RegoTests/gmail/gmail13_test.rego @@ -98,7 +98,7 @@ test_PerUserOutboundGateway_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -262,7 +262,7 @@ test_PerUserOutboundGateway_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail14_test.rego b/Testing/RegoTests/gmail/gmail14_test.rego index f021648e..1e8ea4f9 100644 --- a/Testing/RegoTests/gmail/gmail14_test.rego +++ b/Testing/RegoTests/gmail/gmail14_test.rego @@ -113,7 +113,7 @@ test_ExternalReplyWarning_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -157,7 +157,7 @@ test_ExternalReplyWarning_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -339,7 +339,7 @@ test_ExternalReplyWarning_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail16_test.rego b/Testing/RegoTests/gmail/gmail16_test.rego index a56147d9..692102ca 100644 --- a/Testing/RegoTests/gmail/gmail16_test.rego +++ b/Testing/RegoTests/gmail/gmail16_test.rego @@ -113,7 +113,7 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -157,7 +157,7 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -338,7 +338,7 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/gmail/gmail17_test.rego b/Testing/RegoTests/gmail/gmail17_test.rego index 0d44a3f1..ccd29051 100644 --- a/Testing/RegoTests/gmail/gmail17_test.rego +++ b/Testing/RegoTests/gmail/gmail17_test.rego @@ -98,7 +98,7 @@ test_SecuritySandbox_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -136,7 +136,7 @@ test_SecuritySandbox_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } @@ -300,7 +300,7 @@ test_SecuritySandbox_Incorrect_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } diff --git a/Testing/RegoTests/groups/groups01_test.rego b/Testing/RegoTests/groups/groups01_test.rego index 75c91156..be41f3fb 100644 --- a/Testing/RegoTests/groups/groups01_test.rego +++ b/Testing/RegoTests/groups/groups01_test.rego @@ -26,7 +26,7 @@ test_GroupAccess_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -64,7 +64,7 @@ test_GroupAccess_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -92,11 +92,15 @@ test_GroupsAccess_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } #TODO @@ -121,7 +125,7 @@ test_GroupAccess_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -159,7 +163,7 @@ test_GroupAccess_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/groups/groups02_test.rego b/Testing/RegoTests/groups/groups02_test.rego index 518ff033..74249419 100644 --- a/Testing/RegoTests/groups/groups02_test.rego +++ b/Testing/RegoTests/groups/groups02_test.rego @@ -14,7 +14,10 @@ test_GroupAddExternal_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_external_members"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_external_members" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -26,7 +29,7 @@ test_GroupAddExternal_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -34,7 +37,8 @@ test_GroupAddExternal_Correct_V1 if { } test_GroupAddExternal_Correct_V2 if { - # Test group owners' ability to add external memebers when there's multiple events and the most most recent is correct + # Test group owners' ability to add external memebers when there's + # multiple events and the most most recent is correct PolicyId := "GWS.GROUPS.2.1v0.1" Output := tests with input as { "groups_logs": {"items": [ @@ -42,7 +46,10 @@ test_GroupAddExternal_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_external_members"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_external_members" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -52,7 +59,10 @@ test_GroupAddExternal_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_external_members"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_external_members" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -64,7 +74,7 @@ test_GroupAddExternal_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -92,11 +102,15 @@ test_GroupAddExternal_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_GroupAddExternal_Incorrect_V2 if { @@ -108,7 +122,10 @@ test_GroupAddExternal_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_external_members"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_external_members" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -120,7 +137,7 @@ test_GroupAddExternal_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -136,7 +153,10 @@ test_GroupAddExternal_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_external_members"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_external_members" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -146,7 +166,10 @@ test_GroupAddExternal_Incorrect_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_external_members"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_external_members" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -158,7 +181,7 @@ test_GroupAddExternal_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/groups/groups03_test.rego b/Testing/RegoTests/groups/groups03_test.rego index b463fb28..d0c83b0e 100644 --- a/Testing/RegoTests/groups/groups03_test.rego +++ b/Testing/RegoTests/groups/groups03_test.rego @@ -14,7 +14,10 @@ test_GroupIncomingMailPosting_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -26,7 +29,7 @@ test_GroupIncomingMailPosting_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -34,7 +37,8 @@ test_GroupIncomingMailPosting_Correct_V1 if { } test_GroupIncomingMailPosting_Correct_V2 if { - # Test group owners' ability to allow incoming mail for posting group messages when there's multiple events and the most most recent is correct + # Test group owners' ability to allow incoming mail for posting group messages when + # there's multiple events and the most most recent is correct PolicyId := "GWS.GROUPS.3.1v0.1" Output := tests with input as { "groups_logs": {"items": [ @@ -42,7 +46,10 @@ test_GroupIncomingMailPosting_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -52,7 +59,10 @@ test_GroupIncomingMailPosting_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -64,7 +74,7 @@ test_GroupIncomingMailPosting_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -92,15 +102,20 @@ test_GroupIncomingMailPosting_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_GroupIncomingMailPosting_Incorrect_V2 if { - # Test group owners' ability to allow incoming mail for posting group messages when there's only one event and it's wrong + # Test group owners' ability to allow incoming mail for posting group messages when + # there's only one event and it's wrong PolicyId := "GWS.GROUPS.3.1v0.1" Output := tests with input as { "groups_logs": {"items": [ @@ -108,7 +123,10 @@ test_GroupIncomingMailPosting_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -120,7 +138,7 @@ test_GroupIncomingMailPosting_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -128,7 +146,8 @@ test_GroupIncomingMailPosting_Incorrect_V2 if { } test_GroupIncomingMailPosting_Incorrect_V3 if { - # Test group owners' ability to allow incoming mail for posting group messages when there are multiple events and the most recent is wrong + # Test group owners' ability to allow incoming mail for posting group messages + # when there are multiple events and the most recent is wrong PolicyId := "GWS.GROUPS.3.1v0.1" Output := tests with input as { "groups_logs": {"items": [ @@ -136,7 +155,10 @@ test_GroupIncomingMailPosting_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -146,7 +168,10 @@ test_GroupIncomingMailPosting_Incorrect_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -158,7 +183,7 @@ test_GroupIncomingMailPosting_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/groups/groups04_test.rego b/Testing/RegoTests/groups/groups04_test.rego index 9da869a4..87d3b1c3 100644 --- a/Testing/RegoTests/groups/groups04_test.rego +++ b/Testing/RegoTests/groups/groups04_test.rego @@ -26,7 +26,7 @@ test_GroupCreation_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -63,7 +63,7 @@ test_GroupCreation_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -91,11 +91,15 @@ test_GroupCreation_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_GroupCreation_Incorrect_V2 if { @@ -119,7 +123,7 @@ test_GroupCreation_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -157,7 +161,7 @@ test_GroupCreation_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/groups/groups05_test.rego b/Testing/RegoTests/groups/groups05_test.rego index 7b86c85f..b822f9c8 100644 --- a/Testing/RegoTests/groups/groups05_test.rego +++ b/Testing/RegoTests/groups/groups05_test.rego @@ -14,7 +14,10 @@ test_GroupConservationViewPermission_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "MEMBERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -26,7 +29,7 @@ test_GroupConservationViewPermission_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -42,7 +45,10 @@ test_GroupConservationViewPermission_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "MEMBERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -52,7 +58,10 @@ test_GroupConservationViewPermission_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "DOMAIN_USERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -64,7 +73,7 @@ test_GroupConservationViewPermission_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -92,11 +101,15 @@ test_GroupConservationViewPermission_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_GroupConservationViewPermission_Incorrect_V2 if { @@ -108,7 +121,10 @@ test_GroupConservationViewPermission_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "DOMAIN_USERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -120,7 +136,7 @@ test_GroupConservationViewPermission_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -136,7 +152,10 @@ test_GroupConservationViewPermission_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "MANAGERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -148,7 +167,7 @@ test_GroupConservationViewPermission_Incorrect_V3 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -164,7 +183,10 @@ test_GroupConservationViewPermission_Incorrect_V4 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "OWNERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -176,7 +198,7 @@ test_GroupConservationViewPermission_Incorrect_V4 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -192,7 +214,10 @@ test_GroupConservationViewPermission_Incorrect_V5 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "DOMAIN_USERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -202,7 +227,10 @@ test_GroupConservationViewPermission_Incorrect_V5 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "MEMBERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -214,7 +242,7 @@ test_GroupConservationViewPermission_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -230,7 +258,10 @@ test_GroupConservationViewPermission_Incorrect_V6 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "MANAGERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -240,7 +271,10 @@ test_GroupConservationViewPermission_Incorrect_V6 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "MEMBERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -252,7 +286,7 @@ test_GroupConservationViewPermission_Incorrect_V6 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -268,7 +302,10 @@ test_GroupConservationViewPermission_Incorrect_V7 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "OWNERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -278,7 +315,10 @@ test_GroupConservationViewPermission_Incorrect_V7 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "GroupsSharingSettingsProto default_view_topics_access_level"}, + { + "name": "SETTING_NAME", + "value": "GroupsSharingSettingsProto default_view_topics_access_level" + }, {"name": "NEW_VALUE", "value": "MEMBERS"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -290,7 +330,7 @@ test_GroupConservationViewPermission_Incorrect_V7 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/groups/groups06_test.rego b/Testing/RegoTests/groups/groups06_test.rego index f9413dd6..128cf7b3 100644 --- a/Testing/RegoTests/groups/groups06_test.rego +++ b/Testing/RegoTests/groups/groups06_test.rego @@ -26,7 +26,7 @@ test_GroupOwnersHideGroups_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -64,7 +64,7 @@ test_GroupOwnersHideGroups_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -92,11 +92,15 @@ test_GroupOwnersHideGroups_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_GroupOwnersHideGroups_Incorrect_V2 if { @@ -120,7 +124,7 @@ test_GroupOwnersHideGroups_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -158,7 +162,7 @@ test_GroupOwnersHideGroups_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -191,11 +195,11 @@ test_GroupOwnersHideGroups_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/groups/groups07_test.rego b/Testing/RegoTests/groups/groups07_test.rego index 44c5b6de..c54d3102 100644 --- a/Testing/RegoTests/groups/groups07_test.rego +++ b/Testing/RegoTests/groups/groups07_test.rego @@ -24,7 +24,7 @@ test_Group_Correct_V1 if { ] } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -61,7 +61,7 @@ test_Group_Correct_V2 if { ] } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -77,7 +77,7 @@ test_Group_Correct_V3 if { ] } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -103,15 +103,14 @@ test_Group_Incorrect_V1 if { ] } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] - print(RuleOutput) + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Group 1." } -test_Group_Correct_V2 if { +test_Group_Incorrect_V2 if { # Test multiple groups where 1 is incorrect PolicyId := "GWS.GROUPS.7.1v0.1" Output := tests with input as { @@ -141,14 +140,14 @@ test_Group_Correct_V2 if { ] } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Group 2." } -test_Group_Correct_V3 if { +test_Group_Incorrect_V3 if { # Test multiple groups where both are incorrect PolicyId := "GWS.GROUPS.7.1v0.1" Output := tests with input as { @@ -178,14 +177,14 @@ test_Group_Correct_V3 if { ] } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Group 1, Group 2." } -test_Group_Correct_V3 if { +test_Group_Incorrect_V4 if { # Test multiple groups where both are incorrect in multiple ways PolicyId := "GWS.GROUPS.7.1v0.1" Output := tests with input as { @@ -215,7 +214,7 @@ test_Group_Correct_V3 if { ] } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent diff --git a/Testing/RegoTests/meet/meet01_test.rego b/Testing/RegoTests/meet/meet01_test.rego index 36ea5e4a..dfd25a1d 100644 --- a/Testing/RegoTests/meet/meet01_test.rego +++ b/Testing/RegoTests/meet/meet01_test.rego @@ -26,7 +26,7 @@ test_Access_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -64,7 +64,7 @@ test_Access_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -98,11 +98,11 @@ test_Access_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -146,11 +146,11 @@ test_Access_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -178,11 +178,15 @@ test_Access_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_Access_Incorrect_V2 if { @@ -206,7 +210,7 @@ test_Access_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -244,7 +248,7 @@ test_Access_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -278,11 +282,11 @@ test_Access_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -311,12 +315,15 @@ test_Access_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." -} + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ])} test_Access_Incorrect_V6 if { # Test meeting access when there's only one event and it's wrong @@ -339,7 +346,7 @@ test_Access_Incorrect_V6 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -377,7 +384,7 @@ test_Access_Incorrect_V7 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -411,11 +418,11 @@ test_Access_Incorrect_V8 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -444,10 +451,13 @@ test_Access_Incorrect_V9 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." -} + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ])} #-- \ No newline at end of file diff --git a/Testing/RegoTests/meet/meet02_test.rego b/Testing/RegoTests/meet/meet02_test.rego index acfef483..c9f8bd75 100644 --- a/Testing/RegoTests/meet/meet02_test.rego +++ b/Testing/RegoTests/meet/meet02_test.rego @@ -26,7 +26,7 @@ test_JoinExternalPers_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -64,7 +64,7 @@ test_JoinExternalPers_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -98,11 +98,11 @@ test_JoinExternalPers_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -146,11 +146,11 @@ test_History_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -178,7 +178,7 @@ test_JoinExternalPers_Correct_V5 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -216,7 +216,7 @@ test_JoinExternalPers_Correct_V6 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -250,11 +250,11 @@ test_JoinExternalPers_Correct_V7 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -298,11 +298,11 @@ test_History_Correct_V8 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -330,11 +330,15 @@ test_JoinExternalPers_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_JoinExternalPers_Incorrect_V2 if { @@ -358,7 +362,7 @@ test_JoinExternalPers_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -397,7 +401,7 @@ test_JoinExternalPers_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -431,11 +435,11 @@ test_JoinExternalPers_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -464,11 +468,15 @@ test_JoinExternalPers_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_JoinExternalPers_Incorrect_V6 if { @@ -492,7 +500,7 @@ test_JoinExternalPers_Incorrect_V6 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -527,81 +535,13 @@ test_JoinExternalPers_Incorrect_V7 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU." } - -# test_JoinExternalPers_Incorrect_V4 if { -# # Test allow user to change history setting when there are multiple OU and a secondary OU is wrong -# PolicyId := "GWS.MEET.2.1v0.1" -# Output := tests with input as { -# "meet_logs": {"items": [ -# { -# "id": {"time": "2021-12-20T00:02:28.672Z"}, -# "events": [{ -# "parameters": [ -# {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, -# {"name": "NEW_VALUE", "value": "WORKSPACE_DOMAINS"}, -# {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, -# ] -# }] -# }, -# { -# "id": {"time": "2022-12-20T00:02:28.672Z"}, -# "events": [{ -# "parameters": [ -# {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, -# {"name": "NEW_VALUE", "value": "ALL"}, -# {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, -# ] -# }] -# } -# ]}, -# "tenant_info": { -# "topLevelOU": "" -# }, -# } - -# RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] -# count(RuleOutput) == 1 -# not RuleOutput[0].RequirementMet -# not RuleOutput[0].NoSuchEvent -# RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." -# } -#-- - -# test_JoinExternalPers_Incorrect_V5 if { -# # Test allow user to change history setting when the primary OU is missing but a different one is present -# PolicyId := "GWS.MEET.2.1v0.1" -# Output := tests with input as { -# "meet_logs": {"items": [ -# { -# "id": {"time": "2022-12-20T00:02:28.672Z"}, -# "events": [{ -# "parameters": [ -# {"name": "SETTING_NAME", "value": "SafetyAccessLockProto meetings_allowed_to_join"}, -# {"name": "NEW_VALUE", "value": "ALL"}, -# {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, -# ] -# }] -# } -# ]}, -# "tenant_info": { -# "topLevelOU": "Test Top-Level OU" -# }, -# } - -# RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] -# count(RuleOutput) == 1 -# not RuleOutput[0].RequirementMet -# RuleOutput[0].NoSuchEvent -# RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." -# } -#-- \ No newline at end of file diff --git a/Testing/RegoTests/meet/meet03_test.rego b/Testing/RegoTests/meet/meet03_test.rego index 1e721e7c..2fe0d395 100644 --- a/Testing/RegoTests/meet/meet03_test.rego +++ b/Testing/RegoTests/meet/meet03_test.rego @@ -25,7 +25,7 @@ test_HostMan_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -63,7 +63,7 @@ test_HostMan_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -97,11 +97,11 @@ test_HostMan_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -145,11 +145,11 @@ test_Access_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -177,11 +177,15 @@ test_HostMan_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_HostMan_Incorrect_V2 if { @@ -205,7 +209,7 @@ test_HostMan_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -243,7 +247,7 @@ test_HostMan_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -277,11 +281,11 @@ test_HostMan_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -310,10 +314,14 @@ test_HostMan_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } #-- \ No newline at end of file diff --git a/Testing/RegoTests/meet/meet04_test.rego b/Testing/RegoTests/meet/meet04_test.rego index d8f07886..547a360e 100644 --- a/Testing/RegoTests/meet/meet04_test.rego +++ b/Testing/RegoTests/meet/meet04_test.rego @@ -13,7 +13,11 @@ test_HostMan_Correct_V1 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -25,7 +29,7 @@ test_HostMan_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -41,7 +45,11 @@ test_HostMan_Correct_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -51,7 +59,11 @@ test_HostMan_Correct_V2 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -63,7 +75,7 @@ test_HostMan_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -79,7 +91,11 @@ test_HostMan_Correct_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -89,7 +105,11 @@ test_HostMan_Correct_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -97,11 +117,11 @@ test_HostMan_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -117,7 +137,11 @@ test_Access_Correct_V4 if { "id": {"time": "2020-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -128,7 +152,11 @@ test_Access_Correct_V4 if { "events": [{ "name": "DELETE_APPLICATION_SETTING", "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, ] }] @@ -137,7 +165,11 @@ test_Access_Correct_V4 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Second-Level OU"}, ] @@ -145,11 +177,11 @@ test_Access_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -177,11 +209,15 @@ test_HostMan_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } test_HostMan_Incorrect_V2 if { @@ -193,7 +229,11 @@ test_HostMan_Incorrect_V2 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -205,7 +245,7 @@ test_HostMan_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -221,7 +261,11 @@ test_HostMan_Incorrect_V3 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -231,7 +275,11 @@ test_HostMan_Incorrect_V3 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -243,7 +291,7 @@ test_HostMan_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -259,7 +307,11 @@ test_HostMan_Incorrect_V4 if { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] @@ -269,7 +321,11 @@ test_HostMan_Incorrect_V4 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -277,11 +333,11 @@ test_HostMan_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -298,7 +354,11 @@ test_HostMan_Incorrect_V5 if { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ "parameters": [ - {"name": "SETTING_NAME", "value": "Warn for external participants External or unidentified participants in a meeting are given a label"}, + { + "name": "SETTING_NAME", + "value": + "Warn for external participants External or unidentified participants in a meeting are given a label" + }, {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] @@ -310,10 +370,14 @@ test_HostMan_Incorrect_V5 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } #-- \ No newline at end of file diff --git a/Testing/RegoTests/sites/sites01_test.rego b/Testing/RegoTests/sites/sites01_test.rego index e4473703..757d159d 100644 --- a/Testing/RegoTests/sites/sites01_test.rego +++ b/Testing/RegoTests/sites/sites01_test.rego @@ -13,6 +13,7 @@ test_Sites_Disabled_Correct_V1 if { { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -26,7 +27,7 @@ test_Sites_Disabled_Correct_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -41,6 +42,7 @@ test_Sites_Disabled_Correct_V2 if { { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -51,6 +53,7 @@ test_Sites_Disabled_Correct_V2 if { { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "true"}, @@ -64,7 +67,7 @@ test_Sites_Disabled_Correct_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -79,6 +82,7 @@ test_Sites_Disabled_Correct_V3 if { { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -89,6 +93,7 @@ test_Sites_Disabled_Correct_V3 if { { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -98,11 +103,11 @@ test_Sites_Disabled_Correct_V3 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -117,6 +122,7 @@ test_Sites_Disabled_Correct_V4 if { { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -127,6 +133,7 @@ test_Sites_Disabled_Correct_V4 if { { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -137,6 +144,7 @@ test_Sites_Disabled_Correct_V4 if { { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "true"}, @@ -146,11 +154,11 @@ test_Sites_Disabled_Correct_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -166,6 +174,7 @@ test_Sites_Disabled_Correct_V5 if { { "id": {"time": "2022-12-10T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -176,6 +185,7 @@ test_Sites_Disabled_Correct_V5 if { { "id": {"time": "2022-12-20T00:02:29.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -186,6 +196,7 @@ test_Sites_Disabled_Correct_V5 if { { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "INHERIT_FROM_PARENT"}, @@ -195,11 +206,11 @@ test_Sites_Disabled_Correct_V5 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -207,16 +218,28 @@ test_Sites_Disabled_Correct_V5 if { } test_Sites_Disabled_Incorrect_V1 if { - # Test sites is disabled when there are no relevant events + # Test sites is disabled when there is an event for a different service PolicyId := "GWS.SITES.1.1v0.1" Output := tests with input as { "sites_logs": {"items": [ { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "SHARING_NOT_ALLOWED"}, + {"name": "NEW_VALUE", "value": "false"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + ] + }] + }, + { + "id": {"time": "2021-12-20T00:02:28.672Z"}, + "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", + "parameters": [ + {"name": "SERVICE_NAME", "value": "Sites"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -227,11 +250,11 @@ test_Sites_Disabled_Incorrect_V1 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet - RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." } test_Sites_Disabled_Incorrect_V2 if { @@ -242,6 +265,7 @@ test_Sites_Disabled_Incorrect_V2 if { { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "true"}, @@ -255,7 +279,7 @@ test_Sites_Disabled_Incorrect_V2 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -270,6 +294,7 @@ test_Sites_Disabled_Incorrect_V3 if { { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "true"}, @@ -280,6 +305,7 @@ test_Sites_Disabled_Incorrect_V3 if { { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -293,7 +319,7 @@ test_Sites_Disabled_Incorrect_V3 if { }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -308,6 +334,7 @@ test_Sites_Disabled_Incorrect_V4 if { { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "false"}, @@ -318,6 +345,7 @@ test_Sites_Disabled_Incorrect_V4 if { { "id": {"time": "2021-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "true"}, @@ -327,11 +355,11 @@ test_Sites_Disabled_Incorrect_V4 if { } ]}, "tenant_info": { - "topLevelOU": "" + "topLevelOU": "Test Top-Level OU" }, } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -346,6 +374,7 @@ test_Sites_Disabled_Incorrect_V5 if { { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Sites"}, {"name": "NEW_VALUE", "value": "true"}, @@ -359,7 +388,7 @@ test_Sites_Disabled_Incorrect_V5 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent @@ -367,13 +396,14 @@ test_Sites_Disabled_Incorrect_V5 if { } test_Sites_Disabled_Incorrect_V6 if { - # Test sites is disabled when there are no relevant events for Sites, but there is an event for a different service + # Test sites is disabled when there are no relevant events PolicyId := "GWS.SITES.1.1v0.1" Output := tests with input as { "sites_logs": {"items": [ { "id": {"time": "2022-12-20T00:02:28.672Z"}, "events": [{ + "name": "TOGGLE_SERVICE_ENABLED", "parameters": [ {"name": "SERVICE_NAME", "value": "Something else"}, {"name": "NEW_VALUE", "value": "false"}, @@ -387,10 +417,14 @@ test_Sites_Disabled_Incorrect_V6 if { } } - RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId] + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] count(RuleOutput) == 1 not RuleOutput[0].RequirementMet RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended." + RuleOutput[0].ReportDetails == concat("", [ + "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ", + "While we are unable to determine the state from the logs, the default setting ", + "is non-compliant; manual check recommended." + ]) } -# #-- \ No newline at end of file +#-- \ No newline at end of file diff --git a/Testing/run_unit_tests.py b/Testing/run_unit_tests.py index da063748..77fec80a 100644 --- a/Testing/run_unit_tests.py +++ b/Testing/run_unit_tests.py @@ -7,9 +7,6 @@ import argparse from sys import platform -# to_do move items from the commented out list below as the tests -# are implemented so they will be run by default - gws_baselines = [ "gmail", "calendar", @@ -19,8 +16,6 @@ "meet", "sites", "commoncontrols", - "sites", - "commoncontrols", "rules", 'classroom' ] diff --git a/rego/Calendar.rego b/rego/Calendar.rego index a189ae78..3eb743b3 100644 --- a/rego/Calendar.rego +++ b/rego/Calendar.rego @@ -1,130 +1,25 @@ package calendar -import future.keywords -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails - -OUsWithEvents contains Event.OrgUnit if { - some Event in SettingChangeEvents -} - -FilterEvents(SettingName) := FilteredEvents if { - # Filter the events by SettingName - Events := SettingChangeEvents - FilteredEvents := [Event | some Event in Events; Event.Setting == SettingName] -} - -FilterEventsOU(ServiceName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 - - # Filter the events by both ServiceName and OrgUnit - Events := FilterEvents(ServiceName) - FilteredEvents := [ - Event | some Event in Events; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - ] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If only the root OU exists run like normal - input.organizational_unit_names - count(input.organizational_unit_names) < 2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | some Event in Events; Event.OrgUnit == OrgUnit] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If OUs variable does not exist run like normal - not input.organizational_unit_names - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | some Event in Events; Event.OrgUnit == OrgUnit] -} - -GetTopLevelOU() := name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - name := input.tenant_info.topLevelOU -} - -GetTopLevelOU() := name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) > 0 - name := GetLastEvent(SettingChangeEvents).OrgUnit -} - -GetTopLevelOU() := name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) == 0 - name := "" -} - -SettingChangeEvents contains { - "Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit, - "DomainName": DomainName -} -if { - some Item in input.calendar_logs.items # For each item... - some Event in Item.events # For each event in the item... - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters} - "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters} - "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} - "DOMAIN_NAME" in {Parameter.name | some Parameter in Event.parameters} - - # Extract the values - Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0] - DomainName := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "DOMAIN_NAME"][0] -} -GetLastEvent(Events) := Event if { - # Because CalendarSharingEvents returns a set instead - # of an array, we can't just index it and get the last - # value - MaxTs := max([Event.Timestamp | some Event in Events]) - some Event in Events - Event.Timestamp == MaxTs -} +import data.utils +import future.keywords +LogEvents := utils.GetEvents("calendar_logs") -################ -# Baseline 1 # -################ +################## +# GWS.CALENDAR.1 # +################## # # Baseline GWS.CALENDAR.1.1v0.1 #-- NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "SHOW_ONLY_FREE_BUSY_INFORMATION" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -132,29 +27,27 @@ NonCompliantOUs1_1 contains OU if { tests contains { "PolicyId": "GWS.CALENDAR.1.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs.", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CALENDAR.1.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -162,7 +55,7 @@ if { # # Baseline GWS.CALENDAR.1.2v0.1 -# +#-- tests contains { "PolicyId": "GWS.CALENDAR.1.2v0.1", "Criticality": "May/Not-Implemented", @@ -173,78 +66,91 @@ tests contains { } #-- -################ -# Baseline 2 # -################ +################## +# GWS.CALENDAR.2 # +################## # # Baseline GWS.CALENDAR.2.1v0.1 #-- NonCompliantOUs2_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("ENABLE_EXTERNAL_GUEST_PROMPT", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ENABLE_EXTERNAL_GUEST_PROMPT", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" } tests contains { "PolicyId": "GWS.CALENDAR.2.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ENABLE_EXTERNAL_GUEST_PROMPT", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_EXTERNAL_GUEST_PROMPT", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CALENDAR.2.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ENABLE_EXTERNAL_GUEST_PROMPT", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_EXTERNAL_GUEST_PROMPT", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } #-- -################ -# Baseline 3 # -################ +################## +# GWS.CALENDAR.3 # +################## ExtSharingSecondaryCalSettingDetailsStr(LastEvent) := Description if { LastEvent.NewValue == "SHOW_ONLY_FREE_BUSY_INFORMATION" - Description := concat("", ["Only free busy/information for secondary calendars is shared outside ", LastEvent.DomainName]) + Description := concat("", [ + "Only free busy/information for secondary calendars is shared outside ", + LastEvent.DomainName + ]) } ExtSharingSecondaryCalSettingDetailsStr(LastEvent) := Description if { LastEvent.NewValue == "READ_ONLY_ACCESS" - Description := concat("", ["All information for secondary calendars is shared outside ", LastEvent.DomainName, " but outsiders cannot change calendars."]) + Description := concat("", [ + "All information for secondary calendars is shared outside ", + LastEvent.DomainName, + " but outsiders cannot change calendars." + ]) } ExtSharingSecondaryCalSettingDetailsStr(LastEvent) := Description if { LastEvent.NewValue == "READ_WRITE_ACCESS" - Description := concat("", ["All information for secondary calendars is shared outside ", LastEvent.DomainName, " and outsiders can change calendars."]) + Description := concat("", [ + "All information for secondary calendars is shared outside ", + LastEvent.DomainName, + " and outsiders can change calendars." + ]) } ExtSharingSecondaryCalSettingDetailsStr(LastEvent) := Description if { LastEvent.NewValue == "MANAGE_ACCESS" - Description := concat("", ["All information for secondary calendars is shared outside ", LastEvent.DomainName, " and outsiders can manage calendars"]) + Description := concat("", [ + "All information for secondary calendars is shared outside ", + LastEvent.DomainName, + " and outsiders can manage calendars" + ]) } # @@ -253,14 +159,15 @@ ExtSharingSecondaryCalSettingDetailsStr(LastEvent) := Description if { tests contains { "PolicyId": "GWS.CALENDAR.3.1v0.1", "Criticality": "Shall", - "ReportDetails": "Sharing options for secondary calendars are set to the default value.", - "ActualValue": {"SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR": "--No setting change found in logs, the default value is likely still active--"}, - "RequirementMet": false, + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR") - count(Events) == 0 # If no events were logged, then the default value is still active + DefaultSafe := false + Events := utils.FilterEventsNoOU(LogEvents, "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR") + count(Events) == 0 } tests contains { @@ -272,16 +179,16 @@ tests contains { "NoSuchEvent": false } if { - Events := FilterEvents("SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR") + Events := utils.FilterEventsNoOU(LogEvents, "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR") count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) Status := LastEvent.NewValue == "SHOW_ONLY_FREE_BUSY_INFORMATION" } #-- # # Baseline GWS.CALENDAR.3.2v0.1 -# +#-- tests contains { "PolicyId": "GWS.CALENDAR.3.2v0.1", "Criticality": "May/Not-Implemented", @@ -294,18 +201,24 @@ tests contains { -################ -# Baseline 4 # -################ +################## +# GWS.CALENDAR.4 # +################## CalInteropManSettingDetailsStr(LastEvent) := Description if { LastEvent.NewValue == "true" - Description := concat("", ["Calendar interop is enabled for ", LastEvent.DomainName]) + Description := concat("", [ + "Calendar interop is enabled for ", + LastEvent.DomainName + ]) } CalInteropManSettingDetailsStr(LastEvent) := Description if { LastEvent.NewValue == "false" - Description := concat("", ["Calendar interop is not enabled for ", LastEvent.DomainName]) + Description := concat("", [ + "Calendar interop is not enabled for ", + LastEvent.DomainName + ]) } # @@ -314,14 +227,15 @@ CalInteropManSettingDetailsStr(LastEvent) := Description if { tests contains { "PolicyId": "GWS.CALENDAR.4.1v0.1", "Criticality": "Should", - "ReportDetails": "Calendar Interop Management settings are set to the default value.", - "ActualValue": {"ENABLE_EWS_INTEROP": "--No setting change found in logs, the default value is likely still active--"}, - "RequirementMet": false, + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { - Events := FilterEvents("ENABLE_EWS_INTEROP") - count(Events) == 0 # If no events were logged, then the default value is still active + DefaultSafe := false + Events := utils.FilterEventsNoOU(LogEvents, "ENABLE_EWS_INTEROP") + count(Events) == 0 } tests contains { @@ -333,15 +247,14 @@ tests contains { "NoSuchEvent": false } if { - Events := FilterEvents("ENABLE_EWS_INTEROP") + Events := utils.FilterEventsNoOU(LogEvents, "ENABLE_EWS_INTEROP") count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) Status := LastEvent.NewValue == "false" } #-- -#-- # # Baseline GWS.CALENDAR.4.2v0.1 #-- @@ -355,148 +268,51 @@ tests contains { } #-- -################ -# Baseline 5 # -################ - -# Extreme outlier. Logs for this event have no Domain -# As such we need to create custom FilterEventsOU function and SettingChangeEvent -# Functions - -SettingChangeEventsNoDomain contains { - "Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit -} -if { - some Item in input.calendar_logs.items # For each item... - some Event in Item.events # For each event in the item... - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters} - "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters} - "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} - - # Extract the values - Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0] -} - -FilterEventsNoDomain(SettingName) := FilteredEvents if { - # Filter the events by SettingName - Events := SettingChangeEventsNoDomain - FilteredEvents := [Event | some Event in Events; Event.Setting == SettingName] -} - -FilterNoDomainEventsOU(ServiceName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 +################## +# GWS.CALENDAR.5 # +################## - # Filter the events by both ServiceName and OrgUnit - Events := FilterEventsNoDomain(ServiceName) - FilteredEvents := [ - Event | some Event in Events; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - ] -} - -FilterNoDomainEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If only the root OU exists run like normal - input.organizational_unit_names - count(input.organizational_unit_names) < 2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEventsNoDomain(SettingName) - FilteredEvents := [Event | some Event in Events; Event.OrgUnit == OrgUnit] -} - -FilterNoDomainEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If OUs variable does not exist run like normal - not input.organizational_unit_names - # Filter the events by both SettingName and OrgUnit - Events := FilterEventsNoDomain(SettingName) - FilteredEvents := [Event | some Event in Events; Event.OrgUnit == OrgUnit] -} - -OUsWithEventsNoDomain contains Event.OrgUnit if { - some Event in SettingChangeEventsNoDomain -} - -GetTopLevelOUNoDomain() := name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - name := input.tenant_info.topLevelOU -} - -GetTopLevelOUNoDomain() := name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(SettingChangeEventsNoDomain) > 0 - name := GetLastEvent(SettingChangeEventsNoDomain).OrgUnit -} - -GetTopLevelOUNoDomain() := name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(SettingChangeEventsNoDomain) == 0 - name := "" -} NonCompliantOUs5_1 contains OU if { - some OU in OUsWithEventsNoDomain - Events := FilterNoDomainEventsOU("CalendarAppointmentSlotAdminSettingsProto payments_enabled", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "CalendarAppointmentSlotAdminSettingsProto payments_enabled", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" } -#-- # # Baseline GWS.CALENDAR.5.1v0.1 #-- tests contains { "PolicyId": "GWS.CALENDAR.5.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs.", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - TopLevelOU := GetTopLevelOUNoDomain() - Events := FilterNoDomainEventsOU("CalendarAppointmentSlotAdminSettingsProto payments_enabled", TopLevelOU) + SettingName := "CalendarAppointmentSlotAdminSettingsProto payments_enabled" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.CALENDAR.5.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - TopLevelOU := GetTopLevelOUNoDomain() - Events := FilterNoDomainEventsOU("CalendarAppointmentSlotAdminSettingsProto payments_enabled", TopLevelOU) + SettingName := "CalendarAppointmentSlotAdminSettingsProto payments_enabled" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } diff --git a/rego/Chat.rego b/rego/Chat.rego index 88d8208e..441cecb0 100644 --- a/rego/Chat.rego +++ b/rego/Chat.rego @@ -1,184 +1,52 @@ package chat -import future.keywords -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails - -FilterEvents(SettingName) := FilteredEvents if { - Events := SettingChangeEvents - FilteredEvents := [Event | Event = Events[_]; Event.Setting == SettingName] -} - -FilterEventsOU(ServiceName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 - - # Filter the events by both ServiceName and OrgUnit - Events := FilterEvents(ServiceName) - FilteredEvents := [ - Event | Event = Events[_]; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - ] -} - -FilterEventsOU(ServiceName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 - # Filter the events by both ServiceName and OrgUnit - Events := FilterEvents(ServiceName) - FilteredEvents := [ - Event | Event = Events[_]; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - ] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If only the root OU exists run like normal - input.organizational_unit_names - count(input.organizational_unit_names) < 2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If OUs variable does not exist run like normal - not input.organizational_unit_names - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] -} - -GetTopLevelOU() := name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - name := input.tenant_info.topLevelOU -} - -GetTopLevelOU() := name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) > 0 - name := GetLastEvent(SettingChangeEvents).OrgUnit -} - -GetTopLevelOU() := name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) == 0 - name := "" -} - -OUsWithEvents[Event.OrgUnit] { - Event := SettingChangeEvents[_] -} - -SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit}] { - - Item := input.chat_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - - # Extract the values - Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} - -# Secondary case that looks for the DELETE_APPLICATION_SETTING events. -# These events don't have a NEW_VALUE. To make these events work with -# minimal special logic, this rule adds the DELETE_APPLICATION_SETTING -# to the SettingChangeEvents set, with "DELETE_APPLICATION_SETTING" as -# the NewValue. -SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit}] { - - Item := input.chat_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - Event.name == "DELETE_APPLICATION_SETTING" # Only look at delete events - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - - # Extract the values - Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0] - NewValue := "DELETE_APPLICATION_SETTING" - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} +import data.utils +import future.keywords -GetLastEvent(Events) := Event if { - MaxTs := max([Event.Timestamp | Event = Events[_]]) - Event := Events[_] - Event.Timestamp == MaxTs -} +LogEvents := utils.GetEvents("chat_logs") -################ -# GWS.CHAT.1 # -################ +############## +# GWS.CHAT.1 # +############## # # Baseline GWS.CHAT.1v1 #-- - -NonCompliantOUs1_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("ChatArchivingProto chatsDefaultToOffTheRecord", OU) +NonCompliantOUs1_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ChatArchivingProto chatsDefaultToOffTheRecord", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } -tests[{ "PolicyId": "GWS.CHAT.1.1v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CHAT.1.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ChatArchivingProto chatsDefaultToOffTheRecord", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ChatArchivingProto chatsDefaultToOffTheRecord", utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CHAT.1.1v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ChatArchivingProto chatsDefaultToOffTheRecord", TopLevelOU) +tests contains { + "PolicyId": "GWS.CHAT.1.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "ChatArchivingProto chatsDefaultToOffTheRecord", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -187,171 +55,188 @@ tests[{ "PolicyId": "GWS.CHAT.1.1v0.1", # # Baseline GWS.CHAT.1.2v0.1 #-- - -NonCompliantOUs1_2[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("ChatArchivingProto allow_chat_archiving_setting_modification", OU) +NonCompliantOUs1_2 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ChatArchivingProto allow_chat_archiving_setting_modification", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } -tests[{ "PolicyId": "GWS.CHAT.1.2v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CHAT.1.2v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ChatArchivingProto allow_chat_archiving_setting_modification", TopLevelOU) + SettingName := "ChatArchivingProto allow_chat_archiving_setting_modification" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CHAT.1.2v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_2), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ChatArchivingProto allow_chat_archiving_setting_modification", TopLevelOU) +tests contains { + "PolicyId": "GWS.CHAT.1.2v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_2), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "ChatArchivingProto allow_chat_archiving_setting_modification" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_2) == 0 } #-- -################ -# GWS.CHAT.2 # -################ +############## +# GWS.CHAT.2 # +############## # # Baseline GWS.CHAT.2.2v0.1 #-- - -NonCompliantOUs2_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("DynamiteFileSharingSettingsProto external_file_sharing_setting", OU) +NonCompliantOUs2_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "DynamiteFileSharingSettingsProto external_file_sharing_setting", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "NO_FILES" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ "PolicyId": "GWS.CHAT.2.1v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CHAT.2.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("DynamiteFileSharingSettingsProto external_file_sharing_setting", TopLevelOU) + SettingName := "DynamiteFileSharingSettingsProto external_file_sharing_setting" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CHAT.2.1v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("DynamiteFileSharingSettingsProto external_file_sharing_setting", TopLevelOU) +tests contains { + "PolicyId": "GWS.CHAT.2.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "DynamiteFileSharingSettingsProto external_file_sharing_setting" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } #-- -################ -# GWS.CHAT.3 # -################ +############## +# GWS.CHAT.3 # +############## # # Baseline GWS.CHAT.3.1v0.1 #-- - -NonCompliantOUs3_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("RoomOtrSettingsProto otr_state", OU) +NonCompliantOUs3_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "RoomOtrSettingsProto otr_state", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) not contains("DEFAULT_ON_THE_RECORD ALWAYS_ON_THE_RECORD", LastEvent.NewValue) } -tests[{ "PolicyId": "GWS.CHAT.3.1v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CHAT.3.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("RoomOtrSettingsProto otr_state", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "RoomOtrSettingsProto otr_state", utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CHAT.3.1v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("RoomOtrSettingsProto otr_state", TopLevelOU) +tests contains { + "PolicyId": "GWS.CHAT.3.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "RoomOtrSettingsProto otr_state", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } #-- -################ -# GWS.CHAT.4 # -################ +############## +# GWS.CHAT.4 # +############## # # Baseline GWS.CHAT.4.1v0.1 #-- -NonCompliantOUs4_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("RestrictChatProto restrictChatToOrganization", OU) +NonCompliantOUs4_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "RestrictChatProto restrictChatToOrganization", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } -tests[{ "PolicyId": "GWS.CHAT.4.1v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CHAT.4.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("RestrictChatProto restrictChatToOrganization", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "RestrictChatProto restrictChatToOrganization", utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CHAT.4.1v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("RestrictChatProto restrictChatToOrganization", TopLevelOU) +tests contains { + "PolicyId": "GWS.CHAT.4.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "RestrictChatProto restrictChatToOrganization", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } @@ -360,92 +245,99 @@ tests[{ "PolicyId": "GWS.CHAT.4.1v0.1", # # Baseline GWS.CHAT.4.2v0.1 #-- -NonCompliantOUs4_2[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("RestrictChatProto externalChatRestriction", OU) +NonCompliantOUs4_2 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "RestrictChatProto externalChatRestriction", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "NO_RESTRICTION" } -tests[{ "PolicyId": "GWS.CHAT.4.2v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CHAT.4.2v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("RestrictChatProto externalChatRestriction", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "RestrictChatProto externalChatRestriction", utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CHAT.4.2v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_2), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_2}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("RestrictChatProto externalChatRestriction", TopLevelOU) +tests contains { + "PolicyId": "GWS.CHAT.4.2v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_2), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_2}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "RestrictChatProto externalChatRestriction", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_2) == 0 } #-- -################ -# GWS.CHAT.5 # -################ +############## +# GWS.CHAT.5 # +############## # # GWS.CHAT.5.1v0.1 #-- - -NonCompliantOUs5_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("Chat app Settings - Chat apps enabled", OU) +NonCompliantOUs5_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Chat app Settings - Chat apps enabled", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } -tests[{ "PolicyId": "GWS.CHAT.5.1v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CHAT.5.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Chat app Settings - Chat apps enabled", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Chat app Settings - Chat apps enabled", utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CHAT.5.1v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Chat app Settings - Chat apps enabled", TopLevelOU) +tests contains { + "PolicyId": "GWS.CHAT.5.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "Chat app Settings - Chat apps enabled", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } #-- -tests[{ "PolicyId": "GWS.CHAT.6.1v0.1", - "Criticality": "Should/Not-Implemented", - "ReportDetails": "Currently not able to be tested automatically; please manually check.", - "ActualValue": "", - "RequirementMet": false, - "NoSuchEvent": true}]{ - true +tests contains { + "PolicyId": "GWS.CHAT.6.1v0.1", + "Criticality": "Should/Not-Implemented", + "ReportDetails": "Currently not able to be tested automatically; please manually check.", + "ActualValue": "", + "RequirementMet": false, + "NoSuchEvent": true } #-- \ No newline at end of file diff --git a/rego/Classroom.rego b/rego/Classroom.rego index b9d6bef6..3f8d0921 100644 --- a/rego/Classroom.rego +++ b/rego/Classroom.rego @@ -1,172 +1,53 @@ package classroom -import future.keywords -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails - -FilterEvents(SettingName) := FilteredEvents if { - Events := SettingChangeEvents - FilteredEvents := [Event | Event = Events[_]; Event.Setting == SettingName] -} - -FilterEventsOU(ServiceName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 - - # Filter the events by both ServiceName and OrgUnit - Events := FilterEvents(ServiceName) - FilteredEvents := [ - Event | some Event in Events; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - ] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If only the root OU exists run like normal - input.organizational_unit_names - count(input.organizational_unit_names) < 2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | some Event in Events; Event.OrgUnit == OrgUnit] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If OUs variable does not exist run like normal - not input.organizational_unit_names - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | some Event in Events; Event.OrgUnit == OrgUnit] -} - -GetTopLevelOU() := name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - name := input.tenant_info.topLevelOU -} - -GetTopLevelOU() := name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) > 0 - name := GetLastEvent(SettingChangeEvents).OrgUnit -} - -GetTopLevelOU() := name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) == 0 - name := "" -} - -OUsWithEvents[Event.OrgUnit] { - Event := SettingChangeEvents[_] -} - -SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit}] { - - Item := input.classroom_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - - # Extract the values - Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} - -# Secondary case that looks for the DELETE_APPLICATION_SETTING events. -# These events don't have a NEW_VALUE. To make these events work with -# minimal special logic, this rule adds the DELETE_APPLICATION_SETTING -# to the SettingChangeEvents set, with "DELETE_APPLICATION_SETTING" as -# the NewValue. -SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit}] { - Item := input.classroom_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - Event.name == "DELETE_APPLICATION_SETTING" # Only look at delete events - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] +import data.utils +import future.keywords - # Extract the values - Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0] - NewValue := "DELETE_APPLICATION_SETTING" - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} - -GetLastEvent(Events) := Event if { - MaxTs := max([Event.Timestamp | Event = Events[_]]) - Event := Events[_] - Event.Timestamp == MaxTs -} +LogEvents := utils.GetEvents("classroom_logs") ################### # GWS.CLASSROOM.1 # ################### - # # Baseline GWS.CLASSROOM.1.1v0.1 #-- - -#No OU to Inherit - -NonCompliantOUs1_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("ClassMembershipSettingsGroup who_can_join_classes", OU) +NonCompliantOUs1_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ClassMembershipSettingsGroup who_can_join_classes", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "1" } -tests[{ "PolicyId": "GWS.CLASSROOM.1.1v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CLASSROOM.1.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ClassMembershipSettingsGroup who_can_join_classes", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ClassMembershipSettingsGroup who_can_join_classes", utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CLASSROOM.1.1v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ClassMembershipSettingsGroup who_can_join_classes", TopLevelOU) +tests contains { + "PolicyId": "GWS.CLASSROOM.1.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + + Events := utils.FilterEvents(LogEvents, "ClassMembershipSettingsGroup who_can_join_classes", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -175,38 +56,43 @@ tests[{ "PolicyId": "GWS.CLASSROOM.1.1v0.1", # # Baseline GWS.CLASSROOM.1.2v0.1 #-- - -NonCompliantOUs1_2[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("ClassMembershipSettingsGroup which_classes_can_users_join", OU) +NonCompliantOUs1_2 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ClassMembershipSettingsGroup which_classes_can_users_join", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "1" } -tests[{ "PolicyId": "GWS.CLASSROOM.1.2v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CLASSROOM.1.2v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ClassMembershipSettingsGroup which_classes_can_users_join", TopLevelOU) + SettingName := "ClassMembershipSettingsGroup which_classes_can_users_join" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CLASSROOM.1.2v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_2), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ClassMembershipSettingsGroup which_classes_can_users_join", TopLevelOU) +tests contains { + "PolicyId": "GWS.CLASSROOM.1.2v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_2), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "ClassMembershipSettingsGroup which_classes_can_users_join" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_2) == 0 } @@ -219,39 +105,42 @@ tests[{ "PolicyId": "GWS.CLASSROOM.1.2v0.1", # # Baseline GWS.CLASSROOM.2.1v0.1 #-- - -NonCompliantOUs2_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("ApiDataAccessSettingProto api_access_enabled", OU) +NonCompliantOUs2_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ApiDataAccessSettingProto api_access_enabled", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ "PolicyId": "GWS.CLASSROOM.2.1v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CLASSROOM.2.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ApiDataAccessSettingProto api_access_enabled", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ApiDataAccessSettingProto api_access_enabled", utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CLASSROOM.2.1v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ApiDataAccessSettingProto api_access_enabled", TopLevelOU) +tests contains { + "PolicyId": "GWS.CLASSROOM.2.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "ApiDataAccessSettingProto api_access_enabled", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -264,46 +153,47 @@ tests[{ "PolicyId": "GWS.CLASSROOM.2.1v0.1", # # Baseline GWS.CLASSROOM.3.1v0.1 #-- - -NonCompliantOUs3_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("RosterImportSettingsProto sis_integrator", OU) +NonCompliantOUs3_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "RosterImportSettingsProto sis_integrator", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "SIS_INTEGRATOR_NONE" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ "PolicyId": "GWS.CLASSROOM.3.1v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CLASSROOM.3.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := true - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("RosterImportSettingsProto sis_integrator", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "RosterImportSettingsProto sis_integrator", utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CLASSROOM.3.1v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("RosterImportSettingsProto sis_integrator", TopLevelOU) +tests contains { + "PolicyId": "GWS.CLASSROOM.3.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "RosterImportSettingsProto sis_integrator", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } #-- -#-- - ################### # GWS.CLASSROOM.4 # ################### @@ -311,40 +201,44 @@ tests[{ "PolicyId": "GWS.CLASSROOM.3.1v0.1", # # Baseline GWS.CLASSROOM.4.1v0.1 #-- - -NonCompliantOUs4_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("StudentUnenrollmentSettingsProto who_can_unenroll_students", OU) +NonCompliantOUs4_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "StudentUnenrollmentSettingsProto who_can_unenroll_students", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ONLY_TEACHERS_CAN_UNENROLL_STUDENTS" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" - } -tests[{ "PolicyId": "GWS.CLASSROOM.4.1v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.CLASSROOM.4.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := true - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("StudentUnenrollmentSettingsProto who_can_unenroll_students", TopLevelOU) + SettingName := "StudentUnenrollmentSettingsProto who_can_unenroll_students" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } -tests[{ "PolicyId": "GWS.CLASSROOM.4.1v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, - "RequirementMet": Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("StudentUnenrollmentSettingsProto who_can_unenroll_students", TopLevelOU) +tests contains { + "PolicyId": "GWS.CLASSROOM.4.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "StudentUnenrollmentSettingsProto who_can_unenroll_students" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } diff --git a/rego/Commoncontrols.rego b/rego/Commoncontrols.rego index 655914be..8ce9915b 100644 --- a/rego/Commoncontrols.rego +++ b/rego/Commoncontrols.rego @@ -1,134 +1,7 @@ package commoncontrols -import future.keywords -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails - -ReportDetailsBoolean(true) := "Requirement met." -ReportDetailsBoolean(false) := "Requirement not met." - -FilterEvents(SettingName) := FilteredEvents if { - Events := SettingChangeEvents - FilteredEvents := {Event | some Event in Events; Event.Setting == SettingName} -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := { - Event | some Event in Events; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - } -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If only the root OU exists run like normal - input.organizational_unit_names - count(input.organizational_unit_names) < 2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := {Event | some Event in Events; Event.OrgUnit == OrgUnit} -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If OUs variable does not exist run like normal - not input.organizational_unit_names - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := {Event | some Event in Events; Event.OrgUnit == OrgUnit} -} - -SettingChangeEvents contains { - "Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit, - "AppName": AppName -} -if { - some Item in input.commoncontrols_logs.items # For each item... - some Event in Item.events # For each event in the item... - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters} - "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters} - "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} - "APPLICATION_NAME" in {Parameter.name | some Parameter in Event.parameters} - - # Extract the values - Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0] - AppName := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "APPLICATION_NAME"][0] -} - -# Secondary case that looks for the DELETE_APPLICATION_SETTING events. -# These events don't have a NEW_VALUE. To make these events work with -# minimal special logic, this rule adds the DELETE_APPLICATION_SETTING -# to the SettingChangeEvents set, with "DELETE_APPLICATION_SETTING" as -# the NewValue. -SettingChangeEvents contains { - "Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit, - "AppName": AppName -} -if { - some Item in input.commoncontrols_logs.items # For each item... - some Event in Item.events # For each event in the item... - Event.name == "DELETE_APPLICATION_SETTING" # Only look at delete events - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters} - "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} - "APPLICATION_NAME" in {Parameter.name | some Parameter in Event.parameters} - - # Extract the values - Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0] - NewValue := "DELETE_APPLICATION_SETTING" - OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0] - AppName := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "APPLICATION_NAME"][0] -} - -# Additional case for Russian localization setting -SettingChangeEvents contains { - "Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "OrgUnit": OrgUnit, - "Setting": "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", - "AppName": "NA" -} -if { - some Item in input.commoncontrols_logs.items # For each item... - some Event in Item.events # For each event in the item... - - Event.name == "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA" - - # Does this event have the parameters we're looking for? - "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters} - "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} - # Extract the values - NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0] -} - -GetLastEvent(Events) := Event if { - MaxTs := max({Event.Timestamp | some Event in Events}) - some Event in Events - Event.Timestamp == MaxTs -} +import data.utils +import future.keywords FilterEventsAlt(EventName) := Events if { # Many of the events for common controls are structured differently. @@ -192,45 +65,7 @@ if { OrgUnit := GetEventOu(Event) } -TopLevelOU := Name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - Name := input.tenant_info.topLevelOU -} - -TopLevelOU := Name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) > 0 - Name := GetLastEvent(SettingChangeEvents).OrgUnit -} - -TopLevelOU := Name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) == 0 - Name := "" -} - -# The simpler version of OUsWithEvents won't work -# here because common controls has the two alt SettingChangeEvents -# rules, which means the simpler version might not find all OUs that -# have an event. -# -OUsWithEvents contains OrgUnit if { - some Item in input.commoncontrols_logs.items - some Event in Item.events - "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} - OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0] -} +LogEvents := utils.GetEvents("commoncontrols_logs") ######################## # GWS.COMMONCONTROLS.1 # @@ -248,37 +83,37 @@ OUsWithEvents contains OrgUnit if { # two different settings simultaneously. NoSuchEvent1_1 := true if { # No such event... - Events := FilterEventsAltOU("ENFORCE_STRONG_AUTHENTICATION", TopLevelOU) + Events := FilterEventsAltOU("ENFORCE_STRONG_AUTHENTICATION", utils.TopLevelOU) count(Events) == 0 } NoSuchEvent1_1 := true if { # No such event... - Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", utils.TopLevelOU) count(Events) == 0 } default NoSuchEvent1_1 := false NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("ENFORCE_STRONG_AUTHENTICATION", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" } NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ONLY_SECURITY_KEY" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -286,7 +121,7 @@ NonCompliantOUs1_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -299,7 +134,7 @@ if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false @@ -315,13 +150,13 @@ if { #-- NonCompliantOUs1_2 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "1 week" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -329,27 +164,27 @@ NonCompliantOUs1_2 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_ENROLLMENT_PERIOD_DURATION", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_2) == 0 } @@ -360,13 +195,13 @@ if { #-- NonCompliantOUs1_3 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DISABLE_USERS_TO_TRUST_DEVICE" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -374,27 +209,27 @@ NonCompliantOUs1_3 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_3}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_TWO_STEP_VERIFICATION_FREQUENCY", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_3) == 0 } @@ -405,40 +240,40 @@ if { #-- NonCompliantOUs1_4 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "ANY" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.1.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", TopLevelOU) + Events := FilterEventsAltOU("CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_4) == 0 } @@ -462,7 +297,7 @@ tests contains { "No relevant event in the current logs. While we are unable ", "to determine the state from the logs, the default setting ", "is non-compliant; manual check recommended." - ]), # Custom message instead of NoSuchEventDetails function, + ]), # Custom message instead of utils.NoSuchEventDetails function, # as this setting isn't controlled at the OU level "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, @@ -477,7 +312,7 @@ if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.2.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsBoolean(Status), + "ReportDetails": utils.ReportDetailsBoolean(Status), "ActualValue": {"TOGGLE_CAA_ENABLEMENT": LastEvent.NewValue}, "RequirementMet": Status, "NoSuchEvent": false @@ -485,7 +320,7 @@ tests contains { if { Events := FilterEventsAlt("TOGGLE_CAA_ENABLEMENT") count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) Status := LastEvent.NewValue == "ENABLED" } #-- @@ -512,13 +347,13 @@ tests contains { #-- NonCompliantOUs3_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("SsoPolicyProto challenge_selection_behavior", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SsoPolicyProto challenge_selection_behavior", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "PERFORM_CHALLENGE_SELECTION" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -526,27 +361,27 @@ NonCompliantOUs3_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.3.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("SsoPolicyProto challenge_selection_behavior", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SsoPolicyProto challenge_selection_behavior", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.3.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("SsoPolicyProto challenge_selection_behavior", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SsoPolicyProto challenge_selection_behavior", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } @@ -571,13 +406,13 @@ IsGoodLimit(ActualLim) := false if { } NonCompliantOUs4_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Session management settings - Session length in seconds", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Session management settings - Session length in seconds", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DELETE_APPLICATION_SETTING" not IsGoodLimit(LastEvent.NewValue) } @@ -585,27 +420,27 @@ NonCompliantOUs4_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.4.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("Session management settings - Session length in seconds", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Session management settings - Session length in seconds", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.4.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("Session management settings - Session length in seconds", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Session management settings - Session length in seconds", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } @@ -620,13 +455,13 @@ if { #-- NonCompliantOUs5_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Password Management - Enforce strong password", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Password Management - Enforce strong password", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "on" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -634,26 +469,26 @@ NonCompliantOUs5_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("Password Management - Enforce strong password", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Password Management - Enforce strong password", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("Password Management - Enforce strong password", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Password Management - Enforce strong password", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } @@ -664,13 +499,13 @@ tests contains { #-- NonCompliantOUs5_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Password Management - Minimum password length", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Password Management - Minimum password length", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DELETE_APPLICATION_SETTING" Minimum := to_number(LastEvent.NewValue) Minimum < 12 @@ -679,27 +514,27 @@ NonCompliantOUs5_2 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("Password Management - Minimum password length", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Password Management - Minimum password length", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("Password Management - Minimum password length", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Password Management - Minimum password length", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_2) == 0 } @@ -710,13 +545,13 @@ if { #-- NonCompliantOUs5_3 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Password Management - Enforce password policy at next login", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Password Management - Enforce password policy at next login", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "true" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -724,27 +559,29 @@ NonCompliantOUs5_3 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("Password Management - Enforce password policy at next login", TopLevelOU) + SettingName := "Password Management - Enforce password policy at next login" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_3}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("Password Management - Enforce password policy at next login", TopLevelOU) + SettingName := "Password Management - Enforce password policy at next login" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_3) == 0 } @@ -755,13 +592,13 @@ if { #-- NonCompliantOUs5_4 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Password Management - Enable password reuse", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Password Management - Enable password reuse", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -769,27 +606,27 @@ NonCompliantOUs5_4 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("Password Management - Enable password reuse", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Password Management - Enable password reuse", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("Password Management - Enable password reuse", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Password Management - Enable password reuse", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_4) == 0 } @@ -800,13 +637,13 @@ if { #-- NonCompliantOUs5_5 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Password Management - Password reset frequency", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Password Management - Password reset frequency", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "0" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -814,27 +651,27 @@ NonCompliantOUs5_5 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.5v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("Password Management - Password reset frequency", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Password Management - Password reset frequency", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.5.5v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_5), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_5}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("Password Management - Password reset frequency", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Password Management - Password reset frequency", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_5) == 0 } @@ -938,13 +775,13 @@ tests contains { #-- NonCompliantOUs9_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("AdminAccountRecoverySettingsProto Enable admin account recovery", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "AdminAccountRecoverySettingsProto Enable admin account recovery", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -952,26 +789,28 @@ NonCompliantOUs9_2 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.9.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("AdminAccountRecoverySettingsProto Enable admin account recovery", TopLevelOU) + SettingName := "AdminAccountRecoverySettingsProto Enable admin account recovery" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.9.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs9_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("AdminAccountRecoverySettingsProto Enable admin account recovery", TopLevelOU) + SettingName := "AdminAccountRecoverySettingsProto Enable admin account recovery" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs9_2) == 0 } @@ -1099,7 +938,7 @@ HighRiskBlocked contains Service if { # Filter for just that service FilteredEvents := {Event | some Event in APIAccessEvents; Event.ServiceName == Service} # Get the most recent change - Event := GetLastEvent(FilteredEvents) + Event := utils.GetLastEvent(FilteredEvents) # If the most recent change is ALLOW, this service is unrestricted Event.EventName == "DISALLOW_SERVICE_FOR_OAUTH2_ACCESS" } @@ -1114,7 +953,7 @@ UnrestrictedServices11_2 contains Service if { # Filter for just that service FilteredEvents := {Event | some Event in APIAccessEvents; Event.ServiceName == Service} # Get the most recent change - Event := GetLastEvent(FilteredEvents) + Event := utils.GetLastEvent(FilteredEvents) # If the most recent change is ALLOW... and the _HIGH_RISK # version of the service is not blocked, then the app is unrestricted Event.EventName == "ALLOW_SERVICE_FOR_OAUTH2_ACCESS" @@ -1177,7 +1016,7 @@ UnrestrictedServices11_3 contains Service if { # Filter for just that service FilteredEvents := {Event | some Event in APIAccessEvents; Event.ServiceName == Service} # Get the most recent change - Event := GetLastEvent(FilteredEvents) + Event := utils.GetLastEvent(FilteredEvents) # If the most recent change is ALLOW..., even if the _HIGH_RISK # version of the service is blocked, then the app is unrestricted # for the purposes of 11.3, so we don't need to check the high @@ -1246,40 +1085,40 @@ if { } NonCompliantOUs11_4 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == OU} count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.EventName != "UNTRUST_DOMAIN_OWNED_OAUTH2_APPS" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.11.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == TopLevelOU} + Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == utils.TopLevelOU} count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.11.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs11_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs11_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs11_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == TopLevelOU} + Events := {Event | some Event in DomainOwnedAppAccessEvents; Event.OrgUnit == utils.TopLevelOU} count(Events) > 0 Status := count(NonCompliantOUs11_4) == 0 } @@ -1308,40 +1147,40 @@ if { } NonCompliantOUs11_5 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := [Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == OU] count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.EventName != "BLOCK_ALL_THIRD_PARTY_API_ACCESS" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.11.5v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := {Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == TopLevelOU} + Events := {Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == utils.TopLevelOU} count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.11.5v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs11_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs11_5), "ActualValue": {"NonCompliantOUs": NonCompliantOUs11_5}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := {Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == TopLevelOU} + Events := {Event | some Event in UnconfiguredAppAccessEvents; Event.OrgUnit == utils.TopLevelOU} count(Events) > 0 Status := count(NonCompliantOUs11_5) == 0 } @@ -1376,37 +1215,37 @@ tests contains { # Custom NoSuchEvent function needed as we're checking # two different settings simultaneously. NoSuchEvent12_2 := true if { - Events := FilterEventsOU("Apps Access Setting Allowlist access", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Apps Access Setting Allowlist access", utils.TopLevelOU) count(Events) == 0 } NoSuchEvent12_2 := true if { - Events := FilterEventsOU("Apps Access Setting allow_all_internal_apps", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Apps Access Setting allow_all_internal_apps", utils.TopLevelOU) count(Events) == 0 } default NoSuchEvent12_2 := false NonCompliantOUs12_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Apps Access Setting Allowlist access", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Apps Access Setting Allowlist access", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ALLOW_SPECIFIED" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } NonCompliantOUs12_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Apps Access Setting allow_all_internal_apps", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Apps Access Setting allow_all_internal_apps", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1414,7 +1253,7 @@ NonCompliantOUs12_2 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.12.2v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -1427,7 +1266,7 @@ if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.12.2v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs12_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs12_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs12_2}, "RequirementMet": Status, "NoSuchEvent": false @@ -1448,13 +1287,13 @@ if { #-- NonCompliantOUs13_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DENIED" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1468,27 +1307,27 @@ NonCompliantOUs13_1 contains OU if { tests contains { "PolicyId": "GWS.COMMONCONTROLS.13.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", TopLevelOU) + Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.13.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs13_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs13_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs13_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", TopLevelOU) + Events := FilterEventsAltOU("WEAK_PROGRAMMATIC_LOGIN_SETTINGS_CHANGED", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs13_1) == 0 } @@ -1501,21 +1340,21 @@ if { Apps := {"Blogger", "Google Books", "Google Pay", "Google Photos", "Google Play", "Google Play Console", "Location History", "YouTube"} -AppsAllowingTakoutOU contains App { - Events := FilterEvents("UserTakeoutSettingsProto User Takeout ") +AppsAllowingTakoutOU contains App if { + Events := utils.FilterEventsNoOU(LogEvents, "UserTakeoutSettingsProto User Takeout ") some App in Apps Filtered := {Event | some Event in Events; Event.AppName == App; Event.OrgUnit == data.OrgUnit} # Note the data.OrgUnit. This means this # rule will only work if called like this: # AppsAllowingTakoutOU with data.OrgUnit as ExampleOrgUnit - LastEvent := GetLastEvent(Filtered) + LastEvent := utils.GetLastEvent(Filtered) LastEvent.NewValue != "Disabled" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -NonCompliantOUs14_1 contains OU { - some OU in OUsWithEvents - Events := FilterEventsOU("UserTakeoutSettingsProto User Takeout ", OU) +NonCompliantOUs14_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "UserTakeoutSettingsProto User Takeout ", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have @@ -1533,7 +1372,7 @@ tests contains { "Criticality": "Shall", "ReportDetails": concat("", [ "For apps with individual admin control: ", - NoSuchEventDetails(DefaultSafe, TopLevelOU) + utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU) ]), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, @@ -1541,7 +1380,7 @@ tests contains { } if { DefaultSafe := true - Events := FilterEventsOU("UserTakeoutSettingsProto User Takeout ", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "UserTakeoutSettingsProto User Takeout ", utils.TopLevelOU) count(Events) == 0 } @@ -1550,14 +1389,14 @@ tests contains { "Criticality": "Shall", "ReportDetails": concat("", [ "For apps with individual admin control: ", - ReportDetailsOUs(NonCompliantOUs14_1) + utils.ReportDetailsOUs(NonCompliantOUs14_1) ]), "ActualValue": {"NonCompliantOUs": NonCompliantOUs14_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("UserTakeoutSettingsProto User Takeout ", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "UserTakeoutSettingsProto User Takeout ", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs14_1) == 0 } @@ -1605,40 +1444,43 @@ tests contains { #-- NonCompliantOUs16_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"", OU) + some OU in utils.OUsWithEvents + SettingName := "Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"" + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ENABLED" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.16.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"", TopLevelOU) + SettingName := "Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.16.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs16_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs16_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs16_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"", TopLevelOU) + SettingName := "Data Sharing Settings between GCP and Google Workspace \"Sharing Options\"" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs16_1) == 0 } @@ -1684,40 +1526,40 @@ tests contains { #-- NonCompliantOUs18_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.COMMONCONTROLS.18.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.COMMONCONTROLS.18.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs18_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs18_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs18_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs18_1) == 0 } diff --git a/rego/Drive.rego b/rego/Drive.rego index 38be258e..b857667f 100644 --- a/rego/Drive.rego +++ b/rego/Drive.rego @@ -1,171 +1,51 @@ package drive -import future.keywords -import data.utils.NoSuchEventDetails -import data.utils.ReportDetailsOUs - -OUsWithEvents[Event.OrgUnit] { - Event := SettingChangeEvents[_] -} - -FilterEvents(SettingName) := FilteredEvents if -{ - # Filter the events by SettingName - Events := SettingChangeEvents - FilteredEvents := [Event | Event = Events[_]; Event.Setting == SettingName] -} - -FilterEventsOU(ServiceName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 - - # Filter the events by both ServiceName and OrgUnit - Events := FilterEvents(ServiceName) - FilteredEvents := [ - Event | Event = Events[_]; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - ] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If only the root OU exists run like normal - input.organizational_unit_names - count(input.organizational_unit_names) < 2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If OUs variable does not exist run like normal - not input.organizational_unit_names - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] -} - -GetTopLevelOU() := name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - name := input.tenant_info.topLevelOU -} - -GetTopLevelOU() := name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) > 0 - name := GetLastEvent(SettingChangeEvents).OrgUnit -} - -GetTopLevelOU() := name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) == 0 - name := "" -} - -SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit}] { - - Item := input.drive_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - # Does this event have the parameters we're looking for? - "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] +import data.utils +import future.keywords - # Extract the values - Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} +LogEvents := utils.GetEvents("drive_logs") -# Secondary case that looks for the DELETE_APPLICATION_SETTING events. -# These events don't have a NEW_VALUE. To make these events work with -# minimal special logic, this rule adds the DELETE_APPLICATION_SETTING -# to the SettingChangeEvents set, with "DELETE_APPLICATION_SETTING" as -# the NewValue. -SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit}] { - - Item := input.drive_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - Event.name == "DELETE_APPLICATION_SETTING" # Only look at delete events - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - - # Extract the values - Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0] - NewValue := "DELETE_APPLICATION_SETTING" - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} - -GetLastEvent(Events) := Event if { - # Because CalendarSharingEvents returns a set instead - # of an array, we can't just index it and get the last - # value - MaxTs := max([Event.Timestamp | Event = Events[_]]) - Event := Events[_] - Event.Timestamp == MaxTs -} - -################ +################### # GWS.DRIVEDOCS.1 # -################ +################### # # Baseline GWS.DRIVEDOCS.1.1v0.1 #-- # TODO: OU inheritence implementation pending after SCB updates, refer to #328 -NonCompliantOUs1_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) - contains("SHARING_NOT_ALLOWED SHARING_NOT_ALLOWED_BUT_MAY_RECEIVE_FILES INHERIT_FROM_PARENT", LastEvent.NewValue) == false -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.1v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +NonCompliantOUs1_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + SettingValue := "SHARING_NOT_ALLOWED SHARING_NOT_ALLOWED_BUT_MAY_RECEIVE_FILES INHERIT_FROM_PARENT" + contains(SettingValue, LastEvent.NewValue) == false +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.1v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -174,34 +54,38 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.1.1v0.1", # # Baseline GWS.DRIVEDOCS.1.2v0.1 #-- -NonCompliantOUs1_2[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", OU) +NonCompliantOUs1_2 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("SHARING_NOT_ALLOWED INHERIT_FROM_PARENT", LastEvent.NewValue) == false } -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.2v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.2v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.2v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_2), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.2v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_2), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_2) == 0 } @@ -210,34 +94,38 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.1.2v0.1", # # Baseline GWS.DRIVEDOCS.1.3v0.1 #-- -NonCompliantOUs1_3[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) +NonCompliantOUs1_3 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) contains("SHARING_ALLOWED INHERIT_FROM_PARENT", LastEvent.NewValue) == true } -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.3v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.3v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.3v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_3), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_3}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_OUTSIDE_DOMAIN", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.3v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_3), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_3}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_3) == 0 } @@ -246,34 +134,38 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.1.3v0.1", # # Baseline GWS.DRIVEDOCS.1.4v0.1 #-- -NonCompliantOUs1_4[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) +NonCompliantOUs1_4 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) contains("NOT_ALLOWED INHERIT_FROM_PARENT", LastEvent.NewValue) == false } -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.4v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.4v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.4v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_4), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_4}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.4v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_4), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_4}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_4) == 0 } @@ -282,34 +174,38 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.1.4v0.1", # # Baseline GWS.DRIVEDOCS.1.5v0.1 #-- -NonCompliantOUs1_5[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("PUBLISHING_TO_WEB", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) +NonCompliantOUs1_5 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "PUBLISHING_TO_WEB", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) contains("ALLOWED", LastEvent.NewValue) == true } -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.5v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.5v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("PUBLISHING_TO_WEB", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.5v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_5), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_5}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("PUBLISHING_TO_WEB", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "PUBLISHING_TO_WEB", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.5v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_5), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_5}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "PUBLISHING_TO_WEB", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_5) == 0 } @@ -318,35 +214,38 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.1.5v0.1", # # Baseline GWS.DRIVEDOCS.1.6v0.1 #-- -NonCompliantOUs1_6[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("SHARING_ACCESS_CHECKER_OPTIONS", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) +NonCompliantOUs1_6 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) contains("NAMED_PARTIES_ONLY DOMAIN_OR_NAMED_PARTIES INHERIT_FROM_PARENT", LastEvent.NewValue) == false } -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.6v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent":true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.6v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_ACCESS_CHECKER_OPTIONS",TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.6v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_6), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_6}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_ACCESS_CHECKER_OPTIONS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS",utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.6v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_6), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_6}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_6) == 0 } @@ -355,35 +254,39 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.1.6v0.1", # # Baseline GWS.DRIVEDOCS.1.7v0.1 #-- -NonCompliantOUs1_7[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) - contains("CROSS_DOMAIN_FROM_INTERNAL_ONLY CROSS_DOMAIN_MOVES_BLOCKED INHERIT_FROM_PARENT", LastEvent.NewValue) == false +NonCompliantOUs1_7 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + SettingValue := "CROSS_DOMAIN_FROM_INTERNAL_ONLY CROSS_DOMAIN_MOVES_BLOCKED INHERIT_FROM_PARENT" + contains(SettingValue, LastEvent.NewValue) == false } -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.7v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.7v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.7v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_7), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs1_7}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.7v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_7), + "ActualValue": {"NonComplaintOUs": NonCompliantOUs1_7}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_7) == 0 } @@ -392,78 +295,84 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.1.7v0.1", # # Baseline GWS.DRIVEDOCS.1.8v0.1 #-- -NonCompliantOUs1_8[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("DEFAULT_LINK_SHARING_FOR_NEW_DOCS", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) +NonCompliantOUs1_8 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "PRIVATE" LastEvent.NewValue != "INHERIT_FROM_PARENT" } -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.8v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent":true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.8v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("DEFAULT_LINK_SHARING_FOR_NEW_DOCS",TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.1.8v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_8), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_8}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("DEFAULT_LINK_SHARING_FOR_NEW_DOCS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS",utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.1.8v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_8), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_8}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_8) == 0 } #-- -################ +################### # GWS.DRIVEDOCS.2 # -################ +################### # # Baseline GWS.DRIVEDOCS.2.1v0.1 #-- -NonCompliantOUs2_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("Shared Drive Creation CanCreateSharedDrives", OU) +NonCompliantOUs2_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation CanCreateSharedDrives", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.1v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation CanCreateSharedDrives", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.1v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_1), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_1}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation CanCreateSharedDrives", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation CanCreateSharedDrives", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), + "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation CanCreateSharedDrives", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -472,36 +381,39 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.2.1v0.1", # # Baseline GWS.DRIVEDOCS.2.2v0.1 #-- -NonCompliantOUs2_2[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("Shared Drive Creation new_team_drive_admin_only", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) +NonCompliantOUs2_2 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.2v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.2v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation new_team_drive_admin_only", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.2v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_2), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_2}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation new_team_drive_admin_only", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.2v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_2), + "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_2}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_2) == 0 } @@ -510,36 +422,41 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.2.2v0.1", # # Baseline GWS.DRIVEDOCS.2.3v0.1 #-- -NonCompliantOUs2_3[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("Shared Drive Creation new_team_drive_restricts_cross_domain_access", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) +NonCompliantOUs2_3 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_cross_domain_access", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.3v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.3v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation new_team_drive_restricts_cross_domain_access", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.3v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_3), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_3}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation new_team_drive_restricts_cross_domain_access", TopLevelOU) + SettingName := "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.3v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_3), + "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_3}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "Shared Drive Creation new_team_drive_restricts_cross_domain_access" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_3) == 0 } @@ -548,36 +465,41 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.2.3v0.1", # # Baseline GWS.DRIVEDOCS.2.4v0.1 #-- -NonCompliantOUs2_4[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("Shared Drive Creation new_team_drive_restricts_direct_access", OU) +NonCompliantOUs2_4 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_direct_access", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.4v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.4v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation new_team_drive_restricts_direct_access", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.4v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_4), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_4}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation new_team_drive_restricts_direct_access", TopLevelOU) + SettingName := "Shared Drive Creation new_team_drive_restricts_direct_access" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.4v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_4), + "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_4}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "Shared Drive Creation new_team_drive_restricts_direct_access" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_4) == 0 } @@ -586,268 +508,284 @@ tests[{ "PolicyId": "GWS.DRIVEDOCS.2.4v0.1", # # Baseline GWS.DRIVEDOCS.2.5v0.1 #-- -NonCompliantOUs2_5[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("Shared Drive Creation new_team_drive_restricts_download", OU) +NonCompliantOUs2_5 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) contains("false", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.5v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.5v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation new_team_drive_restricts_download", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.2.5v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs2_5), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_5}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Shared Drive Creation new_team_drive_restricts_download", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.2.5v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_5), + "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_5}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_5) == 0 } #-- - -################ -# GWS.DRIVEDOCS.3 -################ +################### +# GWS.DRIVEDOCS.3 # +################### # # Baseline GWS.DRIVEDOCS.3.1v0.1 #-- - NoSuchEvent3_1(TopLevelOU) := true if { # No such event... - Events_A := FilterEventsOU("Link Security Update Settings allow_less_secure_link_user_restore", TopLevelOU) + SettingName := "Link Security Update Settings allow_less_secure_link_user_restore" + Events_A := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) count(Events_A) == 0 } NoSuchEvent3_1(TopLevelOU) := true if { # No such event... - Events := FilterEventsOU("Link Security Update Settings less_secure_link_option", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "Link Security Update Settings less_secure_link_option", TopLevelOU) count(Events) == 0 } default NoSuchEvent3_1(_) := false -NonCompliantOUs3_1[OU] { - OU := OUsWithEvents[_] - Events_A := FilterEventsOU("Link Security Update Settings allow_less_secure_link_user_restore", OU) - count(Events_A) > 0 - LastEvent_A := GetLastEvent(Events_A) - - Events_B := FilterEventsOU("Link Security Update Settings less_secure_link_option", OU) - count(Events_B) > 0 - LastEvent_B := GetLastEvent(Events_B) - - Conditions := [LastEvent_A.NewValue != "false", LastEvent_B.NewValue != "REMOVE_LESS_SECURE_LINKS"] - count([Condition | Condition = Conditions[_]; Condition == true]) > 0 -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.3.1v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +NonCompliantOUs3_1 contains OU if { + some OU in utils.OUsWithEvents + Events_A := utils.FilterEvents(LogEvents, "Link Security Update Settings allow_less_secure_link_user_restore", OU) + count(Events_A) > 0 + LastEvent_A := utils.GetLastEvent(Events_A) + + Events_B := utils.FilterEvents(LogEvents, "Link Security Update Settings less_secure_link_option", OU) + count(Events_B) > 0 + LastEvent_B := utils.GetLastEvent(Events_B) + + true in { + LastEvent_A.NewValue != "false", + LastEvent_B.NewValue != "REMOVE_LESS_SECURE_LINKS" + } +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.3.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - NoSuchEvent3_1(TopLevelOU) -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.3.1v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs3_1), - "ActualValue" : {"NonComplaintOUs": NonCompliantOUs3_1}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - not NoSuchEvent3_1(TopLevelOU) + NoSuchEvent3_1(utils.TopLevelOU) +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.3.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), + "ActualValue" : {"NonComplaintOUs": NonCompliantOUs3_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + not NoSuchEvent3_1(utils.TopLevelOU) Status := count(NonCompliantOUs3_1) == 0 } #-- -################ -# GWS.DRIVEDOCS.4# -################ +################### +# GWS.DRIVEDOCS.4 # +################### # # Baseline GWS.DRIVEDOCS.4.1v0.1 #-- -NonCompliantOUs4_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("ENABLE_DRIVE_APPS", OU) +NonCompliantOUs4_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ENABLE_DRIVE_APPS", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "INHERIT_FROM_PARENT" } -tests[{ "PolicyId": "GWS.DRIVEDOCS.4.1v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent":true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.4.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ENABLE_DRIVE_APPS", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active + Events := utils.FilterEvents(LogEvents, "ENABLE_DRIVE_APPS", utils.TopLevelOU) + count(Events) == 0 } -tests[{ "PolicyId": "GWS.DRIVEDOCS.4.1v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs4_1), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs4_1}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ENABLE_DRIVE_APPS", TopLevelOU) +tests contains { + "PolicyId": "GWS.DRIVEDOCS.4.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), + "ActualValue": {"NonComplaintOUs": NonCompliantOUs4_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "ENABLE_DRIVE_APPS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } #-- -################ +################### # GWS.DRIVEDOCS.5 # -################ +################### # # Baseline GWS.DRIVEDOCS.5.1v0.1 #-- -NonCompliantOUs5_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("ENABLE_DOCS_ADD_ONS", OU) - count(Events) > 0 - LastEvent := GetLastEvent(Events) +NonCompliantOUs5_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ENABLE_DOCS_ADD_ONS", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "INHERIT_FROM_PARENT" } -tests[{ "PolicyId": "GWS.DRIVEDOCS.5.1v0.1", - "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.DRIVEDOCS.5.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ENABLE_DOCS_ADD_ONS", TopLevelOU) - count(Events) == 0 # If no Events were logged, then the default - # value is still active + Events := utils.FilterEvents(LogEvents, "ENABLE_DOCS_ADD_ONS", utils.TopLevelOU) + count(Events) == 0 } -tests[{ "PolicyId": "GWS.DRIVEDOCS.5.1v0.1", - "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs5_1}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("ENABLE_DOCS_ADD_ONS", TopLevelOU) +tests contains { + "PolicyId": "GWS.DRIVEDOCS.5.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), + "ActualValue": {"NonComplaintOUs": NonCompliantOUs5_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "ENABLE_DOCS_ADD_ONS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } #-- -################ -# GWS.DRIVEDOCS.6 -################ +################### +# GWS.DRIVEDOCS.6 # +################### # # Baseline GWS.DRIVEDOCS.6.1v0.1 #-- - default NoSuchEvent6_1(_) := true NoSuchEvent6_1(TopLevelOU) := false if { - Events := FilterEventsOU("DriveFsSettingsProto drive_fs_enabled", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "DriveFsSettingsProto drive_fs_enabled", TopLevelOU) count(Events) != 0 } NoSuchEvent6_1(TopLevelOU) := false if { # No such event... - Events := FilterEventsOU("DriveFsSettingsProto company_owned_only_enabled", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "DriveFsSettingsProto company_owned_only_enabled", TopLevelOU) count(Events) != 0 } -NonCompliantOUs6_1[OU] { - OU := OUsWithEvents[_] - Events_A := FilterEventsOU("DriveFsSettingsProto drive_fs_enabled", OU) +NonCompliantOUs6_1 contains OU if { + some OU in utils.OUsWithEvents + Events_A := utils.FilterEvents(LogEvents, "DriveFsSettingsProto drive_fs_enabled", OU) count(Events_A) > 0 - LastEvent_A := GetLastEvent(Events_A) + LastEvent_A := utils.GetLastEvent(Events_A) LastEvent_A.NewValue != "DELETE_APPLICATION_SETTING" - Events_B := FilterEventsOU("DriveFsSettingsProto company_owned_only_enabled", OU) + Events_B := utils.FilterEvents(LogEvents, "DriveFsSettingsProto company_owned_only_enabled", OU) count(Events_B) > 0 - LastEvent_B := GetLastEvent(Events_B) + LastEvent_B := utils.GetLastEvent(Events_B) LastEvent_B.NewValue != "DELETE_APPLICATION_SETTING" - - Conditions := [LastEvent_A.NewValue != "true", LastEvent_B.NewValue != "true"] - count([Condition | Condition = Conditions[_]; Condition == true]) > 0 - -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.6.1v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { + + true in { + LastEvent_A.NewValue != "true", + LastEvent_B.NewValue != "true" + } +} + +tests contains { + "PolicyId": "GWS.DRIVEDOCS.6.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - NoSuchEvent6_1(TopLevelOU) -} - -tests[{ "PolicyId": "GWS.DRIVEDOCS.6.1v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_1), - "ActualValue" : {"NonComplaintOUs": NonCompliantOUs6_1}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - not NoSuchEvent6_1(TopLevelOU) - Status := count(NonCompliantOUs6_1) == 0 + NoSuchEvent6_1(utils.TopLevelOU) } +tests contains { + "PolicyId": "GWS.DRIVEDOCS.6.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_1), + "ActualValue" : {"NonComplaintOUs": NonCompliantOUs6_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + not NoSuchEvent6_1(utils.TopLevelOU) + Status := count(NonCompliantOUs6_1) == 0 +} #-- -################ -# GWS.DRIVEDOCS.7 -################ - -# not implementable: Need a way to see when a rule is created. The fact that a rule is created gets logged but the rule's contents are not. +################### +# GWS.DRIVEDOCS.7 # +################### # # Baseline GWS.DRIVEDOCS.7.1v0.1 #-- - -tests[{ "PolicyId": "GWS.DRIVEDOCS.7.1v0.1", - "Criticality": "Should/Not-Implemented", - "ReportDetails": "Currently not able to be tested automatically; please manually check.", - "ActualValue": "", - "RequirementMet": false, - "NoSuchEvent": true}] { - true - +# not implementable: Need a way to see when a rule is created. +# The fact that a rule is created gets logged but the rule's +# contents are not. +tests contains { + "PolicyId": "GWS.DRIVEDOCS.7.1v0.1", + "Criticality": "Should/Not-Implemented", + "ReportDetails": "Currently not able to be tested automatically; please manually check.", + "ActualValue": "", + "RequirementMet": false, + "NoSuchEvent": true } #-- \ No newline at end of file diff --git a/rego/Gmail.rego b/rego/Gmail.rego index 4c18bd10..23f6c88c 100644 --- a/rego/Gmail.rego +++ b/rego/Gmail.rego @@ -1,7 +1,7 @@ package gmail + +import data.utils import future.keywords -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails Format(Array) := format_int(count(Array), 10) @@ -23,181 +23,7 @@ AllDomains contains Domain.domain if { some Domain in input.dkim_records } -FilterEvents(SettingName) := FilteredEvents if { - Events := SettingChangeEvents - FilteredEvents := [Event | some Event in Events; Event.Setting == SettingName] -} - -FilterEventsDomain(SettingName) := FilteredEvents if { - Events := SettingChangeEventsDomain - FilteredEvents := [Event | some Event in Events; Event.Setting == SettingName] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [ - Event | some Event in Events; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - ] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If only the root OU exists run like normal - input.organizational_unit_names - count(input.organizational_unit_names) < 2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := {Event | some Event in Events; Event.OrgUnit == OrgUnit} -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If OUs variable does not exist run like normal - not input.organizational_unit_names - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := {Event | some Event in Events; Event.OrgUnit == OrgUnit} -} - -TopLevelOU := Name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - Name := input.tenant_info.topLevelOU -} - -TopLevelOU := Name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) > 0 - Name := GetLastEvent(SettingChangeEvents).OrgUnit -} - -TopLevelOU := Name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) == 0 - Name := "" -} - -OUsWithEvents contains Event.OrgUnit if { - some Event in SettingChangeEvents -} - -SettingChangeEvents contains { - "Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit, - "DomainName": DomainName -} -if { - some Item in input.gmail_logs.items # For each item... - some Event in Item.events # For each event in the item... - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters} - "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters} - "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} - - # Extract the values - Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0] - OrgUnit := GetEventOu(Event) - DomainName := GetEventDomain(Event) -} - -# Secondary case that looks for the DELETE_APPLICATION_SETTING events. -# These events don't have a NEW_VALUE. To make these events work with -# minimal special logic, this rule adds the DELETE_APPLICATION_SETTING -# to the SettingChangeEvents set, with "DELETE_APPLICATION_SETTING" as -# the NewValue. -SettingChangeEvents contains { - "Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit, - "DomainName": DomainName -} -if { - some Item in input.gmail_logs.items # For each item... - some Event in Item.events # For each event in the item... - Event.name == "DELETE_APPLICATION_SETTING" # Only look at delete events - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters} - "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} - - # Extract the values - Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0] - NewValue := "DELETE_APPLICATION_SETTING" - OrgUnit := GetEventOu(Event) - DomainName := GetEventDomain(Event) -} - -SettingChangeEventsDomain contains { - "Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "DomainName": DomainName -} -if { - some Item in input.gmail_logs.items # For each item... - some Event in Item.events # For each event in the item... - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters} - "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters} - "DOMAIN_NAME" in {Parameter.name | some Parameter in Event.parameters} - - # Extract the values - Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0] - DomainName := GetEventDomain(Event) -} - -GetEventOu(Event) := OrgUnit if { - "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} - OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0] -} - -GetEventOu(Event) := "None" if { - not "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} -} - -GetEventDomain(Event) := DomainName if { - "DOMAIN_NAME" in {Parameter.name | some Parameter in Event.parameters} - DomainName := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "DOMAIN_NAME"][0] -} - -GetEventDomain(Event) := "None" if { - not "DOMAIN_NAME" in {Parameter.name | some Parameter in Event.parameters} -} - -GetLastEvent(Events) := Event if { - MaxTs := max({Event.Timestamp | some Event in Events}) - some Event in Events - Event.Timestamp == MaxTs -} - +LogEvents := utils.GetEvents("gmail_logs") ############### # GWS.GMAIL.1 # @@ -207,40 +33,40 @@ GetLastEvent(Events) := Event if { # Baseline GWS.GMAIL.1.1v0.1 #-- NonCompliantOUs1_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.GMAIL.1.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := true - Events := FilterEventsOU("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.1.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } @@ -407,14 +233,14 @@ if { # Baseline GWS.GMAIL.5.1v0.1 #-- NonCompliantOUs5_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -422,28 +248,28 @@ NonCompliantOUs5_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false SettingName := "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.5.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } @@ -452,14 +278,14 @@ if { # Baseline GWS.GMAIL.5.2v0.1 #-- NonCompliantOUs5_2 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Attachment safety Enable: protect against attachments with scripts from untrusted senders" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -467,7 +293,7 @@ NonCompliantOUs5_2 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -475,21 +301,21 @@ tests contains { if { DefaultSafe := false SettingName := "Attachment safety Enable: protect against attachments with scripts from untrusted senders" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.5.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_2}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Attachment safety Enable: protect against attachments with scripts from untrusted senders" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_2) == 0 } @@ -517,14 +343,14 @@ EncryptedAttachmentSettingDetailsStr(LastEvent) := Description if { # Baseline GWS.GMAIL.5.3v0.1 #-- NonCompliantOUs5_3 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Attachment safety Enable: Protect against anomalous attachment types in emails" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -532,7 +358,7 @@ NonCompliantOUs5_3 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -540,21 +366,21 @@ tests contains { if { DefaultSafe := false SettingName := "Attachment safety Enable: Protect against anomalous attachment types in emails" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.5.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_3}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Attachment safety Enable: Protect against anomalous attachment types in emails" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_3) == 0 } @@ -564,13 +390,14 @@ if { # Baseline GWS.GMAIL.5.4v0.1 #-- NonCompliantOUs5_4 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Attachment safety Enable: automatically enables all future added settings", OU) + some OU in utils.OUsWithEvents + SettingName := "Attachment safety Enable: automatically enables all future added settings" + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -578,27 +405,29 @@ NonCompliantOUs5_4 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.4v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("Attachment safety Enable: automatically enables all future added settings", TopLevelOU) + SettingName := "Attachment safety Enable: automatically enables all future added settings" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.5.4v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("Attachment safety Enable: automatically enables all future added settings", TopLevelOU) + SettingName := "Attachment safety Enable: automatically enables all future added settings" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_4) == 0 } @@ -611,35 +440,38 @@ default NoSuchEvent5_5(_) := true NoSuchEvent5_5(TopLevelOU) := false if { # No such event... - Events := FilterEventsOU("Attachment safety Encrypted attachment protection setting action", TopLevelOU) + SettingName := "Attachment safety Encrypted attachment protection setting action" + Events := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) count(Events) != 0 } NoSuchEvent5_5(TopLevelOU) := false if { # No such event... - Events := FilterEventsOU("Attachment safety Attachment with scripts protection action", TopLevelOU) + SettingName := "Attachment safety Attachment with scripts protection action" + Events := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) count(Events) != 0 } NoSuchEvent5_5(TopLevelOU) := false if { # No such event... - Events := FilterEventsOU("Attachment safety Anomalous attachment protection setting action", TopLevelOU) + SettingName := "Attachment safety Anomalous attachment protection setting action" + Events := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) count(Events) != 0 } NonCompliantOUs5_5 contains OU if { - some OU in OUsWithEvents - Events_A := FilterEventsOU("Attachment safety Encrypted attachment protection setting action", OU) + some OU in utils.OUsWithEvents + Events_A := utils.FilterEvents(LogEvents, "Attachment safety Encrypted attachment protection setting action", OU) count(Events_A) > 0 - LastEvent_A := GetLastEvent(Events_A) + LastEvent_A := utils.GetLastEvent(Events_A) - Events_B := FilterEventsOU("Attachment safety Attachment with scripts protection action", OU) + Events_B := utils.FilterEvents(LogEvents, "Attachment safety Attachment with scripts protection action", OU) count(Events_B) > 0 - LastEvent_B := GetLastEvent(Events_B) + LastEvent_B := utils.GetLastEvent(Events_B) - Events_C := FilterEventsOU("Attachment safety Anomalous attachment protection setting action", OU) + Events_C := utils.FilterEvents(LogEvents, "Attachment safety Anomalous attachment protection setting action", OU) count(Events_C) > 0 - LastEvent_C := GetLastEvent(Events_C) + LastEvent_C := utils.GetLastEvent(Events_C) true in [ LastEvent_A.NewValue == "Show warning", @@ -651,26 +483,26 @@ NonCompliantOUs5_5 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.5.5v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - NoSuchEvent5_5(TopLevelOU) + NoSuchEvent5_5(utils.TopLevelOU) } tests contains { "PolicyId": "GWS.GMAIL.5.5v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_5), "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_5}, "RequirementMet": Status, "NoSuchEvent": false } if { - not NoSuchEvent5_5(TopLevelOU) + not NoSuchEvent5_5(utils.TopLevelOU) Status := count(NonCompliantOUs5_5) == 0 } #-- @@ -696,14 +528,14 @@ tests contains { # Baseline GWS.GMAIL.6.1v0.1 #-- NonCompliantOUs6_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Links and external images safety Enable: identify links behind shortened URLs" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -711,7 +543,7 @@ NonCompliantOUs6_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.6.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -719,21 +551,21 @@ tests contains { if { DefaultSafe := false SettingName := "Links and external images safety Enable: identify links behind shortened URLs" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.6.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_1}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Links and external images safety Enable: identify links behind shortened URLs" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_1) == 0 } @@ -743,10 +575,10 @@ if { # Baseline GWS.GMAIL.6.2v0.1 #-- NonCompliantOUs6_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("Links and external images safety Enable: scan linked images", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "Links and external images safety Enable: scan linked images", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -754,27 +586,29 @@ NonCompliantOUs6_2 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.6.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("Links and external images safety Enable: scan linked images", TopLevelOU) + SettingName := "Links and external images safety Enable: scan linked images" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.6.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("Links and external images safety Enable: scan linked images", TopLevelOU) + SettingName := "Links and external images safety Enable: scan linked images" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_2) == 0 } @@ -784,14 +618,14 @@ if { # Baseline GWS.GMAIL.6.3v0.1 #-- NonCompliantOUs6_3 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := concat("", [ "Links and external images safety Enable: show warning prompt for click on links to ", "unstrusted domains" # NOTE: "unstrusted" really is the spelling the API uses ]) - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -799,7 +633,7 @@ NonCompliantOUs6_3 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.6.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -810,14 +644,14 @@ if { "Links and external images safety Enable: show warning prompt for click on links to ", "unstrusted domains" # NOTE: "unstrusted" really is the spelling the API uses ]) - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.6.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_3}, "RequirementMet": Status, "NoSuchEvent": false @@ -827,7 +661,7 @@ if { "Links and external images safety Enable: show warning prompt for click on links to ", "unstrusted domains" # NOTE: "unstrusted" really is the spelling the API uses ]) - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_3) == 0 } @@ -837,14 +671,14 @@ if { # Baseline GWS.GMAIL.6.4v0.1 #-- NonCompliantOUs6_4 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Links and external images safety Enable: automatically enables all future added settings" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -852,7 +686,7 @@ NonCompliantOUs6_4 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.6.4v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -860,21 +694,21 @@ tests contains { if { DefaultSafe := false SettingName := "Links and external images safety Enable: automatically enables all future added settings" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.6.4v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_4}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Links and external images safety Enable: automatically enables all future added settings" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_4) == 0 } @@ -901,14 +735,14 @@ tests contains { # Baseline GWS.GMAIL.7.1v0.1 #-- NonCompliantOUs7_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := concat("", [ "Spoofing and authentication safety Enable: protect against domain spoofing using ", "similar domain names" ]) - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -916,7 +750,7 @@ NonCompliantOUs7_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -927,14 +761,14 @@ if { "Spoofing and authentication safety Enable: protect against domain spoofing using ", "similar domain names" ]) - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_1}, "RequirementMet": Status, "NoSuchEvent": false @@ -944,7 +778,7 @@ if { "Spoofing and authentication safety Enable: protect against domain spoofing using ", "similar domain names" ]) - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_1) == 0 } @@ -954,14 +788,14 @@ if { # Baseline GWS.GMAIL.7.2v0.1 #-- NonCompliantOUs7_2 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Spoofing and authentication safety Enable: protect against spoofing of employee names" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -969,7 +803,7 @@ NonCompliantOUs7_2 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -977,21 +811,21 @@ tests contains { if { DefaultSafe := false SettingName := "Spoofing and authentication safety Enable: protect against spoofing of employee names" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_2}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Spoofing and authentication safety Enable: protect against spoofing of employee names" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_2) == 0 } @@ -1001,14 +835,14 @@ if { # Baseline GWS.GMAIL.7.3v0.1 #-- NonCompliantOUs7_3 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1016,7 +850,7 @@ NonCompliantOUs7_3 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.3v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -1024,21 +858,21 @@ tests contains { if { DefaultSafe := false SettingName := "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.3v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_3), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_3), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_3}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_3) == 0 } @@ -1048,14 +882,14 @@ if { # Baseline GWS.GMAIL.7.4v0.1 #-- NonCompliantOUs7_4 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1063,7 +897,7 @@ NonCompliantOUs7_4 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.4v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -1071,21 +905,21 @@ tests contains { if { DefaultSafe := false SettingName := "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.4v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_4), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_4), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_4}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_4) == 0 } @@ -1096,17 +930,17 @@ if { #-- NonCompliantOUs7_5 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := concat("", [ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", "spoofing your domain" ]) - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1114,7 +948,7 @@ NonCompliantOUs7_5 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.5v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -1125,14 +959,14 @@ if { "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", "spoofing your domain" ]) - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.5v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_5), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_5), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_5}, "RequirementMet": Status, "NoSuchEvent": false @@ -1142,7 +976,7 @@ if { "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", "spoofing your domain" ]) - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs7_5) == 0 } @@ -1160,14 +994,14 @@ NoSuchEvent7_6(TopLevelOU) := false if { "Spoofing and authentication safety Protect against domain spoofing based on similar ", "domain names action" ]) - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) count(Events) != 0 } NoSuchEvent7_6(TopLevelOU) := false if { # No such event... SettingName := "Spoofing and authentication safety Protect against spoofing of employee names action" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) count(Events) != 0 } @@ -1177,14 +1011,14 @@ NoSuchEvent7_6(TopLevelOU) := false if { "Spoofing and authentication safety Protect against domain spoofing based on similar ", "domain names action" ]) - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) count(Events) != 0 } NoSuchEvent7_6(TopLevelOU) := false if { # No such event... SettingName := "Spoofing and authentication safety Protect against any unauthenticated emails action" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) count(Events) != 0 } @@ -1194,43 +1028,43 @@ NoSuchEvent7_6(TopLevelOU) := false if { "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ", "your domain action" ]) - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) count(Events) != 0 } NonCompliantOUs7_6 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingA := concat("", [ "Spoofing and authentication safety Protect against domain spoofing based on ", "similar domain names action" ]) - EventsA := FilterEventsOU(SettingA, OU) + EventsA := utils.FilterEvents(LogEvents, SettingA, OU) count(EventsA) > 0 - LastEventA := GetLastEvent(EventsA) + LastEventA := utils.GetLastEvent(EventsA) SettingB := "Spoofing and authentication safety Protect against spoofing of employee names action" - EventsB := FilterEventsOU(SettingB, OU) + EventsB := utils.FilterEvents(LogEvents, SettingB, OU) count(EventsB) > 0 - LastEventB := GetLastEvent(EventsB) + LastEventB := utils.GetLastEvent(EventsB) SettingC := "Spoofing and authentication safety Protect against inbound emails spoofing your domain action" - EventsC := FilterEventsOU(SettingC, OU) + EventsC := utils.FilterEvents(LogEvents, SettingC, OU) count(EventsC) > 0 - LastEventC := GetLastEvent(EventsC) + LastEventC := utils.GetLastEvent(EventsC) SettingD := "Spoofing and authentication safety Protect against any unauthenticated emails action" - EventsD := FilterEventsOU(SettingD, OU) + EventsD := utils.FilterEvents(LogEvents, SettingD, OU) count(EventsD) > 0 - LastEventD := GetLastEvent(EventsD) + LastEventD := utils.GetLastEvent(EventsD) SettingE := concat("", [ "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ", "your domain action" ]) - EventsE := FilterEventsOU(SettingE, OU) + EventsE := utils.FilterEvents(LogEvents, SettingE, OU) count(EventsE) > 0 - LastEventE := GetLastEvent(EventsE) + LastEventE := utils.GetLastEvent(EventsE) # OU is non-compliant if any of the following are true true in [ @@ -1246,26 +1080,26 @@ NonCompliantOUs7_6 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.6v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event for the top-level OU in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - NoSuchEvent7_6(TopLevelOU) + NoSuchEvent7_6(utils.TopLevelOU) } tests contains { "PolicyId": "GWS.GMAIL.7.6v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_6), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_6), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_6}, "RequirementMet": Status, "NoSuchEvent": false } if { - not NoSuchEvent7_6(TopLevelOU) + not NoSuchEvent7_6(utils.TopLevelOU) Status := count(NonCompliantOUs7_6) == 0 } #-- @@ -1275,14 +1109,14 @@ if { #-- NonCompliantOUs7_7 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "Spoofing and authentication safety Enable: automatically enables all future added settings" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1290,7 +1124,7 @@ NonCompliantOUs7_7 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.7.7v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": false, "NoSuchEvent": true @@ -1298,21 +1132,21 @@ tests contains { if { DefaultSafe := false SettingName := "Spoofing and authentication safety Enable: automatically enables all future added settings" - Events := FilterEvents(SettingName) + Events := utils.FilterEventsNoOU(LogEvents, SettingName) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.7.7v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_7), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs7_7), "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_7}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Spoofing and authentication safety Enable: automatically enables all future added settings" - Events := FilterEvents(SettingName) + Events := utils.FilterEventsNoOU(LogEvents, SettingName) count(Events) > 0 Status := count(NonCompliantOUs7_7) == 0 } @@ -1341,40 +1175,40 @@ tests contains { # Baseline GWS.GMAIL.8.1v0.1 #-- NonCompliantOUs8_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("ENABLE_EMAIL_USER_IMPORT", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ENABLE_EMAIL_USER_IMPORT", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.GMAIL.8.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("ENABLE_EMAIL_USER_IMPORT", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_EMAIL_USER_IMPORT", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.8.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs8_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs8_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs8_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("ENABLE_EMAIL_USER_IMPORT", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_EMAIL_USER_IMPORT", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs8_1) == 0 } @@ -1388,10 +1222,10 @@ if { # Baseline GWS.GMAIL.9.1v0.1 #-- NonCompliantOUs9_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("IMAP_ACCESS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "IMAP_ACCESS", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "DISABLED" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1399,27 +1233,27 @@ NonCompliantOUs9_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.9.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("IMAP_ACCESS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "IMAP_ACCESS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.9.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs9_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("IMAP_ACCESS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "IMAP_ACCESS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs9_1) == 0 } @@ -1429,13 +1263,13 @@ if { # Baseline GWS.GMAIL.9.2v0.1 #-- NonCompliantOUs9_2 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("ENABLE_POP_ACCESS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ENABLE_POP_ACCESS", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1443,27 +1277,27 @@ NonCompliantOUs9_2 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.9.2v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("ENABLE_POP_ACCESS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_POP_ACCESS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.9.2v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_2), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs9_2), "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("ENABLE_POP_ACCESS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_POP_ACCESS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs9_2) == 0 } @@ -1478,10 +1312,10 @@ if { # Baseline GWS.GMAIL.10.1v0.1 #-- NonCompliantOUs10_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("ENABLE_OUTLOOK_SYNC", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ENABLE_OUTLOOK_SYNC", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1489,27 +1323,27 @@ NonCompliantOUs10_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.10.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("ENABLE_OUTLOOK_SYNC", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_OUTLOOK_SYNC", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.10.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs10_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs10_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs10_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("ENABLE_OUTLOOK_SYNC", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_OUTLOOK_SYNC", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs10_1) == 0 } @@ -1525,13 +1359,13 @@ if { #-- NonCompliantOUs11_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("ENABLE_EMAIL_AUTOFORWARDING", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "ENABLE_EMAIL_AUTOFORWARDING", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" LastEvent.NewValue != "INHERIT_FROM_PARENT" } @@ -1539,27 +1373,27 @@ NonCompliantOUs11_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.11.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("ENABLE_EMAIL_AUTOFORWARDING", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_EMAIL_AUTOFORWARDING", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.11.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs11_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs11_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs11_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("ENABLE_EMAIL_AUTOFORWARDING", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "ENABLE_EMAIL_AUTOFORWARDING", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs11_1) == 0 } @@ -1574,40 +1408,40 @@ if { # Baseline GWS.GMAIL.12.1v0.1 #-- NonCompliantOUs12_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "1" } tests contains { "PolicyId": "GWS.GMAIL.12.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.12.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs12_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs12_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs12_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs12_1) == 0 } @@ -1622,40 +1456,40 @@ if { # Baseline GWS.GMAIL.13.1v0.1 #-- NonCompliantOUs13_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("OUTBOUND_RELAY_ENABLED", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "OUTBOUND_RELAY_ENABLED", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "true" } tests contains { "PolicyId": "GWS.GMAIL.13.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("OUTBOUND_RELAY_ENABLED", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "OUTBOUND_RELAY_ENABLED", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.13.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs13_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs13_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs13_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("OUTBOUND_RELAY_ENABLED", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "OUTBOUND_RELAY_ENABLED", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs13_1) == 0 } @@ -1670,13 +1504,13 @@ if { # Baseline GWS.GMAIL.14.1v0.1 #-- NonCompliantOUs14_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("OutOfDomainWarningProto disable_untrusted_recipient_warning", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "OutOfDomainWarningProto disable_untrusted_recipient_warning", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1684,27 +1518,29 @@ NonCompliantOUs14_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.14.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("OutOfDomainWarningProto disable_untrusted_recipient_warning", TopLevelOU) + SettingName := "OutOfDomainWarningProto disable_untrusted_recipient_warning" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.14.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs14_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs14_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs14_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("OutOfDomainWarningProto disable_untrusted_recipient_warning", TopLevelOU) + SettingName := "OutOfDomainWarningProto disable_untrusted_recipient_warning" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs14_1) == 0 } @@ -1749,7 +1585,7 @@ tests contains { "NoSuchEvent": true } if { - Events := FilterEventsDomain("EMAIL_SPAM_ALLOWLIST") + Events := utils.FilterEventsNoOU(LogEvents, "EMAIL_SPAM_ALLOWLIST") count(Events) == 0 } @@ -1762,9 +1598,9 @@ tests contains { "NoSuchEvent": false } if { - Events := FilterEventsDomain("EMAIL_SPAM_ALLOWLIST") + Events := utils.FilterEventsNoOU(LogEvents, "EMAIL_SPAM_ALLOWLIST") count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) Status := LastEvent.NewValue == "[]" } #-- @@ -1778,14 +1614,14 @@ if { # Baseline GWS.GMAIL.16.1v0.1 #-- NonCompliantOUs16_1 contains OU if { - some OU in OUsWithEvents + some OU in utils.OUsWithEvents SettingName := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - Events := FilterEventsOU(SettingName, OU) + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1793,7 +1629,7 @@ NonCompliantOUs16_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.16.1v0.1", "Criticality": "Shall", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true @@ -1801,21 +1637,21 @@ tests contains { if { DefaultSafe := false SettingName := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.16.1v0.1", "Criticality": "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs16_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs16_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs16_1}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - Events := FilterEventsOU(SettingName, TopLevelOU) + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs16_1) == 0 } @@ -1830,13 +1666,13 @@ if { # Baseline GWS.GMAIL.17.1v0.1 #-- NonCompliantOUs17_1 contains OU if { - some OU in OUsWithEvents - Events := FilterEventsOU("AttachmentDeepScanningSettingsProto deep_scanning_enabled", OU) + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "AttachmentDeepScanningSettingsProto deep_scanning_enabled", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -1845,27 +1681,29 @@ NonCompliantOUs17_1 contains OU if { tests contains { "PolicyId": "GWS.GMAIL.17.1v0.1", "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), "ActualValue": "No relevant event in the current logs", "RequirementMet": DefaultSafe, "NoSuchEvent": true } if { DefaultSafe := false - Events := FilterEventsOU("AttachmentDeepScanningSettingsProto deep_scanning_enabled", TopLevelOU) + SettingName := "AttachmentDeepScanningSettingsProto deep_scanning_enabled" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.GMAIL.17.1v0.1", "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs17_1), + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs17_1), "ActualValue": {"NonCompliantOUs": NonCompliantOUs17_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := FilterEventsOU("AttachmentDeepScanningSettingsProto deep_scanning_enabled", TopLevelOU) + SettingName := "AttachmentDeepScanningSettingsProto deep_scanning_enabled" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs17_1) == 0 } diff --git a/rego/Groups.rego b/rego/Groups.rego index 53bbba9f..b1c94ddb 100644 --- a/rego/Groups.rego +++ b/rego/Groups.rego @@ -1,239 +1,165 @@ package groups -import future.keywords -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails - -NoGroupsDetails(Groups) = "No Groups found in Organization." if {count(Groups) == 0} -ReportDetailsGroups(Groups) = "Requirement met in all Groups." if {count(Groups) == 0} -ReportDetailsGroups(Groups) = Message if { - count(Groups) > 0 - Message := concat("", ["Requirement failed in ", concat(", ", Groups), "."]) -} -FilterEvents(SettingName) := FilteredEvents if { - # Filter the events by SettingName - Events := SettingChangeEvents - FilteredEvents := [Event | Event = Events[_]; Event.Setting == SettingName] -} - -FilterEventsOU(ServiceName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 - - # Filter the events by both ServiceName and OrgUnit - Events := FilterEvents(ServiceName) - FilteredEvents := [ - Event | Event = Events[_]; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - ] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If only the root OU exists run like normal - input.organizational_unit_names - count(input.organizational_unit_names) < 2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If OUs variable does not exist run like normal - not input.organizational_unit_names - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] -} - -GetTopLevelOU() := name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - name := input.tenant_info.topLevelOU -} +import data.utils +import future.keywords -GetTopLevelOU() := name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) > 0 - name := GetLastEvent(SettingChangeEvents).OrgUnit -} +LogEvents := utils.GetEvents("groups_logs") -GetTopLevelOU() := name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) == 0 - name := "" +NoGroupsDetails(Groups) := "No Groups found in Organization." if { + count(Groups) == 0 } -OUsWithEvents[Event.OrgUnit] { - Event := SettingChangeEvents[_] - } -SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit}] { - - Item := input.groups_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - # Does this event have the parameters we're looking for? - "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - - # Extract the values - Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] +ReportDetailsGroups(Groups) := "Requirement met in all Groups." if { + count(Groups) == 0 } -GetLastEvent(Events) := Event if { - # Because CalendarSharingEvents returns a set instead - # of an array, we can't just index it and get the last - # value - MaxTs := max([Event.Timestamp | Event = Events[_]]) - Event := Events[_] - Event.Timestamp == MaxTs +ReportDetailsGroups(Groups) := Message if { + count(Groups) > 0 + Message := concat("", ["Requirement failed in ", concat(", ", Groups), "."]) } - ################ -# Baseline 1 # +# GWS.GROUPS.1 # ################ + # # Baseline GWS.GROUPS.1.1v0.1 #-- - -NonCompliantOUs1_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("GroupsSharingSettingsProto collaboration_policy", OU) +NonCompliantOUs1_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto collaboration_policy", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "CLOSED" } -tests[{ "PolicyId" : "GWS.GROUPS.1.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" : "No relevant event in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ - DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto collaboration_policy", TopLevelOU) - count(Events) == 0 #If no events were logged, then the default -} - -tests[{ "PolicyId" : "GWS.GROUPS.1.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : ReportDetailsOUs(NonCompliantOUs1_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto collaboration_policy", TopLevelOU) +tests contains { + "PolicyId": "GWS.GROUPS.1.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { + DefaultSafe := false + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto collaboration_policy", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.GROUPS.1.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto collaboration_policy", utils.TopLevelOU) count(Events) > 0 - Status :=count(NonCompliantOUs1_1) == 0 + Status := count(NonCompliantOUs1_1) == 0 } #-- ################ -# Baseline 2 # +# GWS.GROUPS.2 # ################ # # Baseline GWS.GROUPS.2.1v0.1 #-- +NonCompliantOUs2_1 contains OU if { + some OU in utils.OUsWithEvents + SettingName := "GroupsSharingSettingsProto owners_can_allow_external_members" + Events := utils.FilterEvents(LogEvents, SettingName, OU) + count(Events) > 0 # Ignore OUs without any events. We're already + # asserting that the top-level OU has at least one event; for all + # other OUs we assume they inherit from a parent OU if they have + # no events. + LastEvent := utils.GetLastEvent(Events) + LastEvent.NewValue != "false" +} -NonCompliantOUs2_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("GroupsSharingSettingsProto owners_can_allow_external_members", OU) - count(Events) > 0 # Ignore OUs without any events. We're already - # asserting that the top-level OU has at least one event; for all - # other OUs we assume they inherit from a parent OU if they have - # no events. - LastEvent := GetLastEvent(Events) - LastEvent.NewValue != "false" - } -tests[{ "PolicyId" : "GWS.GROUPS.2.1v0.1", - "Criticality" : "Should", - "ReportDetails" : NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" : "No relevant event in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.GROUPS.2.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU = GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto owners_can_allow_external_members", TopLevelOU) - count(Events) == 0 #If no events were logged, then the default -} - -tests[{ "PolicyId" : "GWS.GROUPS.2.1v0.1", - "Criticality" : "Should", - "ReportDetails" : ReportDetailsOUs(NonCompliantOUs2_1), - "ActualValue" : {"NonCompliantOUs":NonCompliantOUs2_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto owners_can_allow_external_members", TopLevelOU) + SettingName := "GroupsSharingSettingsProto owners_can_allow_external_members" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.GROUPS.2.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), + "ActualValue": {"NonCompliantOUs":NonCompliantOUs2_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "GroupsSharingSettingsProto owners_can_allow_external_members" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } #-- ################ -# Baseline 3 # +# GWS.GROUPS.3 # ################ + # # Baseline GWS.GROUPS.3.1v0.1 #-- -NonCompliantOUs3_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public", OU) +NonCompliantOUs3_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" } -tests[{ "PolicyId" : "GWS.GROUPS.3.1v0.1", - "Criticality" : "Should", - "ReportDetails" : NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" : "No relevant event in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.GROUPS.3.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public", TopLevelOU) - count(Events) == 0 #If no events were logged, then the default -} - -tests[{ "PolicyId" : "GWS.GROUPS.3.1v0.1", - "Criticality" : "Should", - "ReportDetails" : ReportDetailsOUs(NonCompliantOUs3_1), - "ActualValue" : {"NonCompliantOUs": NonCompliantOUs3_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public", TopLevelOU) + SettingName := "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.GROUPS.3.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "GroupsSharingSettingsProto owners_can_allow_incoming_mail_from_public" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } @@ -241,41 +167,47 @@ tests[{ "PolicyId" : "GWS.GROUPS.3.1v0.1", ################ -# Baseline 4 # +# GWS.GROUPS.4 # ################ + # # Baseline GWS.GROUPS.4.1v0.1 #-- -NonCompliantOUs4_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("GroupsSharingSettingsProto who_can_create_groups", OU) +NonCompliantOUs4_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto who_can_create_groups", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "ADMIN_ONLY" } -tests[{ "PolicyId" : "GWS.GROUPS.4.1v0.1", - "Criticality" : "Should", - "ReportDetails" :NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" : "No relevant event in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ + +tests contains { + "PolicyId": "GWS.GROUPS.4.1v0.1", + "Criticality": "Should", + "ReportDetails":utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto who_can_create_groups", TopLevelOU) - count(Events) == 0 #If no events were logged, then the default -} - -tests[{ "PolicyId" : "GWS.GROUPS.4.1v0.1", - "Criticality" : "Should", - "ReportDetails" : ReportDetailsOUs(NonCompliantOUs4_1), - "ActualValue" : {"NonCompliantOUs": NonCompliantOUs4_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto who_can_create_groups", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto who_can_create_groups", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.GROUPS.4.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto who_can_create_groups", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } @@ -283,43 +215,49 @@ tests[{ "PolicyId" : "GWS.GROUPS.4.1v0.1", ################ -# Baseline 5 # +# GWS.GROUPS.5 # ################ # # Baseline GWS.GROUPS.5.1v0.1 #-- - -NonCompliantOUs5_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("GroupsSharingSettingsProto default_view_topics_access_level", OU) +NonCompliantOUs5_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto default_view_topics_access_level", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "MEMBERS" } -tests[{ "PolicyId" : "GWS.GROUPS.5.1v0.1", - "Criticality" : "Should", - "ReportDetails" : NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" : "No relevant event in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ + +tests contains { + "PolicyId": "GWS.GROUPS.5.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto default_view_topics_access_level", TopLevelOU) - count(Events) == 0 #If no events were logged, then the default -} - -tests[{ "PolicyId" : "GWS.GROUPS.5.1v0.1", - "Criticality" : "Should", - "ReportDetails" : ReportDetailsOUs(NonCompliantOUs5_1), - "ActualValue" : {"NonCompliantOUs": NonCompliantOUs5_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto default_view_topics_access_level", TopLevelOU) + SettingName := "GroupsSharingSettingsProto default_view_topics_access_level" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.GROUPS.5.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "GroupsSharingSettingsProto default_view_topics_access_level" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs5_1) == 0 } @@ -327,108 +265,120 @@ tests[{ "PolicyId" : "GWS.GROUPS.5.1v0.1", ################ -# Baseline 6 # +# GWS.GROUPS.6 # ################ + # # Baseline GWS.GROUPS.6.1v0.1 #-- - -NonCompliantOUs6_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("GroupsSharingSettingsProto allow_unlisted_groups", OU) +NonCompliantOUs6_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto allow_unlisted_groups", OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" } -tests[{ "PolicyId" : "GWS.GROUPS.6.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" :"No relevant event in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ + +tests contains { + "PolicyId": "GWS.GROUPS.6.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue":"No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto allow_unlisted_groups", TopLevelOU) - count(Events) == 0 #If no events were logged, then the default -} - -tests[{ "PolicyId" : "GWS.GROUPS.6.1v0.1", - "Criticality" : "Shall", - "ReportDetails" :ReportDetailsOUs(NonCompliantOUs6_1), - "ActualValue" : {"NonCompliantOUs": NonCompliantOUs6_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("GroupsSharingSettingsProto allow_unlisted_groups", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto allow_unlisted_groups", utils.TopLevelOU) + count(Events) == 0 +} + +tests contains { + "PolicyId": "GWS.GROUPS.6.1v0.1", + "Criticality": "Shall", + "ReportDetails":utils.ReportDetailsOUs(NonCompliantOUs6_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "GroupsSharingSettingsProto allow_unlisted_groups", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs6_1) == 0 } #-- ################ -# Baseline 7 # +# GWS.GROUPS.7 # ################ + # # Baseline GWS.GROUPS.7.1v0.1 #-- - -# This sets up for a logical OR between all the settings. If one of them is false, it will trigger the function and add the group to the list. -IsGroupRestricted(group) { - group.whoCanJoin != "CAN_REQUEST_TO_JOIN" -} - -IsGroupRestricted(group) { - group.whoCanViewMembership != "ALL_MEMBERS_CAN_VIEW" +NonCompliantGroups7_1 contains Group.name if { + some Group in input.group_settings + Group.whoCanJoin != "CAN_REQUEST_TO_JOIN" } -IsGroupRestricted(group) { - group.whoCanViewGroup != "ALL_MEMBERS_CAN_VIEW" +NonCompliantGroups7_1 contains Group.name if { + some Group in input.group_settings + Group.whoCanViewMembership != "ALL_MEMBERS_CAN_VIEW" } -IsGroupRestricted(group) { - group.whoCanModerateMembers != "OWNERS_AND_MANAGERS" +NonCompliantGroups7_1 contains Group.name if { + some Group in input.group_settings + Group.whoCanViewGroup != "ALL_MEMBERS_CAN_VIEW" } -IsGroupRestricted(group) { - group.allowExternalMembers != "false" +NonCompliantGroups7_1 contains Group.name if { + some Group in input.group_settings + Group.whoCanModerateMembers != "OWNERS_AND_MANAGERS" } -IsGroupRestricted(group) { - group.whoCanPostMessage != "ALL_MEMBERS_CAN_POST" +NonCompliantGroups7_1 contains Group.name if { + some Group in input.group_settings + Group.allowExternalMembers != "false" } -IsGroupRestricted(group) { - group.whoCanContactOwner != "ANYONE_CAN_CONTACT" +NonCompliantGroups7_1 contains Group.name if { + some Group in input.group_settings + Group.whoCanPostMessage != "ALL_MEMBERS_CAN_POST" } -NonCompliantGroups7_1[group.name] { - group := input.group_settings[_] - IsGroupRestricted(group) +NonCompliantGroups7_1 contains Group.name if { + some Group in input.group_settings + Group.whoCanContactOwner != "ANYONE_CAN_CONTACT" } # if there are no groups, it has to be safe. -tests[{ "PolicyId" : "GWS.GROUPS.7.1v0.1", - "Criticality" : "Should", - "ReportDetails" : NoGroupsDetails(Groups), - "ActualValue" : NoGroupsDetails(Groups), - "RequirementMet" : true, - "NoSuchEvent": false}]{ - Groups := [Group.email | Group = input.group_settings[_]] +tests contains { + "PolicyId": "GWS.GROUPS.7.1v0.1", + "Criticality": "Should", + "ReportDetails": NoGroupsDetails(Groups), + "ActualValue": NoGroupsDetails(Groups), + "RequirementMet": true, + "NoSuchEvent": false +} +if { + Groups := {Group.email | some Group in input.group_settings} count(Groups) == 0 } # if there are groups -tests[{ "PolicyId" : "GWS.GROUPS.7.1v0.1", - "Criticality" : "Should", - "ReportDetails" : ReportDetailsGroups(NonCompliantGroups7_1), - "ActualValue" : {"NonCompliantGroups": NonCompliantGroups7_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - Groups := [Group.email | Group = input.group_settings[_]] +tests contains { + "PolicyId": "GWS.GROUPS.7.1v0.1", + "Criticality": "Should", + "ReportDetails": ReportDetailsGroups(NonCompliantGroups7_1), + "ActualValue": {"NonCompliantGroups": NonCompliantGroups7_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Groups := {Group.email | some Group in input.group_settings} count(Groups) > 0 - Status := count(NonCompliantGroups7_1) == 0 + Status := count(NonCompliantGroups7_1) == 0 } #-- \ No newline at end of file diff --git a/rego/Meet.rego b/rego/Meet.rego index 70575374..e792ad88 100644 --- a/rego/Meet.rego +++ b/rego/Meet.rego @@ -1,134 +1,9 @@ package meet -import future.keywords -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails - -OUsWithEvents[Event.OrgUnit] { - Event := SettingChangeEvents[_] -} - -FilterEvents(SettingName) := FilteredEvents if { - # Filter the events by SettingName - Events := SettingChangeEvents - FilteredEvents := [Event | Event = Events[_]; Event.Setting == SettingName] -} - -FilterEventsOU(ServiceName, OrgUnit) := FilteredEvents if { - # If there exists at least the root OU and 1 more OU - # filter out organizational units that don't exist - input.organizational_unit_names - count(input.organizational_unit_names) >=2 - - # Filter the events by both ServiceName and OrgUnit - Events := FilterEvents(ServiceName) - FilteredEvents := [ - Event | Event = Events[_]; - Event.OrgUnit == OrgUnit; - Event.OrgUnit in input.organizational_unit_names - ] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If only the root OU exists run like normal - input.organizational_unit_names - count(input.organizational_unit_names) < 2 - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] -} - -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { - # If OUs variable does not exist run like normal - not input.organizational_unit_names - - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] -} - -GetTopLevelOU() := name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - name := input.tenant_info.topLevelOU -} - -GetTopLevelOU() := name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) > 0 - name := GetLastEvent(SettingChangeEvents).OrgUnit -} - -GetTopLevelOU() := name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(SettingChangeEvents) == 0 - name := "" -} - -SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit}] { - - Item := input.meet_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - # Does this event have the parameters we're looking for? - "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - - # Extract the values - Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0] - NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} - -# Secondary case that looks for the DELETE_APPLICATION_SETTING events. -# These events don't have a NEW_VALUE. To make these events work with -# minimal special logic, this rule adds the DELETE_APPLICATION_SETTING -# to the SettingChangeEvents set, with "DELETE_APPLICATION_SETTING" as -# the NewValue. -SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "Setting": Setting, - "OrgUnit": OrgUnit}] { - - Item := input.meet_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - Event.name == "DELETE_APPLICATION_SETTING" # Only look at delete events - - # Does this event have the parameters we're looking for? - "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - - # Extract the values - Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0] - NewValue := "DELETE_APPLICATION_SETTING" - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} - -GetLastEvent(Events) := Event if { - # Because CalendarSharingEvents returns a set instead - # of an array, we can't just index it and get the last - # value - MaxTs := max([Event.Timestamp | Event = Events[_]]) - Event := Events[_] - Event.Timestamp == MaxTs -} +import data.utils +import future.keywords +LogEvents := utils.GetEvents("meet_logs") ############## # GWS.MEET.1 # @@ -137,38 +12,39 @@ GetLastEvent(Events) := Event if { # # Baseline GWS.MEET.1.1v0.1 #-- - -NonCompliantOUs1_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("SafetyDomainLockProto users_allowed_to_join", OU) +NonCompliantOUs1_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SafetyDomainLockProto users_allowed_to_join", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "ALL" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ - "PolicyId" : "GWS.MEET.1.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" : "No relevant event for the top-level OU in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.MEET.1.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event for the top-level OU in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SafetyDomainLockProto users_allowed_to_join", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SafetyDomainLockProto users_allowed_to_join", utils.TopLevelOU) count(Events) == 0 } -tests[{ - "PolicyId" : "GWS.MEET.1.1v0.1", - "Criticality" : "Shall", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), - "ActualValue" : {"NonCompliantOUs": NonCompliantOUs1_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SafetyDomainLockProto users_allowed_to_join", TopLevelOU) +tests contains { + "PolicyId": "GWS.MEET.1.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "SafetyDomainLockProto users_allowed_to_join", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 # as long as it is not all, this is disabled. @@ -183,38 +59,39 @@ tests[{ # # Baseline GWS.MEET.2.1v0.1 #-- - -NonCompliantOUs2_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("SafetyAccessLockProto meetings_allowed_to_join", OU) +NonCompliantOUs2_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SafetyAccessLockProto meetings_allowed_to_join", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "ALL" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ - "PolicyId" : "GWS.MEET.2.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" : "No relevant event in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.MEET.2.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SafetyAccessLockProto meetings_allowed_to_join", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SafetyAccessLockProto meetings_allowed_to_join", utils.TopLevelOU) count(Events) == 0 } -tests[{ - "PolicyId" : "GWS.MEET.2.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : ReportDetailsOUs(NonCompliantOUs2_1), - "ActualValue" : {"NonCompliantOUs": NonCompliantOUs2_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SafetyAccessLockProto meetings_allowed_to_join", TopLevelOU) +tests contains { + "PolicyId": "GWS.MEET.2.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "SafetyAccessLockProto meetings_allowed_to_join", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs2_1) == 0 } @@ -228,38 +105,39 @@ tests[{ # # Baseline GWS.MEET.3.1v0.1 #-- - -NonCompliantOUs3_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("SafetyModerationLockProto host_management_enabled", OU) +NonCompliantOUs3_1 contains OU if { + some OU in utils.OUsWithEvents + Events := utils.FilterEvents(LogEvents, "SafetyModerationLockProto host_management_enabled", OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ - "PolicyId" : "GWS.MEET.3.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" : "No relevant event in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.MEET.3.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SafetyModerationLockProto host_management_enabled", TopLevelOU) + Events := utils.FilterEvents(LogEvents, "SafetyModerationLockProto host_management_enabled", utils.TopLevelOU) count(Events) == 0 } -tests[{ - "PolicyId" : "GWS.MEET.3.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : ReportDetailsOUs(NonCompliantOUs3_1), - "ActualValue" : {"NonCompliantOUs": NonCompliantOUs3_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("SafetyModerationLockProto host_management_enabled", TopLevelOU) +tests contains { + "PolicyId": "GWS.MEET.3.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs3_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := utils.FilterEvents(LogEvents, "SafetyModerationLockProto host_management_enabled", utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs3_1) == 0 } @@ -272,38 +150,42 @@ tests[{ # # Baseline GWS.MEET.4.1v0.1 #-- - -NonCompliantOUs4_1[OU] { - OU := OUsWithEvents[_] - Events := FilterEventsOU("Warn for external participants External or unidentified participants in a meeting are given a label", OU) +NonCompliantOUs4_1 contains OU if { + some OU in utils.OUsWithEvents + SettingName := "Warn for external participants External or unidentified participants in a meeting are given a label" + Events := utils.FilterEvents(LogEvents, SettingName, OU) count(Events) > 0 - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue == "false" LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } -tests[{ - "PolicyId" : "GWS.MEET.4.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue" : "No relevant event in the current logs", - "RequirementMet" : DefaultSafe, - "NoSuchEvent": true}]{ +tests contains { + "PolicyId": "GWS.MEET.4.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Warn for external participants External or unidentified participants in a meeting are given a label", TopLevelOU) + SettingName := "Warn for external participants External or unidentified participants in a meeting are given a label" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } -tests[{ - "PolicyId" : "GWS.MEET.4.1v0.1", - "Criticality" : "Shall", - "ReportDetails" : ReportDetailsOUs(NonCompliantOUs4_1), - "ActualValue" : {"NonCompliantOUs": NonCompliantOUs4_1}, - "RequirementMet" : Status, - "NoSuchEvent": false}]{ - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Warn for external participants External or unidentified participants in a meeting are given a label", TopLevelOU) +tests contains { + "PolicyId": "GWS.MEET.4.1v0.1", + "Criticality": "Shall", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + SettingName := "Warn for external participants External or unidentified participants in a meeting are given a label" + Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs4_1) == 0 } diff --git a/rego/Sites.rego b/rego/Sites.rego index f85d21e4..19be2b1c 100644 --- a/rego/Sites.rego +++ b/rego/Sites.rego @@ -1,210 +1,108 @@ package sites -import future.keywords -import data.utils.ReportDetailsOUs -import data.utils.NoSuchEventDetails -FilterEvents(ServiceName) := FilteredEvents if -{ - Events := ServiceChangeEvents - FilteredEvents := [Event | Event = Events[_]; Event.Service == ServiceName] -} +import data.utils +import future.keywords -FilterEventsOU(ServiceName, OrgUnit) := FilteredEvents if { +FilterEventsOU(OrgUnit) := FilteredEvents if { # If there exists at least the root OU and 1 more OU # filter out organizational units that don't exist input.organizational_unit_names count(input.organizational_unit_names) >=2 - # Filter the events by both ServiceName and OrgUnit - Events := FilterEvents(ServiceName) - FilteredEvents := [ - Event | Event = Events[_]; + # Filter the events by OrgUnit + Events := ToggleServiceEvents + FilteredEvents := { + Event | some Event in Events; Event.OrgUnit == OrgUnit; Event.OrgUnit in input.organizational_unit_names - ] + } } -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { +FilterEventsOU(OrgUnit) := FilteredEvents if { # If only the root OU exists run like normal input.organizational_unit_names count(input.organizational_unit_names) < 2 - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] + # Filter the events by OrgUnit + Events := ToggleServiceEvents + FilteredEvents := {Event | some Event in Events; Event.OrgUnit == OrgUnit} } -FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if { +FilterEventsOU(OrgUnit) := FilteredEvents if { # If OUs variable does not exist run like normal not input.organizational_unit_names - # Filter the events by both SettingName and OrgUnit - Events := FilterEvents(SettingName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] + # Filter the events by OrgUnit + Events := ToggleServiceEvents + FilteredEvents := {Event | some Event in Events; Event.OrgUnit == OrgUnit} } -ServiceChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), +ToggleServiceEvents contains { + "Timestamp": time.parse_rfc3339_ns(Item.id.time), "TimestampStr": Item.id.time, "NewValue": NewValue, - "Service": Service, - "OrgUnit": OrgUnit}] { - - Item := input.sites_logs.items[_] # For each item... - Event := Item.events[_] # For each event in the item... - - # Does this event have the parameters we're looking for? - "SERVICE_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - - # Extract the values - Service := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SERVICE_NAME"][0] - NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "NEW_VALUE"][0] - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} - -GetLastEvent(Events) := Event if { - MaxTs := max([Event.Timestamp | Event = Events[_]]) - Event := Events[_] - Event.Timestamp == MaxTs -} - -FilterEventsAlt(EventName) := Events if { - # Many of the events for common controls are structured differently. - # Instead of having Service_NAME as one of the parameters, the event - # name is set to what would normally be the Service name. - Events := ServiceChangeEventsAlt with data.EventName as EventName + "OrgUnit": OrgUnit } +if { + some Item in input.sites_logs.items + some Event in Item.events + Event.name == "TOGGLE_SERVICE_ENABLED" -FilterEventsAltOU(EventName, OrgUnit) := FilteredEvents if { - # Filter the events by both EventName and OrgUnit - Events := FilterEventsAlt(EventName) - FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit] -} + "SERVICE_NAME" in [Parameter.name | some Parameter in Event.parameters] + "ORG_UNIT_NAME" in [Parameter.name | some Parameter in Event.parameters] + "NEW_VALUE" in [Parameter.name | some Parameter in Event.parameters] -GetEventOu(Event) := OrgUnit if { - # Helper function that helps the ServiceChange rules always work, - # even if the org unit isn't actually listed with the event - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} + ServiceName := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SERVICE_NAME"][0] + NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0] + OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0] -GetEventOu(Event) := "None" if { - not "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] + ServiceName == "Sites" } -ServiceChangeEventsAlt[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "OrgUnit": OrgUnit}] { - Item := input.sites_logs.items[_] # For each item... - Event := Item.events[_] - Event.name == data.EventName # Note the data.EventName. This means this - # rule will only work if called like this: - # ServiceChangeEventsAlt with data.EventName as ExampleEventName - - "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]] - NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "NEW_VALUE"][0] - OrgUnit := GetEventOu(Event) -} - -ServiceChangeEventsAlt[{"Timestamp": time.parse_rfc3339_ns(Item.id.time), - "TimestampStr": Item.id.time, - "NewValue": NewValue, - "OrgUnit": OrgUnit}] { - Item := input.sites_logs.items[_] # For each item... - Event := Item.events[_] - Event.name == data.EventName - - not "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]] - # If NEW_VALUE isn't a parameter, then the parameter name will be - # data.EventName minus the leading CHANGE_ and the trailing S, e.g., - # CHANGE_ALLOWED_TWO_STEP_VERIFICATION_METHODS -> ALLOWED_TWO_STEP_VERIFICATION_METHOD - EventName := trim_suffix(trim_prefix(data.EventName, "CHANGE_"), "S") - NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == EventName][0] - OrgUnit := GetEventOu(Event) -} - -GetTopLevelOU() := Name if { - # Simplest case: if input.tenant_info.topLevelOU is - # non-empty, it contains the name of the top-level OU. - input.tenant_info.topLevelOU != "" - Name := input.tenant_info.topLevelOU -} - -GetTopLevelOU() := Name if { - # input.tenant_info.topLevelOU will be empty when - # no custom OUs have been created, as in this case - # the top-level OU cannot be determined via the API. - # Fortunately, in this case, we know there's literally - # only one OU, so we can grab the OU listed on any of - # the events and know that it is the top-level OU - input.tenant_info.topLevelOU == "" - count(ServiceChangeEvents) > 0 - Name := GetLastEvent(ServiceChangeEvents).OrgUnit -} - -GetTopLevelOU() := Name if { - # Extreme edge case: no custom OUs have been made - # and the logs are empty. In this case, we really - # have no way of determining the top-level OU name. - input.tenant_info.topLevelOU == "" - count(ServiceChangeEvents) == 0 - Name := "" -} - - -OUsWithEvents[OrgUnit] { - Item := input.sites_logs.items[_] - Event := Item.events[_] - "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]] - OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0] -} - - -################ -# GWS.SITES.1 # -################ +############### +# GWS.SITES.1 # +############### # # Baseline GWS.SITES.1.1v0.1 #-- - -NonCompliantOUs1_1[OU] { - OU := OUsWithEvents[_] - #Events := FilterEventsAltOU("TOGGLE_SERVICE_ENABLED", OU) - Events := FilterEventsOU("Sites", OU) +NonCompliantOUs1_1 contains OU if { + some OU in utils.OUsWithEvents + Events := FilterEventsOU(OU) count(Events) > 0 # Ignore OUs without any events. We're already # asserting that the top-level OU has at least one event; for all # other OUs we assume they inherit from a parent OU if they have # no events. - LastEvent := GetLastEvent(Events) + LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "INHERIT_FROM_PARENT" } -tests[{ - "PolicyId" : "GWS.SITES.1.1v0.1", - "Criticality": "Should", - "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true}] { +tests contains { + "PolicyId": "GWS.SITES.1.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), + "ActualValue": "No relevant event in the current logs", + "RequirementMet": DefaultSafe, + "NoSuchEvent": true +} +if { DefaultSafe := false - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Sites", TopLevelOU) + Events := FilterEventsOU(utils.TopLevelOU) count(Events) == 0 } -tests[{ - "PolicyId": "GWS.SITES.1.1v0.1", - "Criticality": "Should", - "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, - "RequirementMet": Status, - "NoSuchEvent": false}] { - TopLevelOU := GetTopLevelOU() - Events := FilterEventsOU("Sites", TopLevelOU) +tests contains { + "PolicyId": "GWS.SITES.1.1v0.1", + "Criticality": "Should", + "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, + "RequirementMet": Status, + "NoSuchEvent": false +} +if { + Events := FilterEventsOU(utils.TopLevelOU) count(Events) > 0 Status := count(NonCompliantOUs1_1) == 0 } +#-- \ No newline at end of file diff --git a/rego/Utils.rego b/rego/Utils.rego index 0e664d8d..103294b2 100644 --- a/rego/Utils.rego +++ b/rego/Utils.rego @@ -21,8 +21,239 @@ NoSuchEventDetails(DefaultSafe, TopLevelOU) := Message if { ]) } -ReportDetailsOUs(OUs) := "Requirement met in all OUs." if {count(OUs) == 0} +ReportDetailsOUs(OUs) := "Requirement met in all OUs." if { + count(OUs) == 0 +} + ReportDetailsOUs(OUs) := Message if { count(OUs) > 0 Message := concat("", ["Requirement failed in ", concat(", ", OUs), "."]) +} + +ReportDetailsBoolean(true) := "Requirement met." + +ReportDetailsBoolean(false) := "Requirement not met." + +OUsWithEvents contains OrgUnit if { + some Log in input + some Item in Log.items + some Event in Item.events + some Parameter in Event.parameters + Parameter.name == "ORG_UNIT_NAME" + OrgUnit := Parameter.value +} + +TopLevelOU := Name if { + # Simplest case: if input.tenant_info.topLevelOU is + # non-empty, it contains the name of the top-level OU. + input.tenant_info.topLevelOU != "" + Name := input.tenant_info.topLevelOU +} + +TopLevelOU := OU if { + # input.tenant_info.topLevelOU will be empty when + # no custom OUs have been created, as in this case + # the top-level OU cannot be determined via the API. + # Fortunately, in this case, we know there's literally + # only one OU, so we can grab the OU listed on any of + # the events and know that it is the top-level OU + input.tenant_info.topLevelOU == "" + count(OUsWithEvents) == 1 + some OU in OUsWithEvents +} + +TopLevelOU := Name if { + # Extreme edge case: input.tenant_info.topLevelOU is empty + # because no custom OUs currently exist, but multiple OUs + # are present in the events, likely due to an custom OU + # that was deleted. In this case, we have no way of determining + # which of OUs is the current OU. + input.tenant_info.topLevelOU == "" + count(OUsWithEvents) > 1 + Name := "" +} + +TopLevelOU := Name if { + # Extreme edge case: no custom OUs have been made + # and the logs are empty. In this case, we really + # have no way of determining the top-level OU name. + input.tenant_info.topLevelOU == "" + count(OUsWithEvents) == 0 + Name := "" +} + +GetLastEvent(Events) := Event if { + MaxTs := max({Event.Timestamp | some Event in Events}) + some Event in Events + Event.Timestamp == MaxTs +} + +# Helper function so that the regular SettingChangeEvents +# rule will work even for events that don't include the +# domain name +GetEventDomain(Event) := DomainName if { + "DOMAIN_NAME" in {Parameter.name | some Parameter in Event.parameters} + DomainName := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "DOMAIN_NAME"][0] +} + +GetEventDomain(Event) := "None" if { + not "DOMAIN_NAME" in {Parameter.name | some Parameter in Event.parameters} +} + +# Helper function so that the regular SettingChangeEvents +# rule will work even for events that don't include the +# application name +GetEventApp(Event) := AppName if { + "APPLICATION_NAME" in {Parameter.name | some Parameter in Event.parameters} + AppName := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "APPLICATION_NAME"][0] +} + +GetEventApp(Event) := "None" if { + not "APPLICATION_NAME" in {Parameter.name | some Parameter in Event.parameters} +} + +# Helper function so that the regular SettingChangeEvents +# rule will work even for events that don't include the +# OU name +GetEventOu(Event) := OrgUnit if { + "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} + OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0] +} + +GetEventOu(Event) := "None" if { + not "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters} +} + + +SettingChangeEvents contains { + "Timestamp": time.parse_rfc3339_ns(Item.id.time), + "TimestampStr": Item.id.time, + "NewValue": NewValue, + "Setting": Setting, + "OrgUnit": OrgUnit, + "DomainName": DomainName, + "AppName": AppName +} +if { + some Item in input[data.LogName].items + some Event in Item.events + + # Does this event have the parameters we're looking for? + "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters} + "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters} + + # Extract the values that are there for every event + Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0] + NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0] + + # Extract the values that are there for only some of the events + DomainName := GetEventDomain(Event) + AppName := GetEventApp(Event) + OrgUnit := GetEventOu(Event) +} + +# Secondary case that looks for the DELETE_APPLICATION_SETTING events. +# These events don't have a NEW_VALUE. To make these events work with +# minimal special logic, this rule adds the DELETE_APPLICATION_SETTING +# to the SettingChangeEvents set, with "DELETE_APPLICATION_SETTING" as +# the NewValue. +SettingChangeEvents contains { + "Timestamp": time.parse_rfc3339_ns(Item.id.time), + "TimestampStr": Item.id.time, + "NewValue": NewValue, + "Setting": Setting, + "OrgUnit": OrgUnit, + "DomainName": DomainName, + "AppName": AppName +} +if { + some Item in input[data.LogName].items + some Event in Item.events + Event.name == "DELETE_APPLICATION_SETTING" # Only look at delete events + + # Does this event have the parameters we're looking for? + "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters} + + NewValue := "DELETE_APPLICATION_SETTING" + + # Extract the values that are there for every event + Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0] + + # Extract the values that are there for only some of the events + DomainName := GetEventDomain(Event) + AppName := GetEventApp(Event) + OrgUnit := GetEventOu(Event) +} + +# Special case needed for Common Controls, Russian localization setting +SettingChangeEvents contains { + "Timestamp": time.parse_rfc3339_ns(Item.id.time), + "TimestampStr": Item.id.time, + "NewValue": NewValue, + "OrgUnit": OrgUnit, + "Setting": "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA", + "AppName": "NA" +} +if { + some Item in input[data.LogName].items + some Event in Item.events + + Event.name == "CHANGE_DATA_LOCALIZATION_FOR_RUSSIA" + + # Does this event have the parameters we're looking for? + "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters} + + # Extract the values + NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0] + OrgUnit := GetEventOu(Event) +} + +FilterEvents(Events, SettingName, OrgUnit) := FilteredEvents if { + # If there exists at least the root OU and 1 more OU + # filter out organizational units that don't exist + input.organizational_unit_names + count(input.organizational_unit_names) >= 2 + + # Filter the events by both SettingName and OrgUnit + FilteredEvents := { + Event | some Event in Events; + Event.OrgUnit == OrgUnit; + Event.Setting == SettingName; + Event.OrgUnit in input.organizational_unit_names + } +} + +FilterEvents(Events, SettingName, OrgUnit) := FilteredEvents if { + # If only the root OU exists run like normal + input.organizational_unit_names + count(input.organizational_unit_names) < 2 + + # Filter the events by both SettingName and OrgUnit + FilteredEvents := { + Event | some Event in Events; + Event.OrgUnit == OrgUnit; + Event.Setting == SettingName + } +} + +FilterEvents(Events, SettingName, OrgUnit) := FilteredEvents if { + # If OUs variable does not exist run like normal + not input.organizational_unit_names + + # Filter the events by both SettingName and OrgUnit + FilteredEvents := { + Event | some Event in Events; + Event.OrgUnit == OrgUnit; + Event.Setting == SettingName + } +} + +# Filter the events by just SettingName, ignoring OU +FilterEventsNoOU(Events, SettingName) := { + Event | some Event in Events; + Event.Setting == SettingName +} + +GetEvents(LogName) := Events if { + Events := SettingChangeEvents with data.LogName as LogName } \ No newline at end of file