Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Removed 1.2 and 3.2 from the Calendar Baseline per Issue 133 #134

Merged
merged 15 commits into from
Jan 17, 2024
Merged

Removed 1.2 and 3.2 from the Calendar Baseline per Issue 133 #134

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
6030e09
Addresses comments in issue 133
jkaufman-mitre Jan 4, 2024
b91edb4
Removed implementation
jkaufman-mitre Jan 5, 2024
b9abc1f
Fixed the drift rules file
jkaufman-mitre Jan 5, 2024
1492f3d
Addresses comments in issue 133
jkaufman-mitre Jan 4, 2024
190c8fa
Removed implementation
jkaufman-mitre Jan 5, 2024
b2bafd1
Fixed the drift rules file
jkaufman-mitre Jan 5, 2024
bed2296
Merge branch 'calendar-changes-2' of github.com:cisagov/ScubaGoggles …
adhilto Jan 16, 2024
a982989
Removed the old 1.2 and 3.2
adhilto Jan 16, 2024
c4a2adf
Merged 3.1 and 1.1 into 1 policy group
jkaufman-mitre Jan 16, 2024
a194def
Re-numbered affected policies and fixed drift rules
jkaufman-mitre Jan 16, 2024
34a30a1
Merge calendar sharing controls into a single group rego changes
adhilto Jan 16, 2024
bc8bba2
Update calendar sharing group description
adhilto Jan 16, 2024
9ddd5e4
Fixed TOC
jkaufman-mitre Jan 17, 2024
9d9cda2
Merge branch 'calendar-changes-2' of https://github.com/cisagov/Scuba…
jkaufman-mitre Jan 17, 2024
fd47708
Correct the TOC link for group #1
adhilto Jan 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
175 changes: 170 additions & 5 deletions Testing/RegoTests/calendar/calendar01_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ package calendar
import future.keywords

#
# Policy 1
# GWS.CALENDAR.1.1v0.1
#--
test_ExtSharingPrimaryCal_Correct_V1 if {
# Test external sharing for primary calendars when there's only one event
Expand Down Expand Up @@ -391,26 +391,191 @@ test_ExtSharingPrimaryCal_Incorrect_V5 if {
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == "Requirement failed in Secondary OU."
}
#--

#
# GWS.CALENDAR.1.2v0.1
#--
test_ExtSharingSecondaryCal_Correct_V1 if {
# Test external sharing for secondary calendars when there's only one event
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

test_External_Sharing_Options_V1 if {
# Not-Implemented
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>Only free busy/information for secondary calendars </span>",
" is shared outside Test Top-Level Domain"
])
}

test_ExtSharingSecondaryCal_Correct_V2 if {
# Test external sharing for secondary calendars when there's multiple events and the most most recent is correct
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
},
{
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": "Test Top-Level OU"
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>Only free busy/information for secondary calendars </span> ",
"is shared outside Test Top-Level Domain"
])
}

test_ExtSharingSecondaryCal_Incorrect_V1 if {
# Test external sharing for secondary calendars when there are no relevant events
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "Something else"},
{"name": "NEW_VALUE", "value": "SAME_DOMAIN"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == "Currently not able to be tested automatically; please manually check."
RuleOutput[0].ReportDetails == concat("", [
"No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])
}

test_ExtSharingSecondaryCal_Incorrect_V2 if {
# Test external sharing for secondary calendars when there's only one event and it's wrong
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>All information for secondary calendars </span>",
" is shared outside Test Top-Level Domain but outsiders cannot change calendars."
])
}

test_ExtSharingSecondaryCal_Incorrect_V3 if {
# Test external sharing for secondary calendars when there are multiple events and the most recent is wrong
PolicyId := "GWS.CALENDAR.1.2v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
},
{
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_WRITE_ACCESS"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
},
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>All information for secondary calendars </span>",
" is shared outside Test Top-Level Domain but outsiders cannot change calendars."
])
}
#--
70 changes: 31 additions & 39 deletions Testing/RegoTests/calendar/calendar03_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,21 @@
package calendar
import future.keywords


#
# Policy 1
#--
test_ExtSharingSecondaryCal_Correct_V1 if {
# Test external sharing for secondary calendars when there's only one event
test_CalInteropMan_Correct_V1 if {
# Test calendar interop management when there's only one event
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -30,23 +31,21 @@ test_ExtSharingSecondaryCal_Correct_V1 if {
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>Only free busy/information for secondary calendars </span>",
" is shared outside Test Top-Level Domain"
])
RuleOutput[0].ReportDetails ==
"<span class=setting>Calendar interop is not enabled </span> for Test Top-Level Domain"
}

test_ExtSharingSecondaryCal_Correct_V2 if {
# Test external sharing for secondary calendars when there's multiple events and the most most recent is correct
test_CalInteropMan_Correct_V2 if {
# Test calendar interop management when there's multiple events and the most most recent is correct
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "SHOW_ONLY_FREE_BUSY_INFORMATION"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -56,8 +55,8 @@ test_ExtSharingSecondaryCal_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -73,14 +72,12 @@ test_ExtSharingSecondaryCal_Correct_V2 if {
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>Only free busy/information for secondary calendars </span> ",
"is shared outside Test Top-Level Domain"
])
RuleOutput[0].ReportDetails ==
"<span class=setting>Calendar interop is not enabled </span> for Test Top-Level Domain"
}

test_ExtSharingSecondaryCal_Incorrect_V1 if {
# Test external sharing for secondary calendars when there are no relevant events
test_CalInteropMan_Incorrect_V1 if {
# Test calendar interop management when there are no relevant events
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
Expand Down Expand Up @@ -112,17 +109,17 @@ test_ExtSharingSecondaryCal_Incorrect_V1 if {
])
}

test_ExtSharingSecondaryCal_Incorrect_V2 if {
# Test external sharing for secondary calendars when there's only one event and it's wrong
test_CalInteropMan_Incorrect_V2 if {
# Test calendar interop management when there's only one event and it's wrong
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -138,23 +135,20 @@ test_ExtSharingSecondaryCal_Incorrect_V2 if {
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>All information for secondary calendars </span>",
" is shared outside Test Top-Level Domain but outsiders cannot change calendars."
])
RuleOutput[0].ReportDetails == "<span class=setting>Calendar interop is enabled </span> for Test Top-Level Domain"
}

test_ExtSharingSecondaryCal_Incorrect_V3 if {
# Test external sharing for secondary calendars when there are multiple events and the most recent is wrong
test_CalInteropMan_Incorrect_V3 if {
# Test calendar interop management when there are multiple events and the most recent is wrong
PolicyId := "GWS.CALENDAR.3.1v0.1"
Output := tests with input as {
"calendar_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_ONLY_ACCESS"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -164,8 +158,8 @@ test_ExtSharingSecondaryCal_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
{"name": "SETTING_NAME", "value": "SHARING_OUTSIDE_DOMAIN_FOR_SECONDARY_CALENDAR"},
{"name": "NEW_VALUE", "value": "READ_WRITE_ACCESS"},
{"name": "SETTING_NAME", "value": "ENABLE_EWS_INTEROP"},
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "DOMAIN_NAME", "value": "Test Top-Level Domain"},
]
Expand All @@ -181,17 +175,15 @@ test_ExtSharingSecondaryCal_Incorrect_V3 if {
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", [
"<span class=setting>All information for secondary calendars </span>",
" is shared outside Test Top-Level Domain but outsiders cannot change calendars."
])
RuleOutput[0].ReportDetails == "<span class=setting>Calendar interop is enabled </span> for Test Top-Level Domain"
}
#--

#
# GWS.CALENDAR.3.2v0.1
#--

test_ExternalSharingOptions_Secondary__Correct_V1 if {
test_OAuth_Correct_V1 if {
# Not-Implemented
PolicyId := "GWS.CALENDAR.3.2v0.1"
Output := tests with input as {
Expand Down
Loading