gmail: implement 1.1, 8.1, 9.1, 10.1, & 12.1

cisagov · Dec 23, 2024 · 77092b0 · 77092b0
1 parent 6385824
commit 77092b0
Show file tree

Hide file tree

Showing 14 changed files with 618 additions and 301 deletions.
diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail01_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail01_test.rego
@@ -1,5 +1,9 @@
 package gmail
+
 import future.keywords
+import data.utils.FailTestNoEvent
+import data.utils.FailTestOUNonCompliant
+import data.utils.PassTestResult
 
 #
 # GWS.GMAIL.1.1
@@ -25,11 +29,7 @@ test_MailDelegation_Correct_V1 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
+    PassTestResult(PolicyId, Output)
 }
 
 test_MailDelegation_Correct_V2 if {
@@ -63,11 +63,7 @@ test_MailDelegation_Correct_V2 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
+    PassTestResult(PolicyId, Output)
 }
 
 test_MailDelegation_Correct_V3 if {
@@ -101,11 +97,7 @@ test_MailDelegation_Correct_V3 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
+    PassTestResult(PolicyId, Output)
 }
 
 test_MailDelegation_Incorrect_V1 if {
@@ -129,15 +121,7 @@ test_MailDelegation_Incorrect_V1 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", [
-        "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
-        "While we are unable to determine the state from the logs, the default setting ",
-        "is compliant; manual check recommended."
-    ])
+    FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true)
 }
 
 test_MailDelegation_Incorrect_V2 if {
@@ -161,12 +145,9 @@ test_MailDelegation_Incorrect_V2 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Test Top-Level OU: ",
-        "Mail delegation is set to enabled</li></ul>"])
+    failedOU := [{"Name": "Test Top-Level OU",
+                 "Value": NonComplianceMessage1_1("enabled")}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 
 test_MailDelegation_Incorrect_V3 if {
@@ -200,12 +181,9 @@ test_MailDelegation_Incorrect_V3 if {
         },
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Test Top-Level OU: ",
-        "Mail delegation is set to enabled</li></ul>"])
+    failedOU := [{"Name": "Test Top-Level OU",
+                 "Value": NonComplianceMessage1_1("enabled")}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 
 test_MailDelegation_Incorrect_V4 if {
@@ -229,12 +207,9 @@ test_MailDelegation_Incorrect_V4 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Secondary OU: ",
-        "Mail delegation is set to enabled</li></ul>"])
+    failedOU := [{"Name": "Secondary OU",
+                 "Value": NonComplianceMessage1_1("enabled")}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 
 test_MailDelegation_Incorrect_V5 if {
@@ -268,11 +243,8 @@ test_MailDelegation_Incorrect_V5 if {
         },
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Secondary OU: ",
-        "Mail delegation is set to enabled</li></ul>"])
+    failedOU := [{"Name": "Secondary OU",
+                 "Value": NonComplianceMessage1_1("enabled")}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 #--
diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail08_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail08_test.rego
@@ -1,5 +1,9 @@
 package gmail
+
 import future.keywords
+import data.utils.FailTestNoEvent
+import data.utils.FailTestOUNonCompliant
+import data.utils.PassTestResult
 
 #
 # GWS.GMAIL.8.1
@@ -25,11 +29,7 @@ test_UserEmailUploads_Correct_V1 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
+    PassTestResult(PolicyId, Output)
 }
 
 test_UserEmailUploads_Correct_V2 if {
@@ -63,11 +63,7 @@ test_UserEmailUploads_Correct_V2 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
+    PassTestResult(PolicyId, Output)
 }
 
 test_UserEmailUploads_Correct_V3 if {
@@ -101,11 +97,7 @@ test_UserEmailUploads_Correct_V3 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
+    PassTestResult(PolicyId, Output)
 }
 
 test_UserEmailUploads_Incorrect_V1 if {
@@ -129,15 +121,7 @@ test_UserEmailUploads_Incorrect_V1 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", [
-        "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
-        "While we are unable to determine the state from the logs, the default setting ",
-        "is compliant; manual check recommended."
-    ])
+    FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true)
 }
 
 test_UserEmailUploads_Incorrect_V2 if {
@@ -161,12 +145,9 @@ test_UserEmailUploads_Incorrect_V2 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Test Top-Level OU: ",
-        "User email uploads is set to enabled</li></ul>"])
+    failedOU := [{"Name": "Test Top-Level OU",
+                 "Value": NonComplianceMessage8_1("enabled")}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 
 test_UserEmailUploads_Incorrect_V3 if {
@@ -200,12 +181,9 @@ test_UserEmailUploads_Incorrect_V3 if {
         },
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Test Top-Level OU: ",
-        "User email uploads is set to enabled</li></ul>"])
+    failedOU := [{"Name": "Test Top-Level OU",
+                 "Value": NonComplianceMessage8_1("enabled")}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 
 test_UserEmailUploads_Incorrect_V4 if {
@@ -229,12 +207,9 @@ test_UserEmailUploads_Incorrect_V4 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Secondary OU: ",
-        "User email uploads is set to enabled</li></ul>"])
+    failedOU := [{"Name": "Secondary OU",
+                 "Value": NonComplianceMessage8_1("enabled")}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 
 test_UserEmailUploads_Incorrect_V5 if {
@@ -268,11 +243,8 @@ test_UserEmailUploads_Incorrect_V5 if {
         },
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Secondary OU: ",
-        "User email uploads is set to enabled</li></ul>"])
+    failedOU := [{"Name": "Secondary OU",
+                 "Value": NonComplianceMessage8_1("enabled")}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 #--
diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail09_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail09_test.rego
@@ -1,5 +1,8 @@
 package gmail
+
 import future.keywords
+import data.utils.FailTestOUNonCompliant
+import data.utils.PassTestResult
 
 #
 # GWS.GMAIL.9.1
@@ -36,11 +39,7 @@ test_ImapAccess_Correct_V1 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups."
+    PassTestResult(PolicyId, Output)
 }
 
 test_ImapAccess_Incorrect_V1 if {
@@ -74,12 +73,9 @@ test_ImapAccess_Incorrect_V1 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Test Top-Level OU: ",
-        "POP and IMAP access are enabled</li></ul>"])
+    failedOU := [{"Name": "Test Top-Level OU",
+                 "Value": GetFriendlyValue9_1(true, true)}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 
 test_ImapAccess_Incorrect_V2 if {
@@ -113,12 +109,9 @@ test_ImapAccess_Incorrect_V2 if {
         }
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Secondary OU: ",
-        "POP and IMAP access are enabled</li></ul>"])
+    failedOU := [{"Name": "Secondary OU",
+                 "Value": GetFriendlyValue9_1(true, true)}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 
 test_ImapAccess_Incorrect_V3 if {
@@ -172,11 +165,8 @@ test_ImapAccess_Incorrect_V3 if {
         },
     }
 
-    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    not RuleOutput[0].NoSuchEvent
-    RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Secondary OU: ",
-        "IMAP access is enabled</li></ul>"])
+    failedOU := [{"Name": "Secondary OU",
+                 "Value": GetFriendlyValue9_1(true, false)}]
+    FailTestOUNonCompliant(PolicyId, Output, failedOU)
 }
 #--