diff --git a/Testing/RegoTests/gmail/gmail01_test.rego b/Testing/RegoTests/gmail/gmail01_test.rego
index ab80eea8..28d3a1df 100644
--- a/Testing/RegoTests/gmail/gmail01_test.rego
+++ b/Testing/RegoTests/gmail/gmail01_test.rego
@@ -26,7 +26,7 @@ test_MailDelegation_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -64,7 +64,7 @@ test_MailDelegation_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -102,7 +102,7 @@ test_MailDelegation_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -130,11 +130,15 @@ test_MailDelegation_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is compliant; manual check recommended."
+ ])
}
test_MailDelegation_Incorrect_V2 if {
@@ -158,7 +162,7 @@ test_MailDelegation_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -196,7 +200,7 @@ test_MailDelegation_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -224,7 +228,7 @@ test_MailDelegation_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -262,7 +266,7 @@ test_MailDelegation_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail02_test.rego b/Testing/RegoTests/gmail/gmail02_test.rego
index 3e412d41..3b7eb1f3 100644
--- a/Testing/RegoTests/gmail/gmail02_test.rego
+++ b/Testing/RegoTests/gmail/gmail02_test.rego
@@ -12,12 +12,12 @@ test_DKIM_Correct_V1 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt"]
}
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -31,7 +31,7 @@ test_DKIM_Correct_V2 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt"]
},
{
"domain": "test2.name",
@@ -40,7 +40,7 @@ test_DKIM_Correct_V2 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -54,7 +54,7 @@ test_DKIM_Incorrect_V1 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt"]
},
{
"domain": "test2.name",
@@ -63,7 +63,7 @@ test_DKIM_Incorrect_V1 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -82,7 +82,7 @@ test_DKIM_Incorrect_V2 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail03_test.rego b/Testing/RegoTests/gmail/gmail03_test.rego
index cb172e36..199c8ac6 100644
--- a/Testing/RegoTests/gmail/gmail03_test.rego
+++ b/Testing/RegoTests/gmail/gmail03_test.rego
@@ -12,7 +12,7 @@ test_SPF_Correct_V1 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+"]
}
],
"spf_records": [
@@ -23,7 +23,7 @@ test_SPF_Correct_V1 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -37,7 +37,7 @@ test_SPF_Correct_V2 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+"]
},
{
"domain": "test2.name",
@@ -56,7 +56,7 @@ test_SPF_Correct_V2 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -70,7 +70,7 @@ test_SPF_Incorrect_V1 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+"]
},
{
"domain": "test2.name",
@@ -89,7 +89,7 @@ test_SPF_Incorrect_V1 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -103,7 +103,7 @@ test_SPF_Incorrect_V2 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+"]
}
],
"spf_records": [
@@ -114,7 +114,7 @@ test_SPF_Incorrect_V2 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail04_test.rego b/Testing/RegoTests/gmail/gmail04_test.rego
index 5ec0d2db..392050c0 100644
--- a/Testing/RegoTests/gmail/gmail04_test.rego
+++ b/Testing/RegoTests/gmail/gmail04_test.rego
@@ -12,18 +12,29 @@ test_DMARC_Correct_V1 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
}
],
"dmarc_records": [
{
"domain": "test.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
}
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -37,7 +48,16 @@ test_DMARC_Correct_V2 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
},
{
"domain": "test2.name",
@@ -47,16 +67,20 @@ test_DMARC_Correct_V2 if {
"dmarc_records": [
{
"domain": "test1.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
},
{
"domain": "test2.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
}
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -70,7 +94,16 @@ test_DMARC_Incorrect_V1 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
},
{
"domain": "test2.name",
@@ -80,7 +113,9 @@ test_DMARC_Incorrect_V1 if {
"dmarc_records": [
{
"domain": "test1.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
},
{
"domain": "test2.name",
@@ -89,7 +124,7 @@ test_DMARC_Incorrect_V1 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -103,7 +138,16 @@ test_DMARC_Incorrect_V2 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
}
],
"dmarc_records": [
@@ -114,7 +158,7 @@ test_DMARC_Incorrect_V2 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -132,18 +176,29 @@ test_DMARCMessageReject_Correct_V1 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
}
],
"dmarc_records": [
{
"domain": "test.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
}
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -157,7 +212,16 @@ test_DMARCMessageReject_Correct_V2 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
},
{
"domain": "test2.name",
@@ -167,16 +231,20 @@ test_DMARCMessageReject_Correct_V2 if {
"dmarc_records": [
{
"domain": "test1.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
},
{
"domain": "test2.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
}
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -190,7 +258,16 @@ test_DMARCMessageReject_Incorrect_V1 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
},
{
"domain": "test2.name",
@@ -200,7 +277,9 @@ test_DMARCMessageReject_Incorrect_V1 if {
"dmarc_records": [
{
"domain": "test1.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
},
{
"domain": "test2.name",
@@ -209,7 +288,7 @@ test_DMARCMessageReject_Incorrect_V1 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -223,7 +302,16 @@ test_DMARCMessageReject_Incorrect_V2 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
}
],
"dmarc_records": [
@@ -234,7 +322,7 @@ test_DMARCMessageReject_Incorrect_V2 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -252,18 +340,29 @@ test_DMARCAggregateReports_Correct_V1 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
}
],
"dmarc_records": [
{
"domain": "test.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
}
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -277,7 +376,16 @@ test_DMARCAggregateReports_Correct_V2 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
},
{
"domain": "test2.name",
@@ -287,16 +395,20 @@ test_DMARCAggregateReports_Correct_V2 if {
"dmarc_records": [
{
"domain": "test1.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
},
{
"domain": "test2.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
}
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -310,7 +422,16 @@ test_DMARCAggregateReports_Incorrect_V1 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
},
{
"domain": "test2.name",
@@ -320,7 +441,9 @@ test_DMARCAggregateReports_Incorrect_V1 if {
"dmarc_records": [
{
"domain": "test1.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
},
{
"domain": "test2.name",
@@ -329,7 +452,7 @@ test_DMARCAggregateReports_Incorrect_V1 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -343,7 +466,16 @@ test_DMARCAggregateReports_Incorrect_V2 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
}
],
"dmarc_records": [
@@ -354,7 +486,7 @@ test_DMARCAggregateReports_Incorrect_V2 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -372,18 +504,29 @@ test_DMARCAgencyPOC_Correct_V1 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
}
],
"dmarc_records": [
{
"domain": "test.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
}
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -397,7 +540,16 @@ test_DMARCAgencyPOC_Correct_V2 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
},
{
"domain": "test2.name",
@@ -407,16 +559,20 @@ test_DMARCAgencyPOC_Correct_V2 if {
"dmarc_records": [
{
"domain": "test1.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
},
{
"domain": "test2.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
}
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -430,7 +586,16 @@ test_DMARCAgencyPOC_Incorrect_V1 if {
"dkim_records": [
{
"domain": "test1.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
},
{
"domain": "test2.name",
@@ -440,7 +605,9 @@ test_DMARCAgencyPOC_Incorrect_V1 if {
"dmarc_records": [
{
"domain": "test1.name",
- "rdata": ["v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"]
+ "rdata": [
+ "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov"
+ ]
},
{
"domain": "test2.name",
@@ -449,7 +616,7 @@ test_DMARCAgencyPOC_Incorrect_V1 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -463,7 +630,16 @@ test_DMARCAgencyPOC_Incorrect_V2 if {
"dkim_records": [
{
"domain": "test.name",
- "rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
+ "rdata": [
+ concat("", [
+ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+",
+ "zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+",
+ "pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+",
+ "OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" ",
+ "\"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f",
+ "+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"
+ ])
+ ]
}
],
"dmarc_records": [
@@ -474,7 +650,7 @@ test_DMARCAgencyPOC_Incorrect_V2 if {
]
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail05_test.rego b/Testing/RegoTests/gmail/gmail05_test.rego
index f3e2a913..960ccbc4 100644
--- a/Testing/RegoTests/gmail/gmail05_test.rego
+++ b/Testing/RegoTests/gmail/gmail05_test.rego
@@ -13,7 +13,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -25,7 +31,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -41,7 +47,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -51,7 +63,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -63,7 +81,7 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -79,7 +97,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -89,7 +113,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -101,7 +131,7 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -117,7 +147,11 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Correct_V4 if {
"id": {"time": "2020-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against encrypted attachments from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Attachment safety Enable: protect against encrypted attachments from untrusted senders"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -127,7 +161,11 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Correct_V4 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against encrypted attachments from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Attachment safety Enable: protect against encrypted attachments from untrusted senders"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Second OU"},
]
@@ -138,7 +176,11 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against encrypted attachments from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Attachment safety Enable: protect against encrypted attachments from untrusted senders"
+ },
{"name": "ORG_UNIT_NAME", "value": "Second OU"},
]
}]
@@ -149,7 +191,7 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -177,11 +219,15 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V2 if {
@@ -193,7 +239,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -205,7 +257,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -221,7 +273,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -231,7 +289,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -243,7 +307,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -259,7 +323,11 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against encrypted attachments from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Attachment safety Enable: protect against encrypted attachments from untrusted senders"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -271,7 +339,7 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -287,7 +355,11 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against encrypted attachments from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Attachment safety Enable: protect against encrypted attachments from untrusted senders"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -297,7 +369,11 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against encrypted attachments from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Attachment safety Enable: protect against encrypted attachments from untrusted senders"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -309,7 +385,7 @@ test_AttachmentProtectionEncryptedAttachmentsUntrustedSenders_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -330,7 +406,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -342,7 +424,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -358,7 +440,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -368,7 +456,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -380,7 +474,7 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -396,7 +490,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -406,7 +506,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -418,7 +524,7 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -434,7 +540,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -445,7 +557,13 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -456,7 +574,7 @@ test_AttachmentProetectionAttachmentsScriptsUntrustedSenders_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -484,11 +602,15 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V2 if {
@@ -500,7 +622,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -512,7 +640,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -528,7 +656,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -538,7 +672,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -550,7 +690,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -566,7 +706,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -578,7 +724,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -594,7 +740,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -604,7 +756,13 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: protect against attachments with scripts from untrusted senders"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Attachment safety Enable: protect against attachments with scripts from untrusted ",
+ "senders"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -616,7 +774,7 @@ test_AttachmentProtectionAttachmentsScriptsUntrustedSenders_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -637,7 +795,10 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -649,7 +810,7 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -665,7 +826,10 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -675,7 +839,10 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -687,7 +854,7 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -703,7 +870,10 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -713,7 +883,10 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -725,7 +898,7 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -741,7 +914,10 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -752,7 +928,10 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
@@ -763,7 +942,7 @@ test_AttachmentProtectionAnomalousAttachment_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -791,11 +970,15 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_AttachmentProtectionAnomalousAttachment_Incorrect_V2 if {
@@ -807,7 +990,10 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -819,7 +1005,7 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -835,7 +1021,10 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -845,7 +1034,10 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -857,7 +1049,7 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -873,7 +1065,10 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -885,7 +1080,7 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -901,7 +1096,10 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -911,7 +1109,10 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -923,7 +1124,7 @@ test_AttachmentProtectionAnomalousAttachment_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -943,7 +1144,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -955,7 +1159,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -971,7 +1175,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -981,7 +1188,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -993,7 +1203,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1009,7 +1219,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1019,7 +1232,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1031,7 +1247,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1047,7 +1263,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1058,7 +1277,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -1069,7 +1291,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1097,11 +1319,15 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V2 if {
@@ -1113,7 +1339,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1125,7 +1354,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1141,7 +1370,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1151,7 +1383,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1163,7 +1398,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1179,7 +1414,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1191,7 +1429,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1207,7 +1445,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1217,7 +1458,10 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Enable: automatically enables all future added settings"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1229,7 +1473,7 @@ test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1248,7 +1492,10 @@ test_AttachmentSafety_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:24.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Encrypted attachment protection setting action"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Encrypted attachment protection setting action"
+ },
{"name": "NEW_VALUE", "value": "Quarantine"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1258,7 +1505,10 @@ test_AttachmentSafety_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:25.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Attachment with scripts protection action"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Attachment with scripts protection action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1268,7 +1518,10 @@ test_AttachmentSafety_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:26.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Anomalous attachment protection setting action"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Anomalous attachment protection setting action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1280,7 +1533,7 @@ test_AttachmentSafety_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1296,7 +1549,10 @@ test_AttachmentSafety_InCorrect_V1 if {
"id": {"time": "2022-12-20T00:02:24.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Encrypted attachment protection setting action"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Encrypted attachment protection setting action"
+ },
{"name": "NEW_VALUE", "value": "Quarantine"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1306,7 +1562,10 @@ test_AttachmentSafety_InCorrect_V1 if {
"id": {"time": "2022-12-20T00:02:25.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Attachment with scripts protection action"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Attachment with scripts protection action"
+ },
{"name": "NEW_VALUE", "value": "Show warning"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1316,7 +1575,10 @@ test_AttachmentSafety_InCorrect_V1 if {
"id": {"time": "2022-12-20T00:02:26.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Anomalous attachment protection setting action"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Anomalous attachment protection setting action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1328,7 +1590,7 @@ test_AttachmentSafety_InCorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1344,7 +1606,10 @@ test_AttachmentSafety_InCorrect_V2 if {
"id": {"time": "2022-12-20T00:02:24.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Encrypted attachment protection setting action"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Encrypted attachment protection setting action"
+ },
{"name": "NEW_VALUE", "value": "Show warning"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1354,7 +1619,10 @@ test_AttachmentSafety_InCorrect_V2 if {
"id": {"time": "2022-12-20T00:02:25.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Attachment with scripts protection action"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Attachment with scripts protection action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1364,7 +1632,10 @@ test_AttachmentSafety_InCorrect_V2 if {
"id": {"time": "2022-12-20T00:02:26.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Attachment safety Anomalous attachment protection setting action"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Attachment safety Anomalous attachment protection setting action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1376,7 +1647,7 @@ test_AttachmentSafety_InCorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail06_test.rego b/Testing/RegoTests/gmail/gmail06_test.rego
index 1cc6feb9..53d5c2db 100644
--- a/Testing/RegoTests/gmail/gmail06_test.rego
+++ b/Testing/RegoTests/gmail/gmail06_test.rego
@@ -14,7 +14,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -26,7 +29,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -42,7 +45,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -52,7 +58,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -64,7 +73,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -80,7 +89,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V3 if {
"id": {"time": "2022-12-20T00:03:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -90,7 +102,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V3 if {
"id": {"time": "2021-12-20T00:04:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -102,7 +117,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -118,7 +133,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -129,7 +147,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -140,7 +161,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -168,11 +189,15 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V2 if {
@@ -184,7 +209,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -196,7 +224,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -212,7 +240,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -222,7 +253,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -234,7 +268,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -250,7 +284,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -262,7 +299,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -278,7 +315,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -288,7 +328,10 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: identify links behind shortened URLs"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: identify links behind shortened URLs"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -300,7 +343,7 @@ test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -321,7 +364,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -333,7 +379,7 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -349,7 +395,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -359,7 +408,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -371,7 +423,7 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V2 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -387,7 +439,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -397,7 +452,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -409,7 +467,7 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -425,7 +483,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -436,7 +497,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
}]
@@ -447,7 +511,7 @@ test_LinksExternalImagesProtectionScanLinkedImages_Correct_V4 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -475,11 +539,15 @@ test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V2 if {
@@ -491,7 +559,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -503,7 +574,7 @@ test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -519,7 +590,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -529,7 +603,10 @@ test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: scan linked images"},
+ {
+ "name": "SETTING_NAME",
+ "value": "Links and external images safety Enable: scan linked images"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
@@ -542,7 +619,7 @@ test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -562,7 +639,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -574,7 +657,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -590,7 +673,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -600,7 +689,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -612,7 +707,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -628,7 +723,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -638,7 +739,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -650,7 +757,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -667,7 +774,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -678,7 +791,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V3 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -689,7 +808,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -717,11 +836,15 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V2 if {
@@ -733,7 +856,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -745,7 +874,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -761,7 +890,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -771,7 +906,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -783,7 +924,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -799,7 +940,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -811,7 +958,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -827,7 +974,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -837,7 +990,13 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: show warning prompt for click on links to unstrusted domains"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -849,7 +1008,7 @@ test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -869,7 +1028,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -881,7 +1046,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -897,7 +1062,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -907,7 +1078,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -919,7 +1096,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -935,7 +1112,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -945,7 +1128,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -957,7 +1146,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -973,7 +1162,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -984,7 +1179,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -995,7 +1196,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1023,11 +1224,15 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V2 if {
@@ -1039,7 +1244,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1051,7 +1262,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1067,7 +1278,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1079,7 +1296,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1095,7 +1312,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1105,7 +1328,13 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V4 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Links and external images safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Links and external images safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1117,7 +1346,7 @@ test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V4 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail07_test.rego b/Testing/RegoTests/gmail/gmail07_test.rego
index e1dbed85..11bf5683 100644
--- a/Testing/RegoTests/gmail/gmail07_test.rego
+++ b/Testing/RegoTests/gmail/gmail07_test.rego
@@ -14,7 +14,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -26,7 +32,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -42,7 +48,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -52,7 +64,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -64,7 +82,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -80,7 +98,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -90,7 +114,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -102,7 +132,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -118,7 +148,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -129,7 +165,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -140,7 +182,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -168,11 +210,15 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V2 if {
@@ -184,7 +230,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -196,7 +248,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -212,7 +264,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -222,7 +280,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -234,7 +298,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -250,7 +314,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -262,7 +332,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -278,7 +348,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -288,7 +364,13 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -300,7 +382,7 @@ test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -322,7 +404,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -334,7 +420,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -350,7 +436,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -360,7 +450,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -372,7 +466,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -388,7 +482,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -398,7 +496,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -410,7 +512,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -426,7 +528,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -437,7 +543,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -448,7 +558,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -476,11 +586,15 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V2 if {
@@ -492,7 +606,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -504,7 +622,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -520,7 +638,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -530,7 +652,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -542,7 +668,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -558,7 +684,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -570,7 +700,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -586,7 +716,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -596,7 +730,11 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against spoofing of employee names"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -608,7 +746,7 @@ test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -628,7 +766,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -640,7 +784,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -656,7 +800,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -666,7 +816,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -678,7 +834,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -694,7 +850,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -704,7 +866,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -716,7 +884,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -732,7 +900,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -743,7 +917,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -754,7 +934,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -782,11 +962,15 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V1 if
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V2 if {
@@ -798,7 +982,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V2 if
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -810,7 +1000,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V2 if
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -826,7 +1016,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V3 if
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -836,7 +1032,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V3 if
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -848,7 +1050,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V3 if
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -864,7 +1066,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V4 if
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -876,7 +1084,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V4 if
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -892,7 +1100,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V5 if
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -902,7 +1116,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V5 if
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect against inbound emails spoofing ",
+ "your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -914,7 +1134,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V5 if
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -935,7 +1155,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -947,7 +1171,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -963,7 +1187,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -973,7 +1201,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -985,7 +1217,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1001,7 +1233,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1011,7 +1247,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1023,7 +1263,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1039,7 +1279,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1050,7 +1294,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -1061,7 +1309,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1090,11 +1338,15 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V2 if {
@@ -1106,7 +1358,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1118,7 +1374,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1134,7 +1390,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1144,7 +1404,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1156,7 +1420,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1172,7 +1436,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1184,7 +1452,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1200,7 +1468,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1210,7 +1482,11 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect against any unauthenticated emails"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1222,7 +1498,7 @@ test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1242,7 +1518,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V1
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1254,7 +1536,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V1
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1270,7 +1552,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V2
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1280,7 +1568,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V2
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1292,7 +1586,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V2
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1308,7 +1602,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V3
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1318,7 +1618,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V3
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1330,7 +1636,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V3
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1346,7 +1652,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V4
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1357,7 +1669,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V4
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -1368,7 +1686,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V4
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1396,11 +1714,15 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_V2 if {
@@ -1412,7 +1734,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1424,7 +1752,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1440,7 +1768,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1450,7 +1784,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1462,7 +1802,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1478,7 +1818,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1490,7 +1836,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1506,7 +1852,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1516,7 +1868,13 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1528,7 +1886,7 @@ test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1547,7 +1905,13 @@ test_SpoofingAuthenticationProtection_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:24.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against domain spoofing based on similar domain names action"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Protect against domain spoofing based on similar ",
+ "domain names action"
+ ])
+ },
{"name": "NEW_VALUE", "value": "Quarantine"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1557,7 +1921,11 @@ test_SpoofingAuthenticationProtection_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:25.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against spoofing of employee names action"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Protect against spoofing of employee names action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1567,7 +1935,13 @@ test_SpoofingAuthenticationProtection_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:26.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against inbound emails spoofing your domain action"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Protect against inbound emails spoofing your ",
+ "domain action"
+ ])
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1577,7 +1951,11 @@ test_SpoofingAuthenticationProtection_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:27.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against any unauthenticated emails action"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Protect against any unauthenticated emails action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1587,7 +1965,13 @@ test_SpoofingAuthenticationProtection_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain action"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ",
+ "your domain action"
+ ])
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1599,7 +1983,7 @@ test_SpoofingAuthenticationProtection_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1615,7 +1999,13 @@ test_SpoofingAuthenticationProtection_InCorrect_V1 if {
"id": {"time": "2022-12-20T00:02:24.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against domain spoofing based on similar domain names action"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Protect against domain spoofing based on similar ",
+ "domain names action"
+ ])
+ },
{"name": "NEW_VALUE", "value": "Show warning"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1625,7 +2015,11 @@ test_SpoofingAuthenticationProtection_InCorrect_V1 if {
"id": {"time": "2022-12-20T00:02:25.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against spoofing of employee names action"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Protect against spoofing of employee names action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1635,7 +2029,13 @@ test_SpoofingAuthenticationProtection_InCorrect_V1 if {
"id": {"time": "2022-12-20T00:02:26.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against inbound emails spoofing your domain action"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Protect against inbound emails spoofing your ",
+ "domain action"
+ ])
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1645,7 +2045,11 @@ test_SpoofingAuthenticationProtection_InCorrect_V1 if {
"id": {"time": "2022-12-20T00:02:27.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against any unauthenticated emails action"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Protect against any unauthenticated emails action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1655,7 +2059,13 @@ test_SpoofingAuthenticationProtection_InCorrect_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain action"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ",
+ "your domain action"
+ ])
+ },
{"name": "NEW_VALUE", "value": "Show warning"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1667,7 +2077,7 @@ test_SpoofingAuthenticationProtection_InCorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1683,7 +2093,13 @@ test_SpoofingAuthenticationProtection_InCorrect_V2 if {
"id": {"time": "2022-12-20T00:02:24.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against domain spoofing based on similar domain names action"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Protect against domain spoofing based on similar ",
+ "domain names action"
+ ])
+ },
{"name": "NEW_VALUE", "value": "Show warning"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1693,7 +2109,11 @@ test_SpoofingAuthenticationProtection_InCorrect_V2 if {
"id": {"time": "2022-12-20T00:02:25.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against spoofing of employee names action"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Protect against spoofing of employee names action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1703,7 +2123,13 @@ test_SpoofingAuthenticationProtection_InCorrect_V2 if {
"id": {"time": "2022-12-20T00:02:26.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against inbound emails spoofing your domain action"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Protect against inbound emails spoofing your ",
+ "domain action"
+ ])
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1713,7 +2139,11 @@ test_SpoofingAuthenticationProtection_InCorrect_V2 if {
"id": {"time": "2022-12-20T00:02:27.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect against any unauthenticated emails action"},
+ {
+ "name": "SETTING_NAME",
+ "value":
+ "Spoofing and authentication safety Protect against any unauthenticated emails action"
+ },
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1723,7 +2153,13 @@ test_SpoofingAuthenticationProtection_InCorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain action"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ",
+ "your domain action"
+ ])
+ },
{"name": "NEW_VALUE", "value": "Show warning"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1735,7 +2171,7 @@ test_SpoofingAuthenticationProtection_InCorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1755,7 +2191,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1767,7 +2209,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1783,7 +2225,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1793,7 +2241,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1805,7 +2259,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1821,7 +2275,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1831,7 +2291,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -1843,7 +2309,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1859,7 +2325,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1870,7 +2342,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -1881,7 +2359,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1909,11 +2387,15 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V2 if {
@@ -1925,7 +2407,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1937,7 +2425,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1953,7 +2441,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1963,7 +2457,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -1975,7 +2475,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -1991,7 +2491,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -2003,7 +2509,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -2019,7 +2525,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -2029,7 +2541,13 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "Spoofing and authentication safety Enable: automatically enables all future added settings"},
+ {
+ "name": "SETTING_NAME",
+ "value": concat("", [
+ "Spoofing and authentication safety Enable: automatically enables all future added ",
+ "settings"
+ ])
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -2041,7 +2559,7 @@ test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail08_test.rego b/Testing/RegoTests/gmail/gmail08_test.rego
index b78b7eeb..c3f43a6b 100644
--- a/Testing/RegoTests/gmail/gmail08_test.rego
+++ b/Testing/RegoTests/gmail/gmail08_test.rego
@@ -26,7 +26,7 @@ test_UserEmailUploads_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -64,7 +64,7 @@ test_UserEmailUploads_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -102,7 +102,7 @@ test_UserEmailUploads_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -130,11 +130,15 @@ test_UserEmailUploads_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_UserEmailUploads_Incorrect_V2 if {
@@ -158,7 +162,7 @@ test_UserEmailUploads_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -196,7 +200,7 @@ test_UserEmailUploads_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -224,7 +228,7 @@ test_UserEmailUploads_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -262,7 +266,7 @@ test_UserEmailUploads_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail09_test.rego b/Testing/RegoTests/gmail/gmail09_test.rego
index bf724c11..12a11c38 100644
--- a/Testing/RegoTests/gmail/gmail09_test.rego
+++ b/Testing/RegoTests/gmail/gmail09_test.rego
@@ -27,7 +27,7 @@ test_ImapAccess_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -65,7 +65,7 @@ test_ImapAccess_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -103,7 +103,7 @@ test_ImapAccess_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -141,7 +141,7 @@ test_ImapAccess_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -169,11 +169,15 @@ test_ImapAccess_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_ImapAccess_Incorrect_V2 if {
@@ -197,7 +201,7 @@ test_ImapAccess_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -235,7 +239,7 @@ test_ImapAccess_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -262,7 +266,7 @@ test_ImapAccess_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -300,7 +304,7 @@ test_ImapAccess_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -332,7 +336,7 @@ test_PopAccess_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -370,7 +374,7 @@ test_PopAccess_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -408,7 +412,7 @@ test_PopAccess_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -446,7 +450,7 @@ test_PopAccess_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -474,11 +478,15 @@ test_PopAccess_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_PopAccess_Incorrect_V2 if {
@@ -502,7 +510,7 @@ test_PopAccess_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -540,7 +548,7 @@ test_PopAccess_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -568,7 +576,7 @@ test_PopAccess_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -606,7 +614,7 @@ test_PopAccess_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail10_test.rego b/Testing/RegoTests/gmail/gmail10_test.rego
index 886963f4..ce2243a4 100644
--- a/Testing/RegoTests/gmail/gmail10_test.rego
+++ b/Testing/RegoTests/gmail/gmail10_test.rego
@@ -26,7 +26,7 @@ test_GoogleWorkspaceSync_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -64,7 +64,7 @@ test_GoogleWorkspaceSync_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -102,7 +102,7 @@ test_GoogleWorkspaceSync_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -140,7 +140,7 @@ test_GoogleWorkspaceSync_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -168,11 +168,15 @@ test_GoogleWorkspaceSync_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_GoogleWorkspaceSync_Incorrect_V2 if {
@@ -196,7 +200,7 @@ test_GoogleWorkspaceSync_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -234,7 +238,7 @@ test_GoogleWorkspaceSync_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -262,7 +266,7 @@ test_GoogleWorkspaceSync_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -300,7 +304,7 @@ test_GoogleWorkspaceSync_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail11_test.rego b/Testing/RegoTests/gmail/gmail11_test.rego
index 775086bf..acea4f4f 100644
--- a/Testing/RegoTests/gmail/gmail11_test.rego
+++ b/Testing/RegoTests/gmail/gmail11_test.rego
@@ -26,7 +26,7 @@ test_AutomaticForwarding_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -64,7 +64,7 @@ test_AutomaticForwarding_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -102,7 +102,7 @@ test_AutomaticForwarding_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -140,7 +140,7 @@ test_AutomaticForwarding_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -168,11 +168,15 @@ test_AutomaticForwarding_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_AutomaticForwarding_Incorrect_V2 if {
@@ -196,7 +200,7 @@ test_AutomaticForwarding_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -234,7 +238,7 @@ test_AutomaticForwarding_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -262,7 +266,7 @@ test_AutomaticForwarding_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -300,7 +304,7 @@ test_AutomaticForwarding_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail12_test.rego b/Testing/RegoTests/gmail/gmail12_test.rego
index 321015d1..4bfc528a 100644
--- a/Testing/RegoTests/gmail/gmail12_test.rego
+++ b/Testing/RegoTests/gmail/gmail12_test.rego
@@ -26,7 +26,7 @@ test_ImageUrlProxyWhitelist_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -64,7 +64,7 @@ test_ImageUrlProxyWhitelist_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -102,7 +102,7 @@ test_ImageUrlProxyWhitelist_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -130,11 +130,15 @@ test_ImageUrlProxyWhitelist_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_ImageUrlProxyWhitelist_Incorrect_V2 if {
@@ -158,7 +162,7 @@ test_ImageUrlProxyWhitelist_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -196,7 +200,7 @@ test_ImageUrlProxyWhitelist_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -224,7 +228,7 @@ test_ImageUrlProxyWhitelist_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -262,7 +266,7 @@ test_ImageUrlProxyWhitelist_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail13_test.rego b/Testing/RegoTests/gmail/gmail13_test.rego
index a5c39d33..811c8f40 100644
--- a/Testing/RegoTests/gmail/gmail13_test.rego
+++ b/Testing/RegoTests/gmail/gmail13_test.rego
@@ -26,7 +26,7 @@ test_PerUserOutboundGateway_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -64,7 +64,7 @@ test_PerUserOutboundGateway_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -102,7 +102,7 @@ test_PerUserOutboundGateway_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -130,11 +130,15 @@ test_PerUserOutboundGateway_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_PerUserOutboundGateway_Incorrect_V2 if {
@@ -158,7 +162,7 @@ test_PerUserOutboundGateway_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -196,7 +200,7 @@ test_PerUserOutboundGateway_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -224,7 +228,7 @@ test_PerUserOutboundGateway_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -262,7 +266,7 @@ test_PerUserOutboundGateway_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail14_test.rego b/Testing/RegoTests/gmail/gmail14_test.rego
index 5a26c890..f021648e 100644
--- a/Testing/RegoTests/gmail/gmail14_test.rego
+++ b/Testing/RegoTests/gmail/gmail14_test.rego
@@ -14,7 +14,10 @@ test_ExternalReplyWarning_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -26,7 +29,7 @@ test_ExternalReplyWarning_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -42,7 +45,10 @@ test_ExternalReplyWarning_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -52,7 +58,10 @@ test_ExternalReplyWarning_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -64,7 +73,7 @@ test_ExternalReplyWarning_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -80,7 +89,10 @@ test_ExternalReplyWarning_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -90,7 +102,10 @@ test_ExternalReplyWarning_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -102,7 +117,7 @@ test_ExternalReplyWarning_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -118,7 +133,10 @@ test_ExternalReplyWarning_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -129,7 +147,10 @@ test_ExternalReplyWarning_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -140,7 +161,7 @@ test_ExternalReplyWarning_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -168,11 +189,15 @@ test_ExternalReplyWarning_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_ExternalReplyWarning_Incorrect_V2 if {
@@ -184,7 +209,10 @@ test_ExternalReplyWarning_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -196,7 +224,7 @@ test_ExternalReplyWarning_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -212,7 +240,10 @@ test_ExternalReplyWarning_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -222,7 +253,10 @@ test_ExternalReplyWarning_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -234,7 +268,7 @@ test_ExternalReplyWarning_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -250,7 +284,10 @@ test_ExternalReplyWarning_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -262,7 +299,7 @@ test_ExternalReplyWarning_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -278,7 +315,10 @@ test_ExternalReplyWarning_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -288,7 +328,10 @@ test_ExternalReplyWarning_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"},
+ {
+ "name": "SETTING_NAME",
+ "value": "OutOfDomainWarningProto disable_untrusted_recipient_warning"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -300,7 +343,7 @@ test_ExternalReplyWarning_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail15_test.rego b/Testing/RegoTests/gmail/gmail15_test.rego
index df485dce..6ae90f83 100644
--- a/Testing/RegoTests/gmail/gmail15_test.rego
+++ b/Testing/RegoTests/gmail/gmail15_test.rego
@@ -26,11 +26,14 @@ test_EmailAllowlist_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "Email allowlists are not enabled in Test Top-Level Domain."
+ RuleOutput[0].ReportDetails == concat("", [
+ "Email allowlists are not enabled in ",
+ "Test Top-Level Domain."
+ ])
}
test_EmailAllowlist_Correct_V2 if {
@@ -64,12 +67,14 @@ test_EmailAllowlist_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "Email allowlists are not enabled in Test Top-Level Domain."
-}
+ RuleOutput[0].ReportDetails == concat("", [
+ "Email allowlists are not enabled in ",
+ "Test Top-Level Domain."
+ ])}
test_EmailAllowlist_Incorrect_V1 if {
# Test Email Allowlists when there are no relevant events
@@ -92,11 +97,15 @@ test_EmailAllowlist_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "Email Allowlist is set to default value."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs. ",
+ "While we are unable to determine the state from the logs, ",
+ "the default setting is non-compliant; manual check recommended."
+ ])
}
test_EmailAllowlist_Incorrect_V2 if {
@@ -120,7 +129,7 @@ test_EmailAllowlist_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -158,7 +167,7 @@ test_EmailAllowlist_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail16_test.rego b/Testing/RegoTests/gmail/gmail16_test.rego
index 8881887f..a56147d9 100644
--- a/Testing/RegoTests/gmail/gmail16_test.rego
+++ b/Testing/RegoTests/gmail/gmail16_test.rego
@@ -14,7 +14,10 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V1 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -26,7 +29,7 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -42,7 +45,10 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -52,7 +58,10 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V2 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -64,7 +73,7 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -80,7 +89,10 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -90,7 +102,10 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V3 if {
"id": {"time": "2022-12-21T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -102,7 +117,7 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -118,7 +133,10 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -129,7 +147,10 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V4 if {
"events": [{
"name": "DELETE_APPLICATION_SETTING",
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
@@ -140,7 +161,7 @@ test_EnhancedPreDeliveryMessageScanning_Correct_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -168,12 +189,15 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
-}
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])}
test_EnhancedPreDeliveryMessageScanning_Incorrect_V2 if {
# Test Enhanced Pre-Delivery Message Scanning when there's only one event and it's wrong
@@ -184,7 +208,10 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V2 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -196,7 +223,7 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -212,7 +239,10 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V3 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -222,7 +252,10 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V3 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -234,7 +267,7 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -250,7 +283,10 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V4 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -262,7 +298,7 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -278,7 +314,10 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V5 if {
"id": {"time": "2022-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "false"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
@@ -288,7 +327,10 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V5 if {
"id": {"time": "2021-12-20T00:02:28.672Z"},
"events": [{
"parameters": [
- {"name": "SETTING_NAME", "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"},
+ {
+ "name": "SETTING_NAME",
+ "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ },
{"name": "NEW_VALUE", "value": "true"},
{"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"},
]
@@ -300,7 +342,7 @@ test_EnhancedPreDeliveryMessageScanning_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail17_test.rego b/Testing/RegoTests/gmail/gmail17_test.rego
index 4a1a704e..0d44a3f1 100644
--- a/Testing/RegoTests/gmail/gmail17_test.rego
+++ b/Testing/RegoTests/gmail/gmail17_test.rego
@@ -26,7 +26,7 @@ test_SecuritySandbox_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -64,7 +64,7 @@ test_SecuritySandbox_Correct_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -102,7 +102,7 @@ test_SecuritySandbox_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -140,7 +140,7 @@ test_SecuritySandbox_Correct_V3 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -168,11 +168,15 @@ test_SecuritySandbox_Incorrect_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
- RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is non-compliant; manual check recommended."
+ RuleOutput[0].ReportDetails == concat("", [
+ "No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
+ "While we are unable to determine the state from the logs, the default setting ",
+ "is non-compliant; manual check recommended."
+ ])
}
test_SecuritySandbox_Incorrect_V2 if {
@@ -196,7 +200,7 @@ test_SecuritySandbox_Incorrect_V2 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -234,7 +238,7 @@ test_SecuritySandbox_Incorrect_V3 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -262,7 +266,7 @@ test_SecuritySandbox_Incorrect_V4 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
@@ -300,7 +304,7 @@ test_SecuritySandbox_Incorrect_V5 if {
},
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail18_test.rego b/Testing/RegoTests/gmail/gmail18_test.rego
index cbb6a3bf..57ca2d54 100644
--- a/Testing/RegoTests/gmail/gmail18_test.rego
+++ b/Testing/RegoTests/gmail/gmail18_test.rego
@@ -16,7 +16,7 @@ test_SpamApprovedSendersList_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail19_test.rego b/Testing/RegoTests/gmail/gmail19_test.rego
index e4fd162b..dffbc367 100644
--- a/Testing/RegoTests/gmail/gmail19_test.rego
+++ b/Testing/RegoTests/gmail/gmail19_test.rego
@@ -16,7 +16,7 @@ test_BlockedSendersList_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail20_test.rego b/Testing/RegoTests/gmail/gmail20_test.rego
index 4bd06dd3..eba465dd 100644
--- a/Testing/RegoTests/gmail/gmail20_test.rego
+++ b/Testing/RegoTests/gmail/gmail20_test.rego
@@ -16,7 +16,7 @@ test_ComprehensiveMailStorage_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail21_test.rego b/Testing/RegoTests/gmail/gmail21_test.rego
index bf9b1a60..5dfb1927 100644
--- a/Testing/RegoTests/gmail/gmail21_test.rego
+++ b/Testing/RegoTests/gmail/gmail21_test.rego
@@ -16,7 +16,7 @@ test_AdvanvedEmailContentFitlering_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail22_test.rego b/Testing/RegoTests/gmail/gmail22_test.rego
index 4d795ec6..8619c2ba 100644
--- a/Testing/RegoTests/gmail/gmail22_test.rego
+++ b/Testing/RegoTests/gmail/gmail22_test.rego
@@ -16,7 +16,7 @@ test_ObjectionableContentFiltering_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/Testing/RegoTests/gmail/gmail23_test.rego b/Testing/RegoTests/gmail/gmail23_test.rego
index 1d4db674..d43b63f8 100644
--- a/Testing/RegoTests/gmail/gmail23_test.rego
+++ b/Testing/RegoTests/gmail/gmail23_test.rego
@@ -16,7 +16,7 @@ test_AttachmentComplianceFiltering_Correct_V1 if {
}
}
- RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+ RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
diff --git a/rego/Gmail.rego b/rego/Gmail.rego
index bb40fb67..4c18bd10 100644
--- a/rego/Gmail.rego
+++ b/rego/Gmail.rego
@@ -3,44 +3,46 @@ import future.keywords
import data.utils.ReportDetailsOUs
import data.utils.NoSuchEventDetails
-Format(Array) = format_int(count(Array), 10)
+Format(Array) := format_int(count(Array), 10)
-Description(String1, String2, String3) = trim(concat("", [String1, concat("", [String2, String3]), "."]), " ")
+Description(String1, String2, String3) := trim(concat("", [String1, concat("", [String2, String3]), "."]), " ")
-ReportDetailsArray(Status, _, _) = Detail if {
+ReportDetailsArray(Status, _, _) := Detail if {
Status == true
Detail := "Requirement met."
}
-ReportDetailsArray(Status, Array1, Array2) = Detail if {
+ReportDetailsArray(Status, Array1, Array2) := Detail if {
Status == false
Fraction := concat(" of ", [Format(Array1), Format(Array2)])
String := concat(", ", Array1)
Detail := Description(Fraction, " agency domain(s) found in violation: ", String)
}
-AllDomains := {Domain.domain | Domain = input.dkim_records[_]}
+AllDomains contains Domain.domain if {
+ some Domain in input.dkim_records
+}
FilterEvents(SettingName) := FilteredEvents if {
Events := SettingChangeEvents
- FilteredEvents := [Event | Event = Events[_]; Event.Setting == SettingName]
+ FilteredEvents := [Event | some Event in Events; Event.Setting == SettingName]
}
FilterEventsDomain(SettingName) := FilteredEvents if {
Events := SettingChangeEventsDomain
- FilteredEvents := [Event | Event = Events[_]; Event.Setting == SettingName]
+ FilteredEvents := [Event | some Event in Events; Event.Setting == SettingName]
}
-FilterEventsOU(ServiceName, OrgUnit) := FilteredEvents if {
+FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if {
# If there exists at least the root OU and 1 more OU
# filter out organizational units that don't exist
input.organizational_unit_names
count(input.organizational_unit_names) >=2
- # Filter the events by both ServiceName and OrgUnit
- Events := FilterEvents(ServiceName)
+ # Filter the events by both SettingName and OrgUnit
+ Events := FilterEvents(SettingName)
FilteredEvents := [
- Event | Event = Events[_];
+ Event | some Event in Events;
Event.OrgUnit == OrgUnit;
Event.OrgUnit in input.organizational_unit_names
]
@@ -53,7 +55,7 @@ FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if {
# Filter the events by both SettingName and OrgUnit
Events := FilterEvents(SettingName)
- FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit]
+ FilteredEvents := {Event | some Event in Events; Event.OrgUnit == OrgUnit}
}
FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if {
@@ -62,17 +64,17 @@ FilterEventsOU(SettingName, OrgUnit) := FilteredEvents if {
# Filter the events by both SettingName and OrgUnit
Events := FilterEvents(SettingName)
- FilteredEvents := [Event | Event = Events[_]; Event.OrgUnit == OrgUnit]
+ FilteredEvents := {Event | some Event in Events; Event.OrgUnit == OrgUnit}
}
-GetTopLevelOU() := name if {
+TopLevelOU := Name if {
# Simplest case: if input.tenant_info.topLevelOU is
# non-empty, it contains the name of the top-level OU.
input.tenant_info.topLevelOU != ""
- name := input.tenant_info.topLevelOU
+ Name := input.tenant_info.topLevelOU
}
-GetTopLevelOU() := name if {
+TopLevelOU := Name if {
# input.tenant_info.topLevelOU will be empty when
# no custom OUs have been created, as in this case
# the top-level OU cannot be determined via the API.
@@ -81,40 +83,42 @@ GetTopLevelOU() := name if {
# the events and know that it is the top-level OU
input.tenant_info.topLevelOU == ""
count(SettingChangeEvents) > 0
- name := GetLastEvent(SettingChangeEvents).OrgUnit
+ Name := GetLastEvent(SettingChangeEvents).OrgUnit
}
-GetTopLevelOU() := name if {
+TopLevelOU := Name if {
# Extreme edge case: no custom OUs have been made
# and the logs are empty. In this case, we really
# have no way of determining the top-level OU name.
input.tenant_info.topLevelOU == ""
count(SettingChangeEvents) == 0
- name := ""
+ Name := ""
}
-OUsWithEvents[Event.OrgUnit] {
- Event := SettingChangeEvents[_]
+OUsWithEvents contains Event.OrgUnit if {
+ some Event in SettingChangeEvents
}
-SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time),
+SettingChangeEvents contains {
+ "Timestamp": time.parse_rfc3339_ns(Item.id.time),
"TimestampStr": Item.id.time,
"NewValue": NewValue,
"Setting": Setting,
"OrgUnit": OrgUnit,
- "DomainName": DomainName}] {
-
- Item := input.gmail_logs.items[_] # For each item...
- Event := Item.events[_] # For each event in the item...
+ "DomainName": DomainName
+}
+if {
+ some Item in input.gmail_logs.items # For each item...
+ some Event in Item.events # For each event in the item...
# Does this event have the parameters we're looking for?
- "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
- "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]]
- "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
+ "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters}
+ "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters}
+ "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters}
# Extract the values
- Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0]
- NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "NEW_VALUE"][0]
+ Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0]
+ NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0]
OrgUnit := GetEventOu(Event)
DomainName := GetEventDomain(Event)
}
@@ -124,83 +128,86 @@ SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time),
# minimal special logic, this rule adds the DELETE_APPLICATION_SETTING
# to the SettingChangeEvents set, with "DELETE_APPLICATION_SETTING" as
# the NewValue.
-SettingChangeEvents[{"Timestamp": time.parse_rfc3339_ns(Item.id.time),
+SettingChangeEvents contains {
+ "Timestamp": time.parse_rfc3339_ns(Item.id.time),
"TimestampStr": Item.id.time,
"NewValue": NewValue,
"Setting": Setting,
"OrgUnit": OrgUnit,
- "DomainName": DomainName}] {
-
- Item := input.gmail_logs.items[_] # For each item...
- Event := Item.events[_] # For each event in the item...
+ "DomainName": DomainName
+}
+if {
+ some Item in input.gmail_logs.items # For each item...
+ some Event in Item.events # For each event in the item...
Event.name == "DELETE_APPLICATION_SETTING" # Only look at delete events
# Does this event have the parameters we're looking for?
- "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
- "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
+ "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters}
+ "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters}
# Extract the values
- Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0]
+ Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0]
NewValue := "DELETE_APPLICATION_SETTING"
OrgUnit := GetEventOu(Event)
DomainName := GetEventDomain(Event)
}
-SettingChangeEventsDomain[{"Timestamp": time.parse_rfc3339_ns(Item.id.time),
+SettingChangeEventsDomain contains {
+ "Timestamp": time.parse_rfc3339_ns(Item.id.time),
"TimestampStr": Item.id.time,
"NewValue": NewValue,
"Setting": Setting,
- "DomainName": DomainName}] {
-
- Item := input.gmail_logs.items[_] # For each item...
- Event := Item.events[_] # For each event in the item...
+ "DomainName": DomainName
+}
+if {
+ some Item in input.gmail_logs.items # For each item...
+ some Event in Item.events # For each event in the item...
# Does this event have the parameters we're looking for?
- "SETTING_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
- "NEW_VALUE" in [Parameter.name | Parameter = Event.parameters[_]]
- "DOMAIN_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
+ "SETTING_NAME" in {Parameter.name | some Parameter in Event.parameters}
+ "NEW_VALUE" in {Parameter.name | some Parameter in Event.parameters}
+ "DOMAIN_NAME" in {Parameter.name | some Parameter in Event.parameters}
# Extract the values
- Setting := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "SETTING_NAME"][0]
- NewValue := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "NEW_VALUE"][0]
+ Setting := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "SETTING_NAME"][0]
+ NewValue := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "NEW_VALUE"][0]
DomainName := GetEventDomain(Event)
}
GetEventOu(Event) := OrgUnit if {
- "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
- OrgUnit := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "ORG_UNIT_NAME"][0]
+ "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters}
+ OrgUnit := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "ORG_UNIT_NAME"][0]
}
GetEventOu(Event) := "None" if {
- not "ORG_UNIT_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
+ not "ORG_UNIT_NAME" in {Parameter.name | some Parameter in Event.parameters}
}
GetEventDomain(Event) := DomainName if {
- "DOMAIN_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
- DomainName := [Parameter.value | Parameter = Event.parameters[_]; Parameter.name == "DOMAIN_NAME"][0]
+ "DOMAIN_NAME" in {Parameter.name | some Parameter in Event.parameters}
+ DomainName := [Parameter.value | some Parameter in Event.parameters; Parameter.name == "DOMAIN_NAME"][0]
}
GetEventDomain(Event) := "None" if {
- not "DOMAIN_NAME" in [Parameter.name | Parameter = Event.parameters[_]]
+ not "DOMAIN_NAME" in {Parameter.name | some Parameter in Event.parameters}
}
GetLastEvent(Events) := Event if {
- MaxTs := max([Event.Timestamp | Event = Events[_]])
- Event := Events[_]
+ MaxTs := max({Event.Timestamp | some Event in Events})
+ some Event in Events
Event.Timestamp == MaxTs
}
-################
-# GWS.GMAIL.1 #
-################
+###############
+# GWS.GMAIL.1 #
+###############
#
# Baseline GWS.GMAIL.1.1v0.1
#--
-
-NonCompliantOUs1_1[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs1_1 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
@@ -210,100 +217,113 @@ NonCompliantOUs1_1[OU] {
LastEvent.NewValue == "true"
}
-tests[{ "PolicyId" : "GWS.GMAIL.1.1v0.1",
- "Criticality": "Should",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.1.1v0.1",
+ "Criticality": "Should",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := true
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.1.1v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.1.1v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs1_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs1_1) == 0
}
#--
-################
-# GWS.GMAIL.2 #
-################
+###############
+# GWS.GMAIL.2 #
+###############
#
# Baseline GWS.GMAIL.2.1v0.1
#--
-DomainsWithDkim[DkimRecord.domain] {
- DkimRecord := input.dkim_records[_]
- Rdata := DkimRecord.rdata[_]
+DomainsWithDkim contains DkimRecord.domain if {
+ some DkimRecord in input.dkim_records
+ some Rdata in DkimRecord.rdata
startswith(Rdata, "v=DKIM1;")
}
-tests[{ "PolicyId" : "GWS.GMAIL.2.1v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsArray(Status, DomainsWithoutDkim, AllDomains),
- "ActualValue": input.dkim_records,
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.2.1v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsArray(Status, DomainsWithoutDkim, AllDomains),
+ "ActualValue": input.dkim_records,
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
DomainsWithoutDkim := AllDomains - DomainsWithDkim
Status := count(DomainsWithoutDkim) == 0
}
#--
-################
-# GWS.GMAIL.3 #
-################
+###############
+# GWS.GMAIL.3 #
+###############
#
# Baseline GWS.GMAIL.3.1v0.1
#--
-DomainsWithSpf[SpfRecord.domain] {
- SpfRecord := input.spf_records[_]
- Rdata := SpfRecord.rdata[_]
+DomainsWithSpf contains SpfRecord.domain if {
+ some SpfRecord in input.spf_records
+ some Rdata in SpfRecord.rdata
startswith(Rdata, "v=spf1 ")
}
-tests[{ "PolicyId" : "GWS.GMAIL.3.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsArray(Status, DomainsWithoutSpf, AllDomains),
- "ActualValue": DomainsWithoutSpf,
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.3.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsArray(Status, DomainsWithoutSpf, AllDomains),
+ "ActualValue": DomainsWithoutSpf,
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
DomainsWithoutSpf := AllDomains - DomainsWithSpf
Status := count(DomainsWithoutSpf) == 0
}
#--
-################
-# GWS.GMAIL.4 #
-################
+###############
+# GWS.GMAIL.4 #
+###############
#
# Baseline GWS.GMAIL.4.1v0.1
#--
-DomainsWithDmarc[DmarcRecord.domain] {
- DmarcRecord := input.dmarc_records[_]
- Rdata := DmarcRecord.rdata[_]
+DomainsWithDmarc contains DmarcRecord.domain if {
+ some DmarcRecord in input.dmarc_records
+ some Rdata in DmarcRecord.rdata
startswith(Rdata, "v=DMARC1;")
}
-tests[{ "PolicyId" : "GWS.GMAIL.4.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsArray(Status, DomainsWithoutDmarc, AllDomains),
- "ActualValue": input.dmarc_records,
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.4.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsArray(Status, DomainsWithoutDmarc, AllDomains),
+ "ActualValue": input.dmarc_records,
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
DomainsWithoutDmarc := AllDomains - DomainsWithDmarc
Status := count(DomainsWithoutDmarc) == 0
}
@@ -312,18 +332,21 @@ tests[{ "PolicyId" : "GWS.GMAIL.4.1v0.1",
#
# Baseline GWS.GMAIL.4.2v0.1
#--
-DomainsWithPreject[DmarcRecord.domain] {
- DmarcRecord := input.dmarc_records[_]
- Rdata := DmarcRecord.rdata[_]
+DomainsWithPreject contains DmarcRecord.domain if {
+ some DmarcRecord in input.dmarc_records
+ some Rdata in DmarcRecord.rdata
contains(Rdata, "p=reject;")
}
-tests[{ "PolicyId" : "GWS.GMAIL.4.2v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsArray(Status, DomainsWithoutPreject, AllDomains),
- "ActualValue": input.dmarc_records,
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.4.2v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsArray(Status, DomainsWithoutPreject, AllDomains),
+ "ActualValue": input.dmarc_records,
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
DomainsWithoutPreject := AllDomains - DomainsWithPreject
Status := count(DomainsWithoutPreject) == 0
}
@@ -332,18 +355,21 @@ tests[{ "PolicyId" : "GWS.GMAIL.4.2v0.1",
#
# Baseline GWS.GMAIL.4.3v0.1
#--
-DomainsWithDHSContact[DmarcRecord.domain] {
- DmarcRecord := input.dmarc_records[_]
- Rdata := DmarcRecord.rdata[_]
+DomainsWithDHSContact contains DmarcRecord.domain if {
+ some DmarcRecord in input.dmarc_records
+ some Rdata in DmarcRecord.rdata
contains(Rdata, "mailto:reports@dmarc.cyber.dhs.gov")
}
-tests[{ "PolicyId" : "GWS.GMAIL.4.3v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsArray(Status, DomainsWithoutDHSContact, AllDomains),
- "ActualValue": input.dmarc_records,
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.4.3v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsArray(Status, DomainsWithoutDHSContact, AllDomains),
+ "ActualValue": input.dmarc_records,
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
DomainsWithoutDHSContact := AllDomains - DomainsWithDHSContact
Status := count(DomainsWithoutDHSContact) == 0
}
@@ -352,35 +378,38 @@ tests[{ "PolicyId" : "GWS.GMAIL.4.3v0.1",
#
# Baseline GWS.GMAIL.4.4v0.1
#--
-DomainsWithAgencyContact[DmarcRecord.domain] {
- DmarcRecord := input.dmarc_records[_]
- Rdata := DmarcRecord.rdata[_]
+DomainsWithAgencyContact contains DmarcRecord.domain if {
+ some DmarcRecord in input.dmarc_records
+ some Rdata in DmarcRecord.rdata
count(split(Rdata, "@")) >= 3
}
-tests[{ "PolicyId" : "GWS.GMAIL.4.4v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsArray(Status, DomainsWithoutAgencyContact, AllDomains),
- "ActualValue": input.dmarc_records,
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.4.4v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsArray(Status, DomainsWithoutAgencyContact, AllDomains),
+ "ActualValue": input.dmarc_records,
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
DomainsWithoutAgencyContact := AllDomains - DomainsWithAgencyContact
Status := count(DomainsWithoutAgencyContact) == 0
}
#--
-################
-# GWS.GMAIL.5 #
-################
+###############
+# GWS.GMAIL.5 #
+###############
#
# Baseline GWS.GMAIL.5.1v0.1
#--
-
-NonCompliantOUs5_1[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Attachment safety Enable: protect against encrypted attachments from untrusted senders", OU)
+NonCompliantOUs5_1 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "Attachment safety Enable: protect against encrypted attachments from untrusted senders"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -390,26 +419,31 @@ NonCompliantOUs5_1[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+} if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Attachment safety Enable: protect against encrypted attachments from untrusted senders", TopLevelOU)
+ SettingName := "Attachment safety Enable: protect against encrypted attachments from untrusted senders"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Attachment safety Enable: protect against encrypted attachments from untrusted senders", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "Attachment safety Enable: protect against encrypted attachments from untrusted senders"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs5_1) == 0
}
@@ -417,10 +451,10 @@ tests[{ "PolicyId" : "GWS.GMAIL.5.1v0.1",
#
# Baseline GWS.GMAIL.5.2v0.1
#--
-
-NonCompliantOUs5_2[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Attachment safety Enable: protect against attachments with scripts from untrusted senders", OU)
+NonCompliantOUs5_2 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "Attachment safety Enable: protect against attachments with scripts from untrusted senders"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -430,49 +464,62 @@ NonCompliantOUs5_2[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.2v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.2v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Attachment safety Enable: protect against attachments with scripts from untrusted senders", TopLevelOU)
+ SettingName := "Attachment safety Enable: protect against attachments with scripts from untrusted senders"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.2v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_2),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_2},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Attachment safety Enable: protect against attachments with scripts from untrusted senders", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.2v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_2),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_2},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "Attachment safety Enable: protect against attachments with scripts from untrusted senders"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs5_2) == 0
}
-#--
-EncryptedAttachmentSettingDetailsStr(LastEvent) = Description if {
+EncryptedAttachmentSettingDetailsStr(LastEvent) := Description if {
LastEvent.NewValue == "true"
- Description := concat("", ["Attachment protection for encrypted attachments from untrusted senders is enabled in ", LastEvent.OrgUnit])
+ Description := concat("", [
+ "Attachment protection for encrypted attachments from untrusted senders is ",
+ "enabled in ",
+ LastEvent.OrgUnit
+ ])
}
-EncryptedAttachmentSettingDetailsStr(LastEvent) = Description if {
+EncryptedAttachmentSettingDetailsStr(LastEvent) := Description if {
LastEvent.NewValue == "false"
- Description := concat("", ["Attachment protection for encrypted attachments from untrusted senders is not enabled in ", LastEvent.OrgUnit])
+ Description := concat("", [
+ "Attachment protection for encrypted attachments from untrusted senders is ",
+ "not enabled in ",
+ LastEvent.OrgUnit
+ ])
}
#--
#
# Baseline GWS.GMAIL.5.3v0.1
#--
-
-NonCompliantOUs5_3[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Attachment safety Enable: Protect against anomalous attachment types in emails", OU)
+NonCompliantOUs5_3 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -482,26 +529,32 @@ NonCompliantOUs5_3[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.3v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.3v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Attachment safety Enable: Protect against anomalous attachment types in emails", TopLevelOU)
+ SettingName := "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.3v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_3),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_3},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Attachment safety Enable: Protect against anomalous attachment types in emails", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.3v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_3),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_3},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "Attachment safety Enable: Protect against anomalous attachment types in emails"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs5_3) == 0
}
@@ -510,9 +563,8 @@ tests[{ "PolicyId" : "GWS.GMAIL.5.3v0.1",
#
# Baseline GWS.GMAIL.5.4v0.1
#--
-
-NonCompliantOUs5_4[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs5_4 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("Attachment safety Enable: automatically enables all future added settings", OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
@@ -523,25 +575,29 @@ NonCompliantOUs5_4[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.4v0.1",
- "Criticality": "Should",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.4v0.1",
+ "Criticality": "Should",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("Attachment safety Enable: automatically enables all future added settings", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.4v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_4),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_4},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.4v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_4),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_4},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("Attachment safety Enable: automatically enables all future added settings", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs5_4) == 0
@@ -551,7 +607,6 @@ tests[{ "PolicyId" : "GWS.GMAIL.5.4v0.1",
#
# Baseline GWS.GMAIL.5.5v0.1
#--
-
default NoSuchEvent5_5(_) := true
NoSuchEvent5_5(TopLevelOU) := false if {
@@ -572,8 +627,8 @@ NoSuchEvent5_5(TopLevelOU) := false if {
count(Events) != 0
}
-NonCompliantOUs5_5[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs5_5 contains OU if {
+ some OU in OUsWithEvents
Events_A := FilterEventsOU("Attachment safety Encrypted attachment protection setting action", OU)
count(Events_A) > 0
LastEvent_A := GetLastEvent(Events_A)
@@ -586,28 +641,35 @@ NonCompliantOUs5_5[OU] {
count(Events_C) > 0
LastEvent_C := GetLastEvent(Events_C)
- Conditions := [LastEvent_A.NewValue == "Show warning", LastEvent_B.NewValue == "Show warning", LastEvent_C.NewValue == "Show warning"]
- count([Condition | Condition = Conditions[_]; Condition == true]) > 0
+ true in [
+ LastEvent_A.NewValue == "Show warning",
+ LastEvent_B.NewValue == "Show warning",
+ LastEvent_C.NewValue == "Show warning"
+ ]
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.5v0.1",
- "Criticality": "Should",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event for the top-level OU in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.5v0.1",
+ "Criticality": "Should",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event for the top-level OU in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
NoSuchEvent5_5(TopLevelOU)
}
-tests[{ "PolicyId" : "GWS.GMAIL.5.5v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_5),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_5},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.5v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs5_5),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_5},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
not NoSuchEvent5_5(TopLevelOU)
Status := count(NonCompliantOUs5_5) == 0
}
@@ -616,28 +678,27 @@ tests[{ "PolicyId" : "GWS.GMAIL.5.5v0.1",
#
# Baseline GWS.GMAIL.5.6v0.1
#--
-#No implementation steps provided for this policy
-tests[{ "PolicyId" : "GWS.GMAIL.5.6v0.1",
- "Criticality" : "Should/Not-Implemented",
- "ReportDetails": "Currently not able to be tested automatically; please manually check.",
- "ActualValue": "",
- "RequirementMet": false,
- "NoSuchEvent": false}]{
- true
-}
+# No implementation steps provided for this policy
+tests contains {
+ "PolicyId": "GWS.GMAIL.5.6v0.1",
+ "Criticality": "Should/Not-Implemented",
+ "ReportDetails": "Currently not able to be tested automatically; please manually check.",
+ "ActualValue": "",
+ "RequirementMet": false,
+ "NoSuchEvent": false}
#--
-################
-# GWS.GMAIL.6 #
-################
+###############
+# GWS.GMAIL.6 #
+###############
#
# Baseline GWS.GMAIL.6.1v0.1
#--
-
-NonCompliantOUs6_1[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Links and external images safety Enable: identify links behind shortened URLs", OU)
+NonCompliantOUs6_1 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "Links and external images safety Enable: identify links behind shortened URLs"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -647,26 +708,32 @@ NonCompliantOUs6_1[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.6.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event for the top-level OU in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.6.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event for the top-level OU in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Links and external images safety Enable: identify links behind shortened URLs", TopLevelOU)
+ SettingName := "Links and external images safety Enable: identify links behind shortened URLs"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.6.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Links and external images safety Enable: identify links behind shortened URLs", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.6.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "Links and external images safety Enable: identify links behind shortened URLs"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs6_1) == 0
}
@@ -675,9 +742,8 @@ tests[{ "PolicyId" : "GWS.GMAIL.6.1v0.1",
#
# Baseline GWS.GMAIL.6.2v0.1
#--
-
-NonCompliantOUs6_2[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs6_2 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("Links and external images safety Enable: scan linked images", OU)
count(Events) > 0
LastEvent := GetLastEvent(Events)
@@ -685,25 +751,29 @@ NonCompliantOUs6_2[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.6.2v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event for the top-level OU in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.6.2v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event for the top-level OU in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("Links and external images safety Enable: scan linked images", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.6.2v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_2),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_2},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.6.2v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_2),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_2},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("Links and external images safety Enable: scan linked images", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs6_2) == 0
@@ -713,37 +783,51 @@ tests[{ "PolicyId" : "GWS.GMAIL.6.2v0.1",
#
# Baseline GWS.GMAIL.6.3v0.1
#--
-
-NonCompliantOUs6_3[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Links and external images safety Enable: show warning prompt for click on links to unstrusted domains", OU)
- # NOTE: "unstrusted" really is the spelling the API uses
+NonCompliantOUs6_3 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains" # NOTE: "unstrusted" really is the spelling the API uses
+ ])
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0
LastEvent := GetLastEvent(Events)
LastEvent.NewValue == "false"
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.6.3v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event for the top-level OU in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.6.3v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event for the top-level OU in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Links and external images safety Enable: show warning prompt for click on links to unstrusted domains", TopLevelOU)
+ SettingName := concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains" # NOTE: "unstrusted" really is the spelling the API uses
+ ])
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.6.3v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_3),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_3},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Links and external images safety Enable: show warning prompt for click on links to unstrusted domains", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.6.3v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_3),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_3},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := concat("", [
+ "Links and external images safety Enable: show warning prompt for click on links to ",
+ "unstrusted domains" # NOTE: "unstrusted" really is the spelling the API uses
+ ])
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs6_3) == 0
}
@@ -752,10 +836,10 @@ tests[{ "PolicyId" : "GWS.GMAIL.6.3v0.1",
#
# Baseline GWS.GMAIL.6.4v0.1
#--
-
-NonCompliantOUs6_4[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Links and external images safety Enable: automatically enables all future added settings", OU)
+NonCompliantOUs6_4 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "Links and external images safety Enable: automatically enables all future added settings"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -765,26 +849,32 @@ NonCompliantOUs6_4[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.6.4v0.1",
- "Criticality": "Should",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.6.4v0.1",
+ "Criticality": "Should",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Links and external images safety Enable: automatically enables all future added settings", TopLevelOU)
+ SettingName := "Links and external images safety Enable: automatically enables all future added settings"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.6.4v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_4),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_4},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Links and external images safety Enable: automatically enables all future added settings", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.6.4v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs6_4),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs6_4},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "Links and external images safety Enable: automatically enables all future added settings"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs6_4) == 0
}
@@ -793,53 +883,68 @@ tests[{ "PolicyId" : "GWS.GMAIL.6.4v0.1",
#
# Baseline GWS.GMAIL.6.5v0.1
#--
-#No implementation steps provided for this policy
-tests[{ "PolicyId" : "GWS.GMAIL.6.5v0.1",
- "Criticality" : "Should/Not-Implemented",
- "ReportDetails": "Currently not able to be tested automatically; please manually check.",
- "ActualValue": "",
- "RequirementMet": false,
- "NoSuchEvent": false}]{
- true
+# No implementation steps provided for this policy
+tests contains {
+ "PolicyId": "GWS.GMAIL.6.5v0.1",
+ "Criticality": "Should/Not-Implemented",
+ "ReportDetails": "Currently not able to be tested automatically; please manually check.",
+ "ActualValue": "",
+ "RequirementMet": false,
+ "NoSuchEvent": false
}
-################
-# GWS.GMAIL.7 #
-################
+###############
+# GWS.GMAIL.7 #
+###############
#
# Baseline GWS.GMAIL.7.1v0.1
#--
-
-NonCompliantOUs7_1[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names", OU)
+NonCompliantOUs7_1 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0
LastEvent := GetLastEvent(Events)
LastEvent.NewValue == "false"
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names", TopLevelOU)
+ SettingName := concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against domain spoofing using similar domain names", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := concat("", [
+ "Spoofing and authentication safety Enable: protect against domain spoofing using ",
+ "similar domain names"
+ ])
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs7_1) == 0
}
@@ -848,10 +953,10 @@ tests[{ "PolicyId" : "GWS.GMAIL.7.1v0.1",
#
# Baseline GWS.GMAIL.7.2v0.1
#--
-
-NonCompliantOUs7_2[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against spoofing of employee names", OU)
+NonCompliantOUs7_2 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -861,26 +966,32 @@ NonCompliantOUs7_2[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.2v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.2v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against spoofing of employee names", TopLevelOU)
+ SettingName := "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.2v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_2),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_2},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against spoofing of employee names", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.2v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_2),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_2},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "Spoofing and authentication safety Enable: protect against spoofing of employee names"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs7_2) == 0
}
@@ -889,10 +1000,10 @@ tests[{ "PolicyId" : "GWS.GMAIL.7.2v0.1",
#
# Baseline GWS.GMAIL.7.3v0.1
#--
-
-NonCompliantOUs7_3[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain", OU)
+NonCompliantOUs7_3 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -902,26 +1013,32 @@ NonCompliantOUs7_3[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.3v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.3v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain", TopLevelOU)
+ SettingName := "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.3v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_3),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_3},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.3v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_3),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_3},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "Spoofing and authentication safety Enable: protect against inbound emails spoofing your domain"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs7_3) == 0
}
@@ -930,10 +1047,10 @@ tests[{ "PolicyId" : "GWS.GMAIL.7.3v0.1",
#
# Baseline GWS.GMAIL.7.4v0.1
#--
-
-NonCompliantOUs7_4[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against any unauthenticated emails", OU)
+NonCompliantOUs7_4 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -943,26 +1060,32 @@ NonCompliantOUs7_4[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.4v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.4v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against any unauthenticated emails", TopLevelOU)
+ SettingName := "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.4v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_4),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_4},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect against any unauthenticated emails", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.4v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_4),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_4},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "Spoofing and authentication safety Enable: protect against any unauthenticated emails"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs7_4) == 0
}
@@ -972,9 +1095,13 @@ tests[{ "PolicyId" : "GWS.GMAIL.7.4v0.1",
# Baseline GWS.GMAIL.7.5v0.1
#--
-NonCompliantOUs7_5[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain", OU)
+NonCompliantOUs7_5 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -984,26 +1111,38 @@ NonCompliantOUs7_5[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.5v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.5v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain", TopLevelOU)
+ SettingName := concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.5v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_5),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_5},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("Spoofing and authentication safety Enable: protect your Groups from inbound emails spoofing your domain", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.5v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_5),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_5},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := concat("", [
+ "Spoofing and authentication safety Enable: protect your Groups from inbound emails ",
+ "spoofing your domain"
+ ])
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs7_5) == 0
}
@@ -1017,78 +1156,115 @@ default NoSuchEvent7_6(_) := true
NoSuchEvent7_6(TopLevelOU) := false if {
# No such event...
- Events := FilterEventsOU("Spoofing and authentication safety Protect against domain spoofing based on similar domain names action", TopLevelOU)
+ SettingName := concat("", [
+ "Spoofing and authentication safety Protect against domain spoofing based on similar ",
+ "domain names action"
+ ])
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) != 0
}
NoSuchEvent7_6(TopLevelOU) := false if {
# No such event...
- Events := FilterEventsOU("Spoofing and authentication safety Protect against spoofing of employee names action", TopLevelOU)
+ SettingName := "Spoofing and authentication safety Protect against spoofing of employee names action"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) != 0
}
NoSuchEvent7_6(TopLevelOU) := false if {
# No such event...
- Events := FilterEventsOU("Spoofing and authentication safety Protect against inbound emails spoofing your domain action", TopLevelOU)
+ SettingName := concat("", [
+ "Spoofing and authentication safety Protect against domain spoofing based on similar ",
+ "domain names action"
+ ])
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) != 0
}
NoSuchEvent7_6(TopLevelOU) := false if {
# No such event...
- Events := FilterEventsOU("Spoofing and authentication safety Protect against any unauthenticated emails action", TopLevelOU)
+ SettingName := "Spoofing and authentication safety Protect against any unauthenticated emails action"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) != 0
}
NoSuchEvent7_6(TopLevelOU) := false if {
# No such event...
- Events := FilterEventsOU("Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain action", TopLevelOU)
+ SettingName := concat("", [
+ "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ",
+ "your domain action"
+ ])
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) != 0
}
-NonCompliantOUs7_6[OU] {
- OU := OUsWithEvents[_]
- Events_A := FilterEventsOU("Spoofing and authentication safety Protect against domain spoofing based on similar domain names action", OU)
- count(Events_A) > 0
- LastEvent_A := GetLastEvent(Events_A)
-
- Events_B := FilterEventsOU("Spoofing and authentication safety Protect against spoofing of employee names action", OU)
- count(Events_B) > 0
- LastEvent_B := GetLastEvent(Events_B)
-
- Events_C := FilterEventsOU("Spoofing and authentication safety Protect against inbound emails spoofing your domain action", OU)
- count(Events_C) > 0
- LastEvent_C := GetLastEvent(Events_C)
-
- Events_D := FilterEventsOU("Spoofing and authentication safety Protect against any unauthenticated emails action", OU)
- count(Events_D) > 0
- LastEvent_D := GetLastEvent(Events_D)
-
- Events_E := FilterEventsOU("Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain action", OU)
- count(Events_E) > 0
- LastEvent_E := GetLastEvent(Events_E)
+NonCompliantOUs7_6 contains OU if {
+ some OU in OUsWithEvents
+
+ SettingA := concat("", [
+ "Spoofing and authentication safety Protect against domain spoofing based on ",
+ "similar domain names action"
+ ])
+ EventsA := FilterEventsOU(SettingA, OU)
+ count(EventsA) > 0
+ LastEventA := GetLastEvent(EventsA)
+
+ SettingB := "Spoofing and authentication safety Protect against spoofing of employee names action"
+ EventsB := FilterEventsOU(SettingB, OU)
+ count(EventsB) > 0
+ LastEventB := GetLastEvent(EventsB)
+
+ SettingC := "Spoofing and authentication safety Protect against inbound emails spoofing your domain action"
+ EventsC := FilterEventsOU(SettingC, OU)
+ count(EventsC) > 0
+ LastEventC := GetLastEvent(EventsC)
+
+ SettingD := "Spoofing and authentication safety Protect against any unauthenticated emails action"
+ EventsD := FilterEventsOU(SettingD, OU)
+ count(EventsD) > 0
+ LastEventD := GetLastEvent(EventsD)
+
+ SettingE := concat("", [
+ "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ",
+ "your domain action"
+ ])
+ EventsE := FilterEventsOU(SettingE, OU)
+ count(EventsE) > 0
+ LastEventE := GetLastEvent(EventsE)
+
+ # OU is non-compliant if any of the following are true
+ true in [
+ LastEventA.NewValue == "Show warning",
+ LastEventB.NewValue == "Show warning",
+ LastEventC.NewValue == "Show warning",
+ LastEventD.NewValue == "Show warning",
+ LastEventD.NewValue == "No action",
+ LastEventE.NewValue == "Show warning"
+ ]
+}
- Conditions := [LastEvent_A.NewValue == "Show warning", LastEvent_B.NewValue == "Show warning", LastEvent_C.NewValue == "Show warning",
- LastEvent_D.NewValue == "Show warning", LastEvent_D.NewValue == "No action", LastEvent_E.NewValue == "Show warning"]
- count([Condition | Condition = Conditions[_]; Condition == true]) > 0
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.6v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event for the top-level OU in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.6v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event for the top-level OU in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
NoSuchEvent7_6(TopLevelOU)
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.6v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_6),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_6},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.6v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_6),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_6},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
not NoSuchEvent7_6(TopLevelOU)
Status := count(NonCompliantOUs7_6) == 0
}
@@ -1098,9 +1274,10 @@ tests[{ "PolicyId" : "GWS.GMAIL.7.6v0.1",
# Baseline GWS.GMAIL.7.7v0.1
#--
-NonCompliantOUs7_7[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("Spoofing and authentication safety Enable: automatically enables all future added settings", OU)
+NonCompliantOUs7_7 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "Spoofing and authentication safety Enable: automatically enables all future added settings"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -1110,25 +1287,32 @@ NonCompliantOUs7_7[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.7v0.1",
- "Criticality": "Should",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": false,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.7v0.1",
+ "Criticality": "Should",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": false,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEvents("Spoofing and authentication safety Enable: automatically enables all future added settings")
+ SettingName := "Spoofing and authentication safety Enable: automatically enables all future added settings"
+ Events := FilterEvents(SettingName)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.7.7v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_7),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_7},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- Events := FilterEvents("Spoofing and authentication safety Enable: automatically enables all future added settings")
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.7v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs7_7),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs7_7},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "Spoofing and authentication safety Enable: automatically enables all future added settings"
+ Events := FilterEvents(SettingName)
count(Events) > 0
Status := count(NonCompliantOUs7_7) == 0
}
@@ -1137,28 +1321,27 @@ tests[{ "PolicyId" : "GWS.GMAIL.7.7v0.1",
#
# Baseline GWS.GMAIL.7.8v0.1
#--
-#No implementation steps provided for this policy
-tests[{ "PolicyId" : "GWS.GMAIL.7.8v0.1",
- "Criticality" : "Should/Not-Implemented",
- "ReportDetails": "Currently not able to be tested automatically; please manually check.",
- "ActualValue": "",
- "RequirementMet": false,
- "NoSuchEvent": false}]{
- true
+# No implementation steps provided for this policy
+tests contains {
+ "PolicyId": "GWS.GMAIL.7.8v0.1",
+ "Criticality": "Should/Not-Implemented",
+ "ReportDetails": "Currently not able to be tested automatically; please manually check.",
+ "ActualValue": "",
+ "RequirementMet": false,
+ "NoSuchEvent": false
}
#--
-################
-# GWS.GMAIL.8 #
-################
+###############
+# GWS.GMAIL.8 #
+###############
#
# Baseline GWS.GMAIL.8.1v0.1
#--
-
-NonCompliantOUs8_1[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs8_1 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("ENABLE_EMAIL_USER_IMPORT", OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
@@ -1168,41 +1351,44 @@ NonCompliantOUs8_1[OU] {
LastEvent.NewValue == "true"
}
-tests[{ "PolicyId" : "GWS.GMAIL.8.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.8.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("ENABLE_EMAIL_USER_IMPORT", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.8.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs8_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs8_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.8.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs8_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs8_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("ENABLE_EMAIL_USER_IMPORT", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs8_1) == 0
}
#--
-################
-# GWS.GMAIL.9 #
-################
+###############
+# GWS.GMAIL.9 #
+###############
#
# Baseline GWS.GMAIL.9.1v0.1
#--
-
-NonCompliantOUs9_1[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs9_1 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("IMAP_ACCESS", OU)
count(Events) > 0
LastEvent := GetLastEvent(Events)
@@ -1210,25 +1396,29 @@ NonCompliantOUs9_1[OU] {
LastEvent.NewValue != "INHERIT_FROM_PARENT"
}
-tests[{ "PolicyId" : "GWS.GMAIL.9.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.9.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("IMAP_ACCESS", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.9.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.9.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("IMAP_ACCESS", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs9_1) == 0
@@ -1238,9 +1428,8 @@ tests[{ "PolicyId" : "GWS.GMAIL.9.1v0.1",
#
# Baseline GWS.GMAIL.9.2v0.1
#--
-
-NonCompliantOUs9_2[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs9_2 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("ENABLE_POP_ACCESS", OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
@@ -1251,25 +1440,29 @@ NonCompliantOUs9_2[OU] {
LastEvent.NewValue != "INHERIT_FROM_PARENT"
}
-tests[{ "PolicyId" : "GWS.GMAIL.9.2v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.9.2v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("ENABLE_POP_ACCESS", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.9.2v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_2),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_2},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.9.2v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs9_2),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_2},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("ENABLE_POP_ACCESS", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs9_2) == 0
@@ -1278,15 +1471,14 @@ tests[{ "PolicyId" : "GWS.GMAIL.9.2v0.1",
################
-# GWS.GMAIL.10 #
+# GWS.GMAIL.10 #
################
#
# Baseline GWS.GMAIL.10.1v0.1
#--
-
-NonCompliantOUs10_1[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs10_1 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("ENABLE_OUTLOOK_SYNC", OU)
count(Events) > 0
LastEvent := GetLastEvent(Events)
@@ -1294,25 +1486,29 @@ NonCompliantOUs10_1[OU] {
LastEvent.NewValue != "INHERIT_FROM_PARENT"
}
-tests[{ "PolicyId" : "GWS.GMAIL.10.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.10.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("ENABLE_OUTLOOK_SYNC", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.10.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs10_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs10_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.10.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs10_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs10_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("ENABLE_OUTLOOK_SYNC", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs10_1) == 0
@@ -1321,15 +1517,15 @@ tests[{ "PolicyId" : "GWS.GMAIL.10.1v0.1",
################
-# GWS.GMAIL.11 #
+# GWS.GMAIL.11 #
################
#
# Baseline GWS.GMAIL.11.1v0.1
#--
-NonCompliantOUs11_1[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs11_1 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("ENABLE_EMAIL_AUTOFORWARDING", OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
@@ -1340,25 +1536,29 @@ NonCompliantOUs11_1[OU] {
LastEvent.NewValue != "INHERIT_FROM_PARENT"
}
-tests[{ "PolicyId" : "GWS.GMAIL.11.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.11.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("ENABLE_EMAIL_AUTOFORWARDING", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.11.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs11_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs11_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.11.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs11_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs11_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("ENABLE_EMAIL_AUTOFORWARDING", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs11_1) == 0
@@ -1367,15 +1567,14 @@ tests[{ "PolicyId" : "GWS.GMAIL.11.1v0.1",
################
-# GWS.GMAIL.12 #
+# GWS.GMAIL.12 #
################
#
# Baseline GWS.GMAIL.12.1v0.1
#--
-
-NonCompliantOUs12_1[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs12_1 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
@@ -1385,25 +1584,29 @@ NonCompliantOUs12_1[OU] {
LastEvent.NewValue != "1"
}
-tests[{ "PolicyId" : "GWS.GMAIL.12.1v0.1",
- "Criticality": "Should",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.12.1v0.1",
+ "Criticality": "Should",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.12.1v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs12_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs12_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.12.1v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs12_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs12_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("NUMBER_OF_EMAIL_IMAGE_URL_WHITELIST_PATTERNS", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs12_1) == 0
@@ -1412,15 +1615,14 @@ tests[{ "PolicyId" : "GWS.GMAIL.12.1v0.1",
################
-# GWS.GMAIL.13 #
+# GWS.GMAIL.13 #
################
#
# Baseline GWS.GMAIL.13.1v0.1
#--
-
-NonCompliantOUs13_1[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs13_1 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("OUTBOUND_RELAY_ENABLED", OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
@@ -1430,25 +1632,29 @@ NonCompliantOUs13_1[OU] {
LastEvent.NewValue == "true"
}
-tests[{ "PolicyId" : "GWS.GMAIL.13.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.13.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("OUTBOUND_RELAY_ENABLED", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.13.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs13_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs13_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.13.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs13_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs13_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("OUTBOUND_RELAY_ENABLED", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs13_1) == 0
@@ -1457,15 +1663,14 @@ tests[{ "PolicyId" : "GWS.GMAIL.13.1v0.1",
################
-# GWS.GMAIL.14 #
+# GWS.GMAIL.14 #
################
#
# Baseline GWS.GMAIL.14.1v0.1
#--
-
-NonCompliantOUs14_1[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs14_1 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("OutOfDomainWarningProto disable_untrusted_recipient_warning", OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
@@ -1476,25 +1681,29 @@ NonCompliantOUs14_1[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.14.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.14.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("OutOfDomainWarningProto disable_untrusted_recipient_warning", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.14.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs14_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs14_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.14.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs14_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs14_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("OutOfDomainWarningProto disable_untrusted_recipient_warning", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs14_1) == 0
@@ -1503,39 +1712,56 @@ tests[{ "PolicyId" : "GWS.GMAIL.14.1v0.1",
################
-# GWS.GMAIL.15 #
+# GWS.GMAIL.15 #
################
#
# Baseline GWS.GMAIL.15.1v0.1
#--
-
-EmailAllowlistSettingDetailsStr(LastEvent) = Description if {
+EmailAllowlistSettingDetailsStr(LastEvent) := Description if {
LastEvent.NewValue != "[]"
- Description := concat("", ["Email allowlists are enabled in ", LastEvent.DomainName, "."])
+ Description := concat("", [
+ "Email allowlists are enabled in ",
+ LastEvent.DomainName,
+ "."
+ ])
}
-EmailAllowlistSettingDetailsStr(LastEvent) = Description if {
+EmailAllowlistSettingDetailsStr(LastEvent) := Description if {
LastEvent.NewValue == "[]"
- Description := concat("", ["Email allowlists are not enabled in ", LastEvent.DomainName, "."])
-}
-
-tests[{ "PolicyId" : "GWS.GMAIL.15.1v0.1",
- "Criticality": "Should",
- "ReportDetails": "Email Allowlist is set to default value.",
- "ActualValue": {"EMAIL_SPAM_ALLOWLIST": "--No setting change found in logs, the default value is likely still active--"},
- "RequirementMet": false,
- "NoSuchEvent": true}] {
+ Description := concat("", [
+ "Email allowlists are not enabled in ",
+ LastEvent.DomainName,
+ "."
+ ])
+}
+
+tests contains {
+ "PolicyId": "GWS.GMAIL.15.1v0.1",
+ "Criticality": "Should",
+ "ReportDetails": concat("", [
+ "No relevant event in the current logs. ",
+ "While we are unable to determine the state from the logs, ",
+ "the default setting is non-compliant; manual check recommended."
+ ]),
+ "ActualValue": {"EMAIL_SPAM_ALLOWLIST": "No relevant event in the current logs"},
+ "RequirementMet": false,
+ "NoSuchEvent": true
+}
+if {
Events := FilterEventsDomain("EMAIL_SPAM_ALLOWLIST")
- count(Events) == 0 # If no events were logged, then the default value is still active
+ count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.15.1v0.1",
- "Criticality": "Should",
- "ReportDetails": EmailAllowlistSettingDetailsStr(LastEvent),
- "ActualValue": {LastEvent.Setting: LastEvent.NewValue},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.15.1v0.1",
+ "Criticality": "Should",
+ "ReportDetails": EmailAllowlistSettingDetailsStr(LastEvent),
+ "ActualValue": {LastEvent.Setting: LastEvent.NewValue},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsDomain("EMAIL_SPAM_ALLOWLIST")
count(Events) > 0
LastEvent := GetLastEvent(Events)
@@ -1545,16 +1771,16 @@ tests[{ "PolicyId" : "GWS.GMAIL.15.1v0.1",
################
-# GWS.GMAIL.16 #
+# GWS.GMAIL.16 #
################
#
# Baseline GWS.GMAIL.16.1v0.1
#--
-
-NonCompliantOUs16_1[OU] {
- OU := OUsWithEvents[_]
- Events := FilterEventsOU("DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email", OU)
+NonCompliantOUs16_1 contains OU if {
+ some OU in OUsWithEvents
+ SettingName := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ Events := FilterEventsOU(SettingName, OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
# other OUs we assume they inherit from a parent OU if they have
@@ -1564,26 +1790,32 @@ NonCompliantOUs16_1[OU] {
LastEvent.NewValue != "DELETE_APPLICATION_SETTING"
}
-tests[{ "PolicyId" : "GWS.GMAIL.16.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.16.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email", TopLevelOU)
+ SettingName := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.16.1v0.1",
- "Criticality": "Shall",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs16_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs16_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
- Events := FilterEventsOU("DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email", TopLevelOU)
+tests contains {
+ "PolicyId": "GWS.GMAIL.16.1v0.1",
+ "Criticality": "Shall",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs16_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs16_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
+ SettingName := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email"
+ Events := FilterEventsOU(SettingName, TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs16_1) == 0
}
@@ -1591,15 +1823,14 @@ tests[{ "PolicyId" : "GWS.GMAIL.16.1v0.1",
################
-# GWS.GMAIL.17 #
+# GWS.GMAIL.17 #
################
#
# Baseline GWS.GMAIL.17.1v0.1
#--
-
-NonCompliantOUs17_1[OU] {
- OU := OUsWithEvents[_]
+NonCompliantOUs17_1 contains OU if {
+ some OU in OUsWithEvents
Events := FilterEventsOU("AttachmentDeepScanningSettingsProto deep_scanning_enabled", OU)
count(Events) > 0 # Ignore OUs without any events. We're already
# asserting that the top-level OU has at least one event; for all
@@ -1611,25 +1842,29 @@ NonCompliantOUs17_1[OU] {
}
-tests[{ "PolicyId" : "GWS.GMAIL.17.1v0.1",
- "Criticality": "Should",
- "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
- "ActualValue": "No relevant event in the current logs",
- "RequirementMet": DefaultSafe,
- "NoSuchEvent": true}] {
+tests contains {
+ "PolicyId": "GWS.GMAIL.17.1v0.1",
+ "Criticality": "Should",
+ "ReportDetails": NoSuchEventDetails(DefaultSafe, TopLevelOU),
+ "ActualValue": "No relevant event in the current logs",
+ "RequirementMet": DefaultSafe,
+ "NoSuchEvent": true
+}
+if {
DefaultSafe := false
- TopLevelOU := GetTopLevelOU()
Events := FilterEventsOU("AttachmentDeepScanningSettingsProto deep_scanning_enabled", TopLevelOU)
count(Events) == 0
}
-tests[{ "PolicyId" : "GWS.GMAIL.17.1v0.1",
- "Criticality": "Should",
- "ReportDetails": ReportDetailsOUs(NonCompliantOUs17_1),
- "ActualValue": {"NonCompliantOUs": NonCompliantOUs17_1},
- "RequirementMet": Status,
- "NoSuchEvent": false}] {
- TopLevelOU := GetTopLevelOU()
+tests contains {
+ "PolicyId": "GWS.GMAIL.17.1v0.1",
+ "Criticality": "Should",
+ "ReportDetails": ReportDetailsOUs(NonCompliantOUs17_1),
+ "ActualValue": {"NonCompliantOUs": NonCompliantOUs17_1},
+ "RequirementMet": Status,
+ "NoSuchEvent": false
+}
+if {
Events := FilterEventsOU("AttachmentDeepScanningSettingsProto deep_scanning_enabled", TopLevelOU)
count(Events) > 0
Status := count(NonCompliantOUs17_1) == 0
@@ -1638,120 +1873,120 @@ tests[{ "PolicyId" : "GWS.GMAIL.17.1v0.1",
################
-# GWS.GMAIL.18 #
+# GWS.GMAIL.18 #
################
#
# Baseline GWS.GMAIL.18.1v0.1
#--
-# At this time we are unable to test because settings are configured in the GWS Admin Console and not available within the generated logs
-
-tests[{ "PolicyId" : "GWS.GMAIL.18.1v0.1",
- "Criticality" : "Should/Not-Implemented",
- "ReportDetails": "Currently not able to be tested automatically; please manually check.",
- "ActualValue": "",
- "RequirementMet": false,
- "NoSuchEvent": false}]{
- true
+# At this time we are unable to test because settings are configured in the GWS Admin Console
+# and not available within the generated logs
+tests contains {
+ "PolicyId": "GWS.GMAIL.18.1v0.1",
+ "Criticality": "Should/Not-Implemented",
+ "ReportDetails": "Currently not able to be tested automatically; please manually check.",
+ "ActualValue": "",
+ "RequirementMet": false,
+ "NoSuchEvent": false
}
#--
################
-# GWS.GMAIL.19 #
+# GWS.GMAIL.19 #
################
#
# Baseline GWS.GMAIL.19.1v0.1
#--
-# At this time we are unable to test because settings are configured in the GWS Admin Console and not available within the generated logs
-
-tests[{ "PolicyId" : "GWS.GMAIL.19.1v0.1",
- "Criticality" : "Should/Not-Implemented",
- "ReportDetails": "Currently not able to be tested automatically; please manually check.",
- "ActualValue": "",
- "RequirementMet": false,
- "NoSuchEvent": false}]{
- true
+# At this time we are unable to test because settings are configured in the GWS Admin Console
+# and not available within the generated logs
+tests contains {
+ "PolicyId": "GWS.GMAIL.19.1v0.1",
+ "Criticality": "Should/Not-Implemented",
+ "ReportDetails": "Currently not able to be tested automatically; please manually check.",
+ "ActualValue": "",
+ "RequirementMet": false,
+ "NoSuchEvent": false
}
#--
################
-# GWS.GMAIL.20 #
+# GWS.GMAIL.20 #
################
#
# Baseline GWS.GMAIL.20.1v0.1
#--
-# At this time we are unable to test because settings are configured in the GWS Admin Console and not available within the generated logs
-
-tests[{ "PolicyId" : "GWS.GMAIL.20.1v0.1",
- "Criticality" : "Should/Not-Implemented",
- "ReportDetails": "Currently not able to be tested automatically; please manually check.",
- "ActualValue": "",
- "RequirementMet": false,
- "NoSuchEvent": false}]{
- true
+# At this time we are unable to test because settings are configured in the GWS Admin Console
+# and not available within the generated logs
+tests contains {
+ "PolicyId": "GWS.GMAIL.20.1v0.1",
+ "Criticality": "Should/Not-Implemented",
+ "ReportDetails": "Currently not able to be tested automatically; please manually check.",
+ "ActualValue": "",
+ "RequirementMet": false,
+ "NoSuchEvent": false
}
#--
################
-# GWS.GMAIL.21 #
+# GWS.GMAIL.21 #
################
#
# Baseline GWS.GMAIL.21.1v0.1
#--
-# At this time we are unable to test because settings are configured in the GWS Admin Console and not available within the generated logs
-
-tests[{ "PolicyId" : "GWS.GMAIL.21.1v0.1",
- "Criticality" : "Should/Not-Implemented",
- "ReportDetails": "Currently not able to be tested automatically; please manually check.",
- "ActualValue": "",
- "RequirementMet": false,
- "NoSuchEvent": false}]{
- true
+# At this time we are unable to test because settings are configured in the GWS Admin Console
+# and not available within the generated logs
+tests contains {
+ "PolicyId": "GWS.GMAIL.21.1v0.1",
+ "Criticality": "Should/Not-Implemented",
+ "ReportDetails": "Currently not able to be tested automatically; please manually check.",
+ "ActualValue": "",
+ "RequirementMet": false,
+ "NoSuchEvent": false
}
#--
################
-# GWS.GMAIL.22 #
+# GWS.GMAIL.22 #
################
#
# Baseline GWS.GMAIL.22.1v0.1
#--
-# At this time we are unable to test because settings are configured in the GWS Admin Console and not available within the generated logs
-
-tests[{ "PolicyId" : "GWS.GMAIL.22.1v0.1",
- "Criticality" : "Should/Not-Implemented",
- "ReportDetails": "Currently not able to be tested automatically; please manually check.",
- "ActualValue": "",
- "RequirementMet": false,
- "NoSuchEvent": false}]{
- true
+# At this time we are unable to test because settings are configured in the GWS Admin Console
+# and not available within the generated logs
+tests contains {
+ "PolicyId": "GWS.GMAIL.22.1v0.1",
+ "Criticality": "Should/Not-Implemented",
+ "ReportDetails": "Currently not able to be tested automatically; please manually check.",
+ "ActualValue": "",
+ "RequirementMet": false,
+ "NoSuchEvent": false
}
#--
################
-# GWS.GMAIL.23 #
+# GWS.GMAIL.23 #
################
#
# Baseline GWS.GMAIL.23.1v0.1
#--
-# At this time we are unable to test because settings are configured in the GWS Admin Console and not available within the generated logs
-
-tests[{ "PolicyId" : "GWS.GMAIL.23.1v0.1",
- "Criticality" : "Should/Not-Implemented",
- "ReportDetails": "Currently not able to be tested automatically; please manually check.",
- "ActualValue": "",
- "RequirementMet": false,
- "NoSuchEvent": false}]{
- true
+# At this time we are unable to test because settings are configured in the GWS Admin Console
+# and not available within the generated logs
+tests contains {
+ "PolicyId": "GWS.GMAIL.23.1v0.1",
+ "Criticality": "Should/Not-Implemented",
+ "ReportDetails": "Currently not able to be tested automatically; please manually check.",
+ "ActualValue": "",
+ "RequirementMet": false,
+ "NoSuchEvent": false
}
#--
\ No newline at end of file