Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor Gmail Rego #118

Merged
merged 10 commits into from
Dec 22, 2023
Merged

Refactor Gmail Rego #118

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
9f5a724
Changed to rule contains if syntax
adhilto Dec 19, 2023
19dec56
change to some in syntax
adhilto Dec 20, 2023
1b54b8f
changed = to :=
adhilto Dec 20, 2023
d9906ea
Refactor long lines
adhilto Dec 20, 2023
9a664c0
Remove trailing whitespace
adhilto Dec 20, 2023
db7e43d
Refactor GetTopLevelOU()
adhilto Dec 20, 2023
cf6733f
Changed lists to sets where possible
adhilto Dec 20, 2023
70db70d
Refactor and/or statements
adhilto Dec 20, 2023
da78251
Refactor long lines and 'some in' syntax in gmail test cases
adhilto Dec 20, 2023
3b5895e
Add missing if
adhilto Dec 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 13 additions & 9 deletions Testing/RegoTests/gmail/gmail01_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ test_MailDelegation_Correct_V1 if {
}
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand Down Expand Up @@ -64,7 +64,7 @@ test_MailDelegation_Correct_V2 if {
}
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand Down Expand Up @@ -102,7 +102,7 @@ test_MailDelegation_Correct_V3 if {
}
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand Down Expand Up @@ -130,11 +130,15 @@ test_MailDelegation_Incorrect_V1 if {
}
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == "No relevant event in the current logs for the top-level OU, Test Top-Level OU. While we are unable to determine the state from the logs, the default setting is compliant; manual check recommended."
RuleOutput[0].ReportDetails == concat("", [
"No relevant event in the current logs for the top-level OU, Test Top-Level OU. ",
"While we are unable to determine the state from the logs, the default setting ",
"is compliant; manual check recommended."
])
}

test_MailDelegation_Incorrect_V2 if {
Expand All @@ -158,7 +162,7 @@ test_MailDelegation_Incorrect_V2 if {
}
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand Down Expand Up @@ -196,7 +200,7 @@ test_MailDelegation_Incorrect_V3 if {
},
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand Down Expand Up @@ -224,7 +228,7 @@ test_MailDelegation_Incorrect_V4 if {
}
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand Down Expand Up @@ -262,7 +266,7 @@ test_MailDelegation_Incorrect_V5 if {
},
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand Down
14 changes: 7 additions & 7 deletions Testing/RegoTests/gmail/gmail02_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@ test_DKIM_Correct_V1 if {
"dkim_records": [
{
"domain": "test.name",
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt"]
}
]
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand All @@ -31,7 +31,7 @@ test_DKIM_Correct_V2 if {
"dkim_records": [
{
"domain": "test1.name",
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt"]
},
{
"domain": "test2.name",
Expand All @@ -40,7 +40,7 @@ test_DKIM_Correct_V2 if {
]
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand All @@ -54,7 +54,7 @@ test_DKIM_Incorrect_V1 if {
"dkim_records": [
{
"domain": "test1.name",
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt"]
},
{
"domain": "test2.name",
Expand All @@ -63,7 +63,7 @@ test_DKIM_Incorrect_V1 if {
]
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand All @@ -82,7 +82,7 @@ test_DKIM_Incorrect_V2 if {
]
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand Down
16 changes: 8 additions & 8 deletions Testing/RegoTests/gmail/gmail03_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ test_SPF_Correct_V1 if {
"dkim_records": [
{
"domain": "test.name",
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+"]
}
],
"spf_records": [
Expand All @@ -23,7 +23,7 @@ test_SPF_Correct_V1 if {
]
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand All @@ -37,7 +37,7 @@ test_SPF_Correct_V2 if {
"dkim_records": [
{
"domain": "test1.name",
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+"]
},
{
"domain": "test2.name",
Expand All @@ -56,7 +56,7 @@ test_SPF_Correct_V2 if {
]
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand All @@ -70,7 +70,7 @@ test_SPF_Incorrect_V1 if {
"dkim_records": [
{
"domain": "test1.name",
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+"]
},
{
"domain": "test2.name",
Expand All @@ -89,7 +89,7 @@ test_SPF_Incorrect_V1 if {
]
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand All @@ -103,7 +103,7 @@ test_SPF_Incorrect_V2 if {
"dkim_records": [
{
"domain": "test.name",
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+zvQhTXhT7V2QTnhPGlVXotXxL4VscG5cSnWus8rS4itN9ItxtzompUVRZ14b6hO1C+pxYAcl8Zaj6wsjE2vmEAmLHeXjj9EHMzrhfay2A02MJHReszokyLKBm+OZ7F4SNWP4SCazXkouOeATNrcIPUZxBV769ewx6ClumvOeHA\" \"qC77VxJieBg+7LaORrm23DMtWqdkMUWB/wmfCHO333/u6bY21eCMgiP/f+jSiylKDdY5kERpRU0NiIxlTGUhqROJESnxNUTqbK69CTAOYR6qhwJeT4OCsuE1zu6gxANmZMClIMiM2SuntXwNswb4QIDAQAB"]
"rdata": ["v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaknWsKvtbTLAxtWSF5sDt+"]
}
],
"spf_records": [
Expand All @@ -114,7 +114,7 @@ test_SPF_Incorrect_V2 if {
]
}

RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
Expand Down
Loading