From dedc60afd1e94a30e103a5349d48ba692658a51f Mon Sep 17 00:00:00 2001 From: Roy Lane Date: Fri, 3 Jan 2025 13:29:46 -0500 Subject: [PATCH] gmail rego: remove log event implementation for 1.1, 5.1 - 5.5, 6.1 - 6.4, 7.1 - 7.7, 8.1, 9.1, 10.1, 11.1, 12.1, 14.1, & 15.1 --- .../Testing/RegoTests/gmail/gmail01_test.rego | 250 -- .../Testing/RegoTests/gmail/gmail05_test.rego | 1283 --------- .../Testing/RegoTests/gmail/gmail06_test.rego | 1182 -------- .../Testing/RegoTests/gmail/gmail07_test.rego | 2448 ----------------- .../Testing/RegoTests/gmail/gmail08_test.rego | 250 -- .../Testing/RegoTests/gmail/gmail09_test.rego | 172 -- .../Testing/RegoTests/gmail/gmail10_test.rego | 281 -- .../Testing/RegoTests/gmail/gmail11_test.rego | 286 -- .../Testing/RegoTests/gmail/gmail12_test.rego | 250 -- .../Testing/RegoTests/gmail/gmail14_test.rego | 161 -- .../Testing/RegoTests/gmail/gmail15_test.rego | 321 --- .../RegoTests/gmail/gmail_api14_test.rego | 5 +- scubagoggles/rego/Gmail.rego | 1147 +------- 13 files changed, 17 insertions(+), 8019 deletions(-) delete mode 100644 scubagoggles/Testing/RegoTests/gmail/gmail01_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/gmail/gmail05_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/gmail/gmail06_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/gmail/gmail07_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/gmail/gmail08_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/gmail/gmail09_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/gmail/gmail11_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/gmail/gmail12_test.rego delete mode 100644 scubagoggles/Testing/RegoTests/gmail/gmail14_test.rego diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail01_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail01_test.rego deleted file mode 100644 index 5821a148..00000000 --- a/scubagoggles/Testing/RegoTests/gmail/gmail01_test.rego +++ /dev/null @@ -1,250 +0,0 @@ -package gmail - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.GMAIL.1.1 -#-- -test_MailDelegation_Correct_V1 if { - # Test mail delegation when there's only one event - PolicyId := GmailId1_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_MailDelegation_Correct_V2 if { - # Test mail delegation when there's multiple events and the most recent is correct - PolicyId := GmailId1_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_MailDelegation_Correct_V3 if { - # Test mail delegation when there's correct events in multiple OUs - PolicyId := GmailId1_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_MailDelegation_Incorrect_V1 if { - # Test mail delegation when there are no relevant events - PolicyId := GmailId1_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_MailDelegation_Incorrect_V2 if { - # Test mail delegation when there's only one event and it's wrong - PolicyId := GmailId1_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_MailDelegation_Incorrect_V3 if { - # Test mail delegation when there are multiple events and the most recent is wrong - PolicyId := GmailId1_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage1_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_MailDelegation_Incorrect_V4 if { - # Test mail delegation when there's only one event and it's wrong - PolicyId := GmailId1_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage1_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_MailDelegation_Incorrect_V5 if { - # Test mail delegation when there are multiple events and the most recent is wrong - PolicyId := GmailId1_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage1_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail05_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail05_test.rego deleted file mode 100644 index 45d3366b..00000000 --- a/scubagoggles/Testing/RegoTests/gmail/gmail05_test.rego +++ /dev/null @@ -1,1283 +0,0 @@ -package gmail - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.GMAIL.5.1 -#-- - -test_Encrypted_Correct_V1 if { - # Test inheritance - PolicyId := GmailId5_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2020-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Second OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - }, - {"name": "ORG_UNIT_NAME", "value": "Second OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - - -test_Encrypted_Incorrect_V1 if { - # Test Attachment Protections when there's only one event and it's wrong - PolicyId := GmailId5_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage5_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_Encrypted_Incorrect_V2 if { - # Test Attachment Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId5_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -# -# GWS.GMAIL.5.2 -#-- -test_Scripts_Correct_V1 if { - # Test Attachment Protections when there's only one event - PolicyId := GmailId5_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_Scripts_Correct_V2 if { - # Test Attachment Protections when there's multiple events and the most recent is correct - PolicyId := GmailId5_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_Scripts_Correct_V3 if { - # Test Attachment Protections when there's correct events in multiple OUs - PolicyId := GmailId5_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_Scripts_Incorrect_V1 if { - # Test Attachment Protections when there are no relevant events - PolicyId := GmailId5_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_Scripts_Incorrect_V2 if { - # Test Attachment Protections when there's only one event and it's wrong - PolicyId := GmailId5_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_2("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_Scripts_Incorrect_V3 if { - # Test Attachment Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId5_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Attachment safety Enable: protect against attachments with scripts from untrusted ", - "senders" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_2("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -# -# GWS.GMAIL.5.3 -#-- -test_AttachmentProtectionAnomalousAttachment_Correct_V1 if { - # Test Attachment Protections when there's only one event - PolicyId := GmailId5_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AttachmentProtectionAnomalousAttachment_Correct_V2 if { - # Test Attachment Protections when there's multiple events and the most recent is correct - PolicyId := GmailId5_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AttachmentProtectionAnomalousAttachment_Correct_V3 if { - # Test Attachment Protections when there's correct events in multiple OUs - PolicyId := GmailId5_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AttachmentProtectionAnomalousAttachment_Correct_V4 if { - # Test Attachment Protections when there's correct events in multiple OUs - PolicyId := GmailId5_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AttachmentProtectionAnomalousAttachment_Incorrect_V1 if { - # Test Attachment Protections when there are no relevant events - PolicyId := GmailId5_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_AttachmentProtectionAnomalousAttachment_Incorrect_V2 if { - # Test Attachment Protections when there's only one event and it's wrong - PolicyId := GmailId5_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AttachmentProtectionAnomalousAttachment_Incorrect_V3 if { - # Test Attachment Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId5_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AttachmentProtectionAnomalousAttachment_Incorrect_V4 if { - # Test Attachment Protections when there's only one event and it's wrong - PolicyId := GmailId5_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage5_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AttachmentProtectionAnomalousAttachment_Incorrect_V5 if { - # Test Attachment Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId5_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: Protect against anomalous attachment types in emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage5_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - - -# -# GWS.GMAIL.5.4 -#-- -test_AttachmentProtectionFutureRecommendedSettings_Correct_V1 if { - # Test Attachment Protections when there's only one event - PolicyId := GmailId5_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AttachmentProtectionFutureRecommendedSettings_Correct_V2 if { - # Test Attachment Protections when there's multiple events and the most recent is correct - PolicyId := GmailId5_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AttachmentProtectionFutureRecommendedSettings_Correct_V3 if { - # Test Attachment Protections when there's correct events in multiple OUs - PolicyId := GmailId5_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AttachmentProtectionFutureRecommendedSettings_Correct_V4 if { - # Test Attachment Protections when there's correct events in multiple OUs - PolicyId := GmailId5_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V1 if { - # Test Attachment Protections when there are no relevant events - PolicyId := GmailId5_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V2 if { - # Test Attachment Protections when there's only one event and it's wrong - PolicyId := GmailId5_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V3 if { - # Test Attachment Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId5_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage5_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V4 if { - # Test Attachment Protections when there's only one event and it's wrong - PolicyId := GmailId5_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage5_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AttachmentProtectionFutureRecommendedSettings_Incorrect_V5 if { - # Test Attachment Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId5_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Enable: automatically enables all future added settings" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage5_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -# -# GWS.GMAIL.5.5 -#-- -test_AttachmentSafety_Correct_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId5_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:24.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Encrypted attachment protection setting action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:25.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Attachment with scripts protection action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:26.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Anomalous attachment protection setting action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AttachmentSafety_InCorrect_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId5_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:24.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Encrypted attachment protection setting action" - }, - {"name": "NEW_VALUE", "value": "Quarantine"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:25.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Attachment with scripts protection action" - }, - {"name": "NEW_VALUE", "value": "Show warning"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:26.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Anomalous attachment protection setting action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": GetFriendlyValue5_5("", "Show warning", "")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AttachmentSafety_InCorrect_V2 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId5_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:24.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Encrypted attachment protection setting action" - }, - {"name": "NEW_VALUE", "value": "Show warning"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:25.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Attachment with scripts protection action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:26.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Anomalous attachment protection setting action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": GetFriendlyValue5_5("Show warning", "", "")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AttachmentSafety_Incorrect_V3 if { - # Test Spoofing and Authentication Protections when one setting is missing events - PolicyId := GmailId5_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:24.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Encrypted attachment protection setting action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:25.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Attachment with scripts protection action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - # Note: no event for "Attachment safety Anomalous attachment protection setting action" - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - - -test_AttachmentSafety_Incorrect_V4 if { - # Test Spoofing and Authentication Protections when all settings have no events - PolicyId := GmailId5_5 - Output := tests with input as { - "gmail_logs": {"items": [ - - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_AttachmentSafety_InCorrect_V5 if { - # Test Spoofing and Authentication Protections when there are multiple events - PolicyId := GmailId5_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:24.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Encrypted attachment protection setting action" - }, - {"name": "NEW_VALUE", "value": "Show warning"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:25.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Attachment with scripts protection action" - }, - {"name": "NEW_VALUE", "value": "Show warning"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:26.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Attachment safety Anomalous attachment protection setting action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": GetFriendlyValue5_5("Show warning", "Show warning", "")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail06_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail06_test.rego deleted file mode 100644 index 913aeccb..00000000 --- a/scubagoggles/Testing/RegoTests/gmail/gmail06_test.rego +++ /dev/null @@ -1,1182 +0,0 @@ -package gmail - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.GMAIL.6.1 -#-- -test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V1 if { - # Test Links and External Images Protections when there's only one event - PolicyId := GmailId6_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V2 if { - # Test Links and External Images Protections when there's multiple events and the most recent is correct - PolicyId := GmailId6_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V3 if { - # Test Links and External Images Protections when there's multiple events and the most recent is correct - PolicyId := GmailId6_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:03:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:04:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionIdentifyLinksURL_Correct_V4 if { - # Test Links and External Images Protections when there's multiple events and the most recent is correct - PolicyId := GmailId6_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V1 if { - # Test Links and External Images Protections when there are no relevant events - PolicyId := GmailId6_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V2 if { - # Test Links and External Images Protections when there's only one event and it's wrong - PolicyId := GmailId6_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V3 if { - # Test Links and External Images Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId6_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V4 if { - # Test Links and External Images Protections when there's only one event and it's wrong - PolicyId := GmailId6_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage6_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_LinksExternalImagesProtectionIdentifyLinksURL_Incorrect_V5 if { - # Test Links and External Images Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId6_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: identify links behind shortened URLs" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage6_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -# -# GWS.GMAIL.6.2 -#-- - -test_LinksExternalImagesProtectionScanLinkedImages_Correct_V1 if { - # Test Links and External Images Protections when there's only one event and it's correct - PolicyId := GmailId6_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionScanLinkedImages_Correct_V2 if { - # Test Links and External Images Protections when there are multiple events and the most recent is correct - PolicyId := GmailId6_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionScanLinkedImages_Correct_V3 if { - # Test Links and External Images Protections when there are multiple events and the most recent is correct - PolicyId := GmailId6_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionScanLinkedImages_Correct_V4 if { - # Test Links and External Images Protections when there are multiple events and the most recent is correct - PolicyId := GmailId6_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V1 if { - # Test Links and External Images Protections when there are no relevant events - PolicyId := GmailId6_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V2 if { - # Test Links and External Images Protections when there's only one event and it's wrong - PolicyId := GmailId6_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_2("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_LinksExternalImagesProtectionScanLinkedImages_Incorrect_V3 if { - # Test Links and External Images Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId6_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "Links and external images safety Enable: scan linked images" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_2("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -# -# GWS.GMAIL.6.3 -#-- - -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V1 if { - # Test Links and External Images Protections when there's only one event - PolicyId := GmailId6_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: show warning prompt for click on links to ", - "unstrusted domains" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V2 if { - # Test Links and External Images Protections when there's multiple events and the most recent is correct - PolicyId := GmailId6_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: show warning prompt for click on links to ", - "unstrusted domains" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: show warning prompt for click on links to ", - "unstrusted domains" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Correct_V3 if { - # Test Links and External Images Protections when there's multiple events and the most recent is correct - PolicyId := GmailId6_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: show warning prompt for click on links to ", - "unstrusted domains" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: show warning prompt for click on links to ", - "unstrusted domains" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V1 if { - # Test Links and External Images Protections when there are no relevant events - PolicyId := GmailId6_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V2 if { - # Test Links and External Images Protections when there's only one event and it's wrong - PolicyId := GmailId6_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: show warning prompt for click on links to ", - "unstrusted domains" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V3 if { - # Test Links and External Images Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId6_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", ["Links and external images safety Enable: ", - "show warning prompt for click on links to unstrusted domains"]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: show warning prompt for click on links to ", - "unstrusted domains" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V4 if { - # Test Links and External Images Protections when there's only one event and it's wrong - PolicyId := GmailId6_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", ["Links and external images safety Enable: ", - "show warning prompt for click on links to unstrusted domains"]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage6_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_LinksExternalImagesProtectionWarningLinksUntrustedDomains_Incorrect_V5 if { - # Test Links and External Images Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId6_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", ["Links and external images safety Enable: ", - "show warning prompt for click on links to unstrusted domains"]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: show warning prompt for click on links to ", - "unstrusted domains" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage6_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -# -# GWS.GMAIL.6.4 -#-- - -test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V1 if { - # Test Links and External Images Protections when there's only one event - PolicyId := GmailId6_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V2 if { - # Test Links and External Images Protections when there's multiple events and the most recent is correct - PolicyId := GmailId6_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V3 if { - # Test Links and External Images Protections when there's multiple events and the most recent is correct - PolicyId := GmailId6_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionFutureRecommendedSettings_Correct_V4 if { - # Test Links and External Images Protections when there's multiple events and the most recent is correct - PolicyId := GmailId6_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V1 if { - # Test Links and External Images Protections when there are no relevant events - PolicyId := GmailId6_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V2 if { - # Test Links and External Images Protections when there's only one event and it's wrong - PolicyId := GmailId6_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V3 if { - # Test Links and External Images Protections when there's only one event and it's wrong - PolicyId := GmailId6_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage6_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_LinksExternalImagesProtectionFutureRecommendedSettings_Incorrect_V4 if { - # Test Links and External Images Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId6_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Links and external images safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage6_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail07_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail07_test.rego deleted file mode 100644 index 807fafd3..00000000 --- a/scubagoggles/Testing/RegoTests/gmail/gmail07_test.rego +++ /dev/null @@ -1,2448 +0,0 @@ -package gmail - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.GMAIL.7.1 -#-- - -test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId7_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V2 if { - # Test Spoofing and Authentication Protections when there's multiple events and the most recent is correct - PolicyId := GmailId7_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V3 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Correct_V4 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V1 if { - # Test Spoofing and Authentication Protections when there are no relevant events - PolicyId := GmailId7_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V2 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V3 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V4 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionSimilarDomainNameSpoofing_Incorrect_V5 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against domain spoofing using ", - "similar domain names" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- - -# -# GWS.GMAIL.7.2 -#-- - -test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId7_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V2 if { - # Test Spoofing and Authentication Protections when there's multiple events and the most recent is correct - PolicyId := GmailId7_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V3 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Correct_V4 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V1 if { - # Test Spoofing and Authentication Protections when there are no relevant events - PolicyId := GmailId7_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V2 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_2("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V3 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_2("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V4 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_2("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionEmployeeNameSpoofing_Incorrect_V5 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_2 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against spoofing of employee names" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_2("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -# -# GWS.GMAIL.7.3 -#-- - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId7_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V2 if { - # Test Spoofing and Authentication Protections when there's multiple events and the most recent is correct - PolicyId := GmailId7_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V3 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Correct_V4 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V1 if { - # Test Spoofing and Authentication Protections when there are no relevant events - PolicyId := GmailId7_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V2 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V3 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V4 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofing_Incorrect_V5 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_3 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect against inbound emails spoofing ", - "your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_3("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -# -# GWS.GMAIL.7.4 -#-- - -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId7_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V2 if { - # Test Spoofing and Authentication Protections when there's multiple events and the most recent is correct - PolicyId := GmailId7_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V3 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Correct_V4 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V1 if { - # Test Spoofing and Authentication Protections when there are no relevant events - PolicyId := GmailId7_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V2 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V3 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V4 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionUnauthenticatedEmail_Incorrect_V5 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_4 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Enable: protect against any unauthenticated emails" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_4("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -# -# GWS.GMAIL.7.5 -#-- - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId7_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V2 if { - # Test Spoofing and Authentication Protections when there's multiple events and the most recent is correct - PolicyId := GmailId7_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V3 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Correct_V4 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_V1 if { - # Test Spoofing and Authentication Protections when there are no relevant events - PolicyId := GmailId7_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_V2 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_5("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_V3 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_5("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_V4 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_5("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionInboundEmailDomainSpoofingGroups_Incorrect_V5 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_5 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: protect your Groups from inbound emails ", - "spoofing your domain" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_5("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -# -# GWS.GMAIL.7.6 -#-- - -test_SpoofingAuthenticationProtection_Correct_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId7_6 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:24.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect against domain spoofing based on similar ", - "domain names action" - ]) - }, - {"name": "NEW_VALUE", "value": "Quarantine"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:25.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Protect against spoofing of employee names action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:26.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect against inbound emails spoofing your ", - "domain action" - ]) - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:27.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Protect against any unauthenticated emails action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ", - "your domain action" - ]) - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtection_InCorrect_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId7_6 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:24.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect against domain spoofing based on similar ", - "domain names action" - ]) - }, - {"name": "NEW_VALUE", "value": "Show warning"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:25.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Protect against spoofing of employee names action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:26.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect against inbound emails spoofing your ", - "domain action" - ]) - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:27.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Protect against any unauthenticated emails action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ", - "your domain action" - ]) - }, - {"name": "NEW_VALUE", "value": "Show warning"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": GetFriendlyValue7_6("Show warning", - "", "", "", "Show warning")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtection_InCorrect_V2 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId7_6 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:24.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect against domain spoofing based on similar ", - "domain names action" - ]) - }, - {"name": "NEW_VALUE", "value": "Show warning"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:25.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Protect against spoofing of employee names action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:26.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect against inbound emails spoofing your ", - "domain action" - ]) - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:27.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Protect against any unauthenticated emails action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ", - "your domain action" - ]) - }, - {"name": "NEW_VALUE", "value": "Show warning"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": GetFriendlyValue7_6("Show warning", - "", "", "", "Show warning")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -# -# GWS.GMAIL.7.7 -#-- - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V1 if { - # Test Spoofing and Authentication Protections when there's only one event - PolicyId := GmailId7_7 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V2 if { - # Test Spoofing and Authentication Protections when there's multiple events and the most recent is correct - PolicyId := GmailId7_7 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V3 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_7 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Correct_V4 if { - # Test Spoofing and Authentication Protections when there's correct events in multiple OUs - PolicyId := GmailId7_7 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V1 if { - # Test Spoofing and Authentication Protections when there are no relevant events - PolicyId := GmailId7_7 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V2 if { - # Test Spoofing and Authentication Protections when only one setting - # doesn't have events - PolicyId := GmailId7_7 - Output := tests with input as { -"gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:24.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect against domain spoofing based on similar ", - "domain names action" - ]) - }, - {"name": "NEW_VALUE", "value": "Quarantine"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:25.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Protect against spoofing of employee names action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:26.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Protect against inbound emails spoofing your ", - "domain action" - ]) - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:27.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": - "Spoofing and authentication safety Protect against any unauthenticated emails action" - }, - {"name": "NEW_VALUE", "value": "Move to spam"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - # Note that "Spoofing and authentication safety Protect your Groups - # from inbound emails spoofing your domain action" is missing - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V3 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_7 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_7("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V4 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_7 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage7_7("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V5 if { - # Test Spoofing and Authentication Protections when there's only one event and it's wrong - PolicyId := GmailId7_7 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_7("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_SpoofingAuthenticationProtectionFutureRecommendedSettings_Incorrect_V6 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId7_7 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": concat("", [ - "Spoofing and authentication safety Enable: automatically enables all future added ", - "settings" - ]) - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage7_7("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail08_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail08_test.rego deleted file mode 100644 index dc5059a2..00000000 --- a/scubagoggles/Testing/RegoTests/gmail/gmail08_test.rego +++ /dev/null @@ -1,250 +0,0 @@ -package gmail - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.GMAIL.8.1 -#-- -test_UserEmailUploads_Correct_V1 if { - # Test User Email Uploads when there's only one event - PolicyId := GmailId8_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_UserEmailUploads_Correct_V2 if { - # Test User Email Uploads when there's multiple events and the most recent is correct - PolicyId := GmailId8_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_UserEmailUploads_Correct_V3 if { - # Test User Email Uploads when there's correct events in multiple OUs - PolicyId := GmailId8_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_UserEmailUploads_Incorrect_V1 if { - # Test User Email Uploads when there are no relevant events - PolicyId := GmailId8_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_UserEmailUploads_Incorrect_V2 if { - # Test User Email Uploads when there's only one event and it's wrong - PolicyId := GmailId8_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage8_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_UserEmailUploads_Incorrect_V3 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId8_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage8_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_UserEmailUploads_Incorrect_V4 if { - # Test User Email Uploads when there's only one event and it's wrong - PolicyId := GmailId8_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage8_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_UserEmailUploads_Incorrect_V5 if { - # Test Spoofing and Authentication Protections when there are multiple events and the most recent is wrong - PolicyId := GmailId8_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_USER_IMPORT"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage8_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail09_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail09_test.rego deleted file mode 100644 index 199b8621..00000000 --- a/scubagoggles/Testing/RegoTests/gmail/gmail09_test.rego +++ /dev/null @@ -1,172 +0,0 @@ -package gmail - -import future.keywords -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.GMAIL.9.1 -#-- - -test_ImapAccess_Correct_V1 if { - # Test IMAP and POP Access when there's only one event - PolicyId := GmailId9_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "IMAP_ACCESS"}, - {"name": "NEW_VALUE", "value": "DISABLED"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_POP_ACCESS"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_ImapAccess_Incorrect_V1 if { - # Test IMAP and POP Access when there's only one event and it's wrong - PolicyId := GmailId9_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "IMAP_ACCESS"}, - {"name": "NEW_VALUE", "value": "ENABLED_FOR_ALL_MAIL_CLIENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_POP_ACCESS"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": GetFriendlyValue9_1(true, true)}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_ImapAccess_Incorrect_V2 if { - # Test IMAP and POP Access when there's only one event and it's wrong - PolicyId := GmailId9_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "IMAP_ACCESS"}, - {"name": "NEW_VALUE", "value": "ENABLED_FOR_ALL_MAIL_CLIENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_POP_ACCESS"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": GetFriendlyValue9_1(true, true)}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_ImapAccess_Incorrect_V3 if { - # Test IMAP and POP Access when there are multiple events and the most recent is wrong - PolicyId := GmailId9_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "IMAP_ACCESS"}, - {"name": "NEW_VALUE", "value": "ENABLED_FOR_ALL_MAIL_CLIENTS"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_POP_ACCESS"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "IMAP_ACCESS"}, - {"name": "NEW_VALUE", "value": "DISABLED"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_POP_ACCESS"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": GetFriendlyValue9_1(true, false)}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail10_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail10_test.rego index f0d41cb9..cdf70dfb 100644 --- a/scubagoggles/Testing/RegoTests/gmail/gmail10_test.rego +++ b/scubagoggles/Testing/RegoTests/gmail/gmail10_test.rego @@ -1,287 +1,6 @@ package gmail import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.GMAIL.10.1 -#-- -test_GoogleWorkspaceSync_Correct_V1 if { - # Test Google Workspace Sync for Microsoft Outlook when there's only one event - PolicyId := GmailId10_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GoogleWorkspaceSync_Correct_V2 if { - # Test Google Workspace Sync for Microsoft Outlook when there's multiple events and the most recent is correct - PolicyId := GmailId10_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GoogleWorkspaceSync_Correct_V3 if { - # Test Google Workspace Sync for Microsoft Outlook when there's correct events in multiple OUs - PolicyId := GmailId10_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GoogleWorkspaceSync_Correct_V4 if { - # Test Google Workspace Sync for Microsoft Outlook when there's correct events in multiple OUs - PolicyId := GmailId10_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "INHERIT_FROM_PARENT"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_GoogleWorkspaceSync_Incorrect_V1 if { - # Test Google Workspace Sync for Microsoft Outlook when there are no relevant events - PolicyId := GmailId10_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_GoogleWorkspaceSync_Incorrect_V2 if { - # Test Google Workspace Sync for Microsoft Outlook when there's only one event and it's wrong - PolicyId := GmailId10_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage10_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GoogleWorkspaceSync_Incorrect_V3 if { - # Test Google Workspace Sync for Microsoft Outlook when there are multiple events and the most recent is wrong - PolicyId := GmailId10_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage10_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GoogleWorkspaceSync_Incorrect_V4 if { - # Test Google Workspace Sync for Microsoft Outlook when there's only one event and it's wrong - PolicyId := GmailId10_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage10_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_GoogleWorkspaceSync_Incorrect_V5 if { - # Test Google Workspace Sync for Microsoft Outlook when there are multiple events and the most recent is wrong - PolicyId := GmailId10_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_OUTLOOK_SYNC"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage10_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- # # GWS.GMAIL.10.2 diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail11_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail11_test.rego deleted file mode 100644 index dcb07ad7..00000000 --- a/scubagoggles/Testing/RegoTests/gmail/gmail11_test.rego +++ /dev/null @@ -1,286 +0,0 @@ -package gmail - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.GetFriendlyEnabledValue -import data.utils.PassTestResult - -# -# GWS.GMAIL.11.1 -#-- -test_AutomaticForwarding_Correct_V1 if { - # Test Automatic Forwarding when there's only one event - PolicyId := GmailId11_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AutomaticForwarding_Correct_V2 if { - # Test Automatic Forwarding when there's multiple events and the most recent is correct - PolicyId := GmailId11_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AutomaticForwarding_Correct_V3 if { - # Test Automatic Forwarding when there's correct events in multiple OUs - PolicyId := GmailId11_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AutomaticForwarding_Correct_V4 if { - # Test Automatic Forwarding when there's correct events in multiple OUs - PolicyId := GmailId11_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "INHERIT_FROM_PARENT"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_AutomaticForwarding_Incorrect_V1 if { - # Test Automatic Forwarding when there are no relevant events - PolicyId := GmailId11_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", false) -} - -test_AutomaticForwarding_Incorrect_V2 if { - # Test Automatic Forwarding when there's only one event and it's wrong - PolicyId := GmailId11_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage11_1(GetFriendlyEnabledValue(true))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AutomaticForwarding_Incorrect_V3 if { - # Test Automatic Forwarding when there are multiple events and the most recent is wrong - PolicyId := GmailId11_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage11_1(GetFriendlyEnabledValue(true))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AutomaticForwarding_Incorrect_V4 if { - # Test Automatic Forwarding when there's only one event and it's wrong - PolicyId := GmailId11_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage11_1(GetFriendlyEnabledValue(true))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_AutomaticForwarding_Incorrect_V5 if { - # Test Automatic Forwarding when there are multiple events and the most recent is wrong - PolicyId := GmailId11_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "ENABLE_EMAIL_AUTOFORWARDING"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage11_1(GetFriendlyEnabledValue(true))}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -#-- diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail12_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail12_test.rego deleted file mode 100644 index d277566c..00000000 --- a/scubagoggles/Testing/RegoTests/gmail/gmail12_test.rego +++ /dev/null @@ -1,250 +0,0 @@ -package gmail - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.GMAIL.12.1 -#-- -test_PerUserOutboundGateway_Correct_V1 if { - # Test Per-User Outbound Gateway when there's only one event - PolicyId := GmailId12_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_PerUserOutboundGateway_Correct_V2 if { - # Test Per-User Outbound Gateway when there's multiple events and the most recent is correct - PolicyId := GmailId12_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_PerUserOutboundGateway_Correct_V3 if { - # Test Per-User Outbound Gateway when there's correct events in multiple OUs - PolicyId := GmailId12_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_PerUserOutboundGateway_Incorrect_V1 if { - # Test Per-User Outbound Gateway when there are no relevant events - PolicyId := GmailId12_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_PerUserOutboundGateway_Incorrect_V2 if { - # Test Per-User Outbound Gateway when there's only one event and it's wrong - PolicyId := GmailId12_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage12_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_PerUserOutboundGateway_Incorrect_V3 if { - # Test Per-User Outbound Gateway when there are multiple events and the most recent is wrong - PolicyId := GmailId12_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage12_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_PerUserOutboundGateway_Incorrect_V4 if { - # Test Per-User Outbound Gateway when there's only one event and it's wrong - PolicyId := GmailId12_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage12_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_PerUserOutboundGateway_Incorrect_V5 if { - # Test Per-User Outbound Gateway when there are multiple events and the most recent is wrong - PolicyId := GmailId12_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "OUTBOUND_RELAY_ENABLED"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage12_1("enabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail14_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail14_test.rego deleted file mode 100644 index 3086cd94..00000000 --- a/scubagoggles/Testing/RegoTests/gmail/gmail14_test.rego +++ /dev/null @@ -1,161 +0,0 @@ -package gmail - -import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestNonCompliant -import data.utils.PassTestResultWithMessage - -# -# GWS.GMAIL.14.1 -#-- - -test_EmailAllowlist_Correct_V1 if { - # Test Email Allowlists when there's only one event - PolicyId := GmailId14_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GmailIpWhitelistSpamFilteringProto is_empty"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level Domain"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level Domain" - } - } - - Message := NonComplianceMessage14_1(GetFriendlyValue14_1("true"), - "Test Top-Level Domain") - PassTestResultWithMessage(PolicyId, Output, Message) -} - -test_EmailAllowlist_Correct_V2 if { - # Test Email Allowlists when there's multiple events and the most recent is correct - PolicyId := GmailId14_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GmailIpWhitelistSpamFilteringProto is_empty"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level Domain"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GmailIpWhitelistSpamFilteringProto is_empty"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level Domain"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level Domain" - } - } - - Message := NonComplianceMessage14_1(GetFriendlyValue14_1("true"), - "Test Top-Level Domain") - PassTestResultWithMessage(PolicyId, Output, Message) -} - -test_EmailAllowlist_Incorrect_V1 if { - # Test Email Allowlists when there are no relevant events - PolicyId := GmailId14_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level Domain"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level Domain" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level Domain", true) -} - -test_EmailAllowlist_Incorrect_V2 if { - # Test Email Allowlists when there's only one event and it's wrong - PolicyId := GmailId14_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GmailIpWhitelistSpamFilteringProto is_empty"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level Domain"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level Domain" - } - } - - FailTestNonCompliant(PolicyId, - Output, - NonComplianceMessage14_1(GetFriendlyValue14_1("false"), - "Test Top-Level Domain")) -} - -test_EmailAllowlist_Incorrect_V3 if { - # Test Email Allowlists when there are multiple events and the most recent is wrong - PolicyId := GmailId14_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GmailIpWhitelistSpamFilteringProto is_empty"}, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level Domain"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "GmailIpWhitelistSpamFilteringProto is_empty"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level Domain"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level Domain" - }, - } - - FailTestNonCompliant(PolicyId, - Output, - NonComplianceMessage14_1(GetFriendlyValue14_1("false"), - "Test Top-Level Domain")) -} -#-- diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail15_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail15_test.rego index 5cffbaee..c24b1afd 100644 --- a/scubagoggles/Testing/RegoTests/gmail/gmail15_test.rego +++ b/scubagoggles/Testing/RegoTests/gmail/gmail15_test.rego @@ -1,327 +1,6 @@ package gmail import future.keywords -import data.utils.FailTestNoEvent -import data.utils.FailTestOUNonCompliant -import data.utils.PassTestResult - -# -# GWS.GMAIL.15.1 -#-- - -test_EnhancedPreDeliveryMessageScanning_Correct_V1 if { - # Test Enhanced Pre-Delivery Message Scanning when there's only one event - PolicyId := GmailId15_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_EnhancedPreDeliveryMessageScanning_Correct_V2 if { - # Test Enhanced Pre-Delivery Message Scanning when there's multiple events and the most recent is correct - PolicyId := GmailId15_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - PassTestResult(PolicyId, Output) -} - -test_EnhancedPreDeliveryMessageScanning_Correct_V3 if { - # Test Enhanced Pre-Delivery Message Scanning when there's correct events in multiple OUs - PolicyId := GmailId15_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_EnhancedPreDeliveryMessageScanning_Correct_V4 if { - # Test Enhanced Pre-Delivery Message Scanning when there's correct events in multiple OUs and inherited setting - PolicyId := GmailId15_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2022-12-21T00:02:28.672Z"}, - "events": [{ - "name": "DELETE_APPLICATION_SETTING", - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - } - } - - PassTestResult(PolicyId, Output) -} - -test_EnhancedPreDeliveryMessageScanning_Incorrect_V1 if { - # Test Enhanced Pre-Delivery Message Scanning when there are no relevant events - PolicyId := GmailId15_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - {"name": "SETTING_NAME", "value": "Something else"}, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - FailTestNoEvent(PolicyId, Output, "Test Top-Level OU", true) -} - -test_EnhancedPreDeliveryMessageScanning_Incorrect_V2 if { - # Test Enhanced Pre-Delivery Message Scanning when there's only one event and it's wrong - PolicyId := GmailId15_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage15_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_EnhancedPreDeliveryMessageScanning_Incorrect_V3 if { - # Test Enhanced Pre-Delivery Message Scanning when there are multiple events and the most recent is wrong - PolicyId := GmailId15_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - }, - } - - failedOU := [{"Name": "Test Top-Level OU", - "Value": NonComplianceMessage15_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_EnhancedPreDeliveryMessageScanning_Incorrect_V4 if { - # Test Enhanced Pre-Delivery Message Scanning when there's only one event and it's wrong - PolicyId := GmailId15_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "" - } - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage15_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} - -test_EnhancedPreDeliveryMessageScanning_Incorrect_V5 if { - # Test Enhanced Pre-Delivery Message Scanning when there are multiple events and the most recent is wrong - PolicyId := GmailId15_1 - Output := tests with input as { - "gmail_logs": {"items": [ - { - "id": {"time": "2022-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "true"}, - {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, - ] - }] - }, - { - "id": {"time": "2021-12-20T00:02:28.672Z"}, - "events": [{ - "parameters": [ - { - "name": "SETTING_NAME", - "value": "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - }, - {"name": "NEW_VALUE", "value": "false"}, - {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, - ] - }] - } - ]}, - "tenant_info": { - "topLevelOU": "Test Top-Level OU" - }, - } - - failedOU := [{"Name": "Secondary OU", - "Value": NonComplianceMessage15_1("disabled")}] - FailTestOUNonCompliant(PolicyId, Output, failedOU) -} -#-- # # GWS.GMAIL.15.2 diff --git a/scubagoggles/Testing/RegoTests/gmail/gmail_api14_test.rego b/scubagoggles/Testing/RegoTests/gmail/gmail_api14_test.rego index ad935a46..9ff32f66 100644 --- a/scubagoggles/Testing/RegoTests/gmail/gmail_api14_test.rego +++ b/scubagoggles/Testing/RegoTests/gmail/gmail_api14_test.rego @@ -2,6 +2,7 @@ package gmail import future.keywords import data.utils.FailTestNonCompliant +import data.utils.GetFriendlyEnabledValue import data.utils.PassTestResultWithMessage GoodGmailApi14 := { @@ -33,7 +34,7 @@ test_Allowlist_Correct_1 if { PolicyId := GmailId14_1 Output := tests with input as GoodGmailApi14 - Message := NonComplianceMessage14_1(GetFriendlyValue14_1(false), "topOU") + Message := NonComplianceMessage14_1(GetFriendlyEnabledValue(false), "topOU") PassTestResultWithMessage(PolicyId, Output, Message) } @@ -43,6 +44,6 @@ test_Allowlist_Incorrect_1 if { FailTestNonCompliant(PolicyId, Output, - NonComplianceMessage14_1(GetFriendlyValue14_1(true), + NonComplianceMessage14_1(GetFriendlyEnabledValue(true), "topOU")) } diff --git a/scubagoggles/rego/Gmail.rego b/scubagoggles/rego/Gmail.rego index 7354a769..f7c96fdd 100644 --- a/scubagoggles/rego/Gmail.rego +++ b/scubagoggles/rego/Gmail.rego @@ -3,7 +3,6 @@ package gmail import future.keywords import data.utils import data.utils.GetFriendlyEnabledValue -import data.utils.PolicyApiInUse GmailEnabled(orgunit) := utils.AppEnabled(input.policies, "gmail", orgunit) @@ -37,33 +36,8 @@ LogEvents := utils.GetEvents("gmail_logs") GmailId1_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.1.1") -LogMessage1_1 := "ENABLE_MAIL_DELEGATION_WITHIN_DOMAIN" - -Check1_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage1_1, utils.TopLevelOU) - count(events) > 0 -} - -Check1_1_OK if {PolicyApiInUse} - NonComplianceMessage1_1(value) := sprintf("Mail delegation is %s", [value]) -# Cannot be controlled at group level - -NonCompliantOUs1_1 contains { - "Name": OU, - "Value": NonComplianceMessage1_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage1_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "true" -} - NonCompliantOUs1_1 contains { "Name": OU, "Value": NonComplianceMessage1_1(GetFriendlyEnabledValue(mailDelegation)) @@ -75,20 +49,6 @@ if { mailDelegation } -tests contains { - "PolicyId": GmailId1_1, - "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check1_1_OK -} - tests contains { "PolicyId": GmailId1_1, "Criticality": "Should", @@ -98,7 +58,6 @@ tests contains { "NoSuchEvent": false } if { - Check1_1_OK Status := count(NonCompliantOUs1_1) == 0 } #-- @@ -135,7 +94,6 @@ if { } #-- - ############### # GWS.GMAIL.3 # ############### @@ -290,7 +248,6 @@ if { } #-- - ############### # GWS.GMAIL.5 # ############### @@ -299,42 +256,14 @@ if { # Baseline GWS.GMAIL.5.1 #-- -# Cannot be controlled at group level - GmailId5_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.5.1") -LogMessage5_1 := "Attachment safety Enable: protect against encrypted attachments from untrusted senders" - -Check5_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage5_1, utils.TopLevelOU) - count(events) > 0 -} - -Check5_1_OK if {PolicyApiInUse} - # The following prefix applies to the next 2 baselines and is used to keep # string length from getting too long. ProtectionEncryptAttPrefix := "Protection against encrypted attachments" NonComplianceMessage5_1(value) := sprintf("%s from untrusted senders is set to: %s", [ProtectionEncryptAttPrefix, value]) -NonCompliantOUs5_1 contains { - "Name": OU, - "Value": NonComplianceMessage5_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, - concat("", ["Attachment safety Enable: ", - "protect against encrypted attachments from untrusted senders"]), OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs5_1 contains { "Name": OU, "Value": NonComplianceMessage5_1(GetFriendlyEnabledValue(noEncrypt)) @@ -346,20 +275,6 @@ if { noEncrypt != true } -tests contains { - "PolicyId": GmailId5_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check5_1_OK -} - tests contains { "PolicyId": GmailId5_1, "Criticality": "Shall", @@ -369,9 +284,9 @@ tests contains { "NoSuchEvent": false } if { - Check5_1_OK Status := count(NonCompliantOUs5_1) == 0 } +#-- # # Baseline GWS.GMAIL.5.2 @@ -379,35 +294,9 @@ if { GmailId5_2 := utils.PolicyIdWithSuffix("GWS.GMAIL.5.2") -LogMessage5_2 := "Attachment safety Enable: protect against attachments with scripts from untrusted senders" - -Check5_2_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage5_2, utils.TopLevelOU) - count(events) > 0 -} - -Check5_2_OK if {PolicyApiInUse} - NonComplianceMessage5_2(value) := sprintf("%s with scripts from untrusted senders is set to: %s", [ProtectionEncryptAttPrefix, value]) -NonCompliantOUs5_2 contains { - "Name": OU, - "Value": NonComplianceMessage5_2(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, - concat("", ["Attachment safety Enable: ", - "protect against attachments with scripts from untrusted senders"]), OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs5_2 contains { "Name": OU, "Value": NonComplianceMessage5_2(GetFriendlyEnabledValue(noEncrypt)) @@ -419,20 +308,6 @@ if { noEncrypt != true } -tests contains { - "PolicyId": GmailId5_2, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check5_2_OK -} - tests contains { "PolicyId": GmailId5_2, "Criticality": "Shall", @@ -442,10 +317,8 @@ tests contains { "NoSuchEvent": false } if { - Check5_2_OK Status := count(NonCompliantOUs5_2) == 0 } - #-- # @@ -454,34 +327,9 @@ if { GmailId5_3 := utils.PolicyIdWithSuffix("GWS.GMAIL.5.3") -LogMessage5_3 := "Attachment safety Enable: Protect against anomalous attachment types in emails" - -Check5_3_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage5_3, utils.TopLevelOU) - count(events) > 0 -} - -Check5_3_OK if {PolicyApiInUse} - NonComplianceMessage5_3(value) := sprintf("Protection against anomalous attachment types in emails is set to: %s", [value]) -NonCompliantOUs5_3 contains { - "Name": OU, - "Value": NonComplianceMessage5_3(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, - concat("", ["Attachment safety Enable: Protect against anomalous attachment types in emails"]), OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs5_3 contains { "Name": OU, "Value": NonComplianceMessage5_3(GetFriendlyEnabledValue(protectAtt)) @@ -493,20 +341,6 @@ if { protectAtt != true } -tests contains { - "PolicyId": GmailId5_3, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check5_3_OK -} - tests contains { "PolicyId": GmailId5_3, "Criticality": "Shall", @@ -516,7 +350,6 @@ tests contains { "NoSuchEvent": false } if { - Check5_3_OK Status := count(NonCompliantOUs5_3) == 0 } #-- @@ -527,34 +360,9 @@ if { GmailId5_4 := utils.PolicyIdWithSuffix("GWS.GMAIL.5.4") -LogMessage5_4 := "Attachment safety Enable: automatically enables all future added settings" - -Check5_4_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage5_4, utils.TopLevelOU) - count(events) > 0 -} - -Check5_4_OK if {PolicyApiInUse} - NonComplianceMessage5_4(value) := sprintf("Automatically enables all future added settings is set to: %s", [value]) -NonCompliantOUs5_4 contains { - "Name": OU, - "Value": NonComplianceMessage5_4(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, concat("", ["Attachment safety Enable: ", - "automatically enables all future added settings"]), OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs5_4 contains { "Name": OU, "Value": NonComplianceMessage5_4(GetFriendlyEnabledValue(futureAtt)) @@ -566,20 +374,6 @@ if { futureAtt != true } -tests contains { - "PolicyId": GmailId5_4, - "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check5_4_OK -} - tests contains { "PolicyId": GmailId5_4, "Criticality": "Should", @@ -589,7 +383,6 @@ tests contains { "NoSuchEvent": false } if { - Check5_4_OK Status := count(NonCompliantOUs5_4) == 0 } #-- @@ -603,24 +396,6 @@ GmailId5_5 := utils.PolicyIdWithSuffix("GWS.GMAIL.5.5") NonComplianceMessage5_5(types) := sprintf("%s attachment emails not removed from inbox", [concat(", ", sort(types))]) -default NoSuchEvent5_5 := false - -NoSuchEvent5_5 := false if { - PolicyApiInUse -} else := true if { - SettingName := "Attachment safety Encrypted attachment protection setting action" - Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) - count(Events) == 0 -} else := true if { - SettingName := "Attachment safety Attachment with scripts protection action" - Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) - count(Events) == 0 -} else := true if { - SettingName := "Attachment safety Anomalous attachment protection setting action" - Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) - count(Events) == 0 -} - EncryptedAttachmentMessage(NewValueEncryptedAttachment) := "Encrypted attachments from untrusted senders" if { NewValueEncryptedAttachment == "Show warning" } @@ -667,38 +442,6 @@ GetFriendlyValue5_5(NewValueEventEncryptedAttachment, NewValueAttachmentWithScri "" ]) -NonCompliantOUs5_5 contains { - "Name": OU, - "Value": GetFriendlyValue5_5(LastEventEncryptedAttachment.NewValue, - LastEventAttachmentWithScripts.NewValue, - LastEventAnomalousAttachment.NewValue) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - EncryptedAttachmentEvents := utils.FilterEventsOU(LogEvents, - "Attachment safety Encrypted attachment protection setting action", OU) - count(EncryptedAttachmentEvents) > 0 - LastEventEncryptedAttachment := utils.GetLastEvent(EncryptedAttachmentEvents) - - AttachmentWithScriptsEvents := utils.FilterEventsOU(LogEvents, - "Attachment safety Attachment with scripts protection action", OU) - count(AttachmentWithScriptsEvents) > 0 - LastEventAttachmentWithScripts := utils.GetLastEvent(AttachmentWithScriptsEvents) - - AnomalousAttachmentEvents := utils.FilterEventsOU(LogEvents, - "Attachment safety Anomalous attachment protection setting action", OU) - count(AnomalousAttachmentEvents) > 0 - LastEventAnomalousAttachment := utils.GetLastEvent(AnomalousAttachmentEvents) - - # OU is non-compliant if any of the following are true - true in [ - LastEventEncryptedAttachment.NewValue == "Show warning", - LastEventAttachmentWithScripts.NewValue == "Show warning", - LastEventAnomalousAttachment.NewValue == "Show warning" - ] -} - AttachConfigs := [ {"type": "anomalous type", "setting": "anomalousAttachmentProtectionConsequence"}, @@ -723,20 +466,6 @@ if { count(types) > 0 } -tests contains { - "PolicyId": GmailId5_5, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - NoSuchEvent5_5 -} - tests contains { "PolicyId": GmailId5_5, "Criticality": "Shall", @@ -746,7 +475,6 @@ tests contains { "NoSuchEvent": false } if { - not NoSuchEvent5_5 Status := count(NonCompliantOUs5_5) == 0 } #-- @@ -772,41 +500,15 @@ tests contains { # GWS.GMAIL.6 # ############### -# Cannot be controlled at Group level - # # Baseline GWS.GMAIL.6.1 #-- GmailId6_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.6.1") -LogMessage6_1 := "Links and external images safety Enable: identify links behind shortened URLs" - -Check6_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage6_1, utils.TopLevelOU) - count(events) > 0 -} - -Check6_1_OK if {PolicyApiInUse} - NonComplianceMessage6_1(value) := sprintf("Identify links behind shortened URLs is: %s", [value]) -NonCompliantOUs6_1 contains { - "Name": OU, - "Value": NonComplianceMessage6_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage6_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs6_1 contains { "Name": OU, "Value": NonComplianceMessage6_1(GetFriendlyEnabledValue(shortLinks)) @@ -818,20 +520,6 @@ if { shortLinks != true } -tests contains { - "PolicyId": GmailId6_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check6_1_OK -} - tests contains { "PolicyId": GmailId6_1, "Criticality": "Shall", @@ -841,7 +529,6 @@ tests contains { "NoSuchEvent": false } if { - Check6_1_OK Status := count(NonCompliantOUs6_1) == 0 } #-- @@ -852,33 +539,9 @@ if { GmailId6_2 := utils.PolicyIdWithSuffix("GWS.GMAIL.6.2") -LogMessage6_2 := "Links and external images safety Enable: scan linked images" - -Check6_2_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage6_2, utils.TopLevelOU) - count(events) > 0 -} - -Check6_2_OK if {PolicyApiInUse} - NonComplianceMessage6_2(value) := sprintf("Scan linked images is: %s", [value]) -NonCompliantOUs6_2 contains { - "Name": OU, - "Value": NonComplianceMessage6_2(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage6_2, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs6_2 contains { "Name": OU, "Value": NonComplianceMessage6_2(GetFriendlyEnabledValue(scanImages)) @@ -890,20 +553,6 @@ if { scanImages != true } -tests contains { - "PolicyId": GmailId6_2, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check6_2_OK -} - tests contains { "PolicyId": GmailId6_2, "Criticality": "Shall", @@ -913,7 +562,6 @@ tests contains { "NoSuchEvent": false } if { - Check6_2_OK Status := count(NonCompliantOUs6_2) == 0 } #-- @@ -924,36 +572,9 @@ if { GmailId6_3 := utils.PolicyIdWithSuffix("GWS.GMAIL.6.3") -# NOTE: "unstrusted" really is the spelling the API uses: -LogMessage6_3 := sprintf("%s %s %s", ["Links and external images safety Enable:", - "show warning prompt for click on links", - "to unstrusted domains"]) - -Check6_3_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage6_3, utils.TopLevelOU) - count(events) > 0 -} - -Check6_3_OK if {PolicyApiInUse} - NonComplianceMessage6_3(value) := sprintf("Show warning prompt for click on links to untrusted domains is: %s", [value]) -NonCompliantOUs6_3 contains { - "Name": OU, - "Value": NonComplianceMessage6_3(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage6_3, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs6_3 contains { "Name": OU, "Value": NonComplianceMessage6_3(GetFriendlyEnabledValue(warnEnabled)) @@ -965,20 +586,6 @@ if { warnEnabled != true } -tests contains { - "PolicyId": GmailId6_3, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check6_3_OK -} - tests contains { "PolicyId": GmailId6_3, "Criticality": "Shall", @@ -988,7 +595,6 @@ tests contains { "NoSuchEvent": false } if { - Check6_3_OK Status := count(NonCompliantOUs6_3) == 0 } #-- @@ -999,35 +605,9 @@ if { GmailId6_4 := utils.PolicyIdWithSuffix("GWS.GMAIL.6.4") -LogMessage6_4 := sprintf("%s %s %s", ["Links and external images safety Enable:", - "automatically enables all future", - "added settings"]) - -Check6_4_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage6_4, utils.TopLevelOU) - count(events) > 0 -} - -Check6_4_OK if {PolicyApiInUse} - NonComplianceMessage6_4(value) := sprintf("Apply future recommended settings automatically is: %s", [value]) -NonCompliantOUs6_4 contains { - "Name": OU, - "Value": NonComplianceMessage6_4(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage6_4, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs6_4 contains { "Name": OU, "Value": NonComplianceMessage6_4(GetFriendlyEnabledValue(applyFuture)) @@ -1039,20 +619,6 @@ if { applyFuture != true } -tests contains { - "PolicyId": GmailId6_4, - "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check6_4_OK -} - tests contains { "PolicyId": GmailId6_4, "Criticality": "Should", @@ -1062,7 +628,6 @@ tests contains { "NoSuchEvent": false } if { - Check6_4_OK Status := count(NonCompliantOUs6_4) == 0 } #-- @@ -1091,39 +656,11 @@ tests contains { # Baseline GWS.GMAIL.7.1 #-- -# No group level control - GmailId7_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.7.1") -LogMessage7_1 := sprintf("%s %s %s", ["Spoofing and authentication safety", - "Enable: protect against domain spoofing", - "using similar domain names"]) - -Check7_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage7_1, utils.TopLevelOU) - count(events) > 0 -} - -Check7_1_OK if {PolicyApiInUse} - NonComplianceMessage7_1(value) := sprintf("Protect against domain spoofing using similar domain names is set to: %s", [value]) -NonCompliantOUs7_1 contains { - "Name": OU, - "Value": NonComplianceMessage7_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage7_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs7_1 contains { "Name": OU, "Value": NonComplianceMessage7_1(GetFriendlyEnabledValue(spoofProtect)) @@ -1135,20 +672,6 @@ if { spoofProtect != true } -tests contains { - "PolicyId": GmailId7_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check7_1_OK -} - tests contains { "PolicyId": GmailId7_1, "Criticality": "Shall", @@ -1158,7 +681,6 @@ tests contains { "NoSuchEvent": false } if { - Check7_1_OK Status := count(NonCompliantOUs7_1) == 0 } #-- @@ -1169,35 +691,9 @@ if { GmailId7_2 := utils.PolicyIdWithSuffix("GWS.GMAIL.7.2") -LogMessage7_2 := sprintf("%s %s %s", ["Spoofing and authentication safety", - "Enable: protect against spoofing of", - "employee names"]) - -Check7_2_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage7_2, utils.TopLevelOU) - count(events) > 0 -} - -Check7_2_OK if {PolicyApiInUse} - NonComplianceMessage7_2(value) := sprintf("Protect against spoofing of employee names is set to: %s", [value]) -NonCompliantOUs7_2 contains { - "Name": OU, - "Value": NonComplianceMessage7_2(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage7_2, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs7_2 contains { "Name": OU, "Value": NonComplianceMessage7_2(GetFriendlyEnabledValue(spoofProtect)) @@ -1209,20 +705,6 @@ if { spoofProtect != true } -tests contains { - "PolicyId": GmailId7_2, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check7_2_OK -} - tests contains { "PolicyId": GmailId7_2, "Criticality": "Shall", @@ -1232,7 +714,6 @@ tests contains { "NoSuchEvent": false } if { - Check7_2_OK Status := count(NonCompliantOUs7_2) == 0 } #-- @@ -1243,35 +724,9 @@ if { GmailId7_3 := utils.PolicyIdWithSuffix("GWS.GMAIL.7.3") -LogMessage7_3 := sprintf("%s %s %s", ["Spoofing and authentication safety", - "Enable: protect against inbound emails", - "spoofing your domain"]) - -Check7_3_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage7_3, utils.TopLevelOU) - count(events) > 0 -} - -Check7_3_OK if {PolicyApiInUse} - NonComplianceMessage7_3(value) := sprintf("Protect against inbound emails spoofing your domain is set to: %s", [value]) -NonCompliantOUs7_3 contains { - "Name": OU, - "Value": NonComplianceMessage7_3(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage7_3, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs7_3 contains { "Name": OU, "Value": NonComplianceMessage7_3(GetFriendlyEnabledValue(spoofProtect)) @@ -1283,20 +738,6 @@ if { spoofProtect != true } -tests contains { - "PolicyId": GmailId7_3, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check7_3_OK -} - tests contains { "PolicyId": GmailId7_3, "Criticality": "Shall", @@ -1306,7 +747,6 @@ tests contains { "NoSuchEvent": false } if { - Check7_3_OK Status := count(NonCompliantOUs7_3) == 0 } #-- @@ -1317,35 +757,9 @@ if { GmailId7_4 := utils.PolicyIdWithSuffix("GWS.GMAIL.7.4") -LogMessage7_4 := sprintf("%s %s %s", ["Spoofing and authentication safety", - "Enable: protect against any", - "unauthenticated emails"]) - -Check7_4_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage7_4, utils.TopLevelOU) - count(events) > 0 -} - -Check7_4_OK if {PolicyApiInUse} - NonComplianceMessage7_4(value) := sprintf("Protect against any unauthenticated emails is set to: %s", [value]) -NonCompliantOUs7_4 contains { - "Name": OU, - "Value": NonComplianceMessage7_4(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage7_4, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs7_4 contains { "Name": OU, "Value": NonComplianceMessage7_4(GetFriendlyEnabledValue(unauthEmail)) @@ -1357,20 +771,6 @@ if { unauthEmail != true } -tests contains { - "PolicyId": GmailId7_4, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check7_4_OK -} - tests contains { "PolicyId": GmailId7_4, "Criticality": "Shall", @@ -1380,7 +780,6 @@ tests contains { "NoSuchEvent": false } if { - Check7_4_OK Status := count(NonCompliantOUs7_4) == 0 } #-- @@ -1391,35 +790,9 @@ if { GmailId7_5 := utils.PolicyIdWithSuffix("GWS.GMAIL.7.5") -LogMessage7_5 := sprintf("%s %s %s", ["Spoofing and authentication safety", - "Enable: protect your Groups from", - "inbound emails spoofing your domain"]) - -Check7_5_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage7_5, utils.TopLevelOU) - count(events) > 0 -} - -Check7_5_OK if {PolicyApiInUse} - NonComplianceMessage7_5(value) := sprintf("Protect your Groups from inbound emails spoofing your domain is set to: %s", [value]) -NonCompliantOUs7_5 contains { - "Name": OU, - "Value": NonComplianceMessage7_5(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage7_5, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs7_5 contains { "Name": OU, "Value": NonComplianceMessage7_5(GetFriendlyEnabledValue(detectSpoof)) @@ -1431,20 +804,6 @@ if { detectSpoof != true } -tests contains { - "PolicyId": GmailId7_5, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check7_5_OK -} - tests contains { "PolicyId": GmailId7_5, "Criticality": "Shall", @@ -1454,7 +813,6 @@ tests contains { "NoSuchEvent": false } if { - Check7_5_OK Status := count(NonCompliantOUs7_5) == 0 } #-- @@ -1463,43 +821,11 @@ if { # Baseline GWS.GMAIL.7.6 #-- -GmailId7_6 := utils.PolicyIdWithSuffix("GWS.GMAIL.7.6") - -NonComplianceMessage7_6(types) := sprintf("%s spoof emails not removed from inbox", - [concat(", ", sort(types))]) - -# No such event is true if any of the relevant settings doesn't having any events -default NoSuchEvent7_6 := false - -NoSuchEvent7_6 := false if { - PolicyApiInUse -} else := true if { - SettingName := - "Spoofing and authentication safety Protect against domain spoofing based on similar domain names action" - Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) - count(Events) == 0 -} else := true if { - SettingName := - "Spoofing and authentication safety Protect against spoofing of employee names action" - Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) - count(Events) == 0 -} else := true if { - SettingName := - "Spoofing and authentication safety Protect against inbound emails spoofing your domain action" - Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) - count(Events) == 0 -} else := true if { - SettingName := - "Spoofing and authentication safety Protect against any unauthenticated emails action" - Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) - count(Events) == 0 -} else := true if { - SettingName := - "Spoofing and authentication safety Protect your Groups from inbound emails spoofing your domain action" - Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) - count(Events) == 0 -} - +GmailId7_6 := utils.PolicyIdWithSuffix("GWS.GMAIL.7.6") + +NonComplianceMessage7_6(types) := sprintf("%s spoof emails not removed from inbox", + [concat(", ", sort(types))]) + DomainNamesMessage(NewValueDomainNames) := "Inbound emails spoofing similar domain names" if { NewValueDomainNames == "Show warning" } else := "" @@ -1547,56 +873,6 @@ GetFriendlyValue7_6(NewValueDomainNames, NewValueEmployeeNames, NewValueInboundE "" ]) -NonCompliantOUs7_6 contains { - "Name": OU, - "Value": GetFriendlyValue7_6(LastEventDomainNames.NewValue, LastEventEmployeeNames.NewValue, - LastEventInboundEmails.NewValue, LastEventUnauthenticatedEmails.NewValue, - LastEventGroupEmails.NewValue) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - - DomainNamesSetting := concat("", [ - "Spoofing and authentication safety Protect against domain spoofing based on ", - "similar domain names action" - ]) - DomainNamesEvents := utils.FilterEventsOU(LogEvents, DomainNamesSetting, OU) - LastEventDomainNames := utils.GetLastEvent(DomainNamesEvents) - - EmployeeNamesSetting := - "Spoofing and authentication safety Protect against spoofing of employee names action" - EmployeeNamesEvents := utils.FilterEventsOU(LogEvents, EmployeeNamesSetting, OU) - LastEventEmployeeNames := utils.GetLastEvent(EmployeeNamesEvents) - - InboundEmailsSetting := - "Spoofing and authentication safety Protect against inbound emails spoofing your domain action" - InboundEmailsEvents := utils.FilterEventsOU(LogEvents, InboundEmailsSetting, OU) - LastEventInboundEmails := utils.GetLastEvent(InboundEmailsEvents) - - UnauthenticatedEmailsSetting := - "Spoofing and authentication safety Protect against any unauthenticated emails action" - UnauthenticatedEmailsEvents := utils.FilterEventsOU(LogEvents, UnauthenticatedEmailsSetting, OU) - LastEventUnauthenticatedEmails := utils.GetLastEvent(UnauthenticatedEmailsEvents) - - GroupEmailsSetting := concat("", [ - "Spoofing and authentication safety Protect your Groups from inbound emails spoofing ", - "your domain action" - ]) - GroupEmailsEvents := utils.FilterEventsOU(LogEvents, GroupEmailsSetting, OU) - LastEventGroupEmails := utils.GetLastEvent(GroupEmailsEvents) - - # OU is non-compliant if any of the following are true - true in [ - LastEventDomainNames.NewValue == "Show warning", - LastEventEmployeeNames.NewValue == "Show warning", - LastEventInboundEmails.NewValue == "Show warning", - LastEventUnauthenticatedEmails.NewValue == "Show warning", - LastEventUnauthenticatedEmails.NewValue == "No action", - LastEventGroupEmails.NewValue == "Show warning" - ] -} - SpoofConfigs := [ {"type": "domain", "setting": "domainSpoofingConsequence"}, {"type": "domain name", "setting": "domainNameSpoofingConsequence"}, @@ -1620,20 +896,6 @@ if { count(types) > 0 } -tests contains { - "PolicyId": GmailId7_6, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event for the top-level OU in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - NoSuchEvent7_6 -} - tests contains { "PolicyId": GmailId7_6, "Criticality": "Shall", @@ -1643,7 +905,6 @@ tests contains { "NoSuchEvent": false } if { - not NoSuchEvent7_6 Status := count(NonCompliantOUs7_6) == 0 } #-- @@ -1654,35 +915,9 @@ if { GmailId7_7 := utils.PolicyIdWithSuffix("GWS.GMAIL.7.7") -LogMessage7_7 := sprintf("%s %s %s", ["Spoofing and authentication safety", - "Enable: automatically enables all", - "future added settings"]) - -Check7_7_OK if { - not PolicyApiInUse - events := utils.FilterEventsNoOU(LogEvents, LogMessage7_7) - count(events) > 0 -} - -Check7_7_OK if {PolicyApiInUse} - NonComplianceMessage7_7(value) := sprintf("Automatically enable all future added settings is set to: %s", [value]) -NonCompliantOUs7_7 contains { - "Name": OU, - "Value": NonComplianceMessage7_7(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage7_7, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "false" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs7_7 contains { "Name": OU, "Value": NonComplianceMessage7_7(GetFriendlyEnabledValue(applyFuture)) @@ -1694,20 +929,6 @@ if { applyFuture != true } -tests contains { - "PolicyId": GmailId7_7, - "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": false, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check7_7_OK -} - tests contains { "PolicyId": GmailId7_7, "Criticality": "Should", @@ -1717,7 +938,6 @@ tests contains { "NoSuchEvent": false } if { - Check7_7_OK Status := count(NonCompliantOUs7_7) == 0 } #-- @@ -1739,7 +959,6 @@ tests contains { } #-- - ############### # GWS.GMAIL.8 # ############### @@ -1750,31 +969,8 @@ tests contains { GmailId8_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.8.1") -LogMessage8_1 := "ENABLE_EMAIL_USER_IMPORT" - -Check8_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage8_1, utils.TopLevelOU) - count(events) > 0 -} - -Check8_1_OK if {PolicyApiInUse} - NonComplianceMessage8_1(value) := sprintf("User email uploads is %s", [value]) -NonCompliantOUs8_1 contains { - "Name": OU, - "Value": NonComplianceMessage8_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage8_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "true" -} - NonCompliantOUs8_1 contains { "Name": OU, "Value": NonComplianceMessage8_1(GetFriendlyEnabledValue(emailUploads)) @@ -1786,20 +982,6 @@ if { emailUploads } -tests contains { - "PolicyId": GmailId8_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check8_1_OK -} - tests contains { "PolicyId": GmailId8_1, "Criticality": "Shall", @@ -1809,7 +991,6 @@ tests contains { "NoSuchEvent": false } if { - Check8_1_OK Status := count(NonCompliantOUs8_1) == 0 } #-- @@ -1824,24 +1005,6 @@ if { GmailId9_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.9.1") -Check9_1_OK if { - not NoSuchEvent9_1(utils.TopLevelOU) -} - -Check9_1_OK if {PolicyApiInUse} - -default NoSuchEvent9_1(_) := false - -NoSuchEvent9_1(TopLevelOU) := true if { - SettingName := "IMAP_ACCESS" - EventsIMAPAccess := utils.FilterEventsOU(LogEvents, SettingName, TopLevelOU) - count(EventsIMAPAccess) == 0 -} else := true if { - SettingName := "ENABLE_POP_ACCESS" - EventsPOPAccess := utils.FilterEventsOU(LogEvents, SettingName, TopLevelOU) - count(EventsPOPAccess) == 0 -} - GetFriendlyValue9_1(ImapEnabled, PopEnabled) := Description if { ImapEnabled == true PopEnabled == true @@ -1856,55 +1019,6 @@ GetFriendlyValue9_1(ImapEnabled, PopEnabled) := Description if { Description := "POP access is enabled" } else := "Both IMAP and POP access are disabled" - -NonCompliantOUs9_1 contains { - "Name": OU, - "Value": GetFriendlyValue9_1(ImapEnabled, PopEnabled) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - - ImapEvents := utils.FilterEventsOU(LogEvents, "IMAP_ACCESS", OU) - count(ImapEvents) > 0 - LastImapEvent := utils.GetLastEvent(ImapEvents) - - PopEvents := utils.FilterEventsOU(LogEvents, "ENABLE_POP_ACCESS", OU) - count(PopEvents) > 0 - LastPopEvent := utils.GetLastEvent(PopEvents) - - ImapEnabled := (LastImapEvent.NewValue in {"DISABLED", "INHERIT_FROM_PARENT"}) == false - PopEnabled := (LastPopEvent.NewValue in {"false", "INHERIT_FROM_PARENT"}) == false - true in { - ImapEnabled, - PopEnabled - } -} - -NonCompliantGroups9_1 contains { - "Name": Group, - "Value": GetFriendlyValue9_1(ImapEnabled, PopEnabled) -} -if { - not PolicyApiInUse - some Group in utils.GroupsWithEvents - - ImapEvents := utils.FilterEventsGroup(LogEvents, "IMAP_ACCESS", Group) - count(ImapEvents) > 0 - LastImapEvent := utils.GetLastEvent(ImapEvents) - - PopEvents := utils.FilterEventsGroup(LogEvents, "ENABLE_POP_ACCESS", Group) - count(PopEvents) > 0 - LastPopEvent := utils.GetLastEvent(PopEvents) - - ImapEnabled := (LastImapEvent.NewValue in {"DISABLED", "INHERIT_FROM_PARENT"}) == false - PopEnabled := (LastPopEvent.NewValue in {"false", "INHERIT_FROM_PARENT"}) == false - true in { - ImapEnabled, - PopEnabled - } -} - NonCompliantOUs9_1 contains { "Name": OU, "Value": GetFriendlyValue9_1(imapEnable, popEnable) @@ -1927,29 +1041,13 @@ if { tests contains { "PolicyId": GmailId9_1, "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check9_1_OK -} - -tests contains { - "PolicyId": GmailId9_1, - "Criticality": "Shall", - "ReportDetails": utils.ReportDetails(NonCompliantOUs9_1, NonCompliantGroups9_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_1, "NonCompliantGroups": NonCompliantGroups9_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs9_1, []), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs9_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Check9_1_OK - Conditions := {count(NonCompliantOUs9_1) == 0, count(NonCompliantGroups9_1) == 0} - Status := (false in Conditions) == false + Status := count(NonCompliantOUs9_1) == 0 } #-- @@ -1963,33 +1061,9 @@ if { GmailId10_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.10.1") -LogMessage10_1 := "ENABLE_OUTLOOK_SYNC" - -Check10_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage10_1, utils.TopLevelOU) - count(events) > 0 -} - -Check10_1_OK if {PolicyApiInUse} - NonComplianceMessage10_1(value) := sprintf("Google Workspace Sync is %s", [value]) -NonCompliantOUs10_1 contains { - "Name": OU, - "Value": NonComplianceMessage10_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage10_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "true" - LastEvent.NewValue != "INHERIT_FROM_PARENT" -} - NonCompliantOUs10_1 contains { "Name": OU, "Value": NonComplianceMessage10_1(GetFriendlyEnabledValue(syncEnable)) @@ -2001,20 +1075,6 @@ if { syncEnable } -tests contains { - "PolicyId": GmailId10_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check10_1_OK -} - tests contains { "PolicyId": GmailId10_1, "Criticality": "Shall", @@ -2024,7 +1084,6 @@ tests contains { "NoSuchEvent": false } if { - Check10_1_OK Status := count(NonCompliantOUs10_1) == 0 } #-- @@ -2056,33 +1115,9 @@ tests contains { GmailId11_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.11.1") -LogMessage11_1 := "ENABLE_EMAIL_AUTOFORWARDING" - -Check11_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage11_1, utils.TopLevelOU) - count(events) > 0 -} - -Check11_1_OK if {PolicyApiInUse} - NonComplianceMessage11_1(value) := sprintf("Automatic email forwarding is set to: %s", [value]) -NonCompliantOUs11_1 contains { - "Name": OU, - "Value": NonComplianceMessage11_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage11_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "true" - LastEvent.NewValue != "INHERIT_FROM_PARENT" -} - NonCompliantOUs11_1 contains { "Name": OU, "Value": NonComplianceMessage11_1(GetFriendlyEnabledValue(autoforward)) @@ -2094,20 +1129,6 @@ if { autoforward != false } -tests contains { - "PolicyId": GmailId11_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := false - not Check11_1_OK -} - tests contains { "PolicyId": GmailId11_1, "Criticality": "Shall", @@ -2117,7 +1138,6 @@ tests contains { "NoSuchEvent": false } if { - Check11_1_OK Status := count(NonCompliantOUs11_1) == 0 } #-- @@ -2132,32 +1152,9 @@ if { GmailId12_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.12.1") -LogMessage12_1 := "OUTBOUND_RELAY_ENABLED" - -Check12_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage12_1, utils.TopLevelOU) - count(events) > 0 -} - -Check12_1_OK if {PolicyApiInUse} - NonComplianceMessage12_1(value) := sprintf("Per-user Outbound Gateways are %s", [value]) -NonCompliantOUs12_1 contains { - "Name": OU, - "Value": NonComplianceMessage12_1(GetFriendlyEnabledValue(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage12_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "true" -} - NonCompliantOUs12_1 contains { "Name": OU, "Value": NonComplianceMessage12_1(GetFriendlyEnabledValue(outGatewayEnable)) @@ -2169,20 +1166,6 @@ if { outGatewayEnable } -tests contains { - "PolicyId": GmailId12_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check12_1_OK -} - tests contains { "PolicyId": GmailId12_1, "Criticality": "Shall", @@ -2192,7 +1175,6 @@ tests contains { "NoSuchEvent": false } if { - Check12_1_OK Status := count(NonCompliantOUs12_1) == 0 } #-- @@ -2270,83 +1252,28 @@ if { GmailId14_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.14.1") -LogMessage14_1 := "GmailIpWhitelistSpamFilteringProto is_empty" - -Check14_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage14_1, utils.TopLevelOU) - count(events) > 0 -} - -Check14_1_OK if {PolicyApiInUse} - NonComplianceMessage14_1(Value, OU) := sprintf("Email allowlists are %s in %s.", [Value, OU]) -# Note that in the event logs, a STRING value of "false" means allowlists are -# enabled, but policy API checks for a boolean true value. - -GetFriendlyValue14_1(Value) := "enabled" if { - Value in {true, "false"} -} else := "disabled" if { - Value in {false, "true"} -} else := Value - -tests contains { - "PolicyId": GmailId14_1, - "Criticality": "Should", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": {LogMessage14_1: "No relevant event in the current logs"}, - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check14_1_OK -} - -tests contains { - "PolicyId": GmailId14_1, - "Criticality": "Should", - "ReportDetails": NonComplianceMessage14_1(GetFriendlyValue14_1(LastEvent.NewValue), - utils.TopLevelOU), - "ActualValue": {LastEvent.Setting: LastEvent.NewValue}, - "RequirementMet": Status, - "NoSuchEvent": false -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage14_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - Status := LastEvent.NewValue == "true" -} - -# This test applies only to the policy API - it is NOT shared with the events -# implementation. Similar to the above events implementation test, this test -# always returns a result, even if gmail is disabled - see how this is -# implemented by converting the enable status to 1/0 (whereas a false value -# would fail the tests conditional). +# As with the other tests, this always returns a result, even if gmail is +# disabled - see how this is implemented by converting the enable status to 1/0 +# (whereas a false value would fail the tests conditional). tests contains { "PolicyId": GmailId14_1, "Criticality": "Should", - "ReportDetails": NonComplianceMessage14_1(GetFriendlyValue14_1(allowListCount > 0), + "ReportDetails": NonComplianceMessage14_1(GetFriendlyEnabledValue(allowListCount > 0), utils.TopLevelOU), "ActualValue": {utils.TopLevelOU: allowList}, "RequirementMet": allowListCount == 0, "NoSuchEvent": false } if { - PolicyApiInUse enabled := to_number(GmailEnabled(utils.TopLevelOU)) settings := input.policies[utils.TopLevelOU] allowList := settings.gmail_email_spam_filter_ip_allowlist.allowedIpAddresses allowListCount := enabled * count(allowList) } - #-- ################ @@ -2359,42 +1286,12 @@ if { GmailId15_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.15.1") -LogMessage15_1 := "DelayedDeliverySettingsProto disable_delayed_delivery_for_suspicious_email" - -Check15_1_OK if { - not PolicyApiInUse - events := utils.FilterEventsOU(LogEvents, LogMessage15_1, utils.TopLevelOU) - count(events) > 0 -} - -Check15_1_OK if {PolicyApiInUse} - NonComplianceMessage15_1(value) := sprintf("Enhanced pre-delivery message scanning is %s", [value]) -GetFriendlyValue15_1(Value) := "enabled" if { - Value in {true, "false"} -} else := "disabled" if { - Value in {false, "true"} -} else := Value - -NonCompliantOUs15_1 contains { - "Name": OU, - "Value": NonComplianceMessage15_1(GetFriendlyValue15_1(LastEvent.NewValue)) -} -if { - not PolicyApiInUse - some OU in utils.OUsWithEvents - Events := utils.FilterEventsOU(LogEvents, LogMessage15_1, OU) - count(Events) > 0 - LastEvent := utils.GetLastEvent(Events) - LastEvent.NewValue == "true" - LastEvent.NewValue != "DELETE_APPLICATION_SETTING" -} - NonCompliantOUs15_1 contains { "Name": OU, - "Value": NonComplianceMessage15_1(GetFriendlyValue15_1(preScanning)) + "Value": NonComplianceMessage15_1(GetFriendlyEnabledValue(preScanning)) } if { some OU, settings in input.policies @@ -2404,20 +1301,6 @@ if { preScanning != true } -tests contains { - "PolicyId": GmailId15_1, - "Criticality": "Shall", - "ReportDetails": utils.NoSuchEventDetails(DefaultSafe, utils.TopLevelOU), - "ActualValue": "No relevant event in the current logs", - "RequirementMet": DefaultSafe, - "NoSuchEvent": true -} -if { - not PolicyApiInUse - DefaultSafe := true - not Check15_1_OK -} - tests contains { "PolicyId": GmailId15_1, "Criticality": "Shall", @@ -2427,7 +1310,6 @@ tests contains { "NoSuchEvent": false } if { - Check15_1_OK Status := count(NonCompliantOUs15_1) == 0 } #-- @@ -2545,7 +1427,6 @@ tests contains { } #-- - ################ # GWS.GMAIL.18 # ################