diff --git a/Testing/RegoTests/drive/drive01_test.rego b/Testing/RegoTests/drive/drive01_test.rego index cb634119..fbd74a33 100644 --- a/Testing/RegoTests/drive/drive01_test.rego +++ b/Testing/RegoTests/drive/drive01_test.rego @@ -29,7 +29,7 @@ test_Sharing_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Sharing_Correct_V2 if { @@ -67,7 +67,7 @@ test_Sharing_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Sharing_Correct_V3 if { @@ -105,7 +105,7 @@ test_Sharing_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Sharing_Incorrect_V1 if { @@ -165,7 +165,10 @@ test_Sharing_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Sharing_Incorrect_V3 if { @@ -203,7 +206,10 @@ test_Sharing_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Sharing_Incorrect_V4 if { @@ -241,7 +247,10 @@ test_Sharing_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Sharing_Incorrect_V5 if { @@ -305,7 +314,7 @@ test_Receiving_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Receiving_Correct_V2 if { @@ -343,7 +352,7 @@ test_Receiving_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Receiving_Correct_V3 if { @@ -381,7 +390,7 @@ test_Receiving_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Receiving_Incorrect_V1 if { @@ -441,7 +450,8 @@ test_Receiving_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Receiving_Incorrect_V3 if { @@ -479,7 +489,9 @@ test_Receiving_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) + } test_Receiving_Incorrect_V4 if { @@ -517,7 +529,8 @@ test_Receiving_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Receiving_Incorrect_V5 if { @@ -580,7 +593,7 @@ test_Warnings_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Warnings_Correct_V2 if { @@ -618,10 +631,10 @@ test_Warnings_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } -test_Warningsr_Correct_V3 if { +test_Warnings_Correct_V3 if { # Test sharing setting when there's multiple OUs PolicyId := "GWS.DRIVEDOCS.1.3v0.2" Output := tests with input as { @@ -656,7 +669,7 @@ test_Warningsr_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Warnings_Incorrect_V1 if { @@ -716,7 +729,8 @@ test_Warnings_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Warningsr_Incorrect_V3 if { @@ -754,7 +768,8 @@ test_Warningsr_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Warnings_Incorrect_V4 if { @@ -792,7 +807,8 @@ test_Warnings_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Warnings_Incorrect_V5 if { @@ -865,7 +881,7 @@ test_NonGoogle_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_NonGoogle_Correct_V2 if { @@ -913,7 +929,7 @@ test_NonGoogle_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_NonGoogle_Correct_V3 if { @@ -971,7 +987,7 @@ test_NonGoogle_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_NonGoogle_Incorrect_V1 if { @@ -1041,7 +1057,10 @@ test_NonGoogle_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_NonGoogle_Incorrect_V3 if { @@ -1099,7 +1118,10 @@ test_NonGoogle_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_NonGoogle_Incorrect_V4 if { @@ -1157,7 +1179,10 @@ test_NonGoogle_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_NonGoogle_Incorrect_V5 if { @@ -1220,7 +1245,7 @@ test_Link_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Link_Correct_V2 if { @@ -1258,7 +1283,7 @@ test_Link_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Link_Correct_V3 if { @@ -1296,7 +1321,7 @@ test_Link_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Link_Incorrect_V1 if { @@ -1356,9 +1381,9 @@ test_Link_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } - test_Link_Incorrect_V3 if { # Test sharing setting when there are multiple events and the most recent is wrong PolicyId := "GWS.DRIVEDOCS.1.5v0.2" @@ -1394,7 +1419,8 @@ test_Link_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Link_Incorrect_V4 if { @@ -1432,7 +1458,8 @@ test_Link_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Link_Incorrect_V5 if { @@ -1496,7 +1523,7 @@ test_SharingChecker_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_SharingChecker_Correct_V2 if { @@ -1534,7 +1561,7 @@ test_SharingChecker_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_SharingChecker_Correct_V3 if { @@ -1572,7 +1599,7 @@ test_SharingChecker_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_SharingChecker_Incorrect_V1 if { @@ -1632,7 +1659,10 @@ test_SharingChecker_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_SharingChecker_Incorrect_V3 if { @@ -1670,7 +1700,10 @@ test_SharingChecker_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_SharingChecker_Incorrect_V4 if { @@ -1708,7 +1741,10 @@ test_SharingChecker_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_SharingChecker_Incorrect_V5 if { @@ -1771,7 +1807,7 @@ test_CrossDomain_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_CrossDomain_Correct_V2 if { @@ -1809,7 +1845,7 @@ test_CrossDomain_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_CrossDomain_Correct_V3 if { @@ -1847,7 +1883,7 @@ test_CrossDomain_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_CrossDomain_Incorrect_V1 if { @@ -1907,11 +1943,14 @@ test_CrossDomain_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", [ "The following OUs are non-compliant:", + ""]) } test_CrossDomain_Incorrect_V3 if { - # Test sharing setting when there are multiple events and the most recent is wrong + # Test sharing setting when there are multiple events and + # the most recent is wrong, set to anyone can distribute content. PolicyId := "GWS.DRIVEDOCS.1.7v0.2" Output := tests with input as { "drive_logs": {"items": [ @@ -1945,11 +1984,14 @@ test_CrossDomain_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", [ "The following OUs are non-compliant:", + ""]) } test_CrossDomain_Incorrect_V4 if { - # Test sharing setting when Top OU is correct but not secondary OU + # Test sharing setting when Top OU is correct but not secondary OU, + # which is set to Anyone in the Organization PolicyId := "GWS.DRIVEDOCS.1.7v0.2" Output := tests with input as { "drive_logs": {"items": [ @@ -1983,9 +2025,12 @@ test_CrossDomain_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } + test_CrossDomain_Incorrect_V5 if { # Test sharing setting when Top OU is not present PolicyId := "GWS.DRIVEDOCS.1.7v0.2" @@ -2017,6 +2062,47 @@ test_CrossDomain_Incorrect_V5 if { "is non-compliant; manual check recommended." ]) } + +test_CrossDomain_Incorrect_V6 if { + # Test sharing setting when there are multiple events and + # the most recent event is wrong, set to only users in the organization + PolicyId := "GWS.DRIVEDOCS.1.7v0.2" + Output := tests with input as { + "drive_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS"}, + {"name": "NEW_VALUE", "value": "CROSS_DOMAIN_FROM_INTERNAL_ONLY"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + ] + }] + }, + { + "id": {"time": "2021-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS"}, + {"name": "NEW_VALUE", "value": "CROSS_DOMAIN_MOVES_BLOCKED"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + ] + }] + } + ]}, + "tenant_info": { + "topLevelOU": "" + }, + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + not RuleOutput[0].RequirementMet + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) +} #-- # @@ -2047,7 +2133,7 @@ test_Default_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Default_Correct_V2 if { @@ -2085,7 +2171,7 @@ test_Default_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Default_Correct_V3 if { @@ -2123,7 +2209,7 @@ test_Default_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Default_Incorrect_V1 if { @@ -2183,7 +2269,12 @@ test_Default_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", [ + "The following OUs are non-compliant:", + "" + + ]) } test_Default_Incorrect_V3 if { @@ -2221,7 +2312,11 @@ test_Default_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", [ + "The following OUs are non-compliant:", + "" + ]) } test_Default_Incorrect_V4 if { @@ -2259,7 +2354,12 @@ test_Default_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", [ + "The following OUs are non-compliant:", + "" + + ]) } test_Default_Incorrect_V5 if { @@ -2292,4 +2392,48 @@ test_Default_Incorrect_V5 if { "While we are unable to determine the state from the logs, the default setting ", "is non-compliant; manual check recommended." ]) +} + +test_Default_Incorrect_V6 if { + # Test sharing setting when Top OU is correct but not secondary OU + PolicyId := "GWS.DRIVEDOCS.1.8v0.2" + Output := tests with input as { + "drive_logs": {"items": [ + { + "id": {"time": "2022-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "DEFAULT_LINK_SHARING_FOR_NEW_DOCS"}, + {"name": "NEW_VALUE", "value": "PRIVATE"}, + {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, + ] + }] + }, + { + "id": {"time": "2021-12-20T00:02:28.672Z"}, + "events": [{ + "parameters": [ + {"name": "SETTING_NAME", "value": "DEFAULT_LINK_SHARING_FOR_NEW_DOCS"}, + {"name": "NEW_VALUE", "value": "PEOPLE_WITH_LINK"}, + {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, + ] + }] + } + ]}, + "tenant_info": { + "topLevelOU": "Test Top-Level OU" + }, + } + + RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId] + count(RuleOutput) == 1 + not RuleOutput[0].RequirementMet + not RuleOutput[0].NoSuchEvent + RuleOutput[0].ReportDetails == concat("", [ + "The following OUs are non-compliant:", + "" + + ]) } \ No newline at end of file diff --git a/Testing/RegoTests/drive/drive02_test.rego b/Testing/RegoTests/drive/drive02_test.rego index 5c4bacbb..f4a99492 100644 --- a/Testing/RegoTests/drive/drive02_test.rego +++ b/Testing/RegoTests/drive/drive02_test.rego @@ -29,7 +29,7 @@ test_Managers_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Managers_Correct_V2 if { @@ -67,7 +67,7 @@ test_Managers_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Managers_Correct_V3 if { @@ -105,7 +105,7 @@ test_Managers_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Managers_Incorrect_V1 if { @@ -165,7 +165,8 @@ test_Managers_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Managers_Incorrect_V3 if { @@ -203,7 +204,8 @@ test_Managers_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Managers_Incorrect_V4 if { @@ -241,7 +243,8 @@ test_Managers_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Managers_Incorrect_V5 if { @@ -307,7 +310,7 @@ test_Outside_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Outside_Correct_V2 if { @@ -351,7 +354,7 @@ test_Outside_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Outside_Correct_V3 if { @@ -395,7 +398,7 @@ test_Outside_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Outside_Incorrect_V1 if { @@ -458,7 +461,8 @@ test_Outside_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Outside_Incorrect_V3 if { @@ -502,7 +506,8 @@ test_Outside_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Outside_Incorrect_V4 if { @@ -546,7 +551,8 @@ test_Outside_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Outside_Incorrect_V5 if { @@ -615,7 +621,7 @@ test_SharedDrive_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_SharedDrive_Correct_V2 if { @@ -659,7 +665,7 @@ test_SharedDrive_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_SharedDrive_Correct_V3 if { @@ -703,7 +709,7 @@ test_SharedDrive_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_SharedDrive_Incorrect_V1 if { @@ -766,7 +772,8 @@ test_SharedDrive_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_SharedDrive_Incorrect_V3 if { @@ -810,9 +817,11 @@ test_SharedDrive_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } + test_SharedDrive_Incorrect_V4 if { # Test sharing setting when top OU is correct but secondary isn't PolicyId := "GWS.DRIVEDOCS.2.3v0.2" @@ -854,7 +863,8 @@ test_SharedDrive_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_SharedDrive_Incorrect_V5 if { @@ -905,7 +915,7 @@ test_Viewers_Correct_V1 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "false"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -920,7 +930,7 @@ test_Viewers_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Viewers_Correct_V2 if { @@ -933,7 +943,7 @@ test_Viewers_Correct_V2 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "false"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -943,7 +953,7 @@ test_Viewers_Correct_V2 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "true"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -958,7 +968,7 @@ test_Viewers_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Viewers_Correct_V3 if { @@ -971,7 +981,7 @@ test_Viewers_Correct_V3 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "false"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -981,7 +991,7 @@ test_Viewers_Correct_V3 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "false"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Secondary OU"}, ] }] @@ -996,7 +1006,7 @@ test_Viewers_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Viewers_Incorrect_V1 if { @@ -1041,7 +1051,7 @@ test_Viewers_Incorrect_V2 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "true"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -1056,7 +1066,8 @@ test_Viewers_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Viewers_Incorrect_V3 if { @@ -1069,7 +1080,7 @@ test_Viewers_Incorrect_V3 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "true"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -1079,7 +1090,7 @@ test_Viewers_Incorrect_V3 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "false"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -1094,7 +1105,9 @@ test_Viewers_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Viewers_Incorrect_V4 if { @@ -1107,7 +1120,7 @@ test_Viewers_Incorrect_V4 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "false"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -1117,7 +1130,7 @@ test_Viewers_Incorrect_V4 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "Shared Drive Creation new_team_drive_restricts_download"}, - {"name": "NEW_VALUE", "value": "true"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Secondary OU"}, ] }] @@ -1132,7 +1145,9 @@ test_Viewers_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Viewers_Incorrect_V5 if { diff --git a/Testing/RegoTests/drive/drive03_test.rego b/Testing/RegoTests/drive/drive03_test.rego index 31a63818..824caefe 100644 --- a/Testing/RegoTests/drive/drive03_test.rego +++ b/Testing/RegoTests/drive/drive03_test.rego @@ -42,7 +42,7 @@ test_Sharing_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Sharing_Correct_V2 if { @@ -96,7 +96,7 @@ test_Sharing_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Sharing_Correct_V3 if { @@ -160,7 +160,7 @@ test_Sharing_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Sharing_Incorrect_V1 if { @@ -234,7 +234,9 @@ test_Sharing_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Sharing_Incorrect_V3 if { @@ -288,7 +290,9 @@ test_Sharing_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Sharing_Incorrect_V4 if { @@ -352,7 +356,9 @@ test_Sharing_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Sharing_Incorrect_V5 if { diff --git a/Testing/RegoTests/drive/drive04_test.rego b/Testing/RegoTests/drive/drive04_test.rego index 287785d6..ef8c5656 100644 --- a/Testing/RegoTests/drive/drive04_test.rego +++ b/Testing/RegoTests/drive/drive04_test.rego @@ -29,7 +29,7 @@ test_Security_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Security_Correct_V2 if { @@ -67,7 +67,7 @@ test_Security_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Security_Correct_V3 if { @@ -105,7 +105,7 @@ test_Security_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Security_Incorrect_V1 if { @@ -165,7 +165,8 @@ test_Security_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Security_Incorrect_V3 if { @@ -203,7 +204,8 @@ test_Security_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Security_Incorrect_V4 if { @@ -241,7 +243,8 @@ test_Security_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Security_Incorrect_V5 if { diff --git a/Testing/RegoTests/drive/drive05_test.rego b/Testing/RegoTests/drive/drive05_test.rego index c0b70a80..2e13be1c 100644 --- a/Testing/RegoTests/drive/drive05_test.rego +++ b/Testing/RegoTests/drive/drive05_test.rego @@ -29,7 +29,7 @@ test_Sharing_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Sharing_Correct_V2 if { @@ -67,7 +67,7 @@ test_Sharing_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Sharing_Correct_V3 if { @@ -105,7 +105,7 @@ test_Sharing_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_Sharing_Incorrect_V1 if { @@ -165,7 +165,8 @@ test_Sharing_Incorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Sharing_Incorrect_V3 if { @@ -203,7 +204,8 @@ test_Sharing_Incorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Sharing_Incorrect_V4 if { @@ -241,7 +243,8 @@ test_Sharing_Incorrect_V4 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Secondary OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_Sharing_Incorrect_V5 if { diff --git a/Testing/RegoTests/drive/drive06_test.rego b/Testing/RegoTests/drive/drive06_test.rego index a601e1af..973db6d3 100644 --- a/Testing/RegoTests/drive/drive06_test.rego +++ b/Testing/RegoTests/drive/drive06_test.rego @@ -59,7 +59,7 @@ test_DriveFs_Setting_Correct_V1 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_DriveFs_Setting_Correct_V2 if { @@ -107,7 +107,7 @@ test_DriveFs_Setting_Correct_V2 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_DriveFs_Setting_Correct_V3 if { @@ -175,7 +175,7 @@ test_DriveFs_Setting_Correct_V3 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_DriveFs_Setting_Correct_V4 if { @@ -213,7 +213,7 @@ test_DriveFs_Setting_Correct_V4 if { count(RuleOutput) == 1 RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement met in all OUs." + RuleOutput[0].ReportDetails == "Requirement met in all OUs and groups." } test_DriveFs_Setting_InCorrect_V1 if { @@ -226,7 +226,7 @@ test_DriveFs_Setting_InCorrect_V1 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "DriveFsSettingsProto company_owned_only_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -236,7 +236,7 @@ test_DriveFs_Setting_InCorrect_V1 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "DriveFsSettingsProto drive_fs_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -251,7 +251,8 @@ test_DriveFs_Setting_InCorrect_V1 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_DriveFs_Setting_InCorrect_V2 if { @@ -264,7 +265,7 @@ test_DriveFs_Setting_InCorrect_V2 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "DriveFsSettingsProto company_owned_only_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -274,7 +275,7 @@ test_DriveFs_Setting_InCorrect_V2 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "DriveFsSettingsProto drive_fs_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -284,7 +285,7 @@ test_DriveFs_Setting_InCorrect_V2 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "DriveFsSettingsProto company_owned_only_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Secondary-Level OU"}, ] }] @@ -309,7 +310,8 @@ test_DriveFs_Setting_InCorrect_V2 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } test_DriveFs_Setting_InCorrect_V3 if { @@ -322,7 +324,7 @@ test_DriveFs_Setting_InCorrect_V3 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "DriveFsSettingsProto company_owned_only_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] @@ -332,13 +334,13 @@ test_DriveFs_Setting_InCorrect_V3 if { "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "DriveFsSettingsProto drive_fs_enabled"}, - {"name": "NEW_VALUE", "value": "false"}, + {"name": "NEW_VALUE", "value": "true"}, {"name": "ORG_UNIT_NAME", "value": "Test Top-Level OU"}, ] }] }, { - "id": {"time": "2022-22-20T00:02:24.672Z"}, + "id": {"time": "2022-05-20T00:02:24.672Z"}, "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "DriveFsSettingsProto company_owned_only_enabled"}, @@ -348,11 +350,11 @@ test_DriveFs_Setting_InCorrect_V3 if { }] }, { - "id": {"time": "2022-21-20T00:02:25.672Z"}, + "id": {"time": "2022-05-20T00:02:25.672Z"}, "events": [{ "parameters": [ {"name": "SETTING_NAME", "value": "DriveFsSettingsProto drive_fs_enabled"}, - {"name": "NEW_VALUE", "value": "true"}, + {"name": "NEW_VALUE", "value": "false"}, {"name": "ORG_UNIT_NAME", "value": "Secondary-Level OU"}, ] }] @@ -387,5 +389,6 @@ test_DriveFs_Setting_InCorrect_V3 if { count(RuleOutput) == 1 not RuleOutput[0].RequirementMet not RuleOutput[0].NoSuchEvent - RuleOutput[0].ReportDetails == "Requirement failed in Test Top-Level OU." + RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:", + ""]) } \ No newline at end of file diff --git a/rego/Drive.rego b/rego/Drive.rego index 421669aa..0c3e7b8c 100644 --- a/rego/Drive.rego +++ b/rego/Drive.rego @@ -12,13 +12,42 @@ LogEvents := utils.GetEvents("drive_logs") # # Baseline GWS.DRIVEDOCS.1.1v0.2 #-- -NonCompliantOUs1_1 contains OU if { + +GetFriendlyValue1_1(Value) := concat("", + ["Files owned by users or shared drives ", + "can be shared with Google accounts in ", + "compatible allowlisted domains"]) if { + startswith(Value, "TRUSTED_DOMAINS") +} +else := concat("", ["Files owned by users or shared drives can ", + "be shared outside of the organization"]) if { + startswith(Value, "SHARING_ALLOWED") +} else := Value + +NonCompliantOUs1_1 contains { + "Name": OU, + "Value": GetFriendlyValue1_1(LastEvent.NewValue) + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) AcceptableValues := {"SHARING_NOT_ALLOWED", "INHERIT_FROM_PARENT", - "SHARING_NOT_ALLOWED_BUT_MAY_RECEIVE_FILES"} + "SHARING_NOT_ALLOWED_BUT_MAY_RECEIVE_FILES"} + not LastEvent.NewValue in AcceptableValues +} + + +NonCompliantGroups1_1 contains { + "Name": Group, + "Value": GetFriendlyValue1_1(LastEvent.NewValue) + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "SHARING_OUTSIDE_DOMAIN", Group) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + AcceptableValues := {"SHARING_NOT_ALLOWED", "INHERIT_FROM_PARENT", + "SHARING_NOT_ALLOWED_BUT_MAY_RECEIVE_FILES"} not LastEvent.NewValue in AcceptableValues } @@ -32,37 +61,64 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.1v0.2", "Criticality": "Should", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_1), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs1_1, NonCompliantGroups1_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_1, "NonCompliantGroups": NonCompliantGroups1_1}, "RequirementMet": Status, "NoSuchEvent": false } if { Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs1_1) == 0 + Conditions := {count(NonCompliantOUs1_1) == 0, count(NonCompliantGroups1_1) == 0 } + Status := (false in Conditions) == false } #-- -# Can be combined with 1.1, since this is a single setting with the same value that will pass for both conditions # # Baseline GWS.DRIVEDOCS.1.2v0.2 #-- -NonCompliantOUs1_2 contains OU if { + + +GetFriendlyValue1_2(Value) := "Users cannot recieve files outside the domain" if { + contains("SHARING_NOT_ALLOWED INHERIT_FROM_PARENT", Value) == true +} +else := "Users can recieve files outside the domain" + +NonCompliantOUs1_2 contains { + "Name": OU, + "Value": GetFriendlyValue1_2(LastEvent.NewValue) + } + if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) - contains("SHARING_NOT_ALLOWED INHERIT_FROM_PARENT", LastEvent.NewValue) == false + AcceptableValues = {"SHARING_NOT_ALLOWED", "INHERIT_FROM_PARENT", + "TRUSTED_DOMAINS_ALLOWED", "TRUSTED_DOMAINS_ALLOWED_WITH_WARNING"} + not LastEvent.NewValue in AcceptableValues } +NonCompliantGroups1_2 contains { + "Name": Group, + "Value": GetFriendlyValue1_2(LastEvent.NewValue) + } + if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "SHARING_OUTSIDE_DOMAIN", Group) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + AcceptableValues = {"SHARING_NOT_ALLOWED", "INHERIT_FROM_PARENT", + "TRUSTED_DOMAINS_ALLOWED", "TRUSTED_DOMAINS_ALLOWED_WITH_WARNING"} + not LastEvent.NewValue in AcceptableValues + } + tests contains { "PolicyId": "GWS.DRIVEDOCS.1.2v0.2", "Criticality": "Should", @@ -73,36 +129,64 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.2v0.2", "Criticality": "Should", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_2), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs1_2, NonCompliantGroups1_2), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_2, + "NonCompliantGroups": NonCompliantGroups1_2}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs1_2) == 0 + Conditions := {count(NonCompliantOUs1_2) == 0, count(NonCompliantGroups1_2) == 0 } + Status := (false in Conditions) == false } #-- -# Can be combined with 1.4 since a single policy can be used to check both conditions # # Baseline GWS.DRIVEDOCS.1.3v0.2 #-- -NonCompliantOUs1_3 contains OU if { + +GetFriendlyValue1_3(Value, AcceptableValues) := "External Sharing Warning is Enabled" if { + Value in AcceptableValues == true +} +else := "External Sharing Warning is Disabled" + + +NonCompliantOUs1_3 contains { + "Name": OU, + "Value": GetFriendlyValue1_3(LastEvent.NewValue, AcceptableValues) + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + AcceptableValues := {"SHARING_ALLOWED_WITH_WARNING", "SHARING_NOT_ALLOWED", + "INHERIT_FROM_PARENT", "SHARING_NOT_ALLOWED_BUT_MAY_RECEIVE_FILES", + "TRUSTED_DOMAINS_ALLOWED_WITH_WARNING", + "TRUSTED_DOMAINS_ALLOWED_WITH_WARNING_MAY_RECEIVE_FILES_FROM_ANYONE"} + not LastEvent.NewValue in AcceptableValues +} + +NonCompliantGroups1_3 contains { + "Name": Group, + "Value": GetFriendlyValue1_3(LastEvent.NewValue, AcceptableValues) + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "SHARING_OUTSIDE_DOMAIN", Group) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) AcceptableValues := {"SHARING_ALLOWED_WITH_WARNING", "SHARING_NOT_ALLOWED", - "INHERIT_FROM_PARENT", "SHARING_NOT_ALLOWED_BUT_MAY_RECEIVE_FILES"} + "INHERIT_FROM_PARENT", "SHARING_NOT_ALLOWED_BUT_MAY_RECEIVE_FILES", + "TRUSTED_DOMAINS_ALLOWED_WITH_WARNING", + "TRUSTED_DOMAINS_ALLOWED_WITH_WARNING_MAY_RECEIVE_FILES_FROM_ANYONE"} not LastEvent.NewValue in AcceptableValues } @@ -116,23 +200,26 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.3v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_3), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_3}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs1_3, NonCompliantGroups1_3), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_3, + "NonCompliantGroups": NonCompliantGroups1_3}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_OUTSIDE_DOMAIN", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs1_3) == 0 + Conditions := {count(NonCompliantOUs1_3) == 0, count(NonCompliantGroups1_3) == 0 } + Status := (false in Conditions) == false } + #-- # @@ -152,13 +239,45 @@ NoSuchEvent1_4(TopLevelOU) := true if { default NoSuchEvent1_4(_) := false -NonCompliantOUs1_4 contains OU if { +GetFriendlyValue1_4(Value_A, Value_B, AcceptableValues_A, AcceptableValues_B) := +"External Sharing is Disabled" if { + Value_B in AcceptableValues_B +} else := concat("", ["External sharing is enabled ", + "but sharing items to non-google accounts is disabled"]) if { + Value_A in AcceptableValues_A +} else := "External sharing is enabled and items can be shared to non-google accounts" + +NonCompliantOUs1_4 contains { + "Name": OU, + "Value": GetFriendlyValue1_4(LastEvent_A.NewValue, + LastEvent_B.NewValue, AcceptableValues_A, AcceptableValues_B) + } if { some OU in utils.OUsWithEvents - Events_A := utils.FilterEvents(LogEvents, "SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", OU) + Events_A := utils.FilterEventsOU(LogEvents, "SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", OU) count(Events_A) > 0 LastEvent_A := utils.GetLastEvent(Events_A) - Events_B := utils.FilterEvents(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) + Events_B := utils.FilterEventsOU(LogEvents, "SHARING_OUTSIDE_DOMAIN", OU) + count(Events_B) > 0 + LastEvent_B := utils.GetLastEvent(Events_B) + + AcceptableValues_A := {"NOT_ALLOWED", "INHERIT_FROM_PARENT"} + not LastEvent_A.NewValue in AcceptableValues_A + AcceptableValues_B := {"SHARING_NOT_ALLOWED", "INHERIT_FROM_PARENT"} + not LastEvent_B.NewValue in AcceptableValues_B +} + +NonCompliantGroups1_4 contains { + "Name": Group, + "Value": GetFriendlyValue1_4(LastEvent_A.NewValue, LastEvent_B.NewValue, + AcceptableValues_A, AcceptableValues_B) + } if { + some Group in utils.GroupsWithEvents + Events_A := utils.FilterEventsGroup(LogEvents, "SHARING_INVITES_TO_NON_GOOGLE_ACCOUNTS", Group) + count(Events_A) > 0 + LastEvent_A := utils.GetLastEvent(Events_A) + + Events_B := utils.FilterEventsGroup(LogEvents, "SHARING_OUTSIDE_DOMAIN", Group) count(Events_B) > 0 LastEvent_B := utils.GetLastEvent(Events_B) @@ -184,28 +303,47 @@ if { tests contains { "PolicyId": "GWS.DRIVEDOCS.1.4v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_4), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_4}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs1_4, NonCompliantGroups1_4), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_4, + "NonCompliantGroups": NonCompliantGroups1_4}, "RequirementMet": Status, "NoSuchEvent": false } if { not NoSuchEvent1_4(utils.TopLevelOU) - Status := count(NonCompliantOUs1_4) == 0 + Conditions := {count(NonCompliantOUs1_4) == 0, count(NonCompliantGroups1_4) == 0 } + Status := (false in Conditions) == false } + #-- # # Baseline GWS.DRIVEDOCS.1.5v0.2 #-- -NonCompliantOUs1_5 contains OU if { + +NonCompliantOUs1_5 contains { + "Name": OU, + "Value": "Published web content can be made visible to anyone with a link" + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "PUBLISHING_TO_WEB", OU) + Events := utils.FilterEventsOU(LogEvents, "PUBLISHING_TO_WEB", OU) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) contains("ALLOWED", LastEvent.NewValue) == true } +NonCompliantGroups1_5 contains { + "Name": Group, + "Value": "Published web content can be made visible to anyone with a link" + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "PUBLISHING_TO_WEB", Group) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + contains("ALLOWED", LastEvent.NewValue) == true +} + + tests contains { "PolicyId": "GWS.DRIVEDOCS.1.5v0.2", "Criticality": "Shall", @@ -216,34 +354,54 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "PUBLISHING_TO_WEB", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "PUBLISHING_TO_WEB", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.5v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_5), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_5}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs1_5, NonCompliantGroups1_5), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_5, + "NonCompliantGroups": NonCompliantGroups1_5}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "PUBLISHING_TO_WEB", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "PUBLISHING_TO_WEB", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs1_5) == 0 + Conditions := {count(NonCompliantOUs1_5) == 0, count(NonCompliantGroups1_5) == 0 } + Status := (false in Conditions) == false } #-- # # Baseline GWS.DRIVEDOCS.1.6v0.2 #-- -NonCompliantOUs1_6 contains OU if { +NonCompliantOUs1_6 contains { + "Name":OU, + "Value": concat("", ["Access Checker allows users to share ", + "files to the public (no Google account required)"]) + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS", OU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + contains("NAMED_PARTIES_ONLY DOMAIN_OR_NAMED_PARTIES INHERIT_FROM_PARENT", + LastEvent.NewValue) == false +} + +NonCompliantGroups1_6 contains { + "Name":Group, + "Value": concat("", ["Access Checker allows users to share ", + "files to the public (no Google account required)"]) + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS", Group) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) - contains("NAMED_PARTIES_ONLY DOMAIN_OR_NAMED_PARTIES INHERIT_FROM_PARENT", LastEvent.NewValue) == false + contains("NAMED_PARTIES_ONLY DOMAIN_OR_NAMED_PARTIES INHERIT_FROM_PARENT", + LastEvent.NewValue) == false } tests contains { @@ -256,31 +414,56 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS",utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS",utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.6v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_6), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_6}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs1_6, NonCompliantGroups1_6), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_6, + "NonCompliantGroups": NonCompliantGroups1_6}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_ACCESS_CHECKER_OPTIONS", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs1_6) == 0 + Conditions := {count(NonCompliantOUs1_6) == 0, count(NonCompliantGroups1_6) == 0 } + Status := (false in Conditions) == false } #-- # # Baseline GWS.DRIVEDOCS.1.7v0.2 #-- -NonCompliantOUs1_7 contains OU if { +GetFriendlyValue1_7(Value):= "Setting is compliant." if { + Value == "CROSS_DOMAIN_MOVES_BLOCKED" +} else := "Only users inside the organization can distribute content outside of the organization" if { + Value == "CROSS_DOMAIN_FROM_INTERNAL_ONLY" +} else := "Anyone can distribute content in the organization to outside the organization" if { + Value == "CROSS_DOMAIN_FROM_INTERNAL_OR_EXTERNAL" +} else := Value + +NonCompliantOUs1_7 contains { + "Name": OU, + "Value": GetFriendlyValue1_7(LastEvent.NewValue) + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", OU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + SettingValue := "CROSS_DOMAIN_MOVES_BLOCKED INHERIT_FROM_PARENT" + contains(SettingValue, LastEvent.NewValue) == false +} + +NonCompliantGroups1_7 contains { + "Name": Group, + "Value": GetFriendlyValue1_7(LastEvent.NewValue) + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", Group) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) SettingValue := "CROSS_DOMAIN_MOVES_BLOCKED INHERIT_FROM_PARENT" @@ -297,31 +480,60 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.7v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_7), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs1_7}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs1_7, NonCompliantGroups1_7), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_7, "NonCompliantGroups": NonCompliantGroups1_7}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "SHARING_TEAM_DRIVE_CROSS_DOMAIN_OPTIONS", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs1_7) == 0 + Conditions := {count(NonCompliantOUs1_7) == 0, count(NonCompliantGroups1_7) == 0 } + Status := (false in Conditions) == false } #-- # # Baseline GWS.DRIVEDOCS.1.8v0.2 #-- -NonCompliantOUs1_8 contains OU if { + +GetFriendlyValue1_8(Value):= "private to the owner." if { + Value == "PRIVATE" +} else := "The primary target audience can access the item if they have the link" if { + Value == "PEOPLE_WITH_LINK" +} else := "The primary target audience can search and find the item." if { + Value == "PUBLIC" +} else := Value + + +NonCompliantOUs1_8 contains { + "Name": OU, + "Value": concat("", ["When users create items, the default access is set to: ", + GetFriendlyValue1_8(LastEvent.NewValue)]) +} if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS", OU) + Events := utils.FilterEventsOU(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + LastEvent.NewValue != "PRIVATE" + LastEvent.NewValue != "INHERIT_FROM_PARENT" +} + + +NonCompliantGroups1_8 contains { + "Name": Group, + "Value": concat("", ["When users create items, the default access is set to: ", + GetFriendlyValue1_8(LastEvent.NewValue)]) +} if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS", Group) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "PRIVATE" @@ -338,22 +550,23 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS",utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.1.8v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs1_8), - "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_8}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs1_8, NonCompliantGroups1_8), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs1_8, "NonCompliantGroups": NonCompliantGroups1_8}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "DEFAULT_LINK_SHARING_FOR_NEW_DOCS", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs1_8) == 0 + Conditions := {count(NonCompliantOUs1_8) == 0, count(NonCompliantGroups1_8) == 0 } + Status := (false in Conditions) == false } #-- @@ -364,9 +577,24 @@ if { # # Baseline GWS.DRIVEDOCS.2.1v0.2 #-- -NonCompliantOUs2_1 contains OU if { +NonCompliantOUs2_1 contains { + "Name": OU, + "Value": "Members with manager access can override shared drive settings." + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", OU) + Events := utils.FilterEventsOU(LogEvents, "Shared Drive Creation new_team_drive_admin_only", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + contains("true", LastEvent.NewValue) == false + LastEvent.NewValue != "DELETE_APPLICATION_SETTING" +} + +NonCompliantGroups2_1 contains { + "Name": Group, + "Value": "Members with manager access can override shared drive settings." + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "Shared Drive Creation new_team_drive_admin_only", Group) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false @@ -383,31 +611,49 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.1v0.2", "Criticality": "Should", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_1), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs2_1, NonCompliantGroups2_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_1, "NonCompliantGroups": NonCompliantGroups2_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "Shared Drive Creation new_team_drive_admin_only", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs2_1) == 0 + Conditions := {count(NonCompliantOUs2_1) == 0, count(NonCompliantGroups2_1) == 0 } + Status := (false in Conditions) == false } #-- # # Baseline GWS.DRIVEDOCS.2.2v0.2 #-- -NonCompliantOUs2_2 contains OU if { +NonCompliantOUs2_2 contains { + "Name": OU, + "Value": "Users outside the organization can access files in shared drives" + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_cross_domain_access", OU) + Events := utils.FilterEventsOU(LogEvents, + "Shared Drive Creation new_team_drive_restricts_cross_domain_access", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + contains("true", LastEvent.NewValue) == false + LastEvent.NewValue != "DELETE_APPLICATION_SETTING" +} + +NonCompliantGroups2_2 contains { + "Name": Group, + "Value": "Users outside the organization can access files in shared drives" + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, + "Shared Drive Creation new_team_drive_restricts_cross_domain_access", Group) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false @@ -425,38 +671,56 @@ tests contains { if { DefaultSafe := false SettingName := "Shared Drive Creation new_team_drive_restricts_cross_domain_access" - Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.2v0.2", "Criticality": "Should", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_2), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_2}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs2_2, NonCompliantGroups2_2), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_2, "NonCompliantGroups": NonCompliantGroups2_2}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Shared Drive Creation new_team_drive_restricts_cross_domain_access" - Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs2_2) == 0 + Conditions := {count(NonCompliantOUs2_2) == 0, count(NonCompliantGroups2_2) == 0 } + Status := (false in Conditions) == false } #-- # # Baseline GWS.DRIVEDOCS.2.3v0.2 #-- -NonCompliantOUs2_3 contains OU if { +NonCompliantOUs2_3 contains { + "Name": OU, + "Value": "People who aren't shared drive members can be added to files" + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_direct_access", OU) + Events := utils.FilterEventsOU(LogEvents, + "Shared Drive Creation new_team_drive_restricts_direct_access", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + contains("true", LastEvent.NewValue) == false + LastEvent.NewValue != "DELETE_APPLICATION_SETTING" +} +NonCompliantGroups2_3 contains { + "Name": Group, + "Value": "People who aren't shared drive members can be added to files" + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, + "Shared Drive Creation new_team_drive_restricts_direct_access", Group) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) contains("true", LastEvent.NewValue) == false LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } + tests contains { "PolicyId": "GWS.DRIVEDOCS.2.3v0.2", "Criticality": "Shall", @@ -468,35 +732,54 @@ tests contains { if { DefaultSafe := false SettingName := "Shared Drive Creation new_team_drive_restricts_direct_access" - Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.3v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_3), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_3}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs2_3, NonCompliantGroups2_3), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_3, + "NonCompliantGroups": NonCompliantGroups2_3}, "RequirementMet": Status, "NoSuchEvent": false } if { SettingName := "Shared Drive Creation new_team_drive_restricts_direct_access" - Events := utils.FilterEvents(LogEvents, SettingName, utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, SettingName, utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs2_3) == 0 + Conditions := {count(NonCompliantOUs2_3) == 0, count(NonCompliantGroups2_3) == 0 } + Status := (false in Conditions) == false } #-- # # Baseline GWS.DRIVEDOCS.2.4v0.2 #-- -NonCompliantOUs2_4 contains OU if { +NonCompliantOUs2_4 contains { + "Name": OU, + "Value": "Viewers and commenters are allowed to download, print, and copy files" + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", OU) + Events := utils.FilterEventsOU(LogEvents, + "Shared Drive Creation new_team_drive_restricts_download", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + contains("false", LastEvent.NewValue) == true + LastEvent.NewValue != "DELETE_APPLICATION_SETTING" +} + +NonCompliantGroups2_4 contains { + "Name": Group, + "Value": "Viewers and commenters are allowed to download, print, and copy files" + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, + "Shared Drive Creation new_team_drive_restricts_download", Group) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) - contains("false", LastEvent.NewValue) == false + contains("false", LastEvent.NewValue) == true LastEvent.NewValue != "DELETE_APPLICATION_SETTING" } @@ -510,22 +793,26 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, + "Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) count(Events) == 0 } tests contains { "PolicyId": "GWS.DRIVEDOCS.2.4v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs2_4), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs2_4}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs2_4, NonCompliantGroups2_4), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs2_4, + "NonCompliantGroups": NonCompliantGroups2_4}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, + "Shared Drive Creation new_team_drive_restricts_download", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs2_4) == 0 + Conditions := {count(NonCompliantOUs2_4) == 0, count(NonCompliantGroups2_4) == 0 } + Status := (false in Conditions) == false } #-- @@ -540,25 +827,38 @@ if { NoSuchEvent3_1(TopLevelOU) := true if { # No such event... SettingName := "Link Security Update Settings allow_less_secure_link_user_restore" - Events_A := utils.FilterEvents(LogEvents, SettingName, TopLevelOU) + Events_A := utils.FilterEventsOU(LogEvents, SettingName, TopLevelOU) count(Events_A) == 0 } NoSuchEvent3_1(TopLevelOU) := true if { # No such event... - Events := utils.FilterEvents(LogEvents, "Link Security Update Settings less_secure_link_option", TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, + "Link Security Update Settings less_secure_link_option", TopLevelOU) count(Events) == 0 } default NoSuchEvent3_1(_) := false -NonCompliantOUs3_1 contains OU if { +GetFriendlyValue3_1(Value_B, Value_A) := +"The security update is removed from all impacted files" if { + Value_B == "REQUIRE_LESS_SECURE_LINKS" +} +else := "Users are allowed to remove/apply the security update for files they own or manage" if { + Value_A == "true" +} +NonCompliantOUs3_1 contains { + "Name": OU, + "Value": GetFriendlyValue3_1(LastEvent_B.NewValue, LastEvent_A.NewValue) + } if { some OU in utils.OUsWithEvents - Events_A := utils.FilterEvents(LogEvents, "Link Security Update Settings allow_less_secure_link_user_restore", OU) + Events_A := utils.FilterEventsOU(LogEvents, + "Link Security Update Settings allow_less_secure_link_user_restore", OU) count(Events_A) > 0 LastEvent_A := utils.GetLastEvent(Events_A) - Events_B := utils.FilterEvents(LogEvents, "Link Security Update Settings less_secure_link_option", OU) + Events_B := utils.FilterEventsOU(LogEvents, + "Link Security Update Settings less_secure_link_option", OU) count(Events_B) > 0 LastEvent_B := utils.GetLastEvent(Events_B) @@ -584,8 +884,8 @@ if { tests contains { "PolicyId": "GWS.DRIVEDOCS.3.1v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs3_1), - "ActualValue" : {"NonComplaintOUs": NonCompliantOUs3_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs3_1, []), + "ActualValue" : {"NonCompliantOUs": NonCompliantOUs3_1}, "RequirementMet": Status, "NoSuchEvent": false } @@ -602,15 +902,29 @@ if { # # Baseline GWS.DRIVEDOCS.4.1v0.2 #-- -NonCompliantOUs4_1 contains OU if { +NonCompliantOUs4_1 contains { + "Name": OU, + "Value": "Drive SDK is enabled" +} +if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "ENABLE_DRIVE_APPS", OU) + Events := utils.FilterEventsOU(LogEvents, "ENABLE_DRIVE_APPS", OU) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + LastEvent.NewValue != "false" + LastEvent.NewValue != "INHERIT_FROM_PARENT" +} +NonCompliantGroups4_1 contains { + "Name": Group, + "Value": "Drive SDK is enabled" +} if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "ENABLE_DRIVE_APPS", Group) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "INHERIT_FROM_PARENT" } - tests contains { "PolicyId": "GWS.DRIVEDOCS.4.1v0.2", "Criticality": "Should", @@ -621,7 +935,7 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "ENABLE_DRIVE_APPS", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "ENABLE_DRIVE_APPS", utils.TopLevelOU) count(Events) == 0 } @@ -629,16 +943,18 @@ if { tests contains { "PolicyId": "GWS.DRIVEDOCS.4.1v0.2", "Criticality": "Should", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs4_1), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs4_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs4_1, NonCompliantGroups4_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs4_1, "NonCompliantGroups": NonCompliantGroups4_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "ENABLE_DRIVE_APPS", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "ENABLE_DRIVE_APPS", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs4_1) == 0 + Conditions := {count(NonCompliantOUs4_1) == 0, count(NonCompliantGroups4_1) == 0} + Status := (false in Conditions) == false } + #-- @@ -649,15 +965,29 @@ if { # # Baseline GWS.DRIVEDOCS.5.1v0.2 #-- -NonCompliantOUs5_1 contains OU if { +NonCompliantOUs5_1 contains { + "Name": OU, + "Value": "Users can install Google Docs add-ons from add-ons store." + } if { some OU in utils.OUsWithEvents - Events := utils.FilterEvents(LogEvents, "ENABLE_DOCS_ADD_ONS", OU) + Events := utils.FilterEventsOU(LogEvents, "ENABLE_DOCS_ADD_ONS", OU) count(Events) > 0 LastEvent := utils.GetLastEvent(Events) LastEvent.NewValue != "false" LastEvent.NewValue != "INHERIT_FROM_PARENT" } +NonCompliantGroups5_1 contains { + "Name": Group, + "Value": "Users can install Google Docs add-ons from add-ons store." + } if { + some Group in utils.GroupsWithEvents + Events := utils.FilterEventsGroup(LogEvents, "ENABLE_DOCS_ADD_ONS", Group) + count(Events) > 0 + LastEvent := utils.GetLastEvent(Events) + LastEvent.NewValue != "false" + LastEvent.NewValue != "INHERIT_FROM_PARENT" +} tests contains { "PolicyId": "GWS.DRIVEDOCS.5.1v0.2", "Criticality": "Shall", @@ -668,7 +998,7 @@ tests contains { } if { DefaultSafe := false - Events := utils.FilterEvents(LogEvents, "ENABLE_DOCS_ADD_ONS", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "ENABLE_DOCS_ADD_ONS", utils.TopLevelOU) count(Events) == 0 } @@ -676,15 +1006,17 @@ if { tests contains { "PolicyId": "GWS.DRIVEDOCS.5.1v0.2", "Criticality": "Shall", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs5_1), - "ActualValue": {"NonComplaintOUs": NonCompliantOUs5_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs5_1, NonCompliantGroups5_1), + "ActualValue": {"NonCompliantOUs": NonCompliantOUs5_1, + "NonCompliantGroups": NonCompliantGroups5_1}, "RequirementMet": Status, "NoSuchEvent": false } if { - Events := utils.FilterEvents(LogEvents, "ENABLE_DOCS_ADD_ONS", utils.TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, "ENABLE_DOCS_ADD_ONS", utils.TopLevelOU) count(Events) > 0 - Status := count(NonCompliantOUs5_1) == 0 + Conditions := {count(NonCompliantOUs5_1) == 0, count(NonCompliantGroups5_1) == 0 } + Status := (false in Conditions) == false } #-- @@ -697,33 +1029,73 @@ if { #-- default NoSuchEvent6_1(_) := true +GetFriendlyValue6_1(Value_B, Value_A) := +"Drive for Desktop is enabled, but can be used on any device." if { + Value_B == "false" +} +else := "Drive for Desktop is disabled" if { + Value_A == "false" +} +else := "Drive for Desktop is enabled, and only on approved devices." if { + Value_A == "true" +} NoSuchEvent6_1(TopLevelOU) := false if { - Events := utils.FilterEvents(LogEvents, "DriveFsSettingsProto drive_fs_enabled", TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, + "DriveFsSettingsProto drive_fs_enabled", TopLevelOU) count(Events) != 0 } NoSuchEvent6_1(TopLevelOU) := false if { # No such event... - Events := utils.FilterEvents(LogEvents, "DriveFsSettingsProto company_owned_only_enabled", TopLevelOU) + Events := utils.FilterEventsOU(LogEvents, + "DriveFsSettingsProto company_owned_only_enabled", TopLevelOU) count(Events) != 0 } -NonCompliantOUs6_1 contains OU if { +NonCompliantOUs6_1 contains { + "Name": OU, + "Value": GetFriendlyValue6_1(LastEvent_B.NewValue, LastEvent_A.NewValue) + } if { some OU in utils.OUsWithEvents - Events_A := utils.FilterEvents(LogEvents, "DriveFsSettingsProto drive_fs_enabled", OU) + Events_A := utils.FilterEventsOU(LogEvents, + "DriveFsSettingsProto drive_fs_enabled", OU) count(Events_A) > 0 LastEvent_A := utils.GetLastEvent(Events_A) LastEvent_A.NewValue != "DELETE_APPLICATION_SETTING" - Events_B := utils.FilterEvents(LogEvents, "DriveFsSettingsProto company_owned_only_enabled", OU) + Events_B := utils.FilterEventsOU(LogEvents, + "DriveFsSettingsProto company_owned_only_enabled", OU) count(Events_B) > 0 LastEvent_B := utils.GetLastEvent(Events_B) LastEvent_B.NewValue != "DELETE_APPLICATION_SETTING" - true in { - LastEvent_A.NewValue != "true", - LastEvent_B.NewValue != "true" - } + + LastEvent_A.NewValue == "true" + LastEvent_B.NewValue != "true" + +} + +NonCompliantGroups6_1 contains { + "Name": Group, + "Value": GetFriendlyValue6_1(LastEvent_B.NewValue, LastEvent_A.NewValue) + } if { + some Group in utils.GroupsWithEvents + Events_A := utils.FilterEventsGroup(LogEvents, + "DriveFsSettingsProto drive_fs_enabled", Group) + count(Events_A) > 0 + LastEvent_A := utils.GetLastEvent(Events_A) + LastEvent_A.NewValue != "DELETE_APPLICATION_SETTING" + + Events_B := utils.FilterEventsGroup(LogEvents, + "DriveFsSettingsProto company_owned_only_enabled", Group) + count(Events_B) > 0 + LastEvent_B := utils.GetLastEvent(Events_B) + LastEvent_B.NewValue != "DELETE_APPLICATION_SETTING" + + LastEvent_A.NewValue == "true" + LastEvent_B.NewValue != "true" + + } tests contains { @@ -742,14 +1114,15 @@ if { tests contains { "PolicyId": "GWS.DRIVEDOCS.6.1v0.2", "Criticality": "Should", - "ReportDetails": utils.ReportDetailsOUs(NonCompliantOUs6_1), - "ActualValue" : {"NonComplaintOUs": NonCompliantOUs6_1}, + "ReportDetails": utils.ReportDetails(NonCompliantOUs6_1, NonCompliantGroups6_1), + "ActualValue" : {"NonCompliantOUs": NonCompliantOUs6_1, "NonCompliantGroups": NonCompliantGroups6_1}, "RequirementMet": Status, "NoSuchEvent": false } if { not NoSuchEvent6_1(utils.TopLevelOU) - Status := count(NonCompliantOUs6_1) == 0 + Conditions := {count(NonCompliantOUs6_1) == 0, count(NonCompliantGroups6_1) == 0} + Status := (false in Conditions) == false } #-- diff --git a/scubagoggles/provider.py b/scubagoggles/provider.py index 270bc4a0..79f4597e 100644 --- a/scubagoggles/provider.py +++ b/scubagoggles/provider.py @@ -42,6 +42,7 @@ 'CHANGE_DATA_LOCALIZATION_FOR_RUSSIA' ], 'drive': [ + 'CREATE_APPLICATION_SETTING', 'CHANGE_APPLICATION_SETTING', 'CHANGE_DOCS_SETTING', 'DELETE_APPLICATION_SETTING'