Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[#294, #295] Update Gmail policies 5 and 7 to include all instances of spoofing and authentication settings that are not complaint #394

Merged
merged 34 commits into from
Sep 11, 2024
Merged
Show file tree
Hide file tree
Changes from 30 commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
1eae084
[#295] Update policy 7
snarve Aug 27, 2024
95caf75
[#295] Update policy 7 to handle multiple settings detailed report me…
snarve Aug 27, 2024
15eb2c7
[#295] Cleanup
snarve Aug 27, 2024
b44354b
Merge branch 'main' into 75-gmail-76-logic-is-incomplete
snarve Aug 28, 2024
35ff6f0
[#295] Update 7.6 and 5.5
snarve Aug 28, 2024
9a5bd7b
[#295] Update policy 5 and 7
snarve Aug 30, 2024
aad0b54
[#295] Format the report output
snarve Sep 5, 2024
2822200
Merge branch 'main' into 75-gmail-76-logic-is-incomplete
snarve Sep 6, 2024
63a6fb1
[#295] Fix formatting for policy 7 and rename variables with more log…
snarve Sep 9, 2024
2bed2ad
[#295] Rename policy 5 and 7 variables and formatting updates
snarve Sep 10, 2024
0938031
[#295] Unit tests updated
snarve Sep 10, 2024
e01df25
[#294] Fix linter issues
snarve Sep 10, 2024
d3617a1
[#294] Linter formatting
snarve Sep 10, 2024
29c65ac
[#294] More formatting
snarve Sep 10, 2024
35b3fa1
[#295] Try different format for linter
snarve Sep 10, 2024
ca90966
[#295] Remove if statement
snarve Sep 10, 2024
ac21230
[#295] Use different assignment operator
snarve Sep 10, 2024
bb649b2
[#295] Update assignment operator for policy 5
snarve Sep 10, 2024
15bcfe6
Linter fix
snarve Sep 10, 2024
5d254ce
More linter fixes
snarve Sep 10, 2024
ba01985
Linter formatting
snarve Sep 10, 2024
50d60da
Linter again
snarve Sep 10, 2024
2019fc2
Update array format
snarve Sep 10, 2024
62d30d9
Remove comma
snarve Sep 10, 2024
2f4db75
Remove array notation
snarve Sep 10, 2024
34dc243
Replace assignment operator
snarve Sep 10, 2024
fba0a03
Refactor functions
snarve Sep 10, 2024
f3d0bfb
Typo fixed
snarve Sep 10, 2024
fa1bc68
[#396] Updated the criticality for policy 5.5
snarve Sep 10, 2024
2ed05c8
[#397] Update criticality for policy 7.6
snarve Sep 10, 2024
620653c
PR updates
snarve Sep 11, 2024
51f00cc
Remove typo
snarve Sep 11, 2024
6f37101
Update message for setting
snarve Sep 11, 2024
fe509cc
Update unit tests
snarve Sep 11, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 85 additions & 3 deletions Testing/RegoTests/gmail/gmail05_test.rego
Original file line number Diff line number Diff line change
Expand Up @@ -1223,7 +1223,14 @@ test_AttachmentSafety_InCorrect_V1 if {
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Test Top-Level OU: ",
"Emails with attachments, with scripts from untrusted senders are kept in the inbox</li></ul>"])
concat("", [
"The following email types are kept in the inbox:",
"<ul>",
concat("", [concat("", [
"<li>",
"Emails with attachments, with scripts from untrusted senders",
"</li></ul>"]),]),
"</li></ul>"])])
}

test_AttachmentSafety_InCorrect_V2 if {
Expand Down Expand Up @@ -1281,7 +1288,14 @@ test_AttachmentSafety_InCorrect_V2 if {
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Secondary OU: ",
"Emails with encrypted attachments from untrusted senders are kept in the inbox</li></ul>"])
concat("", [
"The following email types are kept in the inbox:",
"<ul>",
concat("", [concat("", [
"<li>",
"Encrypted attachments from untrusted senders",
"</li></ul>"]),]),
"</li></ul>"])])
}

test_AttachmentSafety_Inorrect_V3 if {
Expand Down Expand Up @@ -1334,7 +1348,7 @@ test_AttachmentSafety_Inorrect_V3 if {
}


test_AttachmentSafety_Inorrect_V4 if {
test_AttachmentSafety_Incorrect_V4 if {
# Test Spoofing and Authentication Protections when all settings have no events
PolicyId := "GWS.GMAIL.5.5v0.3"
Output := tests with input as {
Expand All @@ -1355,4 +1369,72 @@ test_AttachmentSafety_Inorrect_V4 if {
"While we are unable to determine the state from the logs, the default setting ",
"is non-compliant; manual check recommended."
])
}

test_AttachmentSafety_InCorrect_V5 if {
# Test Spoofing and Authentication Protections when there are multiple events
PolicyId := "GWS.GMAIL.5.5v0.3"
Output := tests with input as {
"gmail_logs": {"items": [
{
"id": {"time": "2022-12-20T00:02:24.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "Attachment safety Encrypted attachment protection setting action"
},
{"name": "NEW_VALUE", "value": "Show warning"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:25.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "Attachment safety Attachment with scripts protection action"
},
{"name": "NEW_VALUE", "value": "Show warning"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
},
{
"id": {"time": "2022-12-20T00:02:26.672Z"},
"events": [{
"parameters": [
{
"name": "SETTING_NAME",
"value": "Attachment safety Anomalous attachment protection setting action"
},
{"name": "NEW_VALUE", "value": "Move to spam"},
{"name": "ORG_UNIT_NAME", "value": "Secondary OU"},
]
}]
}
]},
"tenant_info": {
"topLevelOU": ""
}
}

RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Secondary OU: ",
concat("", [
"The following email types are kept in the inbox:",
"<ul>",
concat("", [concat("", [
"<li>",
"Encrypted attachments from untrusted senders",
"</li>",
"<li>",
"Emails with attachments, with scripts from untrusted senders",
"</li></ul>"]),]),
"</li></ul>"])])
}
24 changes: 22 additions & 2 deletions Testing/RegoTests/gmail/gmail07_test.rego
Original file line number Diff line number Diff line change
Expand Up @@ -2102,7 +2102,17 @@ test_SpoofingAuthenticationProtection_InCorrect_V1 if {
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Test Top-Level OU: ",
"Inbound emails spoofing domain names are kept in the inbox</li></ul>"])
concat("", [
"The following email types are kept in the inbox:",
"<ul>",
concat("", [concat("", [
"<li>",
"Inbound emails spoofing domain names",
"</li>",
"<li>",
"Inbound spoofing emails addresed to groups",
"</li></ul>"]),]),
"</li></ul>"])])
}

test_SpoofingAuthenticationProtection_InCorrect_V2 if {
Expand Down Expand Up @@ -2197,7 +2207,17 @@ test_SpoofingAuthenticationProtection_InCorrect_V2 if {
not RuleOutput[0].RequirementMet
not RuleOutput[0].NoSuchEvent
RuleOutput[0].ReportDetails == concat("", ["The following OUs are non-compliant:<ul><li>Secondary OU: ",
"Inbound emails spoofing domain names are kept in the inbox</li></ul>"])
concat("", [
"The following email types are kept in the inbox:",
"<ul>",
concat("", [concat("", [
"<li>",
"Inbound emails spoofing domain names",
"</li>",
"<li>",
"Inbound spoofing emails addresed to groups",
"</li></ul>"]),]),
"</li></ul>"])])
}


Expand Down
Loading
Loading