Squashed commit of the following:

commit ff766d5 Author: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Date: Wed Dec 13 18:03:26 2023 -0500 Refactor Exo Rego Code (#662) * first round of cleanup first round of cleanup * create helper funtion for conditions filter code create helper funtion for conditions filter code * add comments pt 1 add comments pt 1 add comments pt 2 add comments pt 2 * update syntax for constant update syntax for constant * update for test package update for test package * fix policy indicated comments fix policy indicated comments * fix json formatting & rego formatting fix json formatting & rego formatting * refactor out duplicate code in tests refactor out duplicate code in tests * remove unused imports remove unused imports * remove unused var remove unused var * remove constant commit d5cb929 Author: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Date: Wed Dec 13 15:50:14 2023 -0500 Refactor Defender Rego Code (#663) * first round of cleanup * update for test package * fix policy spaces * fix json formatting & unfixed unit tests * refactor out duplicate code in test cases * refactor out OR checking duplicate code * add comments * add constants * add set comprehension to method call commit 29536fe Author: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Date: Wed Dec 13 15:49:31 2023 -0500 Refactor AAD Rego Code (#664) * first round of cleanup * update for test package * update for constants * fix json formatting * remove extra newline * refactor out duplicate code in tests * add comments part 1 add comments part 2 * fix test cases * fix based on some comments commit f7cd368 Author: Richard Crutchfield <crutchfield@users.noreply.github.com> Date: Wed Dec 13 15:14:28 2023 -0500 Smoke test periodically fails (#728) * Rework download logic * Fix file path * Fix clean up * Update Testing/Functional/SmokeTest/UpdateSelenium.ps1 Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Add error action to download --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> commit 883815c Author: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Date: Wed Dec 13 09:10:32 2023 -0500 Refactor Teams Rego Code (#660) * first round of cleanup * address line length & rule length warnings. Also refactor duplicate code & constants * default over else line 413 * cleanup * add spacing * add comments * fix line length * update for test package * fix spacing * fix policy indicated comments * refactor out duplicate code in test cases * fix json formatting * remove unused var * Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/TeamsConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * update var name --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> commit e623c92 Author: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Date: Wed Dec 13 09:10:00 2023 -0500 Refactor Power Platform (#661) * first round of cleanup * create helper funtion for conditions filter code * add comments * update for test package * fix policy indicated comments * fix json formatting & rego formatting * refactor out duplicate code in test cases * Update Rego/PowerPlatformConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/PowerPlatformConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> Update Rego/PowerPlatformConfig.rego Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> commit d88a16e Author: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Date: Tue Dec 12 20:22:17 2023 -0500 Refactor Sharepoint Rego Code (#659) * add constants & reduce line lengths * removed unnecessary commas * create helper funtion for conditions filter code * add newline between constants * address line length & rule length warnings * add comments * add comments * removed top level iteration * cleanup * update for test package * remove extra newline * fix boolean compare in unit tests * create constants for sharing settings * add naming convention for test package * remove extra space at end of file * fix json format * fix package naming pattern * fix policy indicated comments * refactor out duplicate code in test cases * remove unused var commit a5a679a Author: Dylan Gao <107067015+Dylan-MITRE@users.noreply.github.com> Date: Mon Dec 11 14:38:00 2023 -0500 add progress bar for OPA download (#682) * Update OPA.ps1 * Update OPA.ps1 * remove white space and requirement * Update OPA.ps1 revert to bit transfer and detailed error messages commit 8698efb Author: Richard Crutchfield <crutchfield@users.noreply.github.com> Date: Mon Dec 11 14:36:48 2023 -0500 Breaking dependency on opa in unit testing (#721) * Mock opa executable * Mock API Module * Add NoOpa to setup call * Backout unrelated change commit fe743e1 Author: Richard Crutchfield <crutchfield@users.noreply.github.com> Date: Mon Dec 11 13:34:37 2023 -0500 Remove PnP work-around (#725) commit 2b2b729 Author: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Date: Mon Dec 11 09:09:34 2023 -0800 update unused variables to wildcards in DefenderConfig.rego, EXOConfig.rego, PowerPlatformConfig.rego, TeamsConfig.rego, ReportUtils.rego (up to v0.51.0) (#631) commit 2b4bb8e Author: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Date: Thu Dec 7 16:33:40 2023 -0500 Download OPA only when required & Print real error message (#641) * Download only when needed & print real error * removed unneeded comment * added ability to take parameter input & removed hardcoded hash * cleanup * get hash from .sha256 file * update to check from acceptable version * add function to install opa for other os * update help message * Update OPA.ps1 Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update OPA.ps1 Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update OPA.ps1 Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update OPA.ps1 Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update SetUp.ps1 Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update OPA.ps1 Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * edge case fix * prevent user from accidently overwiting personal file --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> commit bbb6c86 Author: James Garriss <52328727+james-garriss@users.noreply.github.com> Date: Wed Dec 6 10:21:52 2023 -0500 updated checkout action version (#692) * updated checkout action version * update checkout to v4 --------- Co-authored-by: James Garriss <jgarriss@mitre.org> commit 5016111 Author: David Bui <105074908+buidav@users.noreply.github.com> Date: Tue Dec 5 09:28:30 2023 -0800 add -UseBasicParsing to Invoke-WebRequest (#695) commit 7a11343 Author: Cassandra Diaz <47129205+Sloane4@users.noreply.github.com> Date: Tue Nov 28 11:14:14 2023 -0500 Address Rego Linter (Regal) Rules (#640) * Change ignore to warning for specified rules in issue * update style guide for new linter rules * change to warning for test-outside-test-package and rule-length * Update .regal/config.yaml Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update .regal/config.yaml Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update CONTENTSTYLEGUIDE.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * Update CONTENTSTYLEGUIDE.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> * updated opa rego intro paragraph * removed extra sentance * removed bulletpoint * fix capitalization * add punctuation * word smithing * Update CONTENTSTYLEGUIDE.md Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> --------- Co-authored-by: Addam Schroll <108814318+schrolla@users.noreply.github.com> commit 8e46600 Author: Andrew Huynh <113476170+ahuynhMITRE@users.noreply.github.com> Date: Mon Nov 27 10:38:45 2023 -0500 added critcality (#690)
cisagov · Dec 14, 2023 · 7d00235 · 7d00235
1 parent 7dc546a
commit 7d00235
Show file tree

Hide file tree

Showing 57 changed files with 13,789 additions and 13,086 deletions.
diff --git a/.regal/config.yaml b/.regal/config.yaml
@@ -11,6 +11,7 @@ rules:
       # none is provided. It's harmless, but should be
       # fixed anyway so real issues aren't missed.
       level: warning
+      level: warning
   custom:
     # https://docs.styra.com/regal/rules/custom/naming-convention
     naming-convention:
@@ -25,7 +26,7 @@ rules:
         - pattern: '^[A-Z]+[a-zA-Z0-9_]+$'
           targets:
             - function
-        - pattern: '^[a-z\.]+$'
+        - pattern: '^[a-z\.]+$|^[a-z\.]+_test$'
           targets:
             - package
   idiomatic:
@@ -62,6 +63,8 @@ rules:
       # for when that doesn't work.
       non-breakable-word-threshold: 100
       level: warning
+      non-breakable-word-threshold: 100
+      level: warning
     # https://docs.styra.com/regal/rules/style/no-whitespace-comment
     no-whitespace-comment:
       # This repo is actually good about this, but frequently
@@ -75,6 +78,7 @@ rules:
     # https://docs.styra.com/regal/rules/style/prefer-some-in-iteration
     prefer-some-in-iteration:
       level: warning
+      level: warning
     # https://docs.styra.com/regal/rules/style/prefer-snake-case
     prefer-snake-case:
       # This is the default style preference for Rego, but since
@@ -84,6 +88,9 @@ rules:
       level: ignore
     # https://docs.styra.com/regal/rules/style/rule-length
     rule-length:
+      level: warning
+      max-rule-length: 30
+      count-comments: false
       level: warning
       max-rule-length: 30
       count-comments: false      
@@ -95,7 +102,10 @@ rules:
     identically-named-tests:
       # Only a few of these — would be easy to fix
       level: warning
+      # Only a few of these — would be easy to fix
+      level: warning
     # https://docs.styra.com/regal/rules/testing/test-outside-test-package
     test-outside-test-package:
       # This is just a style preference
       level: warning
+      level: warning
diff --git a/CONTENTSTYLEGUIDE.md b/CONTENTSTYLEGUIDE.md
@@ -1,5 +1,6 @@
 # Content style guide for SCuBA <!-- omit in toc -->
 
+Welcome to the content style guide for ScubaGear!
 Welcome to the content style guide for ScubaGear!
 
 These guidelines are specific to style rules for PowerShell and OPA Rego code. For general style questions or guidance on topics not covered here, ask or go with best guess and bring up at a later meeting.
@@ -11,10 +12,12 @@ Use menu icon on the top left corner of this document to get to a specific secti
 - Our style guide aims for simplicity. Guidelines should be easy to apply to a range of scenarios.
 - Decisions aren’t about what’s right or wrong according to the rules, but about what’s best practice and improves readability. We're flexible and open to change while maintaining consistency.
 - When making a style or structure decision, we consider the readability, maintainability and ability for consistency in a range of situations.
+- When making a style or structure decision, we consider the readability, maintainability and ability for consistency in a range of situations.
 - When a question specific to help documentation isn’t covered by the style guide, we think it through using these principles, then make a decision and bring it up in the next meeting for deliberation.
 
 ## OPA Rego
 
+The project is adopting the following public Rego [style guide](https://docs.styra.com/opa/rego-style-guide), except where our guide specifically notes an exception (e.g., variable name case). For consistency, we will be using many of the same style rules as PowerShell. There are also a few best practice rules that this project will follow. These best practices were chosen to enhance readability. We recognize that the code is in a constant state of improvement, so the best practices are subject to change. The project is also integrating the [Regal](https://github.com/StyraInc/regal) linter into its automated checks to promote style guide adherence.
 The project is adopting the following public Rego [style guide](https://docs.styra.com/opa/rego-style-guide), except where our guide specifically notes an exception (e.g., variable name case). For consistency, we will be using many of the same style rules as PowerShell. There are also a few best practice rules that this project will follow. These best practices were chosen to enhance readability. We recognize that the code is in a constant state of improvement, so the best practices are subject to change. The project is also integrating the [Regal](https://github.com/StyraInc/regal) linter into its automated checks to promote style guide adherence.
 
 ### Test Cases
@@ -23,9 +26,7 @@ Test names will use the syntax `test_mainVar_In/correct_*V#` to support brevity
 
 ```
 test_ExampleVar_Correct_V1 if {
-    PolicyId := "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>"
-
-    Output := tests with input as {
+    Output := <Product>.tests with input as {
         "example_policies" : [
             {
                 "Example3" : "ExampleString",
@@ -34,21 +35,15 @@ test_ExampleVar_Correct_V1 if {
         ]
     }
 
-    RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
-
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    RuleOutput[0].ReportDetails == "Example output"
+    CorrectTestResult("MS.<Product>.<Policy Group #>.<Policy #>v<Version #>", Output, "ReportDetailString") == true
 }
 
 test_ExampleVar_Correct_V2 if {
     ...
 }
 
 test_ExampleVar_Incorrect if {
-    PolicyId := "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>"
-
-    Output := tests with input as {
+    Output := <Product>.tests with input as {
         "example_policies" : [
             {
                 "Example3" : "ExampleString",
@@ -57,16 +52,13 @@ test_ExampleVar_Incorrect if {
         ]
     }
 
-    RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
-
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    RuleOutput[0].ReportDetails == "Example output"
+    IncorrectTestResult("MS.<Product>.<Policy Group #>.<Policy #>v<Version #>", Output, "ReportDetailString") == true
 }
 ```
 
 ### Not Implemented
 
+If the policy is untestable at this time, use the templates below.
 If the policy is untestable at this time, use the templates below.
 
 #### Config
@@ -75,6 +67,13 @@ The first one directs the user to the baseline document for manual checking. The
 
 ```
 # At this time we are unable to test for X because of Y
+tests contains {
+    "PolicyId": "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>",
+    "Criticality": "Should/Not-Implemented",
+    "Commandlet": [],
+    "ActualValue": [],
+    "ReportDetails": NotCheckedDetails("MS.<Product>.<Policy Group #>.<Policy #>v<Version #>"),
+    "RequirementMet": false,
 tests contains {
     "PolicyId": "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>",
     "Criticality": "Should/Not-Implemented",
@@ -87,6 +86,13 @@ tests contains {
 
 ```
 # At this time we are unable to test for X because of Y
+tests contains {
+    "PolicyId": "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>,
+    "Criticality": "Shall/3rd Party",
+    "Commandlet": [],
+    "ActualValue": [],
+    "ReportDetails": DefenderMirrorDetails("MS.<Product>.<Policy Group #>.<Policy #>v<Version #>"),
+    "RequirementMet": false,
 tests contains {
     "PolicyId": "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>,
     "Criticality": "Shall/3rd Party",
@@ -101,27 +107,21 @@ tests contains {
 ```
 test_NotImplemented_Correct if {
     PolicyId := "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>"
+    PolicyId := "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>"
 
-    Output := tests with input as { }
-
-    RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+    Output := <Product>.tests with input as { }
 
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    RuleOutput[0].ReportDetails == NotCheckedDetails(PolicyId)
+    IncorrectTestResult(PolicyId, Output, NotCheckedDetails(PolicyId)) == true
 }
 ```
 ```
 test_3rdParty_Correct_V1 if {
     PolicyId := "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>"
+    PolicyId := "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>"
 
-    Output := tests with input as { }
-
-    RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
+    Output := <Product>.tests with input as { }
 
-    count(RuleOutput) == 1
-    not RuleOutput[0].RequirementMet
-    RuleOutput[0].ReportDetails == DefenderMirrorDetails(PolicyId)
+    IncorrectTestResult(PolicyId, Output, DefenderMirrorDetails(PolicyId)) == true
 }
 ```
 
@@ -139,19 +139,13 @@ One True Brace - requires that every braceable statement should have the opening
 
 ```
 test_Example_Correct if {
-    PolicyId := "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>"
-
-    Output := tests with input as {
+    Output := <Product>.tests with input as {
         "example_tag" : {
             "ExampleVar" : false
         }
     }
 
-    RuleOutput := [Result | Result = Output[_]; Result.PolicyId == PolicyId]
-
-    count(RuleOutput) == 1
-    RuleOutput[0].RequirementMet
-    RuleOutput[0].ReportDetails == "Requirement met"
+    CorrectTestResult("MS.<Product>.<Policy Group #>.<Policy #>v<Version #>", Output, "ReportDetailString") == true
 }
 ```
 
@@ -164,39 +158,39 @@ Indentation will be set at 4 spaces, make sure your Tabs == 4 spaces. We are wor
 1) A blank line between each major variable: references & rules
 
 ```
-Example[Example.Id] {
+Example contains Example.Id if {
     Example := input.ExampleVar[_]
     Example.State == "Enabled"
 }
 
-tests[{
+tests contains {
     "PolicyId" : "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>",
     "Criticality" : "Shall",
     "Commandlet" : "Example-Command",
     "ActualValue" : ExampleVar.ExampleSetting,
     "ReportDetails" : ReportDetailsBoolean(Status),
     "RequirementMet" : Status
-}] {
+} if {
     ExampleVar := input.ExampleVar
     Status := ExampleVar == 15
 }
 
-tests[{
+tests {
     "PolicyId" : "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>",,
 ...
 ```
 
 2) Two blank lines between subsections
 
 ```
-tests[{
+tests contains {
     "PolicyId" : "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>",,
     "Criticality" : "Should",
     "Commandlet" : "Example-Command",
     "ActualValue" : ExampleVar.ExampleSetting,
     "ReportDetails" : ReportDetailsBoolean(Status),
     "RequirementMet" : Status
-}] {
+} if {
     ExampleVar := input.ExampleVar
     Status := ExampleVar == 15
 }
@@ -244,26 +238,26 @@ In the interest of consistency across policy tests and human readability of the
 #### Correct
 
 ```
-tests[{
+tests contains {
     "PolicyId" : "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>",,
     "Criticality" : "Should",
     "Commandlet" : "Example-Command",
     "ActualValue" : ExampleVar.ExampleSetting,
     "ReportDetails" : ReportDetailsBoolean(Status),
     "RequirementMet" : Status
-}] {
+} if {
     ExampleVar := input.ExampleVar
     Status := ExampleVar == true
 }
 
-tests[{
+tests contains {
     "PolicyId" : "MS.<Product>.<Policy Group #>.<Policy #>v<Version #>",,
     "Criticality" : "Should",
     "Commandlet" : "Example-Command",
     "ActualValue" : ExampleVar.ExampleSetting,
     "ReportDetails" : ReportDetailsBoolean(Status),
     "RequirementMet" : Status
-}] {
+} if {
     ExampleVar := input.ExampleVar
     Status := ExampleVar == false
 }
@@ -272,16 +266,16 @@ tests[{
 #### Incorrect
 
 ```
-tests[{
+tests contains {
     ...
-}] {
+} if {
     ExampleVar := input.ExampleVar
     Status := ExampleVar # Missing == true
 }
 
-tests[{
+tests contains {
     ...
-}] {
+} if {
     ExampleVar := input.ExampleVar
     Status := ExampleVar == false
 }