Skip to content

Commit 3047e48

Browse files
committed
fixing functional tests
1 parent ca78ede commit 3047e48

2 files changed

Lines changed: 139 additions & 18 deletions

File tree

PowerShell/ScubaGear/Rego/SecuritySuiteConfig.rego

Lines changed: 15 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ PolicyBlockClickToRunNoncomplianceReasons contains Reason if {
5252
RequiredTypes := {"exe", "cmd", "vbe"}
5353
some Policy in input.anti_malware_policies
5454
Policy.Identity == HighestPriorityActiveAntiMalwarePolicyName
55+
Policy.EnableFileFilter == true
5556
MissingTypes := RequiredTypes - {Type | some Type in Policy.FileTypes}
5657
count(MissingTypes) > 0
5758
Reason := concat("", [
@@ -61,15 +62,13 @@ PolicyBlockClickToRunNoncomplianceReasons contains Reason if {
6162
])
6263
}
6364

64-
SecuritySuite_1_1_Details(Status) := {
65-
concat("", [
66-
ReportDetailsBoolean(Status),
67-
". The highest priority anti-malware policy that applies to all users is the ",
68-
UserFriendlyPolicyName(HighestPriorityActiveAntiMalwarePolicyName),
69-
" policy. ",
70-
concat(" ", PolicyBlockClickToRunNoncomplianceReasons)
71-
])
72-
}
65+
SecuritySuite_1_1_Details(Status) := concat("", [
66+
ReportDetailsBoolean(Status),
67+
". The highest priority anti-malware policy that applies to all users is the ",
68+
UserFriendlyPolicyName(HighestPriorityActiveAntiMalwarePolicyName),
69+
" policy. ",
70+
concat(" ", PolicyBlockClickToRunNoncomplianceReasons),
71+
])
7372

7473
tests contains {
7574
"PolicyId": "MS.SECURITYSUITE.1.1v1",
@@ -105,15 +104,13 @@ PolicyZAPNoncomplianceReasons contains "Zero-hour auto purge is disabled." if {
105104
Policy.ZapEnabled != true
106105
}
107106

108-
SecuritySuite_1_2_Details(Status) := {
109-
concat("", [
110-
ReportDetailsBoolean(Status),
111-
". The highest priority anti-malware policy that applies to all users is the ",
112-
UserFriendlyPolicyName(HighestPriorityActiveAntiMalwarePolicyName),
113-
" policy. ",
114-
concat(" ", PolicyZAPNoncomplianceReasons)
115-
])
116-
}
107+
SecuritySuite_1_2_Details(Status) := concat("", [
108+
ReportDetailsBoolean(Status),
109+
". The highest priority anti-malware policy that applies to all users is the ",
110+
UserFriendlyPolicyName(HighestPriorityActiveAntiMalwarePolicyName),
111+
" policy. ",
112+
concat(" ", PolicyZAPNoncomplianceReasons),
113+
])
117114

118115
tests contains {
119116
"PolicyId": "MS.SECURITYSUITE.1.2v1",
Lines changed: 124 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,124 @@
1+
package securitysuite_test
2+
import rego.v1
3+
import data.securitysuite
4+
import data.utils.key.TestResult
5+
import data.utils.key.PASS
6+
7+
DefaultAntiMalwarePolicy := {
8+
"Identity": "Default",
9+
"EnableFileFilter": false,
10+
"FileTypes": [],
11+
"ZapEnabled": false,
12+
}
13+
14+
StandardAntiMalwarePolicy := {
15+
"Identity": "Standard Preset Security Policy",
16+
"EnableFileFilter": true,
17+
"FileTypes": ["exe", "cmd", "vbe"],
18+
"ZapEnabled": true,
19+
}
20+
21+
StandardProtectionPolicyRule := {
22+
"Identity": "Standard Preset Security Policy",
23+
"State": "Enabled",
24+
"SentTo": null,
25+
"SentToMemberOf": null,
26+
"RecipientDomainIs": null,
27+
}
28+
29+
CustomAntiMalwareRule := {
30+
"State": "Enabled",
31+
"Priority": 0,
32+
"MalwareFilterPolicy": "FunctionalTest MalwarePolicy",
33+
"SentTo": null,
34+
"SentToMemberOf": null,
35+
"ExceptIfSentTo": null,
36+
"ExceptIfSentToMemberOf": null,
37+
"ExceptIfRecipientDomainIs": null,
38+
"RecipientDomainIs": ["contoso.com"],
39+
}
40+
41+
NonCompliantCustomAntiMalwarePolicy := {
42+
"Identity": "FunctionalTest MalwarePolicy",
43+
"EnableFileFilter": true,
44+
"FileTypes": ["cmd", "vbe"],
45+
"ZapEnabled": true,
46+
}
47+
48+
#
49+
# Policy MS.SECURITYSUITE.1.1v1
50+
#--
51+
test_BlockClickToRun_DefaultFilterDisabled if {
52+
Output := securitysuite.tests
53+
with input.defender_license as true
54+
with input.protection_policy_rules as []
55+
with input.anti_malware_rules as []
56+
with input.anti_malware_policies as [DefaultAntiMalwarePolicy]
57+
with input.accepted_domains as AcceptedDomains
58+
59+
ReportDetailString := concat("", [
60+
"Requirement not met. The highest priority anti-malware policy that applies to all users is the ",
61+
"default policy. The common attachments filter is disabled.",
62+
])
63+
TestResult("MS.SECURITYSUITE.1.1v1", Output, ReportDetailString, false) == true
64+
}
65+
66+
test_BlockClickToRun_DefaultMissingFileTypes if {
67+
Policy := object.union(DefaultAntiMalwarePolicy, {
68+
"EnableFileFilter": true,
69+
"FileTypes": ["cmd", "vbe"],
70+
"ZapEnabled": true,
71+
})
72+
Output := securitysuite.tests
73+
with input.defender_license as true
74+
with input.protection_policy_rules as []
75+
with input.anti_malware_rules as []
76+
with input.anti_malware_policies as [Policy]
77+
with input.accepted_domains as AcceptedDomains
78+
79+
ReportDetailString := concat("", [
80+
"Requirement not met. The highest priority anti-malware policy that applies to all users is the ",
81+
"default policy. The common attachments filter does not include exe.",
82+
])
83+
TestResult("MS.SECURITYSUITE.1.1v1", Output, ReportDetailString, false) == true
84+
}
85+
86+
test_BlockClickToRun_StandardPresetCompliant if {
87+
Output := securitysuite.tests
88+
with input.defender_license as true
89+
with input.protection_policy_rules as [StandardProtectionPolicyRule]
90+
with input.anti_malware_rules as []
91+
with input.anti_malware_policies as [StandardAntiMalwarePolicy]
92+
with input.accepted_domains as AcceptedDomains
93+
94+
TestResult("MS.SECURITYSUITE.1.1v1", Output, PASS, true) == true
95+
}
96+
97+
test_BlockClickToRun_CustomPolicyNonCompliant if {
98+
Output := securitysuite.tests
99+
with input.defender_license as true
100+
with input.protection_policy_rules as []
101+
with input.anti_malware_rules as [CustomAntiMalwareRule]
102+
with input.anti_malware_policies as [NonCompliantCustomAntiMalwarePolicy]
103+
with input.accepted_domains as [{"DomainName": "contoso.com"}]
104+
105+
ReportDetailString := concat("", [
106+
"Requirement not met. The highest priority anti-malware policy that applies to all users is the ",
107+
"FunctionalTest MalwarePolicy policy. The common attachments filter does not include exe.",
108+
])
109+
TestResult("MS.SECURITYSUITE.1.1v1", Output, ReportDetailString, false) == true
110+
}
111+
112+
test_BlockClickToRun_ReportDetailsIsString if {
113+
Output := securitysuite.tests
114+
with input.defender_license as true
115+
with input.protection_policy_rules as []
116+
with input.anti_malware_rules as []
117+
with input.anti_malware_policies as [DefaultAntiMalwarePolicy]
118+
with input.accepted_domains as AcceptedDomains
119+
120+
some Result in Output
121+
Result.PolicyId == "MS.SECURITYSUITE.1.1v1"
122+
is_string(Result.ReportDetails)
123+
}
124+
#--

0 commit comments

Comments
 (0)