Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EXO 2.7 Rego Bug Fix | Only Enabled Correctly Configured Rules Pass #130

Merged
merged 5 commits into from
Feb 6, 2023
Merged

EXO 2.7 Rego Bug Fix | Only Enabled Correctly Configured Rules Pass #130

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fb2dd48
2.7 Rego will now check for proper configuration on Enabled Rules only
rgbrow1949 Jan 23, 2023
41277a8
Unit Testing Enabled Rules
rgbrow1949 Jan 23, 2023
f64f131
Merge branch 'main' of https://github.com/cisagov/ScubaGear into 126-…
rgbrow1949 Jan 31, 2023
d91e328
Updated Rego and Unit Testing to check for Enforced Rules
rgbrow1949 Jan 31, 2023
cf08571
Updated Error Messages
rgbrow1949 Feb 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions Rego/EXOConfig.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,6 @@ tests[{
################
# Baseline 2.7 #
################

#
# Baseline 2.7: Policy 1
#--
Expand All @@ -330,8 +329,9 @@ tests[{
"RequirementMet" : Status
}] {
Rules := input.transport_rule
ErrorMessage := "No transport rule found with that applies to emails received from outside the organization"
Conditions := [IsCorrectScope | IsCorrectScope = Rules[_].FromScope == "NotInOrganization"]
ErrorMessage := "No transport rule found that applies warnings to emails received from outside the organization"
EnabledRules := [rule | rule = Rules[_]; rule.State == "Enabled"; rule.Mode == "Enforce"]
Conditions := [IsCorrectScope | IsCorrectScope = EnabledRules[_].FromScope == "NotInOrganization"]
Status := count([Condition | Condition = Conditions[_]; Condition == true]) > 0
}
#--
Expand Down
123 changes: 114 additions & 9 deletions Testing/Unit/Rego/EXO/EXOConfig2_07_test.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@ test_FromScope_Correct if {
Output := tests with input as {
"transport_rule": [
{
"FromScope" : "NotInOrganization"
"FromScope" : "NotInOrganization",
"State" : "Enabled",
"Mode" : "Enforce"
}
]
}
Expand All @@ -24,14 +26,16 @@ test_FromScope_Correct if {
RuleOutput[0].ReportDetails == "Requirement met"
}

test_FromScope_Incorrect if {
test_FromScope_IncorrectV1 if {
ControlNumber := "EXO 2.7"
Requirement := "External sender warnings SHALL be implemented"

Output := tests with input as {
"transport_rule": [
{
"FromScope" : ""
"FromScope" : "",
"State" : "Enabled",
"Mode" : "Audit"
}
]
}
Expand All @@ -40,7 +44,70 @@ test_FromScope_Incorrect if {

count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].ReportDetails == "No transport rule found with that applies to emails received from outside the organization"
RuleOutput[0].ReportDetails == "No transport rule found that applies warnings to emails received from outside the organization"
}

test_FromScope_IncorrectV2 if {
ControlNumber := "EXO 2.7"
Requirement := "External sender warnings SHALL be implemented"

Output := tests with input as {
"transport_rule": [
{
"FromScope" : "NotInOrganization",
"State" : "Disabled",
"Mode" : "Audit"
}
]
}

RuleOutput := [Result | Result = Output[_]; Result.Control == ControlNumber; Result.Requirement == Requirement]

count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].ReportDetails == "No transport rule found that applies warnings to emails received from outside the organization"
}

test_FromScope_IncorrectV3 if {
ControlNumber := "EXO 2.7"
Requirement := "External sender warnings SHALL be implemented"

Output := tests with input as {
"transport_rule": [
{
"FromScope" : "",
"State" : "Enabled",
"Mode" : "AuditAndNotify"
}
]
}

RuleOutput := [Result | Result = Output[_]; Result.Control == ControlNumber; Result.Requirement == Requirement]

count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].ReportDetails == "No transport rule found that applies warnings to emails received from outside the organization"
}

test_FromScope_IncorrectV4 if {
ControlNumber := "EXO 2.7"
Requirement := "External sender warnings SHALL be implemented"

Output := tests with input as {
"transport_rule": [
{
"FromScope" : "NotInOrganization",
"State" : "Disabled",
"Mode" : "AuditAndNotify"
}
]
}

RuleOutput := [Result | Result = Output[_]; Result.Control == ControlNumber; Result.Requirement == Requirement]

count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].ReportDetails == "No transport rule found that applies warnings to emails received from outside the organization"
}

test_FromScope_Multiple_Correct if {
Expand All @@ -50,10 +117,24 @@ test_FromScope_Multiple_Correct if {
Output := tests with input as {
"transport_rule": [
{
"FromScope" : ""
"FromScope" : "",
"State" : "Disabled",
"Mode" : "Enforce"
},
{
"FromScope" : "",
"State" : "Enabled",
"Mode" : "Audit"
},
{
"FromScope" : "",
"State" : "Enabled",
"Mode" : "AuditAndNotify"
},
{
"FromScope" : "NotInOrganization"
"FromScope" : "NotInOrganization",
"State" : "Enabled",
"Mode" : "Enforce"
}
]
}
Expand All @@ -72,10 +153,34 @@ test_FromScope_Multiple_Incorrect if {
Output := tests with input as {
"transport_rule": [
{
"FromScope" : ""
"FromScope" : "",
"State" : "Enabled",
"Mode":"Enforce"
},
{
"FromScope" : "Hello there",
"State" : "Enabled",
"Mode":"Audit"
},
{
"FromScope" : "Hello there",
"State" : "Enabled",
"Mode":"AuditAndNotify"
},
{
"FromScope" : "NotInOrganization",
"State" : "Enabled",
"Mode":"Audit"
},
{
"FromScope" : "NotInOrganization",
"State" : "Enabled",
"Mode":"AuditAndNotify"
},
{
"FromScope" : "Hello there"
"FromScope" : "NotInOrganization",
"State" : "Disabled",
"Mode":"Enforce"
}
]
}
Expand All @@ -84,5 +189,5 @@ test_FromScope_Multiple_Incorrect if {

count(RuleOutput) == 1
not RuleOutput[0].RequirementMet
RuleOutput[0].ReportDetails == "No transport rule found with that applies to emails received from outside the organization"
RuleOutput[0].ReportDetails == "No transport rule found that applies warnings to emails received from outside the organization"
}