change sharepoint policy 4.2 to not implemented, update unit/function…

…al tests
cisagov · Sep 24, 2024 · 32bd22a · 32bd22a
1 parent bda739c
commit 32bd22a
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 41 deletions.
diff --git a/PowerShell/ScubaGear/Rego/SharepointConfig.rego b/PowerShell/ScubaGear/Rego/SharepointConfig.rego
@@ -414,17 +414,17 @@ tests contains {
 # MS.SHAREPOINT.4.2v1
 #--
 
-# 1 == Allow users to run custom script on self-service created sites
-# 2 == Prevent users from running custom script on self-service created sites
+# Microsoft has planned to remove the custom scripting configuration option
+# from SharePoint and OneDrive. We are setting this policy to not-implemented
+# and will likely remove it from the baseline in the next version.
 tests contains {
-    "PolicyId": "MS.SHAREPOINT.4.2v1",
-    "Criticality": "Shall",
+    "PolicyId": PolicyId,
+    "Criticality": "Shall/Not-Implemented",
     "Commandlet": ["Get-SPOSite", "Get-PnPTenantSite"],
-    "ActualValue": [SitePolicy.DenyAddAndCustomizePages],
-    "ReportDetails": ReportDetailsBoolean(Status),
-    "RequirementMet": Status
+    "ActualValue": [],
+    "ReportDetails": NotCheckedDeprecation,
+    "RequirementMet": false
 } if {
-    some SitePolicy in input.SPO_site
-    Status := SitePolicy.DenyAddAndCustomizePages == 2
+    PolicyId := "MS.SHAREPOINT.4.2v1"
 }
 #--
diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointBaseConfig.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointBaseConfig.rego
@@ -12,8 +12,4 @@ SPOTenant := {
     "FolderAnonymousLinkType": 1,
     "EmailAttestationRequired": true,
     "EmailAttestationReAuthDays": 30
-}
-
-SPOSite := {
-    "DenyAddAndCustomizePages": 2
 }
diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_04_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_04_test.rego
@@ -2,25 +2,18 @@ package sharepoint_test
 import rego.v1
 import data.sharepoint
 import data.utils.key.TestResult
-import data.utils.key.FAIL
-import data.utils.key.PASS
+import data.utils.report.NotCheckedDeprecation
 
 
 
 #
 # Policy MS.SHAREPOINT.4.2v1
 #--
 test_DenyAddAndCustomizePages_Correct if {
-    Output := sharepoint.tests with input.SPO_site as [SPOSite]
+    PolicyId := "MS.SHAREPOINT.4.2v1"
 
-    TestResult("MS.SHAREPOINT.4.2v1", Output, PASS, true) == true
-}
-
-test_DenyAddAndCustomizePages_Incorrect if {
-    Site := json.patch(SPOSite, [{"op": "add", "path": "DenyAddAndCustomizePages", "value": 1}])
-
-    Output := sharepoint.tests with input.SPO_site as [Site]
-
-    TestResult("MS.SHAREPOINT.4.2v1", Output, FAIL, false) == true
+    Output := sharepoint.tests with input.SPO_tenant as [SPOTenant]
+
+    TestResult(PolicyId, Output, NotCheckedDeprecation, false) == true
 }
 #--
diff --git a/Testing/Functional/Products/TestPlans/sharepoint.pnp.testplan.yaml b/Testing/Functional/Products/TestPlans/sharepoint.pnp.testplan.yaml
@@ -400,13 +400,8 @@ TestPlan:
   - PolicyId: MS.SHAREPOINT.4.2v1
     TestDriver: RunScuba
     Tests:
-      - TestDescription: MS.SHAREPOINT.4.2v1 Non-compliant DenyAddAndCustomizePages disabled
-        Preconditions:
-          - Command: "Set-PnPTenantSite -Identity $((Get-PnPTenantInstance).PortalUrl) -DenyAddAndCustomizePages:$false"
+      - TestDescription: MS.SHAREPOINT.4.2v1 Non-compliant DenyAddAndCustomizePages Not-Implemented
+        Preconditions: []
         Postconditions: []
+        IsNotChecked: true
         ExpectedResult: false
-      - TestDescription: MS.SHAREPOINT.4.2v1 Compliant DenyAddAndCustomizePages enabled
-        Preconditions:
-          - Command: "Set-PnPTenantSite -Identity $((Get-PnPTenantInstance).PortalUrl) -DenyAddAndCustomizePages"
-        Postconditions: []
-        ExpectedResult: true
diff --git a/Testing/Functional/Products/TestPlans/sharepoint.spo.testplan.yaml b/Testing/Functional/Products/TestPlans/sharepoint.spo.testplan.yaml
@@ -150,6 +150,8 @@ TestPlan:
           - Command: Set-SPOTenant
             Splat:
               SharingCapability: ExternalUserAndGuestSharing
+          - Command: Set-SPOTenant
+            Splat:
               DefaultSharingLinkType: AnonymousAccess
         Postconditions: []
         ExpectedResult: false
@@ -400,13 +402,8 @@ TestPlan:
   - PolicyId: MS.SHAREPOINT.4.2v1
     TestDriver: RunScuba
     Tests:
-      - TestDescription: MS.SHAREPOINT.4.2v1 Non-compliant DenyAddAndCustomizePages disabled
-        Preconditions:
-          - Command: '$Site=[System.Uri]((Get-SPOSite)[0].Url);Set-SPOSite -Identity "$($Site.Scheme)://$($Site.Authority)" -DenyAddAndCustomizePages:$false'
+      - TestDescription: MS.SHAREPOINT.4.2v1 Non-compliant DenyAddAndCustomizePages Not-Implemented
+        Preconditions: []
         Postconditions: []
+        IsNotChecked: true
         ExpectedResult: false
-      - TestDescription: MS.SHAREPOINT.4.2v1 Compliant DenyAddAndCustomizePages enabled
-        Preconditions:
-          - Command: '$Site=[System.Uri]((Get-SPOSite)[0].Url);Set-SPOSite -Identity "$($Site.Scheme)://$($Site.Authority)" -DenyAddAndCustomizePages:$true'
-        Postconditions: []
-        ExpectedResult: true