From bda739c75bde88f08af89e0cdeb30ce327efcfdb Mon Sep 17 00:00:00 2001
From: mitchelbaker-cisa <mitchel.baker@cisa.dhs.gov>
Date: Mon, 23 Sep 2024 22:47:06 +0000
Subject: [PATCH] update policies 3.1-3.3 NA cases to match baseline
 terminology; updated unit tests

---
 .../ScubaGear/Rego/SharepointConfig.rego      | 41 +++++++-------
 .../Sharepoint/SharepointConfig_01_test.rego  |  4 +-
 .../Sharepoint/SharepointConfig_03_test.rego  | 54 +++++++++----------
 3 files changed, 48 insertions(+), 51 deletions(-)

diff --git a/PowerShell/ScubaGear/Rego/SharepointConfig.rego b/PowerShell/ScubaGear/Rego/SharepointConfig.rego
index c815413e14..7a0d351f1c 100644
--- a/PowerShell/ScubaGear/Rego/SharepointConfig.rego
+++ b/PowerShell/ScubaGear/Rego/SharepointConfig.rego
@@ -41,18 +41,19 @@ Tenant := input.SPO_tenant[0] if {
 
 SharingCapability := Tenant.SharingCapability
 
-SharingString := concat("", [
-    "External Sharing is set to ",
-    SliderSettings(SharingCapability),
-    "."
-])
-
-NAString(SharingSetting) := concat("", [
-    "This policy is only applicable if External Sharing is set to any value other than ",
+NAString(SharingSetting, Negation) := concat("", [
+    "This policy is only applicable if the external sharing slider on the admin page is set to ",
     SharingSetting,
     ". ",
     "See %v for more info"
-])
+]) if Negation == false
+else := concat("", [
+    "This policy is only applicable if the external sharing slider on the admin page is not set to ",
+    SharingSetting,
+    ". ",
+    "See %v for more info"
+]) if Negation == true
+
 
 
 ###################
@@ -160,7 +161,7 @@ tests contains {
 } if {
     SharingCapability == ONLYPEOPLEINORG
     PolicyId := "MS.SHAREPOINT.1.3v1"
-    Reason := NAString(SliderSettings(0))
+    Reason := NAString(SliderSettings(0), true)
 }
 #--
 
@@ -237,9 +238,7 @@ tests contains {
 
 ErrStr := concat(" ", [
     "Requirement not met:",
-    "External Sharing is set to",
-    SliderSettings(SharingCapability),
-    "and expiration date is not set to 30 days or less."
+    "total expiration days are not set to 30 days or less"
 ])
 
 # Standard test to compare against baseline
@@ -274,7 +273,7 @@ tests contains {
 } if {
     PolicyId := "MS.SHAREPOINT.3.1v1"
     SharingCapability != ANYONE
-    Reason := NAString(SliderSettings(2))
+    Reason := NAString(SliderSettings(2), false)
 }
 #--
 
@@ -335,7 +334,7 @@ tests contains {
 } if {
     PolicyId := "MS.SHAREPOINT.3.2v1"
     SharingCapability != ANYONE
-    Reason := NAString(SliderSettings(2))
+    Reason := NAString(SliderSettings(2), false)
 }
 #--
 
@@ -396,10 +395,14 @@ tests contains {
 } if {
     PolicyId := "MS.SHAREPOINT.3.3v1"
     not SharingCapability in [ANYONE, NEWANDEXISTINGGUESTS]
-    Reason := concat(" ", [
-        SharingString,
-        NAString(concat(" ", [SliderSettings(0), "or", SliderSettings(3)]))
-        ])
+    Reason := NAString(
+        concat(" ", [
+            SliderSettings(2), 
+            "or", 
+            SliderSettings(1)
+        ]),
+        false
+    )
 }
 #--
 
diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_01_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_01_test.rego
index 3ae76b0de2..946f24c8d3 100644
--- a/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_01_test.rego
+++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_01_test.rego
@@ -101,8 +101,8 @@ test_SharingDomainRestrictionMode_SharingCapability_OnlyPeopleInOrg_NotApplicabl
     Output := sharepoint.tests with input.SPO_tenant as [SPOTenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing",
-        "is set to any value other than Only People In Your Organization.",
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is not set to Only People In Your Organization.",
         "See %v for more info"
         ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_03_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_03_test.rego
index 63128eceda..527a7707b7 100644
--- a/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_03_test.rego
+++ b/PowerShell/ScubaGear/Testing/Unit/Rego/Sharepoint/SharepointConfig_03_test.rego
@@ -39,9 +39,7 @@ test_SharingCapability_Anyone_LinkExpirationInvalid_Incorrect_V1 if {
 
     ReportDetailsString := concat(" ", [
         "Requirement not met:",
-        "External Sharing is set to",
-        "Anyone",
-        "and expiration date is not set to 30 days or less."
+        "total expiration days are not set to 30 days or less"
     ])
     TestResult("MS.SHAREPOINT.3.1v1", Output, ReportDetailsString, false) == true
 }
@@ -55,9 +53,7 @@ test_SharingCapability_Anyone_LinkExpirationInvalid_Incorrect_V2 if {
 
     ReportDetailsString := concat(" ", [
         "Requirement not met:",
-        "External Sharing is set to",
-        "Anyone",
-        "and expiration date is not set to 30 days or less."
+        "total expiration days are not set to 30 days or less"
     ])
     TestResult("MS.SHAREPOINT.3.1v1", Output, ReportDetailsString, false) == true
 }
@@ -72,8 +68,8 @@ test_SharingCapability_OnlyPeopleInOrg_NotApplicable_V1 if {
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing is set to any value other than Anyone.",
-        "See %v for more info"
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is set to Anyone. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -90,8 +86,8 @@ test_SharingCapability_ExistingGuests_NotApplicable_V1 if {
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing is set to any value other than Anyone.",
-        "See %v for more info"
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is set to Anyone. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -108,8 +104,8 @@ test_SharingCapability_NewExistingGuests_NotApplicable_V1 if {
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing is set to any value other than Anyone.",
-        "See %v for more info"
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is set to Anyone. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -124,8 +120,8 @@ test_SharingCapability_OnlyPeopleInOrg_NotApplicable_V2 if {
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing is set to any value other than Anyone.",
-        "See %v for more info"
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is set to Anyone. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -142,8 +138,8 @@ test_SharingCapability_ExistingGuests_NotApplicable_V2 if {
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing is set to any value other than Anyone.",
-        "See %v for more info"
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is set to Anyone. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -160,8 +156,8 @@ test_SharingCapability_NewExistingGuests_NotApplicable_V2 if {
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing is set to any value other than Anyone.",
-        "See %v for more info"
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is set to Anyone. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -313,8 +309,8 @@ test_File_Folder_AnonymousLinkType_SharingCapability_OnlyPeopleInOrg_NotApplicab
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing is set to any value other than Anyone.",
-        "See %v for more info"
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is set to Anyone. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -330,8 +326,8 @@ test_File_Folder_AnonymousLinkType_SharingCapability_ExistingGuests_NotApplicabl
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing is set to any value other than Anyone.",
-        "See %v for more info"
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is set to Anyone. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -347,8 +343,8 @@ test_File_Folder_AnonymousLinkType_SharingCapability_NewExistingGuests_NotApplic
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "This policy is only applicable if External Sharing is set to any value other than Anyone.",
-        "See %v for more info"
+        "This policy is only applicable if the external sharing slider",
+        "on the admin page is set to Anyone. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -429,9 +425,8 @@ test_EmailAttestationReAuthDays_SharingCapability_OnlyPeopleInOrg_NotApplicable
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "External Sharing is set to Only People In Your Organization.",
-        "This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization",
-        "or Existing Guests. See %v for more info"
+        "This policy is only applicable if the external sharing slider on the admin page",
+        "is set to Anyone or New and Existing Guests. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }
@@ -446,9 +441,8 @@ test_EmailAttestationReAuthDays_SharingCapability_ExistingGuests_NotApplicable i
     Output := sharepoint.tests with input.SPO_tenant as [Tenant]
 
     ReportDetailsString := concat(" ", [
-        "External Sharing is set to Existing Guests.",
-        "This policy is only applicable if External Sharing is set to any value other than Only People In Your Organization",
-        "or Existing Guests. See %v for more info"
+        "This policy is only applicable if the external sharing slider on the admin page",
+        "is set to Anyone or New and Existing Guests. See %v for more info"
     ])
     TestResult(PolicyId, Output, CheckedSkippedDetails(PolicyId, ReportDetailsString), false) == true
 }