Add: error handling to tests

2024-06-04 17:04:18 -05:00
parent 5c60f39dad
commit 2027e8b21b
54 changed files with 1545 additions and 1039 deletions
--- a/source/tests/Test-RestrictOutlookAddins.ps1
+++ b/source/tests/Test-RestrictOutlookAddins.ps1
@@ -12,63 +12,72 @@ function Test-RestrictOutlookAddins {
        $customPolicyFailures = @()
        $defaultPolicyFailureDetails = @()
        $relevantRoles = @('My Custom Apps', 'My Marketplace Apps', 'My ReadWriteMailbox Apps')
+        $recnum = "6.3.1"
    }

    process {
-        # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed
+        try {
+            # 6.3.1 (L2) Ensure users installing Outlook add-ins is not allowed

-        # Check all mailboxes for custom policies with unallowed add-ins
-        $roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy
+            # Check all mailboxes for custom policies with unallowed add-ins
+            $roleAssignmentPolicies = Get-EXOMailbox | Select-Object -Unique RoleAssignmentPolicy

-        if ($roleAssignmentPolicies.RoleAssignmentPolicy) {
-            foreach ($policy in $roleAssignmentPolicies) {
-                if ($policy.RoleAssignmentPolicy) {
-                    $rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy
-                    $foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles }
-                    if ($foundRoles) {
-                        $customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')"
+            if ($roleAssignmentPolicies.RoleAssignmentPolicy) {
+                foreach ($policy in $roleAssignmentPolicies) {
+                    if ($policy.RoleAssignmentPolicy) {
+                        $rolePolicyDetails = Get-RoleAssignmentPolicy -Identity $policy.RoleAssignmentPolicy
+                        $foundRoles = $rolePolicyDetails.AssignedRoles | Where-Object { $_ -in $relevantRoles }
+                        if ($foundRoles) {
+                            $customPolicyFailures += "Policy: $($policy.RoleAssignmentPolicy): Roles: $($foundRoles -join ', ')"
+                        }
                    }
                }
            }
-        }

-        # Check Default Role Assignment Policy
-        $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy"
-        $defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
-        if ($defaultPolicyRoles) {
-            $defaultPolicyFailureDetails = $defaultPolicyRoles
-        }
+            # Check Default Role Assignment Policy
+            $defaultPolicy = Get-RoleAssignmentPolicy "Default Role Assignment Policy"
+            $defaultPolicyRoles = $defaultPolicy.AssignedRoles | Where-Object { $_ -in $relevantRoles }
+            if ($defaultPolicyRoles) {
+                $defaultPolicyFailureDetails = $defaultPolicyRoles
+            }

-        # Prepare result details string
-        $detailsString = ""
-        if ($customPolicyFailures) {
-            $detailsString += "Custom Policy Failures: | "
-            $detailsString += ($customPolicyFailures -join " | ")
-        }
-        else {
-            $detailsString += "Custom Policy Failures: None | "
-        }
+            # Prepare result details string
+            $detailsString = ""
+            if ($customPolicyFailures) {
+                $detailsString += "Custom Policy Failures: | "
+                $detailsString += ($customPolicyFailures -join " | ")
+            }
+            else {
+                $detailsString += "Custom Policy Failures: None | "
+            }

-        $detailsString += "Default Role Assignment Policy: "
-        if ($defaultPolicyFailureDetails) {
-            $detailsString += ($defaultPolicyFailureDetails -join ', ')
-        }
-        else {
-            $detailsString += "Compliant"
-        }
+            $detailsString += "Default Role Assignment Policy: "
+            if ($defaultPolicyFailureDetails) {
+                $detailsString += ($defaultPolicyFailureDetails -join ', ')
+            }
+            else {
+                $detailsString += "Compliant"
+            }

-        # Determine result based on findings
-        $isCompliant = -not ($customPolicyFailures -or $defaultPolicyFailureDetails)
+            # Determine result based on findings
+            $isCompliant = -not ($customPolicyFailures -or $defaultPolicyFailureDetails)

-        # Create and populate the CISAuditResult object
-        $params = @{
-            Rec            = "6.3.1"
-            Result         = $isCompliant
-            Status         = if ($isCompliant) { "Pass" } else { "Fail" }
-            Details        = $detailsString
-            FailureReason  = if ($isCompliant) { "N/A" } else { "Unauthorized Outlook add-ins found in custom or default policies." }
+            # Create and populate the CISAuditResult object
+            $params = @{
+                Rec           = $recnum
+                Result        = $isCompliant
+                Status        = if ($isCompliant) { "Pass" } else { "Fail" }
+                Details       = $detailsString
+                FailureReason = if ($isCompliant) { "N/A" } else { "Unauthorized Outlook add-ins found in custom or default policies." }
+            }
+            $auditResult = Initialize-CISAuditResult @params
+        }
+        catch {
+            Write-Error "An error occurred during the test: $_"
+
+            # Call Initialize-CISAuditResult with error parameters
+            $auditResult = Initialize-CISAuditResult -Rec $recnum -Failure
        }
-        $auditResult = Initialize-CISAuditResult @params
    }

    end {