vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: improve output of 7.3.4

Browse Source
This commit is contained in:
DrIOS
2024-06-07 18:08:15 -05:00
parent c6bdad0477
commit 8922ea12cd
1 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
source/tests/Test-RestrictCustomScripts.ps1
View File

@@ -7,39 +7,52 @@ function Test-RestrictCustomScripts {
begin { begin {
# Dot source the class script if necessary # Dot source the class script if necessary
# . .\source\Classes\CISAuditResult.ps1 # . .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed # Initialization code, if needed
$recnum = "7.3.4" $recnum = "7.3.4"
} }
process { process {
try { try {
# 7.3.4 (L1) Ensure custom script execution is restricted on site collections # 7.3.4 (L1) Ensure custom script execution is restricted on site collections
# Retrieve all site collections and select necessary properties # Retrieve all site collections and select necessary properties
$SPOSitesCustomScript = Get-SPOSite -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages $SPOSitesCustomScript = Get-SPOSite -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages
# Find sites where custom scripts are allowed (DenyAddAndCustomizePages is not 'Enabled') # Replace 'sharepoint.com' with '<sptld>'
$customScriptAllowedSites = $SPOSitesCustomScript | Where-Object { $_.DenyAddAndCustomizePages -ne 'Enabled' } $processedUrls = $SPOSitesCustomScript | ForEach-Object {
$_.Url = $_.Url -replace 'sharepoint\.com', '<sptld>'
$_
}
# Extract hostnames and find the most used one
$hostnames = $processedUrls.Url | ForEach-Object { $_ -match '^https://([^\.]+)\.' | Out-Null; $matches[1] }
$mostUsedHostname = $hostnames | Group-Object | Sort-Object Count -Descending | Select-Object -First 1 -ExpandProperty Name
# Compliance is true if no sites allow custom scripts # Compliance is true if no sites allow custom scripts
$customScriptAllowedSites = $processedUrls | Where-Object { $_.DenyAddAndCustomizePages -ne 'Enabled' }
$complianceResult = $customScriptAllowedSites.Count -eq 0 $complianceResult = $customScriptAllowedSites.Count -eq 0
# Gather details for non-compliant sites (where custom scripts are allowed)
$nonCompliantSiteDetails = $customScriptAllowedSites | ForEach-Object {
$url = $_.Url -replace [regex]::Escape($mostUsedHostname), "<corp>"
"$(if ($_.Title) {$_.Title} else {"NoTitle"})|$url|$true"
}
# Prepare failure reasons and details based on compliance # Prepare failure reasons and details based on compliance
$failureReasons = if ($complianceResult) { $failureReasons = if (-not $complianceResult) {
"Title|Url|CustomScriptAllowed`n" + ($nonCompliantSiteDetails -join "`n")
}
else {
"N/A" "N/A"
} else {
"The following site collections allow custom script execution:"
} }
$details = if ($complianceResult) { $details = if ($complianceResult) {
"All site collections have custom script execution restricted" "All site collections have custom script execution restricted"
} else {
# Create pipe-separated table for non-compliant sites
$nonCompliantSiteDetails = $customScriptAllowedSites | ForEach-Object {
$title = if ($_.Title) { $_.Title } else { "No Title" }
"$title|$($_.Url)|True"
} }
"Title|Url|CustomScriptAllowed`n" + ($nonCompliantSiteDetails -join "`n") else {
"Some site collections are not restricting custom script execution. Review FailureReason property for sites that are not aligned with the benchmark."
} }
# Create and populate the CISAuditResult object # Create and populate the CISAuditResult object