vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Delete test-gh.ps1

Browse Source
This commit is contained in:
Doug Rios
2024-06-15 16:16:31 -05:00
committed by GitHub
parent 3211ebc089
commit 919d6cdd08
1 changed files with 0 additions and 536 deletions
Download Patch File Download Diff File Expand all files Collapse all files

536
test-gh.ps1
View File

@@ -1,536 +0,0 @@
# Refresh authentication to ensure the correct scopes
gh auth refresh -s project,read:project,write:project,repo
# Create the project
gh project create --owner CriticalSolutionsNetwork --title "Test Validation Project"
$repoOwner = "CriticalSolutionsNetwork"
$repoName = "M365FoundationsCISReport"
$directoryPath = ".\source\tests"
$projectName = "Test Validation Project"
# Function to create GitHub issues
function Create-GitHubIssue {
param (
[string]$title,
[string]$body,
[string]$project
)
# Create the issue and add it to the specified project
$issue = gh issue create --repo "$repoOwner/$repoName" --title "$title" --body "$body" --project "$project"
return $issue
}
# Load test definitions from CSV
$testDefinitionsPath = ".\source\helper\TestDefinitions.csv"
$testDefinitions = Import-Csv -Path $testDefinitionsPath
# Iterate over each .ps1 file in the directory
Get-ChildItem -Path $directoryPath -Filter "*.ps1" | ForEach-Object {
$fileName = $_.Name
$testDefinition = $testDefinitions | Where-Object { $_.TestFileName -eq $fileName }
if ($testDefinition) {
$rec = $testDefinition.Rec
$elevel = $testDefinition.ELevel
$profileLevel = $testDefinition.ProfileLevel
$ig1 = $testDefinition.IG1
$ig2 = $testDefinition.IG2
$ig3 = $testDefinition.IG3
$connection = $testDefinition.Connection
$issueTitle = "Rec: $rec - Validate $fileName, ELevel: $elevel, ProfileLevel: $profileLevel, IG1: $ig1, IG2: $ig2, IG3: $ig3, Connection: $connection"
$issueBody = @"
# Validation for $fileName
## Tasks
- [ ] Validate test for a pass
- Description of passing criteria:
- [ ] Validate test for a fail
- Description of failing criteria:
- [ ] Add notes and observations
- Placeholder for additional notes:
"@
# Create the issue using GitHub CLI
try {
Create-GitHubIssue -title "$issueTitle" -body "$issueBody" -project "$projectName"
Write-Output "Created issue for $fileName"
} catch {
Write-Error "Failed to create issue for $fileName : $_"
}
# Introduce a delay of 2 seconds
Start-Sleep -Seconds 2
} else {
Write-Warning "No matching test definition found for $fileName"
}
}
##########################################################################################################################################
$repoOwner = "CriticalSolutionsNetwork"
$repoName = "M365FoundationsCISReport"
$directoryPath = ".\source\tests"
$projectName = "Test Validation Project"
# Function to create GitHub issues
function Create-GitHubIssue {
param (
[string]$title,
[string]$body,
[string]$project
)
# Create the issue and add it to the specified project
$issue = gh issue create --repo "$repoOwner/$repoName" --title "$title" --body "$body" --project "$project"
return $issue
}
# Load test definitions from CSV
$testDefinitionsPath = ".\source\helper\TestDefinitions.csv"
$testDefinitions = Import-Csv -Path $testDefinitionsPath
# Iterate over each .ps1 file in the directory
Get-ChildItem -Path $directoryPath -Filter "*.ps1" | ForEach-Object {
$fileName = $_.Name
$testDefinition = $testDefinitions | Where-Object { $_.TestFileName -eq $fileName }
if ($testDefinition) {
$rec = $testDefinition.Rec
$elevel = $testDefinition.ELevel
$profileLevel = $testDefinition.ProfileLevel
$ig1 = $testDefinition.IG1
$ig2 = $testDefinition.IG2
$ig3 = $testDefinition.IG3
$connection = $testDefinition.Connection
$issueTitle = "Rec: $rec - Validate $fileName, ELevel: $elevel, ProfileLevel: $profileLevel, IG1: $ig1, IG2: $ig2, IG3: $ig3, Connection: $connection"
$issueBody = @"
# Validation for $fileName
## Tasks
- [ ] Validate test for a pass
- Description of passing criteria:
- [ ] Validate test for a fail
- Description of failing criteria:
- [ ] Add notes and observations
- Placeholder for additional notes:
"@
# Create the issue using GitHub CLI
try {
Create-GitHubIssue -title "$issueTitle" -body "$issueBody" -project "$projectName"
Write-Output "Created issue for $fileName"
}
catch {
Write-Error "Failed to create issue for $fileName`: $_"
}
# Introduce a delay of 2 seconds
Start-Sleep -Seconds 2
}
else {
Write-Warning "No matching test definition found for $fileName"
}
}
######################################
$repoOwner = "CriticalSolutionsNetwork"
$repoName = "M365FoundationsCISReport"
# Function to update GitHub issue
function Update-GitHubTIssue {
param (
[int]$issueNumber,
[string]$title,
[string]$body,
[string]$owner,
[string]$repositoryName
)
# Update the issue using Set-GitHubIssue
Set-GitHubIssue -OwnerName $owner -RepositoryName $repositoryName -Issue $issueNumber -Title $title -Body $body -Label @("documentation", "help wanted", "question") -Confirm:$false
}
# Load test definitions from CSV
$testDefinitionsPath = ".\source\helper\TestDefinitions.csv"
$testDefinitions = Import-Csv -Path $testDefinitionsPath
# Fetch existing issues that start with "Rec:"
$existingIssues = Get-GitHubIssue -OwnerName 'CriticalSolutionsNetwork' -RepositoryName 'M365FoundationsCISReport'
# Create a list to hold matched issues
$matchedIssues = @()
$warnings = @()
# Iterate over each existing issue
$existingIssues | ForEach-Object {
$issueNumber = $_.Number
$issueTitle = $_.Title
$issueBody = $_.Body
# Extract the rec number from the issue title
if ($issueTitle -match "Rec: (\d+\.\d+\.\d+)") {
$rec = $matches[1]
# Find the matching test definition based on rec number
$testDefinition = $testDefinitions | Where-Object { $_.Rec -eq $rec }
if ($testDefinition) {
# Create the new issue body
$newIssueBody = @"
# Validation for $($testDefinition.TestFileName)
## Recommendation Details
- **Recommendation**: $($testDefinition.Rec)
- **Description**: $($testDefinition.RecDescription)
- **ELevel**: $($testDefinition.ELevel)
- **Profile Level**: $($testDefinition.ProfileLevel)
- **CIS Control**: $($testDefinition.CISControl)
- **CIS Description**: $($testDefinition.CISDescription)
- **Implementation Group 1**: $($testDefinition.IG1)
- **Implementation Group 2**: $($testDefinition.IG2)
- **Implementation Group 3**: $($testDefinition.IG3)
- **Automated**: $($testDefinition.Automated)
- **Connection**: $($testDefinition.Connection)
## [$($testDefinition.TestFileName)](https://github.com/CriticalSolutionsNetwork/M365FoundationsCISReport/blob/main/source/tests/$($testDefinition.TestFileName))
## Tasks
### Validate recommendation details
- [ ] Confirm that the recommendation details are accurate and complete as per the CIS benchmark.
### Validate test for a pass
- [ ] Confirm that the automated test results align with the manual audit steps outlined in the CIS benchmark.
- Specific conditions to check:
- Condition A: (Detail about what constitutes Condition A)
- Condition B: (Detail about what constitutes Condition B)
- Condition C: (Detail about what constitutes Condition C)
### Validate test for a fail
- [ ] Confirm that the failure conditions in the automated test are consistent with the manual audit results.
- Specific conditions to check:
- Condition A: (Detail about what constitutes Condition A)
- Condition B: (Detail about what constitutes Condition B)
- Condition C: (Detail about what constitutes Condition C)
### Add notes and observations
- [ ] Compare the automated audit results with the manual audit steps and provide detailed observations.
- Automated audit produced info consistent with the manual audit test results? (Yes/No)
- Without disclosing any sensitive information, document any discrepancies between the actual output and the expected output.
- Document any error messages, removing any sensitive information before submitting.
- Identify the specific function, line, or section of the script that failed, if known.
- Provide any additional context or observations that might help in troubleshooting.
If needed, the helpers folder in .\source\helpers contains a CSV to assist with locating the test definition.
"@
# Add to matched issues list
$matchedIssues += [PSCustomObject]@{
IssueNumber = $issueNumber
Title = $issueTitle
NewBody = $newIssueBody
}
} else {
$warnings += "No matching test definition found for Rec: $rec"
}
} else {
$warnings += "No matching rec number found in issue title #$issueNumber"
}
}
# Display matched issues for confirmation
if ($matchedIssues.Count -gt 0) {
Write-Output "Matched Issues:"
$matchedIssues | ForEach-Object {
Write-Output $_.Title
}
$confirmation = Read-Host "Do you want to proceed with updating these issues? (yes/no)"
if ($confirmation -eq 'yes') {
# Update the issues
$matchedIssues | ForEach-Object {
try {
Update-GitHubTIssue -issueNumber $_.IssueNumber -title $_.Title -body $_.NewBody -owner $repoOwner -repositoryName $repoName
Write-Output "Updated issue #$($_.IssueNumber)"
} catch {
Write-Error "Failed to update issue #$($_.IssueNumber): $_"
}
# Introduce a delay of 2 seconds
Start-Sleep -Seconds 2
}
} else {
Write-Output "Update canceled by user."
}
} else {
Write-Output "No matched issues found to update."
}
# Display any warnings that were captured
if ($warnings.Count -gt 0) {
Write-Output "Warnings:"
$warnings | ForEach-Object {
Write-Output $_
}
}
# Test command to verify GitHub access
Get-GitHubRepository -OwnerName 'CriticalSolutionsNetwork' -RepositoryName 'M365FoundationsCISReport'
#########################################################################################
connect-MgGraph -Scopes "Directory.Read.All", "Domain.Read.All", "Policy.Read.All", "Organization.Read.All" -NoWelcome
# Retrieve the subscribed SKUs
$sub = Get-MgSubscribedSku -All
# Define the product array
$ProductArray = @(
"Microsoft_Cloud_App_Security_App_Governance_Add_On",
"Defender_Threat_Intelligence",
"THREAT_INTELLIGENCE",
"WIN_DEF_ATP",
"Microsoft_Defender_for_Endpoint_F2",
"DEFENDER_ENDPOINT_P1",
"DEFENDER_ENDPOINT_P1_EDU",
"MDATP_XPLAT",
"MDATP_Server",
"ATP_ENTERPRISE_FACULTY",
"ATA",
"ATP_ENTERPRISE_GOV",
"ATP_ENTERPRISE_USGOV_GCCHIGH",
"THREAT_INTELLIGENCE_GOV",
"TVM_Premium_Standalone",
"TVM_Premium_Add_on",
"ATP_ENTERPRISE",
"Azure_Information_Protection_Premium_P1",
"Azure_Information_Protection_Premium_P2",
"Microsoft_Application_Protection_and_Governance",
"Exchange_Online_Protection",
"Microsoft_365_Defender",
"Cloud_App_Security_Discovery"
)
# Define the hashtable
$ProductHashTable = @{
"App governance add-on to Microsoft Defender for Cloud Apps" = "Microsoft_Cloud_App_Security_App_Governance_Add_On"
"Defender Threat Intelligence" = "Defender_Threat_Intelligence"
"Microsoft Defender for Office 365 (Plan 2)" = "THREAT_INTELLIGENCE"
"Microsoft Defender for Endpoint" = "WIN_DEF_ATP"
"Microsoft Defender for Endpoint F2" = "Microsoft_Defender_for_Endpoint_F2"
"Microsoft Defender for Endpoint P1" = "DEFENDER_ENDPOINT_P1"
"Microsoft Defender for Endpoint P1 for EDU" = "DEFENDER_ENDPOINT_P1_EDU"
"Microsoft Defender for Endpoint P2_XPLAT" = "MDATP_XPLAT"
"Microsoft Defender for Endpoint Server" = "MDATP_Server"
"Microsoft Defender for Office 365 (Plan 1) Faculty" = "ATP_ENTERPRISE_FACULTY"
"Microsoft Defender for Identity" = "ATA"
"Microsoft Defender for Office 365 (Plan 1) GCC" = "ATP_ENTERPRISE_GOV"
"Microsoft Defender for Office 365 (Plan 1)_USGOV_GCCHIGH" = "ATP_ENTERPRISE_USGOV_GCCHIGH"
"Microsoft Defender for Office 365 (Plan 2) GCC" = "THREAT_INTELLIGENCE_GOV"
"Microsoft Defender Vulnerability Management" = "TVM_Premium_Standalone"
"Microsoft Defender Vulnerability Management Add-on" = "TVM_Premium_Add_on"
"Microsoft Defender for Office 365 (Plan 1)" = "ATP_ENTERPRISE"
"Azure Information Protection Premium P1" = "Azure_Information_Protection_Premium_P1"
"Azure Information Protection Premium P2" = "Azure_Information_Protection_Premium_P2"
"Microsoft Application Protection and Governance" = "Microsoft_Application_Protection_and_Governance"
"Exchange Online Protection" = "Exchange_Online_Protection"
"Microsoft 365 Defender" = "Microsoft_365_Defender"
"Cloud App Security Discovery" = "Cloud_App_Security_Discovery"
}
# Reverse the hashtable
$ReverseProductHashTable = @{}
foreach ($key in $ProductHashTable.Keys) {
$ReverseProductHashTable[$ProductHashTable[$key]] = $key
}
# Loop through each SKU and get the enabled security features
$securityFeatures = foreach ($sku in $sub) {
if ($sku.SkuPartNumber -eq "MDATP_XPLAT_EDU") {
Write-Host "the SKU is: `n$($sku | gm)"
[PSCustomObject]@{
Skupartnumber = $sku.skupartnumber
AppliesTo = $sku.AppliesTo
ProvisioningStatus = $sku.ProvisioningStatus
ServicePlanId = $sku.ServicePlanId
ServicePlanName = $sku.ServicePlanName
FriendlyName = "Defender P2 for EDU"
}
}
else {
$sku.serviceplans | Where-Object { $_.serviceplanname -in $ProductArray } | ForEach-Object {
$friendlyName = $ReverseProductHashTable[$_.ServicePlanName]
[PSCustomObject]@{
Skupartnumber = $sku.skupartnumber
AppliesTo = $_.AppliesTo
ProvisioningStatus = $_.ProvisioningStatus
ServicePlanId = $_.ServicePlanId
ServicePlanName = $_.ServicePlanName
FriendlyName = $friendlyName
}
}
}
}
# Output the security features
$securityFeatures | Format-Table -AutoSize
##########
# Ensure the ImportExcel module is available
# Ensure the ImportExcel module is available
if (-not (Get-Module -ListAvailable -Name ImportExcel)) {
Install-Module -Name ImportExcel -Force -Scope CurrentUser
}
# Function to wait until the file is available
function Wait-ForFile {
param (
[string]$FilePath
)
while (Test-Path -Path $FilePath -PathType Leaf -and -not (Get-Content $FilePath -ErrorAction SilentlyContinue)) {
Start-Sleep -Seconds 1
}
}
# Path to the Excel file
$excelFilePath = "C:\Users\dougrios\OneDrive - CRITICALSOLUTIONS NET LLC\Documents\_Tools\Benchies\SKUs.xlsx"
# Wait for the file to be available
# Import the Excel file
$excelData = Import-Excel -Path $excelFilePath
# Retrieve the subscribed SKUs
$subscribedSkus = Get-MgSubscribedSku -All
# Define the hashtable with security-related product names
$ProductHashTable = @{
"App governance add-on to Microsoft Defender for Cloud Apps" = "Microsoft_Cloud_App_Security_App_Governance_Add_On"
"Defender Threat Intelligence" = "Defender_Threat_Intelligence"
"Microsoft Defender for Office 365 (Plan 2)" = "THREAT_INTELLIGENCE"
"Microsoft Defender for Endpoint" = "WIN_DEF_ATP"
"Microsoft Defender for Endpoint F2" = "Microsoft_Defender_for_Endpoint_F2"
"Microsoft Defender for Endpoint P1" = "DEFENDER_ENDPOINT_P1"
"Microsoft Defender for Endpoint P1 for EDU" = "DEFENDER_ENDPOINT_P1_EDU"
"Microsoft Defender for Endpoint P2_XPLAT" = "MDATP_XPLAT"
"Microsoft Defender for Endpoint Server" = "MDATP_Server"
"Microsoft Defender for Office 365 (Plan 1) Faculty" = "ATP_ENTERPRISE_FACULTY"
"Microsoft Defender for Identity" = "ATA"
"Microsoft Defender for Office 365 (Plan 1) GCC" = "ATP_ENTERPRISE_GOV"
"Microsoft Defender for Office 365 (Plan 1)_USGOV_GCCHIGH" = "ATP_ENTERPRISE_USGOV_GCCHIGH"
"Microsoft Defender for Office 365 (Plan 2) GCC" = "THREAT_INTELLIGENCE_GOV"
"Microsoft Defender Vulnerability Management" = "TVM_Premium_Standalone"
"Microsoft Defender Vulnerability Management Add-on" = "TVM_Premium_Add_on"
"Microsoft Defender for Office 365 (Plan 1)" = "ATP_ENTERPRISE"
"Azure Information Protection Premium P1" = "Azure_Information_Protection_Premium_P1"
"Azure Information Protection Premium P2" = "Azure_Information_Protection_Premium_P2"
"Microsoft Application Protection and Governance" = "Microsoft_Application_Protection_and_Governance"
"Exchange Online Protection" = "Exchange_Online_Protection"
"Microsoft 365 Defender" = "Microsoft_365_Defender"
"Cloud App Security Discovery" = "Cloud_App_Security_Discovery"
}
# Create a hashtable to store the SKU part numbers and their associated security features
$skuSecurityFeatures = @{}
# Populate the hashtable with data from the Excel file
foreach ($row in $excelData) {
if ($null -ne $row.'String ID' -and $null -ne $row.'Service plans included (friendly names)') {
$skuSecurityFeatures[$row.'String ID'] = $row.'Service plans included (friendly names)'
}
}
# Display the SKU part numbers and their associated security features
foreach ($sku in $subscribedSkus) {
$skuPartNumber = $sku.SkuPartNumber
if ($skuSecurityFeatures.ContainsKey($skuPartNumber)) {
$securityFeatures = $skuSecurityFeatures[$skuPartNumber]
# Check if the security feature is in the hashtable
$isSecurityFeature = $ProductHashTable.ContainsKey($securityFeatures)
if ($isSecurityFeature) {
Write-Output "SKU Part Number: $skuPartNumber"
Write-Output "Security Features: $securityFeatures (Security-related)"
} else {
Write-Output "SKU Part Number: $skuPartNumber"
Write-Output "Security Features: $securityFeatures"
}
Write-Output "----------------------------"
} else {
Write-Output "SKU Part Number: $skuPartNumber"
Write-Output "Security Features: Not Found in Excel"
Write-Output "----------------------------"
}
}
######DELETE################
# Example object details string
$objectDetails = @"
UserPrincipalName|AuditEnabled|AdminActionsMissing|DelegateActionsMissing|OwnerActionsMissing
aocasio@criticalsolutions.net|True|CP,FB,MV|FB,MV|CR,ML,MV
douglasrios@criticalsolutions.net|True|CP,FB,MV|FB,MV|CR,ML,MV
evamar@criticalsolutions.net|True|CP,FB,MV|FB,MV|CR,ML,MV
helpdesk@criticalsolutions.net|True|CP,FB, MV|FB, MV|CR,ML,MV
tbousliman@criticalsolutions.net|True|CP,FB,MV|FB,MV|CR,ML,MV
"@
# Convert the details string to objects
$detailsObjects = $objectDetails | ConvertFrom-Csv -Delimiter "|"
# Function to expand abbreviated actions back to full names
function Expand-AbbreviatedActions {
param (
[string[]]$AbbreviatedActions,
[hashtable]$Dictionary
)
$expandedActions = @()
foreach ($abbrev in $AbbreviatedActions) {
$fullAction = $Dictionary.GetEnumerator() | Where-Object { $_.Value -eq $abbrev } | Select-Object -ExpandProperty Key
$expandedActions += $fullAction
}
return $expandedActions -join ','
}
# Iterate through each detail object and convert actions
foreach ($detail in $detailsObjects) {
if ($detail.AdminActionsMissing) {
$adminActions = $detail.AdminActionsMissing -split ","
$expandedAdminActions = Expand-AbbreviatedActions -AbbreviatedActions $adminActions -Dictionary (Get-Action -Dictionaries).AdminActions
$detail.AdminActionsMissing = $expandedAdminActions
}
if ($detail.DelegateActionsMissing) {
$delegateActions = $detail.DelegateActionsMissing -split ","
$expandedDelegateActions = Expand-AbbreviatedActions -AbbreviatedActions $delegateActions -Dictionary (Get-Action -Dictionaries).DelegateActions
$detail.DelegateActionsMissing = $expandedDelegateActions
}
if ($detail.OwnerActionsMissing) {
$ownerActions = $detail.OwnerActionsMissing -split ","
$expandedOwnerActions = Expand-AbbreviatedActions -AbbreviatedActions $ownerActions -Dictionary (Get-Action -Dictionaries).OwnerActions
$detail.OwnerActionsMissing = $expandedOwnerActions
}
}
# Output the modified details objects
$detailsObjects