From b0486c3f23fa2d0cffbec769faa34c043d595384 Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Fri, 28 Jun 2024 18:33:27 -0500 Subject: [PATCH] fix: 1.3.3 simplified output and added object comment --- source/Private/Get-CISExoOutput.ps1 | 27 ++++++++++++ .../tests/Test-ExternalSharingCalendars.ps1 | 43 ++++++++++++++++--- 2 files changed, 63 insertions(+), 7 deletions(-) diff --git a/source/Private/Get-CISExoOutput.ps1 b/source/Private/Get-CISExoOutput.ps1 index 59bae99..ff07d3d 100644 --- a/source/Private/Get-CISExoOutput.ps1 +++ b/source/Private/Get-CISExoOutput.ps1 @@ -65,6 +65,33 @@ function Get-CISExoOutput { # [psobject[]] return $sharingPolicies } + '1.3.3b' { + $mailboxes = Get-Mailbox -ResultSize Unlimited + $results = foreach ($mailbox in $mailboxes) { + # Get the name of the default calendar folder (depends on the mailbox's language) + $calendarFolder = [string](Get-ExoMailboxFolderStatistics $mailbox.PrimarySmtpAddress -FolderScope Calendar | Where-Object {$_.FolderType -eq 'Calendar'}).Name + Write-Verbose "Calendar folder for $($mailbox.PrimarySmtpAddress): $calendarFolder" + # Get users calendar folder settings for their default Calendar folder + # calendar has the format identity:\ + $calendar = Get-MailboxCalendarFolder -Identity "$($mailbox.PrimarySmtpAddress):\$calendarFolder" + #Write-Host "Calendar object for $($mailbox.PrimarySmtpAddress): $calendar" + Write-Verbose "Calendar publishing enabled: $($calendar.PublishEnabled)" + # Check if calendar publishing is enabled and create a custom object + if ($calendar.PublishEnabled) { + [PSCustomObject]@{ + PrimarySmtpAddress = $mailbox.PrimarySmtpAddress + CalendarFolder = $calendarFolder + PublishEnabled = $calendar.PublishEnabled + PublishedCalendarUrl = $calendar.PublishedCalendarUrl + } + } + } + $calendarDetails = @() + foreach ($calendar in $results) { + $calendarDetails += "Calendar: $($calendar.PrimarySmtpAddress); URL: $($calendar.PublishedCalendarUrl)" + } + return $calendarDetails + } '1.3.6' { # Test-CustomerLockbox.ps1 # Step: Retrieve the organization configuration (Condition C: Pass/Fail) diff --git a/source/tests/Test-ExternalSharingCalendars.ps1 b/source/tests/Test-ExternalSharingCalendars.ps1 index ba0d8a3..05f0aae 100644 --- a/source/tests/Test-ExternalSharingCalendars.ps1 +++ b/source/tests/Test-ExternalSharingCalendars.ps1 @@ -12,7 +12,7 @@ function Test-ExternalSharingCalendars { # Initialization code, if needed $recnum = "1.3.3" - + Write-Verbose "Running Test-ExternalSharingCalendars Rec#: $recnum" # Conditions for 1.3.3 (L2) Ensure 'External sharing' of calendars is not available (Automated) # # Validate test for a pass: @@ -31,8 +31,16 @@ function Test-ExternalSharingCalendars { process { try { # Step: Retrieve sharing policies related to calendar sharing + # $sharingPolicies Mock Object + <# + $mockPolicy = [PSCustomObject]@{ + Name = "Default Sharing Policy" + Domains = @("Anonymous:CalendarSharingFreeBusySimple") + Enabled = $true + Default = $true + } + #> $sharingPolicies = Get-CISExoOutput -Rec $recnum - # Step (Condition A & B: Pass/Fail): Check if calendar sharing is disabled in all applicable policies $isExternalSharingDisabled = $true $sharingPolicyDetails = @() @@ -42,21 +50,42 @@ function Test-ExternalSharingCalendars { $sharingPolicyDetails += "$($policy.Name): Enabled" } } - - # Step: Prepare failure reasons and details based on compliance (Condition A & B: Fail) + # Retrieve calendars with publishing enabled (from 1.3.3b) + # $calendarDetails Mock Object + <# + $mailboxDetails = @( + [PSCustomObject]@{ + Calendar = "user1@example.com" + URL = "https://example.com/calendar/user1" + }, + [PSCustomObject]@{ + Calendar = "user2@example.com" + URL = "https://example.com/calendar/user2" + }, + [PSCustomObject]@{ + Calendar = "user3@example.com" + URL = "https://example.com/calendar/user3" + } + ) + #> + $calendarDetails = Get-CISExoOutput -Rec "$("$recnum" + "b")" + # Build the failure reason string $failureReasons = if (-not $isExternalSharingDisabled) { - "Calendar sharing with external users is enabled in one or more policies." + $baseMessage = "Calendar sharing with external users is enabled in one or more policies." + if ($calendarDetails.Count -gt 0) { + $baseMessage += "`nPrior to remediating, check the following mailboxes that have calendar publishing enabled: `n$($calendarDetails -join '`n')" + } + $baseMessage } else { "N/A" } - # Step: Prepare details for the audit result (Condition A & B: Pass/Fail) $details = if ($isExternalSharingDisabled) { "Calendar sharing with external users is disabled." } else { - "Enabled Sharing Policies: $($sharingPolicyDetails -join ', ')" + "Enabled Sharing Policies:`n$($sharingPolicyDetails -join ', ')" } # Step: Create and populate the CISAuditResult object