From bd9978a4942c29a0a9b1b2630a78a19394d917ac Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Fri, 27 Dec 2024 15:22:40 -0600 Subject: [PATCH] fix: scope function and antiphishing policy comments --- source/Private/Get-ScopeOverlap.ps1 | 78 +++++++++++++---------- source/tests/Test-AntiPhishingPolicy4.ps1 | 14 ++-- 2 files changed, 53 insertions(+), 39 deletions(-) diff --git a/source/Private/Get-ScopeOverlap.ps1 b/source/Private/Get-ScopeOverlap.ps1 index 74d98c3..e6d0eb1 100644 --- a/source/Private/Get-ScopeOverlap.ps1 +++ b/source/Private/Get-ScopeOverlap.ps1 @@ -2,47 +2,57 @@ function Get-ScopeOverlap { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] - [PSCustomObject]$Policy, # The primary policy whose scope we are evaluating + [PSCustomObject]$Policy, + [Parameter(Mandatory = $true)] - [PSCustomObject[]]$OtherPolicies # A list of other policies to compare for scope overlap + [PSCustomObject[]]$OtherPolicies ) - # Write a verbose message indicating the policy being evaluated for overlap - Write-Verbose "Checking for scope overlap with $($Policy.Name)..." - # Initialize variables to track overlap status and overlapping entities - $overlapDetected = $false # Tracks if any overlap is detected - $overlappingEntities = @() # Stores details of overlapping entities for logging - # Build the scope string of the current policy by concatenating users, groups, and domains - $policyScope = @( - $Policy.Users -join ',', # Users within the policy's scope - $Policy.Groups -join ',', # Groups within the policy's scope - $Policy.Domains -join ',' # Domains within the policy's scope - ) -join ',' # Combine all into a single string - # Iterate through each policy in the list of other policies + Write-Verbose "Checking for scope overlap with policy: $($Policy.Name)..." + $overlapDetected = $false + $overlappingDetails = @() + # Extract the correct scope properties for the current policy + $policyScope = @{ + Users = $Policy.TargetedUsersToProtect + Domains = $Policy.TargetedDomainsToProtect + } + # Log the current policy's scope + foreach ($key in $policyScope.Keys) { + Write-Verbose "Policy $($Policy.Name) $key scope: $($policyScope[$key] -join ', ')" + } + # Compare with the scope of other policies foreach ($otherPolicy in $OtherPolicies) { - if ($null -ne $otherPolicy) { # Skip null or empty policies - # Build the scope string for the other policy - $otherScope = @( - $otherPolicy.Users -join ',', # Users within the other policy's scope - $otherPolicy.Groups -join ',', # Groups within the other policy's scope - $otherPolicy.Domains -join ',' # Domains within the other policy's scope - ) -join ',' # Combine all into a single string - # Check if the current policy's scope matches any part of the other policy's scope - if ($policyScope -match $otherScope) { - $overlapDetected = $true # Mark overlap as detected - # Log overlapping entities for clarity - $overlappingEntities += @( - "Users: $($otherPolicy.Users)", - "Groups: $($otherPolicy.Groups)", - "Domains: $($otherPolicy.Domains)" - ) - Write-Verbose "Overlap detected between $($Policy.Name) and $($otherPolicy.Name)." # Log the overlap + if ($null -ne $otherPolicy) { + # Extract the correct scope properties for the other policy + $otherScope = @{ + Users = $otherPolicy.TargetedUsersToProtect + Domains = $otherPolicy.TargetedDomainsToProtect + } + # Log the other policy's scope + Write-Verbose "Comparing with policy: $($otherPolicy.Name)..." + foreach ($key in $otherScope.Keys) { + Write-Verbose "$($otherPolicy.Name) $key scope: $($otherScope[$key] -join ', ')" + } + # Compare scopes (intersection) and detect overlap + foreach ($key in $policyScope.Keys) { + $overlap = $policyScope[$key] | Where-Object { $otherScope[$key] -contains $_ } + if ($overlap) { + $overlapDetected = $true + $overlappingDetails += "Overlap detected in $key between $($Policy.Name) and $($otherPolicy.Name): $($overlap -join ', ')" + Write-Verbose "Overlap detected in $key`: $($overlap -join ', ')" + } else { + Write-Verbose "No overlap detected for $key between $($Policy.Name) and $($otherPolicy.Name)." + } } } } - # If overlap is detected, log the specific overlapping entities + # Provide a clear summary of overlapping details if ($overlapDetected) { - Write-Verbose "Overlapping entities: $($overlappingEntities -join '; ')" # Log overlapping users, groups, or domains + Write-Verbose "Summary of overlaps for policy $($Policy.Name):" + foreach ($detail in $overlappingDetails) { + Write-Verbose " $detail" + } + } else { + Write-Verbose "No overlapping entities found for policy $($Policy.Name)." } - # Return whether overlap was detected (true/false) return $overlapDetected } diff --git a/source/tests/Test-AntiPhishingPolicy4.ps1 b/source/tests/Test-AntiPhishingPolicy4.ps1 index 0185bf9..d0b5b92 100644 --- a/source/tests/Test-AntiPhishingPolicy4.ps1 +++ b/source/tests/Test-AntiPhishingPolicy4.ps1 @@ -26,11 +26,15 @@ function Test-AntiPhishingPolicy4 { $strictStandardCompliant = $false foreach ($policy in @($strictPolicy, $standardPolicy)) { if ($null -ne $policy) { - # Check if the strict or standard policy is compliant + # Check if the Strict or Standard policy is compliant $isCompliant = Get-PhishPolicyCompliance -policy $policy if ($isCompliant) { $strictStandardCompliant = $true $compliantPolicies += $policy.Name + # If Strict is compliant, stop evaluating further + if ($policy.Name -eq 'Strict Preset Security Policy') { + break + } } else { $nonCompliantPolicies += $policy.Name } @@ -39,8 +43,8 @@ function Test-AntiPhishingPolicy4 { # Step 3: Evaluate custom policies if strict and standard are not compliant if (-not $strictStandardCompliant) { Write-Verbose 'Evaluating custom policies for compliance...' - # Filter custom policies that match any rules in $antiPhishRules and sort by priority - $customPolicies = $antiPhishPolicies | Where-Object { $antiPhishRules.AntiPhishPolicy -contains $_.Name } + # Filter custom policies using $antiPhishRules to exclude default, strict, and standard + $customPolicies = $antiPhishPolicies | Where-Object { $antiPhishRules.AntiPhishPolicy -contains $_.Name -and $_.Name -notin @('Strict Preset Security Policy', 'Standard Preset Security Policy', 'Office365 AntiPhish Default') } $customPolicies = $customPolicies | Sort-Object -Property { $antiPhishRules | Where-Object { $_.AntiPhishPolicy -eq $_.Name } | Select-Object -ExpandProperty Priority } foreach ($policy in $customPolicies) { # Check for scope overlap between custom policies and strict/standard policies @@ -65,7 +69,7 @@ function Test-AntiPhishingPolicy4 { $defaultPolicy = $antiPhishPolicies | Where-Object { $_.Name -eq 'Office365 AntiPhish Default' } if ($null -ne $defaultPolicy) { # Check for scope overlap between the default policy and other policies - $scopeOverlap = Get-ScopeOverlap -Policy $defaultPolicy -OtherPolicies @($strictPolicy, $standardPolicy, $antiPhishPolicies | Where-Object { $_.Name -ne 'Office365 AntiPhish Default' }) + $scopeOverlap = Get-ScopeOverlap -Policy $defaultPolicy -OtherPolicies @($strictPolicy, $standardPolicy, $customPolicies) if ($scopeOverlap) { $failureReasons += "Default policy overlaps with other scoped policies." $nonCompliantPolicies += $defaultPolicy.Name @@ -111,4 +115,4 @@ function Test-AntiPhishingPolicy4 { # Return the audit result object return $auditResult } -} \ No newline at end of file +}