fix: 6.2.2 aligned with test-template

2024-05-28 11:29:07 -05:00
parent 3cf76bb6b3
commit c752b7e4fd
1 changed files with 34 additions and 23 deletions
--- a/source/tests/Test-NoWhitelistDomains.ps1
+++ b/source/tests/Test-NoWhitelistDomains.ps1
@@ -1,47 +1,58 @@
 function Test-NoWhitelistDomains {
    [CmdletBinding()]
    param (
+        # Aligned
        # Define your parameters here
    )

    begin {
-        # Initialization code
-
-        $auditResult = [CISAuditResult]::new()
+        # Dot source the class script if necessary
+        #. .\source\Classes\CISAuditResult.ps1
+        # Initialization code, if needed
    }

    process {
        # 6.2.2 (L1) Ensure mail transport rules do not whitelist specific domains
-        $whitelistedRules = Get-TransportRule | Where-Object { $_.SetSCL -eq -1 -and $_.SenderDomainIs -ne $null }

-        $auditResult.CISControl = "0.0"
-        $auditResult.CISControlVer = "v8"
-        $auditResult.CISDescription = "Explicitly Not Mapped"
+        # Retrieve transport rules that whitelist specific domains
+        $whitelistedRules = Get-TransportRule | Where-Object { $_.SetSCL -eq -1 -and $null -ne $_.SenderDomainIs }

-        $auditResult.Rec = "6.2.2"
+        # Prepare failure reasons and details based on compliance
+        $failureReasons = if ($whitelistedRules) {
+            "There are transport rules whitelisting specific domains."
+        }
+        else {
+            "N/A"
+        }
+
+        $details = if ($whitelistedRules) {
+            $ruleDetails = $whitelistedRules | ForEach-Object { "{0}: {1}" -f $_.Name, ($_.SenderDomainIs -join ', ') }
+            "Whitelisted Rules: $($ruleDetails -join '; ')"
+        }
+        else {
+            "No transport rules whitelisting specific domains found."
+        }
+
+        # Create and populate the CISAuditResult object
+        $auditResult = [CISAuditResult]::new()
+        $auditResult.Status = if ($whitelistedRules) { "Fail" } else { "Pass" }
        $auditResult.ELevel = "E3"
        $auditResult.ProfileLevel = "L1"
+        $auditResult.Rec = "6.2.2"
+        $auditResult.RecDescription = "Ensure mail transport rules do not whitelist specific domains"
+        $auditResult.CISControlVer = "v8"
+        $auditResult.CISControl = "0.0"
+        $auditResult.CISDescription = "Explicitly Not Mapped"
        $auditResult.IG1 = $false
        $auditResult.IG2 = $false
        $auditResult.IG3 = $false
-        $auditResult.RecDescription = "Ensure mail transport rules do not whitelist specific domains"
-
-        if ($whitelistedRules) {
-            $ruleDetails = $whitelistedRules | ForEach-Object { "{0}: {1}" -f $_.Name, ($_.SenderDomainIs -join ', ') }
-            $auditResult.Result = $false
-            $auditResult.Details = "Whitelisted Rules: $($ruleDetails -join '; ')"
-            $auditResult.FailureReason = "There are transport rules whitelisting specific domains."
-            $auditResult.Status = "Fail"
-        } else {
-            $auditResult.Result = $true
-            $auditResult.Details = "No transport rules whitelisting specific domains found."
-            $auditResult.FailureReason = "N/A"
-            $auditResult.Status = "Pass"
-        }
+        $auditResult.Result = -not $whitelistedRules
+        $auditResult.Details = $details
+        $auditResult.FailureReason = $failureReasons
    }

    end {
        # Return auditResult
        return $auditResult
    }
-}
+}