vibecoding/M365FoundationsCISReport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: 7.3.4 aligned with test-template

Browse Source
This commit is contained in:
DrIOS
2024-05-28 13:24:10 -05:00
parent d511ea7b27
commit c7cdaa4bf6
1 changed files with 32 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
source/tests/Test-RestrictCustomScripts.ps1
View File

@@ -1,21 +1,20 @@
function Test-RestrictCustomScripts { function Test-RestrictCustomScripts {
[CmdletBinding()] [CmdletBinding()]
param ( param (
# Aligned
# Define your parameters here if needed # Define your parameters here if needed
) )
#Limit All
begin {
# .TODO Test behavior in Prod
# Dot source the class script
$auditResults = @() begin {
# Dot source the class script if necessary
#. .\source\Classes\CISAuditResult.ps1
# Initialization code, if needed
} }
process { process {
# CIS 2.7 Ensure custom script execution is restricted on site collections # 7.3.4 (L1) Ensure custom script execution is restricted on site collections
# Pass if DenyAddAndCustomizePages is set to true (Enabled). Fail otherwise.
# Get all site collections and select necessary properties # Retrieve all site collections and select necessary properties
$SPOSitesCustomScript = Get-SPOSite -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages $SPOSitesCustomScript = Get-SPOSite -Limit All | Select-Object Title, Url, DenyAddAndCustomizePages
# Find sites where custom scripts are allowed (DenyAddAndCustomizePages is not 'Enabled') # Find sites where custom scripts are allowed (DenyAddAndCustomizePages is not 'Enabled')
@@ -29,42 +28,41 @@ function Test-RestrictCustomScripts {
"$($_.Title) ($($_.Url)): Custom Script Allowed" "$($_.Title) ($($_.Url)): Custom Script Allowed"
} }
# Create an instance of CISAuditResult and populate it # Prepare failure reasons and details based on compliance
$failureReasons = if (-not $complianceResult) {
"The following site collections allow custom script execution: " + ($nonCompliantSiteDetails -join "; ")
}
else {
"N/A"
}
$details = if ($complianceResult) {
"All site collections have custom script execution restricted"
}
else {
$nonCompliantSiteDetails -join "; "
}
# Create and populate the CISAuditResult object
$auditResult = [CISAuditResult]::new() $auditResult = [CISAuditResult]::new()
$auditResult.Status = if ($complianceResult) { "Pass" } else { "Fail" }
$auditResult.ELevel = "E3"
$auditResult.ProfileLevel = "L1"
$auditResult.Rec = "7.3.4"
$auditResult.RecDescription = "Ensure custom script execution is restricted on site collections"
$auditResult.CISControlVer = "v8" $auditResult.CISControlVer = "v8"
$auditResult.CISControl = "2.7" $auditResult.CISControl = "2.7"
$auditResult.CISDescription = "Allowlist Authorized Scripts" $auditResult.CISDescription = "Allowlist Authorized Scripts"
$auditResult.Rec = "7.3.4"
$auditResult.ELevel = "E3"
$auditResult.ProfileLevel = "L1"
$auditResult.IG1 = $false $auditResult.IG1 = $false
$auditResult.IG2 = $false $auditResult.IG2 = $false
$auditResult.IG3 = $true $auditResult.IG3 = $true
$auditResult.RecDescription = "Ensure custom script execution is restricted on site collections"
$auditResult.Result = $complianceResult $auditResult.Result = $complianceResult
$auditResult.Details = if (-not $complianceResult) { $auditResult.Details = $details
$nonCompliantSiteDetails -join "; " $auditResult.FailureReason = $failureReasons
} else {
"All site collections have custom script execution restricted"
} }
$auditResult.FailureReason = if (-not $complianceResult) {
"The following site collections allow custom script execution: " + ($nonCompliantSiteDetails -join "; ")
} else {
"N/A"
}
$auditResult.Status = if ($complianceResult) {
"Pass"
} else {
"Fail"
}
$auditResults += $auditResult
}
end { end {
# Return auditResults # Return auditResult
return $auditResults return $auditResult
} }
} }