From e1ef81a2492cd282093f09955695e6b16c32281b Mon Sep 17 00:00:00 2001 From: DrIOS <58635327+DrIOSX@users.noreply.github.com> Date: Mon, 30 Dec 2024 13:52:34 -0600 Subject: [PATCH] fix: return when higest policy passes. --- CHANGELOG.md | 4 +++- source/Private/Get-ScopeOverlap.ps1 | 1 - source/tests/Test-AntiPhishingPolicy4.ps1 | 10 ++++++---- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 498a574..ac20672 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The format is based on and uses the types of changes according to [Keep a Change - Steps to function to account for new logic and create an updated test definition object when version 4.0.0 is selected. - Test-AdministrativeAccountCompliance4 function for v4.0.0 rec# 1.1.1 test. - Updated Get-CISMgOutput function to include the new test definition case for 1.1.1,1.1.4 and 2.1.7. +- Updated Get-CISExoOutput function to include the new test definition case for 2.1.7. - New public function for generating version specific lists of recommendation numbers. - Check in main public function to check for 4.0.0 rec numbers when 3.0.0 is selected as the M365 benchmark version. - Rec numbers to include and exclude rec numbers for version 4.0.0 so the 'validate set' works correctly. @@ -20,7 +21,8 @@ The format is based on and uses the types of changes according to [Keep a Change ### Fixed -- Fixed Pnp PowerShell MgGraph assembly load error with workaround to load the mggraph assembly as soon as it's imported with a call to Get-MgGroup. +- Fixed Pnp PowerShell MgGraph assembly load error with workaround to load the MgGraph assembly as soon as it's imported with a call to Get-MgGroup. +- Phish policy test to return if highest priority policy conforms to the benchmark. ## [0.1.26] - 2024-08-04 diff --git a/source/Private/Get-ScopeOverlap.ps1 b/source/Private/Get-ScopeOverlap.ps1 index e6d0eb1..069b283 100644 --- a/source/Private/Get-ScopeOverlap.ps1 +++ b/source/Private/Get-ScopeOverlap.ps1 @@ -3,7 +3,6 @@ function Get-ScopeOverlap { param ( [Parameter(Mandatory = $true)] [PSCustomObject]$Policy, - [Parameter(Mandatory = $true)] [PSCustomObject[]]$OtherPolicies ) diff --git a/source/tests/Test-AntiPhishingPolicy4.ps1 b/source/tests/Test-AntiPhishingPolicy4.ps1 index d0b5b92..a8f4cab 100644 --- a/source/tests/Test-AntiPhishingPolicy4.ps1 +++ b/source/tests/Test-AntiPhishingPolicy4.ps1 @@ -31,10 +31,8 @@ function Test-AntiPhishingPolicy4 { if ($isCompliant) { $strictStandardCompliant = $true $compliantPolicies += $policy.Name - # If Strict is compliant, stop evaluating further - if ($policy.Name -eq 'Strict Preset Security Policy') { - break - } + Write-Verbose "Compliant policy found: $($policy.Name). Ending evaluation." + return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($policy.Name)" -FailureReason 'None' } else { $nonCompliantPolicies += $policy.Name } @@ -57,6 +55,8 @@ function Test-AntiPhishingPolicy4 { $isCompliant = Get-PhishPolicyCompliance -policy $policy if ($isCompliant) { $compliantPolicies += $policy.Name + Write-Verbose "Compliant custom policy found: $($policy.Name). Ending evaluation." + return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($policy.Name)" -FailureReason 'None' } else { $nonCompliantPolicies += $policy.Name } @@ -78,6 +78,8 @@ function Test-AntiPhishingPolicy4 { $isCompliant = Get-PhishPolicyCompliance -policy $defaultPolicy if ($isCompliant) { $compliantPolicies += $defaultPolicy.Name + Write-Verbose "Compliant default policy found: $($defaultPolicy.Name)." + return Initialize-CISAuditResult -Rec $RecNum -Result $true -Status 'Pass' -Details "Compliant Policies: $($defaultPolicy.Name)" -FailureReason 'None' } else { $nonCompliantPolicies += $defaultPolicy.Name }