add: parameter validation updates and new public function

2024-12-26 16:06:11 -06:00
parent af17eb1c2e
commit ef4bc4dcbd
2 changed files with 36 additions and 15 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,9 +9,12 @@ The format is based on and uses the types of changes according to [Keep a Change
 - Link to App Authentication documentation in `New-M365SecurityAuditAuthObject` help file.
 - TestDefinitions-v4.0.0.csv file to the helper folder for version choices.
 - Test Definition Placeholders
- Added steps to function to account for new logic and create an updated test definition object when version 4.0.0 is selected.
+- Steps to function to account for new logic and create an updated test definition object when version 4.0.0 is selected.
 - Test-AdministrativeAccountCompliance4 function for v4.0.0 rec# 1.1.1 test.
 - Updated Get-CISMgOutput function to include the new test definition case for 1.1.1.
+- New public function for generating version specific lists of recommendation numbers.
+- Check in main public function to check for 4.0.0 rec numbers when 3.0.0 is selected as the M365 benchmark version.
+- Rec numbers to include and exclude rec numbers for version 4.0.0 so the 'validate set' works correctly.

 ### Fixed

--- a/source/Public/Invoke-M365SecurityAudit.ps1
+++ b/source/Public/Invoke-M365SecurityAudit.ps1
@@ -124,24 +124,24 @@ function Invoke-M365SecurityAudit {
        # Inclusion of specific recommendation numbers
        [Parameter(Mandatory = $true, ParameterSetName = 'RecFilter', HelpMessage = 'Specifies specific recommendations to include in the audit. Accepts an array of recommendation numbers.')]
        [ValidateSet(
-            '1.1.1', '1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
-                '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '5.1.2.3', `
-                '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', `
-                '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', '7.2.3', '7.2.4', `
-                '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.3.1', '7.3.2', '7.3.4', '8.1.1', `
-                '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', `
+            '1.1.1', '1.1.3', '1.1.4', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
+                '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '2.1.11', '2.1.12', '2.1.13', `
+                '2.1.14', '3.1.1', '5.1.2.3', '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.1.4', '6.2.1', `
+                '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', `
+                '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.3.1', '7.3.2', '7.3.4', `
+                '8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', `
                '8.5.7', '8.6.1'
        )]
        [string[]]$IncludeRecommendation,
        # Exclusion of specific recommendation numbers
        [Parameter(Mandatory = $true, ParameterSetName = 'SkipRecFilter', HelpMessage = 'Specifies specific recommendations to exclude from the audit. Accepts an array of recommendation numbers.')]
        [ValidateSet(
-            '1.1.1', '1.1.3', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
-                '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '3.1.1', '5.1.2.3', `
-                '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.2.1', '6.2.2', '6.2.3', '6.3.1', `
-                '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', '7.2.3', '7.2.4', `
-                '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.3.1', '7.3.2', '7.3.4', '8.1.1', `
-                '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', `
+            '1.1.1', '1.1.3', '1.1.4', '1.2.1', '1.2.2', '1.3.1', '1.3.3', '1.3.6', '2.1.1', '2.1.2', `
+                '2.1.3', '2.1.4', '2.1.5', '2.1.6', '2.1.7', '2.1.9', '2.1.11', '2.1.12', '2.1.13', `
+                '2.1.14', '3.1.1', '5.1.2.3', '5.1.8.1', '6.1.1', '6.1.2', '6.1.3', '6.1.4', '6.2.1', `
+                '6.2.2', '6.2.3', '6.3.1', '6.5.1', '6.5.2', '6.5.3', '7.2.1', '7.2.10', '7.2.2', `
+                '7.2.3', '7.2.4', '7.2.5', '7.2.6', '7.2.7', '7.2.9', '7.3.1', '7.3.2', '7.3.4', `
+                '8.1.1', '8.1.2', '8.2.1', '8.5.1', '8.5.2', '8.5.3', '8.5.4', '8.5.5', '8.5.6', `
                '8.5.7', '8.6.1'
        )]
        [string[]]$SkipRecommendation,
@@ -176,6 +176,24 @@ function Invoke-M365SecurityAudit {
        if ($AuthParams) {
            $script:PnpAuth = $true
        }
+        # Check for 4.0.0 specific tests when in 3.0.0 mode
+        # Test variables for testing 3.0.0 specific tests for included 4.0.0 tests
+        $recNumbersToCheck = @('1.1.4', '2.1.11', '2.1.12', '2.1.13', '2.1.14', '6.1.4')
+        # $IncludeRecommendation = '1.1.1','1.1.4'
+        # $Version = '3.0.0'
+        if ($IncludeRecommendation) {
+            if ($Version -ne '4.0.0') {
+                $foundRecNumbers = @()
+                foreach ($rec in $recNumbersToCheck) {
+                    if ($IncludeRecommendation -contains $rec) {
+                        $foundRecNumbers += $rec
+                    }
+                }
+                if ($foundRecNumbers.Count -gt 0) {
+                    throw "Check the '-IncludeRecommendation' parameter. The following test numbers are not available in the 3.0.0 version: $($foundRecNumbers -join ', ')"
+                }
+            }
+        }
        # Ensure required modules are installed
        $requiredModules = Get-RequiredModule -AuditFunction
        # Format the required modules list
@@ -313,6 +331,6 @@ function Invoke-M365SecurityAudit {
        }
    }
    End {
-
+        # Placeholder
    }
-}
+}