mirror of
https://github.com/prowler-cloud/prowler.git
synced 2025-12-19 05:17:47 +00:00
fix(m365): admincenter service unnecessary msgraph calls and repeated resource_id (#9067)
Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com> Co-authored-by: César Arroba <cesar@prowler.com>
This commit is contained in:
Prowler Bot
@@ -21,6 +21,7 @@ All notable changes to the **Prowler SDK** are documented in this file.
|
||||
- Add `resource_name` for checks under `logging` for the GCP provider [(#9023)](https://github.com/prowler-cloud/prowler/pull/9023)
|
||||
- Fix `ec2_instance_with_outdated_ami` check to handle None AMIs [(#9046)](https://github.com/prowler-cloud/prowler/pull/9046)
|
||||
- Handle timestamp when transforming compliance findings in CCC [(#9042)](https://github.com/prowler-cloud/prowler/pull/9042)
|
||||
- Update `resource_id` for admincenter service and avoid unnecessary msgraph requests [(#9019)](https://github.com/prowler-cloud/prowler/pull/9019)
|
||||
|
||||
---
|
||||
|
||||
|
||||
@@ -45,13 +45,13 @@ class AdminCenter(M365Service):
|
||||
asyncio.gather(
|
||||
self._get_directory_roles(),
|
||||
self._get_groups(),
|
||||
self._get_domains(),
|
||||
self._get_password_policy(),
|
||||
)
|
||||
)
|
||||
|
||||
self.directory_roles = attributes[0]
|
||||
self.groups = attributes[1]
|
||||
self.domains = attributes[2]
|
||||
self.password_policy = attributes[2]
|
||||
|
||||
if created_loop:
|
||||
asyncio.set_event_loop(None)
|
||||
@@ -192,34 +192,31 @@ class AdminCenter(M365Service):
|
||||
)
|
||||
return groups
|
||||
|
||||
async def _get_domains(self):
|
||||
logger.info("M365 - Getting domains...")
|
||||
domains = {}
|
||||
async def _get_password_policy(self):
|
||||
logger.info("M365 - Getting password policy...")
|
||||
password_policy = None
|
||||
try:
|
||||
logger.info("M365 - Getting domains...")
|
||||
domains_list = await self.client.domains.get()
|
||||
domains.update({})
|
||||
for domain in domains_list.value:
|
||||
if domain:
|
||||
password_validity_period = getattr(
|
||||
domain, "password_validity_period_in_days", None
|
||||
)
|
||||
if password_validity_period is None:
|
||||
password_validity_period = 0
|
||||
for domain in getattr(domains_list, "value", []) or []:
|
||||
if not domain:
|
||||
continue
|
||||
password_validity_period = getattr(
|
||||
domain, "password_validity_period_in_days", None
|
||||
)
|
||||
if password_validity_period is None:
|
||||
password_validity_period = 0
|
||||
|
||||
domains.update(
|
||||
{
|
||||
domain.id: Domain(
|
||||
id=domain.id,
|
||||
password_validity_period=password_validity_period,
|
||||
)
|
||||
}
|
||||
)
|
||||
password_policy = PasswordPolicy(
|
||||
password_validity_period=password_validity_period,
|
||||
)
|
||||
break
|
||||
|
||||
except Exception as error:
|
||||
logger.error(
|
||||
f"{error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
||||
)
|
||||
return domains
|
||||
return password_policy
|
||||
|
||||
|
||||
class User(BaseModel):
|
||||
@@ -242,8 +239,7 @@ class Group(BaseModel):
|
||||
visibility: Optional[str]
|
||||
|
||||
|
||||
class Domain(BaseModel):
|
||||
id: str
|
||||
class PasswordPolicy(BaseModel):
|
||||
password_validity_period: int
|
||||
|
||||
|
||||
|
||||
@@ -7,11 +7,11 @@ from prowler.providers.m365.services.admincenter.admincenter_client import (
|
||||
|
||||
|
||||
class admincenter_settings_password_never_expire(Check):
|
||||
"""Check if domains have a 'Password never expires' policy.
|
||||
"""Check if the tenant enforces a 'Password never expires' policy.
|
||||
|
||||
This check verifies whether the password policy for each domain is set to never expire.
|
||||
If the domain password validity period is set to `2147483647`, the policy is considered to
|
||||
have 'password never expires'.
|
||||
This check verifies whether the tenant-wide password policy (surfaced through the first
|
||||
domain returned by Microsoft 365) is set to never expire. If the password validity period
|
||||
is set to `2147483647`, the policy is considered to have 'password never expires'.
|
||||
|
||||
Attributes:
|
||||
metadata: Metadata associated with the check (inherited from Check).
|
||||
@@ -20,30 +20,32 @@ class admincenter_settings_password_never_expire(Check):
|
||||
def execute(self) -> List[CheckReportM365]:
|
||||
"""Execute the check for password never expires policy.
|
||||
|
||||
This method iterates over all domains and checks if the password validity period is set
|
||||
to `2147483647`, indicating that passwords for users in the domain never expire.
|
||||
This method inspects the tenant-level password validity configuration (exposed through
|
||||
the first available domain) and checks if the password validity period is set to
|
||||
`2147483647`, indicating that passwords for users in the domain never expire.
|
||||
|
||||
Returns:
|
||||
List[CheckReportM365]: A list of reports indicating whether the domain's password
|
||||
policy is set to never expire.
|
||||
"""
|
||||
findings = []
|
||||
for domain in admincenter_client.domains.values():
|
||||
password_policy = getattr(admincenter_client, "password_policy", None)
|
||||
if password_policy:
|
||||
report = CheckReportM365(
|
||||
self.metadata(),
|
||||
resource=domain,
|
||||
resource_name=domain.id,
|
||||
resource_id=domain.id,
|
||||
resource=password_policy,
|
||||
resource_name="Password Policy",
|
||||
resource_id="passwordPolicy",
|
||||
)
|
||||
report.status = "FAIL"
|
||||
report.status_extended = (
|
||||
f"Domain {domain.id} does not have a Password never expires policy."
|
||||
"Tenant Password policy does not have a Password never expires policy."
|
||||
)
|
||||
|
||||
if domain.password_validity_period == 2147483647:
|
||||
if password_policy.password_validity_period == 2147483647:
|
||||
report.status = "PASS"
|
||||
report.status_extended = (
|
||||
f"Domain {domain.id} Password policy is set to never expire."
|
||||
"Tenant Password policy is set to never expire."
|
||||
)
|
||||
|
||||
findings.append(report)
|
||||
|
||||
@@ -36,7 +36,7 @@ class sharepoint_external_sharing_managed(Check):
|
||||
self.metadata(),
|
||||
resource=settings if settings else {},
|
||||
resource_name="SharePoint Settings",
|
||||
resource_id=sharepoint_client.tenant_domain,
|
||||
resource_id="sharepointSettings",
|
||||
)
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "SharePoint external sharing is not managed through domain restrictions."
|
||||
|
||||
@@ -32,7 +32,7 @@ class sharepoint_external_sharing_restricted(Check):
|
||||
self.metadata(),
|
||||
resource=settings if settings else {},
|
||||
resource_name="SharePoint Settings",
|
||||
resource_id=sharepoint_client.tenant_domain,
|
||||
resource_id="sharepointSettings",
|
||||
)
|
||||
report.status = "FAIL"
|
||||
report.status_extended = (
|
||||
|
||||
@@ -33,7 +33,7 @@ class sharepoint_guest_sharing_restricted(Check):
|
||||
self.metadata(),
|
||||
resource=settings if settings else {},
|
||||
resource_name="SharePoint Settings",
|
||||
resource_id=sharepoint_client.tenant_domain,
|
||||
resource_id="sharepointSettings",
|
||||
)
|
||||
report.status = "FAIL"
|
||||
report.status_extended = "Guest sharing is not restricted; guest users can share items they do not own."
|
||||
|
||||
@@ -35,7 +35,7 @@ class sharepoint_modern_authentication_required(Check):
|
||||
self.metadata(),
|
||||
resource=settings if settings else {},
|
||||
resource_name="SharePoint Settings",
|
||||
resource_id=sharepoint_client.tenant_domain,
|
||||
resource_id="sharepointSettings",
|
||||
)
|
||||
report.status = "PASS"
|
||||
report.status_extended = "Microsoft 365 SharePoint does not allow access to apps that don't use modern authentication."
|
||||
|
||||
@@ -34,7 +34,7 @@ class sharepoint_onedrive_sync_restricted_unmanaged_devices(Check):
|
||||
self.metadata(),
|
||||
resource=settings if settings else {},
|
||||
resource_name="SharePoint Settings",
|
||||
resource_id=sharepoint_client.tenant_domain,
|
||||
resource_id="sharepointSettings",
|
||||
)
|
||||
report.status = "PASS"
|
||||
report.status_extended = "Microsoft 365 SharePoint does not allow OneDrive sync to unmanaged devices."
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
from unittest import mock
|
||||
from uuid import uuid4
|
||||
|
||||
from tests.providers.m365.m365_fixtures import DOMAIN, set_mocked_m365_provider
|
||||
|
||||
@@ -15,6 +14,7 @@ class Test_admincenter_settings_password_never_expire:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.lib.powershell.m365_powershell.M365PowerShell.connect_exchange_online"
|
||||
),
|
||||
@@ -27,7 +27,7 @@ class Test_admincenter_settings_password_never_expire:
|
||||
admincenter_settings_password_never_expire,
|
||||
)
|
||||
|
||||
admincenter_client.domains = {}
|
||||
admincenter_client.password_policy = None
|
||||
|
||||
check = admincenter_settings_password_never_expire()
|
||||
result = check.execute()
|
||||
@@ -43,6 +43,7 @@ class Test_admincenter_settings_password_never_expire:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.lib.powershell.m365_powershell.M365PowerShell.connect_exchange_online"
|
||||
),
|
||||
@@ -52,17 +53,15 @@ class Test_admincenter_settings_password_never_expire:
|
||||
),
|
||||
):
|
||||
from prowler.providers.m365.services.admincenter.admincenter_service import (
|
||||
Domain,
|
||||
PasswordPolicy,
|
||||
)
|
||||
from prowler.providers.m365.services.admincenter.admincenter_settings_password_never_expire.admincenter_settings_password_never_expire import (
|
||||
admincenter_settings_password_never_expire,
|
||||
)
|
||||
|
||||
id_domain = str(uuid4())
|
||||
|
||||
admincenter_client.domains = {
|
||||
id_domain: Domain(id=id_domain, password_validity_period=5),
|
||||
}
|
||||
admincenter_client.password_policy = PasswordPolicy(
|
||||
password_validity_period=5
|
||||
)
|
||||
|
||||
check = admincenter_settings_password_never_expire()
|
||||
result = check.execute()
|
||||
@@ -70,11 +69,11 @@ class Test_admincenter_settings_password_never_expire:
|
||||
assert result[0].status == "FAIL"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Domain {id_domain} does not have a Password never expires policy."
|
||||
== "Tenant Password policy does not have a Password never expires policy."
|
||||
)
|
||||
assert result[0].resource == admincenter_client.domains[id_domain].dict()
|
||||
assert result[0].resource_name == id_domain
|
||||
assert result[0].resource_id == id_domain
|
||||
assert result[0].resource == admincenter_client.password_policy.dict()
|
||||
assert result[0].resource_name == "Password Policy"
|
||||
assert result[0].resource_id == "passwordPolicy"
|
||||
assert result[0].location == "global"
|
||||
|
||||
def test_admincenter_password_not_expire(self):
|
||||
@@ -87,6 +86,7 @@ class Test_admincenter_settings_password_never_expire:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.lib.powershell.m365_powershell.M365PowerShell.connect_exchange_online"
|
||||
),
|
||||
@@ -96,17 +96,15 @@ class Test_admincenter_settings_password_never_expire:
|
||||
),
|
||||
):
|
||||
from prowler.providers.m365.services.admincenter.admincenter_service import (
|
||||
Domain,
|
||||
PasswordPolicy,
|
||||
)
|
||||
from prowler.providers.m365.services.admincenter.admincenter_settings_password_never_expire.admincenter_settings_password_never_expire import (
|
||||
admincenter_settings_password_never_expire,
|
||||
)
|
||||
|
||||
id_domain = str(uuid4())
|
||||
|
||||
admincenter_client.domains = {
|
||||
id_domain: Domain(id=id_domain, password_validity_period=2147483647),
|
||||
}
|
||||
admincenter_client.password_policy = PasswordPolicy(
|
||||
password_validity_period=2147483647
|
||||
)
|
||||
|
||||
check = admincenter_settings_password_never_expire()
|
||||
result = check.execute()
|
||||
@@ -114,9 +112,9 @@ class Test_admincenter_settings_password_never_expire:
|
||||
assert result[0].status == "PASS"
|
||||
assert (
|
||||
result[0].status_extended
|
||||
== f"Domain {id_domain} Password policy is set to never expire."
|
||||
== "Tenant Password policy is set to never expire."
|
||||
)
|
||||
assert result[0].resource == admincenter_client.domains[id_domain].dict()
|
||||
assert result[0].resource_name == id_domain
|
||||
assert result[0].resource_id == id_domain
|
||||
assert result[0].resource == admincenter_client.password_policy.dict()
|
||||
assert result[0].resource_name == "Password Policy"
|
||||
assert result[0].resource_id == "passwordPolicy"
|
||||
assert result[0].location == "global"
|
||||
|
||||
@@ -20,6 +20,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -49,7 +50,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
result[0].status_extended
|
||||
== "SharePoint external sharing is not managed through domain restrictions."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -66,6 +67,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -95,7 +97,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
result[0].status_extended
|
||||
== "SharePoint external sharing is managed through domain restrictions with mode 'allowList' but the list is empty."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -112,6 +114,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -141,7 +144,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
result[0].status_extended
|
||||
== "SharePoint external sharing is managed through domain restrictions with mode 'blockList' but the list is empty."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -158,6 +161,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -187,7 +191,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
result[0].status_extended
|
||||
== "SharePoint external sharing is managed through domain restrictions with mode 'allowList'."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -233,7 +237,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
result[0].status_extended
|
||||
== "SharePoint external sharing is managed through domain restrictions with mode 'blockList'."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -252,6 +256,7 @@ class Test_sharepoint_external_sharing_managed:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_external_sharing_managed.sharepoint_external_sharing_managed.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
|
||||
@@ -20,6 +20,7 @@ class Test_sharepoint_external_sharing_restricted:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_external_sharing_restricted.sharepoint_external_sharing_restricted.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -47,7 +48,7 @@ class Test_sharepoint_external_sharing_restricted:
|
||||
assert result[0].status_extended == (
|
||||
"External sharing is restricted to external user sharing or more restrictive."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -64,6 +65,7 @@ class Test_sharepoint_external_sharing_restricted:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_external_sharing_restricted.sharepoint_external_sharing_restricted.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -91,7 +93,7 @@ class Test_sharepoint_external_sharing_restricted:
|
||||
assert result[0].status_extended == (
|
||||
"External sharing is not restricted and guests users can access."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -110,6 +112,7 @@ class Test_sharepoint_external_sharing_restricted:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_external_sharing_restricted.sharepoint_external_sharing_restricted.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
|
||||
@@ -20,6 +20,7 @@ class Test_sharepoint_guest_sharing_restricted:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_guest_sharing_restricted.sharepoint_guest_sharing_restricted.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -48,7 +49,7 @@ class Test_sharepoint_guest_sharing_restricted:
|
||||
assert result[0].status_extended == (
|
||||
"Guest sharing is restricted; guest users cannot share items they do not own."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -65,6 +66,7 @@ class Test_sharepoint_guest_sharing_restricted:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_guest_sharing_restricted.sharepoint_guest_sharing_restricted.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -93,7 +95,7 @@ class Test_sharepoint_guest_sharing_restricted:
|
||||
assert result[0].status_extended == (
|
||||
"Guest sharing is not restricted; guest users can share items they do not own."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -112,6 +114,7 @@ class Test_sharepoint_guest_sharing_restricted:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_guest_sharing_restricted.sharepoint_guest_sharing_restricted.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
|
||||
@@ -17,6 +17,7 @@ class Test_sharepoint_modern_authentication_required:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_modern_authentication_required.sharepoint_modern_authentication_required.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -47,7 +48,7 @@ class Test_sharepoint_modern_authentication_required:
|
||||
assert result[0].status_extended == (
|
||||
"Microsoft 365 SharePoint does not allow access to apps that don't use modern authentication."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -64,6 +65,7 @@ class Test_sharepoint_modern_authentication_required:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_modern_authentication_required.sharepoint_modern_authentication_required.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -94,7 +96,7 @@ class Test_sharepoint_modern_authentication_required:
|
||||
assert result[0].status_extended == (
|
||||
"Microsoft 365 SharePoint allows access to apps that don't use modern authentication."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -113,6 +115,7 @@ class Test_sharepoint_modern_authentication_required:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_modern_authentication_required.sharepoint_modern_authentication_required.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
|
||||
@@ -21,6 +21,7 @@ class Test_sharepoint_onedrive_sync_restricted_unmanaged_devices:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_onedrive_sync_restricted_unmanaged_devices.sharepoint_onedrive_sync_restricted_unmanaged_devices.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -50,7 +51,7 @@ class Test_sharepoint_onedrive_sync_restricted_unmanaged_devices:
|
||||
result[0].status_extended
|
||||
== "Microsoft 365 SharePoint allows OneDrive sync to unmanaged devices."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -66,6 +67,7 @@ class Test_sharepoint_onedrive_sync_restricted_unmanaged_devices:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_onedrive_sync_restricted_unmanaged_devices.sharepoint_onedrive_sync_restricted_unmanaged_devices.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
@@ -95,7 +97,7 @@ class Test_sharepoint_onedrive_sync_restricted_unmanaged_devices:
|
||||
result[0].status_extended
|
||||
== "Microsoft 365 SharePoint does not allow OneDrive sync to unmanaged devices."
|
||||
)
|
||||
assert result[0].resource_id == DOMAIN
|
||||
assert result[0].resource_id == "sharepointSettings"
|
||||
assert result[0].location == "global"
|
||||
assert result[0].resource_name == "SharePoint Settings"
|
||||
assert result[0].resource == sharepoint_client.settings.dict()
|
||||
@@ -114,6 +116,7 @@ class Test_sharepoint_onedrive_sync_restricted_unmanaged_devices:
|
||||
"prowler.providers.common.provider.Provider.get_global_provider",
|
||||
return_value=set_mocked_m365_provider(),
|
||||
),
|
||||
mock.patch("prowler.providers.m365.lib.service.service.M365PowerShell"),
|
||||
mock.patch(
|
||||
"prowler.providers.m365.services.sharepoint.sharepoint_onedrive_sync_restricted_unmanaged_devices.sharepoint_onedrive_sync_restricted_unmanaged_devices.sharepoint_client",
|
||||
new=sharepoint_client,
|
||||
|
||||
@@ -29,13 +29,17 @@ async def mock_sharepoint_get_settings(_):
|
||||
)
|
||||
class Test_SharePoint_Service:
|
||||
def test_get_client(self):
|
||||
sharepoint_client = SharePoint(
|
||||
set_mocked_m365_provider(identity=M365IdentityInfo(tenant_domain=DOMAIN))
|
||||
)
|
||||
with patch("prowler.providers.m365.lib.service.service.M365PowerShell"):
|
||||
sharepoint_client = SharePoint(
|
||||
set_mocked_m365_provider(
|
||||
identity=M365IdentityInfo(tenant_domain=DOMAIN)
|
||||
)
|
||||
)
|
||||
assert sharepoint_client.client.__class__.__name__ == "GraphServiceClient"
|
||||
|
||||
def test_get_settings(self):
|
||||
sharepoint_client = SharePoint(set_mocked_m365_provider())
|
||||
with patch("prowler.providers.m365.lib.service.service.M365PowerShell"):
|
||||
sharepoint_client = SharePoint(set_mocked_m365_provider())
|
||||
settings = sharepoint_client.settings
|
||||
assert settings.sharingCapability == "ExternalUserAndGuestSharing"
|
||||
assert settings.sharingAllowedDomainList == ["allowed-domain.com"]
|
||||
|
||||
Reference in New Issue
Block a user