Merge branch 'main' into 1393-update-scbs-with-new-front-matter-text-…

…approved-by-occ
cisagov · Nov 13, 2024 · 80d89a4 · 80d89a4
2 parents fc1c0e1 + 4f4233c
commit 80d89a4
Show file tree

Hide file tree

Showing 13 changed files with 514 additions and 158 deletions.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -60,6 +60,8 @@ Uncomment this section if a screenshot is needed.
   Use `Rebase branch` button below or use [this](https://www.digitalocean.com/community/tutorials/how-to-rebase-and-update-a-pull-request) reference to rebase from the command line.
 - [ ] Resolved all merge conflicts on branch
 - [ ] Notified merge coordinator that PR is ready for merge via comment mention
+- [ ] Demonstrate changes to the team for questions and comments. 
+    (Note: Only required for issues of size `Medium` or larger)
 
 ## ✅ Post-merge checklist ##
 

diff --git a/.github/workflows/lint_powershell.yaml b/.github/workflows/lint_powershell.yaml
@@ -11,8 +11,7 @@ permissions: read-all
 
 jobs:
   powershell-lint-check:
-    name: MegaLint PowerShell Check
-    # runs-on: ubuntu-latest
+    name: PowerShell Check
     runs-on: windows-latest
     # This condition prevents duplicate runs.
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
@@ -22,8 +21,8 @@ jobs:
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v4
-      - name: Setup PSScriptAnalyzer settings
-        run: cp Testing/Linting/MegaLinter/.powershell-psscriptanalyzer.psd1 .powershell-psscriptanalyzer.psd1
-      - name: Run PSScriptAnalyzer on PowerShell Scripts
+      - name: Run PSScriptAnalyzer
         run: |
-          Invoke-ScriptAnalyzer -Path ./ -Recurse -Severity Warning -EnableExit -Profile .powershell-psscriptanalyzer.psd1
+          # Source the function
+          . ./utils/workflow/Invoke-PSSA.ps1
+          Invoke-PSSA -DebuggingMode $false -RepoPath '.'
diff --git a/.github/workflows/run_module_version_bump.yml b/.github/workflows/run_module_version_bump.yml
@@ -23,92 +23,18 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Bump ScubaGear Version Number
+      - name: Check if input is valid
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          #
-          # Replace ScubaGear module version in the manifest.
-          #
-          $ManifestPath = '.\PowerShell\ScubaGear\ScubaGear.psd1'
-          $VersionRegex = "\'\d+\.\d+\.\d+\'"
-          $PreviousVersion = ''
-          (Get-Content -Path $ManifestPath) | ForEach-Object {
-            $ModuleVersionRegex = $_ -match "ModuleVersion = $($VersionRegex)"
-            if ($ModuleVersionRegex) {
-                $_ -match $VersionRegex | Out-Null
-                $PreviousVersion = $matches[0] -replace "'", ""
-                $_ -replace $VersionRegex, "'${env:NEW_VERSION_NUMBER}'"
-            }
-            else {
-              $_
-            }
-          } | Set-Content -Path $ManifestPath
-
-          #
-          # Replace ScubaGear module version in the README
-          #
-          $READMEPath = '.\README.md'
-          $BadgeRegex = "ScubaGear-v\d+\.\d+\.\d+"
-          $ZipRegex = "ScubaGear-v\d+\-\d+\-\d+.zip"
-          $ZipVerReplace = "ScubaGear-v${env:NEW_VERSION_NUMBER}" -replace '\.', '-'
-          $ZipVerReplace = $ZipVerReplace + '.zip'
-          (Get-Content -Path $READMEPath) | ForEach-Object {
-            $BadgeVerMatch = $_ -match $BadgeRegex
-            $ZipVerMatch = $_ -match $ZipRegex
-            if ($BadgeVerMatch) {
-              $_ -replace $BadgeRegex, "ScubaGear-v${env:NEW_VERSION_NUMBER}"
-            }
-            elseif ($ZipVerMatch) {
-              $_ -replace $ZipRegex, $ZipVerReplace
-            }
-            else {
-              $_
-            }
-          } | Set-Content -Path $READMEPath
-
-          #
-          # Create the PR body
-          #
-          $PRTemplatePath = '.\.github\pull_request_template.md'
-
-          $Description = '<!-- Describe the "what" of your changes in detail. -->'
-          $Motivation = '<!-- Why is this change required\? -->'
-          $Testing = '<!-- see how your change affects other areas of the code, etc. -->'
-          $RemoveHeader = '# <!-- Use the title to describe PR changes in the imperative mood --> #'
-
-          $NewDescription = "- This PR was create by a GitHub Action to bump ScubaGear's module version in the manifest and the README.`n - Please fill out the rest of the template that the Action did not cover. `n"
-          $NewMotivation = "- Bump ScubaGear's module version to v${env:NEW_VERSION_NUMBER} before the next release`n"
-          $NewTesting = "- A human should still check if the version bumping was successful by running ScubaGear.`n"
+          # Set the repository owner and name as environment variables to access from the PowerShell module
+          $env:REPO = "${{ github.repository }}"
+          Import-Module ./utils/workflow/Set-ScubaGearModuleVersion.psm1 -Function Test-ScubaGearVersionWorkflowInput
+          Test-ScubaGearVersionWorkflowInput
 
-          $PRTemplateContent = (Get-Content -Path $PRTemplatePath) | ForEach-Object {
-            $DescriptionRegex = $_ -match $Description
-            $MotivationRegex = $_ -match $Motivation
-            $TestingRegex = $_ -match $Testing
-            $RemoveHeaderRegex = $_ -match $RemoveHeader # removes unneeded new line
-            if ($DescriptionRegex) {
-                  $_ -replace $Description, $NewDescription
-            }
-            elseif ($MotivationRegex) {
-                  $_ -replace $Motivation, $NewMotivation
-            }
-            elseif ($TestingRegex) {
-                $_ -replace $Testing, $NewTesting
-            }
-            elseif ($RemoveHeaderRegex) {
-              $_ -replace $RemoveHeader, ""
-            }
-            else {
-              $_ + "`n"
-            }
-          }
-
-          # Create the PR
-          $ScubaGearVersionBumpBranch = "scubagear-version-bump-${env:NEW_VERSION_NUMBER}"
-          git config --global user.email "[email protected]"
-          git config --global user.name "GitHub Action"
-          git checkout -b $ScubaGearVersionBumpBranch
-          git add .
-          git commit -m "Update ScubaGear version to ${env:NEW_VERSION_NUMBER}"
-          git push origin $ScubaGearVersionBumpBranch
-          gh pr create -B main -H $ScubaGearVersionBumpBranch --title "Bump ScubaGear module version from v$($PreviousVersion) to v${env:NEW_VERSION_NUMBER}" --body "${PRTemplateContent}" --label "version bump"
+      - name: Bump ScubaGear Version Number
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          Import-Module ./utils/workflow/Set-ScubaGearModuleVersion.psm1
+          Set-ScubaGearModuleVersion
diff --git a/.github/workflows/test_production_function.yaml b/.github/workflows/test_production_function.yaml
@@ -61,7 +61,8 @@ jobs:
       contents: write
       id-token: write
     with:
-      EmailOnFailure: ${{ fromJSON(inputs.EmailOnFailure) }}
+      # Default to true when running on a schedule and the input is missing
+      EmailOnFailure: ${{ !contains(inputs.EmailOnFailure, 'false') }}
       GitHubEventSchedule: ${{ github.event.schedule }}
       GitHubEventName: ${{ github.event_name }}
     secrets:
@@ -81,7 +82,8 @@ jobs:
       contents: write
       id-token: write
     with:
-      EmailOnFailure: ${{ fromJSON(inputs.EmailOnFailure) }}
+      # Default to true when running on a schedule and the input is missing
+      EmailOnFailure: ${{ !contains(inputs.EmailOnFailure, 'false') }}
       GitHubEventSchedule: ${{ github.event.schedule }}
       GitHubEventName: ${{ github.event_name }}
     secrets:
@@ -101,7 +103,8 @@ jobs:
       contents: write
       id-token: write
     with:
-      EmailOnFailure: ${{ fromJSON(inputs.EmailOnFailure) }}
+      # Default to true when running on a schedule and the input is missing
+      EmailOnFailure: ${{ !contains(inputs.EmailOnFailure, 'false') }}
       GitHubEventSchedule: ${{ github.event.schedule }}
       GitHubEventName: ${{ github.event_name }}
     secrets:
@@ -121,7 +124,8 @@ jobs:
       contents: write
       id-token: write
     with:
-      EmailOnFailure: ${{ fromJSON(inputs.EmailOnFailure) }}
+      # Default to true when running on a schedule and the input is missing
+      EmailOnFailure: ${{ !contains(inputs.EmailOnFailure, 'false') }}
       GitHubEventSchedule: ${{ github.event.schedule }}
       GitHubEventName: ${{ github.event_name }}
     secrets:
@@ -141,7 +145,8 @@ jobs:
       contents: write
       id-token: write
     with:
-      EmailOnFailure: ${{ fromJSON(inputs.EmailOnFailure) }}
+      # Default to true when running on a schedule and the input is missing
+      EmailOnFailure: ${{ !contains(inputs.EmailOnFailure, 'false') }}
       GitHubEventSchedule: ${{ github.event.schedule }}
       GitHubEventName: ${{ github.event_name }}
     secrets:
@@ -161,7 +166,8 @@ jobs:
       contents: write
       id-token: write
     with:
-      EmailOnFailure: ${{ fromJSON(inputs.EmailOnFailure) }}
+      # Default to true when running on a schedule and the input is missing
+      EmailOnFailure: ${{ !contains(inputs.EmailOnFailure, 'false') }}
       GitHubEventSchedule: ${{ github.event.schedule }}
       GitHubEventName: ${{ github.event_name }}
     secrets:

diff --git a/PowerShell/ScubaGear/Testing/Unit/Rego/EXO/EXOConfig_04_test.rego b/PowerShell/ScubaGear/Testing/Unit/Rego/EXO/EXOConfig_04_test.rego
@@ -76,8 +76,14 @@ test_Rdata_Correct_V2 if {
 test_Rdata_Incorrect_V4 if {
     SPFRecord := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "test.name"}])
-    DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=none; mailto:[email protected] mailto:[email protected] mailto:[email protected]"]}])
+    DmarcRecord1 := json.patch(DmarcRecords, [
+        {
+            "op": "add",
+            "path": "rdata",
+            "value": [`v=DMARC1; p=none; mailto:[email protected] 
+            mailto:[email protected] mailto:[email protected]`]
+        }]
+        )
 
     Output := exo.tests with input.spf_records as [SPFRecord]
                         with input.dmarc_records as [DmarcRecord1]
@@ -90,7 +96,8 @@ test_Rdata_Incorrect_V5 if {
     SPFRecord := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "test.name"}])
     DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; mailto:[email protected] mailto:[email protected] mailto:[email protected]"]}])
+                                                [`v=DMARC1; mailto:[email protected] 
+                                                mailto:[email protected] mailto:[email protected]`]}])
 
     Output := exo.tests with input.spf_records as [SPFRecord]
                         with input.dmarc_records as [DmarcRecord1]
@@ -117,7 +124,9 @@ test_DMARCReport_Correct_V1 if {
 test_DMARCReport_Incorrect_V1 if {
     SPFRecord := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "test.name"}])
-    DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": ["v=DMARC1; p=reject; pct=100;"]}])
+    DmarcRecord1 := json.patch(DmarcRecords, [
+        {"op": "add", "path": "rdata", "value": ["v=DMARC1; p=reject; pct=100;"]
+        }])
 
     Output := exo.tests with input.spf_records as [SPFRecord]
                         with input.dmarc_records as [DmarcRecord1]
@@ -129,8 +138,9 @@ test_DMARCReport_Incorrect_V1 if {
 test_DMARCReport_Incorrect_V2 if {
     SPFRecord := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "test.name"}])
-    DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", 
-                                                "value": ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]"]}])
+    DmarcRecord1 := json.patch(DmarcRecords, [
+        {"op": "add", "path": "rdata",
+        "value": ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]"]}])
 
     Output := exo.tests with input.spf_records as [SPFRecord]
                         with input.dmarc_records as [DmarcRecord1]
@@ -161,8 +171,10 @@ test_DMARCReport_Incorrect_V3 if {
 test_POC_Correct_V1 if {
     SPFRecord := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "test.name"}])
-    DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected], mailto:[email protected]; [email protected]"]}])
+    DmarcRecord1 := json.patch(DmarcRecords, [{
+        "op": "add", "path": "rdata", 
+        "value": [`v=DMARC1; p=reject; pct=100; rua=mailto:[email protected], 
+        mailto:[email protected]; [email protected]`]}])
 
     Output := exo.tests with input.spf_records as [SPFRecord]
                         with input.dmarc_records as [DmarcRecord1]
@@ -174,11 +186,14 @@ test_POC_Correct_V1 if {
 test_POC_Correct_V2 if {
     SPFRecord := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "test.name"}])
-    DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected], mailto:[email protected], mailto:[email protected]; [email protected], [email protected]"]}])
+    DmarcRecord1 := json.patch(DmarcRecords, [
+        {"op": "add", "path": "rdata", 
+        "value": [`v=DMARC1; p=reject; pct=100; rua=mailto:[email protected], 
+        mailto:[email protected], 
+        mailto:[email protected]; [email protected], [email protected]`]}])
 
     Output := exo.tests with input.spf_records as [SPFRecord]
-                        with input.dmarc_records as [DmarcRecord1] 
+                        with input.dmarc_records as [DmarcRecord1]
 
     TestResult("MS.EXO.4.4v1", Output, PASS, true) == true
 }
@@ -187,8 +202,9 @@ test_POC_Correct_V2 if {
 test_POC_Incorrect_V1 if {
     SPFRecord := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "test.name"}])
-    DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]"]}])
+    DmarcRecord1 := json.patch(DmarcRecords, [
+        {"op": "add", "path": "rdata", 
+        "value": ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]"]}])
 
     Output := exo.tests with input.spf_records as [SPFRecord]
                         with input.dmarc_records as [DmarcRecord1] 
@@ -201,8 +217,10 @@ test_POC_Incorrect_V1 if {
 test_POC_Incorrect_V2 if {
     SPFRecord := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "test.name"}])
-    DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected], [email protected]"]}])
+    DmarcRecord1 := json.patch(DmarcRecords, [
+        {"op": "add", "path": "rdata", 
+        "value": [`v=DMARC1; p=reject; pct=100; 
+        rua=mailto:[email protected], [email protected]`]}])
 
     Output := exo.tests with input.spf_records as [SPFRecord]
                         with input.dmarc_records as [DmarcRecord1] 
@@ -232,11 +250,14 @@ test_POC_Incorrect_V4 if {
     SPFRecord1 := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "example.com"}])
     DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected], [email protected] [email protected]"]}])
+                                                [`v=DMARC1; p=reject; pct=100; 
+                                                rua=mailto:[email protected], 
+                                                [email protected] [email protected]`]}])
     DmarcRecord2 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]"]},
+                                                [`v=DMARC1; p=reject; pct=100; 
+                                                rua=mailto:[email protected]`]},
                                             {"op": "add", "path": "domain", "value": "example.com"}])
-    
+
     Output := exo.tests with input.spf_records as [SPFRecord, SPFRecord1]
                         with input.dmarc_records as [DmarcRecord1, DmarcRecord2]
 
@@ -251,11 +272,14 @@ test_POC_Incorrect_V5 if {
     SPFRecord1 := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "example.com"}])
     DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected], [email protected] [email protected]"]}])
+                                                [`v=DMARC1; p=reject; pct=100; 
+                                                rua=mailto:[email protected], 
+                                                [email protected] [email protected]`]}])
     DmarcRecord2 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected]; [email protected]"]},
+                                                [`v=DMARC1; p=reject; pct=100; 
+                                                rua=mailto:[email protected]; [email protected]`]},
                                             {"op": "add", "path": "domain", "value": "example.com"}])
-    
+
     Output := exo.tests with input.spf_records as [SPFRecord, SPFRecord1]
                         with input.dmarc_records as [DmarcRecord1, DmarcRecord2]
 
@@ -270,7 +294,9 @@ test_POC_Incorrect_V6 if {
     SPFRecord1 := json.patch(SpfRecords, [{"op": "add", "path": "rdata", "value": ["spf1 "]},
                                         {"op": "add", "path": "domain", "value": "example.com"}])
     DmarcRecord1 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": 
-                                                ["v=DMARC1; p=reject; pct=100; rua=mailto:[email protected], [email protected] [email protected]"]}])
+                                                [`v=DMARC1; p=reject; pct=100; 
+                                                rua=mailto:[email protected], 
+                                                [email protected] [email protected]`]}])
     DmarcRecord2 := json.patch(DmarcRecords, [{"op": "add", "path": "rdata", "value": []},
                                         {"op": "add", "path": "domain", "value": "example.com"}])