Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove extraneous SHALL from MS.DEFENDER.4.1 #1408

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Remove extraneous SHALL from MS.DEFENDER.4.1 #1408

wants to merge 5 commits into from

Conversation

schrolla
Copy link
Collaborator

@schrolla schrolla commented Nov 7, 2024
edited
Loading

🗣 Description

The Defender SCB policy MS.DEFENDER.4.1v1 was reworded without changing the policy meaning so that it contains a single SHALL statement rather than two SHALLs for clarity. In addition, since the policy language was changed, the policy ID was incremented from v1 to v2. Policy version updates were made to the following:

  • Defender SCB policy ID references and anchor links
  • EXO SCB policy ID references and anchor links (to MS.DEFENDER.4.1v2)
  • Defender 4.1 rego unit test policy ID references
  • TestResults.json stub to support proper unit testing when generating new reports

💭 Motivation and context

Baselines should contain a single SHALL/SHOULD statement per policy so that a single testable policy item is associated with each statement and to prevent confusion among readers.

Closes #1385

🧪 Testing

To verify that all appropriate references have been updated:

  1. Manually review new language in MS.DEFENDER.4.1v2
  2. Search code base for any references to the old version "MS.DEFENDER.4.1v2" ignoring sample reports as they still represent the previous version as they should to ensure anchor links still work.
  3. Search code base for any references to old version in anchor links as "defender41v1" ignoring sample reports as in 2.
  4. Run Invoke-Scuba -p defender to confirm proper HTML generation and review all automated test results.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • PR targets the correct parent branch (e.g., main or release-name) for merge.
  • Changes are limited to a single goal - eschew scope creep!
  • Changes are sized such that they do not touch excessive number of files.
  • All future TODOs are captured in issues, which are referenced in code comments.
  • These code changes follow the ScubaGear content style guide.
  • Related issues these changes resolve are linked preferably via closing keywords.
  • All relevant type-of-change labels added.
  • All relevant project fields are set.
  • All relevant repo and/or project documentation updated to reflect these changes.
  • Unit tests added/updated to cover PowerShell and Rego changes.
  • Functional tests added/updated to cover PowerShell and Rego changes.
  • All relevant functional tests passed.
  • All automated checks (e.g., linting, static analysis, unit/smoke tests) passed.

✅ Pre-merge checklist

  • PR passed smoke test check.

  • Feature branch has been rebased against changes from parent branch, as needed

    Use Rebase branch button below or use this reference to rebase from the command line.

  • Resolved all merge conflicts on branch

  • Notified merge coordinator that PR is ready for merge via comment mention

  • Demonstrate changes to the team for questions and comments.
    (Note: Only required for issues of size Medium or larger)

✅ Post-merge checklist

  • Feature branch deleted after merge to clean up repository.
  • Verified that all checks pass on parent branch (e.g., main or release-name) after merge.

@schrolla schrolla added bug This issue or pull request addresses broken functionality baseline-document Issues relating to the text in the baseline documents themselves labels Nov 7, 2024
@schrolla schrolla added this to the Kraken milestone Nov 7, 2024
@schrolla schrolla self-assigned this Nov 7, 2024
@schrolla schrolla linked an issue Nov 7, 2024 that may be closed by this pull request
Remove the second SHALL in MS.DEFENDER.4.1v1 #1385
Open
3 tasks
@schrolla schrolla marked this pull request as ready for review November 7, 2024 21:49
@schrolla schrolla force-pushed the 1385-remove-the-second-shall-in-msdefender41v1 branch from f02e775 to d27dffc Compare November 12, 2024 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@buidav buidav Awaiting requested review from buidav

@nanda-katikaneni nanda-katikaneni Awaiting requested review from nanda-katikaneni

At least 2 approving reviews are required to merge this pull request.

Assignees

@schrolla schrolla

Labels
baseline-document Issues relating to the text in the baseline documents themselves bug This issue or pull request addresses broken functionality
Projects
None yet
Milestone
Kraken
Development

Successfully merging this pull request may close these issues.

Remove the second SHALL in MS.DEFENDER.4.1v1
1 participant
@schrolla