Skip to content

Commit

Permalink
✨ Add fetching of shared mailboxes in exchange. (#2999)
Browse files Browse the repository at this point in the history
* ✨ Add fetching of shared mailboxes in exchange.
* Update docs + min mondoo version.

---------

Signed-off-by: Preslav <[email protected]>
  • Loading branch information
preslavgerchev authored Jan 12, 2024
1 parent 7370fb2 commit f8e28a1
Show file tree
Hide file tree
Showing 6 changed files with 223 additions and 25 deletions.
40 changes: 20 additions & 20 deletions .github/actions/spelling/expect.txt
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,13 @@ autoaccept
autoscaler
backupconfiguration
bigquery
bytematchstatement
cavium
cdn
certificatechains
cmek
cpe
Cooldown
cpe
cryptokey
customresources
datapath
Expand All @@ -21,19 +22,26 @@ dlq
dlv
ekm
elbv
exo
gcfs
geomatchstatement
gistfile
gpu
gvnic
headerorder
hostkeys
HSTS
iap
ilb
ingresstls
iotedge
ipsetforwardedipconfig
ipsetreferencestatement
jira
jsonbody
labelmatchstatement
linux
loggingservice
managedrulegroupstatement
managedzone
mcr
messagestoragepolicy
Expand All @@ -44,19 +52,28 @@ nodepool
nullgroup
nullstring
opcplc
orstatement
Pids
postgre
pushconfig
querypack
ratebasedstatement
regexmatchstatement
regexpatternsetreferencestatement
resourcegroup
rulegroup
rulegroupreferencestatement
Sas
scim
serviceprincipals
singlequeryargument
sizeconstraintstatement
Snat
spdx
sph
spo
sqli
sqlimatchstatement
sqlserver
sshkeys
testutils
Expand All @@ -65,23 +82,6 @@ tpu
vdcs
Vtpm
vulnerabilityassessmentsettings
wil
vulnmgmt
bytematchstatement
geomatchstatement
headerorder
ipsetforwardedipconfig
ipsetreferencestatement
jsonbody
labelmatchstatement
managedrulegroupstatement
orstatement
ratebasedstatement
regexmatchstatement
regexpatternsetreferencestatement
rulegroupreferencestatement
singlequeryargument
sizeconstraintstatement
sqli
sqlimatchstatement
wil
xssmatchstatement
23 changes: 22 additions & 1 deletion providers/ms365/connection/exchange_report.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ $AtpPolicyForO365 = (Get-AtpPolicyForO365)
$SharingPolicy = (Get-SharingPolicy)
$RoleAssignmentPolicy = (Get-RoleAssignmentPolicy)
$ExternalInOutlook = (Get-ExternalInOutlook)
$ExoMailbox = (Get-EXOMailbox -RecipientTypeDetails SharedMailbox)
$exchangeOnline = New-Object PSObject
Add-Member -InputObject $exchangeOnline -MemberType NoteProperty -Name MalwareFilterPolicy -Value @($MalwareFilterPolicy)
Expand All @@ -63,6 +63,7 @@ Add-Member -InputObject $exchangeOnline -MemberType NoteProperty -Name AtpPolicy
Add-Member -InputObject $exchangeOnline -MemberType NoteProperty -Name SharingPolicy -Value @($SharingPolicy)
Add-Member -InputObject $exchangeOnline -MemberType NoteProperty -Name RoleAssignmentPolicy -Value @($RoleAssignmentPolicy)
Add-Member -InputObject $exchangeOnline -MemberType NoteProperty -Name ExternalInOutlook -Value @($ExternalInOutlook)
Add-Member -InputObject $exchangeOnline -MemberType NoteProperty -Name ExoMailbox -Value @($ExoMailbox)
Disconnect-ExchangeOnline -Confirm:$false
Expand Down Expand Up @@ -145,10 +146,30 @@ type ExchangeOnlineReport struct {
SharingPolicy []interface{} `json:"SharingPolicy"`
RoleAssignmentPolicy []interface{} `json:"RoleAssignmentPolicy"`
ExternalInOutlook []*ExternalSender `json:"ExternalInOutlook"`
// note: this only contains shared mailboxes
ExoMailbox []*ExoMailbox `json:"ExoMailbox"`
}

type ExternalSender struct {
Identity string `json:"Identity"`
Enabled bool `json:"Enabled"`
AllowList []string `json:"AllowList"`
}

type ExoMailbox struct {
ExternalDirectoryObjectId string `json:"ExternalDirectoryObjectId"`
UserPrincipalName string `json:"UserPrincipalName"`
Alias string `json:"Alias"`
DisplayName string `json:"DisplayName"`
EmailAddresses []string `json:"EmailAddresses"`
PrimarySmtpAddress string `json:"PrimarySmtpAddress"`
RecipientType string `json:"RecipientType"`
RecipientTypeDetails string `json:"RecipientTypeDetails"`
Identity string `json:"Identity"`
Id string `json:"Id"`
ExchangeVersion string `json:"ExchangeVersion"`
Name string `json:"Name"`
DistinguishedName string `json:"DistinguishedName"`
OrganizationId string `json:"OrganizationId"`
Guid string `json:"Guid"`
}
45 changes: 43 additions & 2 deletions providers/ms365/resources/ms365.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,37 @@ func (m *mqlMs365ExchangeonlineExternalSender) id() (string, error) {
return m.Identity.Data, nil
}

func (m *mqlMs365ExchangeonlineExoMailbox) id() (string, error) {
return m.Identity.Data, nil
}

func (m *mqlMs365SharepointonlineSite) id() (string, error) {
return m.Url.Data, nil
}

func (m *mqlMs365ExchangeonlineExoMailbox) user() (*mqlMicrosoftUser, error) {
externalId := m.ExternalDirectoryObjectId.Data
if externalId == "" {
return nil, errors.New("no externalDirectoryObjectId provided, cannot find user for mailbox")
}
microsoft, err := m.MqlRuntime.CreateResource(m.MqlRuntime, "microsoft", map[string]*llx.RawData{})
if err != nil {
return nil, err
}
mqlMicrosoft := microsoft.(*mqlMicrosoft)
users := mqlMicrosoft.GetUsers()
if users.Error != nil {
return nil, users.Error
}
for _, u := range users.Data {
mqlUser := u.(*mqlMicrosoftUser)
if mqlUser.Id.Data == externalId {
return mqlUser, nil
}
}
return nil, errors.New("cannot find user for exchange mailbox")
}

func initMs365Exchangeonline(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) {
conn := runtime.Connection.(*connection.Ms365Connection)
ctx := context.Background()
Expand Down Expand Up @@ -83,6 +110,20 @@ func initMs365Exchangeonline(runtime *plugin.Runtime, args map[string]*llx.RawDa

externalInOutlook = append(externalInOutlook, mql)
}

sharedMailboxes := []interface{}{}
for _, m := range report.ExoMailbox {
mql, err := CreateResource(runtime, "ms365.exchangeonline.exoMailbox",
map[string]*llx.RawData{
"identity": llx.StringData(m.Identity),
"externalDirectoryObjectId": llx.StringData(m.ExternalDirectoryObjectId),
})
if err != nil {
return args, nil, err
}

sharedMailboxes = append(sharedMailboxes, mql)
}
args["malwareFilterPolicy"] = llx.ArrayData(malwareFilterPolicy, types.Any)
args["hostedOutboundSpamFilterPolicy"] = llx.ArrayData(hostedOutboundSpamFilterPolicy, types.Any)
args["transportRule"] = llx.ArrayData(transportRule, types.Any)
Expand All @@ -101,7 +142,7 @@ func initMs365Exchangeonline(runtime *plugin.Runtime, args map[string]*llx.RawDa
args["sharingPolicy"] = llx.ArrayData(sharingPolicy, types.Any)
args["roleAssignmentPolicy"] = llx.ArrayData(roleAssignmentPolicy, types.Any)
args["externalInOutlook"] = llx.ArrayData(externalInOutlook, types.ResourceLike)

args["sharedMailboxes"] = llx.ArrayData(sharedMailboxes, types.ResourceLike)
return args, nil, nil
}

Expand Down Expand Up @@ -204,7 +245,7 @@ func initMs365Teams(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[
"meetingChatEnabledType": llx.StringData(teamsPolicy.MeetingChatEnabledType),
"designatedPresenterRoleMode": llx.StringData(teamsPolicy.DesignatedPresenterRoleMode),
"allowExternalParticipantGiveRequestControl": llx.BoolData(teamsPolicy.AllowExternalParticipantGiveRequestControl),
"allowSecurityEndUserReporting": llx.BoolData(teamsPolicy.AllowSecurityEndUserReporting),
"allowSecurityEndUserReporting": llx.BoolData(teamsPolicy.AllowSecurityEndUserReporting),
})
if err != nil {
return args, nil, err
Expand Down
16 changes: 14 additions & 2 deletions providers/ms365/resources/ms365.lr
Original file line number Diff line number Diff line change
Expand Up @@ -344,7 +344,7 @@ private microsoft.devicemanagement.devicecompliancepolicy @defaults("id displayN
properties dict
}

// Microsoft 365 ExchangeOnline
// Microsoft 365 Exchange Online
ms365.exchangeonline {
// List of malware filter policies
malwareFilterPolicy []dict
Expand Down Expand Up @@ -382,9 +382,11 @@ ms365.exchangeonline {
roleAssignmentPolicy []dict
// List of external sender configurations
externalInOutlook []ms365.exchangeonline.externalSender
// List of shared mailboxes
sharedMailboxes []ms365.exchangeonline.exoMailbox
}

// Microsoft 365 ExchangeOnline ExternalSender
// Microsoft 365 Exchange Online External Sender
private ms365.exchangeonline.externalSender {
// The identity of the external sender
identity string
Expand All @@ -394,6 +396,16 @@ private ms365.exchangeonline.externalSender {
enabled bool
}

// Microsoft 365 Exchange Online Mailbox
private ms365.exchangeonline.exoMailbox {
// The identity of the mailbox
identity string
// The user linked to this mailbox
user() microsoft.user
// The identity of the external object linked to this mailbox
externalDirectoryObjectId string
}

// Microsoft 365 SharePoint Online
ms365.sharepointonline {
// SharePoint Online tenant
Expand Down
Loading

0 comments on commit f8e28a1

Please sign in to comment.