Fail if multiple DMARC records are present

scubagoggles/Testing/Unit/Rego/gmail/gmail04_test.rego

@@ -101,6 +101,29 @@ test_DMARC_Incorrect_V2 if {
     RuleOutput[0].ReportDetails == concat(" ", ["1 of 1 agency domain(s) found in violation: test.name.", DNSLink])
 }
 
+test_DMARC_Incorrect_V3 if {
+    # Test DMARC when there are multiple dmarc records
+    PolicyId := GmailId4_1
+    Output := tests with input as {
+        "dmarc_records": [
+            {
+                "domain": "test.name",
+                "rdata": [
+                    "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov",
+                    "v=DMARC1; p=reject"
+                ]
+            }
+        ],
+        "domains": ["test.name"]
+    }
+
+    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
+    count(RuleOutput) == 1
+    not RuleOutput[0].RequirementMet
+    not RuleOutput[0].NoSuchEvent
+    RuleOutput[0].ReportDetails == concat(" ", ["1 of 1 agency domain(s) found in violation: test.name.", DNSLink])
+}
+
 #
 # GWS.GMAIL.4.2
 #--
@@ -201,6 +224,29 @@ test_DMARCMessageReject_Incorrect_V2 if {
     RuleOutput[0].ReportDetails == concat(" ", ["1 of 1 agency domain(s) found in violation: test.name.", DNSLink])
 }
 
+test_DMARCMessageReject_Incorrect_V3 if {
+    # Test DMARC when there are multiple dmarc records
+    PolicyId := GmailId4_2
+    Output := tests with input as {
+        "dmarc_records": [
+            {
+                "domain": "test.name",
+                "rdata": [
+                    "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov",
+                    "v=DMARC1; p=reject"
+                ]
+            }
+        ],
+        "domains": ["test.name"]
+    }
+
+    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
+    count(RuleOutput) == 1
+    not RuleOutput[0].RequirementMet
+    not RuleOutput[0].NoSuchEvent
+    RuleOutput[0].ReportDetails == concat(" ", ["1 of 1 agency domain(s) found in violation: test.name.", DNSLink])
+}
+
 #
 # GWS.GMAIL.4.3
 #--
@@ -301,6 +347,30 @@ test_DMARCAggregateReports_Incorrect_V2 if {
     RuleOutput[0].ReportDetails == concat(" ", ["1 of 1 agency domain(s) found in violation: test.name.", DNSLink])
 }
 
+test_DMARCAggregateReports_Incorrect_V3 if {
+    # Test DMARC when there are multiple dmarc records
+    PolicyId := GmailId4_3
+    Output := tests with input as {
+        "dmarc_records": [
+            {
+                "domain": "test.name",
+                "rdata": [
+                    "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov",
+                    "v=DMARC1; p=reject"
+                ]
+            }
+        ],
+        "domains": ["test.name"]
+    }
+
+    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
+    count(RuleOutput) == 1
+    not RuleOutput[0].RequirementMet
+    not RuleOutput[0].NoSuchEvent
+    RuleOutput[0].ReportDetails == concat(" ", ["1 of 1 agency domain(s) found in violation: test.name.", DNSLink])
+}
+
+
 #
 # GWS.GMAIL.4.4
 #--
@@ -400,4 +470,27 @@ test_DMARCAgencyPOC_Incorrect_V2 if {
     not RuleOutput[0].NoSuchEvent
     RuleOutput[0].ReportDetails == concat(" ", ["1 of 1 agency domain(s) found in violation: test.name.", DNSLink])
 }
+
+test_DMARCAgencyPOC_Incorrect_V3 if {
+    # Test DMARC when there are multiple dmarc records
+    PolicyId := GmailId4_4
+    Output := tests with input as {
+        "dmarc_records": [
+            {
+                "domain": "test.name",
+                "rdata": [
+                    "v=DMARC1; p=reject; pct=100; rua=mailto:DMARC@hq.dhs.gov, mailto:reports@dmarc.cyber.dhs.gov",
+                    "v=DMARC1; p=reject"
+                ]
+            }
+        ],
+        "domains": ["test.name"]
+    }
+
+    RuleOutput := [Result | some Result in Output; Result.PolicyId == PolicyId]
+    count(RuleOutput) == 1
+    not RuleOutput[0].RequirementMet
+    not RuleOutput[0].NoSuchEvent
+    RuleOutput[0].ReportDetails == concat(" ", ["1 of 1 agency domain(s) found in violation: test.name.", DNSLink])
+}
 #--

scubagoggles/rego/Gmail.rego

@@ -155,8 +155,8 @@ GmailId4_1 := utils.PolicyIdWithSuffix("GWS.GMAIL.4.1")
 # Not applicable at OU or Group level
 DomainsWithDmarc contains DmarcRecord.domain if {
     some DmarcRecord in input.dmarc_records
-    some Rdata in DmarcRecord.rdata
-    startswith(Rdata, "v=DMARC1;")
+    ValidAnswers := [Answer | some Answer in DmarcRecord.rdata; startswith(Answer, "v=DMARC1;")]
+    count(ValidAnswers) == 1
 }
 
 tests contains {
@@ -189,6 +189,7 @@ DomainsWithPreject contains DmarcRecord.domain if {
     some DmarcRecord in input.dmarc_records
     some Rdata in DmarcRecord.rdata
     contains(Rdata, "p=reject;")
+    DmarcRecord.domain in DomainsWithDmarc
 }
 
 tests contains {
@@ -217,6 +218,7 @@ DomainsWithDHSContact contains DmarcRecord.domain if {
     some DmarcRecord in input.dmarc_records
     some Rdata in DmarcRecord.rdata
     contains(Rdata, "mailto:reports@dmarc.cyber.dhs.gov")
+    DmarcRecord.domain in DomainsWithDmarc
 }
 
 tests contains {
@@ -245,6 +247,7 @@ DomainsWithAgencyContact contains DmarcRecord.domain if {
     some DmarcRecord in input.dmarc_records
     some Rdata in DmarcRecord.rdata
     count(split(Rdata, "@")) >= 3
+    DmarcRecord.domain in DomainsWithDmarc
 }
 
 tests contains {

scubagoggles/reporter/reporter.py

@@ -875,7 +875,7 @@ def _build_report_html(self,
                         "Query Name": qname,
                         "Query Method": query['query_method'],
                         "Summary": query['query_result'],
-                        "Answers": '\n'.join(answers)
+                        "Answers": '<br>'.join(answers)
                     })
             log_table = self.create_html_table(logs)
             log_table = log_table.replace("<table>", "<table class='alternating dns-table'>")