@etcsec-com/etc-collector 1.4.0

package/dist/utils/type-name-normalizer.js

@@ -0,0 +1,218 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TYPE_NAME_ALIASES = void 0;
+exports.normalizeTypeName = normalizeTypeName;
+exports.areTypesEquivalent = areTypesEquivalent;
+exports.getAllKnownTypes = getAllKnownTypes;
+exports.TYPE_NAME_ALIASES = {
+    PASSWORDNEVEREXPIRES: 'PASSWORD_NEVER_EXPIRES',
+    PASSWORD_NEVER_EXPIRES_FLAG: 'PASSWORD_NEVER_EXPIRES',
+    PASSWORDNOTREQUIRED: 'PASSWORD_NOT_REQUIRED',
+    PASSWORD_NOT_REQUIRED_FLAG: 'PASSWORD_NOT_REQUIRED',
+    REVERSIBLEENCRYPTION: 'REVERSIBLE_ENCRYPTION',
+    REVERSIBLE_ENCRYPTION_FLAG: 'REVERSIBLE_ENCRYPTION',
+    PASSWORDINDESCRIPTION: 'PASSWORD_IN_DESCRIPTION',
+    PASSWORD_IN_DESC: 'PASSWORD_IN_DESCRIPTION',
+    EMPTY_PASSWORD: 'PASSWORD_NOT_REQUIRED',
+    UNIXUSERPASSWORD_CLEAR: 'UNIX_USER_PASSWORD',
+    PASSWORD_COMMON_PATTERNS: 'PASSWORD_DICT_ATTACK_RISK',
+    KERBEROASTABLE: 'KERBEROASTING_RISK',
+    KERBEROASTABLE_WEAKPASSWORD: 'KERBEROASTING_RISK',
+    KERBEROASTABLE_WEAK: 'KERBEROASTING_RISK',
+    ASREPROASTABLE: 'ASREP_ROASTING_RISK',
+    ASREP_ROASTABLE: 'ASREP_ROASTING_RISK',
+    ADMIN_ASREP: 'ADMIN_ASREP_ROASTABLE',
+    PRIVILEGED_ASREP: 'ADMIN_ASREP_ROASTABLE',
+    ADMIN_ASREP_ROASTING: 'ADMIN_ASREP_ROASTABLE',
+    DES_ENABLED: 'WEAK_ENCRYPTION_DES',
+    DES_ENCRYPTION: 'WEAK_ENCRYPTION_DES',
+    USE_DES_KEY_ONLY: 'WEAK_ENCRYPTION_DES',
+    UNCONSTRAINEDDELEGATION: 'UNCONSTRAINED_DELEGATION',
+    UNCONSTRAINED_DELEG: 'UNCONSTRAINED_DELEGATION',
+    CONSTRAINEDDELEGATION: 'CONSTRAINED_DELEGATION',
+    CONSTRAINED_DELEG: 'CONSTRAINED_DELEGATION',
+    KERBEROS_TICKET_LIFETIME_LONG: 'KERBEROS_WEAK_CONFIG',
+    COMPUTER_STALE_INACTIVE: 'COMPUTER_STALE_INACTIVE',
+    COMPUTER_STALE: 'COMPUTER_STALE_INACTIVE',
+    STALE_COMPUTER: 'COMPUTER_STALE_INACTIVE',
+    COMPUTER_OLD_PASSWORD: 'COMPUTER_PASSWORD_OLD',
+    COMPUTER_PASSWORD_NOT_CHANGED: 'COMPUTER_PASSWORD_OLD',
+    COMPUTER_NO_LAPS: 'COMPUTER_NO_LAPS',
+    NO_LAPS: 'COMPUTER_NO_LAPS',
+    LAPS_NOT_DEPLOYED: 'COMPUTER_NO_LAPS',
+    COMPUTER_PRECREATED: 'COMPUTER_PRE_CREATED',
+    COMPUTER_STAGED: 'COMPUTER_PRE_CREATED',
+    COMPUTER_LEGACY_PROTOCOL_SMBV1: 'COMPUTER_LEGACY_PROTOCOL',
+    COMPUTER_SMBV1: 'COMPUTER_LEGACY_PROTOCOL',
+    SMB1_ENABLED: 'COMPUTER_LEGACY_PROTOCOL',
+    SMBV1_ENABLED: 'COMPUTER_LEGACY_PROTOCOL',
+    COMPUTER_SMB_SIGNING_DISABLED: 'COMPUTER_SMB_SIGNING_DISABLED',
+    SMB_SIGNING_DISABLED: 'COMPUTER_SMB_SIGNING_DISABLED',
+    SMB_SIGNING_NOT_REQUIRED: 'COMPUTER_SMB_SIGNING_DISABLED',
+    COMPUTER_DISABLED_NOT_DELETED: 'COMPUTER_DISABLED_NOT_DELETED',
+    DISABLED_COMPUTER_NOT_DELETED: 'COMPUTER_DISABLED_NOT_DELETED',
+    COMPUTER_PRE_WIN2000: 'COMPUTER_PRE_WINDOWS_2000',
+    COMPUTER_PRE_2000: 'COMPUTER_PRE_WINDOWS_2000',
+    PRE_WINDOWS_2000_COMPUTER: 'COMPUTER_PRE_WINDOWS_2000',
+    COMPUTER_SENSITIVE_DESCRIPTION: 'COMPUTER_DESCRIPTION_SENSITIVE',
+    COMPUTER_DESC_SENSITIVE: 'COMPUTER_DESCRIPTION_SENSITIVE',
+    COMPUTER_RBCD: 'COMPUTER_RBCD',
+    RBCD: 'COMPUTER_RBCD',
+    RESOURCE_BASED_CONSTRAINED_DELEGATION: 'COMPUTER_RBCD',
+    COMPUTER_DUPLICATE_SPN: 'COMPUTER_DUPLICATE_SPN',
+    DUPLICATE_SPN: 'COMPUTER_DUPLICATE_SPN',
+    SIDHISTORY: 'SID_HISTORY',
+    SID_HISTORY_PRESENT: 'SID_HISTORY',
+    NOTINPROTECTEDUSERS: 'NOT_IN_PROTECTED_USERS',
+    NOT_PROTECTED_USERS: 'NOT_IN_PROTECTED_USERS',
+    ADMINCOUNT_ORPHANED: 'ADMIN_COUNT_ORPHANED',
+    ORPHANED_ADMINCOUNT: 'ADMIN_COUNT_ORPHANED',
+    DISABLEDACCOUNTINPRIVGROUP: 'DISABLED_ACCOUNT_IN_ADMIN_GROUP',
+    DISABLED_ADMIN: 'DISABLED_ACCOUNT_IN_ADMIN_GROUP',
+    STALEACCOUNT: 'STALE_ACCOUNT',
+    STALE_USER: 'STALE_ACCOUNT',
+    INACTIVE_180: 'STALE_ACCOUNT',
+    INACTIVE_ACCOUNT: 'INACTIVE_365_DAYS',
+    INACTIVE_USER: 'INACTIVE_365_DAYS',
+    TEST_ACCOUNT: 'TEST_ACCOUNT',
+    TESTACCOUNT: 'TEST_ACCOUNT',
+    SHARED_ACCOUNT: 'SHARED_ACCOUNT',
+    SHAREDACCOUNT: 'SHARED_ACCOUNT',
+    SMARTCARD_NOT_REQUIRED: 'SMARTCARD_NOT_REQUIRED',
+    NO_SMARTCARD: 'SMARTCARD_NOT_REQUIRED',
+    SHADOW_CREDENTIALS: 'SHADOW_CREDENTIALS',
+    MSDS_KEYCREDENTIALLINK: 'SHADOW_CREDENTIALS',
+    FOREIGN_SECURITY_PRINCIPALS: 'FOREIGN_SECURITY_PRINCIPAL',
+    SERVICE_ACCOUNT_NAMING: 'SERVICE_ACCOUNT_NAMING',
+    SVC_ACCOUNT: 'SERVICE_ACCOUNT_NAMING',
+    SERVICE_ACCOUNT_OLD_PASSWORD: 'SERVICE_ACCOUNT_OLD_PASSWORD',
+    SVC_OLD_PASSWORD: 'SERVICE_ACCOUNT_OLD_PASSWORD',
+    SERVICE_ACCOUNT_PRIVILEGED: 'SERVICE_ACCOUNT_PRIVILEGED',
+    SVC_PRIVILEGED: 'SERVICE_ACCOUNT_PRIVILEGED',
+    SERVICE_ACCOUNT_NO_PREAUTH: 'SERVICE_ACCOUNT_NO_PREAUTH',
+    SVC_NO_PREAUTH: 'SERVICE_ACCOUNT_NO_PREAUTH',
+    SERVICE_ACCOUNT_INTERACTIVE: 'SERVICE_ACCOUNT_INTERACTIVE',
+    SVC_INTERACTIVE: 'SERVICE_ACCOUNT_INTERACTIVE',
+    ACL_GENERICALL_DA: 'ACL_GENERICALL',
+    ACL_GENERICALL_DOMAIN_ADMINS: 'ACL_GENERICALL',
+    ACL_GENERICWRITE_SENSITIVEGROUP: 'ACL_GENERICWRITE',
+    ACL_GENERICWRITE_USER: 'ACL_GENERICWRITE',
+    ACL_WRITEDACL_OU: 'ACL_WRITEDACL',
+    ACL_WRITEDACL_SENSITIVEGROUP: 'ACL_WRITEDACL',
+    ACL_WRITEOWNER_SENSITIVEGROUP: 'ACL_WRITEOWNER',
+    ACL_ADDMEMBER: 'ACL_ADD_MEMBER',
+    ACL_ADD_MEMBER_GROUP: 'ACL_ADD_MEMBER',
+    ACL_DCSYNC: 'ACL_DS_REPLICATION_GET_CHANGES',
+    DCSYNC: 'ACL_DS_REPLICATION_GET_CHANGES',
+    DCSYNC_RIGHTS: 'ACL_DS_REPLICATION_GET_CHANGES',
+    ORPHANED_ACES: 'ORPHANED_ACL_ENTRIES',
+    NESTEDGROUPPATH: 'DANGEROUS_GROUP_NESTING',
+    NESTED_GROUP_PATH: 'DANGEROUS_GROUP_NESTING',
+    ESC1_VULNERABLE_CERTIFICATE_TEMPLATE: 'ESC1_VULNERABLE_TEMPLATE',
+    ESC1: 'ESC1_VULNERABLE_TEMPLATE',
+    ESC2_ANY_PURPOSE_EKU: 'ESC2_ANY_PURPOSE',
+    ESC2: 'ESC2_ANY_PURPOSE',
+    ESC3: 'ESC3_ENROLLMENT_AGENT',
+    ESC4: 'ESC4_VULNERABLE_TEMPLATE_ACL',
+    ESC5: 'ESC5_PKI_OBJECT_ACL',
+    ESC6_EDITF_ATTRIBUTESUBJECTALTNAME2: 'ESC6_EDITF_FLAG',
+    ESC6: 'ESC6_EDITF_FLAG',
+    ESC7: 'ESC7_CA_VULNERABLE_ACL',
+    ESC8: 'ESC8_HTTP_ENROLLMENT',
+    ESC9: 'ESC9_NO_SECURITY_EXTENSION',
+    ESC10: 'ESC10_WEAK_CERTIFICATE_MAPPING',
+    ESC11: 'ESC11_ICERT_REQUEST_ENFORCEMENT',
+    GPO_LINKPOISONING: 'GPO_LINK_POISONING',
+    GPO_LINK_POISON: 'GPO_LINK_POISONING',
+    GPO_AUTHENTICATED_USERS_APPLY: 'GPO_WEAK_PERMISSIONS',
+    GPO_NO_SECURITY_FILTERING: 'GPO_WEAK_PERMISSIONS',
+    GPO_PASSWORD_IN_SYSVOL: 'GPO_PASSWORD_IN_SYSVOL',
+    GPO_SYSVOL_PASSWORD: 'GPO_PASSWORD_IN_SYSVOL',
+    CPASSWORD: 'GPO_PASSWORD_IN_SYSVOL',
+    GPO_CREATOR_OWNERS_MEMBER: 'GPO_MODIFY_RIGHTS',
+    GPO_DANGEROUS_PERMISSIONS: 'GPO_MODIFY_RIGHTS',
+    EXCESSIVEPRIVILEGES_DA: 'NOT_IN_PROTECTED_USERS',
+    EXCESSIVE_PRIVILEGES_DA: 'NOT_IN_PROTECTED_USERS',
+    EXCESSIVEPRIVILEGES_ENTERPRISEADMIN: 'NOT_IN_PROTECTED_USERS',
+    EXCESSIVE_PRIVILEGES_EA: 'NOT_IN_PROTECTED_USERS',
+    EXCESSIVEPRIVILEGES_AO: 'ACCOUNT_OPERATORS_MEMBER',
+    EXCESSIVE_PRIVILEGES_AO: 'ACCOUNT_OPERATORS_MEMBER',
+    EXCESSIVEPRIVILEGES_BO: 'BACKUP_OPERATORS_MEMBER',
+    EXCESSIVE_PRIVILEGES_BO: 'BACKUP_OPERATORS_MEMBER',
+    EXCESSIVEPRIVILEGES_PRINTOPS: 'PRINT_OPERATORS_MEMBER',
+    EXCESSIVE_PRIVILEGES_PRINTOPS: 'PRINT_OPERATORS_MEMBER',
+    EXCESSIVEPRIVILEGES_DNS: 'DNS_ADMINS_MEMBER',
+    EXCESSIVE_PRIVILEGES_DNS: 'DNS_ADMINS_MEMBER',
+    EXCESSIVEPRIVILEGES_SCHEMAADMIN: 'NOT_IN_PROTECTED_USERS',
+    EXCESSIVE_PRIVILEGES_SCHEMA: 'NOT_IN_PROTECTED_USERS',
+    EXCESSIVEPRIVILEGES_RDP: 'DANGEROUS_BUILTIN_MEMBERSHIP',
+    EXCESSIVE_PRIVILEGES_RDP: 'DANGEROUS_BUILTIN_MEMBERSHIP',
+    PATH_GPO_TO_DA: 'PATH_GPO_TO_DA',
+    PATH_SERVICE_TO_DA: 'PATH_SERVICE_TO_DA',
+    PATH_ASREP_TO_ADMIN: 'PATH_ASREP_TO_ADMIN',
+    PATH_NESTED_ADMIN: 'PATH_NESTED_ADMIN',
+    PATH_DELEGATION_CHAIN: 'PATH_DELEGATION_CHAIN',
+    PATH_CERTIFICATE_ESC: 'PATH_CERTIFICATE_ESC',
+    PATH_TRUST_LATERAL: 'PATH_TRUST_LATERAL',
+    PATH_KERBEROASTING_TO_DA: 'PATH_KERBEROASTING_TO_DA',
+    PATH_COMPUTER_TAKEOVER: 'PATH_COMPUTER_TAKEOVER',
+    OVERSIZED_GROUP_CRITICAL: 'OVERSIZED_GROUP_HIGH',
+    OVERSIZED_GROUP: 'GROUP_EXCESSIVE_MEMBERS',
+    AUTHENTICATED_USERS_IN_ACLS: 'EVERYONE_IN_ACL',
+    EVERYONE_IN_ACLS: 'EVERYONE_IN_ACL',
+    EXCESSIVE_ADMINS: 'EXCESSIVE_PRIVILEGED_ACCOUNTS',
+    TOO_MANY_ADMINS: 'EXCESSIVE_PRIVILEGED_ACCOUNTS',
+    EXCESSIVE_DOMAIN_ADMINS: 'EXCESSIVE_PRIVILEGED_ACCOUNTS',
+    ADMIN_SD_HOLDER_MODIFIED: 'ADMINSDHOLDER_BACKDOOR',
+    ADMINSD_HOLDER_MODIFIED: 'ADMINSDHOLDER_BACKDOOR',
+    LAPS_PASSWORDREAD: 'LAPS_PASSWORD_READABLE',
+    LAPS_READ: 'LAPS_PASSWORD_READABLE',
+    LAPS_PASSWORD_LEAKED: 'LAPS_PASSWORD_LEAKED',
+    SMB_V1_ENABLED: 'COMPUTER_LEGACY_PROTOCOL',
+    ANONYMOUS_LDAP_ACCESS: 'ANONYMOUS_LDAP_ACCESS',
+    ANONYMOUS_BIND: 'ANONYMOUS_LDAP_ACCESS',
+    AUDIT_POLICY_WEAK: 'AUDIT_POLICY_WEAK',
+    AUDIT_NOT_CONFIGURED: 'AUDIT_POLICY_WEAK',
+    LDAP_CHANNEL_BINDING_DISABLED: 'LDAP_CHANNEL_BINDING_DISABLED',
+    LDAP_SIGNING_DISABLED: 'LDAP_SIGNING_NOT_REQUIRED',
+    POWERSHELL_LOGGING_DISABLED: 'POWERSHELL_LOGGING_DISABLED',
+    PS_LOGGING_DISABLED: 'POWERSHELL_LOGGING_DISABLED',
+    DANGEROUS_LOGON_SCRIPT: 'DANGEROUS_LOGON_SCRIPT',
+    LOGON_SCRIPT_VULNERABLE: 'DANGEROUS_LOGON_SCRIPT',
+    SERVER_NO_ADMIN_GROUP: 'SERVER_NO_ADMIN_GROUP',
+    RECYCLE_BIN_DISABLED: 'RECYCLE_BIN_DISABLED',
+    AD_RECYCLE_BIN_DISABLED: 'RECYCLE_BIN_DISABLED',
+    USER_CANNOT_CHANGE_PASSWORD: 'USER_CANNOT_CHANGE_PASSWORD',
+    CANNOT_CHANGE_PASSWORD: 'USER_CANNOT_CHANGE_PASSWORD',
+    SEENABLEDELEGATIONPRIVILEGE: 'DELEGATION_PRIVILEGE',
+    SE_ENABLE_DELEGATION: 'DELEGATION_PRIVILEGE',
+    SUSPICIOUSACCOUNTNAME: 'TEST_ACCOUNT',
+    SUSPICIOUS_ACCOUNT: 'TEST_ACCOUNT',
+    SUSPICIOUSSIDPROPERTIES: 'PRIMARYGROUPID_SPOOFING',
+    PRIMARYGROUPID_MODIFIED: 'PRIMARYGROUPID_SPOOFING',
+    COMPUTER_ACL_GENERICALL: 'COMPUTER_ACL_ABUSE',
+    COMPUTER_LOCAL_ADMIN_MAPPING: 'COMPUTER_IN_ADMIN_GROUP',
+    LOCAL_ADMIN_MAPPING: 'COMPUTER_IN_ADMIN_GROUP',
+    COMPUTER_WEAK_LAPS: 'LAPS_LEGACY_ATTRIBUTE',
+    WEAK_LAPS: 'LAPS_LEGACY_ATTRIBUTE',
+    TRUST_LATERAL: 'PATH_TRUST_LATERAL',
+    FOREST_TRUST_VULNERABLE: 'TRUST_MISCONFIGURED',
+    EXTERNAL_TRUST: 'TRUST_EXTERNAL',
+    ULTRA_VULNERABLE_USER: 'CRITICAL_VULNERABLE_USER',
+};
+function normalizeTypeName(typeName) {
+    const normalized = typeName.toUpperCase().trim();
+    if (exports.TYPE_NAME_ALIASES[normalized]) {
+        return exports.TYPE_NAME_ALIASES[normalized];
+    }
+    return normalized;
+}
+function areTypesEquivalent(type1, type2) {
+    return normalizeTypeName(type1) === normalizeTypeName(type2);
+}
+function getAllKnownTypes() {
+    const aliases = Object.keys(exports.TYPE_NAME_ALIASES);
+    const canonical = Object.values(exports.TYPE_NAME_ALIASES);
+    return [...new Set([...aliases, ...canonical])];
+}
+//# sourceMappingURL=type-name-normalizer.js.map

package/dist/utils/type-name-normalizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"type-name-normalizer.js","sourceRoot":"","sources":["../../src/utils/type-name-normalizer.ts"],"names":[],"mappings":";;;AA+QA,8CAWC;AAQD,gDAEC;AAKD,4CAIC;AAjSY,QAAA,iBAAiB,GAA2B;IAEvD,oBAAoB,EAAE,wBAAwB;IAC9C,2BAA2B,EAAE,wBAAwB;IACrD,mBAAmB,EAAE,uBAAuB;IAC5C,0BAA0B,EAAE,uBAAuB;IACnD,oBAAoB,EAAE,uBAAuB;IAC7C,0BAA0B,EAAE,uBAAuB;IACnD,qBAAqB,EAAE,yBAAyB;IAChD,gBAAgB,EAAE,yBAAyB;IAC3C,cAAc,EAAE,uBAAuB;IACvC,sBAAsB,EAAE,oBAAoB;IAC5C,wBAAwB,EAAE,2BAA2B;IAGrD,cAAc,EAAE,oBAAoB;IACpC,2BAA2B,EAAE,oBAAoB;IACjD,mBAAmB,EAAE,oBAAoB;IACzC,cAAc,EAAE,qBAAqB;IACrC,eAAe,EAAE,qBAAqB;IACtC,WAAW,EAAE,uBAAuB;IACpC,gBAAgB,EAAE,uBAAuB;IACzC,oBAAoB,EAAE,uBAAuB;IAC7C,WAAW,EAAE,qBAAqB;IAClC,cAAc,EAAE,qBAAqB;IACrC,gBAAgB,EAAE,qBAAqB;IACvC,uBAAuB,EAAE,0BAA0B;IACnD,mBAAmB,EAAE,0BAA0B;IAC/C,qBAAqB,EAAE,wBAAwB;IAC/C,iBAAiB,EAAE,wBAAwB;IAC3C,6BAA6B,EAAE,sBAAsB;IAIrD,uBAAuB,EAAE,yBAAyB;IAClD,cAAc,EAAE,yBAAyB;IACzC,cAAc,EAAE,yBAAyB;IAGzC,qBAAqB,EAAE,uBAAuB;IAC9C,6BAA6B,EAAE,uBAAuB;IAGtD,gBAAgB,EAAE,kBAAkB;IACpC,OAAO,EAAE,kBAAkB;IAC3B,iBAAiB,EAAE,kBAAkB;IAGrC,mBAAmB,EAAE,sBAAsB;IAC3C,eAAe,EAAE,sBAAsB;IAGvC,8BAA8B,EAAE,0BAA0B;IAC1D,cAAc,EAAE,0BAA0B;IAC1C,YAAY,EAAE,0BAA0B;IACxC,aAAa,EAAE,0BAA0B;IAGzC,6BAA6B,EAAE,+BAA+B;IAC9D,oBAAoB,EAAE,+BAA+B;IACrD,wBAAwB,EAAE,+BAA+B;IAGzD,6BAA6B,EAAE,+BAA+B;IAC9D,6BAA6B,EAAE,+BAA+B;IAG9D,oBAAoB,EAAE,2BAA2B;IACjD,iBAAiB,EAAE,2BAA2B;IAC9C,yBAAyB,EAAE,2BAA2B;IAGtD,8BAA8B,EAAE,gCAAgC;IAChE,uBAAuB,EAAE,gCAAgC;IAGzD,aAAa,EAAE,eAAe;IAC9B,IAAI,EAAE,eAAe;IACrB,qCAAqC,EAAE,eAAe;IAGtD,sBAAsB,EAAE,wBAAwB;IAChD,aAAa,EAAE,wBAAwB;IAGvC,UAAU,EAAE,aAAa;IACzB,mBAAmB,EAAE,aAAa;IAClC,mBAAmB,EAAE,wBAAwB;IAC7C,mBAAmB,EAAE,wBAAwB;IAC7C,mBAAmB,EAAE,sBAAsB;IAC3C,mBAAmB,EAAE,sBAAsB;IAC3C,0BAA0B,EAAE,iCAAiC;IAC7D,cAAc,EAAE,iCAAiC;IACjD,YAAY,EAAE,eAAe;IAC7B,UAAU,EAAE,eAAe;IAC3B,YAAY,EAAE,eAAe;IAC7B,gBAAgB,EAAE,mBAAmB;IACrC,aAAa,EAAE,mBAAmB;IAClC,YAAY,EAAE,cAAc;IAC5B,WAAW,EAAE,cAAc;IAC3B,cAAc,EAAE,gBAAgB;IAChC,aAAa,EAAE,gBAAgB;IAC/B,sBAAsB,EAAE,wBAAwB;IAChD,YAAY,EAAE,wBAAwB;IACtC,kBAAkB,EAAE,oBAAoB;IACxC,sBAAsB,EAAE,oBAAoB;IAC5C,2BAA2B,EAAE,4BAA4B;IAGzD,sBAAsB,EAAE,wBAAwB;IAChD,WAAW,EAAE,wBAAwB;IACrC,4BAA4B,EAAE,8BAA8B;IAC5D,gBAAgB,EAAE,8BAA8B;IAChD,0BAA0B,EAAE,4BAA4B;IACxD,cAAc,EAAE,4BAA4B;IAC5C,0BAA0B,EAAE,4BAA4B;IACxD,cAAc,EAAE,4BAA4B;IAC5C,2BAA2B,EAAE,6BAA6B;IAC1D,eAAe,EAAE,6BAA6B;IAG9C,iBAAiB,EAAE,gBAAgB;IACnC,4BAA4B,EAAE,gBAAgB;IAC9C,+BAA+B,EAAE,kBAAkB;IACnD,qBAAqB,EAAE,kBAAkB;IACzC,gBAAgB,EAAE,eAAe;IACjC,4BAA4B,EAAE,eAAe;IAC7C,6BAA6B,EAAE,gBAAgB;IAC/C,aAAa,EAAE,gBAAgB;IAC/B,oBAAoB,EAAE,gBAAgB;IACtC,UAAU,EAAE,gCAAgC;IAC5C,MAAM,EAAE,gCAAgC;IACxC,aAAa,EAAE,gCAAgC;IAC/C,aAAa,EAAE,sBAAsB;IACrC,eAAe,EAAE,yBAAyB;IAC1C,iBAAiB,EAAE,yBAAyB;IAG5C,oCAAoC,EAAE,0BAA0B;IAChE,IAAI,EAAE,0BAA0B;IAChC,oBAAoB,EAAE,kBAAkB;IACxC,IAAI,EAAE,kBAAkB;IACxB,IAAI,EAAE,uBAAuB;IAC7B,IAAI,EAAE,8BAA8B;IACpC,IAAI,EAAE,qBAAqB;IAC3B,mCAAmC,EAAE,iBAAiB;IACtD,IAAI,EAAE,iBAAiB;IACvB,IAAI,EAAE,wBAAwB;IAC9B,IAAI,EAAE,sBAAsB;IAC5B,IAAI,EAAE,4BAA4B;IAClC,KAAK,EAAE,gCAAgC;IACvC,KAAK,EAAE,iCAAiC;IAGxC,iBAAiB,EAAE,oBAAoB;IACvC,eAAe,EAAE,oBAAoB;IACrC,6BAA6B,EAAE,sBAAsB;IACrD,yBAAyB,EAAE,sBAAsB;IACjD,sBAAsB,EAAE,wBAAwB;IAChD,mBAAmB,EAAE,wBAAwB;IAC7C,SAAS,EAAE,wBAAwB;IACnC,yBAAyB,EAAE,mBAAmB;IAC9C,yBAAyB,EAAE,mBAAmB;IAM9C,sBAAsB,EAAE,wBAAwB;IAChD,uBAAuB,EAAE,wBAAwB;IACjD,mCAAmC,EAAE,wBAAwB;IAC7D,uBAAuB,EAAE,wBAAwB;IACjD,sBAAsB,EAAE,0BAA0B;IAClD,uBAAuB,EAAE,0BAA0B;IACnD,sBAAsB,EAAE,yBAAyB;IACjD,uBAAuB,EAAE,yBAAyB;IAClD,4BAA4B,EAAE,wBAAwB;IACtD,6BAA6B,EAAE,wBAAwB;IACvD,uBAAuB,EAAE,mBAAmB;IAC5C,wBAAwB,EAAE,mBAAmB;IAC7C,+BAA+B,EAAE,wBAAwB;IACzD,2BAA2B,EAAE,wBAAwB;IACrD,uBAAuB,EAAE,8BAA8B;IACvD,wBAAwB,EAAE,8BAA8B;IAGxD,cAAc,EAAE,gBAAgB;IAChC,kBAAkB,EAAE,oBAAoB;IACxC,mBAAmB,EAAE,qBAAqB;IAC1C,iBAAiB,EAAE,mBAAmB;IACtC,qBAAqB,EAAE,uBAAuB;IAC9C,oBAAoB,EAAE,sBAAsB;IAC5C,kBAAkB,EAAE,oBAAoB;IACxC,wBAAwB,EAAE,0BAA0B;IACpD,sBAAsB,EAAE,wBAAwB;IAGhD,wBAAwB,EAAE,sBAAsB;IAChD,eAAe,EAAE,yBAAyB;IAC1C,2BAA2B,EAAE,iBAAiB;IAC9C,gBAAgB,EAAE,iBAAiB;IACnC,gBAAgB,EAAE,+BAA+B;IACjD,eAAe,EAAE,+BAA+B;IAChD,uBAAuB,EAAE,+BAA+B;IAGxD,wBAAwB,EAAE,wBAAwB;IAClD,uBAAuB,EAAE,wBAAwB;IACjD,iBAAiB,EAAE,wBAAwB;IAC3C,SAAS,EAAE,wBAAwB;IACnC,oBAAoB,EAAE,sBAAsB;IAC5C,cAAc,EAAE,0BAA0B;IAC1C,qBAAqB,EAAE,uBAAuB;IAC9C,cAAc,EAAE,uBAAuB;IACvC,iBAAiB,EAAE,mBAAmB;IACtC,oBAAoB,EAAE,mBAAmB;IACzC,6BAA6B,EAAE,+BAA+B;IAC9D,qBAAqB,EAAE,2BAA2B;IAClD,2BAA2B,EAAE,6BAA6B;IAC1D,mBAAmB,EAAE,6BAA6B;IAClD,sBAAsB,EAAE,wBAAwB;IAChD,uBAAuB,EAAE,wBAAwB;IACjD,qBAAqB,EAAE,uBAAuB;IAC9C,oBAAoB,EAAE,sBAAsB;IAC5C,uBAAuB,EAAE,sBAAsB;IAG/C,2BAA2B,EAAE,6BAA6B;IAC1D,sBAAsB,EAAE,6BAA6B;IACrD,2BAA2B,EAAE,sBAAsB;IACnD,oBAAoB,EAAE,sBAAsB;IAC5C,qBAAqB,EAAE,cAAc;IACrC,kBAAkB,EAAE,cAAc;IAClC,uBAAuB,EAAE,yBAAyB;IAClD,uBAAuB,EAAE,yBAAyB;IAGlD,uBAAuB,EAAE,oBAAoB;IAC7C,4BAA4B,EAAE,yBAAyB;IACvD,mBAAmB,EAAE,yBAAyB;IAG9C,kBAAkB,EAAE,uBAAuB;IAC3C,SAAS,EAAE,uBAAuB;IAGlC,aAAa,EAAE,oBAAoB;IACnC,uBAAuB,EAAE,qBAAqB;IAC9C,cAAc,EAAE,gBAAgB;IAGhC,qBAAqB,EAAE,0BAA0B;CAClD,CAAC;AAOF,SAAgB,iBAAiB,CAAC,QAAgB;IAEhD,MAAM,UAAU,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAGjD,IAAI,yBAAiB,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,OAAO,yBAAiB,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAGD,OAAO,UAAU,CAAC;AACpB,CAAC;AAQD,SAAgB,kBAAkB,CAAC,KAAa,EAAE,KAAa;IAC7D,OAAO,iBAAiB,CAAC,KAAK,CAAC,KAAK,iBAAiB,CAAC,KAAK,CAAC,CAAC;AAC/D,CAAC;AAKD,SAAgB,gBAAgB;IAC9B,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,yBAAiB,CAAC,CAAC;IAC/C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,yBAAiB,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;AAClD,CAAC"}

package/docker-compose.yml

@@ -0,0 +1,26 @@
+version: '3.8'
+
+services:
+  etc-collector:
+    build: .
+    container_name: etc-collector
+    ports:
+      - "8443:8443"
+    environment:
+      - PORT=8443
+      - NODE_ENV=production
+      - LOG_LEVEL=${LOG_LEVEL:-info}
+      - DATABASE_PATH=/app/data/etc-collector.db
+    env_file:
+      - .env
+    volumes:
+      - ./data:/app/data
+      - ./token-data:/app/token-data
+      - ./logs:/app/logs
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "node", "-e", "require('http').get('http://localhost:8443/health',(r)=>process.exit(r.statusCode===200?0:1))"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
+      start_period: 5s

package/docs/api/README.md

@@ -0,0 +1,178 @@
+# API Documentation
+
+Documentation complète de l'API REST ETC Collector.
+
+## Fichiers
+
+- **openapi.yaml** - Spécification OpenAPI 3.0.3 complète des 11 endpoints
+
+## Visualiser la documentation
+
+### Option 1: Swagger UI (Recommandé)
+
+Ouvrir la documentation interactive dans le navigateur:
+
+```bash
+npx @redocly/cli preview-docs docs/api/openapi.yaml
+```
+
+Ou utiliser Swagger Editor en ligne:
+1. Aller sur https://editor.swagger.io
+2. Coller le contenu de `openapi.yaml`
+
+### Option 2: Redoc
+
+Générer une documentation HTML statique avec Redoc:
+
+```bash
+npx @redocly/cli build-docs docs/api/openapi.yaml -o docs/api/index.html
+```
+
+## Endpoints disponibles
+
+### Health
+- `GET /health` - Health check (pas d'auth)
+
+### Authentication
+- `POST /api/v1/auth/token` - Générer un JWT token
+- `POST /api/v1/auth/validate` - Valider un token
+- `POST /api/v1/auth/revoke` - Révoquer un token
+- `GET /api/v1/auth/tokens` - Lister tous les tokens
+
+### Audit
+- `POST /api/v1/audit/ad` - Lancer un audit Active Directory
+- `GET /api/v1/audit/ad/status` - Tester la connexion LDAP
+- `POST /api/v1/audit/azure` - Lancer un audit Azure AD
+- `GET /api/v1/audit/azure/status` - Tester la connexion Microsoft Graph
+
+### Export
+- `POST /api/v1/export/ad` - Exporter les résultats AD (JSON/CSV)
+- `POST /api/v1/export/azure` - Exporter les résultats Azure (JSON/CSV)
+
+## Authentification
+
+Tous les endpoints (sauf `/health`) nécessitent un JWT Bearer token:
+
+```bash
+# 1. Générer un token
+curl -X POST http://localhost:8443/api/v1/auth/token \
+  -H "Content-Type: application/json" \
+  -d '{"name": "my-token", "expiresIn": 3600}'
+
+# 2. Utiliser le token
+curl http://localhost:8443/api/v1/audit/ad/status \
+  -H "Authorization: Bearer <votre-token>"
+```
+
+## Rate Limiting
+
+- **Endpoints généraux**: 100 requêtes/minute
+- **Endpoints d'audit**: 10 audits/5 minutes
+
+## Format des réponses
+
+### Succès
+```json
+{
+  "success": true,
+  "data": { ... }
+}
+```
+
+### Erreur
+```json
+{
+  "success": false,
+  "error": {
+    "code": "ERROR_CODE",
+    "message": "Human-readable message",
+    "details": [
+      { "field": "fieldName", "message": "error" }
+    ]
+  }
+}
+```
+
+## Exemples d'utilisation
+
+### 1. Audit Active Directory
+
+```bash
+# Lancer un audit AD
+curl -X POST http://localhost:8443/api/v1/audit/ad \
+  -H "Authorization: Bearer <token>" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "includeDetails": true,
+    "maxUsers": 1000
+  }'
+```
+
+### 2. Exporter en JSON
+
+```bash
+curl -X POST http://localhost:8443/api/v1/export/ad \
+  -H "Authorization: Bearer <token>" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "auditResult": { ... },
+    "format": "json",
+    "domain": "example.com"
+  }' > audit-results.json
+```
+
+### 3. Exporter en CSV
+
+```bash
+curl -X POST http://localhost:8443/api/v1/export/ad \
+  -H "Authorization: Bearer <token>" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "auditResult": { ... },
+    "format": "csv",
+    "domain": "example.com",
+    "includeAffectedEntities": true
+  }' > audit-results.csv
+```
+
+## Codes d'erreur
+
+| Code | Description |
+|------|-------------|
+| `VALIDATION_ERROR` | Validation Zod échouée |
+| `UNAUTHORIZED` | Token manquant ou invalide |
+| `TOKEN_EXPIRED` | Token expiré |
+| `TOKEN_REVOKED` | Token révoqué |
+| `USAGE_LIMIT_EXCEEDED` | Quota d'utilisation dépassé |
+| `RATE_LIMIT_EXCEEDED` | Limite de taux dépassée (général) |
+| `AUDIT_RATE_LIMIT_EXCEEDED` | Limite de taux dépassée (audit) |
+| `INTERNAL_ERROR` | Erreur serveur interne |
+
+## Validation des requêtes
+
+Toutes les requêtes POST sont validées avec Zod:
+
+- **maxUsers/maxGroups/maxComputers/maxApps**: Entiers positifs
+- **format**: Enum ["json", "csv"]
+- **delimiter**: 1 caractère
+- **auditResult**: Structure complète validée
+
+## Développement
+
+### Valider la spec OpenAPI
+
+```bash
+npx @redocly/cli lint docs/api/openapi.yaml
+```
+
+### Générer des types TypeScript
+
+```bash
+npx openapi-typescript docs/api/openapi.yaml -o src/types/api.generated.ts
+```
+
+## Ressources
+
+- [OpenAPI Specification](https://spec.openapis.org/oas/v3.0.3)
+- [Swagger Editor](https://editor.swagger.io)
+- [Redocly CLI](https://redocly.com/docs/cli/)