npm - @etcsec-com/etc-collector - Versions diffs - 1.4.0 - Mend

@etcsec-com/etc-collector 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (617) hide show

package/.env.example +60 -0
package/.env.test.example +33 -0
package/.github/workflows/ci.yml +83 -0
package/.github/workflows/release.yml +246 -0
package/.prettierrc.json +10 -0
package/CHANGELOG.md +15 -0
package/Dockerfile +57 -0
package/LICENSE +190 -0
package/README.md +194 -0
package/dist/api/controllers/audit.controller.d.ts +21 -0
package/dist/api/controllers/audit.controller.d.ts.map +1 -0
package/dist/api/controllers/audit.controller.js +179 -0
package/dist/api/controllers/audit.controller.js.map +1 -0
package/dist/api/controllers/auth.controller.d.ts +16 -0
package/dist/api/controllers/auth.controller.d.ts.map +1 -0
package/dist/api/controllers/auth.controller.js +146 -0
package/dist/api/controllers/auth.controller.js.map +1 -0
package/dist/api/controllers/export.controller.d.ts +27 -0
package/dist/api/controllers/export.controller.d.ts.map +1 -0
package/dist/api/controllers/export.controller.js +80 -0
package/dist/api/controllers/export.controller.js.map +1 -0
package/dist/api/controllers/health.controller.d.ts +5 -0
package/dist/api/controllers/health.controller.d.ts.map +1 -0
package/dist/api/controllers/health.controller.js +16 -0
package/dist/api/controllers/health.controller.js.map +1 -0
package/dist/api/controllers/jobs.controller.d.ts +13 -0
package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
package/dist/api/controllers/jobs.controller.js +125 -0
package/dist/api/controllers/jobs.controller.js.map +1 -0
package/dist/api/controllers/providers.controller.d.ts +15 -0
package/dist/api/controllers/providers.controller.d.ts.map +1 -0
package/dist/api/controllers/providers.controller.js +112 -0
package/dist/api/controllers/providers.controller.js.map +1 -0
package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
package/dist/api/dto/AuditRequest.dto.js +3 -0
package/dist/api/dto/AuditRequest.dto.js.map +1 -0
package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
package/dist/api/dto/AuditResponse.dto.js +3 -0
package/dist/api/dto/AuditResponse.dto.js.map +1 -0
package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
package/dist/api/dto/TokenRequest.dto.js +3 -0
package/dist/api/dto/TokenRequest.dto.js.map +1 -0
package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
package/dist/api/dto/TokenResponse.dto.js +3 -0
package/dist/api/dto/TokenResponse.dto.js.map +1 -0
package/dist/api/middlewares/authenticate.d.ts +12 -0
package/dist/api/middlewares/authenticate.d.ts.map +1 -0
package/dist/api/middlewares/authenticate.js +141 -0
package/dist/api/middlewares/authenticate.js.map +1 -0
package/dist/api/middlewares/errorHandler.d.ts +3 -0
package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
package/dist/api/middlewares/errorHandler.js +30 -0
package/dist/api/middlewares/errorHandler.js.map +1 -0
package/dist/api/middlewares/rateLimit.d.ts +3 -0
package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
package/dist/api/middlewares/rateLimit.js +34 -0
package/dist/api/middlewares/rateLimit.js.map +1 -0
package/dist/api/middlewares/validate.d.ts +4 -0
package/dist/api/middlewares/validate.d.ts.map +1 -0
package/dist/api/middlewares/validate.js +31 -0
package/dist/api/middlewares/validate.js.map +1 -0
package/dist/api/routes/audit.routes.d.ts +5 -0
package/dist/api/routes/audit.routes.d.ts.map +1 -0
package/dist/api/routes/audit.routes.js +24 -0
package/dist/api/routes/audit.routes.js.map +1 -0
package/dist/api/routes/auth.routes.d.ts +6 -0
package/dist/api/routes/auth.routes.d.ts.map +1 -0
package/dist/api/routes/auth.routes.js +22 -0
package/dist/api/routes/auth.routes.js.map +1 -0
package/dist/api/routes/export.routes.d.ts +5 -0
package/dist/api/routes/export.routes.d.ts.map +1 -0
package/dist/api/routes/export.routes.js +16 -0
package/dist/api/routes/export.routes.js.map +1 -0
package/dist/api/routes/health.routes.d.ts +4 -0
package/dist/api/routes/health.routes.d.ts.map +1 -0
package/dist/api/routes/health.routes.js +11 -0
package/dist/api/routes/health.routes.js.map +1 -0
package/dist/api/routes/index.d.ts +10 -0
package/dist/api/routes/index.d.ts.map +1 -0
package/dist/api/routes/index.js +20 -0
package/dist/api/routes/index.js.map +1 -0
package/dist/api/routes/providers.routes.d.ts +5 -0
package/dist/api/routes/providers.routes.d.ts.map +1 -0
package/dist/api/routes/providers.routes.js +13 -0
package/dist/api/routes/providers.routes.js.map +1 -0
package/dist/api/validators/audit.schemas.d.ts +60 -0
package/dist/api/validators/audit.schemas.d.ts.map +1 -0
package/dist/api/validators/audit.schemas.js +55 -0
package/dist/api/validators/audit.schemas.js.map +1 -0
package/dist/api/validators/auth.schemas.d.ts +17 -0
package/dist/api/validators/auth.schemas.d.ts.map +1 -0
package/dist/api/validators/auth.schemas.js +21 -0
package/dist/api/validators/auth.schemas.js.map +1 -0
package/dist/app.d.ts +3 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +62 -0
package/dist/app.js.map +1 -0
package/dist/config/config.schema.d.ts +65 -0
package/dist/config/config.schema.d.ts.map +1 -0
package/dist/config/config.schema.js +95 -0
package/dist/config/config.schema.js.map +1 -0
package/dist/config/index.d.ts +4 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +75 -0
package/dist/config/index.js.map +1 -0
package/dist/container.d.ts +47 -0
package/dist/container.d.ts.map +1 -0
package/dist/container.js +137 -0
package/dist/container.js.map +1 -0
package/dist/data/database.d.ts +13 -0
package/dist/data/database.d.ts.map +1 -0
package/dist/data/database.js +68 -0
package/dist/data/database.js.map +1 -0
package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
package/dist/data/jobs/token-cleanup.job.js +96 -0
package/dist/data/jobs/token-cleanup.job.js.map +1 -0
package/dist/data/migrations/migration.runner.d.ts +13 -0
package/dist/data/migrations/migration.runner.d.ts.map +1 -0
package/dist/data/migrations/migration.runner.js +136 -0
package/dist/data/migrations/migration.runner.js.map +1 -0
package/dist/data/models/Token.model.d.ts +30 -0
package/dist/data/models/Token.model.d.ts.map +1 -0
package/dist/data/models/Token.model.js +3 -0
package/dist/data/models/Token.model.js.map +1 -0
package/dist/data/repositories/token.repository.d.ts +16 -0
package/dist/data/repositories/token.repository.d.ts.map +1 -0
package/dist/data/repositories/token.repository.js +97 -0
package/dist/data/repositories/token.repository.js.map +1 -0
package/dist/providers/azure/auth.provider.d.ts +5 -0
package/dist/providers/azure/auth.provider.d.ts.map +1 -0
package/dist/providers/azure/auth.provider.js +13 -0
package/dist/providers/azure/auth.provider.js.map +1 -0
package/dist/providers/azure/azure-errors.d.ts +40 -0
package/dist/providers/azure/azure-errors.d.ts.map +1 -0
package/dist/providers/azure/azure-errors.js +121 -0
package/dist/providers/azure/azure-errors.js.map +1 -0
package/dist/providers/azure/azure-retry.d.ts +41 -0
package/dist/providers/azure/azure-retry.d.ts.map +1 -0
package/dist/providers/azure/azure-retry.js +85 -0
package/dist/providers/azure/azure-retry.js.map +1 -0
package/dist/providers/azure/graph-client.d.ts +26 -0
package/dist/providers/azure/graph-client.d.ts.map +1 -0
package/dist/providers/azure/graph-client.js +146 -0
package/dist/providers/azure/graph-client.js.map +1 -0
package/dist/providers/azure/graph.provider.d.ts +23 -0
package/dist/providers/azure/graph.provider.d.ts.map +1 -0
package/dist/providers/azure/graph.provider.js +161 -0
package/dist/providers/azure/graph.provider.js.map +1 -0
package/dist/providers/azure/queries/app.queries.d.ts +6 -0
package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/app.queries.js +9 -0
package/dist/providers/azure/queries/app.queries.js.map +1 -0
package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/policy.queries.js +9 -0
package/dist/providers/azure/queries/policy.queries.js.map +1 -0
package/dist/providers/azure/queries/user.queries.d.ts +7 -0
package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/user.queries.js +10 -0
package/dist/providers/azure/queries/user.queries.js.map +1 -0
package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
package/dist/providers/interfaces/IGraphProvider.js +3 -0
package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.js +3 -0
package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
package/dist/providers/ldap/acl-parser.d.ts +8 -0
package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
package/dist/providers/ldap/acl-parser.js +157 -0
package/dist/providers/ldap/acl-parser.js.map +1 -0
package/dist/providers/ldap/ad-mappers.d.ts +8 -0
package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
package/dist/providers/ldap/ad-mappers.js +162 -0
package/dist/providers/ldap/ad-mappers.js.map +1 -0
package/dist/providers/ldap/ldap-client.d.ts +33 -0
package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
package/dist/providers/ldap/ldap-client.js +195 -0
package/dist/providers/ldap/ldap-client.js.map +1 -0
package/dist/providers/ldap/ldap-errors.d.ts +48 -0
package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
package/dist/providers/ldap/ldap-errors.js +120 -0
package/dist/providers/ldap/ldap-errors.js.map +1 -0
package/dist/providers/ldap/ldap-retry.d.ts +14 -0
package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
package/dist/providers/ldap/ldap-retry.js +102 -0
package/dist/providers/ldap/ldap-retry.js.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.js +104 -0
package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
package/dist/providers/ldap/ldap.provider.d.ts +21 -0
package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
package/dist/providers/ldap/ldap.provider.js +165 -0
package/dist/providers/ldap/ldap.provider.js.map +1 -0
package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/computer.queries.js +9 -0
package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/group.queries.js +9 -0
package/dist/providers/ldap/queries/group.queries.js.map +1 -0
package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/user.queries.js +10 -0
package/dist/providers/ldap/queries/user.queries.js.map +1 -0
package/dist/providers/smb/smb.provider.d.ts +68 -0
package/dist/providers/smb/smb.provider.d.ts.map +1 -0
package/dist/providers/smb/smb.provider.js +382 -0
package/dist/providers/smb/smb.provider.js.map +1 -0
package/dist/server.d.ts +2 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +44 -0
package/dist/server.js.map +1 -0
package/dist/services/audit/ad-audit.service.d.ts +70 -0
package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
package/dist/services/audit/ad-audit.service.js +1019 -0
package/dist/services/audit/ad-audit.service.js.map +1 -0
package/dist/services/audit/attack-graph.service.d.ts +62 -0
package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
package/dist/services/audit/attack-graph.service.js +702 -0
package/dist/services/audit/attack-graph.service.js.map +1 -0
package/dist/services/audit/audit.service.d.ts +4 -0
package/dist/services/audit/audit.service.d.ts.map +1 -0
package/dist/services/audit/audit.service.js +10 -0
package/dist/services/audit/audit.service.js.map +1 -0
package/dist/services/audit/azure-audit.service.d.ts +37 -0
package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
package/dist/services/audit/azure-audit.service.js +153 -0
package/dist/services/audit/azure-audit.service.js.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/index.d.ts +15 -0
package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/index.js +51 -0
package/dist/services/audit/detectors/ad/index.js.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.js +257 -0
package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.js +235 -0
package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
package/dist/services/audit/detectors/index.d.ts +2 -0
package/dist/services/audit/detectors/index.d.ts.map +1 -0
package/dist/services/audit/detectors/index.js +38 -0
package/dist/services/audit/detectors/index.js.map +1 -0
package/dist/services/audit/response-formatter.d.ts +176 -0
package/dist/services/audit/response-formatter.d.ts.map +1 -0
package/dist/services/audit/response-formatter.js +240 -0
package/dist/services/audit/response-formatter.js.map +1 -0
package/dist/services/audit/scoring.service.d.ts +15 -0
package/dist/services/audit/scoring.service.d.ts.map +1 -0
package/dist/services/audit/scoring.service.js +139 -0
package/dist/services/audit/scoring.service.js.map +1 -0
package/dist/services/auth/crypto.service.d.ts +19 -0
package/dist/services/auth/crypto.service.d.ts.map +1 -0
package/dist/services/auth/crypto.service.js +135 -0
package/dist/services/auth/crypto.service.js.map +1 -0
package/dist/services/auth/errors.d.ts +19 -0
package/dist/services/auth/errors.d.ts.map +1 -0
package/dist/services/auth/errors.js +46 -0
package/dist/services/auth/errors.js.map +1 -0
package/dist/services/auth/token.service.d.ts +41 -0
package/dist/services/auth/token.service.d.ts.map +1 -0
package/dist/services/auth/token.service.js +208 -0
package/dist/services/auth/token.service.js.map +1 -0
package/dist/services/config/config.service.d.ts +6 -0
package/dist/services/config/config.service.d.ts.map +1 -0
package/dist/services/config/config.service.js +64 -0
package/dist/services/config/config.service.js.map +1 -0
package/dist/services/export/export.service.d.ts +28 -0
package/dist/services/export/export.service.d.ts.map +1 -0
package/dist/services/export/export.service.js +28 -0
package/dist/services/export/export.service.js.map +1 -0
package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/csv.formatter.js +46 -0
package/dist/services/export/formatters/csv.formatter.js.map +1 -0
package/dist/services/export/formatters/json.formatter.d.ts +40 -0
package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/json.formatter.js +58 -0
package/dist/services/export/formatters/json.formatter.js.map +1 -0
package/dist/services/jobs/azure-job-runner.d.ts +38 -0
package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
package/dist/services/jobs/azure-job-runner.js +199 -0
package/dist/services/jobs/azure-job-runner.js.map +1 -0
package/dist/services/jobs/index.d.ts +4 -0
package/dist/services/jobs/index.d.ts.map +1 -0
package/dist/services/jobs/index.js +20 -0
package/dist/services/jobs/index.js.map +1 -0
package/dist/services/jobs/job-runner.d.ts +64 -0
package/dist/services/jobs/job-runner.d.ts.map +1 -0
package/dist/services/jobs/job-runner.js +952 -0
package/dist/services/jobs/job-runner.js.map +1 -0
package/dist/services/jobs/job-store.d.ts +27 -0
package/dist/services/jobs/job-store.d.ts.map +1 -0
package/dist/services/jobs/job-store.js +261 -0
package/dist/services/jobs/job-store.js.map +1 -0
package/dist/services/jobs/job.types.d.ts +67 -0
package/dist/services/jobs/job.types.d.ts.map +1 -0
package/dist/services/jobs/job.types.js +36 -0
package/dist/services/jobs/job.types.js.map +1 -0
package/dist/types/ad.types.d.ts +74 -0
package/dist/types/ad.types.d.ts.map +1 -0
package/dist/types/ad.types.js +3 -0
package/dist/types/ad.types.js.map +1 -0
package/dist/types/adcs.types.d.ts +58 -0
package/dist/types/adcs.types.d.ts.map +1 -0
package/dist/types/adcs.types.js +38 -0
package/dist/types/adcs.types.js.map +1 -0
package/dist/types/attack-graph.types.d.ts +135 -0
package/dist/types/attack-graph.types.d.ts.map +1 -0
package/dist/types/attack-graph.types.js +58 -0
package/dist/types/attack-graph.types.js.map +1 -0
package/dist/types/audit.types.d.ts +34 -0
package/dist/types/audit.types.d.ts.map +1 -0
package/dist/types/audit.types.js +3 -0
package/dist/types/audit.types.js.map +1 -0
package/dist/types/azure.types.d.ts +61 -0
package/dist/types/azure.types.d.ts.map +1 -0
package/dist/types/azure.types.js +3 -0
package/dist/types/azure.types.js.map +1 -0
package/dist/types/config.types.d.ts +63 -0
package/dist/types/config.types.d.ts.map +1 -0
package/dist/types/config.types.js +3 -0
package/dist/types/config.types.js.map +1 -0
package/dist/types/error.types.d.ts +33 -0
package/dist/types/error.types.d.ts.map +1 -0
package/dist/types/error.types.js +70 -0
package/dist/types/error.types.js.map +1 -0
package/dist/types/finding.types.d.ts +133 -0
package/dist/types/finding.types.d.ts.map +1 -0
package/dist/types/finding.types.js +3 -0
package/dist/types/finding.types.js.map +1 -0
package/dist/types/gpo.types.d.ts +39 -0
package/dist/types/gpo.types.d.ts.map +1 -0
package/dist/types/gpo.types.js +15 -0
package/dist/types/gpo.types.js.map +1 -0
package/dist/types/token.types.d.ts +26 -0
package/dist/types/token.types.d.ts.map +1 -0
package/dist/types/token.types.js +3 -0
package/dist/types/token.types.js.map +1 -0
package/dist/types/trust.types.d.ts +45 -0
package/dist/types/trust.types.d.ts.map +1 -0
package/dist/types/trust.types.js +71 -0
package/dist/types/trust.types.js.map +1 -0
package/dist/utils/entity-converter.d.ts +17 -0
package/dist/utils/entity-converter.d.ts.map +1 -0
package/dist/utils/entity-converter.js +285 -0
package/dist/utils/entity-converter.js.map +1 -0
package/dist/utils/graph.util.d.ts +66 -0
package/dist/utils/graph.util.d.ts.map +1 -0
package/dist/utils/graph.util.js +382 -0
package/dist/utils/graph.util.js.map +1 -0
package/dist/utils/logger.d.ts +7 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +86 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/type-name-normalizer.d.ts +5 -0
package/dist/utils/type-name-normalizer.d.ts.map +1 -0
package/dist/utils/type-name-normalizer.js +218 -0
package/dist/utils/type-name-normalizer.js.map +1 -0
package/docker-compose.yml +26 -0
package/docs/api/README.md +178 -0
package/docs/api/openapi.yaml +1524 -0
package/eslint.config.js +54 -0
package/jest.config.js +38 -0
package/package.json +97 -0
package/scripts/fetch-ad-cert.sh +142 -0
package/src/.gitkeep +0 -0
package/src/api/.gitkeep +0 -0
package/src/api/controllers/.gitkeep +0 -0
package/src/api/controllers/audit.controller.ts +313 -0
package/src/api/controllers/auth.controller.ts +258 -0
package/src/api/controllers/export.controller.ts +153 -0
package/src/api/controllers/health.controller.ts +16 -0
package/src/api/controllers/jobs.controller.ts +187 -0
package/src/api/controllers/providers.controller.ts +165 -0
package/src/api/dto/.gitkeep +0 -0
package/src/api/dto/AuditRequest.dto.ts +8 -0
package/src/api/dto/AuditResponse.dto.ts +19 -0
package/src/api/dto/TokenRequest.dto.ts +8 -0
package/src/api/dto/TokenResponse.dto.ts +14 -0
package/src/api/middlewares/.gitkeep +0 -0
package/src/api/middlewares/authenticate.ts +203 -0
package/src/api/middlewares/errorHandler.ts +54 -0
package/src/api/middlewares/rateLimit.ts +35 -0
package/src/api/middlewares/validate.ts +32 -0
package/src/api/routes/.gitkeep +0 -0
package/src/api/routes/audit.routes.ts +77 -0
package/src/api/routes/auth.routes.ts +71 -0
package/src/api/routes/export.routes.ts +34 -0
package/src/api/routes/health.routes.ts +14 -0
package/src/api/routes/index.ts +40 -0
package/src/api/routes/providers.routes.ts +24 -0
package/src/api/validators/.gitkeep +0 -0
package/src/api/validators/audit.schemas.ts +59 -0
package/src/api/validators/auth.schemas.ts +59 -0
package/src/app.ts +87 -0
package/src/config/.gitkeep +0 -0
package/src/config/config.schema.ts +108 -0
package/src/config/index.ts +82 -0
package/src/container.ts +221 -0
package/src/data/.gitkeep +0 -0
package/src/data/database.ts +78 -0
package/src/data/jobs/token-cleanup.job.ts +166 -0
package/src/data/migrations/.gitkeep +0 -0
package/src/data/migrations/001_initial_schema.sql +47 -0
package/src/data/migrations/migration.runner.ts +125 -0
package/src/data/models/.gitkeep +0 -0
package/src/data/models/Token.model.ts +35 -0
package/src/data/repositories/.gitkeep +0 -0
package/src/data/repositories/token.repository.ts +160 -0
package/src/providers/.gitkeep +0 -0
package/src/providers/azure/.gitkeep +0 -0
package/src/providers/azure/auth.provider.ts +14 -0
package/src/providers/azure/azure-errors.ts +189 -0
package/src/providers/azure/azure-retry.ts +168 -0
package/src/providers/azure/graph-client.ts +315 -0
package/src/providers/azure/graph.provider.ts +294 -0
package/src/providers/azure/queries/app.queries.ts +9 -0
package/src/providers/azure/queries/policy.queries.ts +9 -0
package/src/providers/azure/queries/user.queries.ts +10 -0
package/src/providers/interfaces/.gitkeep +0 -0
package/src/providers/interfaces/IGraphProvider.ts +117 -0
package/src/providers/interfaces/ILDAPProvider.ts +142 -0
package/src/providers/ldap/.gitkeep +0 -0
package/src/providers/ldap/acl-parser.ts +231 -0
package/src/providers/ldap/ad-mappers.ts +280 -0
package/src/providers/ldap/ldap-client.ts +259 -0
package/src/providers/ldap/ldap-errors.ts +188 -0
package/src/providers/ldap/ldap-retry.ts +267 -0
package/src/providers/ldap/ldap-sanitizer.ts +273 -0
package/src/providers/ldap/ldap.provider.ts +293 -0
package/src/providers/ldap/queries/computer.queries.ts +9 -0
package/src/providers/ldap/queries/group.queries.ts +9 -0
package/src/providers/ldap/queries/user.queries.ts +10 -0
package/src/providers/smb/smb.provider.ts +653 -0
package/src/server.ts +60 -0
package/src/services/.gitkeep +0 -0
package/src/services/audit/.gitkeep +0 -0
package/src/services/audit/ad-audit.service.ts +1481 -0
package/src/services/audit/attack-graph.service.ts +1104 -0
package/src/services/audit/audit.service.ts +12 -0
package/src/services/audit/azure-audit.service.ts +286 -0
package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
package/src/services/audit/detectors/ad/index.ts +84 -0
package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
package/src/services/audit/detectors/ad/network.detector.ts +538 -0
package/src/services/audit/detectors/ad/password.detector.ts +324 -0
package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
package/src/services/audit/detectors/index.ts +18 -0
package/src/services/audit/response-formatter.ts +604 -0
package/src/services/audit/scoring.service.ts +234 -0
package/src/services/auth/.gitkeep +0 -0
package/src/services/auth/crypto.service.ts +230 -0
package/src/services/auth/errors.ts +47 -0
package/src/services/auth/token.service.ts +420 -0
package/src/services/config/.gitkeep +0 -0
package/src/services/config/config.service.ts +75 -0
package/src/services/export/.gitkeep +0 -0
package/src/services/export/export.service.ts +99 -0
package/src/services/export/formatters/csv.formatter.ts +124 -0
package/src/services/export/formatters/json.formatter.ts +160 -0
package/src/services/jobs/azure-job-runner.ts +312 -0
package/src/services/jobs/index.ts +9 -0
package/src/services/jobs/job-runner.ts +1280 -0
package/src/services/jobs/job-store.ts +384 -0
package/src/services/jobs/job.types.ts +182 -0
package/src/types/.gitkeep +0 -0
package/src/types/ad.types.ts +91 -0
package/src/types/adcs.types.ts +107 -0
package/src/types/attack-graph.types.ts +260 -0
package/src/types/audit.types.ts +42 -0
package/src/types/azure.types.ts +68 -0
package/src/types/config.types.ts +79 -0
package/src/types/error.types.ts +69 -0
package/src/types/finding.types.ts +284 -0
package/src/types/gpo.types.ts +72 -0
package/src/types/smb2.d.ts +73 -0
package/src/types/token.types.ts +32 -0
package/src/types/trust.types.ts +140 -0
package/src/utils/.gitkeep +0 -0
package/src/utils/entity-converter.ts +453 -0
package/src/utils/graph.util.ts +609 -0
package/src/utils/logger.ts +111 -0
package/src/utils/type-name-normalizer.ts +302 -0
package/tests/.gitkeep +0 -0
package/tests/e2e/.gitkeep +0 -0
package/tests/fixtures/.gitkeep +0 -0
package/tests/integration/.gitkeep +0 -0
package/tests/integration/README.md +156 -0
package/tests/integration/ad-audit.integration.test.ts +216 -0
package/tests/integration/api/.gitkeep +0 -0
package/tests/integration/api/endpoints.integration.test.ts +431 -0
package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
package/tests/integration/providers/.gitkeep +0 -0
package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
package/tests/mocks/.gitkeep +0 -0
package/tests/setup.ts +16 -0
package/tests/unit/.gitkeep +0 -0
package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
package/tests/unit/providers/.gitkeep +0 -0
package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
package/tests/unit/sample.test.ts +19 -0
package/tests/unit/services/.gitkeep +0 -0
package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
package/tests/unit/services/auth/crypto.service.test.ts +296 -0
package/tests/unit/services/auth/token.service.test.ts +579 -0
package/tests/unit/services/export/export.service.test.ts +241 -0
package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
package/tests/unit/utils/.gitkeep +0 -0
package/tsconfig.json +50 -0

package/src/providers/ldap/ldap-sanitizer.ts ADDED Viewed

@@ -0,0 +1,273 @@
+/**
+ * LDAP Injection Prevention
+ *
+ * Sanitizes LDAP filters and Distinguished Names to prevent injection attacks.
+ * Follows OWASP guidelines and RFC 4515 (LDAP filters) / RFC 4514 (DNs).
+ *
+ * Task 2: Implement LDAP Sanitizer for Injection Prevention (Story 1.5)
+ */
+/**
+ * LDAP Sanitizer
+ *
+ * Provides methods to sanitize and validate LDAP inputs.
+ */
+export class LDAPSanitizer {
+  /**
+   * LDAP filter special characters that require escaping (RFC 4515)
+   */
+  private static readonly FILTER_ESCAPE_MAP: Record<string, string> = {
+    '\\': '\\5c', // Backslash (must be first)
+    '*': '\\2a', // Asterisk
+    '(': '\\28', // Left parenthesis
+    ')': '\\29', // Right parenthesis
+    '\0': '\\00', // NUL character
+  };
+  /**
+   * DN special characters that require escaping (RFC 4514)
+   */
+  private static readonly DN_SPECIAL_CHARS = [',', '=', '+', '<', '>', '#', ';', '\\', '"'];
+  /**
+   * Sanitize LDAP filter string to prevent injection attacks
+   *
+   * Escapes special characters in LDAP filter values according to RFC 4515.
+   * This prevents attackers from injecting malicious filter logic.
+   *
+   * @param filter - The filter string to sanitize
+   * @returns Sanitized filter string with escaped special characters
+   *
+   * @example
+   * ```typescript
+   * // Prevents injection: (uid=*)(objectClass=*)
+   * LDAPSanitizer.sanitizeFilter("*)(objectClass=*")
+   * // Returns: "\2a\29\28objectClass=\2a"
+   * ```
+   */
+  static sanitizeFilter(filter: string): string {
+    if (!filter) {
+      return filter;
+    }
+    let sanitized = filter;
+    // Process in specific order: backslash first to avoid double-escaping
+    for (const [char, escape] of Object.entries(this.FILTER_ESCAPE_MAP)) {
+      sanitized = sanitized.split(char).join(escape);
+    }
+    return sanitized;
+  }
+  /**
+   * Sanitize Distinguished Name (DN) to prevent injection
+   *
+   * Escapes special characters in DN components according to RFC 4514.
+   * Handles leading/trailing spaces and special character positions.
+   *
+   * @param dn - The DN string to sanitize
+   * @returns Sanitized DN string with properly escaped characters
+   *
+   * @example
+   * ```typescript
+   * LDAPSanitizer.sanitizeDN('cn=John, Doe')
+   * // Returns: "cn=John\\, Doe"
+   * ```
+   */
+  static sanitizeDN(dn: string): string {
+    if (!dn) {
+      return dn;
+    }
+    let sanitized = dn;
+    // Escape backslash first to prevent double-escaping
+    sanitized = sanitized.replace(/\\/g, '\\\\');
+    // Escape other special characters
+    for (const char of this.DN_SPECIAL_CHARS) {
+      if (char === '\\') continue; // Already handled
+      const regex = new RegExp(`\\${char}`, 'g');
+      sanitized = sanitized.replace(regex, `\\${char}`);
+    }
+    // Escape leading space
+    if (sanitized.startsWith(' ')) {
+      sanitized = '\\' + sanitized;
+    }
+    // Escape trailing space
+    if (sanitized.endsWith(' ') && !sanitized.endsWith('\\ ')) {
+      sanitized = sanitized.slice(0, -1) + '\\ ';
+    }
+    // Escape leading # (hash)
+    if (sanitized.startsWith('#')) {
+      sanitized = '\\' + sanitized;
+    }
+    return sanitized;
+  }
+  /**
+   * Validate LDAP filter syntax
+   *
+   * Checks if an LDAP filter has valid syntax:
+   * - Balanced parentheses
+   * - Valid operators (&, |, !)
+   * - Proper filter structure
+   *
+   * @param filter - The filter to validate
+   * @returns true if filter syntax is valid, false otherwise
+   *
+   * @example
+   * ```typescript
+   * LDAPSanitizer.isValidFilter('(uid=john)')  // true
+   * LDAPSanitizer.isValidFilter('(uid=john')   // false - unbalanced
+   * LDAPSanitizer.isValidFilter('uid=john')    // false - missing parens
+   * ```
+   */
+  static isValidFilter(filter: string): boolean {
+    if (!filter || typeof filter !== 'string') {
+      return false;
+    }
+    // Filter must start and end with parentheses
+    if (!filter.startsWith('(') || !filter.endsWith(')')) {
+      return false;
+    }
+    // Check balanced parentheses
+    let depth = 0;
+    for (const char of filter) {
+      if (char === '(') {
+        depth++;
+      } else if (char === ')') {
+        depth--;
+      }
+      // Depth should never go negative
+      if (depth < 0) {
+        return false;
+      }
+    }
+    // Must end with depth 0 (balanced)
+    if (depth !== 0) {
+      return false;
+    }
+    // Basic structure validation: must contain at least one operator or attribute
+    // Valid filters: (&(...)), (|(...)), (!(...)), or (attribute=value)
+    const hasLogicalOp = /^(\(&|\(\||\(!)/.test(filter);
+    const hasAttribute = /\w+=/.test(filter);
+    if (!hasLogicalOp && !hasAttribute) {
+      return false;
+    }
+    return true;
+  }
+  /**
+   * Validate Distinguished Name (DN) format
+   *
+   * Checks if a DN has valid structure:
+   * - Contains attribute=value pairs
+   * - Properly formatted with commas
+   *
+   * @param dn - The DN to validate
+   * @returns true if DN format is valid, false otherwise
+   *
+   * @example
+   * ```typescript
+   * LDAPSanitizer.isValidDN('cn=John Doe,ou=Users,dc=example,dc=com')  // true
+   * LDAPSanitizer.isValidDN('invalid-dn')  // false
+   * ```
+   */
+  static isValidDN(dn: string): boolean {
+    if (!dn || typeof dn !== 'string') {
+      return false;
+    }
+    // DN must contain at least one attribute=value pair
+    const dnPattern = /^([a-zA-Z][a-zA-Z0-9-]*=[^,]+)(,\s*[a-zA-Z][a-zA-Z0-9-]*=[^,]+)*$/;
+    return dnPattern.test(dn.trim());
+  }
+  /**
+   * Sanitize LDAP attribute name
+   *
+   * Ensures attribute name only contains valid characters.
+   * Attribute names should only contain alphanumeric characters, hyphens, and dots.
+   *
+   * @param attribute - The attribute name to sanitize
+   * @returns Sanitized attribute name or empty string if invalid
+   */
+  static sanitizeAttribute(attribute: string): string {
+    if (!attribute || typeof attribute !== 'string') {
+      return '';
+    }
+    // Remove any characters that aren't alphanumeric, hyphen, or dot
+    return attribute.replace(/[^a-zA-Z0-9.-]/g, '');
+  }
+  /**
+   * Build safe LDAP filter from components
+   *
+   * Constructs an LDAP filter with properly sanitized values.
+   * Use this instead of string concatenation to build filters.
+   *
+   * @param attribute - Attribute name
+   * @param operator - Comparison operator (=, >=, <=, ~=)
+   * @param value - Value to filter by (will be sanitized)
+   * @returns Safe LDAP filter string
+   *
+   * @example
+   * ```typescript
+   * LDAPSanitizer.buildFilter('uid', '=', 'john*')
+   * // Returns: "(uid=john\\2a)"
+   * ```
+   */
+  static buildFilter(
+    attribute: string,
+    operator: '=' | '>=' | '<=' | '~=' | '=*',
+    value: string
+  ): string {
+    const safeAttribute = this.sanitizeAttribute(attribute);
+    const safeValue = operator === '=*' ? value : this.sanitizeFilter(value);
+    return `(${safeAttribute}${operator}${safeValue})`;
+  }
+  /**
+   * Build safe logical filter (AND/OR/NOT)
+   *
+   * Combines multiple filters with logical operators.
+   *
+   * @param operator - Logical operator (&, |, !)
+   * @param filters - Array of filter strings to combine
+   * @returns Combined filter string
+   *
+   * @example
+   * ```typescript
+   * LDAPSanitizer.buildLogicalFilter('&', [
+   *   '(objectClass=user)',
+   *   '(uid=john)',
+   * ])
+   * // Returns: "(&(objectClass=user)(uid=john))"
+   * ```
+   */
+  static buildLogicalFilter(operator: '&' | '|' | '!', filters: string[]): string {
+    if (!filters || filters.length === 0) {
+      return '';
+    }
+    if (operator === '!' && filters.length !== 1) {
+      throw new Error('NOT operator requires exactly one filter');
+    }
+    return `(${operator}${filters.join('')})`;
+  }
+}

package/src/providers/ldap/ldap.provider.ts ADDED Viewed

@@ -0,0 +1,293 @@
+import { ILDAPProvider, SearchOptions, ConnectionTestResult } from '../interfaces/ILDAPProvider';
+import { ADUser, ADGroup, ADComputer, ADOU } from '../../types/ad.types';
+import { LDAPConfig } from '../../types/config.types';
+import { LDAPClient, LDAPConnectionOptions } from './ldap-client';
+import { LDAPSanitizer } from './ldap-sanitizer';
+import { mapToADUser, mapToADGroup, mapToADComputer, mapToADOU, mapToGeneric } from './ad-mappers';
+import { logger } from '../../utils/logger';
+/**
+ * LDAP Provider Implementation
+ *
+ * Provides Active Directory connectivity via LDAP/LDAPS.
+ * Implements all LDAP operations with sanitization and type mapping.
+ *
+ * Task 3: Implement LDAP Provider (Story 1.5)
+ */
+export class LDAPProvider implements ILDAPProvider {
+  private client: LDAPClient;
+  private config: LDAPConfig;
+  /**
+   * Get base DN for searches
+   */
+  getBaseDN(): string {
+    return this.config.baseDN;
+  }
+  /**
+   * Get LDAP URL (for debugging)
+   */
+  getUrl(): string {
+    return this.config.url;
+  }
+  constructor(config: LDAPConfig) {
+    this.config = config;
+    // Create client with connection options
+    const connectionOptions: LDAPConnectionOptions = {
+      url: config.url,
+      bindDN: config.bindDN,
+      bindPassword: config.bindPassword,
+      timeout: config.timeout,
+      caCertPath: config.caCertPath,
+      tlsOptions: {
+        rejectUnauthorized: config.tlsVerify,
+      },
+      skipHostnameVerification: config.skipHostnameVerification,
+      tlsServername: config.tlsServername,
+    };
+    this.client = new LDAPClient(connectionOptions);
+  }
+  /**
+   * Connect and bind to LDAP server
+   */
+  async connect(): Promise<void> {
+    logger.info('Connecting to LDAP server...');
+    await this.client.connect();
+  }
+  /**
+   * Disconnect from LDAP server
+   */
+  async disconnect(): Promise<void> {
+    logger.info('Disconnecting from LDAP server...');
+    await this.client.disconnect();
+  }
+  /**
+   * Test LDAP connection
+   */
+  async testConnection(): Promise<ConnectionTestResult> {
+    logger.info('Testing LDAP connection...');
+    const result = await this.client.testConnection();
+    if (result.success) {
+      // Determine protocol from URL
+      const protocol = this.config.url.startsWith('ldaps://') ? 'ldaps' : 'ldap';
+      return {
+        success: true,
+        message: 'Connection successful',
+        details: {
+          url: this.config.url,
+          baseDN: this.config.baseDN,
+          protocol,
+          bindDN: this.config.bindDN,
+          responseTime: result.responseTime,
+        },
+      };
+    } else {
+      return {
+        success: false,
+        message: 'Connection failed',
+      };
+    }
+  }
+  /**
+   * Search for users in Active Directory
+   *
+   * Default filter: (&(objectClass=user)(objectCategory=person))
+   */
+  async searchUsers(filter?: string, attributes?: string[]): Promise<ADUser[]> {
+    // Build filter with sanitization
+    const userFilter = filter
+      ? `(&(objectClass=user)(objectCategory=person)${filter})`
+      : '(&(objectClass=user)(objectCategory=person))';
+    logger.debug(`Searching for users with filter: ${userFilter}`);
+    // Default attributes for users
+    const defaultAttributes = [
+      'dn',
+      'sAMAccountName',
+      'userPrincipalName',
+      'displayName',
+      'userAccountControl',
+      'pwdLastSet',
+      'lastLogon',
+      'adminCount',
+      'memberOf',
+    ];
+    const searchOptions: SearchOptions = {
+      filter: userFilter,
+      scope: 'sub',
+      attributes: attributes || defaultAttributes,
+      paged: true,
+    };
+    const entries = await this.client.search(this.config.baseDN, searchOptions);
+    // Map entries to ADUser objects
+    return entries.map(mapToADUser);
+  }
+  /**
+   * Search for groups in Active Directory
+   *
+   * Default filter: (objectClass=group)
+   */
+  async searchGroups(filter?: string, attributes?: string[]): Promise<ADGroup[]> {
+    // Build filter
+    const groupFilter = filter ? `(&(objectClass=group)${filter})` : '(objectClass=group)';
+    logger.debug(`Searching for groups with filter: ${groupFilter}`);
+    // Default attributes for groups
+    const defaultAttributes = [
+      'dn',
+      'sAMAccountName',
+      'displayName',
+      'groupType',
+      'memberOf',
+      'member',
+    ];
+    const searchOptions: SearchOptions = {
+      filter: groupFilter,
+      scope: 'sub',
+      attributes: attributes || defaultAttributes,
+      paged: true,
+    };
+    const entries = await this.client.search(this.config.baseDN, searchOptions);
+    // Map entries to ADGroup objects
+    return entries.map(mapToADGroup);
+  }
+  /**
+   * Search for computers in Active Directory
+   *
+   * Default filter: (objectClass=computer)
+   */
+  async searchComputers(filter?: string, attributes?: string[]): Promise<ADComputer[]> {
+    // Build filter
+    const computerFilter = filter ? `(&(objectClass=computer)${filter})` : '(objectClass=computer)';
+    logger.debug(`Searching for computers with filter: ${computerFilter}`);
+    // Default attributes for computers
+    const defaultAttributes = [
+      'dn',
+      'sAMAccountName',
+      'dNSHostName',
+      'operatingSystem',
+      'operatingSystemVersion',
+      'lastLogon',
+      'userAccountControl',
+    ];
+    const searchOptions: SearchOptions = {
+      filter: computerFilter,
+      scope: 'sub',
+      attributes: attributes || defaultAttributes,
+      paged: true,
+    };
+    const entries = await this.client.search(this.config.baseDN, searchOptions);
+    // Map entries to ADComputer objects
+    return entries.map(mapToADComputer);
+  }
+  /**
+   * Search for organizational units in Active Directory
+   *
+   * Default filter: (objectClass=organizationalUnit)
+   */
+  async searchOUs(filter?: string, attributes?: string[]): Promise<ADOU[]> {
+    // Build filter
+    const ouFilter = filter
+      ? `(&(objectClass=organizationalUnit)${filter})`
+      : '(objectClass=organizationalUnit)';
+    logger.debug(`Searching for OUs with filter: ${ouFilter}`);
+    // Default attributes for OUs
+    const defaultAttributes = ['dn', 'name', 'ou', 'description'];
+    const searchOptions: SearchOptions = {
+      filter: ouFilter,
+      scope: 'sub',
+      attributes: attributes || defaultAttributes,
+      paged: true,
+    };
+    const entries = await this.client.search(this.config.baseDN, searchOptions);
+    // Map entries to ADOU objects
+    return entries.map(mapToADOU);
+  }
+  /**
+   * Generic LDAP search
+   *
+   * Performs a low-level LDAP search with custom base DN and options.
+   */
+  async search<T>(baseDN: string, options: SearchOptions): Promise<T[]> {
+    logger.debug(`Generic LDAP search: baseDN=${baseDN}, filter=${options.filter}`);
+    // Validate filter syntax
+    if (!LDAPSanitizer.isValidFilter(options.filter)) {
+      throw new Error(`Invalid LDAP filter syntax: ${options.filter}`);
+    }
+    // Validate base DN
+    if (!LDAPSanitizer.isValidDN(baseDN)) {
+      throw new Error(`Invalid LDAP DN: ${baseDN}`);
+    }
+    const entries = await this.client.search(baseDN, options);
+    // Map to generic objects
+    return entries.map((entry) => mapToGeneric(entry) as T);
+  }
+  /**
+   * Build a safe LDAP filter
+   *
+   * Utility method to build filters with sanitization.
+   *
+   * @param attribute - Attribute name
+   * @param operator - Comparison operator
+   * @param value - Value to filter by (will be sanitized)
+   * @returns Safe LDAP filter
+   */
+  buildSafeFilter(
+    attribute: string,
+    operator: '=' | '>=' | '<=' | '~=' | '=*',
+    value: string
+  ): string {
+    return LDAPSanitizer.buildFilter(attribute, operator, value);
+  }
+  /**
+   * Build a logical filter (AND/OR/NOT)
+   *
+   * Utility method to combine multiple filters.
+   *
+   * @param operator - Logical operator
+   * @param filters - Array of filter strings
+   * @returns Combined filter
+   */
+  buildLogicalFilter(operator: '&' | '|' | '!', filters: string[]): string {
+    return LDAPSanitizer.buildLogicalFilter(operator, filters);
+  }
+}

package/src/providers/ldap/queries/computer.queries.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Predefined LDAP Computer Queries
+ * TODO: Full implementation in Story 1.5
+ */
+export const ComputerQueries = {
+  ALL_COMPUTERS: '(objectClass=computer)',
+  SERVERS: '(&(objectClass=computer)(operatingSystem=*Server*))',
+  WORKSTATIONS: '(&(objectClass=computer)(!(operatingSystem=*Server*)))',
+};

package/src/providers/ldap/queries/group.queries.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Predefined LDAP Group Queries
+ * TODO: Full implementation in Story 1.5
+ */
+export const GroupQueries = {
+  ALL_GROUPS: '(objectClass=group)',
+  SECURITY_GROUPS: '(&(objectClass=group)(groupType:1.2.840.113556.1.4.803:=2147483648))',
+  DISTRIBUTION_GROUPS: '(&(objectClass=group)(!(groupType:1.2.840.113556.1.4.803:=2147483648)))',
+};

package/src/providers/ldap/queries/user.queries.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Predefined LDAP User Queries
+ * TODO: Full implementation in Story 1.5
+ */
+export const UserQueries = {
+  ALL_USERS: '(objectClass=user)',
+  ENABLED_USERS: '(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))',
+  DISABLED_USERS: '(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))',
+  ADMIN_USERS: '(&(objectClass=user)(adminCount=1))',
+};