npm - @etcsec-com/etc-collector - Versions diffs - 1.4.0 - Mend

@etcsec-com/etc-collector 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (617) hide show

package/.env.example +60 -0
package/.env.test.example +33 -0
package/.github/workflows/ci.yml +83 -0
package/.github/workflows/release.yml +246 -0
package/.prettierrc.json +10 -0
package/CHANGELOG.md +15 -0
package/Dockerfile +57 -0
package/LICENSE +190 -0
package/README.md +194 -0
package/dist/api/controllers/audit.controller.d.ts +21 -0
package/dist/api/controllers/audit.controller.d.ts.map +1 -0
package/dist/api/controllers/audit.controller.js +179 -0
package/dist/api/controllers/audit.controller.js.map +1 -0
package/dist/api/controllers/auth.controller.d.ts +16 -0
package/dist/api/controllers/auth.controller.d.ts.map +1 -0
package/dist/api/controllers/auth.controller.js +146 -0
package/dist/api/controllers/auth.controller.js.map +1 -0
package/dist/api/controllers/export.controller.d.ts +27 -0
package/dist/api/controllers/export.controller.d.ts.map +1 -0
package/dist/api/controllers/export.controller.js +80 -0
package/dist/api/controllers/export.controller.js.map +1 -0
package/dist/api/controllers/health.controller.d.ts +5 -0
package/dist/api/controllers/health.controller.d.ts.map +1 -0
package/dist/api/controllers/health.controller.js +16 -0
package/dist/api/controllers/health.controller.js.map +1 -0
package/dist/api/controllers/jobs.controller.d.ts +13 -0
package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
package/dist/api/controllers/jobs.controller.js +125 -0
package/dist/api/controllers/jobs.controller.js.map +1 -0
package/dist/api/controllers/providers.controller.d.ts +15 -0
package/dist/api/controllers/providers.controller.d.ts.map +1 -0
package/dist/api/controllers/providers.controller.js +112 -0
package/dist/api/controllers/providers.controller.js.map +1 -0
package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
package/dist/api/dto/AuditRequest.dto.js +3 -0
package/dist/api/dto/AuditRequest.dto.js.map +1 -0
package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
package/dist/api/dto/AuditResponse.dto.js +3 -0
package/dist/api/dto/AuditResponse.dto.js.map +1 -0
package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
package/dist/api/dto/TokenRequest.dto.js +3 -0
package/dist/api/dto/TokenRequest.dto.js.map +1 -0
package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
package/dist/api/dto/TokenResponse.dto.js +3 -0
package/dist/api/dto/TokenResponse.dto.js.map +1 -0
package/dist/api/middlewares/authenticate.d.ts +12 -0
package/dist/api/middlewares/authenticate.d.ts.map +1 -0
package/dist/api/middlewares/authenticate.js +141 -0
package/dist/api/middlewares/authenticate.js.map +1 -0
package/dist/api/middlewares/errorHandler.d.ts +3 -0
package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
package/dist/api/middlewares/errorHandler.js +30 -0
package/dist/api/middlewares/errorHandler.js.map +1 -0
package/dist/api/middlewares/rateLimit.d.ts +3 -0
package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
package/dist/api/middlewares/rateLimit.js +34 -0
package/dist/api/middlewares/rateLimit.js.map +1 -0
package/dist/api/middlewares/validate.d.ts +4 -0
package/dist/api/middlewares/validate.d.ts.map +1 -0
package/dist/api/middlewares/validate.js +31 -0
package/dist/api/middlewares/validate.js.map +1 -0
package/dist/api/routes/audit.routes.d.ts +5 -0
package/dist/api/routes/audit.routes.d.ts.map +1 -0
package/dist/api/routes/audit.routes.js +24 -0
package/dist/api/routes/audit.routes.js.map +1 -0
package/dist/api/routes/auth.routes.d.ts +6 -0
package/dist/api/routes/auth.routes.d.ts.map +1 -0
package/dist/api/routes/auth.routes.js +22 -0
package/dist/api/routes/auth.routes.js.map +1 -0
package/dist/api/routes/export.routes.d.ts +5 -0
package/dist/api/routes/export.routes.d.ts.map +1 -0
package/dist/api/routes/export.routes.js +16 -0
package/dist/api/routes/export.routes.js.map +1 -0
package/dist/api/routes/health.routes.d.ts +4 -0
package/dist/api/routes/health.routes.d.ts.map +1 -0
package/dist/api/routes/health.routes.js +11 -0
package/dist/api/routes/health.routes.js.map +1 -0
package/dist/api/routes/index.d.ts +10 -0
package/dist/api/routes/index.d.ts.map +1 -0
package/dist/api/routes/index.js +20 -0
package/dist/api/routes/index.js.map +1 -0
package/dist/api/routes/providers.routes.d.ts +5 -0
package/dist/api/routes/providers.routes.d.ts.map +1 -0
package/dist/api/routes/providers.routes.js +13 -0
package/dist/api/routes/providers.routes.js.map +1 -0
package/dist/api/validators/audit.schemas.d.ts +60 -0
package/dist/api/validators/audit.schemas.d.ts.map +1 -0
package/dist/api/validators/audit.schemas.js +55 -0
package/dist/api/validators/audit.schemas.js.map +1 -0
package/dist/api/validators/auth.schemas.d.ts +17 -0
package/dist/api/validators/auth.schemas.d.ts.map +1 -0
package/dist/api/validators/auth.schemas.js +21 -0
package/dist/api/validators/auth.schemas.js.map +1 -0
package/dist/app.d.ts +3 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +62 -0
package/dist/app.js.map +1 -0
package/dist/config/config.schema.d.ts +65 -0
package/dist/config/config.schema.d.ts.map +1 -0
package/dist/config/config.schema.js +95 -0
package/dist/config/config.schema.js.map +1 -0
package/dist/config/index.d.ts +4 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +75 -0
package/dist/config/index.js.map +1 -0
package/dist/container.d.ts +47 -0
package/dist/container.d.ts.map +1 -0
package/dist/container.js +137 -0
package/dist/container.js.map +1 -0
package/dist/data/database.d.ts +13 -0
package/dist/data/database.d.ts.map +1 -0
package/dist/data/database.js +68 -0
package/dist/data/database.js.map +1 -0
package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
package/dist/data/jobs/token-cleanup.job.js +96 -0
package/dist/data/jobs/token-cleanup.job.js.map +1 -0
package/dist/data/migrations/migration.runner.d.ts +13 -0
package/dist/data/migrations/migration.runner.d.ts.map +1 -0
package/dist/data/migrations/migration.runner.js +136 -0
package/dist/data/migrations/migration.runner.js.map +1 -0
package/dist/data/models/Token.model.d.ts +30 -0
package/dist/data/models/Token.model.d.ts.map +1 -0
package/dist/data/models/Token.model.js +3 -0
package/dist/data/models/Token.model.js.map +1 -0
package/dist/data/repositories/token.repository.d.ts +16 -0
package/dist/data/repositories/token.repository.d.ts.map +1 -0
package/dist/data/repositories/token.repository.js +97 -0
package/dist/data/repositories/token.repository.js.map +1 -0
package/dist/providers/azure/auth.provider.d.ts +5 -0
package/dist/providers/azure/auth.provider.d.ts.map +1 -0
package/dist/providers/azure/auth.provider.js +13 -0
package/dist/providers/azure/auth.provider.js.map +1 -0
package/dist/providers/azure/azure-errors.d.ts +40 -0
package/dist/providers/azure/azure-errors.d.ts.map +1 -0
package/dist/providers/azure/azure-errors.js +121 -0
package/dist/providers/azure/azure-errors.js.map +1 -0
package/dist/providers/azure/azure-retry.d.ts +41 -0
package/dist/providers/azure/azure-retry.d.ts.map +1 -0
package/dist/providers/azure/azure-retry.js +85 -0
package/dist/providers/azure/azure-retry.js.map +1 -0
package/dist/providers/azure/graph-client.d.ts +26 -0
package/dist/providers/azure/graph-client.d.ts.map +1 -0
package/dist/providers/azure/graph-client.js +146 -0
package/dist/providers/azure/graph-client.js.map +1 -0
package/dist/providers/azure/graph.provider.d.ts +23 -0
package/dist/providers/azure/graph.provider.d.ts.map +1 -0
package/dist/providers/azure/graph.provider.js +161 -0
package/dist/providers/azure/graph.provider.js.map +1 -0
package/dist/providers/azure/queries/app.queries.d.ts +6 -0
package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/app.queries.js +9 -0
package/dist/providers/azure/queries/app.queries.js.map +1 -0
package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/policy.queries.js +9 -0
package/dist/providers/azure/queries/policy.queries.js.map +1 -0
package/dist/providers/azure/queries/user.queries.d.ts +7 -0
package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/user.queries.js +10 -0
package/dist/providers/azure/queries/user.queries.js.map +1 -0
package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
package/dist/providers/interfaces/IGraphProvider.js +3 -0
package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.js +3 -0
package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
package/dist/providers/ldap/acl-parser.d.ts +8 -0
package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
package/dist/providers/ldap/acl-parser.js +157 -0
package/dist/providers/ldap/acl-parser.js.map +1 -0
package/dist/providers/ldap/ad-mappers.d.ts +8 -0
package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
package/dist/providers/ldap/ad-mappers.js +162 -0
package/dist/providers/ldap/ad-mappers.js.map +1 -0
package/dist/providers/ldap/ldap-client.d.ts +33 -0
package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
package/dist/providers/ldap/ldap-client.js +195 -0
package/dist/providers/ldap/ldap-client.js.map +1 -0
package/dist/providers/ldap/ldap-errors.d.ts +48 -0
package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
package/dist/providers/ldap/ldap-errors.js +120 -0
package/dist/providers/ldap/ldap-errors.js.map +1 -0
package/dist/providers/ldap/ldap-retry.d.ts +14 -0
package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
package/dist/providers/ldap/ldap-retry.js +102 -0
package/dist/providers/ldap/ldap-retry.js.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.js +104 -0
package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
package/dist/providers/ldap/ldap.provider.d.ts +21 -0
package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
package/dist/providers/ldap/ldap.provider.js +165 -0
package/dist/providers/ldap/ldap.provider.js.map +1 -0
package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/computer.queries.js +9 -0
package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/group.queries.js +9 -0
package/dist/providers/ldap/queries/group.queries.js.map +1 -0
package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/user.queries.js +10 -0
package/dist/providers/ldap/queries/user.queries.js.map +1 -0
package/dist/providers/smb/smb.provider.d.ts +68 -0
package/dist/providers/smb/smb.provider.d.ts.map +1 -0
package/dist/providers/smb/smb.provider.js +382 -0
package/dist/providers/smb/smb.provider.js.map +1 -0
package/dist/server.d.ts +2 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +44 -0
package/dist/server.js.map +1 -0
package/dist/services/audit/ad-audit.service.d.ts +70 -0
package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
package/dist/services/audit/ad-audit.service.js +1019 -0
package/dist/services/audit/ad-audit.service.js.map +1 -0
package/dist/services/audit/attack-graph.service.d.ts +62 -0
package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
package/dist/services/audit/attack-graph.service.js +702 -0
package/dist/services/audit/attack-graph.service.js.map +1 -0
package/dist/services/audit/audit.service.d.ts +4 -0
package/dist/services/audit/audit.service.d.ts.map +1 -0
package/dist/services/audit/audit.service.js +10 -0
package/dist/services/audit/audit.service.js.map +1 -0
package/dist/services/audit/azure-audit.service.d.ts +37 -0
package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
package/dist/services/audit/azure-audit.service.js +153 -0
package/dist/services/audit/azure-audit.service.js.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/index.d.ts +15 -0
package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/index.js +51 -0
package/dist/services/audit/detectors/ad/index.js.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.js +257 -0
package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.js +235 -0
package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
package/dist/services/audit/detectors/index.d.ts +2 -0
package/dist/services/audit/detectors/index.d.ts.map +1 -0
package/dist/services/audit/detectors/index.js +38 -0
package/dist/services/audit/detectors/index.js.map +1 -0
package/dist/services/audit/response-formatter.d.ts +176 -0
package/dist/services/audit/response-formatter.d.ts.map +1 -0
package/dist/services/audit/response-formatter.js +240 -0
package/dist/services/audit/response-formatter.js.map +1 -0
package/dist/services/audit/scoring.service.d.ts +15 -0
package/dist/services/audit/scoring.service.d.ts.map +1 -0
package/dist/services/audit/scoring.service.js +139 -0
package/dist/services/audit/scoring.service.js.map +1 -0
package/dist/services/auth/crypto.service.d.ts +19 -0
package/dist/services/auth/crypto.service.d.ts.map +1 -0
package/dist/services/auth/crypto.service.js +135 -0
package/dist/services/auth/crypto.service.js.map +1 -0
package/dist/services/auth/errors.d.ts +19 -0
package/dist/services/auth/errors.d.ts.map +1 -0
package/dist/services/auth/errors.js +46 -0
package/dist/services/auth/errors.js.map +1 -0
package/dist/services/auth/token.service.d.ts +41 -0
package/dist/services/auth/token.service.d.ts.map +1 -0
package/dist/services/auth/token.service.js +208 -0
package/dist/services/auth/token.service.js.map +1 -0
package/dist/services/config/config.service.d.ts +6 -0
package/dist/services/config/config.service.d.ts.map +1 -0
package/dist/services/config/config.service.js +64 -0
package/dist/services/config/config.service.js.map +1 -0
package/dist/services/export/export.service.d.ts +28 -0
package/dist/services/export/export.service.d.ts.map +1 -0
package/dist/services/export/export.service.js +28 -0
package/dist/services/export/export.service.js.map +1 -0
package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/csv.formatter.js +46 -0
package/dist/services/export/formatters/csv.formatter.js.map +1 -0
package/dist/services/export/formatters/json.formatter.d.ts +40 -0
package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/json.formatter.js +58 -0
package/dist/services/export/formatters/json.formatter.js.map +1 -0
package/dist/services/jobs/azure-job-runner.d.ts +38 -0
package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
package/dist/services/jobs/azure-job-runner.js +199 -0
package/dist/services/jobs/azure-job-runner.js.map +1 -0
package/dist/services/jobs/index.d.ts +4 -0
package/dist/services/jobs/index.d.ts.map +1 -0
package/dist/services/jobs/index.js +20 -0
package/dist/services/jobs/index.js.map +1 -0
package/dist/services/jobs/job-runner.d.ts +64 -0
package/dist/services/jobs/job-runner.d.ts.map +1 -0
package/dist/services/jobs/job-runner.js +952 -0
package/dist/services/jobs/job-runner.js.map +1 -0
package/dist/services/jobs/job-store.d.ts +27 -0
package/dist/services/jobs/job-store.d.ts.map +1 -0
package/dist/services/jobs/job-store.js +261 -0
package/dist/services/jobs/job-store.js.map +1 -0
package/dist/services/jobs/job.types.d.ts +67 -0
package/dist/services/jobs/job.types.d.ts.map +1 -0
package/dist/services/jobs/job.types.js +36 -0
package/dist/services/jobs/job.types.js.map +1 -0
package/dist/types/ad.types.d.ts +74 -0
package/dist/types/ad.types.d.ts.map +1 -0
package/dist/types/ad.types.js +3 -0
package/dist/types/ad.types.js.map +1 -0
package/dist/types/adcs.types.d.ts +58 -0
package/dist/types/adcs.types.d.ts.map +1 -0
package/dist/types/adcs.types.js +38 -0
package/dist/types/adcs.types.js.map +1 -0
package/dist/types/attack-graph.types.d.ts +135 -0
package/dist/types/attack-graph.types.d.ts.map +1 -0
package/dist/types/attack-graph.types.js +58 -0
package/dist/types/attack-graph.types.js.map +1 -0
package/dist/types/audit.types.d.ts +34 -0
package/dist/types/audit.types.d.ts.map +1 -0
package/dist/types/audit.types.js +3 -0
package/dist/types/audit.types.js.map +1 -0
package/dist/types/azure.types.d.ts +61 -0
package/dist/types/azure.types.d.ts.map +1 -0
package/dist/types/azure.types.js +3 -0
package/dist/types/azure.types.js.map +1 -0
package/dist/types/config.types.d.ts +63 -0
package/dist/types/config.types.d.ts.map +1 -0
package/dist/types/config.types.js +3 -0
package/dist/types/config.types.js.map +1 -0
package/dist/types/error.types.d.ts +33 -0
package/dist/types/error.types.d.ts.map +1 -0
package/dist/types/error.types.js +70 -0
package/dist/types/error.types.js.map +1 -0
package/dist/types/finding.types.d.ts +133 -0
package/dist/types/finding.types.d.ts.map +1 -0
package/dist/types/finding.types.js +3 -0
package/dist/types/finding.types.js.map +1 -0
package/dist/types/gpo.types.d.ts +39 -0
package/dist/types/gpo.types.d.ts.map +1 -0
package/dist/types/gpo.types.js +15 -0
package/dist/types/gpo.types.js.map +1 -0
package/dist/types/token.types.d.ts +26 -0
package/dist/types/token.types.d.ts.map +1 -0
package/dist/types/token.types.js +3 -0
package/dist/types/token.types.js.map +1 -0
package/dist/types/trust.types.d.ts +45 -0
package/dist/types/trust.types.d.ts.map +1 -0
package/dist/types/trust.types.js +71 -0
package/dist/types/trust.types.js.map +1 -0
package/dist/utils/entity-converter.d.ts +17 -0
package/dist/utils/entity-converter.d.ts.map +1 -0
package/dist/utils/entity-converter.js +285 -0
package/dist/utils/entity-converter.js.map +1 -0
package/dist/utils/graph.util.d.ts +66 -0
package/dist/utils/graph.util.d.ts.map +1 -0
package/dist/utils/graph.util.js +382 -0
package/dist/utils/graph.util.js.map +1 -0
package/dist/utils/logger.d.ts +7 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +86 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/type-name-normalizer.d.ts +5 -0
package/dist/utils/type-name-normalizer.d.ts.map +1 -0
package/dist/utils/type-name-normalizer.js +218 -0
package/dist/utils/type-name-normalizer.js.map +1 -0
package/docker-compose.yml +26 -0
package/docs/api/README.md +178 -0
package/docs/api/openapi.yaml +1524 -0
package/eslint.config.js +54 -0
package/jest.config.js +38 -0
package/package.json +97 -0
package/scripts/fetch-ad-cert.sh +142 -0
package/src/.gitkeep +0 -0
package/src/api/.gitkeep +0 -0
package/src/api/controllers/.gitkeep +0 -0
package/src/api/controllers/audit.controller.ts +313 -0
package/src/api/controllers/auth.controller.ts +258 -0
package/src/api/controllers/export.controller.ts +153 -0
package/src/api/controllers/health.controller.ts +16 -0
package/src/api/controllers/jobs.controller.ts +187 -0
package/src/api/controllers/providers.controller.ts +165 -0
package/src/api/dto/.gitkeep +0 -0
package/src/api/dto/AuditRequest.dto.ts +8 -0
package/src/api/dto/AuditResponse.dto.ts +19 -0
package/src/api/dto/TokenRequest.dto.ts +8 -0
package/src/api/dto/TokenResponse.dto.ts +14 -0
package/src/api/middlewares/.gitkeep +0 -0
package/src/api/middlewares/authenticate.ts +203 -0
package/src/api/middlewares/errorHandler.ts +54 -0
package/src/api/middlewares/rateLimit.ts +35 -0
package/src/api/middlewares/validate.ts +32 -0
package/src/api/routes/.gitkeep +0 -0
package/src/api/routes/audit.routes.ts +77 -0
package/src/api/routes/auth.routes.ts +71 -0
package/src/api/routes/export.routes.ts +34 -0
package/src/api/routes/health.routes.ts +14 -0
package/src/api/routes/index.ts +40 -0
package/src/api/routes/providers.routes.ts +24 -0
package/src/api/validators/.gitkeep +0 -0
package/src/api/validators/audit.schemas.ts +59 -0
package/src/api/validators/auth.schemas.ts +59 -0
package/src/app.ts +87 -0
package/src/config/.gitkeep +0 -0
package/src/config/config.schema.ts +108 -0
package/src/config/index.ts +82 -0
package/src/container.ts +221 -0
package/src/data/.gitkeep +0 -0
package/src/data/database.ts +78 -0
package/src/data/jobs/token-cleanup.job.ts +166 -0
package/src/data/migrations/.gitkeep +0 -0
package/src/data/migrations/001_initial_schema.sql +47 -0
package/src/data/migrations/migration.runner.ts +125 -0
package/src/data/models/.gitkeep +0 -0
package/src/data/models/Token.model.ts +35 -0
package/src/data/repositories/.gitkeep +0 -0
package/src/data/repositories/token.repository.ts +160 -0
package/src/providers/.gitkeep +0 -0
package/src/providers/azure/.gitkeep +0 -0
package/src/providers/azure/auth.provider.ts +14 -0
package/src/providers/azure/azure-errors.ts +189 -0
package/src/providers/azure/azure-retry.ts +168 -0
package/src/providers/azure/graph-client.ts +315 -0
package/src/providers/azure/graph.provider.ts +294 -0
package/src/providers/azure/queries/app.queries.ts +9 -0
package/src/providers/azure/queries/policy.queries.ts +9 -0
package/src/providers/azure/queries/user.queries.ts +10 -0
package/src/providers/interfaces/.gitkeep +0 -0
package/src/providers/interfaces/IGraphProvider.ts +117 -0
package/src/providers/interfaces/ILDAPProvider.ts +142 -0
package/src/providers/ldap/.gitkeep +0 -0
package/src/providers/ldap/acl-parser.ts +231 -0
package/src/providers/ldap/ad-mappers.ts +280 -0
package/src/providers/ldap/ldap-client.ts +259 -0
package/src/providers/ldap/ldap-errors.ts +188 -0
package/src/providers/ldap/ldap-retry.ts +267 -0
package/src/providers/ldap/ldap-sanitizer.ts +273 -0
package/src/providers/ldap/ldap.provider.ts +293 -0
package/src/providers/ldap/queries/computer.queries.ts +9 -0
package/src/providers/ldap/queries/group.queries.ts +9 -0
package/src/providers/ldap/queries/user.queries.ts +10 -0
package/src/providers/smb/smb.provider.ts +653 -0
package/src/server.ts +60 -0
package/src/services/.gitkeep +0 -0
package/src/services/audit/.gitkeep +0 -0
package/src/services/audit/ad-audit.service.ts +1481 -0
package/src/services/audit/attack-graph.service.ts +1104 -0
package/src/services/audit/audit.service.ts +12 -0
package/src/services/audit/azure-audit.service.ts +286 -0
package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
package/src/services/audit/detectors/ad/index.ts +84 -0
package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
package/src/services/audit/detectors/ad/network.detector.ts +538 -0
package/src/services/audit/detectors/ad/password.detector.ts +324 -0
package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
package/src/services/audit/detectors/index.ts +18 -0
package/src/services/audit/response-formatter.ts +604 -0
package/src/services/audit/scoring.service.ts +234 -0
package/src/services/auth/.gitkeep +0 -0
package/src/services/auth/crypto.service.ts +230 -0
package/src/services/auth/errors.ts +47 -0
package/src/services/auth/token.service.ts +420 -0
package/src/services/config/.gitkeep +0 -0
package/src/services/config/config.service.ts +75 -0
package/src/services/export/.gitkeep +0 -0
package/src/services/export/export.service.ts +99 -0
package/src/services/export/formatters/csv.formatter.ts +124 -0
package/src/services/export/formatters/json.formatter.ts +160 -0
package/src/services/jobs/azure-job-runner.ts +312 -0
package/src/services/jobs/index.ts +9 -0
package/src/services/jobs/job-runner.ts +1280 -0
package/src/services/jobs/job-store.ts +384 -0
package/src/services/jobs/job.types.ts +182 -0
package/src/types/.gitkeep +0 -0
package/src/types/ad.types.ts +91 -0
package/src/types/adcs.types.ts +107 -0
package/src/types/attack-graph.types.ts +260 -0
package/src/types/audit.types.ts +42 -0
package/src/types/azure.types.ts +68 -0
package/src/types/config.types.ts +79 -0
package/src/types/error.types.ts +69 -0
package/src/types/finding.types.ts +284 -0
package/src/types/gpo.types.ts +72 -0
package/src/types/smb2.d.ts +73 -0
package/src/types/token.types.ts +32 -0
package/src/types/trust.types.ts +140 -0
package/src/utils/.gitkeep +0 -0
package/src/utils/entity-converter.ts +453 -0
package/src/utils/graph.util.ts +609 -0
package/src/utils/logger.ts +111 -0
package/src/utils/type-name-normalizer.ts +302 -0
package/tests/.gitkeep +0 -0
package/tests/e2e/.gitkeep +0 -0
package/tests/fixtures/.gitkeep +0 -0
package/tests/integration/.gitkeep +0 -0
package/tests/integration/README.md +156 -0
package/tests/integration/ad-audit.integration.test.ts +216 -0
package/tests/integration/api/.gitkeep +0 -0
package/tests/integration/api/endpoints.integration.test.ts +431 -0
package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
package/tests/integration/providers/.gitkeep +0 -0
package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
package/tests/mocks/.gitkeep +0 -0
package/tests/setup.ts +16 -0
package/tests/unit/.gitkeep +0 -0
package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
package/tests/unit/providers/.gitkeep +0 -0
package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
package/tests/unit/sample.test.ts +19 -0
package/tests/unit/services/.gitkeep +0 -0
package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
package/tests/unit/services/auth/crypto.service.test.ts +296 -0
package/tests/unit/services/auth/token.service.test.ts +579 -0
package/tests/unit/services/export/export.service.test.ts +241 -0
package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
package/tests/unit/utils/.gitkeep +0 -0
package/tsconfig.json +50 -0

package/src/providers/smb/smb.provider.ts ADDED Viewed

@@ -0,0 +1,653 @@
+/**
+ * SMB Provider
+ *
+ * Provides SMB2/3 access to Windows shares (SYSVOL, etc.)
+ * Used to read Group Policy files like GptTmpl.inf for Kerberos policy.
+ *
+ * Uses smbclient CLI tool for better compatibility with Windows servers.
+ */
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import { readFile as fsReadFile, unlink } from 'fs/promises';
+import { tmpdir } from 'os';
+import { join } from 'path';
+import { logger } from '../../utils/logger';
+const execAsync = promisify(exec);
+/**
+ * SMB connection configuration
+ */
+export interface SMBConfig {
+  /** Domain controller hostname or IP */
+  host: string;
+  /** SMB share name (e.g., 'SYSVOL') */
+  share: string;
+  /** Domain name */
+  domain: string;
+  /** Username for authentication */
+  username: string;
+  /** Password for authentication */
+  password: string;
+  /** Connection timeout in ms (default: 10000) */
+  timeout?: number;
+}
+/**
+ * Kerberos policy from GptTmpl.inf
+ */
+export interface KerberosPolicy {
+  maxTicketAge: number; // hours
+  maxRenewAge: number; // days
+  maxServiceAge: number; // minutes
+  maxClockSkew: number; // minutes
+  ticketValidateClient: boolean;
+}
+/**
+ * Security settings extracted from GPO files
+ */
+export interface GpoSecuritySettings {
+  /** LDAP server signing requirement: 0=none, 1=negotiate, 2=require */
+  ldapServerIntegrity?: number;
+  /** LDAP channel binding: 0=never, 1=when supported, 2=always */
+  ldapChannelBinding?: number;
+  /** SMBv1 server enabled */
+  smbv1ServerEnabled?: boolean;
+  /** SMBv1 client enabled */
+  smbv1ClientEnabled?: boolean;
+  /** SMB Server signing required (RequireSecuritySignature) */
+  smbSigningRequired?: boolean;
+  /** SMB Client signing required */
+  smbClientSigningRequired?: boolean;
+  /** Audit policies configured */
+  auditPolicies?: {
+    category: string;
+    subcategory?: string;
+    success: boolean;
+    failure: boolean;
+  }[];
+  /** PowerShell logging settings */
+  powershellLogging?: {
+    moduleLogging: boolean;
+    scriptBlockLogging: boolean;
+    transcription: boolean;
+  };
+}
+/**
+ * Default Domain Policy GUID (well-known)
+ */
+const DEFAULT_DOMAIN_POLICY_GUID = '{31B2F340-016D-11D2-945F-00C04FB984F9}';
+/**
+ * SMB Provider for reading Windows shares using smbclient
+ */
+export class SMBProvider {
+  private config: SMBConfig;
+  constructor(config: SMBConfig) {
+    this.config = {
+      timeout: 15000,
+      ...config,
+    };
+  }
+  /**
+   * Connect to SMB share (no-op for smbclient - stateless)
+   */
+  async connect(): Promise<void> {
+    logger.debug('SMB provider ready (using smbclient)', { host: this.config.host, share: this.config.share });
+  }
+  /**
+   * Disconnect from SMB share (no-op for smbclient - stateless)
+   */
+  async disconnect(): Promise<void> {
+    // No-op for smbclient
+  }
+  /**
+   * Build smbclient command base (without the -c command part)
+   */
+  private buildSmbCommand(): string {
+    const { host, share, domain, username, password } = this.config;
+    // smbclient //server/share -U domain\user%password -c "command"
+    // Escape special characters in password
+    const escapedPassword = password.replace(/'/g, "'\\''");
+    return `smbclient '//${host}/${share}' -U '${domain}\\${username}%${escapedPassword}' -c`;
+  }
+  /**
+   * Read a file from the SMB share using smbclient
+   */
+  async readFile(path: string): Promise<string> {
+    const timeout = this.config.timeout || 15000;
+    const tempFile = join(tmpdir(), `smb_${Date.now()}_${Math.random().toString(36).substring(7)}`);
+    // Convert Windows path to SMB path format
+    const smbPath = path.replace(/\\/g, '/');
+    const cmd = `${this.buildSmbCommand()} 'get "${smbPath}" "${tempFile}"'`;
+    try {
+      logger.debug('SMB readFile', { path: smbPath, tempFile });
+      await execAsync(cmd, { timeout });
+      const content = await fsReadFile(tempFile, 'utf8');
+      // Cleanup temp file
+      try {
+        await unlink(tempFile);
+      } catch {
+        // Ignore cleanup errors
+      }
+      return content;
+    } catch (error) {
+      // Cleanup temp file on error
+      try {
+        await unlink(tempFile);
+      } catch {
+        // Ignore cleanup errors
+      }
+      const message = error instanceof Error ? error.message : 'Unknown error';
+      logger.debug('SMB readFile failed', { path: smbPath, error: message });
+      throw new Error(`SMB readFile failed: ${message}`);
+    }
+  }
+  /**
+   * Read a binary file from the SMB share
+   */
+  async readBinaryFile(path: string): Promise<Buffer> {
+    const timeout = this.config.timeout || 15000;
+    const tempFile = join(tmpdir(), `smb_${Date.now()}_${Math.random().toString(36).substring(7)}`);
+    // Convert Windows path to SMB path format
+    const smbPath = path.replace(/\\/g, '/');
+    const cmd = `${this.buildSmbCommand()} 'get "${smbPath}" "${tempFile}"'`;
+    try {
+      await execAsync(cmd, { timeout });
+      const content = await fsReadFile(tempFile);
+      // Cleanup temp file
+      try {
+        await unlink(tempFile);
+      } catch {
+        // Ignore cleanup errors
+      }
+      return content;
+    } catch (error) {
+      // Cleanup temp file on error
+      try {
+        await unlink(tempFile);
+      } catch {
+        // Ignore cleanup errors
+      }
+      throw error;
+    }
+  }
+  /**
+   * Check if a file exists on the SMB share
+   */
+  async exists(path: string): Promise<boolean> {
+    const timeout = this.config.timeout || 15000;
+    // Convert Windows path to SMB path format
+    const smbPath = path.replace(/\\/g, '/');
+    // Use 'ls' command to check if file exists
+    // Extract directory and filename
+    const lastSlash = smbPath.lastIndexOf('/');
+    const dir = lastSlash > 0 ? smbPath.substring(0, lastSlash) : '';
+    const filename = lastSlash > 0 ? smbPath.substring(lastSlash + 1) : smbPath;
+    const cmd = `${this.buildSmbCommand()} 'cd "${dir}"; ls "${filename}"'`;
+    try {
+      logger.debug('SMB exists check', { path: smbPath, dir, filename });
+      const { stdout } = await execAsync(cmd, { timeout });
+      // If we get output and it contains the filename, the file exists
+      const exists = stdout.includes(filename);
+      logger.debug('SMB exists result', { path: smbPath, exists });
+      return exists;
+    } catch (error) {
+      const message = error instanceof Error ? error.message : 'Unknown error';
+      logger.debug('SMB exists check failed (file likely does not exist)', { path: smbPath, error: message });
+      return false;
+    }
+  }
+  /**
+   * Read Kerberos policy from Default Domain Policy GPO
+   */
+  async readKerberosPolicy(domainDnsName: string): Promise<KerberosPolicy | null> {
+    const gptTmplPath = `${domainDnsName}/Policies/${DEFAULT_DOMAIN_POLICY_GUID}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf`;
+    try {
+      logger.debug('Reading GptTmpl.inf for Kerberos policy', { path: gptTmplPath });
+      const exists = await this.exists(gptTmplPath);
+      if (!exists) {
+        logger.warn('GptTmpl.inf not found', { path: gptTmplPath });
+        return null;
+      }
+      const content = await this.readFile(gptTmplPath);
+      return this.parseKerberosPolicy(content);
+    } catch (error) {
+      logger.warn('Failed to read Kerberos policy from SYSVOL', { error, path: gptTmplPath });
+      return null;
+    }
+  }
+  /**
+   * Parse Kerberos policy from GptTmpl.inf content
+   */
+  private parseKerberosPolicy(content: string): KerberosPolicy {
+    const policy: KerberosPolicy = {
+      maxTicketAge: 10, // Default: 10 hours
+      maxRenewAge: 7, // Default: 7 days
+      maxServiceAge: 600, // Default: 600 minutes
+      maxClockSkew: 5, // Default: 5 minutes
+      ticketValidateClient: true,
+    };
+    // Find [Kerberos Policy] section
+    const lines = content.split(/\r?\n/);
+    let inKerberosSection = false;
+    for (const line of lines) {
+      const trimmedLine = line.trim();
+      // Check for section headers
+      if (trimmedLine.startsWith('[')) {
+        inKerberosSection = trimmedLine.toLowerCase() === '[kerberos policy]';
+        continue;
+      }
+      if (!inKerberosSection) continue;
+      // Parse key=value pairs
+      const match = trimmedLine.match(/^(\w+)\s*=\s*(.+)$/);
+      if (!match || !match[1] || !match[2]) continue;
+      const key = match[1];
+      const value = match[2];
+      const numValue = parseInt(value, 10);
+      switch (key.toLowerCase()) {
+        case 'maxticketage':
+          policy.maxTicketAge = numValue;
+          break;
+        case 'maxrenewage':
+          policy.maxRenewAge = numValue;
+          break;
+        case 'maxserviceage':
+          policy.maxServiceAge = numValue;
+          break;
+        case 'maxclockskew':
+          policy.maxClockSkew = numValue;
+          break;
+        case 'ticketvalidateclient':
+          policy.ticketValidateClient = numValue === 1;
+          break;
+      }
+    }
+    return policy;
+  }
+  /**
+   * Read GPO security settings from Default Domain Controllers Policy
+   * Reads GptTmpl.inf [Registry Values] section for LDAP signing, SMBv1, etc.
+   */
+  async readGpoSecuritySettings(domainDnsName: string): Promise<GpoSecuritySettings | null> {
+    // Default Domain Controllers Policy GUID
+    const DC_POLICY_GUID = '{6AC1786C-016F-11D2-945F-00C04FB984F9}';
+    const gptTmplPath = `${domainDnsName}/Policies/${DC_POLICY_GUID}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf`;
+    const settings: GpoSecuritySettings = {};
+    try {
+      // Read GptTmpl.inf for registry values from DC Policy
+      logger.debug('Reading GPO security settings', { path: gptTmplPath });
+      const dcPolicyExists = await this.exists(gptTmplPath);
+      if (dcPolicyExists) {
+        const content = await this.readFile(gptTmplPath);
+        this.parseRegistryValues(content, settings);
+        logger.debug('Parsed DC Policy GptTmpl.inf', { settings });
+      }
+      // Also check Default Domain Policy for additional settings
+      const domainPolicyPath = `${domainDnsName}/Policies/${DEFAULT_DOMAIN_POLICY_GUID}/Machine/Microsoft/Windows NT/SecEdit/GptTmpl.inf`;
+      const domainPolicyExists = await this.exists(domainPolicyPath);
+      if (domainPolicyExists) {
+        const domainContent = await this.readFile(domainPolicyPath);
+        this.parseRegistryValues(domainContent, settings);
+        logger.debug('Parsed Domain Policy GptTmpl.inf', { settings });
+      }
+      // Try to read audit.csv for audit policy
+      await this.readAuditPolicy(domainDnsName, DC_POLICY_GUID, settings);
+      // Try to read registry.pol for PowerShell logging
+      await this.readPowerShellLogging(domainDnsName, DC_POLICY_GUID, settings);
+      logger.info('Successfully fetched GPO security settings', {
+        hasLdapSigning: settings.ldapServerIntegrity !== undefined,
+        hasSmbSigning: settings.smbSigningRequired !== undefined,
+        hasAuditPolicy: settings.auditPolicies !== undefined,
+        hasPsLogging: settings.powershellLogging !== undefined,
+      });
+      return settings;
+    } catch (error) {
+      logger.warn('Failed to read GPO security settings', { error });
+      return null;
+    }
+  }
+  /**
+   * Parse [Registry Values] section from GptTmpl.inf
+   */
+  private parseRegistryValues(content: string, settings: GpoSecuritySettings): void {
+    const lines = content.split(/\r?\n/);
+    let inRegistrySection = false;
+    for (const line of lines) {
+      const trimmedLine = line.trim();
+      // Check for section headers
+      if (trimmedLine.startsWith('[')) {
+        inRegistrySection = trimmedLine.toLowerCase() === '[registry values]';
+        continue;
+      }
+      if (!inRegistrySection) continue;
+      // Registry format: MACHINE\path\to\key=type,value
+      // Example: MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity=4,2
+      const match = trimmedLine.match(/^MACHINE\\(.+?)=(\d+),(.+)$/i);
+      if (!match || !match[1] || !match[3]) continue;
+      const keyPath = match[1].toLowerCase();
+      const value = match[3];
+      // LDAP Server Signing
+      if (keyPath.includes('ntds\\parameters\\ldapserverintegrity')) {
+        settings.ldapServerIntegrity = parseInt(value, 10);
+      }
+      // LDAP Channel Binding
+      if (keyPath.includes('ntds\\parameters\\ldapenforcechannelbinding')) {
+        settings.ldapChannelBinding = parseInt(value, 10);
+      }
+      // SMBv1 Server
+      if (keyPath.includes('lanmanserver\\parameters\\smb1')) {
+        settings.smbv1ServerEnabled = value === '1';
+      }
+      // SMBv1 Client (LanmanWorkstation)
+      if (keyPath.includes('lanmanworkstation\\parameters\\smb1')) {
+        settings.smbv1ClientEnabled = value === '1';
+      }
+      // Alternative SMBv1 check via MrxSmb10
+      if (keyPath.includes('mrxsmb10\\start')) {
+        // Start=4 means disabled, anything else means enabled
+        settings.smbv1ClientEnabled = value !== '4';
+      }
+      // SMB Server Signing (RequireSecuritySignature)
+      // MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1
+      if (keyPath.includes('lanmanserver\\parameters\\requiresecuritysignature')) {
+        settings.smbSigningRequired = value === '1';
+      }
+      // SMB Client Signing (RequireSecuritySignature)
+      // MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters\RequireSecuritySignature=4,1
+      if (keyPath.includes('lanmanworkstation\\parameters\\requiresecuritysignature')) {
+        settings.smbClientSigningRequired = value === '1';
+      }
+    }
+  }
+  /**
+   * Read audit policy from audit.csv
+   */
+  private async readAuditPolicy(
+    domainDnsName: string,
+    gpoGuid: string,
+    settings: GpoSecuritySettings
+  ): Promise<void> {
+    const auditPath = `${domainDnsName}/Policies/${gpoGuid}/Machine/Microsoft/Windows NT/Audit/audit.csv`;
+    try {
+      const exists = await this.exists(auditPath);
+      if (!exists) return;
+      const content = await this.readFile(auditPath);
+      settings.auditPolicies = this.parseAuditCsv(content);
+    } catch (error) {
+      logger.debug('Failed to read audit.csv', { error });
+    }
+  }
+  /**
+   * Parse audit.csv content
+   * Format: Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting,Setting Value
+   */
+  private parseAuditCsv(content: string): GpoSecuritySettings['auditPolicies'] {
+    const policies: NonNullable<GpoSecuritySettings['auditPolicies']> = [];
+    const lines = content.split(/\r?\n/);
+    // Skip header line
+    for (let i = 1; i < lines.length; i++) {
+      const line = lines[i];
+      if (!line) continue;
+      const trimmedLine = line.trim();
+      if (!trimmedLine) continue;
+      // CSV parsing (simple - assumes no commas in values)
+      const parts = trimmedLine.split(',');
+      if (parts.length < 7) continue;
+      const subcategory = parts[2];
+      const settingValue = parts[6];
+      if (!subcategory || !settingValue) continue;
+      // Setting values: 0=No Auditing, 1=Success, 2=Failure, 3=Success and Failure
+      const value = parseInt(settingValue, 10);
+      // Map subcategories to categories
+      const category = this.getAuditCategory(subcategory);
+      policies.push({
+        category,
+        subcategory,
+        success: (value & 1) !== 0,
+        failure: (value & 2) !== 0,
+      });
+    }
+    return policies;
+  }
+  /**
+   * Map audit subcategory to category
+   */
+  private getAuditCategory(subcategory: string): string {
+    const categoryMap: Record<string, string> = {
+      'Credential Validation': 'Account Logon',
+      'Kerberos Authentication Service': 'Account Logon',
+      'Kerberos Service Ticket Operations': 'Account Logon',
+      'Computer Account Management': 'Account Management',
+      'Security Group Management': 'Account Management',
+      'User Account Management': 'Account Management',
+      'Logon': 'Logon/Logoff',
+      'Logoff': 'Logon/Logoff',
+      'Special Logon': 'Logon/Logoff',
+      'File System': 'Object Access',
+      'Registry': 'Object Access',
+      'Kernel Object': 'Object Access',
+      'Audit Policy Change': 'Policy Change',
+      'Authentication Policy Change': 'Policy Change',
+      'Sensitive Privilege Use': 'Privilege Use',
+      'Security State Change': 'System',
+      'Security System Extension': 'System',
+      'System Integrity': 'System',
+    };
+    for (const [sub, cat] of Object.entries(categoryMap)) {
+      if (subcategory.toLowerCase().includes(sub.toLowerCase())) {
+        return cat;
+      }
+    }
+    return 'Other';
+  }
+  /**
+   * Read PowerShell logging settings from registry.pol
+   * Note: registry.pol is a binary format, this is a simplified implementation
+   */
+  private async readPowerShellLogging(
+    domainDnsName: string,
+    gpoGuid: string,
+    settings: GpoSecuritySettings
+  ): Promise<void> {
+    const registryPolPath = `${domainDnsName}/Policies/${gpoGuid}/Machine/Registry.pol`;
+    try {
+      const exists = await this.exists(registryPolPath);
+      if (!exists) return;
+      // Registry.pol is a binary format
+      // For simplicity, we read as buffer and search for known strings
+      const content = await this.readBinaryFile(registryPolPath);
+      settings.powershellLogging = this.parsePowerShellLogging(content);
+    } catch (error) {
+      logger.debug('Failed to read registry.pol', { error });
+    }
+  }
+  /**
+   * Parse PowerShell logging settings from registry.pol binary content
+   * Registry.pol format: PReg header + entries
+   * Each entry: [key;value;type;size;data]
+   */
+  private parsePowerShellLogging(content: Buffer): GpoSecuritySettings['powershellLogging'] {
+    const result = {
+      moduleLogging: false,
+      scriptBlockLogging: false,
+      transcription: false,
+    };
+    try {
+      // Convert to string for simple pattern matching
+      // This is a simplified approach - proper parsing would use the binary format
+      const textContent = content.toString('utf16le');
+      // Look for PowerShell logging registry keys
+      // ScriptBlockLogging: Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging\EnableScriptBlockLogging
+      // ModuleLogging: Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging\EnableModuleLogging
+      // Transcription: Software\Policies\Microsoft\Windows\PowerShell\Transcription\EnableTranscripting
+      if (textContent.includes('EnableScriptBlockLogging') && textContent.includes('\x01\x00\x00\x00')) {
+        result.scriptBlockLogging = true;
+      }
+      if (textContent.includes('EnableModuleLogging') && textContent.includes('\x01\x00\x00\x00')) {
+        result.moduleLogging = true;
+      }
+      if (textContent.includes('EnableTranscripting') && textContent.includes('\x01\x00\x00\x00')) {
+        result.transcription = true;
+      }
+    } catch (error) {
+      logger.debug('Failed to parse registry.pol', { error });
+    }
+    return result;
+  }
+  /**
+   * Test SMB connection using smbclient
+   */
+  async testConnection(): Promise<{ success: boolean; message: string }> {
+    const timeout = this.config.timeout || 15000;
+    const cmd = `${this.buildSmbCommand()} 'ls'`;
+    try {
+      await execAsync(cmd, { timeout });
+      return {
+        success: true,
+        message: 'SMB connection successful',
+      };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : 'Unknown error';
+      return {
+        success: false,
+        message: `SMB connection failed: ${message}`,
+      };
+    }
+  }
+}
+/**
+ * Formatted Kerberos policy with isDefault flag
+ */
+export interface FormattedKerberosPolicy {
+  maxTicketAge: string;
+  maxRenewAge: string;
+  maxServiceAge: string;
+  maxClockSkew: string;
+  ticketValidateClient: boolean;
+  isDefault: boolean;
+}
+/**
+ * Format Kerberos policy values to human-readable strings
+ */
+export function formatKerberosPolicy(policy: KerberosPolicy, isDefault = false): FormattedKerberosPolicy {
+  return {
+    maxTicketAge: `${policy.maxTicketAge} hours`,
+    maxRenewAge: `${policy.maxRenewAge} days`,
+    maxServiceAge: `${policy.maxServiceAge} min`,
+    maxClockSkew: `${policy.maxClockSkew} min`,
+    ticketValidateClient: policy.ticketValidateClient,
+    isDefault,
+  };
+}
+/**
+ * Get Windows default Kerberos policy values
+ * These are the defaults when no GPO customization is applied
+ */
+export function getDefaultKerberosPolicy(): FormattedKerberosPolicy {
+  return {
+    maxTicketAge: '10 hours',
+    maxRenewAge: '7 days',
+    maxServiceAge: '600 min',
+    maxClockSkew: '5 min',
+    ticketValidateClient: true,
+    isDefault: true,
+  };
+}

package/src/server.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import { createApp } from './app';
+import { getConfig } from './config';
+import { logInfo, logError } from './utils/logger';
+import { MigrationRunner } from './data/migrations/migration.runner';
+import { DIContainer } from './container';
+import { version } from '../package.json';
+/**
+ * Server Entry Point
+ * Bootstraps the application and starts the HTTP server
+ */
+async function startServer(): Promise<void> {
+  try {
+    // Load configuration
+    const config = getConfig();
+    logInfo('Configuration loaded successfully', {
+      port: config.server.port,
+      nodeEnv: config.server.nodeEnv,
+    });
+    // Run database migrations
+    await MigrationRunner.runMigrations(config.database.path);
+    logInfo('Database migrations completed');
+    // Initialize dependency injection container
+    await DIContainer.initialize();
+    logInfo('DI container initialized');
+    // Create Express app
+    const app = createApp();
+    // Start HTTP server
+    const server = app.listen(config.server.port, () => {
+      logInfo('Server started successfully', {
+        port: config.server.port,
+        nodeEnv: config.server.nodeEnv,
+        version,
+      });
+    });
+    // Graceful shutdown
+    const shutdown = (): void => {
+      logInfo('Shutdown signal received, closing server...');
+      server.close(() => {
+        logInfo('Server closed successfully');
+        process.exit(0);
+      });
+    };
+    process.on('SIGTERM', shutdown);
+    process.on('SIGINT', shutdown);
+  } catch (error) {
+    logError('Failed to start server', error as Error);
+    process.exit(1);
+  }
+}
+// Start the server
+void startServer();

package/src/services/.gitkeep ADDED Viewed

File without changes