@etcsec-com/etc-collector 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +60 -0
- package/.env.test.example +33 -0
- package/.github/workflows/ci.yml +83 -0
- package/.github/workflows/release.yml +246 -0
- package/.prettierrc.json +10 -0
- package/CHANGELOG.md +15 -0
- package/Dockerfile +57 -0
- package/LICENSE +190 -0
- package/README.md +194 -0
- package/dist/api/controllers/audit.controller.d.ts +21 -0
- package/dist/api/controllers/audit.controller.d.ts.map +1 -0
- package/dist/api/controllers/audit.controller.js +179 -0
- package/dist/api/controllers/audit.controller.js.map +1 -0
- package/dist/api/controllers/auth.controller.d.ts +16 -0
- package/dist/api/controllers/auth.controller.d.ts.map +1 -0
- package/dist/api/controllers/auth.controller.js +146 -0
- package/dist/api/controllers/auth.controller.js.map +1 -0
- package/dist/api/controllers/export.controller.d.ts +27 -0
- package/dist/api/controllers/export.controller.d.ts.map +1 -0
- package/dist/api/controllers/export.controller.js +80 -0
- package/dist/api/controllers/export.controller.js.map +1 -0
- package/dist/api/controllers/health.controller.d.ts +5 -0
- package/dist/api/controllers/health.controller.d.ts.map +1 -0
- package/dist/api/controllers/health.controller.js +16 -0
- package/dist/api/controllers/health.controller.js.map +1 -0
- package/dist/api/controllers/jobs.controller.d.ts +13 -0
- package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
- package/dist/api/controllers/jobs.controller.js +125 -0
- package/dist/api/controllers/jobs.controller.js.map +1 -0
- package/dist/api/controllers/providers.controller.d.ts +15 -0
- package/dist/api/controllers/providers.controller.d.ts.map +1 -0
- package/dist/api/controllers/providers.controller.js +112 -0
- package/dist/api/controllers/providers.controller.js.map +1 -0
- package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
- package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
- package/dist/api/dto/AuditRequest.dto.js +3 -0
- package/dist/api/dto/AuditRequest.dto.js.map +1 -0
- package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
- package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
- package/dist/api/dto/AuditResponse.dto.js +3 -0
- package/dist/api/dto/AuditResponse.dto.js.map +1 -0
- package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
- package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
- package/dist/api/dto/TokenRequest.dto.js +3 -0
- package/dist/api/dto/TokenRequest.dto.js.map +1 -0
- package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
- package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
- package/dist/api/dto/TokenResponse.dto.js +3 -0
- package/dist/api/dto/TokenResponse.dto.js.map +1 -0
- package/dist/api/middlewares/authenticate.d.ts +12 -0
- package/dist/api/middlewares/authenticate.d.ts.map +1 -0
- package/dist/api/middlewares/authenticate.js +141 -0
- package/dist/api/middlewares/authenticate.js.map +1 -0
- package/dist/api/middlewares/errorHandler.d.ts +3 -0
- package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
- package/dist/api/middlewares/errorHandler.js +30 -0
- package/dist/api/middlewares/errorHandler.js.map +1 -0
- package/dist/api/middlewares/rateLimit.d.ts +3 -0
- package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
- package/dist/api/middlewares/rateLimit.js +34 -0
- package/dist/api/middlewares/rateLimit.js.map +1 -0
- package/dist/api/middlewares/validate.d.ts +4 -0
- package/dist/api/middlewares/validate.d.ts.map +1 -0
- package/dist/api/middlewares/validate.js +31 -0
- package/dist/api/middlewares/validate.js.map +1 -0
- package/dist/api/routes/audit.routes.d.ts +5 -0
- package/dist/api/routes/audit.routes.d.ts.map +1 -0
- package/dist/api/routes/audit.routes.js +24 -0
- package/dist/api/routes/audit.routes.js.map +1 -0
- package/dist/api/routes/auth.routes.d.ts +6 -0
- package/dist/api/routes/auth.routes.d.ts.map +1 -0
- package/dist/api/routes/auth.routes.js +22 -0
- package/dist/api/routes/auth.routes.js.map +1 -0
- package/dist/api/routes/export.routes.d.ts +5 -0
- package/dist/api/routes/export.routes.d.ts.map +1 -0
- package/dist/api/routes/export.routes.js +16 -0
- package/dist/api/routes/export.routes.js.map +1 -0
- package/dist/api/routes/health.routes.d.ts +4 -0
- package/dist/api/routes/health.routes.d.ts.map +1 -0
- package/dist/api/routes/health.routes.js +11 -0
- package/dist/api/routes/health.routes.js.map +1 -0
- package/dist/api/routes/index.d.ts +10 -0
- package/dist/api/routes/index.d.ts.map +1 -0
- package/dist/api/routes/index.js +20 -0
- package/dist/api/routes/index.js.map +1 -0
- package/dist/api/routes/providers.routes.d.ts +5 -0
- package/dist/api/routes/providers.routes.d.ts.map +1 -0
- package/dist/api/routes/providers.routes.js +13 -0
- package/dist/api/routes/providers.routes.js.map +1 -0
- package/dist/api/validators/audit.schemas.d.ts +60 -0
- package/dist/api/validators/audit.schemas.d.ts.map +1 -0
- package/dist/api/validators/audit.schemas.js +55 -0
- package/dist/api/validators/audit.schemas.js.map +1 -0
- package/dist/api/validators/auth.schemas.d.ts +17 -0
- package/dist/api/validators/auth.schemas.d.ts.map +1 -0
- package/dist/api/validators/auth.schemas.js +21 -0
- package/dist/api/validators/auth.schemas.js.map +1 -0
- package/dist/app.d.ts +3 -0
- package/dist/app.d.ts.map +1 -0
- package/dist/app.js +62 -0
- package/dist/app.js.map +1 -0
- package/dist/config/config.schema.d.ts +65 -0
- package/dist/config/config.schema.d.ts.map +1 -0
- package/dist/config/config.schema.js +95 -0
- package/dist/config/config.schema.js.map +1 -0
- package/dist/config/index.d.ts +4 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +75 -0
- package/dist/config/index.js.map +1 -0
- package/dist/container.d.ts +47 -0
- package/dist/container.d.ts.map +1 -0
- package/dist/container.js +137 -0
- package/dist/container.js.map +1 -0
- package/dist/data/database.d.ts +13 -0
- package/dist/data/database.d.ts.map +1 -0
- package/dist/data/database.js +68 -0
- package/dist/data/database.js.map +1 -0
- package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
- package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
- package/dist/data/jobs/token-cleanup.job.js +96 -0
- package/dist/data/jobs/token-cleanup.job.js.map +1 -0
- package/dist/data/migrations/migration.runner.d.ts +13 -0
- package/dist/data/migrations/migration.runner.d.ts.map +1 -0
- package/dist/data/migrations/migration.runner.js +136 -0
- package/dist/data/migrations/migration.runner.js.map +1 -0
- package/dist/data/models/Token.model.d.ts +30 -0
- package/dist/data/models/Token.model.d.ts.map +1 -0
- package/dist/data/models/Token.model.js +3 -0
- package/dist/data/models/Token.model.js.map +1 -0
- package/dist/data/repositories/token.repository.d.ts +16 -0
- package/dist/data/repositories/token.repository.d.ts.map +1 -0
- package/dist/data/repositories/token.repository.js +97 -0
- package/dist/data/repositories/token.repository.js.map +1 -0
- package/dist/providers/azure/auth.provider.d.ts +5 -0
- package/dist/providers/azure/auth.provider.d.ts.map +1 -0
- package/dist/providers/azure/auth.provider.js +13 -0
- package/dist/providers/azure/auth.provider.js.map +1 -0
- package/dist/providers/azure/azure-errors.d.ts +40 -0
- package/dist/providers/azure/azure-errors.d.ts.map +1 -0
- package/dist/providers/azure/azure-errors.js +121 -0
- package/dist/providers/azure/azure-errors.js.map +1 -0
- package/dist/providers/azure/azure-retry.d.ts +41 -0
- package/dist/providers/azure/azure-retry.d.ts.map +1 -0
- package/dist/providers/azure/azure-retry.js +85 -0
- package/dist/providers/azure/azure-retry.js.map +1 -0
- package/dist/providers/azure/graph-client.d.ts +26 -0
- package/dist/providers/azure/graph-client.d.ts.map +1 -0
- package/dist/providers/azure/graph-client.js +146 -0
- package/dist/providers/azure/graph-client.js.map +1 -0
- package/dist/providers/azure/graph.provider.d.ts +23 -0
- package/dist/providers/azure/graph.provider.d.ts.map +1 -0
- package/dist/providers/azure/graph.provider.js +161 -0
- package/dist/providers/azure/graph.provider.js.map +1 -0
- package/dist/providers/azure/queries/app.queries.d.ts +6 -0
- package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/app.queries.js +9 -0
- package/dist/providers/azure/queries/app.queries.js.map +1 -0
- package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
- package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/policy.queries.js +9 -0
- package/dist/providers/azure/queries/policy.queries.js.map +1 -0
- package/dist/providers/azure/queries/user.queries.d.ts +7 -0
- package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
- package/dist/providers/azure/queries/user.queries.js +10 -0
- package/dist/providers/azure/queries/user.queries.js.map +1 -0
- package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
- package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
- package/dist/providers/interfaces/IGraphProvider.js +3 -0
- package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
- package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
- package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
- package/dist/providers/interfaces/ILDAPProvider.js +3 -0
- package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
- package/dist/providers/ldap/acl-parser.d.ts +8 -0
- package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
- package/dist/providers/ldap/acl-parser.js +157 -0
- package/dist/providers/ldap/acl-parser.js.map +1 -0
- package/dist/providers/ldap/ad-mappers.d.ts +8 -0
- package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
- package/dist/providers/ldap/ad-mappers.js +162 -0
- package/dist/providers/ldap/ad-mappers.js.map +1 -0
- package/dist/providers/ldap/ldap-client.d.ts +33 -0
- package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-client.js +195 -0
- package/dist/providers/ldap/ldap-client.js.map +1 -0
- package/dist/providers/ldap/ldap-errors.d.ts +48 -0
- package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-errors.js +120 -0
- package/dist/providers/ldap/ldap-errors.js.map +1 -0
- package/dist/providers/ldap/ldap-retry.d.ts +14 -0
- package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-retry.js +102 -0
- package/dist/providers/ldap/ldap-retry.js.map +1 -0
- package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
- package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
- package/dist/providers/ldap/ldap-sanitizer.js +104 -0
- package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
- package/dist/providers/ldap/ldap.provider.d.ts +21 -0
- package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
- package/dist/providers/ldap/ldap.provider.js +165 -0
- package/dist/providers/ldap/ldap.provider.js.map +1 -0
- package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
- package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/computer.queries.js +9 -0
- package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
- package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
- package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/group.queries.js +9 -0
- package/dist/providers/ldap/queries/group.queries.js.map +1 -0
- package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
- package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
- package/dist/providers/ldap/queries/user.queries.js +10 -0
- package/dist/providers/ldap/queries/user.queries.js.map +1 -0
- package/dist/providers/smb/smb.provider.d.ts +68 -0
- package/dist/providers/smb/smb.provider.d.ts.map +1 -0
- package/dist/providers/smb/smb.provider.js +382 -0
- package/dist/providers/smb/smb.provider.js.map +1 -0
- package/dist/server.d.ts +2 -0
- package/dist/server.d.ts.map +1 -0
- package/dist/server.js +44 -0
- package/dist/server.js.map +1 -0
- package/dist/services/audit/ad-audit.service.d.ts +70 -0
- package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
- package/dist/services/audit/ad-audit.service.js +1019 -0
- package/dist/services/audit/ad-audit.service.js.map +1 -0
- package/dist/services/audit/attack-graph.service.d.ts +62 -0
- package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
- package/dist/services/audit/attack-graph.service.js +702 -0
- package/dist/services/audit/attack-graph.service.js.map +1 -0
- package/dist/services/audit/audit.service.d.ts +4 -0
- package/dist/services/audit/audit.service.d.ts.map +1 -0
- package/dist/services/audit/audit.service.js +10 -0
- package/dist/services/audit/audit.service.js.map +1 -0
- package/dist/services/audit/azure-audit.service.d.ts +37 -0
- package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
- package/dist/services/audit/azure-audit.service.js +153 -0
- package/dist/services/audit/azure-audit.service.js.map +1 -0
- package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
- package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
- package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
- package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
- package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
- package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
- package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
- package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
- package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
- package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
- package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
- package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
- package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
- package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
- package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
- package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/index.d.ts +15 -0
- package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/index.js +51 -0
- package/dist/services/audit/detectors/ad/index.js.map +1 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
- package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
- package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
- package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/network.detector.js +257 -0
- package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
- package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/password.detector.js +235 -0
- package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
- package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
- package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
- package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
- package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
- package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
- package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
- package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
- package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
- package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
- package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
- package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
- package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
- package/dist/services/audit/detectors/index.d.ts +2 -0
- package/dist/services/audit/detectors/index.d.ts.map +1 -0
- package/dist/services/audit/detectors/index.js +38 -0
- package/dist/services/audit/detectors/index.js.map +1 -0
- package/dist/services/audit/response-formatter.d.ts +176 -0
- package/dist/services/audit/response-formatter.d.ts.map +1 -0
- package/dist/services/audit/response-formatter.js +240 -0
- package/dist/services/audit/response-formatter.js.map +1 -0
- package/dist/services/audit/scoring.service.d.ts +15 -0
- package/dist/services/audit/scoring.service.d.ts.map +1 -0
- package/dist/services/audit/scoring.service.js +139 -0
- package/dist/services/audit/scoring.service.js.map +1 -0
- package/dist/services/auth/crypto.service.d.ts +19 -0
- package/dist/services/auth/crypto.service.d.ts.map +1 -0
- package/dist/services/auth/crypto.service.js +135 -0
- package/dist/services/auth/crypto.service.js.map +1 -0
- package/dist/services/auth/errors.d.ts +19 -0
- package/dist/services/auth/errors.d.ts.map +1 -0
- package/dist/services/auth/errors.js +46 -0
- package/dist/services/auth/errors.js.map +1 -0
- package/dist/services/auth/token.service.d.ts +41 -0
- package/dist/services/auth/token.service.d.ts.map +1 -0
- package/dist/services/auth/token.service.js +208 -0
- package/dist/services/auth/token.service.js.map +1 -0
- package/dist/services/config/config.service.d.ts +6 -0
- package/dist/services/config/config.service.d.ts.map +1 -0
- package/dist/services/config/config.service.js +64 -0
- package/dist/services/config/config.service.js.map +1 -0
- package/dist/services/export/export.service.d.ts +28 -0
- package/dist/services/export/export.service.d.ts.map +1 -0
- package/dist/services/export/export.service.js +28 -0
- package/dist/services/export/export.service.js.map +1 -0
- package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
- package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
- package/dist/services/export/formatters/csv.formatter.js +46 -0
- package/dist/services/export/formatters/csv.formatter.js.map +1 -0
- package/dist/services/export/formatters/json.formatter.d.ts +40 -0
- package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
- package/dist/services/export/formatters/json.formatter.js +58 -0
- package/dist/services/export/formatters/json.formatter.js.map +1 -0
- package/dist/services/jobs/azure-job-runner.d.ts +38 -0
- package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
- package/dist/services/jobs/azure-job-runner.js +199 -0
- package/dist/services/jobs/azure-job-runner.js.map +1 -0
- package/dist/services/jobs/index.d.ts +4 -0
- package/dist/services/jobs/index.d.ts.map +1 -0
- package/dist/services/jobs/index.js +20 -0
- package/dist/services/jobs/index.js.map +1 -0
- package/dist/services/jobs/job-runner.d.ts +64 -0
- package/dist/services/jobs/job-runner.d.ts.map +1 -0
- package/dist/services/jobs/job-runner.js +952 -0
- package/dist/services/jobs/job-runner.js.map +1 -0
- package/dist/services/jobs/job-store.d.ts +27 -0
- package/dist/services/jobs/job-store.d.ts.map +1 -0
- package/dist/services/jobs/job-store.js +261 -0
- package/dist/services/jobs/job-store.js.map +1 -0
- package/dist/services/jobs/job.types.d.ts +67 -0
- package/dist/services/jobs/job.types.d.ts.map +1 -0
- package/dist/services/jobs/job.types.js +36 -0
- package/dist/services/jobs/job.types.js.map +1 -0
- package/dist/types/ad.types.d.ts +74 -0
- package/dist/types/ad.types.d.ts.map +1 -0
- package/dist/types/ad.types.js +3 -0
- package/dist/types/ad.types.js.map +1 -0
- package/dist/types/adcs.types.d.ts +58 -0
- package/dist/types/adcs.types.d.ts.map +1 -0
- package/dist/types/adcs.types.js +38 -0
- package/dist/types/adcs.types.js.map +1 -0
- package/dist/types/attack-graph.types.d.ts +135 -0
- package/dist/types/attack-graph.types.d.ts.map +1 -0
- package/dist/types/attack-graph.types.js +58 -0
- package/dist/types/attack-graph.types.js.map +1 -0
- package/dist/types/audit.types.d.ts +34 -0
- package/dist/types/audit.types.d.ts.map +1 -0
- package/dist/types/audit.types.js +3 -0
- package/dist/types/audit.types.js.map +1 -0
- package/dist/types/azure.types.d.ts +61 -0
- package/dist/types/azure.types.d.ts.map +1 -0
- package/dist/types/azure.types.js +3 -0
- package/dist/types/azure.types.js.map +1 -0
- package/dist/types/config.types.d.ts +63 -0
- package/dist/types/config.types.d.ts.map +1 -0
- package/dist/types/config.types.js +3 -0
- package/dist/types/config.types.js.map +1 -0
- package/dist/types/error.types.d.ts +33 -0
- package/dist/types/error.types.d.ts.map +1 -0
- package/dist/types/error.types.js +70 -0
- package/dist/types/error.types.js.map +1 -0
- package/dist/types/finding.types.d.ts +133 -0
- package/dist/types/finding.types.d.ts.map +1 -0
- package/dist/types/finding.types.js +3 -0
- package/dist/types/finding.types.js.map +1 -0
- package/dist/types/gpo.types.d.ts +39 -0
- package/dist/types/gpo.types.d.ts.map +1 -0
- package/dist/types/gpo.types.js +15 -0
- package/dist/types/gpo.types.js.map +1 -0
- package/dist/types/token.types.d.ts +26 -0
- package/dist/types/token.types.d.ts.map +1 -0
- package/dist/types/token.types.js +3 -0
- package/dist/types/token.types.js.map +1 -0
- package/dist/types/trust.types.d.ts +45 -0
- package/dist/types/trust.types.d.ts.map +1 -0
- package/dist/types/trust.types.js +71 -0
- package/dist/types/trust.types.js.map +1 -0
- package/dist/utils/entity-converter.d.ts +17 -0
- package/dist/utils/entity-converter.d.ts.map +1 -0
- package/dist/utils/entity-converter.js +285 -0
- package/dist/utils/entity-converter.js.map +1 -0
- package/dist/utils/graph.util.d.ts +66 -0
- package/dist/utils/graph.util.d.ts.map +1 -0
- package/dist/utils/graph.util.js +382 -0
- package/dist/utils/graph.util.js.map +1 -0
- package/dist/utils/logger.d.ts +7 -0
- package/dist/utils/logger.d.ts.map +1 -0
- package/dist/utils/logger.js +86 -0
- package/dist/utils/logger.js.map +1 -0
- package/dist/utils/type-name-normalizer.d.ts +5 -0
- package/dist/utils/type-name-normalizer.d.ts.map +1 -0
- package/dist/utils/type-name-normalizer.js +218 -0
- package/dist/utils/type-name-normalizer.js.map +1 -0
- package/docker-compose.yml +26 -0
- package/docs/api/README.md +178 -0
- package/docs/api/openapi.yaml +1524 -0
- package/eslint.config.js +54 -0
- package/jest.config.js +38 -0
- package/package.json +97 -0
- package/scripts/fetch-ad-cert.sh +142 -0
- package/src/.gitkeep +0 -0
- package/src/api/.gitkeep +0 -0
- package/src/api/controllers/.gitkeep +0 -0
- package/src/api/controllers/audit.controller.ts +313 -0
- package/src/api/controllers/auth.controller.ts +258 -0
- package/src/api/controllers/export.controller.ts +153 -0
- package/src/api/controllers/health.controller.ts +16 -0
- package/src/api/controllers/jobs.controller.ts +187 -0
- package/src/api/controllers/providers.controller.ts +165 -0
- package/src/api/dto/.gitkeep +0 -0
- package/src/api/dto/AuditRequest.dto.ts +8 -0
- package/src/api/dto/AuditResponse.dto.ts +19 -0
- package/src/api/dto/TokenRequest.dto.ts +8 -0
- package/src/api/dto/TokenResponse.dto.ts +14 -0
- package/src/api/middlewares/.gitkeep +0 -0
- package/src/api/middlewares/authenticate.ts +203 -0
- package/src/api/middlewares/errorHandler.ts +54 -0
- package/src/api/middlewares/rateLimit.ts +35 -0
- package/src/api/middlewares/validate.ts +32 -0
- package/src/api/routes/.gitkeep +0 -0
- package/src/api/routes/audit.routes.ts +77 -0
- package/src/api/routes/auth.routes.ts +71 -0
- package/src/api/routes/export.routes.ts +34 -0
- package/src/api/routes/health.routes.ts +14 -0
- package/src/api/routes/index.ts +40 -0
- package/src/api/routes/providers.routes.ts +24 -0
- package/src/api/validators/.gitkeep +0 -0
- package/src/api/validators/audit.schemas.ts +59 -0
- package/src/api/validators/auth.schemas.ts +59 -0
- package/src/app.ts +87 -0
- package/src/config/.gitkeep +0 -0
- package/src/config/config.schema.ts +108 -0
- package/src/config/index.ts +82 -0
- package/src/container.ts +221 -0
- package/src/data/.gitkeep +0 -0
- package/src/data/database.ts +78 -0
- package/src/data/jobs/token-cleanup.job.ts +166 -0
- package/src/data/migrations/.gitkeep +0 -0
- package/src/data/migrations/001_initial_schema.sql +47 -0
- package/src/data/migrations/migration.runner.ts +125 -0
- package/src/data/models/.gitkeep +0 -0
- package/src/data/models/Token.model.ts +35 -0
- package/src/data/repositories/.gitkeep +0 -0
- package/src/data/repositories/token.repository.ts +160 -0
- package/src/providers/.gitkeep +0 -0
- package/src/providers/azure/.gitkeep +0 -0
- package/src/providers/azure/auth.provider.ts +14 -0
- package/src/providers/azure/azure-errors.ts +189 -0
- package/src/providers/azure/azure-retry.ts +168 -0
- package/src/providers/azure/graph-client.ts +315 -0
- package/src/providers/azure/graph.provider.ts +294 -0
- package/src/providers/azure/queries/app.queries.ts +9 -0
- package/src/providers/azure/queries/policy.queries.ts +9 -0
- package/src/providers/azure/queries/user.queries.ts +10 -0
- package/src/providers/interfaces/.gitkeep +0 -0
- package/src/providers/interfaces/IGraphProvider.ts +117 -0
- package/src/providers/interfaces/ILDAPProvider.ts +142 -0
- package/src/providers/ldap/.gitkeep +0 -0
- package/src/providers/ldap/acl-parser.ts +231 -0
- package/src/providers/ldap/ad-mappers.ts +280 -0
- package/src/providers/ldap/ldap-client.ts +259 -0
- package/src/providers/ldap/ldap-errors.ts +188 -0
- package/src/providers/ldap/ldap-retry.ts +267 -0
- package/src/providers/ldap/ldap-sanitizer.ts +273 -0
- package/src/providers/ldap/ldap.provider.ts +293 -0
- package/src/providers/ldap/queries/computer.queries.ts +9 -0
- package/src/providers/ldap/queries/group.queries.ts +9 -0
- package/src/providers/ldap/queries/user.queries.ts +10 -0
- package/src/providers/smb/smb.provider.ts +653 -0
- package/src/server.ts +60 -0
- package/src/services/.gitkeep +0 -0
- package/src/services/audit/.gitkeep +0 -0
- package/src/services/audit/ad-audit.service.ts +1481 -0
- package/src/services/audit/attack-graph.service.ts +1104 -0
- package/src/services/audit/audit.service.ts +12 -0
- package/src/services/audit/azure-audit.service.ts +286 -0
- package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
- package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
- package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
- package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
- package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
- package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
- package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
- package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
- package/src/services/audit/detectors/ad/index.ts +84 -0
- package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
- package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
- package/src/services/audit/detectors/ad/network.detector.ts +538 -0
- package/src/services/audit/detectors/ad/password.detector.ts +324 -0
- package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
- package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
- package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
- package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
- package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
- package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
- package/src/services/audit/detectors/index.ts +18 -0
- package/src/services/audit/response-formatter.ts +604 -0
- package/src/services/audit/scoring.service.ts +234 -0
- package/src/services/auth/.gitkeep +0 -0
- package/src/services/auth/crypto.service.ts +230 -0
- package/src/services/auth/errors.ts +47 -0
- package/src/services/auth/token.service.ts +420 -0
- package/src/services/config/.gitkeep +0 -0
- package/src/services/config/config.service.ts +75 -0
- package/src/services/export/.gitkeep +0 -0
- package/src/services/export/export.service.ts +99 -0
- package/src/services/export/formatters/csv.formatter.ts +124 -0
- package/src/services/export/formatters/json.formatter.ts +160 -0
- package/src/services/jobs/azure-job-runner.ts +312 -0
- package/src/services/jobs/index.ts +9 -0
- package/src/services/jobs/job-runner.ts +1280 -0
- package/src/services/jobs/job-store.ts +384 -0
- package/src/services/jobs/job.types.ts +182 -0
- package/src/types/.gitkeep +0 -0
- package/src/types/ad.types.ts +91 -0
- package/src/types/adcs.types.ts +107 -0
- package/src/types/attack-graph.types.ts +260 -0
- package/src/types/audit.types.ts +42 -0
- package/src/types/azure.types.ts +68 -0
- package/src/types/config.types.ts +79 -0
- package/src/types/error.types.ts +69 -0
- package/src/types/finding.types.ts +284 -0
- package/src/types/gpo.types.ts +72 -0
- package/src/types/smb2.d.ts +73 -0
- package/src/types/token.types.ts +32 -0
- package/src/types/trust.types.ts +140 -0
- package/src/utils/.gitkeep +0 -0
- package/src/utils/entity-converter.ts +453 -0
- package/src/utils/graph.util.ts +609 -0
- package/src/utils/logger.ts +111 -0
- package/src/utils/type-name-normalizer.ts +302 -0
- package/tests/.gitkeep +0 -0
- package/tests/e2e/.gitkeep +0 -0
- package/tests/fixtures/.gitkeep +0 -0
- package/tests/integration/.gitkeep +0 -0
- package/tests/integration/README.md +156 -0
- package/tests/integration/ad-audit.integration.test.ts +216 -0
- package/tests/integration/api/.gitkeep +0 -0
- package/tests/integration/api/endpoints.integration.test.ts +431 -0
- package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
- package/tests/integration/providers/.gitkeep +0 -0
- package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
- package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
- package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
- package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
- package/tests/mocks/.gitkeep +0 -0
- package/tests/setup.ts +16 -0
- package/tests/unit/.gitkeep +0 -0
- package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
- package/tests/unit/providers/.gitkeep +0 -0
- package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
- package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
- package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
- package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
- package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
- package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
- package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
- package/tests/unit/sample.test.ts +19 -0
- package/tests/unit/services/.gitkeep +0 -0
- package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
- package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
- package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
- package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
- package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
- package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
- package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
- package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
- package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
- package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
- package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
- package/tests/unit/services/auth/crypto.service.test.ts +296 -0
- package/tests/unit/services/auth/token.service.test.ts +579 -0
- package/tests/unit/services/export/export.service.test.ts +241 -0
- package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
- package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
- package/tests/unit/utils/.gitkeep +0 -0
- package/tsconfig.json +50 -0
|
@@ -0,0 +1,254 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Azure Retry Logic Unit Tests
|
|
3
|
+
*
|
|
4
|
+
* Tests for retry logic with exponential backoff and rate limit handling.
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
import {
|
|
8
|
+
retryWithBackoff,
|
|
9
|
+
calculateDelay,
|
|
10
|
+
AZURE_RETRY_CONFIGS,
|
|
11
|
+
RetryOptions,
|
|
12
|
+
} from '../../../../src/providers/azure/azure-retry';
|
|
13
|
+
import {
|
|
14
|
+
AzureRateLimitError,
|
|
15
|
+
AzureTimeoutError,
|
|
16
|
+
AzureAuthenticationError,
|
|
17
|
+
} from '../../../../src/providers/azure/azure-errors';
|
|
18
|
+
|
|
19
|
+
describe('Azure Retry Logic', () => {
|
|
20
|
+
describe('calculateDelay', () => {
|
|
21
|
+
const options: Required<RetryOptions> = {
|
|
22
|
+
maxAttempts: 3,
|
|
23
|
+
initialDelay: 1000,
|
|
24
|
+
maxDelay: 30000,
|
|
25
|
+
backoffMultiplier: 2,
|
|
26
|
+
jitterPercent: 0, // No jitter for predictable testing
|
|
27
|
+
onRetry: () => {},
|
|
28
|
+
};
|
|
29
|
+
|
|
30
|
+
it('should calculate exponential backoff delays', () => {
|
|
31
|
+
const delay0 = calculateDelay(0, options);
|
|
32
|
+
const delay1 = calculateDelay(1, options);
|
|
33
|
+
const delay2 = calculateDelay(2, options);
|
|
34
|
+
|
|
35
|
+
expect(delay0).toBe(1000); // 1000 * 2^0 = 1000
|
|
36
|
+
expect(delay1).toBe(2000); // 1000 * 2^1 = 2000
|
|
37
|
+
expect(delay2).toBe(4000); // 1000 * 2^2 = 4000
|
|
38
|
+
});
|
|
39
|
+
|
|
40
|
+
it('should cap delay at maxDelay', () => {
|
|
41
|
+
const delay5 = calculateDelay(5, options); // 1000 * 2^5 = 32000
|
|
42
|
+
expect(delay5).toBe(30000); // Capped at maxDelay
|
|
43
|
+
});
|
|
44
|
+
|
|
45
|
+
it('should add jitter when enabled', () => {
|
|
46
|
+
const optionsWithJitter: Required<RetryOptions> = {
|
|
47
|
+
...options,
|
|
48
|
+
jitterPercent: 10, // 10% jitter
|
|
49
|
+
};
|
|
50
|
+
|
|
51
|
+
const delays = Array.from({ length: 10 }, () => calculateDelay(0, optionsWithJitter));
|
|
52
|
+
|
|
53
|
+
// All delays should be different (with high probability)
|
|
54
|
+
const uniqueDelays = new Set(delays);
|
|
55
|
+
expect(uniqueDelays.size).toBeGreaterThan(1);
|
|
56
|
+
|
|
57
|
+
// All delays should be within range [1000, 1100]
|
|
58
|
+
delays.forEach((delay) => {
|
|
59
|
+
expect(delay).toBeGreaterThanOrEqual(1000);
|
|
60
|
+
expect(delay).toBeLessThanOrEqual(1100);
|
|
61
|
+
});
|
|
62
|
+
});
|
|
63
|
+
});
|
|
64
|
+
|
|
65
|
+
describe('retryWithBackoff', () => {
|
|
66
|
+
it('should succeed on first attempt', async () => {
|
|
67
|
+
const operation = jest.fn().mockResolvedValue('success');
|
|
68
|
+
|
|
69
|
+
const result = await retryWithBackoff(operation);
|
|
70
|
+
|
|
71
|
+
expect(result).toBe('success');
|
|
72
|
+
expect(operation).toHaveBeenCalledTimes(1);
|
|
73
|
+
});
|
|
74
|
+
|
|
75
|
+
it('should retry on retryable error and eventually succeed', async () => {
|
|
76
|
+
const operation = jest
|
|
77
|
+
.fn()
|
|
78
|
+
.mockRejectedValueOnce(new AzureTimeoutError('Timeout', 'GET /users', 30000))
|
|
79
|
+
.mockResolvedValue('success');
|
|
80
|
+
|
|
81
|
+
const result = await retryWithBackoff(operation, {
|
|
82
|
+
maxAttempts: 3,
|
|
83
|
+
initialDelay: 10,
|
|
84
|
+
maxDelay: 100,
|
|
85
|
+
});
|
|
86
|
+
|
|
87
|
+
expect(result).toBe('success');
|
|
88
|
+
expect(operation).toHaveBeenCalledTimes(2);
|
|
89
|
+
});
|
|
90
|
+
|
|
91
|
+
it('should throw error if all retries fail', async () => {
|
|
92
|
+
const error = new AzureTimeoutError('Timeout', 'GET /users', 30000);
|
|
93
|
+
const operation = jest.fn().mockRejectedValue(error);
|
|
94
|
+
|
|
95
|
+
await expect(
|
|
96
|
+
retryWithBackoff(operation, {
|
|
97
|
+
maxAttempts: 3,
|
|
98
|
+
initialDelay: 10,
|
|
99
|
+
maxDelay: 100,
|
|
100
|
+
})
|
|
101
|
+
).rejects.toThrow(error);
|
|
102
|
+
|
|
103
|
+
expect(operation).toHaveBeenCalledTimes(3);
|
|
104
|
+
});
|
|
105
|
+
|
|
106
|
+
it('should NOT retry non-retryable errors', async () => {
|
|
107
|
+
const error = new AzureAuthenticationError('Auth failed', 'tenant', 'client');
|
|
108
|
+
const operation = jest.fn().mockRejectedValue(error);
|
|
109
|
+
|
|
110
|
+
await expect(
|
|
111
|
+
retryWithBackoff(operation, {
|
|
112
|
+
maxAttempts: 3,
|
|
113
|
+
initialDelay: 10,
|
|
114
|
+
})
|
|
115
|
+
).rejects.toThrow(error);
|
|
116
|
+
|
|
117
|
+
expect(operation).toHaveBeenCalledTimes(1); // Should not retry
|
|
118
|
+
});
|
|
119
|
+
|
|
120
|
+
it('should use retry-after for rate limit errors', async () => {
|
|
121
|
+
const rateLimitError = new AzureRateLimitError('Rate limited', '/users', 2); // 2 seconds
|
|
122
|
+
const operation = jest
|
|
123
|
+
.fn()
|
|
124
|
+
.mockRejectedValueOnce(rateLimitError)
|
|
125
|
+
.mockResolvedValue('success');
|
|
126
|
+
|
|
127
|
+
const startTime = Date.now();
|
|
128
|
+
const result = await retryWithBackoff(operation, {
|
|
129
|
+
maxAttempts: 3,
|
|
130
|
+
initialDelay: 10,
|
|
131
|
+
maxDelay: 5000,
|
|
132
|
+
});
|
|
133
|
+
const elapsed = Date.now() - startTime;
|
|
134
|
+
|
|
135
|
+
expect(result).toBe('success');
|
|
136
|
+
expect(operation).toHaveBeenCalledTimes(2);
|
|
137
|
+
// Should have waited ~2 seconds (retry-after value)
|
|
138
|
+
expect(elapsed).toBeGreaterThanOrEqual(1900);
|
|
139
|
+
expect(elapsed).toBeLessThan(3000);
|
|
140
|
+
});
|
|
141
|
+
|
|
142
|
+
it('should call onRetry callback', async () => {
|
|
143
|
+
const onRetry = jest.fn();
|
|
144
|
+
const error = new AzureTimeoutError('Timeout', 'GET /users', 30000);
|
|
145
|
+
const operation = jest
|
|
146
|
+
.fn()
|
|
147
|
+
.mockRejectedValueOnce(error)
|
|
148
|
+
.mockResolvedValue('success');
|
|
149
|
+
|
|
150
|
+
await retryWithBackoff(operation, {
|
|
151
|
+
maxAttempts: 3,
|
|
152
|
+
initialDelay: 10,
|
|
153
|
+
maxDelay: 100,
|
|
154
|
+
onRetry,
|
|
155
|
+
});
|
|
156
|
+
|
|
157
|
+
expect(onRetry).toHaveBeenCalledTimes(1);
|
|
158
|
+
expect(onRetry).toHaveBeenCalledWith(error, 0, expect.any(Number));
|
|
159
|
+
});
|
|
160
|
+
|
|
161
|
+
it('should handle multiple retries with exponential backoff', async () => {
|
|
162
|
+
const delays: number[] = [];
|
|
163
|
+
const onRetry = jest.fn((_error, _attempt, delay) => {
|
|
164
|
+
delays.push(delay);
|
|
165
|
+
});
|
|
166
|
+
|
|
167
|
+
const operation = jest
|
|
168
|
+
.fn()
|
|
169
|
+
.mockRejectedValueOnce(new AzureTimeoutError('Timeout 1', 'GET /users', 30000))
|
|
170
|
+
.mockRejectedValueOnce(new AzureTimeoutError('Timeout 2', 'GET /users', 30000))
|
|
171
|
+
.mockResolvedValue('success');
|
|
172
|
+
|
|
173
|
+
await retryWithBackoff(operation, {
|
|
174
|
+
maxAttempts: 3,
|
|
175
|
+
initialDelay: 100,
|
|
176
|
+
maxDelay: 1000,
|
|
177
|
+
backoffMultiplier: 2,
|
|
178
|
+
jitterPercent: 0,
|
|
179
|
+
onRetry,
|
|
180
|
+
});
|
|
181
|
+
|
|
182
|
+
expect(delays.length).toBe(2);
|
|
183
|
+
expect(delays[0]).toBe(100); // 100 * 2^0 = 100
|
|
184
|
+
expect(delays[1]).toBe(200); // 100 * 2^1 = 200
|
|
185
|
+
});
|
|
186
|
+
|
|
187
|
+
it('should respect maxDelay cap', async () => {
|
|
188
|
+
const delays: number[] = [];
|
|
189
|
+
const onRetry = jest.fn((_error, _attempt, delay) => {
|
|
190
|
+
delays.push(delay);
|
|
191
|
+
});
|
|
192
|
+
|
|
193
|
+
const operation = jest
|
|
194
|
+
.fn()
|
|
195
|
+
.mockRejectedValueOnce(new AzureTimeoutError('Timeout 1', 'GET /users', 30000))
|
|
196
|
+
.mockRejectedValueOnce(new AzureTimeoutError('Timeout 2', 'GET /users', 30000))
|
|
197
|
+
.mockResolvedValue('success');
|
|
198
|
+
|
|
199
|
+
await retryWithBackoff(operation, {
|
|
200
|
+
maxAttempts: 3,
|
|
201
|
+
initialDelay: 1000,
|
|
202
|
+
maxDelay: 1500, // Cap at 1500ms
|
|
203
|
+
backoffMultiplier: 3,
|
|
204
|
+
jitterPercent: 0,
|
|
205
|
+
onRetry,
|
|
206
|
+
});
|
|
207
|
+
|
|
208
|
+
expect(delays[0]).toBe(1000); // 1000 * 3^0 = 1000
|
|
209
|
+
expect(delays[1]).toBe(1500); // 1000 * 3^1 = 3000, capped at 1500
|
|
210
|
+
});
|
|
211
|
+
});
|
|
212
|
+
|
|
213
|
+
describe('AZURE_RETRY_CONFIGS', () => {
|
|
214
|
+
it('should have default config', () => {
|
|
215
|
+
expect(AZURE_RETRY_CONFIGS.default).toEqual({
|
|
216
|
+
maxAttempts: 3,
|
|
217
|
+
initialDelay: 1000,
|
|
218
|
+
maxDelay: 30000,
|
|
219
|
+
backoffMultiplier: 2,
|
|
220
|
+
jitterPercent: 10,
|
|
221
|
+
});
|
|
222
|
+
});
|
|
223
|
+
|
|
224
|
+
it('should have aggressive config', () => {
|
|
225
|
+
expect(AZURE_RETRY_CONFIGS.aggressive).toEqual({
|
|
226
|
+
maxAttempts: 5,
|
|
227
|
+
initialDelay: 500,
|
|
228
|
+
maxDelay: 15000,
|
|
229
|
+
backoffMultiplier: 1.5,
|
|
230
|
+
jitterPercent: 15,
|
|
231
|
+
});
|
|
232
|
+
});
|
|
233
|
+
|
|
234
|
+
it('should have conservative config', () => {
|
|
235
|
+
expect(AZURE_RETRY_CONFIGS.conservative).toEqual({
|
|
236
|
+
maxAttempts: 2,
|
|
237
|
+
initialDelay: 2000,
|
|
238
|
+
maxDelay: 60000,
|
|
239
|
+
backoffMultiplier: 3,
|
|
240
|
+
jitterPercent: 5,
|
|
241
|
+
});
|
|
242
|
+
});
|
|
243
|
+
|
|
244
|
+
it('should have rate limit config', () => {
|
|
245
|
+
expect(AZURE_RETRY_CONFIGS.rateLimit).toEqual({
|
|
246
|
+
maxAttempts: 3,
|
|
247
|
+
initialDelay: 60000,
|
|
248
|
+
maxDelay: 300000,
|
|
249
|
+
backoffMultiplier: 1,
|
|
250
|
+
jitterPercent: 0,
|
|
251
|
+
});
|
|
252
|
+
});
|
|
253
|
+
});
|
|
254
|
+
});
|
|
@@ -0,0 +1,313 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Graph Provider Unit Tests
|
|
3
|
+
*
|
|
4
|
+
* Tests for Microsoft Graph provider implementation.
|
|
5
|
+
*/
|
|
6
|
+
|
|
7
|
+
import { GraphProvider } from '../../../../src/providers/azure/graph.provider';
|
|
8
|
+
import { GraphClient } from '../../../../src/providers/azure/graph-client';
|
|
9
|
+
import { AzureConfig } from '../../../../src/types/config.types';
|
|
10
|
+
import {
|
|
11
|
+
AzureAPIError,
|
|
12
|
+
AzureAuthenticationError,
|
|
13
|
+
AzurePermissionError,
|
|
14
|
+
} from '../../../../src/providers/azure/azure-errors';
|
|
15
|
+
import { AzureUser, AzureGroup, AzureApp, AzurePolicy } from '../../../../src/types/azure.types';
|
|
16
|
+
|
|
17
|
+
// Mock GraphClient
|
|
18
|
+
jest.mock('../../../../src/providers/azure/graph-client');
|
|
19
|
+
|
|
20
|
+
describe('GraphProvider', () => {
|
|
21
|
+
let provider: GraphProvider;
|
|
22
|
+
let mockClient: jest.Mocked<GraphClient>;
|
|
23
|
+
const mockConfig: AzureConfig = {
|
|
24
|
+
tenantId: 'tenant-123',
|
|
25
|
+
clientId: 'client-456',
|
|
26
|
+
clientSecret: 'secret-789',
|
|
27
|
+
};
|
|
28
|
+
|
|
29
|
+
beforeEach(() => {
|
|
30
|
+
jest.clearAllMocks();
|
|
31
|
+
|
|
32
|
+
// Create mock client instance
|
|
33
|
+
mockClient = {
|
|
34
|
+
authenticate: jest.fn().mockResolvedValue(undefined),
|
|
35
|
+
get: jest.fn(),
|
|
36
|
+
getAll: jest.fn(),
|
|
37
|
+
testConnection: jest.fn(),
|
|
38
|
+
disconnect: jest.fn(),
|
|
39
|
+
getAccessToken: jest.fn(),
|
|
40
|
+
} as unknown as jest.Mocked<GraphClient>;
|
|
41
|
+
|
|
42
|
+
// Mock the GraphClient constructor to return our mock
|
|
43
|
+
(GraphClient as jest.MockedClass<typeof GraphClient>).mockImplementation(() => mockClient);
|
|
44
|
+
|
|
45
|
+
provider = new GraphProvider(mockConfig);
|
|
46
|
+
});
|
|
47
|
+
|
|
48
|
+
describe('authenticate', () => {
|
|
49
|
+
it('should authenticate with Graph API', async () => {
|
|
50
|
+
await provider.authenticate();
|
|
51
|
+
|
|
52
|
+
expect(mockClient.authenticate).toHaveBeenCalledTimes(1);
|
|
53
|
+
});
|
|
54
|
+
|
|
55
|
+
it('should throw error if authentication fails', async () => {
|
|
56
|
+
mockClient.authenticate.mockRejectedValue(
|
|
57
|
+
new AzureAuthenticationError('Auth failed', 'tenant', 'client')
|
|
58
|
+
);
|
|
59
|
+
|
|
60
|
+
await expect(provider.authenticate()).rejects.toThrow(AzureAuthenticationError);
|
|
61
|
+
});
|
|
62
|
+
});
|
|
63
|
+
|
|
64
|
+
describe('testConnection', () => {
|
|
65
|
+
it('should return success on successful connection', async () => {
|
|
66
|
+
mockClient.get.mockResolvedValue({ value: [{ id: 'org-123' }] });
|
|
67
|
+
|
|
68
|
+
const result = await provider.testConnection();
|
|
69
|
+
|
|
70
|
+
expect(result.success).toBe(true);
|
|
71
|
+
expect(result.message).toBe('Connection successful');
|
|
72
|
+
expect(result.details).toMatchObject({
|
|
73
|
+
tenantId: mockConfig.tenantId,
|
|
74
|
+
clientId: mockConfig.clientId,
|
|
75
|
+
authenticated: true,
|
|
76
|
+
});
|
|
77
|
+
expect(result.details?.responseTime).toBeGreaterThanOrEqual(0);
|
|
78
|
+
});
|
|
79
|
+
|
|
80
|
+
it('should return failure on authentication error', async () => {
|
|
81
|
+
mockClient.authenticate.mockRejectedValue(
|
|
82
|
+
new AzureAuthenticationError('Invalid credentials', 'tenant', 'client')
|
|
83
|
+
);
|
|
84
|
+
|
|
85
|
+
const result = await provider.testConnection();
|
|
86
|
+
|
|
87
|
+
expect(result.success).toBe(false);
|
|
88
|
+
expect(result.message).toContain('Authentication failed');
|
|
89
|
+
expect(result.details?.authenticated).toBe(false);
|
|
90
|
+
});
|
|
91
|
+
|
|
92
|
+
it('should return failure on API error', async () => {
|
|
93
|
+
mockClient.get.mockRejectedValue(new AzureAPIError('API error', '/organization', 500));
|
|
94
|
+
|
|
95
|
+
const result = await provider.testConnection();
|
|
96
|
+
|
|
97
|
+
expect(result.success).toBe(false);
|
|
98
|
+
expect(result.message).toContain('Connection test failed');
|
|
99
|
+
});
|
|
100
|
+
});
|
|
101
|
+
|
|
102
|
+
describe('getUsers', () => {
|
|
103
|
+
const mockUsers: AzureUser[] = [
|
|
104
|
+
{
|
|
105
|
+
id: 'user-1',
|
|
106
|
+
userPrincipalName: 'user1@example.com',
|
|
107
|
+
displayName: 'User One',
|
|
108
|
+
accountEnabled: true,
|
|
109
|
+
},
|
|
110
|
+
{
|
|
111
|
+
id: 'user-2',
|
|
112
|
+
userPrincipalName: 'user2@example.com',
|
|
113
|
+
displayName: 'User Two',
|
|
114
|
+
accountEnabled: false,
|
|
115
|
+
},
|
|
116
|
+
];
|
|
117
|
+
|
|
118
|
+
it('should get all users without options', async () => {
|
|
119
|
+
mockClient.getAll.mockResolvedValue(mockUsers);
|
|
120
|
+
|
|
121
|
+
const users = await provider.getUsers();
|
|
122
|
+
|
|
123
|
+
expect(mockClient.getAll).toHaveBeenCalledWith('/users', undefined);
|
|
124
|
+
expect(users).toEqual(mockUsers);
|
|
125
|
+
});
|
|
126
|
+
|
|
127
|
+
it('should get users with filter', async () => {
|
|
128
|
+
mockClient.getAll.mockResolvedValue([mockUsers[0]]);
|
|
129
|
+
|
|
130
|
+
const users = await provider.getUsers({
|
|
131
|
+
filter: "startsWith(displayName, 'User One')",
|
|
132
|
+
});
|
|
133
|
+
|
|
134
|
+
expect(mockClient.getAll).toHaveBeenCalledWith('/users', {
|
|
135
|
+
'$filter': "startsWith(displayName, 'User One')",
|
|
136
|
+
});
|
|
137
|
+
expect(users).toHaveLength(1);
|
|
138
|
+
});
|
|
139
|
+
|
|
140
|
+
it('should get users with select', async () => {
|
|
141
|
+
mockClient.getAll.mockResolvedValue(mockUsers);
|
|
142
|
+
|
|
143
|
+
await provider.getUsers({
|
|
144
|
+
select: ['id', 'userPrincipalName', 'displayName'],
|
|
145
|
+
});
|
|
146
|
+
|
|
147
|
+
expect(mockClient.getAll).toHaveBeenCalledWith('/users', {
|
|
148
|
+
'$select': 'id,userPrincipalName,displayName',
|
|
149
|
+
});
|
|
150
|
+
});
|
|
151
|
+
|
|
152
|
+
it('should get users with top and skip', async () => {
|
|
153
|
+
mockClient.getAll.mockResolvedValue([mockUsers[0]]);
|
|
154
|
+
|
|
155
|
+
await provider.getUsers({ top: 1, skip: 1 });
|
|
156
|
+
|
|
157
|
+
expect(mockClient.getAll).toHaveBeenCalledWith('/users', {
|
|
158
|
+
'$top': '1',
|
|
159
|
+
'$skip': '1',
|
|
160
|
+
});
|
|
161
|
+
});
|
|
162
|
+
|
|
163
|
+
it('should throw permission error on 403', async () => {
|
|
164
|
+
mockClient.getAll.mockRejectedValue(new AzureAPIError('Forbidden', '/users', 403));
|
|
165
|
+
|
|
166
|
+
await expect(provider.getUsers()).rejects.toThrow(AzurePermissionError);
|
|
167
|
+
await expect(provider.getUsers()).rejects.toThrow('User.Read.All');
|
|
168
|
+
});
|
|
169
|
+
});
|
|
170
|
+
|
|
171
|
+
describe('getGroups', () => {
|
|
172
|
+
const mockGroups: AzureGroup[] = [
|
|
173
|
+
{
|
|
174
|
+
id: 'group-1',
|
|
175
|
+
displayName: 'Admins',
|
|
176
|
+
mailEnabled: false,
|
|
177
|
+
securityEnabled: true,
|
|
178
|
+
},
|
|
179
|
+
{
|
|
180
|
+
id: 'group-2',
|
|
181
|
+
displayName: 'Users',
|
|
182
|
+
mailEnabled: true,
|
|
183
|
+
securityEnabled: false,
|
|
184
|
+
},
|
|
185
|
+
];
|
|
186
|
+
|
|
187
|
+
it('should get all groups', async () => {
|
|
188
|
+
mockClient.getAll.mockResolvedValue(mockGroups);
|
|
189
|
+
|
|
190
|
+
const groups = await provider.getGroups();
|
|
191
|
+
|
|
192
|
+
expect(mockClient.getAll).toHaveBeenCalledWith('/groups', undefined);
|
|
193
|
+
expect(groups).toEqual(mockGroups);
|
|
194
|
+
});
|
|
195
|
+
|
|
196
|
+
it('should get groups with filter', async () => {
|
|
197
|
+
mockClient.getAll.mockResolvedValue([mockGroups[0]]);
|
|
198
|
+
|
|
199
|
+
const groups = await provider.getGroups({
|
|
200
|
+
filter: 'securityEnabled eq true',
|
|
201
|
+
});
|
|
202
|
+
|
|
203
|
+
expect(mockClient.getAll).toHaveBeenCalledWith('/groups', {
|
|
204
|
+
'$filter': 'securityEnabled eq true',
|
|
205
|
+
});
|
|
206
|
+
expect(groups).toHaveLength(1);
|
|
207
|
+
});
|
|
208
|
+
|
|
209
|
+
it('should throw permission error on 403', async () => {
|
|
210
|
+
mockClient.getAll.mockRejectedValue(new AzureAPIError('Forbidden', '/groups', 403));
|
|
211
|
+
|
|
212
|
+
await expect(provider.getGroups()).rejects.toThrow(AzurePermissionError);
|
|
213
|
+
await expect(provider.getGroups()).rejects.toThrow('Group.Read.All');
|
|
214
|
+
});
|
|
215
|
+
});
|
|
216
|
+
|
|
217
|
+
describe('getApplications', () => {
|
|
218
|
+
const mockApps: AzureApp[] = [
|
|
219
|
+
{
|
|
220
|
+
id: 'app-1',
|
|
221
|
+
appId: 'appId-1',
|
|
222
|
+
displayName: 'My App',
|
|
223
|
+
},
|
|
224
|
+
];
|
|
225
|
+
|
|
226
|
+
it('should get all applications', async () => {
|
|
227
|
+
mockClient.getAll.mockResolvedValue(mockApps);
|
|
228
|
+
|
|
229
|
+
const apps = await provider.getApplications();
|
|
230
|
+
|
|
231
|
+
expect(mockClient.getAll).toHaveBeenCalledWith('/applications', undefined);
|
|
232
|
+
expect(apps).toEqual(mockApps);
|
|
233
|
+
});
|
|
234
|
+
|
|
235
|
+
it('should throw permission error on 403', async () => {
|
|
236
|
+
mockClient.getAll.mockRejectedValue(new AzureAPIError('Forbidden', '/applications', 403));
|
|
237
|
+
|
|
238
|
+
await expect(provider.getApplications()).rejects.toThrow(AzurePermissionError);
|
|
239
|
+
await expect(provider.getApplications()).rejects.toThrow('Application.Read.All');
|
|
240
|
+
});
|
|
241
|
+
});
|
|
242
|
+
|
|
243
|
+
describe('getPolicies', () => {
|
|
244
|
+
const mockPolicies: AzurePolicy[] = [
|
|
245
|
+
{
|
|
246
|
+
id: 'policy-1',
|
|
247
|
+
displayName: 'Require MFA',
|
|
248
|
+
state: 'enabled',
|
|
249
|
+
},
|
|
250
|
+
];
|
|
251
|
+
|
|
252
|
+
it('should get all policies', async () => {
|
|
253
|
+
mockClient.getAll.mockResolvedValue(mockPolicies);
|
|
254
|
+
|
|
255
|
+
const policies = await provider.getPolicies();
|
|
256
|
+
|
|
257
|
+
expect(mockClient.getAll).toHaveBeenCalledWith(
|
|
258
|
+
'/identity/conditionalAccess/policies',
|
|
259
|
+
undefined
|
|
260
|
+
);
|
|
261
|
+
expect(policies).toEqual(mockPolicies);
|
|
262
|
+
});
|
|
263
|
+
|
|
264
|
+
it('should throw permission error on 403', async () => {
|
|
265
|
+
mockClient.getAll.mockRejectedValue(
|
|
266
|
+
new AzureAPIError('Forbidden', '/identity/conditionalAccess/policies', 403)
|
|
267
|
+
);
|
|
268
|
+
|
|
269
|
+
await expect(provider.getPolicies()).rejects.toThrow(AzurePermissionError);
|
|
270
|
+
await expect(provider.getPolicies()).rejects.toThrow('Policy.Read.All');
|
|
271
|
+
});
|
|
272
|
+
});
|
|
273
|
+
|
|
274
|
+
describe('disconnect', () => {
|
|
275
|
+
it('should disconnect from Graph API', async () => {
|
|
276
|
+
await provider.disconnect();
|
|
277
|
+
|
|
278
|
+
expect(mockClient.disconnect).toHaveBeenCalledTimes(1);
|
|
279
|
+
});
|
|
280
|
+
});
|
|
281
|
+
|
|
282
|
+
describe('buildQueryParams', () => {
|
|
283
|
+
it('should build complete query params', async () => {
|
|
284
|
+
mockClient.getAll.mockResolvedValue([]);
|
|
285
|
+
|
|
286
|
+
await provider.getUsers({
|
|
287
|
+
filter: 'accountEnabled eq true',
|
|
288
|
+
select: ['id', 'displayName'],
|
|
289
|
+
expand: ['memberOf'],
|
|
290
|
+
orderBy: 'displayName',
|
|
291
|
+
top: 10,
|
|
292
|
+
skip: 5,
|
|
293
|
+
});
|
|
294
|
+
|
|
295
|
+
expect(mockClient.getAll).toHaveBeenCalledWith('/users', {
|
|
296
|
+
'$filter': 'accountEnabled eq true',
|
|
297
|
+
'$select': 'id,displayName',
|
|
298
|
+
'$expand': 'memberOf',
|
|
299
|
+
'$orderby': 'displayName',
|
|
300
|
+
'$top': '10',
|
|
301
|
+
'$skip': '5',
|
|
302
|
+
});
|
|
303
|
+
});
|
|
304
|
+
|
|
305
|
+
it('should return undefined for empty options', async () => {
|
|
306
|
+
mockClient.getAll.mockResolvedValue([]);
|
|
307
|
+
|
|
308
|
+
await provider.getUsers({});
|
|
309
|
+
|
|
310
|
+
expect(mockClient.getAll).toHaveBeenCalledWith('/users', undefined);
|
|
311
|
+
});
|
|
312
|
+
});
|
|
313
|
+
});
|