npm - @etcsec-com/etc-collector - Versions diffs - 1.4.0 - Mend

@etcsec-com/etc-collector 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (617) hide show

package/.env.example +60 -0
package/.env.test.example +33 -0
package/.github/workflows/ci.yml +83 -0
package/.github/workflows/release.yml +246 -0
package/.prettierrc.json +10 -0
package/CHANGELOG.md +15 -0
package/Dockerfile +57 -0
package/LICENSE +190 -0
package/README.md +194 -0
package/dist/api/controllers/audit.controller.d.ts +21 -0
package/dist/api/controllers/audit.controller.d.ts.map +1 -0
package/dist/api/controllers/audit.controller.js +179 -0
package/dist/api/controllers/audit.controller.js.map +1 -0
package/dist/api/controllers/auth.controller.d.ts +16 -0
package/dist/api/controllers/auth.controller.d.ts.map +1 -0
package/dist/api/controllers/auth.controller.js +146 -0
package/dist/api/controllers/auth.controller.js.map +1 -0
package/dist/api/controllers/export.controller.d.ts +27 -0
package/dist/api/controllers/export.controller.d.ts.map +1 -0
package/dist/api/controllers/export.controller.js +80 -0
package/dist/api/controllers/export.controller.js.map +1 -0
package/dist/api/controllers/health.controller.d.ts +5 -0
package/dist/api/controllers/health.controller.d.ts.map +1 -0
package/dist/api/controllers/health.controller.js +16 -0
package/dist/api/controllers/health.controller.js.map +1 -0
package/dist/api/controllers/jobs.controller.d.ts +13 -0
package/dist/api/controllers/jobs.controller.d.ts.map +1 -0
package/dist/api/controllers/jobs.controller.js +125 -0
package/dist/api/controllers/jobs.controller.js.map +1 -0
package/dist/api/controllers/providers.controller.d.ts +15 -0
package/dist/api/controllers/providers.controller.d.ts.map +1 -0
package/dist/api/controllers/providers.controller.js +112 -0
package/dist/api/controllers/providers.controller.js.map +1 -0
package/dist/api/dto/AuditRequest.dto.d.ts +6 -0
package/dist/api/dto/AuditRequest.dto.d.ts.map +1 -0
package/dist/api/dto/AuditRequest.dto.js +3 -0
package/dist/api/dto/AuditRequest.dto.js.map +1 -0
package/dist/api/dto/AuditResponse.dto.d.ts +17 -0
package/dist/api/dto/AuditResponse.dto.d.ts.map +1 -0
package/dist/api/dto/AuditResponse.dto.js +3 -0
package/dist/api/dto/AuditResponse.dto.js.map +1 -0
package/dist/api/dto/TokenRequest.dto.d.ts +6 -0
package/dist/api/dto/TokenRequest.dto.d.ts.map +1 -0
package/dist/api/dto/TokenRequest.dto.js +3 -0
package/dist/api/dto/TokenRequest.dto.js.map +1 -0
package/dist/api/dto/TokenResponse.dto.d.ts +12 -0
package/dist/api/dto/TokenResponse.dto.d.ts.map +1 -0
package/dist/api/dto/TokenResponse.dto.js +3 -0
package/dist/api/dto/TokenResponse.dto.js.map +1 -0
package/dist/api/middlewares/authenticate.d.ts +12 -0
package/dist/api/middlewares/authenticate.d.ts.map +1 -0
package/dist/api/middlewares/authenticate.js +141 -0
package/dist/api/middlewares/authenticate.js.map +1 -0
package/dist/api/middlewares/errorHandler.d.ts +3 -0
package/dist/api/middlewares/errorHandler.d.ts.map +1 -0
package/dist/api/middlewares/errorHandler.js +30 -0
package/dist/api/middlewares/errorHandler.js.map +1 -0
package/dist/api/middlewares/rateLimit.d.ts +3 -0
package/dist/api/middlewares/rateLimit.d.ts.map +1 -0
package/dist/api/middlewares/rateLimit.js +34 -0
package/dist/api/middlewares/rateLimit.js.map +1 -0
package/dist/api/middlewares/validate.d.ts +4 -0
package/dist/api/middlewares/validate.d.ts.map +1 -0
package/dist/api/middlewares/validate.js +31 -0
package/dist/api/middlewares/validate.js.map +1 -0
package/dist/api/routes/audit.routes.d.ts +5 -0
package/dist/api/routes/audit.routes.d.ts.map +1 -0
package/dist/api/routes/audit.routes.js +24 -0
package/dist/api/routes/audit.routes.js.map +1 -0
package/dist/api/routes/auth.routes.d.ts +6 -0
package/dist/api/routes/auth.routes.d.ts.map +1 -0
package/dist/api/routes/auth.routes.js +22 -0
package/dist/api/routes/auth.routes.js.map +1 -0
package/dist/api/routes/export.routes.d.ts +5 -0
package/dist/api/routes/export.routes.d.ts.map +1 -0
package/dist/api/routes/export.routes.js +16 -0
package/dist/api/routes/export.routes.js.map +1 -0
package/dist/api/routes/health.routes.d.ts +4 -0
package/dist/api/routes/health.routes.d.ts.map +1 -0
package/dist/api/routes/health.routes.js +11 -0
package/dist/api/routes/health.routes.js.map +1 -0
package/dist/api/routes/index.d.ts +10 -0
package/dist/api/routes/index.d.ts.map +1 -0
package/dist/api/routes/index.js +20 -0
package/dist/api/routes/index.js.map +1 -0
package/dist/api/routes/providers.routes.d.ts +5 -0
package/dist/api/routes/providers.routes.d.ts.map +1 -0
package/dist/api/routes/providers.routes.js +13 -0
package/dist/api/routes/providers.routes.js.map +1 -0
package/dist/api/validators/audit.schemas.d.ts +60 -0
package/dist/api/validators/audit.schemas.d.ts.map +1 -0
package/dist/api/validators/audit.schemas.js +55 -0
package/dist/api/validators/audit.schemas.js.map +1 -0
package/dist/api/validators/auth.schemas.d.ts +17 -0
package/dist/api/validators/auth.schemas.d.ts.map +1 -0
package/dist/api/validators/auth.schemas.js +21 -0
package/dist/api/validators/auth.schemas.js.map +1 -0
package/dist/app.d.ts +3 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +62 -0
package/dist/app.js.map +1 -0
package/dist/config/config.schema.d.ts +65 -0
package/dist/config/config.schema.d.ts.map +1 -0
package/dist/config/config.schema.js +95 -0
package/dist/config/config.schema.js.map +1 -0
package/dist/config/index.d.ts +4 -0
package/dist/config/index.d.ts.map +1 -0
package/dist/config/index.js +75 -0
package/dist/config/index.js.map +1 -0
package/dist/container.d.ts +47 -0
package/dist/container.d.ts.map +1 -0
package/dist/container.js +137 -0
package/dist/container.js.map +1 -0
package/dist/data/database.d.ts +13 -0
package/dist/data/database.d.ts.map +1 -0
package/dist/data/database.js +68 -0
package/dist/data/database.js.map +1 -0
package/dist/data/jobs/token-cleanup.job.d.ts +23 -0
package/dist/data/jobs/token-cleanup.job.d.ts.map +1 -0
package/dist/data/jobs/token-cleanup.job.js +96 -0
package/dist/data/jobs/token-cleanup.job.js.map +1 -0
package/dist/data/migrations/migration.runner.d.ts +13 -0
package/dist/data/migrations/migration.runner.d.ts.map +1 -0
package/dist/data/migrations/migration.runner.js +136 -0
package/dist/data/migrations/migration.runner.js.map +1 -0
package/dist/data/models/Token.model.d.ts +30 -0
package/dist/data/models/Token.model.d.ts.map +1 -0
package/dist/data/models/Token.model.js +3 -0
package/dist/data/models/Token.model.js.map +1 -0
package/dist/data/repositories/token.repository.d.ts +16 -0
package/dist/data/repositories/token.repository.d.ts.map +1 -0
package/dist/data/repositories/token.repository.js +97 -0
package/dist/data/repositories/token.repository.js.map +1 -0
package/dist/providers/azure/auth.provider.d.ts +5 -0
package/dist/providers/azure/auth.provider.d.ts.map +1 -0
package/dist/providers/azure/auth.provider.js +13 -0
package/dist/providers/azure/auth.provider.js.map +1 -0
package/dist/providers/azure/azure-errors.d.ts +40 -0
package/dist/providers/azure/azure-errors.d.ts.map +1 -0
package/dist/providers/azure/azure-errors.js +121 -0
package/dist/providers/azure/azure-errors.js.map +1 -0
package/dist/providers/azure/azure-retry.d.ts +41 -0
package/dist/providers/azure/azure-retry.d.ts.map +1 -0
package/dist/providers/azure/azure-retry.js +85 -0
package/dist/providers/azure/azure-retry.js.map +1 -0
package/dist/providers/azure/graph-client.d.ts +26 -0
package/dist/providers/azure/graph-client.d.ts.map +1 -0
package/dist/providers/azure/graph-client.js +146 -0
package/dist/providers/azure/graph-client.js.map +1 -0
package/dist/providers/azure/graph.provider.d.ts +23 -0
package/dist/providers/azure/graph.provider.d.ts.map +1 -0
package/dist/providers/azure/graph.provider.js +161 -0
package/dist/providers/azure/graph.provider.js.map +1 -0
package/dist/providers/azure/queries/app.queries.d.ts +6 -0
package/dist/providers/azure/queries/app.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/app.queries.js +9 -0
package/dist/providers/azure/queries/app.queries.js.map +1 -0
package/dist/providers/azure/queries/policy.queries.d.ts +6 -0
package/dist/providers/azure/queries/policy.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/policy.queries.js +9 -0
package/dist/providers/azure/queries/policy.queries.js.map +1 -0
package/dist/providers/azure/queries/user.queries.d.ts +7 -0
package/dist/providers/azure/queries/user.queries.d.ts.map +1 -0
package/dist/providers/azure/queries/user.queries.js +10 -0
package/dist/providers/azure/queries/user.queries.js.map +1 -0
package/dist/providers/interfaces/IGraphProvider.d.ts +31 -0
package/dist/providers/interfaces/IGraphProvider.d.ts.map +1 -0
package/dist/providers/interfaces/IGraphProvider.js +3 -0
package/dist/providers/interfaces/IGraphProvider.js.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts +37 -0
package/dist/providers/interfaces/ILDAPProvider.d.ts.map +1 -0
package/dist/providers/interfaces/ILDAPProvider.js +3 -0
package/dist/providers/interfaces/ILDAPProvider.js.map +1 -0
package/dist/providers/ldap/acl-parser.d.ts +8 -0
package/dist/providers/ldap/acl-parser.d.ts.map +1 -0
package/dist/providers/ldap/acl-parser.js +157 -0
package/dist/providers/ldap/acl-parser.js.map +1 -0
package/dist/providers/ldap/ad-mappers.d.ts +8 -0
package/dist/providers/ldap/ad-mappers.d.ts.map +1 -0
package/dist/providers/ldap/ad-mappers.js +162 -0
package/dist/providers/ldap/ad-mappers.js.map +1 -0
package/dist/providers/ldap/ldap-client.d.ts +33 -0
package/dist/providers/ldap/ldap-client.d.ts.map +1 -0
package/dist/providers/ldap/ldap-client.js +195 -0
package/dist/providers/ldap/ldap-client.js.map +1 -0
package/dist/providers/ldap/ldap-errors.d.ts +48 -0
package/dist/providers/ldap/ldap-errors.d.ts.map +1 -0
package/dist/providers/ldap/ldap-errors.js +120 -0
package/dist/providers/ldap/ldap-errors.js.map +1 -0
package/dist/providers/ldap/ldap-retry.d.ts +14 -0
package/dist/providers/ldap/ldap-retry.d.ts.map +1 -0
package/dist/providers/ldap/ldap-retry.js +102 -0
package/dist/providers/ldap/ldap-retry.js.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts +12 -0
package/dist/providers/ldap/ldap-sanitizer.d.ts.map +1 -0
package/dist/providers/ldap/ldap-sanitizer.js +104 -0
package/dist/providers/ldap/ldap-sanitizer.js.map +1 -0
package/dist/providers/ldap/ldap.provider.d.ts +21 -0
package/dist/providers/ldap/ldap.provider.d.ts.map +1 -0
package/dist/providers/ldap/ldap.provider.js +165 -0
package/dist/providers/ldap/ldap.provider.js.map +1 -0
package/dist/providers/ldap/queries/computer.queries.d.ts +6 -0
package/dist/providers/ldap/queries/computer.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/computer.queries.js +9 -0
package/dist/providers/ldap/queries/computer.queries.js.map +1 -0
package/dist/providers/ldap/queries/group.queries.d.ts +6 -0
package/dist/providers/ldap/queries/group.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/group.queries.js +9 -0
package/dist/providers/ldap/queries/group.queries.js.map +1 -0
package/dist/providers/ldap/queries/user.queries.d.ts +7 -0
package/dist/providers/ldap/queries/user.queries.d.ts.map +1 -0
package/dist/providers/ldap/queries/user.queries.js +10 -0
package/dist/providers/ldap/queries/user.queries.js.map +1 -0
package/dist/providers/smb/smb.provider.d.ts +68 -0
package/dist/providers/smb/smb.provider.d.ts.map +1 -0
package/dist/providers/smb/smb.provider.js +382 -0
package/dist/providers/smb/smb.provider.js.map +1 -0
package/dist/server.d.ts +2 -0
package/dist/server.d.ts.map +1 -0
package/dist/server.js +44 -0
package/dist/server.js.map +1 -0
package/dist/services/audit/ad-audit.service.d.ts +70 -0
package/dist/services/audit/ad-audit.service.d.ts.map +1 -0
package/dist/services/audit/ad-audit.service.js +1019 -0
package/dist/services/audit/ad-audit.service.js.map +1 -0
package/dist/services/audit/attack-graph.service.d.ts +62 -0
package/dist/services/audit/attack-graph.service.d.ts.map +1 -0
package/dist/services/audit/attack-graph.service.js +702 -0
package/dist/services/audit/attack-graph.service.js.map +1 -0
package/dist/services/audit/audit.service.d.ts +4 -0
package/dist/services/audit/audit.service.d.ts.map +1 -0
package/dist/services/audit/audit.service.js +10 -0
package/dist/services/audit/audit.service.js.map +1 -0
package/dist/services/audit/azure-audit.service.d.ts +37 -0
package/dist/services/audit/azure-audit.service.d.ts.map +1 -0
package/dist/services/audit/azure-audit.service.js +153 -0
package/dist/services/audit/azure-audit.service.js.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts +37 -0
package/dist/services/audit/detectors/ad/accounts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/accounts.detector.js +881 -0
package/dist/services/audit/detectors/ad/accounts.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts +21 -0
package/dist/services/audit/detectors/ad/adcs.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/adcs.detector.js +227 -0
package/dist/services/audit/detectors/ad/adcs.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts +63 -0
package/dist/services/audit/detectors/ad/advanced.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/advanced.detector.js +867 -0
package/dist/services/audit/detectors/ad/advanced.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts +16 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js +369 -0
package/dist/services/audit/detectors/ad/attack-paths.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts +28 -0
package/dist/services/audit/detectors/ad/compliance.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/compliance.detector.js +896 -0
package/dist/services/audit/detectors/ad/compliance.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts +30 -0
package/dist/services/audit/detectors/ad/computers.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/computers.detector.js +799 -0
package/dist/services/audit/detectors/ad/computers.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/gpo.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/gpo.detector.js +257 -0
package/dist/services/audit/detectors/ad/gpo.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts +19 -0
package/dist/services/audit/detectors/ad/groups.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/groups.detector.js +488 -0
package/dist/services/audit/detectors/ad/groups.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/index.d.ts +15 -0
package/dist/services/audit/detectors/ad/index.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/index.js +51 -0
package/dist/services/audit/detectors/ad/index.js.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts +17 -0
package/dist/services/audit/detectors/ad/kerberos.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js +293 -0
package/dist/services/audit/detectors/ad/kerberos.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts +23 -0
package/dist/services/audit/detectors/ad/monitoring.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js +328 -0
package/dist/services/audit/detectors/ad/monitoring.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts +39 -0
package/dist/services/audit/detectors/ad/network.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/network.detector.js +257 -0
package/dist/services/audit/detectors/ad/network.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts +14 -0
package/dist/services/audit/detectors/ad/password.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/password.detector.js +235 -0
package/dist/services/audit/detectors/ad/password.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts +20 -0
package/dist/services/audit/detectors/ad/permissions.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/permissions.detector.js +392 -0
package/dist/services/audit/detectors/ad/permissions.detector.js.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts +11 -0
package/dist/services/audit/detectors/ad/trusts.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/ad/trusts.detector.js +186 -0
package/dist/services/audit/detectors/ad/trusts.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts +11 -0
package/dist/services/audit/detectors/azure/app-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/app-security.detector.js +184 -0
package/dist/services/audit/detectors/azure/app-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts +10 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js +130 -0
package/dist/services/audit/detectors/azure/conditional-access.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts +8 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js +113 -0
package/dist/services/audit/detectors/azure/privilege-security.detector.js.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts +14 -0
package/dist/services/audit/detectors/azure/user-security.detector.d.ts.map +1 -0
package/dist/services/audit/detectors/azure/user-security.detector.js +198 -0
package/dist/services/audit/detectors/azure/user-security.detector.js.map +1 -0
package/dist/services/audit/detectors/index.d.ts +2 -0
package/dist/services/audit/detectors/index.d.ts.map +1 -0
package/dist/services/audit/detectors/index.js +38 -0
package/dist/services/audit/detectors/index.js.map +1 -0
package/dist/services/audit/response-formatter.d.ts +176 -0
package/dist/services/audit/response-formatter.d.ts.map +1 -0
package/dist/services/audit/response-formatter.js +240 -0
package/dist/services/audit/response-formatter.js.map +1 -0
package/dist/services/audit/scoring.service.d.ts +15 -0
package/dist/services/audit/scoring.service.d.ts.map +1 -0
package/dist/services/audit/scoring.service.js +139 -0
package/dist/services/audit/scoring.service.js.map +1 -0
package/dist/services/auth/crypto.service.d.ts +19 -0
package/dist/services/auth/crypto.service.d.ts.map +1 -0
package/dist/services/auth/crypto.service.js +135 -0
package/dist/services/auth/crypto.service.js.map +1 -0
package/dist/services/auth/errors.d.ts +19 -0
package/dist/services/auth/errors.d.ts.map +1 -0
package/dist/services/auth/errors.js +46 -0
package/dist/services/auth/errors.js.map +1 -0
package/dist/services/auth/token.service.d.ts +41 -0
package/dist/services/auth/token.service.d.ts.map +1 -0
package/dist/services/auth/token.service.js +208 -0
package/dist/services/auth/token.service.js.map +1 -0
package/dist/services/config/config.service.d.ts +6 -0
package/dist/services/config/config.service.d.ts.map +1 -0
package/dist/services/config/config.service.js +64 -0
package/dist/services/config/config.service.js.map +1 -0
package/dist/services/export/export.service.d.ts +28 -0
package/dist/services/export/export.service.d.ts.map +1 -0
package/dist/services/export/export.service.js +28 -0
package/dist/services/export/export.service.js.map +1 -0
package/dist/services/export/formatters/csv.formatter.d.ts +8 -0
package/dist/services/export/formatters/csv.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/csv.formatter.js +46 -0
package/dist/services/export/formatters/csv.formatter.js.map +1 -0
package/dist/services/export/formatters/json.formatter.d.ts +40 -0
package/dist/services/export/formatters/json.formatter.d.ts.map +1 -0
package/dist/services/export/formatters/json.formatter.js +58 -0
package/dist/services/export/formatters/json.formatter.js.map +1 -0
package/dist/services/jobs/azure-job-runner.d.ts +38 -0
package/dist/services/jobs/azure-job-runner.d.ts.map +1 -0
package/dist/services/jobs/azure-job-runner.js +199 -0
package/dist/services/jobs/azure-job-runner.js.map +1 -0
package/dist/services/jobs/index.d.ts +4 -0
package/dist/services/jobs/index.d.ts.map +1 -0
package/dist/services/jobs/index.js +20 -0
package/dist/services/jobs/index.js.map +1 -0
package/dist/services/jobs/job-runner.d.ts +64 -0
package/dist/services/jobs/job-runner.d.ts.map +1 -0
package/dist/services/jobs/job-runner.js +952 -0
package/dist/services/jobs/job-runner.js.map +1 -0
package/dist/services/jobs/job-store.d.ts +27 -0
package/dist/services/jobs/job-store.d.ts.map +1 -0
package/dist/services/jobs/job-store.js +261 -0
package/dist/services/jobs/job-store.js.map +1 -0
package/dist/services/jobs/job.types.d.ts +67 -0
package/dist/services/jobs/job.types.d.ts.map +1 -0
package/dist/services/jobs/job.types.js +36 -0
package/dist/services/jobs/job.types.js.map +1 -0
package/dist/types/ad.types.d.ts +74 -0
package/dist/types/ad.types.d.ts.map +1 -0
package/dist/types/ad.types.js +3 -0
package/dist/types/ad.types.js.map +1 -0
package/dist/types/adcs.types.d.ts +58 -0
package/dist/types/adcs.types.d.ts.map +1 -0
package/dist/types/adcs.types.js +38 -0
package/dist/types/adcs.types.js.map +1 -0
package/dist/types/attack-graph.types.d.ts +135 -0
package/dist/types/attack-graph.types.d.ts.map +1 -0
package/dist/types/attack-graph.types.js +58 -0
package/dist/types/attack-graph.types.js.map +1 -0
package/dist/types/audit.types.d.ts +34 -0
package/dist/types/audit.types.d.ts.map +1 -0
package/dist/types/audit.types.js +3 -0
package/dist/types/audit.types.js.map +1 -0
package/dist/types/azure.types.d.ts +61 -0
package/dist/types/azure.types.d.ts.map +1 -0
package/dist/types/azure.types.js +3 -0
package/dist/types/azure.types.js.map +1 -0
package/dist/types/config.types.d.ts +63 -0
package/dist/types/config.types.d.ts.map +1 -0
package/dist/types/config.types.js +3 -0
package/dist/types/config.types.js.map +1 -0
package/dist/types/error.types.d.ts +33 -0
package/dist/types/error.types.d.ts.map +1 -0
package/dist/types/error.types.js +70 -0
package/dist/types/error.types.js.map +1 -0
package/dist/types/finding.types.d.ts +133 -0
package/dist/types/finding.types.d.ts.map +1 -0
package/dist/types/finding.types.js +3 -0
package/dist/types/finding.types.js.map +1 -0
package/dist/types/gpo.types.d.ts +39 -0
package/dist/types/gpo.types.d.ts.map +1 -0
package/dist/types/gpo.types.js +15 -0
package/dist/types/gpo.types.js.map +1 -0
package/dist/types/token.types.d.ts +26 -0
package/dist/types/token.types.d.ts.map +1 -0
package/dist/types/token.types.js +3 -0
package/dist/types/token.types.js.map +1 -0
package/dist/types/trust.types.d.ts +45 -0
package/dist/types/trust.types.d.ts.map +1 -0
package/dist/types/trust.types.js +71 -0
package/dist/types/trust.types.js.map +1 -0
package/dist/utils/entity-converter.d.ts +17 -0
package/dist/utils/entity-converter.d.ts.map +1 -0
package/dist/utils/entity-converter.js +285 -0
package/dist/utils/entity-converter.js.map +1 -0
package/dist/utils/graph.util.d.ts +66 -0
package/dist/utils/graph.util.d.ts.map +1 -0
package/dist/utils/graph.util.js +382 -0
package/dist/utils/graph.util.js.map +1 -0
package/dist/utils/logger.d.ts +7 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +86 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/type-name-normalizer.d.ts +5 -0
package/dist/utils/type-name-normalizer.d.ts.map +1 -0
package/dist/utils/type-name-normalizer.js +218 -0
package/dist/utils/type-name-normalizer.js.map +1 -0
package/docker-compose.yml +26 -0
package/docs/api/README.md +178 -0
package/docs/api/openapi.yaml +1524 -0
package/eslint.config.js +54 -0
package/jest.config.js +38 -0
package/package.json +97 -0
package/scripts/fetch-ad-cert.sh +142 -0
package/src/.gitkeep +0 -0
package/src/api/.gitkeep +0 -0
package/src/api/controllers/.gitkeep +0 -0
package/src/api/controllers/audit.controller.ts +313 -0
package/src/api/controllers/auth.controller.ts +258 -0
package/src/api/controllers/export.controller.ts +153 -0
package/src/api/controllers/health.controller.ts +16 -0
package/src/api/controllers/jobs.controller.ts +187 -0
package/src/api/controllers/providers.controller.ts +165 -0
package/src/api/dto/.gitkeep +0 -0
package/src/api/dto/AuditRequest.dto.ts +8 -0
package/src/api/dto/AuditResponse.dto.ts +19 -0
package/src/api/dto/TokenRequest.dto.ts +8 -0
package/src/api/dto/TokenResponse.dto.ts +14 -0
package/src/api/middlewares/.gitkeep +0 -0
package/src/api/middlewares/authenticate.ts +203 -0
package/src/api/middlewares/errorHandler.ts +54 -0
package/src/api/middlewares/rateLimit.ts +35 -0
package/src/api/middlewares/validate.ts +32 -0
package/src/api/routes/.gitkeep +0 -0
package/src/api/routes/audit.routes.ts +77 -0
package/src/api/routes/auth.routes.ts +71 -0
package/src/api/routes/export.routes.ts +34 -0
package/src/api/routes/health.routes.ts +14 -0
package/src/api/routes/index.ts +40 -0
package/src/api/routes/providers.routes.ts +24 -0
package/src/api/validators/.gitkeep +0 -0
package/src/api/validators/audit.schemas.ts +59 -0
package/src/api/validators/auth.schemas.ts +59 -0
package/src/app.ts +87 -0
package/src/config/.gitkeep +0 -0
package/src/config/config.schema.ts +108 -0
package/src/config/index.ts +82 -0
package/src/container.ts +221 -0
package/src/data/.gitkeep +0 -0
package/src/data/database.ts +78 -0
package/src/data/jobs/token-cleanup.job.ts +166 -0
package/src/data/migrations/.gitkeep +0 -0
package/src/data/migrations/001_initial_schema.sql +47 -0
package/src/data/migrations/migration.runner.ts +125 -0
package/src/data/models/.gitkeep +0 -0
package/src/data/models/Token.model.ts +35 -0
package/src/data/repositories/.gitkeep +0 -0
package/src/data/repositories/token.repository.ts +160 -0
package/src/providers/.gitkeep +0 -0
package/src/providers/azure/.gitkeep +0 -0
package/src/providers/azure/auth.provider.ts +14 -0
package/src/providers/azure/azure-errors.ts +189 -0
package/src/providers/azure/azure-retry.ts +168 -0
package/src/providers/azure/graph-client.ts +315 -0
package/src/providers/azure/graph.provider.ts +294 -0
package/src/providers/azure/queries/app.queries.ts +9 -0
package/src/providers/azure/queries/policy.queries.ts +9 -0
package/src/providers/azure/queries/user.queries.ts +10 -0
package/src/providers/interfaces/.gitkeep +0 -0
package/src/providers/interfaces/IGraphProvider.ts +117 -0
package/src/providers/interfaces/ILDAPProvider.ts +142 -0
package/src/providers/ldap/.gitkeep +0 -0
package/src/providers/ldap/acl-parser.ts +231 -0
package/src/providers/ldap/ad-mappers.ts +280 -0
package/src/providers/ldap/ldap-client.ts +259 -0
package/src/providers/ldap/ldap-errors.ts +188 -0
package/src/providers/ldap/ldap-retry.ts +267 -0
package/src/providers/ldap/ldap-sanitizer.ts +273 -0
package/src/providers/ldap/ldap.provider.ts +293 -0
package/src/providers/ldap/queries/computer.queries.ts +9 -0
package/src/providers/ldap/queries/group.queries.ts +9 -0
package/src/providers/ldap/queries/user.queries.ts +10 -0
package/src/providers/smb/smb.provider.ts +653 -0
package/src/server.ts +60 -0
package/src/services/.gitkeep +0 -0
package/src/services/audit/.gitkeep +0 -0
package/src/services/audit/ad-audit.service.ts +1481 -0
package/src/services/audit/attack-graph.service.ts +1104 -0
package/src/services/audit/audit.service.ts +12 -0
package/src/services/audit/azure-audit.service.ts +286 -0
package/src/services/audit/detectors/ad/accounts.detector.ts +1232 -0
package/src/services/audit/detectors/ad/adcs.detector.ts +449 -0
package/src/services/audit/detectors/ad/advanced.detector.ts +1270 -0
package/src/services/audit/detectors/ad/attack-paths.detector.ts +600 -0
package/src/services/audit/detectors/ad/compliance.detector.ts +1421 -0
package/src/services/audit/detectors/ad/computers.detector.ts +1188 -0
package/src/services/audit/detectors/ad/gpo.detector.ts +485 -0
package/src/services/audit/detectors/ad/groups.detector.ts +685 -0
package/src/services/audit/detectors/ad/index.ts +84 -0
package/src/services/audit/detectors/ad/kerberos.detector.ts +424 -0
package/src/services/audit/detectors/ad/monitoring.detector.ts +501 -0
package/src/services/audit/detectors/ad/network.detector.ts +538 -0
package/src/services/audit/detectors/ad/password.detector.ts +324 -0
package/src/services/audit/detectors/ad/permissions.detector.ts +637 -0
package/src/services/audit/detectors/ad/trusts.detector.ts +315 -0
package/src/services/audit/detectors/azure/app-security.detector.ts +246 -0
package/src/services/audit/detectors/azure/conditional-access.detector.ts +186 -0
package/src/services/audit/detectors/azure/privilege-security.detector.ts +176 -0
package/src/services/audit/detectors/azure/user-security.detector.ts +280 -0
package/src/services/audit/detectors/index.ts +18 -0
package/src/services/audit/response-formatter.ts +604 -0
package/src/services/audit/scoring.service.ts +234 -0
package/src/services/auth/.gitkeep +0 -0
package/src/services/auth/crypto.service.ts +230 -0
package/src/services/auth/errors.ts +47 -0
package/src/services/auth/token.service.ts +420 -0
package/src/services/config/.gitkeep +0 -0
package/src/services/config/config.service.ts +75 -0
package/src/services/export/.gitkeep +0 -0
package/src/services/export/export.service.ts +99 -0
package/src/services/export/formatters/csv.formatter.ts +124 -0
package/src/services/export/formatters/json.formatter.ts +160 -0
package/src/services/jobs/azure-job-runner.ts +312 -0
package/src/services/jobs/index.ts +9 -0
package/src/services/jobs/job-runner.ts +1280 -0
package/src/services/jobs/job-store.ts +384 -0
package/src/services/jobs/job.types.ts +182 -0
package/src/types/.gitkeep +0 -0
package/src/types/ad.types.ts +91 -0
package/src/types/adcs.types.ts +107 -0
package/src/types/attack-graph.types.ts +260 -0
package/src/types/audit.types.ts +42 -0
package/src/types/azure.types.ts +68 -0
package/src/types/config.types.ts +79 -0
package/src/types/error.types.ts +69 -0
package/src/types/finding.types.ts +284 -0
package/src/types/gpo.types.ts +72 -0
package/src/types/smb2.d.ts +73 -0
package/src/types/token.types.ts +32 -0
package/src/types/trust.types.ts +140 -0
package/src/utils/.gitkeep +0 -0
package/src/utils/entity-converter.ts +453 -0
package/src/utils/graph.util.ts +609 -0
package/src/utils/logger.ts +111 -0
package/src/utils/type-name-normalizer.ts +302 -0
package/tests/.gitkeep +0 -0
package/tests/e2e/.gitkeep +0 -0
package/tests/fixtures/.gitkeep +0 -0
package/tests/integration/.gitkeep +0 -0
package/tests/integration/README.md +156 -0
package/tests/integration/ad-audit.integration.test.ts +216 -0
package/tests/integration/api/.gitkeep +0 -0
package/tests/integration/api/endpoints.integration.test.ts +431 -0
package/tests/integration/auth/jwt-authentication.integration.test.ts +358 -0
package/tests/integration/providers/.gitkeep +0 -0
package/tests/integration/providers/azure-basic.integration.test.ts +167 -0
package/tests/integration/providers/ldap-basic.integration.test.ts +152 -0
package/tests/integration/providers/ldap-connectivity.test.ts +44 -0
package/tests/integration/providers/ldap-provider.integration.test.ts +347 -0
package/tests/mocks/.gitkeep +0 -0
package/tests/setup.ts +16 -0
package/tests/unit/.gitkeep +0 -0
package/tests/unit/api/middlewares/authenticate.test.ts +446 -0
package/tests/unit/providers/.gitkeep +0 -0
package/tests/unit/providers/azure/azure-errors.test.ts +193 -0
package/tests/unit/providers/azure/azure-retry.test.ts +254 -0
package/tests/unit/providers/azure/graph-provider.test.ts +313 -0
package/tests/unit/providers/ldap/ad-mappers.test.ts +392 -0
package/tests/unit/providers/ldap/ldap-provider.test.ts +376 -0
package/tests/unit/providers/ldap/ldap-retry.test.ts +377 -0
package/tests/unit/providers/ldap/ldap-sanitizer.test.ts +301 -0
package/tests/unit/sample.test.ts +19 -0
package/tests/unit/services/.gitkeep +0 -0
package/tests/unit/services/audit/detectors/ad/accounts.detector.test.ts +393 -0
package/tests/unit/services/audit/detectors/ad/advanced.detector.test.ts +380 -0
package/tests/unit/services/audit/detectors/ad/computers.detector.test.ts +440 -0
package/tests/unit/services/audit/detectors/ad/groups.detector.test.ts +276 -0
package/tests/unit/services/audit/detectors/ad/kerberos.detector.test.ts +215 -0
package/tests/unit/services/audit/detectors/ad/password.detector.test.ts +226 -0
package/tests/unit/services/audit/detectors/ad/permissions.detector.test.ts +244 -0
package/tests/unit/services/audit/detectors/azure/app-security.detector.test.ts +349 -0
package/tests/unit/services/audit/detectors/azure/conditional-access.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/privilege-security.detector.test.ts +374 -0
package/tests/unit/services/audit/detectors/azure/user-security.detector.test.ts +297 -0
package/tests/unit/services/auth/crypto.service.test.ts +296 -0
package/tests/unit/services/auth/token.service.test.ts +579 -0
package/tests/unit/services/export/export.service.test.ts +241 -0
package/tests/unit/services/export/formatters/csv.formatter.test.ts +270 -0
package/tests/unit/services/export/formatters/json.formatter.test.ts +258 -0
package/tests/unit/utils/.gitkeep +0 -0
package/tsconfig.json +50 -0

package/tests/unit/providers/ldap/ldap-retry.test.ts ADDED Viewed

@@ -0,0 +1,377 @@
+import {
+  retryWithBackoff,
+  retryable,
+  isRetryableError,
+  LDAP_RETRY_OPTIONS,
+} from '../../../../src/providers/ldap/ldap-retry';
+/**
+ * Unit Tests for LDAP Retry Logic
+ * Task 8: Write Unit Tests for LDAP Provider (Story 1.5)
+ */
+// Mock logger to avoid console output during tests
+jest.mock('../../../../src/utils/logger', () => ({
+  logger: {
+    info: jest.fn(),
+    warn: jest.fn(),
+    error: jest.fn(),
+    debug: jest.fn(),
+  },
+}));
+describe('LDAP Retry Logic', () => {
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+  describe('isRetryableError', () => {
+    it('should identify ECONNREFUSED as retryable', () => {
+      const error = new Error('Connection refused') as Error & { code: string };
+      error.code = 'ECONNREFUSED';
+      expect(isRetryableError(error)).toBe(true);
+    });
+    it('should identify ECONNRESET as retryable', () => {
+      const error = new Error('Connection reset') as Error & { code: string };
+      error.code = 'ECONNRESET';
+      expect(isRetryableError(error)).toBe(true);
+    });
+    it('should identify ETIMEDOUT as retryable', () => {
+      const error = new Error('Timeout') as Error & { code: string };
+      error.code = 'ETIMEDOUT';
+      expect(isRetryableError(error)).toBe(true);
+    });
+    it('should identify timeout message as retryable', () => {
+      const error = new Error('Operation timed out');
+      expect(isRetryableError(error)).toBe(true);
+    });
+    it('should identify connection errors as retryable', () => {
+      const error = new Error('Connection error occurred');
+      expect(isRetryableError(error)).toBe(true);
+    });
+    it('should identify network errors as retryable', () => {
+      const error = new Error('Network is unavailable');
+      expect(isRetryableError(error)).toBe(true);
+    });
+    it('should NOT identify authentication errors as retryable', () => {
+      const error = new Error('Invalid credentials');
+      expect(isRetryableError(error)).toBe(false);
+    });
+    it('should NOT identify bind failures as retryable', () => {
+      const error = new Error('Bind failed: invalid DN');
+      expect(isRetryableError(error)).toBe(false);
+    });
+    it('should NOT identify authentication failed as retryable', () => {
+      const error = new Error('Authentication failed');
+      expect(isRetryableError(error)).toBe(false);
+    });
+  });
+  describe('retryWithBackoff', () => {
+    it('should succeed on first attempt', async () => {
+      const operation = jest.fn().mockResolvedValue('success');
+      const result = await retryWithBackoff(operation, { maxAttempts: 3 });
+      expect(result).toBe('success');
+      expect(operation).toHaveBeenCalledTimes(1);
+    });
+    it('should retry on failure and eventually succeed', async () => {
+      const operation = jest
+        .fn()
+        .mockRejectedValueOnce(new Error('Temporary failure'))
+        .mockRejectedValueOnce(new Error('Another failure'))
+        .mockResolvedValue('success');
+      const result = await retryWithBackoff(operation, {
+        maxAttempts: 3,
+        initialDelay: 10,
+      });
+      expect(result).toBe('success');
+      expect(operation).toHaveBeenCalledTimes(3);
+    });
+    it('should throw error after max attempts', async () => {
+      const operation = jest.fn().mockRejectedValue(new Error('Persistent failure'));
+      await expect(
+        retryWithBackoff(operation, {
+          maxAttempts: 3,
+          initialDelay: 10,
+        })
+      ).rejects.toThrow('Persistent failure');
+      expect(operation).toHaveBeenCalledTimes(3);
+    });
+    it('should not retry if shouldRetry returns false', async () => {
+      const operation = jest.fn().mockRejectedValue(new Error('Auth failure'));
+      await expect(
+        retryWithBackoff(operation, {
+          maxAttempts: 3,
+          initialDelay: 10,
+          shouldRetry: () => false,
+        })
+      ).rejects.toThrow('Auth failure');
+      expect(operation).toHaveBeenCalledTimes(1);
+    });
+    it('should call onRetry callback before each retry', async () => {
+      const operation = jest
+        .fn()
+        .mockRejectedValueOnce(new Error('Failure 1'))
+        .mockResolvedValue('success');
+      const onRetry = jest.fn();
+      await retryWithBackoff(operation, {
+        maxAttempts: 3,
+        initialDelay: 10,
+        onRetry,
+      });
+      expect(onRetry).toHaveBeenCalledTimes(1);
+      expect(onRetry).toHaveBeenCalledWith(
+        expect.objectContaining({ message: 'Failure 1' }),
+        0,
+        expect.any(Number)
+      );
+    });
+    it('should apply exponential backoff', async () => {
+      const operation = jest
+        .fn()
+        .mockRejectedValueOnce(new Error('Failure 1'))
+        .mockRejectedValueOnce(new Error('Failure 2'))
+        .mockResolvedValue('success');
+      const delays: number[] = [];
+      const onRetry = jest.fn((_error, _attempt, delay) => {
+        delays.push(delay);
+      });
+      const startTime = Date.now();
+      await retryWithBackoff(operation, {
+        maxAttempts: 3,
+        initialDelay: 100,
+        backoffMultiplier: 2,
+        jitterFactor: 0,
+        onRetry,
+      });
+      const elapsedTime = Date.now() - startTime;
+      // First delay should be ~100ms, second should be ~200ms
+      // Total should be at least 300ms
+      expect(elapsedTime).toBeGreaterThanOrEqual(250);
+      expect(delays[0]).toBeGreaterThanOrEqual(90);
+      expect(delays[1]).toBeGreaterThanOrEqual(180);
+    });
+    it(
+      'should respect maxDelay cap',
+      async () => {
+        const operation = jest.fn().mockRejectedValue(new Error('Failure'));
+        const delays: number[] = [];
+        const onRetry = jest.fn((_error, _attempt, delay) => {
+          delays.push(delay);
+        });
+        try {
+          await retryWithBackoff(operation, {
+            maxAttempts: 5,
+            initialDelay: 1000,
+            maxDelay: 2000,
+            backoffMultiplier: 3,
+            jitterFactor: 0,
+            onRetry,
+          });
+        } catch (error) {
+          // Expected to fail
+        }
+        // All delays should be capped at maxDelay
+        delays.forEach((delay) => {
+          expect(delay).toBeLessThanOrEqual(2000);
+        });
+      },
+      10000
+    ); // 10 second timeout
+    it('should add jitter to delays', async () => {
+      const operation = jest
+        .fn()
+        .mockRejectedValueOnce(new Error('Failure 1'))
+        .mockRejectedValueOnce(new Error('Failure 2'))
+        .mockResolvedValue('success');
+      const delays: number[] = [];
+      const onRetry = jest.fn((_error, _attempt, delay) => {
+        delays.push(delay);
+      });
+      await retryWithBackoff(operation, {
+        maxAttempts: 3,
+        initialDelay: 1000,
+        backoffMultiplier: 1,
+        jitterFactor: 0.5, // 50% jitter
+        onRetry,
+      });
+      // With jitter, delays should vary around 1000ms
+      // Could be between 500ms and 1500ms
+      delays.forEach((delay) => {
+        expect(delay).toBeGreaterThanOrEqual(400);
+        expect(delay).toBeLessThanOrEqual(1600);
+      });
+    });
+    it('should handle non-Error objects', async () => {
+      const operation = jest.fn().mockRejectedValue('String error');
+      await expect(
+        retryWithBackoff(operation, {
+          maxAttempts: 2,
+          initialDelay: 10,
+        })
+      ).rejects.toThrow('String error');
+      expect(operation).toHaveBeenCalledTimes(2);
+    });
+  });
+  describe('retryable', () => {
+    it('should create retryable function that succeeds', async () => {
+      const originalFn = jest.fn((x: number) => Promise.resolve(x * 2));
+      const retryableFn = retryable(originalFn, { maxAttempts: 3 });
+      const result = await retryableFn(5);
+      expect(result).toBe(10);
+      expect(originalFn).toHaveBeenCalledWith(5);
+      expect(originalFn).toHaveBeenCalledTimes(1);
+    });
+    it('should create retryable function that retries on failure', async () => {
+      const originalFn = jest
+        .fn()
+        .mockRejectedValueOnce(new Error('Failure'))
+        .mockResolvedValue('success');
+      const retryableFn = retryable(originalFn, {
+        maxAttempts: 3,
+        initialDelay: 10,
+      });
+      const result = await retryableFn();
+      expect(result).toBe('success');
+      expect(originalFn).toHaveBeenCalledTimes(2);
+    });
+    it('should pass arguments to retried function', async () => {
+      const originalFn = jest.fn((a: number, b: string) =>
+        Promise.resolve(`${a}-${b}`)
+      );
+      const retryableFn = retryable(originalFn);
+      const result = await retryableFn(42, 'test');
+      expect(result).toBe('42-test');
+      expect(originalFn).toHaveBeenCalledWith(42, 'test');
+    });
+  });
+  describe('LDAP_RETRY_OPTIONS', () => {
+    it('should have correct default values', () => {
+      expect(LDAP_RETRY_OPTIONS.maxAttempts).toBe(3);
+      expect(LDAP_RETRY_OPTIONS.initialDelay).toBe(1000);
+      expect(LDAP_RETRY_OPTIONS.maxDelay).toBe(10000);
+      expect(LDAP_RETRY_OPTIONS.backoffMultiplier).toBe(2);
+      expect(LDAP_RETRY_OPTIONS.jitterFactor).toBe(0.1);
+    });
+    it('should use isRetryableError as shouldRetry', () => {
+      const retryableErr = new Error('timeout') as Error;
+      const nonRetryableErr = new Error('invalid credentials');
+      expect(LDAP_RETRY_OPTIONS.shouldRetry!(retryableErr, 0)).toBe(true);
+      expect(LDAP_RETRY_OPTIONS.shouldRetry!(nonRetryableErr, 0)).toBe(false);
+    });
+    it('should have onRetry callback', () => {
+      expect(LDAP_RETRY_OPTIONS.onRetry).toBeDefined();
+      expect(typeof LDAP_RETRY_OPTIONS.onRetry).toBe('function');
+    });
+  });
+  describe('Integration test with realistic scenario', () => {
+    it('should handle transient network failure followed by success', async () => {
+      // Simulate a flaky network connection
+      let attemptCount = 0;
+      const flakyOperation = async () => {
+        attemptCount++;
+        if (attemptCount < 3) {
+          const error = new Error('Network timeout') as Error & { code: string };
+          error.code = 'ETIMEDOUT';
+          throw error;
+        }
+        return 'Connected successfully';
+      };
+      const result = await retryWithBackoff(flakyOperation, {
+        maxAttempts: 3,
+        initialDelay: 10,
+        shouldRetry: isRetryableError,
+      });
+      expect(result).toBe('Connected successfully');
+      expect(attemptCount).toBe(3);
+    });
+    it('should immediately fail on authentication error', async () => {
+      const operation = async () => {
+        throw new Error('Invalid credentials');
+      };
+      const startTime = Date.now();
+      await expect(
+        retryWithBackoff(operation, {
+          maxAttempts: 5,
+          initialDelay: 100,
+          shouldRetry: isRetryableError,
+        })
+      ).rejects.toThrow('Invalid credentials');
+      const elapsedTime = Date.now() - startTime;
+      // Should fail immediately without retries (< 50ms)
+      expect(elapsedTime).toBeLessThan(50);
+    });
+  });
+});

package/tests/unit/providers/ldap/ldap-sanitizer.test.ts ADDED Viewed

@@ -0,0 +1,301 @@
+import { LDAPSanitizer } from '../../../../src/providers/ldap/ldap-sanitizer';
+/**
+ * Unit Tests for LDAP Sanitizer
+ * Task 8: Write Unit Tests for LDAP Provider (Story 1.5)
+ */
+describe('LDAPSanitizer', () => {
+  describe('sanitizeFilter', () => {
+    it('should escape backslash characters', () => {
+      const input = 'user\\name';
+      const result = LDAPSanitizer.sanitizeFilter(input);
+      expect(result).toBe('user\\5cname');
+    });
+    it('should escape asterisk characters', () => {
+      const input = 'user*';
+      const result = LDAPSanitizer.sanitizeFilter(input);
+      expect(result).toBe('user\\2a');
+    });
+    it('should escape parentheses', () => {
+      const input = 'user(name)';
+      const result = LDAPSanitizer.sanitizeFilter(input);
+      expect(result).toBe('user\\28name\\29');
+    });
+    it('should escape NUL character', () => {
+      const input = 'user\0name';
+      const result = LDAPSanitizer.sanitizeFilter(input);
+      expect(result).toBe('user\\00name');
+    });
+    it('should prevent LDAP injection with multiple special chars', () => {
+      const maliciousInput = '*)(objectClass=*)';
+      const result = LDAPSanitizer.sanitizeFilter(maliciousInput);
+      expect(result).toBe('\\2a\\29\\28objectClass=\\2a\\29');
+    });
+    it('should handle empty string', () => {
+      const result = LDAPSanitizer.sanitizeFilter('');
+      expect(result).toBe('');
+    });
+    it('should handle string with no special characters', () => {
+      const input = 'john.doe';
+      const result = LDAPSanitizer.sanitizeFilter(input);
+      expect(result).toBe('john.doe');
+    });
+    it('should escape backslash before other special chars to prevent double-escaping', () => {
+      const input = '\\*';
+      const result = LDAPSanitizer.sanitizeFilter(input);
+      expect(result).toBe('\\5c\\2a');
+    });
+  });
+  describe('sanitizeDN', () => {
+    it('should escape comma in DN value', () => {
+      const input = 'John, Doe';
+      const result = LDAPSanitizer.sanitizeDN(input);
+      expect(result).toBe('John\\, Doe');
+    });
+    it('should escape equals sign in value', () => {
+      const input = 'user=name';
+      const result = LDAPSanitizer.sanitizeDN(input);
+      expect(result).toBe('user\\=name');
+    });
+    it('should escape plus sign in value', () => {
+      const input = 'test+value';
+      const result = LDAPSanitizer.sanitizeDN(input);
+      expect(result).toBe('test\\+value');
+    });
+    it('should escape leading space', () => {
+      const input = ' leading';
+      const result = LDAPSanitizer.sanitizeDN(input);
+      expect(result).toBe('\\ leading');
+    });
+    it('should escape trailing space', () => {
+      const input = 'trailing ';
+      const result = LDAPSanitizer.sanitizeDN(input);
+      expect(result).toBe('trailing\\ ');
+    });
+    it('should escape leading hash', () => {
+      const input = '#hash';
+      const result = LDAPSanitizer.sanitizeDN(input);
+      expect(result).toBe('\\#hash');
+    });
+    it('should escape backslash in value', () => {
+      const input = 'test\\value';
+      const result = LDAPSanitizer.sanitizeDN(input);
+      expect(result).toBe('test\\\\value');
+    });
+    it('should handle empty string', () => {
+      const result = LDAPSanitizer.sanitizeDN('');
+      expect(result).toBe('');
+    });
+    it('should handle simple value with no special characters', () => {
+      const input = 'JohnDoe';
+      const result = LDAPSanitizer.sanitizeDN(input);
+      expect(result).toBe('JohnDoe');
+    });
+  });
+  describe('isValidFilter', () => {
+    it('should validate simple filter', () => {
+      const result = LDAPSanitizer.isValidFilter('(uid=john)');
+      expect(result).toBe(true);
+    });
+    it('should validate AND filter', () => {
+      const result = LDAPSanitizer.isValidFilter('(&(uid=john)(objectClass=person))');
+      expect(result).toBe(true);
+    });
+    it('should validate OR filter', () => {
+      const result = LDAPSanitizer.isValidFilter('(|(uid=john)(uid=jane))');
+      expect(result).toBe(true);
+    });
+    it('should validate NOT filter', () => {
+      const result = LDAPSanitizer.isValidFilter('(!(uid=admin))');
+      expect(result).toBe(true);
+    });
+    it('should reject filter without parentheses', () => {
+      const result = LDAPSanitizer.isValidFilter('uid=john');
+      expect(result).toBe(false);
+    });
+    it('should reject filter with unbalanced parentheses', () => {
+      const result = LDAPSanitizer.isValidFilter('(uid=john');
+      expect(result).toBe(false);
+    });
+    it('should reject filter with extra closing parenthesis', () => {
+      const result = LDAPSanitizer.isValidFilter('(uid=john))');
+      expect(result).toBe(false);
+    });
+    it('should reject empty string', () => {
+      const result = LDAPSanitizer.isValidFilter('');
+      expect(result).toBe(false);
+    });
+    it('should reject empty parentheses', () => {
+      const result = LDAPSanitizer.isValidFilter('()');
+      expect(result).toBe(false);
+    });
+    it('should validate complex nested filter', () => {
+      const result = LDAPSanitizer.isValidFilter(
+        '(&(objectClass=user)(|(uid=john)(mail=john@example.com)))'
+      );
+      expect(result).toBe(true);
+    });
+  });
+  describe('isValidDN', () => {
+    it('should validate simple DN', () => {
+      const result = LDAPSanitizer.isValidDN('cn=John Doe');
+      expect(result).toBe(true);
+    });
+    it('should validate full DN', () => {
+      const result = LDAPSanitizer.isValidDN('cn=John Doe,ou=Users,dc=example,dc=com');
+      expect(result).toBe(true);
+    });
+    it('should validate DN with spaces', () => {
+      const result = LDAPSanitizer.isValidDN('cn=John Doe, ou=Users, dc=example, dc=com');
+      expect(result).toBe(true);
+    });
+    it('should reject invalid DN format', () => {
+      const result = LDAPSanitizer.isValidDN('invalid-dn');
+      expect(result).toBe(false);
+    });
+    it('should reject empty string', () => {
+      const result = LDAPSanitizer.isValidDN('');
+      expect(result).toBe(false);
+    });
+    it('should reject DN with invalid attribute name', () => {
+      const result = LDAPSanitizer.isValidDN('123invalid=value');
+      expect(result).toBe(false);
+    });
+  });
+  describe('sanitizeAttribute', () => {
+    it('should allow valid attribute names', () => {
+      const result = LDAPSanitizer.sanitizeAttribute('sAMAccountName');
+      expect(result).toBe('sAMAccountName');
+    });
+    it('should allow attributes with hyphens', () => {
+      const result = LDAPSanitizer.sanitizeAttribute('user-name');
+      expect(result).toBe('user-name');
+    });
+    it('should allow attributes with dots', () => {
+      const result = LDAPSanitizer.sanitizeAttribute('user.name');
+      expect(result).toBe('user.name');
+    });
+    it('should remove special characters', () => {
+      const result = LDAPSanitizer.sanitizeAttribute('user@name!');
+      expect(result).toBe('username');
+    });
+    it('should handle empty string', () => {
+      const result = LDAPSanitizer.sanitizeAttribute('');
+      expect(result).toBe('');
+    });
+  });
+  describe('buildFilter', () => {
+    it('should build simple equality filter', () => {
+      const result = LDAPSanitizer.buildFilter('uid', '=', 'john');
+      expect(result).toBe('(uid=john)');
+    });
+    it('should sanitize filter value', () => {
+      const result = LDAPSanitizer.buildFilter('uid', '=', 'john*');
+      expect(result).toBe('(uid=john\\2a)');
+    });
+    it('should build greater-than filter', () => {
+      const result = LDAPSanitizer.buildFilter('age', '>=', '18');
+      expect(result).toBe('(age>=18)');
+    });
+    it('should build less-than filter', () => {
+      const result = LDAPSanitizer.buildFilter('age', '<=', '65');
+      expect(result).toBe('(age<=65)');
+    });
+    it('should build approximate filter', () => {
+      const result = LDAPSanitizer.buildFilter('name', '~=', 'john');
+      expect(result).toBe('(name~=john)');
+    });
+    it('should allow wildcards with =* operator', () => {
+      const result = LDAPSanitizer.buildFilter('uid', '=*', '*john*');
+      expect(result).toBe('(uid=**john*)');
+    });
+    it('should sanitize attribute name', () => {
+      const result = LDAPSanitizer.buildFilter('user@name', '=', 'john');
+      expect(result).toBe('(username=john)');
+    });
+  });
+  describe('buildLogicalFilter', () => {
+    it('should build AND filter', () => {
+      const result = LDAPSanitizer.buildLogicalFilter('&', [
+        '(uid=john)',
+        '(objectClass=person)',
+      ]);
+      expect(result).toBe('(&(uid=john)(objectClass=person))');
+    });
+    it('should build OR filter', () => {
+      const result = LDAPSanitizer.buildLogicalFilter('|', ['(uid=john)', '(uid=jane)']);
+      expect(result).toBe('(|(uid=john)(uid=jane))');
+    });
+    it('should build NOT filter', () => {
+      const result = LDAPSanitizer.buildLogicalFilter('!', ['(uid=admin)']);
+      expect(result).toBe('(!(uid=admin))');
+    });
+    it('should handle empty array', () => {
+      const result = LDAPSanitizer.buildLogicalFilter('&', []);
+      expect(result).toBe('');
+    });
+    it('should throw error for NOT with multiple filters', () => {
+      expect(() => {
+        LDAPSanitizer.buildLogicalFilter('!', ['(uid=john)', '(uid=jane)']);
+      }).toThrow('NOT operator requires exactly one filter');
+    });
+    it('should handle nested filters', () => {
+      const result = LDAPSanitizer.buildLogicalFilter('&', [
+        '(objectClass=user)',
+        '(|(uid=john)(mail=john@example.com))',
+      ]);
+      expect(result).toBe('(&(objectClass=user)(|(uid=john)(mail=john@example.com)))');
+    });
+  });
+});

package/tests/unit/sample.test.ts ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Sample Test - Infrastructure Validation
+ * This test verifies that Jest and TypeScript are configured correctly
+ */
+describe('Infrastructure Setup', () => {
+  it('should run Jest tests successfully', () => {
+    expect(1 + 1).toBe(2);
+  });
+  it('should support TypeScript', () => {
+    const sum = (a: number, b: number): number => a + b;
+    expect(sum(2, 3)).toBe(5);
+  });
+  it('should have test environment configured', () => {
+    expect(process.env['NODE_ENV']).toBe('test');
+  });
+});

package/tests/unit/services/.gitkeep ADDED Viewed

File without changes