@j-schreiber/sf-cli-security-audit 0.10.0 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/lib/libs/conf-init/permissionsClassification.js +4 -4
- package/lib/libs/conf-init/permissionsClassification.js.map +1 -1
- package/lib/libs/conf-init/policyConfigs.js +2 -2
- package/lib/libs/core/file-mgmt/schema.d.ts +12 -12
- package/lib/libs/core/file-mgmt/schema.js +4 -4
- package/lib/libs/core/file-mgmt/schema.js.map +1 -1
- package/lib/libs/core/policies/permissionSetPolicy.js +4 -4
- package/lib/libs/core/policies/permissionSetPolicy.js.map +1 -1
- package/lib/libs/core/policies/profilePolicy.js +3 -3
- package/lib/libs/core/policies/profilePolicy.js.map +1 -1
- package/lib/libs/core/policies/userPolicy.js +2 -2
- package/lib/libs/core/policy-types.d.ts +3 -3
- package/lib/libs/core/policy-types.js +12 -12
- package/lib/libs/core/registries/helpers/permissionsScanning.d.ts +1 -1
- package/lib/libs/core/registries/helpers/permissionsScanning.js +2 -2
- package/lib/libs/core/registries/helpers/permissionsScanning.js.map +1 -1
- package/lib/libs/core/registries/permissionSets.d.ts +1 -1
- package/lib/libs/core/registries/profiles.d.ts +1 -1
- package/lib/libs/core/registries/rules/enforcePermissionPresets.js +4 -4
- package/lib/libs/core/registries/rules/enforcePermissionPresets.js.map +1 -1
- package/lib/libs/core/registries/rules/enforcePermissionsOnUser.js +2 -2
- package/lib/libs/core/registries/rules/enforcePermissionsOnUser.js.map +1 -1
- package/lib/libs/core/registries/rules/noOtherApexApiLogins.js +1 -1
- package/lib/libs/core/registries/rules/noOtherApexApiLogins.js.map +1 -1
- package/lib/libs/core/registries/users.d.ts +2 -2
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -79,7 +79,7 @@ FLAG DESCRIPTIONS
|
|
|
79
79
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
80
80
|
```
|
|
81
81
|
|
|
82
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.10.
|
|
82
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.10.1/src/commands/org/audit/init.ts)_
|
|
83
83
|
|
|
84
84
|
## `sf org audit run`
|
|
85
85
|
|
|
@@ -110,7 +110,7 @@ EXAMPLES
|
|
|
110
110
|
$ sf org audit run -o MyTargetOrg -d configs/prod
|
|
111
111
|
```
|
|
112
112
|
|
|
113
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.10.
|
|
113
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.10.1/src/commands/org/audit/run.ts)_
|
|
114
114
|
|
|
115
115
|
## `sf org scan user-perms`
|
|
116
116
|
|
|
@@ -149,7 +149,7 @@ FLAG DESCRIPTIONS
|
|
|
149
149
|
retun 0 results).
|
|
150
150
|
```
|
|
151
151
|
|
|
152
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.10.
|
|
152
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.10.1/src/commands/org/scan/user-perms.ts)_
|
|
153
153
|
|
|
154
154
|
<!-- commandsstop -->
|
|
155
155
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { ACTIVE_USERS_QUERY, CUSTOM_PERMS_QUERY, PERMISSION_SETS_QUERY, PROFILES_QUERY } from '../core/constants.js';
|
|
2
2
|
import MDAPI from '../core/mdapi/mdapiRetriever.js';
|
|
3
3
|
import { classificationSorter, PermissionRiskLevel } from '../core/classification-types.js';
|
|
4
|
-
import {
|
|
4
|
+
import { UserPrivilegeLevel } from '../core/policy-types.js';
|
|
5
5
|
import { loadPreset } from './presets.js';
|
|
6
6
|
/**
|
|
7
7
|
* Initialises a fresh set of user permissions from target org connection.
|
|
@@ -57,7 +57,7 @@ export async function initProfiles(targetOrgCon) {
|
|
|
57
57
|
const profiles = await targetOrgCon.query(PROFILES_QUERY);
|
|
58
58
|
const content = { profiles: {} };
|
|
59
59
|
profiles.records.forEach((permsetRecord) => {
|
|
60
|
-
content.profiles[permsetRecord.Profile.Name] = {
|
|
60
|
+
content.profiles[permsetRecord.Profile.Name] = { role: UserPrivilegeLevel.UNKNOWN };
|
|
61
61
|
});
|
|
62
62
|
return content;
|
|
63
63
|
}
|
|
@@ -73,7 +73,7 @@ export async function initPermissionSets(targetOrgCon) {
|
|
|
73
73
|
permSets.records
|
|
74
74
|
.filter((permsetRecord) => permsetRecord.IsCustom)
|
|
75
75
|
.forEach((permsetRecord) => {
|
|
76
|
-
content.permissionSets[permsetRecord.Name] = {
|
|
76
|
+
content.permissionSets[permsetRecord.Name] = { role: UserPrivilegeLevel.UNKNOWN };
|
|
77
77
|
});
|
|
78
78
|
return content;
|
|
79
79
|
}
|
|
@@ -88,7 +88,7 @@ export async function initUsers(targetOrgCon) {
|
|
|
88
88
|
users: {},
|
|
89
89
|
};
|
|
90
90
|
users.records.forEach((userRecord) => {
|
|
91
|
-
content.users[userRecord.Username] = { role:
|
|
91
|
+
content.users[userRecord.Username] = { role: UserPrivilegeLevel.STANDARD_USER };
|
|
92
92
|
});
|
|
93
93
|
return content;
|
|
94
94
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACrH,OAAO,KAAK,MAAM,iCAAiC,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAoB,UAAU,EAAE,MAAM,cAAc,CAAC;AAG5D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAe,EACf,MAAyB;IAEzB,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,aAAa,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAAqC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACrE,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAChC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,MAAM,GAAqC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACrE,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAmB,kBAAkB,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,EAAE,CAAC,aAAa;QACtB,KAAK,EAAE,EAAE,CAAC,WAAW;QACrB,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,YAAwB;IACzD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IACzE,MAAM,OAAO,GAAkC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAChE,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,
|
|
1
|
+
{"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACrH,OAAO,KAAK,MAAM,iCAAiC,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAoB,UAAU,EAAE,MAAM,cAAc,CAAC;AAG5D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAe,EACf,MAAyB;IAEzB,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,aAAa,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAAqC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACrE,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAChC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,MAAM,GAAqC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACrE,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAmB,kBAAkB,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,EAAE,CAAC,aAAa;QACtB,KAAK,EAAE,EAAE,CAAC,WAAW;QACrB,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,YAAwB;IACzD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IACzE,MAAM,OAAO,GAAkC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAChE,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACtF,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,qBAAqB,CAAC,CAAC;IAChF,MAAM,OAAO,GAAwC,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;IAC5E,QAAQ,CAAC,OAAO;SACb,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;SACjD,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzB,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACpF,CAAC,CAAC,CAAC;IACL,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,YAAwB;IACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,KAAK,CAAO,kBAAkB,CAAC,CAAC;IACjE,MAAM,OAAO,GAA+B;QAC1C,KAAK,EAAE,EAAE;KACV,CAAC;IACF,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;QACnC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAClF,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAe;IACnD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,sBAAsB,GAAqC,EAAE,CAAC;IACpE,OAAO,CAAC,MAAM;SACX,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;SACvD,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,sBAAsB,CAAC,QAAQ,CAAC,GAAG;YACjC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC,CAAC,CAAC;IACL,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAe;IAC9C,MAAM,aAAa,GAAqC,EAAE,CAAC;IAC3D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IAChE,IAAI,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAC1C,SAAS,EACT,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAC5C,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC3C,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;YACzD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,OAAO,QAAQ,EAAE,UAAU,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AACtD,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { RuleRegistries } from '../core/registries/types.js';
|
|
2
|
-
import {
|
|
2
|
+
import { UserPrivilegeLevel } from '../core/policy-types.js';
|
|
3
3
|
/**
|
|
4
4
|
* Initialises a new settings policy with default rules enabled.
|
|
5
5
|
*
|
|
@@ -24,7 +24,7 @@ export function initUserPolicy() {
|
|
|
24
24
|
...initDefaultPolicy('users'),
|
|
25
25
|
options: {
|
|
26
26
|
analyseLastNDaysOfLoginHistory: 30,
|
|
27
|
-
defaultRoleForMissingUsers:
|
|
27
|
+
defaultRoleForMissingUsers: UserPrivilegeLevel.STANDARD_USER,
|
|
28
28
|
},
|
|
29
29
|
};
|
|
30
30
|
return content;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import z from 'zod';
|
|
2
2
|
import { PermissionRiskLevel } from '../classification-types.js';
|
|
3
|
-
import {
|
|
3
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
4
4
|
export declare function throwAsSfError(fileName: string, parseError: z.ZodError, rulePath?: PropertyKey[]): never;
|
|
5
5
|
declare const PermissionsClassificationSchema: z.ZodObject<{
|
|
6
6
|
label: z.ZodOptional<z.ZodString>;
|
|
@@ -22,19 +22,19 @@ declare const RuleMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
|
22
22
|
options: z.ZodOptional<z.ZodUnknown>;
|
|
23
23
|
}, z.z.core.$strip>>;
|
|
24
24
|
declare const PermSetConfig: z.ZodObject<{
|
|
25
|
-
|
|
25
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
26
26
|
}, z.z.core.$strip>;
|
|
27
27
|
declare const PermSetMap: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
28
|
-
|
|
28
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
29
29
|
}, z.z.core.$strip>>;
|
|
30
30
|
declare const ProfilesMap: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
31
|
-
|
|
31
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
32
32
|
}, z.z.core.$strip>>;
|
|
33
33
|
declare const UserConfig: z.ZodObject<{
|
|
34
|
-
role: z.ZodEnum<typeof
|
|
34
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
35
35
|
}, z.z.core.$strip>;
|
|
36
36
|
export declare const UsersPolicyConfig: z.ZodObject<{
|
|
37
|
-
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof
|
|
37
|
+
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof UserPrivilegeLevel>>;
|
|
38
38
|
analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
|
|
39
39
|
}, z.z.core.$strict>;
|
|
40
40
|
export declare const NoInactiveUsersOptionsSchema: z.ZodObject<{
|
|
@@ -54,7 +54,7 @@ export declare const ProfilesPolicyFileSchema: z.ZodObject<{
|
|
|
54
54
|
options: z.ZodOptional<z.ZodUnknown>;
|
|
55
55
|
}, z.z.core.$strip>>>;
|
|
56
56
|
profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
57
|
-
|
|
57
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
58
58
|
}, z.z.core.$strip>>;
|
|
59
59
|
}, z.z.core.$strip>;
|
|
60
60
|
export declare const PermSetsPolicyFileSchema: z.ZodObject<{
|
|
@@ -64,7 +64,7 @@ export declare const PermSetsPolicyFileSchema: z.ZodObject<{
|
|
|
64
64
|
options: z.ZodOptional<z.ZodUnknown>;
|
|
65
65
|
}, z.z.core.$strip>>>;
|
|
66
66
|
permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
67
|
-
|
|
67
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
68
68
|
}, z.z.core.$strip>>;
|
|
69
69
|
}, z.z.core.$strip>;
|
|
70
70
|
export declare const PermissionsClassificationFileSchema: z.ZodObject<{
|
|
@@ -81,23 +81,23 @@ export declare const UsersPolicyFileSchema: z.ZodObject<{
|
|
|
81
81
|
options: z.ZodOptional<z.ZodUnknown>;
|
|
82
82
|
}, z.z.core.$strip>>>;
|
|
83
83
|
options: z.ZodObject<{
|
|
84
|
-
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof
|
|
84
|
+
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof UserPrivilegeLevel>>;
|
|
85
85
|
analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
|
|
86
86
|
}, z.z.core.$strict>;
|
|
87
87
|
}, z.z.core.$strip>;
|
|
88
88
|
export declare const ProfilesClassificationContentSchema: z.ZodObject<{
|
|
89
89
|
profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
90
|
-
|
|
90
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
91
91
|
}, z.z.core.$strip>>;
|
|
92
92
|
}, z.z.core.$strip>;
|
|
93
93
|
export declare const PermissionSetsClassificationContentSchema: z.ZodObject<{
|
|
94
94
|
permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
95
|
-
|
|
95
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
96
96
|
}, z.z.core.$strip>>;
|
|
97
97
|
}, z.z.core.$strip>;
|
|
98
98
|
export declare const UsersClassificationContentSchema: z.ZodObject<{
|
|
99
99
|
users: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
100
|
-
role: z.ZodEnum<typeof
|
|
100
|
+
role: z.ZodEnum<typeof UserPrivilegeLevel>;
|
|
101
101
|
}, z.z.core.$strip>>;
|
|
102
102
|
}, z.z.core.$strip>;
|
|
103
103
|
export type PermissionClassification = z.infer<typeof PermissionsClassificationSchema>;
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import z from 'zod';
|
|
2
2
|
import { Messages } from '@salesforce/core';
|
|
3
3
|
import { PermissionRiskLevel } from '../classification-types.js';
|
|
4
|
-
import {
|
|
4
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
5
5
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
6
6
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
|
|
7
7
|
export function throwAsSfError(fileName, parseError, rulePath) {
|
|
@@ -29,14 +29,14 @@ const PolicyRuleConfigSchema = z.object({
|
|
|
29
29
|
});
|
|
30
30
|
const RuleMapSchema = z.record(z.string(), PolicyRuleConfigSchema);
|
|
31
31
|
const PermSetConfig = z.object({
|
|
32
|
-
|
|
32
|
+
role: z.enum(UserPrivilegeLevel),
|
|
33
33
|
});
|
|
34
34
|
const PermSetMap = z.record(z.string(), PermSetConfig);
|
|
35
35
|
const ProfilesMap = z.record(z.string(), PermSetConfig);
|
|
36
|
-
const UserConfig = z.object({ role: z.enum(
|
|
36
|
+
const UserConfig = z.object({ role: z.enum(UserPrivilegeLevel) });
|
|
37
37
|
const UsersMap = z.record(z.string(), UserConfig);
|
|
38
38
|
export const UsersPolicyConfig = z.strictObject({
|
|
39
|
-
defaultRoleForMissingUsers: z.enum(
|
|
39
|
+
defaultRoleForMissingUsers: z.enum(UserPrivilegeLevel).default(UserPrivilegeLevel.STANDARD_USER),
|
|
40
40
|
analyseLastNDaysOfLoginHistory: z.number().optional(),
|
|
41
41
|
});
|
|
42
42
|
export const NoInactiveUsersOptionsSchema = z.strictObject({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAExD,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;AAElE,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAElD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,YAAY,CAAC;IAC9C,0BAA0B,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChG,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,YAAY,CAAC;IACzD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAChD,CAAC,CAAC;AAEH,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1D,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3D,OAAO,EAAE,iBAAiB;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1D,QAAQ,EAAE,WAAW;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yCAAyC,GAAG,CAAC,CAAC,MAAM,CAAC;IAChE,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC;IACvD,KAAK,EAAE,QAAQ;CAChB,CAAC,CAAC;AAyDH,MAAM,UAAU,eAAe,CAA4C,MAAS;IAClF,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,OAAO,KAAuC,CAAC;AACjD,CAAC;AAiBD,MAAM,UAAU,2BAA2B,CAAC,GAAY;IACtD,OAAQ,GAAoD,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AAClG,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
2
|
import MDAPI from '../mdapi/mdapiRetriever.js';
|
|
3
|
-
import {
|
|
3
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
4
4
|
import { PermissionSetsRegistry } from '../registries/permissionSets.js';
|
|
5
5
|
import Policy, { getTotal } from './policy.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
@@ -31,12 +31,12 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
31
31
|
if (resolved) {
|
|
32
32
|
successfullyResolved[key] = {
|
|
33
33
|
metadata: resolved,
|
|
34
|
-
|
|
34
|
+
role: val.role,
|
|
35
35
|
name: key,
|
|
36
36
|
};
|
|
37
37
|
}
|
|
38
38
|
else if (successfullyResolved[key] === undefined) {
|
|
39
|
-
if (val.
|
|
39
|
+
if (val.role === UserPrivilegeLevel.UNKNOWN) {
|
|
40
40
|
unresolved[key] = { name: key, message: messages.getMessage('preset-unknown', ['Permission Set']) };
|
|
41
41
|
}
|
|
42
42
|
else {
|
|
@@ -55,7 +55,7 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
55
55
|
function filterCategorizedPermsets(permSets) {
|
|
56
56
|
const filteredNames = [];
|
|
57
57
|
Object.entries(permSets.permissionSets).forEach(([key, val]) => {
|
|
58
|
-
if (val.
|
|
58
|
+
if (val.role !== UserPrivilegeLevel.UNKNOWN) {
|
|
59
59
|
filteredNames.push(key);
|
|
60
60
|
}
|
|
61
61
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAG/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAA6B;IAKnE;IACA;IALQ,aAAa,CAAS;IACtB,eAAe,CAAsC;IAEtE,YACS,MAA6B,EAC7B,YAA4B,EACnC,QAAQ,GAAG,sBAAsB;QAEjC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAJ/B,WAAM,GAAN,MAAM,CAAuB;QAC7B,iBAAY,GAAZ,YAAY,CAAgB;QAInC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,OAAO,IAAI,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;QAC1G,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAA0C,EAAE,CAAC;QACvE,MAAM,UAAU,GAAuC,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,yBAAyB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;QACnH,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YACzE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,QAAQ,EAAE,CAAC;gBACb,oBAAoB,CAAC,GAAG,CAAC,GAAG;oBAC1B,QAAQ,EAAE,QAAQ;oBAClB,
|
|
1
|
+
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAG/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAA6B;IAKnE;IACA;IALQ,aAAa,CAAS;IACtB,eAAe,CAAsC;IAEtE,YACS,MAA6B,EAC7B,YAA4B,EACnC,QAAQ,GAAG,sBAAsB;QAEjC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAJ/B,WAAM,GAAN,MAAM,CAAuB;QAC7B,iBAAY,GAAZ,YAAY,CAAgB;QAInC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,OAAO,IAAI,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;QAC1G,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAA0C,EAAE,CAAC;QACvE,MAAM,UAAU,GAAuC,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,yBAAyB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;QACnH,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YACzE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,QAAQ,EAAE,CAAC;gBACb,oBAAoB,CAAC,GAAG,CAAC,GAAG;oBAC1B,QAAQ,EAAE,QAAQ;oBAClB,IAAI,EAAE,GAAG,CAAC,IAAI;oBACd,IAAI,EAAE,GAAG;iBACV,CAAC;YACJ,CAAC;iBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;gBACnD,IAAI,GAAG,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBAC5C,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;gBACtG,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,yBAAyB,CAAC,QAA6C;IAC9E,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;QAC7D,IAAI,GAAG,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAC5C,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
2
|
import MDAPI from '../mdapi/mdapiRetriever.js';
|
|
3
|
-
import {
|
|
3
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
4
4
|
import { ProfilesRegistry } from '../registries/profiles.js';
|
|
5
5
|
import Policy, { getTotal } from './policy.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
@@ -26,7 +26,7 @@ export default class ProfilePolicy extends Policy {
|
|
|
26
26
|
const ignoredEntities = {};
|
|
27
27
|
const classifiedProfiles = [];
|
|
28
28
|
Object.entries(this.classifications.profiles).forEach(([profileName, profileDef]) => {
|
|
29
|
-
if (profileDef.
|
|
29
|
+
if (profileDef.role === UserPrivilegeLevel.UNKNOWN) {
|
|
30
30
|
ignoredEntities[profileName] = {
|
|
31
31
|
name: profileName,
|
|
32
32
|
message: messages.getMessage('preset-unknown', ['Profile']),
|
|
@@ -43,7 +43,7 @@ export default class ProfilePolicy extends Policy {
|
|
|
43
43
|
if (resolvedProfile) {
|
|
44
44
|
successfullyResolved[profileName] = {
|
|
45
45
|
name: profileName,
|
|
46
|
-
|
|
46
|
+
role: this.classifications.profiles[profileName].role,
|
|
47
47
|
metadata: resolvedProfile,
|
|
48
48
|
};
|
|
49
49
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAuB;IAKvD;IACA;IALQ,aAAa,CAAS;IACtB,eAAe,CAAgC;IAEhE,YACS,MAA6B,EAC7B,WAA2B,EAClC,QAAQ,GAAG,gBAAgB;QAE3B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC9F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YAClF,IAAI,UAAU,CAAC,
|
|
1
|
+
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAuB;IAKvD;IACA;IALQ,aAAa,CAAS;IACtB,eAAe,CAAgC;IAEhE,YACS,MAA6B,EAC7B,WAA2B,EAClC,QAAQ,GAAG,gBAAgB;QAE3B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC9F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YAClF,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACnD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAC5E,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,eAAe,EAAE,CAAC;gBACpB,oBAAoB,CAAC,WAAW,CAAC,GAAG;oBAClC,IAAI,EAAE,WAAW;oBACjB,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,IAAI;oBACrD,QAAQ,EAAE,eAAe;iBAC1B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
2
|
import { UsersRegistry } from '../registries/users.js';
|
|
3
|
-
import {
|
|
3
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
4
4
|
import UsersRepository from '../mdapi/usersRepository.js';
|
|
5
5
|
import Policy, { getTotal } from './policy.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
@@ -26,7 +26,7 @@ export default class UserPolicy extends Policy {
|
|
|
26
26
|
const resolvedEntities = {};
|
|
27
27
|
const ignoredEntities = {};
|
|
28
28
|
for (const [userName, userDef] of Object.entries(this.classifications.users)) {
|
|
29
|
-
if (userDef.role ===
|
|
29
|
+
if (userDef.role === UserPrivilegeLevel.UNKNOWN) {
|
|
30
30
|
ignoredEntities[userName] = {
|
|
31
31
|
name: userName,
|
|
32
32
|
message: messages.getMessage('user-with-role-unknown'),
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
3
|
-
*
|
|
2
|
+
* Privilege levels are assigned to users, profiles and permission sets.
|
|
3
|
+
* Each level determins the allowed permissions, based on their risk levels.
|
|
4
4
|
*/
|
|
5
|
-
export declare enum
|
|
5
|
+
export declare enum UserPrivilegeLevel {
|
|
6
6
|
/** Allows up to "Critical" permissions */
|
|
7
7
|
DEVELOPER = "Developer",
|
|
8
8
|
/** Allows up to "High" permissions */
|
|
@@ -1,28 +1,28 @@
|
|
|
1
1
|
import { PermissionRiskLevel, resolveRiskLevelOrdinalValue } from './classification-types.js';
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
4
|
-
*
|
|
3
|
+
* Privilege levels are assigned to users, profiles and permission sets.
|
|
4
|
+
* Each level determins the allowed permissions, based on their risk levels.
|
|
5
5
|
*/
|
|
6
|
-
export var
|
|
7
|
-
(function (
|
|
6
|
+
export var UserPrivilegeLevel;
|
|
7
|
+
(function (UserPrivilegeLevel) {
|
|
8
8
|
/** Allows up to "Critical" permissions */
|
|
9
|
-
|
|
9
|
+
UserPrivilegeLevel["DEVELOPER"] = "Developer";
|
|
10
10
|
/** Allows up to "High" permissions */
|
|
11
|
-
|
|
11
|
+
UserPrivilegeLevel["ADMIN"] = "Admin";
|
|
12
12
|
/** Allows up to "Medium" permissions */
|
|
13
|
-
|
|
13
|
+
UserPrivilegeLevel["POWER_USER"] = "Power User";
|
|
14
14
|
/** Allows only "Low" permissions */
|
|
15
|
-
|
|
15
|
+
UserPrivilegeLevel["STANDARD_USER"] = "Standard User";
|
|
16
16
|
/** Disables the profile for audit */
|
|
17
|
-
|
|
18
|
-
})(
|
|
17
|
+
UserPrivilegeLevel["UNKNOWN"] = "Unknown";
|
|
18
|
+
})(UserPrivilegeLevel || (UserPrivilegeLevel = {}));
|
|
19
19
|
export function resolvePresetOrdinalValue(value) {
|
|
20
|
-
return Object.keys(
|
|
20
|
+
return Object.keys(UserPrivilegeLevel).indexOf(value.toUpperCase().replace(' ', '_'));
|
|
21
21
|
}
|
|
22
22
|
export function permissionAllowedInPreset(permClassification, preset) {
|
|
23
23
|
// this works, as long as we are mindful when adding new risk levels and presets
|
|
24
24
|
const invertedPermValue = Object.keys(PermissionRiskLevel).length - resolveRiskLevelOrdinalValue(permClassification);
|
|
25
|
-
const invertedPresetValue = Object.keys(
|
|
25
|
+
const invertedPresetValue = Object.keys(UserPrivilegeLevel).length - resolvePresetOrdinalValue(preset);
|
|
26
26
|
return invertedPresetValue >= invertedPermValue;
|
|
27
27
|
}
|
|
28
28
|
//# sourceMappingURL=policy-types.js.map
|
|
@@ -3,7 +3,7 @@ import { AuditRunConfig } from '../../file-mgmt/schema.js';
|
|
|
3
3
|
import { PolicyRuleViolation, RuleComponentMessage } from '../../result-types.js';
|
|
4
4
|
export type ResolvedProfileLike = {
|
|
5
5
|
name: string;
|
|
6
|
-
|
|
6
|
+
role: string;
|
|
7
7
|
metadata: PartialProfileLike;
|
|
8
8
|
};
|
|
9
9
|
export type ScanResult = {
|
|
@@ -35,12 +35,12 @@ export function scanPermissions(profile, permissionListName, auditRun, rootIdent
|
|
|
35
35
|
message: messages.getMessage('violations.permission-is-blocked'),
|
|
36
36
|
});
|
|
37
37
|
}
|
|
38
|
-
else if (!permissionAllowedInPreset(permClassification.classification, profile.
|
|
38
|
+
else if (!permissionAllowedInPreset(permClassification.classification, profile.role)) {
|
|
39
39
|
result.violations.push({
|
|
40
40
|
identifier,
|
|
41
41
|
message: messages.getMessage('violations.classification-preset-mismatch', [
|
|
42
42
|
permClassification.classification,
|
|
43
|
-
profile.
|
|
43
|
+
profile.role,
|
|
44
44
|
]),
|
|
45
45
|
});
|
|
46
46
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionsScanning.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/helpers/permissionsScanning.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAElE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAiBnH;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAgC,EAChC,QAAwB,EACxB,cAAyB;IAEzB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC1B,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,eAAe,GAAG,eAAe,CAAC,WAAW,EAAE,iBAAiB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IAClG,MAAM,iBAAiB,GAAG,eAAe,CAAC,WAAW,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IACtG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACjE,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,OAA4B,EAC5B,kBAAsC,EACtC,QAAwB,EACxB,cAAyB;IAEzB,MAAM,MAAM,GAAe,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5D,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,cAAc,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7G,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QAChF,IAAI,kBAAkB,EAAE,CAAC;YACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;iBACjE,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"permissionsScanning.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/helpers/permissionsScanning.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAElE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAiBnH;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAgC,EAChC,QAAwB,EACxB,cAAyB;IAEzB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC1B,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,eAAe,GAAG,eAAe,CAAC,WAAW,EAAE,iBAAiB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IAClG,MAAM,iBAAiB,GAAG,eAAe,CAAC,WAAW,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IACtG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACjE,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,OAA4B,EAC5B,kBAAsC,EACtC,QAAwB,EACxB,cAAyB;IAEzB,MAAM,MAAM,GAAe,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5D,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,cAAc,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7G,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QAChF,IAAI,kBAAkB,EAAE,CAAC;YACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;iBACjE,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;wBACxE,kBAAkB,CAAC,cAAc;wBACjC,OAAO,CAAC,IAAI;qBACb,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACnB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACnB,UAAU;gBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;aACnE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAClB,QAAgB,EAChB,QAAwB,EACxB,IAAwB;IAExB,OAAO,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;AACrG,CAAC;AAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAA+B;IAE/B,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC"}
|
|
@@ -2,7 +2,7 @@ import { PermissionSet } from '@jsforce/jsforce-node/lib/api/metadata.js';
|
|
|
2
2
|
import RuleRegistry from './ruleRegistry.js';
|
|
3
3
|
export type ResolvedPermissionSet = {
|
|
4
4
|
name: string;
|
|
5
|
-
|
|
5
|
+
role: string;
|
|
6
6
|
metadata: PermissionSet;
|
|
7
7
|
};
|
|
8
8
|
export default class PermSetsRuleRegistry extends RuleRegistry {
|
|
@@ -2,7 +2,7 @@ import { Profile as ProfileMetadata } from '@jsforce/jsforce-node/lib/api/metada
|
|
|
2
2
|
import RuleRegistry from './ruleRegistry.js';
|
|
3
3
|
export type ResolvedProfile = {
|
|
4
4
|
name: string;
|
|
5
|
-
|
|
5
|
+
role: string;
|
|
6
6
|
metadata: ProfileMetadata;
|
|
7
7
|
};
|
|
8
8
|
export default class ProfilesRuleRegistry extends RuleRegistry {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
2
|
import UsersRepository from '../../mdapi/usersRepository.js';
|
|
3
|
-
import {
|
|
3
|
+
import { UserPrivilegeLevel, resolvePresetOrdinalValue } from '../../policy-types.js';
|
|
4
4
|
import { capitalize } from '../../utils.js';
|
|
5
5
|
import PolicyRule from './policyRule.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
@@ -17,12 +17,12 @@ export default class EnforcePermissionPresets extends PolicyRule {
|
|
|
17
17
|
const userPerms = await userRepo.resolveUserPermissions(Object.values(users), { withMetadata: false });
|
|
18
18
|
for (const user of Object.values(users)) {
|
|
19
19
|
const profilePreset = this.auditContext.classifications.profiles?.content.profiles[user.profileName];
|
|
20
|
-
auditPermissionsEntity(result, user, 'profile', user.profileName, profilePreset?.
|
|
20
|
+
auditPermissionsEntity(result, user, 'profile', user.profileName, profilePreset?.role);
|
|
21
21
|
const permsets = userPerms.get(user.userId);
|
|
22
22
|
if (permsets) {
|
|
23
23
|
for (const assignment of permsets.assignedPermissionsets) {
|
|
24
24
|
const permsetPreset = this.auditContext.classifications.permissionSets?.content.permissionSets[assignment.permissionSetIdentifier];
|
|
25
|
-
auditPermissionsEntity(result, user, 'permission set', assignment.permissionSetIdentifier, permsetPreset?.
|
|
25
|
+
auditPermissionsEntity(result, user, 'permission set', assignment.permissionSetIdentifier, permsetPreset?.role);
|
|
26
26
|
}
|
|
27
27
|
}
|
|
28
28
|
}
|
|
@@ -31,7 +31,7 @@ export default class EnforcePermissionPresets extends PolicyRule {
|
|
|
31
31
|
}
|
|
32
32
|
function auditPermissionsEntity(result, user, entityType, entityIdentifier, entityPreset) {
|
|
33
33
|
if (entityPreset) {
|
|
34
|
-
if (entityPreset ===
|
|
34
|
+
if (entityPreset === UserPrivilegeLevel.UNKNOWN) {
|
|
35
35
|
result.violations.push({
|
|
36
36
|
identifier: [user.username, entityIdentifier],
|
|
37
37
|
message: messages.getMessage('violations.entity-unknown-but-used', [capitalize(entityType)]),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcePermissionPresets.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforcePermissionPresets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,eAAe,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAEtF,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,wBAAyB,SAAQ,UAAwB;IAC5E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAuC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,qDAAqD;QACrD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;QACvG,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACrG,sBAAsB,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,
|
|
1
|
+
{"version":3,"file":"enforcePermissionPresets.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforcePermissionPresets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,eAAe,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAEtF,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,wBAAyB,SAAQ,UAAwB;IAC5E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAuC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,qDAAqD;QACrD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;QACvG,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACrG,sBAAsB,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,IAAI,CAAC,CAAC;YACvF,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,sBAAsB,EAAE,CAAC;oBACzD,MAAM,aAAa,GACjB,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,cAAc,EAAE,OAAO,CAAC,cAAc,CACtE,UAAU,CAAC,uBAAuB,CACnC,CAAC;oBACJ,sBAAsB,CACpB,MAAM,EACN,IAAI,EACJ,gBAAgB,EAChB,UAAU,CAAC,uBAAuB,EAClC,aAAa,EAAE,IAAI,CACpB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,sBAAsB,CAC7B,MAA+B,EAC/B,IAAkB,EAClB,UAAkB,EAClB,gBAAwB,EACxB,YAAiC;IAEjC,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,YAAY,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC;gBAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;aAC7F,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,yBAAyB,CAAC,YAAY,CAAC,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1F,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC;gBAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6CAA6C,EAAE;oBAC1E,IAAI,CAAC,IAAI;oBACT,UAAU;oBACV,YAAY;iBACb,CAAC;aACH,CAAC,CAAC;QACL,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;YACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC;YAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;SAChH,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
|
|
@@ -19,7 +19,7 @@ export default class EnforcePermissionsOnUser extends PolicyRule {
|
|
|
19
19
|
result.violations.push(...permsetResult.violations);
|
|
20
20
|
result.warnings.push(...permsetResult.warnings);
|
|
21
21
|
if (resolvedPerms.profileMetadata) {
|
|
22
|
-
const profileResult = scanProfileLike({
|
|
22
|
+
const profileResult = scanProfileLike({ role: user.role, metadata: resolvedPerms.profileMetadata, name: user.profileName }, this.auditContext, [user.username]);
|
|
23
23
|
result.violations.push(...profileResult.violations);
|
|
24
24
|
result.warnings.push(...profileResult.warnings);
|
|
25
25
|
}
|
|
@@ -32,7 +32,7 @@ export default class EnforcePermissionsOnUser extends PolicyRule {
|
|
|
32
32
|
if (!assignedPermSet.metadata) {
|
|
33
33
|
continue;
|
|
34
34
|
}
|
|
35
|
-
const permsetScan = scanProfileLike({
|
|
35
|
+
const permsetScan = scanProfileLike({ role: user.role, metadata: assignedPermSet.metadata, name: assignedPermSet.permissionSetIdentifier }, this.auditContext, [user.username]);
|
|
36
36
|
result.violations.push(...permsetScan.violations);
|
|
37
37
|
result.warnings.push(...permsetScan.warnings);
|
|
38
38
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcePermissionsOnUser.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforcePermissionsOnUser.ts"],"names":[],"mappings":"AAAA,OAAO,eAA4C,MAAM,gCAAgC,CAAC;AAC1F,OAAO,EAAE,eAAe,EAAc,MAAM,mCAAmC,CAAC;AAGhF,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,CAAC,OAAO,OAAO,wBAAyB,SAAQ,UAAwB;IAC5E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAuC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACtG,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,SAAS;YACX,CAAC;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,0BAA0B,CAAC,IAAI,EAAE,aAAa,CAAC,sBAAsB,CAAC,CAAC;YAClG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;YACpD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YAChD,IAAI,aAAa,CAAC,eAAe,EAAE,CAAC;gBAClC,MAAM,aAAa,GAAG,eAAe,CACnC,EAAE,
|
|
1
|
+
{"version":3,"file":"enforcePermissionsOnUser.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforcePermissionsOnUser.ts"],"names":[],"mappings":"AAAA,OAAO,eAA4C,MAAM,gCAAgC,CAAC;AAC1F,OAAO,EAAE,eAAe,EAAc,MAAM,mCAAmC,CAAC;AAGhF,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,CAAC,OAAO,OAAO,wBAAyB,SAAQ,UAAwB;IAC5E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAuC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACtG,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,SAAS;YACX,CAAC;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,0BAA0B,CAAC,IAAI,EAAE,aAAa,CAAC,sBAAsB,CAAC,CAAC;YAClG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;YACpD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YAChD,IAAI,aAAa,CAAC,eAAe,EAAE,CAAC;gBAClC,MAAM,aAAa,GAAG,eAAe,CACnC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,CAAC,eAAe,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,EACpF,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAChB,CAAC;gBACF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;gBACpD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,0BAA0B,CAAC,IAAkB,EAAE,iBAA4C;QACjG,MAAM,MAAM,GAAe,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC5D,KAAK,MAAM,eAAe,IAAI,iBAAiB,EAAE,CAAC;YAChD,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;gBAC9B,SAAS;YACX,CAAC;YACD,MAAM,WAAW,GAAG,eAAe,CACjC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE,eAAe,CAAC,uBAAuB,EAAE,EACtG,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAChB,CAAC;YACF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -15,7 +15,7 @@ export default class NoOtherApexApiLogins extends PolicyRule {
|
|
|
15
15
|
for (const loginSummary of user.logins) {
|
|
16
16
|
if (loginSummary.loginType === 'Other Apex API') {
|
|
17
17
|
result.violations.push({
|
|
18
|
-
identifier: [user.username],
|
|
18
|
+
identifier: [user.username, new Date(loginSummary.lastLogin).toISOString()],
|
|
19
19
|
message: messages.getMessage('violations.no-other-apex-api-logins', [loginSummary.loginCount]),
|
|
20
20
|
});
|
|
21
21
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"noOtherApexApiLogins.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noOtherApexApiLogins.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,UAAwB;IACxE,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,IAAI,YAAY,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;oBAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"noOtherApexApiLogins.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noOtherApexApiLogins.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,UAAwB;IACxE,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,IAAI,YAAY,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;oBAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;wBAC3E,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;qBAC/F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { User } from '../mdapi/usersRepository.js';
|
|
2
|
-
import {
|
|
2
|
+
import { UserPrivilegeLevel } from '../policy-types.js';
|
|
3
3
|
import RuleRegistry from './ruleRegistry.js';
|
|
4
4
|
export type ResolvedUser = User & {
|
|
5
|
-
role:
|
|
5
|
+
role: UserPrivilegeLevel;
|
|
6
6
|
};
|
|
7
7
|
export default class UsersRuleRegistry extends RuleRegistry {
|
|
8
8
|
constructor();
|
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j-schreiber/sf-cli-security-audit",
|
|
3
3
|
"description": "Salesforce CLI plugin to automate highly configurable security audits",
|
|
4
|
-
"version": "0.10.
|
|
4
|
+
"version": "0.10.1",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
7
7
|
"url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"
|