@j-schreiber/sf-cli-security-audit 0.11.0 → 0.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/lib/commands/org/audit/run.js +4 -2
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/libs/conf-init/presets/loose.js +3 -1
- package/lib/libs/conf-init/presets/loose.js.map +1 -1
- package/lib/libs/conf-init/presets/strict.js +2 -0
- package/lib/libs/conf-init/presets/strict.js.map +1 -1
- package/lib/libs/core/registries/rules/noInactiveUsers.d.ts +1 -1
- package/lib/libs/core/registries/rules/noInactiveUsers.js.map +1 -1
- package/lib/libs/core/registries/rules/noOtherApexApiLogins.js +4 -1
- package/lib/libs/core/registries/rules/noOtherApexApiLogins.js.map +1 -1
- package/lib/libs/core/registries/types.d.ts +4 -0
- package/lib/libs/core/utils.d.ts +2 -0
- package/lib/libs/core/utils.js +26 -0
- package/lib/libs/core/utils.js.map +1 -1
- package/messages/policyclassifications.md +8 -0
- package/messages/rules.users.md +1 -1
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -79,7 +79,7 @@ FLAG DESCRIPTIONS
|
|
|
79
79
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
80
80
|
```
|
|
81
81
|
|
|
82
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.11.
|
|
82
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.11.1/src/commands/org/audit/init.ts)_
|
|
83
83
|
|
|
84
84
|
## `sf org audit run`
|
|
85
85
|
|
|
@@ -110,7 +110,7 @@ EXAMPLES
|
|
|
110
110
|
$ sf org audit run -o MyTargetOrg -d configs/prod
|
|
111
111
|
```
|
|
112
112
|
|
|
113
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.11.
|
|
113
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.11.1/src/commands/org/audit/run.ts)_
|
|
114
114
|
|
|
115
115
|
## `sf org scan user-perms`
|
|
116
116
|
|
|
@@ -149,7 +149,7 @@ FLAG DESCRIPTIONS
|
|
|
149
149
|
retun 0 results).
|
|
150
150
|
```
|
|
151
151
|
|
|
152
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.11.
|
|
152
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.11.1/src/commands/org/scan/user-perms.ts)_
|
|
153
153
|
|
|
154
154
|
<!-- commandsstop -->
|
|
155
155
|
|
|
@@ -4,7 +4,7 @@ import { SfCommand, Flags, StandardColors } from '@salesforce/sf-plugins-core';
|
|
|
4
4
|
import { Messages } from '@salesforce/core';
|
|
5
5
|
import { startAuditRun } from '../../../libs/core/auditRun.js';
|
|
6
6
|
import AuditRunMultiStageOutput from '../../../ux/auditRunMultiStage.js';
|
|
7
|
-
import { capitalize } from '../../../libs/core/utils.js';
|
|
7
|
+
import { capitalize, formatToLocale } from '../../../libs/core/utils.js';
|
|
8
8
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
9
9
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
|
|
10
10
|
export const MERGE_CHAR = ' \u2022 ';
|
|
@@ -82,7 +82,9 @@ export default class OrgAuditRun extends SfCommand {
|
|
|
82
82
|
this.table({
|
|
83
83
|
data: uncompliantRule.violations.map((viol) => ({
|
|
84
84
|
...viol,
|
|
85
|
-
identifier: typeof viol.identifier === 'string'
|
|
85
|
+
identifier: typeof viol.identifier === 'string'
|
|
86
|
+
? formatToLocale(viol.identifier)
|
|
87
|
+
: viol.identifier.map((id) => formatToLocale(id)).join(MERGE_CHAR),
|
|
86
88
|
})),
|
|
87
89
|
title: `Violations for ${uncompliantRule.ruleName}`,
|
|
88
90
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAEzE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QACpD,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAChF,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QACtG,MAAM,MAAM,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,aAAa,EAAE,CAAC;QAC3E,WAAW,CAAC,MAAM,EAAE,CAAC;QACrB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB;QACtC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7D,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD;QAClF,KAAK,MAAM,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;oBAC9C,GAAG,IAAI;oBACP,UAAU,EACR,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ;wBACjC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC;wBACjC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;iBACvE,CAAC,CAAC;gBACH,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAkBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACnC,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,OAAO;YACL,MAAM,EAAE,UAAU,CAAC,UAAU,CAAC;YAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC"}
|
|
@@ -3,6 +3,9 @@ import NonePreset from './none.js';
|
|
|
3
3
|
export default class LoosePreset extends NonePreset {
|
|
4
4
|
constructor() {
|
|
5
5
|
super({
|
|
6
|
+
DeleteFieldHistory: PermissionRiskLevel.CRITICAL,
|
|
7
|
+
DeleteFieldHistoryArchive: PermissionRiskLevel.CRITICAL,
|
|
8
|
+
BulkApiHardDelete: PermissionRiskLevel.HIGH,
|
|
6
9
|
UseAnyApiClient: PermissionRiskLevel.HIGH,
|
|
7
10
|
BypassMFAForUiLogins: PermissionRiskLevel.HIGH,
|
|
8
11
|
ExternalClientAppAdmin: PermissionRiskLevel.HIGH,
|
|
@@ -41,7 +44,6 @@ export default class LoosePreset extends NonePreset {
|
|
|
41
44
|
CodeBuilderUser: PermissionRiskLevel.HIGH,
|
|
42
45
|
MonitorLoginHistory: PermissionRiskLevel.HIGH,
|
|
43
46
|
ManagePackageLicenses: PermissionRiskLevel.HIGH,
|
|
44
|
-
BulkApiHardDelete: PermissionRiskLevel.HIGH,
|
|
45
47
|
ViewHealthCheck: PermissionRiskLevel.MEDIUM,
|
|
46
48
|
FreezeUsers: PermissionRiskLevel.MEDIUM,
|
|
47
49
|
ManageRoles: PermissionRiskLevel.MEDIUM,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"loose.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/loose.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,UAAU;IACjD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,wBAAwB,EAAE,mBAAmB,CAAC,IAAI;YAClD,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,uBAAuB,EAAE,mBAAmB,CAAC,IAAI;YACjD,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,qBAAqB,EAAE,mBAAmB,CAAC,IAAI;YAC/C,
|
|
1
|
+
{"version":3,"file":"loose.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/loose.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,UAAU;IACjD;QACE,KAAK,CAAC;YACJ,kBAAkB,EAAE,mBAAmB,CAAC,QAAQ;YAChD,yBAAyB,EAAE,mBAAmB,CAAC,QAAQ;YACvD,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,wBAAwB,EAAE,mBAAmB,CAAC,IAAI;YAClD,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,uBAAuB,EAAE,mBAAmB,CAAC,IAAI;YACjD,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,qBAAqB,EAAE,mBAAmB,CAAC,IAAI;YAC/C,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,MAAM;YAChD,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,gBAAgB,EAAE,mBAAmB,CAAC,MAAM;YAC5C,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,kBAAkB,EAAE,mBAAmB,CAAC,MAAM;YAC9C,uBAAuB,EAAE,mBAAmB,CAAC,MAAM;YACnD,iBAAiB,EAAE,mBAAmB,CAAC,MAAM;YAC7C,cAAc,EAAE,mBAAmB,CAAC,MAAM;YAC1C,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,MAAM;YAChD,mBAAmB,EAAE,mBAAmB,CAAC,MAAM;YAC/C,UAAU,EAAE,mBAAmB,CAAC,GAAG;YACnC,uBAAuB,EAAE,mBAAmB,CAAC,GAAG;YAChD,UAAU,EAAE,mBAAmB,CAAC,GAAG;YACnC,eAAe,EAAE,mBAAmB,CAAC,GAAG;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,aAAa,EAAE,mBAAmB,CAAC,GAAG;YACtC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG;YAC1C,oBAAoB,EAAE,mBAAmB,CAAC,GAAG;YAC7C,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,cAAc,EAAE,mBAAmB,CAAC,GAAG;YACvC,YAAY,EAAE,mBAAmB,CAAC,GAAG;YACrC,eAAe,EAAE,mBAAmB,CAAC,GAAG;SACzC,CAAC,CAAC;IACL,CAAC;IAEe,WAAW,CAAC,QAAgB;QAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,QAAQ,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;YAC5D,QAAQ,CAAC,cAAc,GAAG,mBAAmB,CAAC,GAAG,CAAC;QACpD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
|
|
@@ -6,6 +6,8 @@ export default class StrictPreset extends NonePreset {
|
|
|
6
6
|
UseAnyApiClient: PermissionRiskLevel.BLOCKED,
|
|
7
7
|
BypassMFAForUiLogins: PermissionRiskLevel.BLOCKED,
|
|
8
8
|
BulkApiHardDelete: PermissionRiskLevel.BLOCKED,
|
|
9
|
+
DeleteFieldHistory: PermissionRiskLevel.BLOCKED,
|
|
10
|
+
DeleteFieldHistoryArchive: PermissionRiskLevel.BLOCKED,
|
|
9
11
|
ManageNamedCredentials: PermissionRiskLevel.CRITICAL,
|
|
10
12
|
ImportCustomObjects: PermissionRiskLevel.CRITICAL,
|
|
11
13
|
ManageSandboxes: PermissionRiskLevel.CRITICAL,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"strict.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/strict.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,UAAU;IAClD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,OAAO;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,OAAO;YACjD,iBAAiB,EAAE,mBAAmB,CAAC,OAAO;YAC9C,sBAAsB,EAAE,mBAAmB,CAAC,QAAQ;YACpD,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,eAAe,EAAE,mBAAmB,CAAC,QAAQ;YAC7C,kBAAkB,EAAE,mBAAmB,CAAC,QAAQ;YAChD,oBAAoB,EAAE,mBAAmB,CAAC,QAAQ;YAClD,cAAc,EAAE,mBAAmB,CAAC,QAAQ;YAC5C,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,SAAS,EAAE,mBAAmB,CAAC,QAAQ;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,wBAAwB,EAAE,mBAAmB,CAAC,QAAQ;YACtD,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,sBAAsB,EAAE,mBAAmB,CAAC,QAAQ;YACpD,yBAAyB,EAAE,mBAAmB,CAAC,QAAQ;YACvD,yBAAyB,EAAE,mBAAmB,CAAC,QAAQ;YACvD,eAAe,EAAE,mBAAmB,CAAC,QAAQ;YAC7C,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,uBAAuB,EAAE,mBAAmB,CAAC,IAAI;YACjD,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,qBAAqB,EAAE,mBAAmB,CAAC,IAAI;YAC/C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,gBAAgB,EAAE,mBAAmB,CAAC,MAAM;YAC5C,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,uBAAuB,EAAE,mBAAmB,CAAC,MAAM;YACnD,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,uBAAuB,EAAE,mBAAmB,CAAC,GAAG;YAChD,oBAAoB,EAAE,mBAAmB,CAAC,GAAG;YAC7C,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,cAAc,EAAE,mBAAmB,CAAC,GAAG;SACxC,CAAC,CAAC;IACL,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"strict.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/strict.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,UAAU;IAClD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,OAAO;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,OAAO;YACjD,iBAAiB,EAAE,mBAAmB,CAAC,OAAO;YAC9C,kBAAkB,EAAE,mBAAmB,CAAC,OAAO;YAC/C,yBAAyB,EAAE,mBAAmB,CAAC,OAAO;YACtD,sBAAsB,EAAE,mBAAmB,CAAC,QAAQ;YACpD,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,eAAe,EAAE,mBAAmB,CAAC,QAAQ;YAC7C,kBAAkB,EAAE,mBAAmB,CAAC,QAAQ;YAChD,oBAAoB,EAAE,mBAAmB,CAAC,QAAQ;YAClD,cAAc,EAAE,mBAAmB,CAAC,QAAQ;YAC5C,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,SAAS,EAAE,mBAAmB,CAAC,QAAQ;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,wBAAwB,EAAE,mBAAmB,CAAC,QAAQ;YACtD,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,sBAAsB,EAAE,mBAAmB,CAAC,QAAQ;YACpD,yBAAyB,EAAE,mBAAmB,CAAC,QAAQ;YACvD,yBAAyB,EAAE,mBAAmB,CAAC,QAAQ;YACvD,eAAe,EAAE,mBAAmB,CAAC,QAAQ;YAC7C,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,uBAAuB,EAAE,mBAAmB,CAAC,IAAI;YACjD,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,qBAAqB,EAAE,mBAAmB,CAAC,IAAI;YAC/C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,gBAAgB,EAAE,mBAAmB,CAAC,MAAM;YAC5C,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,uBAAuB,EAAE,mBAAmB,CAAC,MAAM;YACnD,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,uBAAuB,EAAE,mBAAmB,CAAC,GAAG;YAChD,oBAAoB,EAAE,mBAAmB,CAAC,GAAG;YAC7C,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,cAAc,EAAE,mBAAmB,CAAC,GAAG;SACxC,CAAC,CAAC;IACL,CAAC;CACF"}
|
|
@@ -3,7 +3,7 @@ import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
|
|
|
3
3
|
import { ResolvedUser } from '../users.js';
|
|
4
4
|
import PolicyRule, { ConfigurableRuleOptions } from './policyRule.js';
|
|
5
5
|
export default class NoInactiveUsers extends PolicyRule<ResolvedUser> {
|
|
6
|
-
private ruleConfig;
|
|
6
|
+
private readonly ruleConfig;
|
|
7
7
|
constructor(localOpts: ConfigurableRuleOptions<NoInactiveUsersOptions>);
|
|
8
8
|
run(context: RuleAuditContext<ResolvedUser>): Promise<PartialPolicyRuleResult>;
|
|
9
9
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"noInactiveUsers.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noInactiveUsers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAA0B,4BAA4B,EAAE,MAAM,2BAA2B,CAAC;AAEjG,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElD,OAAO,UAAU,EAAE,EAA2B,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAExF,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,UAAwB;
|
|
1
|
+
{"version":3,"file":"noInactiveUsers.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noInactiveUsers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAA0B,4BAA4B,EAAE,MAAM,2BAA2B,CAAC;AAEjG,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAElD,OAAO,UAAU,EAAE,EAA2B,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AAExF,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,UAAwB;IAClD,UAAU,CAAyB;IAEpD,YAAmB,SAA0D;QAC3E,KAAK,CAAC,SAAS,CAAC,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,gBAAgB,CAChC,WAAW,EACX,CAAC,OAAO,EAAE,iBAAiB,CAAC,EAC5B,4BAA4B,EAC5B,SAAS,CAAC,UAAU,CACK,CAAC;IAC9B,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YACvD,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,MAAM,UAAU,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;gBAChE,IAAI,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,uBAAuB,EAAE,CAAC;oBACzD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;wBAC3B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,EAAE;4BAC/D,UAAU;4BACV,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;yBACvC,CAAC;qBACH,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YACvD,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;gBACpB,MAAM,eAAe,GAAG,gBAAgB,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBACvE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;oBAC3B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gCAAgC,EAAE;wBAC7D,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE;wBACxC,eAAe;qBAChB,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -16,7 +16,10 @@ export default class NoOtherApexApiLogins extends PolicyRule {
|
|
|
16
16
|
if (loginSummary.loginType === 'Other Apex API') {
|
|
17
17
|
result.violations.push({
|
|
18
18
|
identifier: [user.username, new Date(loginSummary.lastLogin).toISOString()],
|
|
19
|
-
message: messages.getMessage('violations.no-other-apex-api-logins', [
|
|
19
|
+
message: messages.getMessage('violations.no-other-apex-api-logins', [
|
|
20
|
+
loginSummary.loginCount,
|
|
21
|
+
this.opts.auditContext.policies.users?.content.options.analyseLastNDaysOfLoginHistory,
|
|
22
|
+
]),
|
|
20
23
|
});
|
|
21
24
|
}
|
|
22
25
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"noOtherApexApiLogins.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noOtherApexApiLogins.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,UAAwB;IACxE,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,IAAI,YAAY,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;oBAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;wBAC3E,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,YAAY,CAAC,
|
|
1
|
+
{"version":3,"file":"noOtherApexApiLogins.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noOtherApexApiLogins.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,UAAwB;IACxE,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,IAAI,YAAY,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;oBAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;wBAC3E,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE;4BAClE,YAAY,CAAC,UAAU;4BACvB,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,OAAO,CAAC,8BAA8B;yBACtF,CAAC;qBACH,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -29,6 +29,10 @@ export type AuditContext = {
|
|
|
29
29
|
*/
|
|
30
30
|
targetOrgConnection: Connection;
|
|
31
31
|
};
|
|
32
|
+
/**
|
|
33
|
+
* Run-time context of execution, that is directly resolved
|
|
34
|
+
* from the target org.
|
|
35
|
+
*/
|
|
32
36
|
export type RuleAuditContext<T> = AuditContext & {
|
|
33
37
|
/**
|
|
34
38
|
* Resolved entities from the policy. Can be permission sets,
|
package/lib/libs/core/utils.d.ts
CHANGED
|
@@ -2,6 +2,8 @@ export declare function isEmpty(anything?: unknown): boolean;
|
|
|
2
2
|
export declare function isNullish(anything: unknown): boolean;
|
|
3
3
|
export declare function capitalize(anyString: string): string;
|
|
4
4
|
export declare function uncapitalize(anyString: string): string;
|
|
5
|
+
export declare function isParseableDate(value: unknown): boolean;
|
|
6
|
+
export declare function formatToLocale(value: unknown): string;
|
|
5
7
|
/**
|
|
6
8
|
* Both dates have to be UNIX timestamps
|
|
7
9
|
*
|
package/lib/libs/core/utils.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { isDate } from 'node:util/types';
|
|
1
2
|
export function isEmpty(anything) {
|
|
2
3
|
if (isNullish(anything)) {
|
|
3
4
|
return true;
|
|
@@ -16,6 +17,31 @@ export function capitalize(anyString) {
|
|
|
16
17
|
export function uncapitalize(anyString) {
|
|
17
18
|
return `${anyString[0].toLowerCase()}${anyString.slice(1)}`;
|
|
18
19
|
}
|
|
20
|
+
export function isParseableDate(value) {
|
|
21
|
+
if (typeof value === 'string') {
|
|
22
|
+
const d = new Date(value);
|
|
23
|
+
return !Number.isNaN(d.getTime());
|
|
24
|
+
}
|
|
25
|
+
return false;
|
|
26
|
+
}
|
|
27
|
+
export function formatToLocale(value) {
|
|
28
|
+
if (isParseableDate(value)) {
|
|
29
|
+
return new Date(value).toLocaleString();
|
|
30
|
+
}
|
|
31
|
+
if (isDate(value)) {
|
|
32
|
+
return value.toLocaleString();
|
|
33
|
+
}
|
|
34
|
+
switch (typeof value) {
|
|
35
|
+
case 'string':
|
|
36
|
+
return value;
|
|
37
|
+
case 'number':
|
|
38
|
+
return value.toLocaleString();
|
|
39
|
+
case 'object':
|
|
40
|
+
return JSON.stringify(value);
|
|
41
|
+
default:
|
|
42
|
+
return '';
|
|
43
|
+
}
|
|
44
|
+
}
|
|
19
45
|
/**
|
|
20
46
|
* Both dates have to be UNIX timestamps
|
|
21
47
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/libs/core/utils.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,OAAO,CAAC,QAAkB;IACxC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,OAAO,CAAC,QAAS,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAiB;IACzC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,SAAiB;IAC5C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAsB,EAAE,KAAsB;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,GAAG,cAAc,CAAC,CAAC;IACvD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC"}
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../../src/libs/core/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,UAAU,OAAO,CAAC,QAAkB;IACxC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,OAAO,CAAC,QAAS,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAiB;IACzC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,SAAiB;IAC5C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,IAAI,CAAC,KAAe,CAAC,CAAC,cAAc,EAAE,CAAC;IACpD,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,cAAc,EAAE,CAAC;IAChC,CAAC;IACD,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC,cAAc,EAAE,CAAC;QAChC,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC/B;YACE,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAsB,EAAE,KAAsB;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,GAAG,cAAc,CAAC,CAAC;IACvD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC"}
|
|
@@ -69,3 +69,11 @@ Reports allow to export classified or sensitive data.
|
|
|
69
69
|
# ManageRemoteAccess
|
|
70
70
|
|
|
71
71
|
Manage, create, edit, and delete connected applications.
|
|
72
|
+
|
|
73
|
+
# DeleteFieldHistoryArchive
|
|
74
|
+
|
|
75
|
+
Enabled in "User Interface" and allows to delete audit records. It should be limited to technical users.
|
|
76
|
+
|
|
77
|
+
# DeleteFieldHistory
|
|
78
|
+
|
|
79
|
+
Enabled in "User Interface" and allows to delete audit records. It should be limited to technical users.
|
package/messages/rules.users.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# violations.no-other-apex-api-logins
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
%s logins with "Other Apex API" in the last %s days, which is a deprecated and insecure login type.
|
|
4
4
|
|
|
5
5
|
# violations.inactive-since-n-days
|
|
6
6
|
|
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j-schreiber/sf-cli-security-audit",
|
|
3
3
|
"description": "Salesforce CLI plugin to automate highly configurable security audits",
|
|
4
|
-
"version": "0.11.
|
|
4
|
+
"version": "0.11.1",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
7
7
|
"url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"
|