npm - @j-schreiber/sf-cli-security-audit - Versions diffs - 0.11.0 → 0.11.2 - Mend

@j-schreiber/sf-cli-security-audit 0.11.0 → 0.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (276) hide show

package/lib/{libs/core/constants.js → salesforce/repositories/users/queries.js} RENAMED Viewed

@@ -1,20 +1,10 @@
-import path from 'node:path';
-// QUERIES
-export const CUSTOM_PERMS_QUERY = 'SELECT Id,MasterLabel,DeveloperName FROM CustomPermission';
-export const PROFILES_QUERY = 'SELECT Profile.Name,Profile.UserType,IsCustom FROM PermissionSet WHERE IsOwnedByProfile = TRUE';
-export const PERMISSION_SETS_QUERY = 'SELECT Name,Label,IsCustom,NamespacePrefix FROM PermissionSet WHERE IsOwnedByProfile = FALSE AND NamespacePrefix = NULL';
-export const CONNECTED_APPS_QUERY = 'SELECT Name,OptionsAllowAdminApprovedUsersOnly FROM ConnectedApplication';
-export const OAUTH_TOKEN_QUERY = 'SELECT User.Username,UseCount,AppName FROM OauthToken';
-export const ACTIVE_USERS_QUERY = "SELECT Id,Username,UserType FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
 export const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
 // DYNAMIC QUERIES
 export const buildPermsetAssignmentsQuery = (userIds) => `${USERS_PERMSET_ASSIGNMENTS_QUERY} AND AssigneeId IN (${userIds.map((userId) => `'${userId}'`).join(',')})`;
 export const buildLoginHistoryQuery = (daysToAnalayse) => daysToAnalayse
     ? `${USERS_LOGIN_HISTORY_QUERY} WHERE LoginTime >= LAST_N_DAYS:${daysToAnalayse} GROUP BY LoginType,Application,UserId`
     : `${USERS_LOGIN_HISTORY_QUERY} GROUP BY LoginType,Application,UserId`;
-// PATHS
-export const RETRIEVE_CACHE = path.join('.jsc', 'retrieves');
 // BASE QUERIES
 const USERS_LOGIN_HISTORY_QUERY = 'SELECT LoginType,Application,UserId,COUNT(Id)LoginCount,MAX(LoginTime)LastLogin FROM LoginHistory';
 const USERS_PERMSET_ASSIGNMENTS_QUERY = 'SELECT AssigneeId,PermissionSet.Name FROM PermissionSetAssignment WHERE PermissionSet.IsOwnedByProfile = FALSE AND PermissionSet.NamespacePrefix = NULL';
-//# sourceMappingURL=constants.js.map
+//# sourceMappingURL=queries.js.map

package/lib/salesforce/repositories/users/queries.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/queries.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GACrC,mIAAmI,CAAC;AAEtI,kBAAkB;AAClB,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,OAAiB,EAAU,EAAE,CACxE,GAAG,+BAA+B,uBAAuB,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAE/G,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,cAAuB,EAAU,EAAE,CACxE,cAAc;IACZ,CAAC,CAAC,GAAG,yBAAyB,mCAAmC,cAAc,wCAAwC;IACvH,CAAC,CAAC,GAAG,yBAAyB,wCAAwC,CAAC;AAE3E,eAAe;AACf,MAAM,yBAAyB,GAC7B,mGAAmG,CAAC;AACtG,MAAM,+BAA+B,GACnC,yJAAyJ,CAAC"}

package/lib/salesforce/repositories/users/user.types.d.ts ADDED Viewed

@@ -0,0 +1,54 @@
+import z from 'zod';
+import { PermissionSet, Profile } from '@jsforce/jsforce-node/lib/api/metadata.js';
+export type User = {
+    userId: string;
+    username: string;
+    profileName: string;
+    createdDate: number;
+    lastLogin?: number;
+    logins?: UserLogins[];
+    assignments?: PermissionSetAssignment[];
+    profileMetadata?: Profile;
+};
+export type UserPermissions = {
+    profileMetadata?: Profile;
+    assignedPermissionsets: PermissionSetAssignment[];
+};
+export type UserLogins = {
+    loginType: string;
+    application: string;
+    loginCount: number;
+    lastLogin: number;
+};
+export type PermissionSetAssignment = {
+    /**
+     * Developer name of the permission set
+     */
+    permissionSetIdentifier: string;
+    /**
+     * How user got this permission set assigned
+     */
+    permissionSetSource: 'direct' | 'group';
+    /**
+     * Metadata of the permission set
+     */
+    metadata?: PermissionSet;
+    /**
+     * If permission set is assigned through a group,
+     * this is the name of the group.
+     */
+    groupName?: string;
+};
+export declare const ResolveUsersOptionsSchema: z.ZodObject<{
+    withLoginHistory: z.ZodDefault<z.ZodBoolean>;
+    loginHistoryDaysToAnalyse: z.ZodOptional<z.ZodNumber>;
+    withPermissions: z.ZodDefault<z.ZodBoolean>;
+    withPermissionsMetadata: z.ZodDefault<z.ZodBoolean>;
+}, z.z.core.$strip>;
+export type ResolveUsersOptions = z.infer<typeof ResolveUsersOptionsSchema>;
+export type ResolvePermissionsOptions = {
+    /**
+     * Resolve permission set and profile metadata
+     */
+    withMetadata: boolean;
+};

package/lib/salesforce/repositories/users/user.types.js ADDED Viewed

@@ -0,0 +1,12 @@
+import z from 'zod';
+export const ResolveUsersOptionsSchema = z.object({
+    /** Resolve users with login history */
+    withLoginHistory: z.boolean().default(false),
+    /** Length of login history. Has no effect, if login history is false */
+    loginHistoryDaysToAnalyse: z.number().optional(),
+    /** Include profile and assigned permission sets */
+    withPermissions: z.boolean().default(false),
+    /** Adds metadata to permissions. Has no effect, if withPermissions is false */
+    withPermissionsMetadata: z.boolean().default(false),
+});
+//# sourceMappingURL=user.types.js.map

package/lib/salesforce/repositories/users/user.types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user.types.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/user.types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AA8CpB,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,uCAAuC;IACvC,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5C,wEAAwE;IACxE,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChD,mDAAmD;IACnD,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC3C,+EAA+E;IAC/E,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACpD,CAAC,CAAC"}

package/lib/salesforce/repositories/users/users.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { Connection } from '@salesforce/core';
+import { ResolveUsersOptions, User } from './user.types.js';
+export default class Users {
+    private readonly connection;
+    private readonly mdapiRepo;
+    constructor(connection: Connection);
+    /**
+     * Resolve all users from the target connection. Options controls
+     * additional properties that are resolved.
+     *
+     * @param opts
+     * @returns
+     */
+    resolve(opts?: Partial<ResolveUsersOptions>): Promise<Map<string, User>>;
+    private resolveLogins;
+    private resolvePermissions;
+    private fetchLoginData;
+    private resolvePermSetAssignments;
+    private resolveProfiles;
+    private resolvePermissionSets;
+    private fetchAssignments;
+}

package/lib/salesforce/repositories/users/users.js ADDED Viewed

@@ -0,0 +1,134 @@
+import { isNullish } from '../../../utils.js';
+import MDAPI from '../../mdapi/mdapi.js';
+import { ResolveUsersOptionsSchema, } from './user.types.js';
+import { ACTIVE_USERS_DETAILS_QUERY, buildLoginHistoryQuery, buildPermsetAssignmentsQuery } from './queries.js';
+export default class Users {
+    connection;
+    mdapiRepo;
+    constructor(connection) {
+        this.connection = connection;
+        this.mdapiRepo = MDAPI.create(this.connection);
+    }
+    /**
+     * Resolve all users from the target connection. Options controls
+     * additional properties that are resolved.
+     *
+     * @param opts
+     * @returns
+     */
+    async resolve(opts) {
+        const definitiveOpts = ResolveUsersOptionsSchema.parse(opts ?? {});
+        const result = new Map();
+        const allUsersOnOrg = await this.connection.query(ACTIVE_USERS_DETAILS_QUERY);
+        for (const user of allUsersOnOrg.records) {
+            const usr = {
+                userId: user.Id,
+                username: user.Username,
+                lastLogin: user.LastLoginDate ? Date.parse(user.LastLoginDate) : undefined,
+                createdDate: Date.parse(user.CreatedDate),
+                profileName: user.Profile.Name,
+            };
+            result.set(user.Username, usr);
+        }
+        if (definitiveOpts.withLoginHistory) {
+            await this.resolveLogins(result, definitiveOpts.loginHistoryDaysToAnalyse);
+        }
+        if (definitiveOpts.withPermissions) {
+            await this.resolvePermissions(result, definitiveOpts.withPermissionsMetadata);
+        }
+        return result;
+    }
+    //        PRIVATE ZONE
+    async resolveLogins(users, daysToAnalyse) {
+        const userLogins = await this.fetchLoginData(daysToAnalyse);
+        for (const user of users.values()) {
+            if (userLogins.has(user.userId)) {
+                user.logins = userLogins.get(user.userId);
+            }
+            else {
+                user.logins = [];
+            }
+        }
+    }
+    async resolvePermissions(users, withMetadata) {
+        await this.resolvePermSetAssignments(users);
+        if (withMetadata) {
+            await this.resolveProfiles(users);
+            await this.resolvePermissionSets(users);
+        }
+    }
+    async fetchLoginData(daysToAnalyse) {
+        const loginHistory = await this.connection.query(buildLoginHistoryQuery(daysToAnalyse));
+        const partialUsers = new Map();
+        for (const loginHistoryRow of loginHistory.records) {
+            if (!partialUsers.has(loginHistoryRow.UserId)) {
+                partialUsers.set(loginHistoryRow.UserId, []);
+            }
+            partialUsers.get(loginHistoryRow.UserId).push({
+                loginType: loginHistoryRow.LoginType,
+                loginCount: loginHistoryRow.LoginCount,
+                application: loginHistoryRow.Application,
+                lastLogin: Date.parse(loginHistoryRow.LastLogin),
+            });
+        }
+        return partialUsers;
+    }
+    async resolvePermSetAssignments(users) {
+        const userIds = Array.from(users.values()).map((usr) => usr.userId);
+        const assignments = await this.fetchAssignments(userIds);
+        for (const user of users.values()) {
+            user.assignments = assignments.get(user.userId) ?? [];
+        }
+    }
+    async resolveProfiles(users) {
+        const profiles = await this.mdapiRepo.resolve('Profile', uniqueProfileNames(users.values()));
+        for (const user of users.values()) {
+            user.profileMetadata = profiles[user.profileName];
+        }
+    }
+    async resolvePermissionSets(users) {
+        const permSetNames = uniquePermissionSetNames(users.values());
+        const permsets = await this.mdapiRepo.resolve('PermissionSet', permSetNames);
+        for (const user of users.values()) {
+            for (const ass of user.assignments) {
+                ass.metadata = permsets[ass.permissionSetIdentifier];
+            }
+        }
+    }
+    async fetchAssignments(userIds) {
+        const assignments = new Map();
+        const rawAssignment = await this.connection.query(buildPermsetAssignmentsQuery(userIds));
+        for (const assignment of rawAssignment.records) {
+            if (isNullish(assignments.get(assignment.AssigneeId))) {
+                assignments.set(assignment.AssigneeId, []);
+            }
+            assignments.get(assignment.AssigneeId).push({
+                permissionSetIdentifier: assignment.PermissionSet.Name,
+                permissionSetSource: assignment.PermissionSetGroupId ? 'group' : 'direct',
+                ...(assignment.PermissionSetGroup?.DeveloperName && {
+                    groupName: assignment.PermissionSetGroup?.DeveloperName,
+                }),
+            });
+        }
+        return assignments;
+    }
+}
+function uniquePermissionSetNames(users) {
+    const permSetNames = new Set();
+    for (const usr of users) {
+        if (usr.assignments) {
+            for (const ass of usr.assignments) {
+                permSetNames.add(ass.permissionSetIdentifier);
+            }
+        }
+    }
+    return Array.from(permSetNames);
+}
+function uniqueProfileNames(users) {
+    const uniqueProfiles = new Set();
+    for (const usr of users) {
+        uniqueProfiles.add(usr.profileName);
+    }
+    return Array.from(uniqueProfiles);
+}
+//# sourceMappingURL=users.js.map

package/lib/salesforce/repositories/users/users.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,EAGL,yBAAyB,GAG1B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,0BAA0B,EAAE,sBAAsB,EAAE,4BAA4B,EAAE,MAAM,cAAc,CAAC;AAEhH,MAAM,CAAC,OAAO,OAAO,KAAK;IAGY;IAFnB,SAAS,CAAQ;IAElC,YAAoC,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QACxD,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,IAAmC;QACtD,MAAM,cAAc,GAAG,yBAAyB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACnE,MAAM,MAAM,GAAsB,IAAI,GAAG,EAAgB,CAAC;QAC1D,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAS,0BAA0B,CAAC,CAAC;QACtF,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG;gBACV,MAAM,EAAE,IAAI,CAAC,EAAG;gBAChB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;gBACzC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;aAC/B,CAAC;YACF,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC;QACD,IAAI,cAAc,CAAC,gBAAgB,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,yBAAyB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,cAAc,CAAC,eAAe,EAAE,CAAC;YACnC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,cAAc,CAAC,uBAAuB,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sBAAsB;IAEd,KAAK,CAAC,aAAa,CAAC,KAAwB,EAAE,aAAsB;QAC1E,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,KAAwB,EAAE,YAAqB;QAC9E,MAAM,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC;QAC5C,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,aAAsB;QACjD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAwB,sBAAsB,CAAC,aAAa,CAAC,CAAC,CAAC;QAC/G,MAAM,YAAY,GAAG,IAAI,GAAG,EAAwB,CAAC;QACrD,KAAK,MAAM,eAAe,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACnD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9C,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC;gBAC7C,SAAS,EAAE,eAAe,CAAC,SAAS;gBACpC,UAAU,EAAE,eAAe,CAAC,UAAU;gBACtC,WAAW,EAAE,eAAe,CAAC,WAAW;gBACxC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC;aACjD,CAAC,CAAC;QACL,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,KAAwB;QAC9D,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACzD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,KAAwB;QACpD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7F,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,KAAwB;QAC1D,MAAM,YAAY,GAAG,wBAAwB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAC7E,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,WAAY,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAiB;QAC9C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAqC,CAAC;QACjE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAA4B,4BAA4B,CAAC,OAAO,CAAC,CAAC,CAAC;QACpH,KAAK,MAAM,UAAU,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;YAC/C,IAAI,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;gBACtD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAE,CAAC,IAAI,CAAC;gBAC3C,uBAAuB,EAAE,UAAU,CAAC,aAAa,CAAC,IAAI;gBACtD,mBAAmB,EAAE,UAAU,CAAC,oBAAoB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ;gBACzE,GAAG,CAAC,UAAU,CAAC,kBAAkB,EAAE,aAAa,IAAI;oBAClD,SAAS,EAAE,UAAU,CAAC,kBAAkB,EAAE,aAAa;iBACxD,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AAED,SAAS,wBAAwB,CAAC,KAAqB;IACrD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;gBAClC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAqB;IAC/C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AACpC,CAAC"}

package/lib/{libs/core/utils.d.ts → utils.d.ts} RENAMED Viewed

@@ -2,6 +2,8 @@ export declare function isEmpty(anything?: unknown): boolean;
 export declare function isNullish(anything: unknown): boolean;
 export declare function capitalize(anyString: string): string;
 export declare function uncapitalize(anyString: string): string;
+export declare function isParseableDate(value: unknown): boolean;
+export declare function formatToLocale(value: unknown): string;
 /**
  * Both dates have to be UNIX timestamps
  *

package/lib/{libs/core/utils.js → utils.js} RENAMED Viewed

@@ -1,3 +1,4 @@
+import { isDate } from 'node:util/types';
 export function isEmpty(anything) {
     if (isNullish(anything)) {
         return true;
@@ -16,6 +17,31 @@ export function capitalize(anyString) {
 export function uncapitalize(anyString) {
     return `${anyString[0].toLowerCase()}${anyString.slice(1)}`;
 }
+export function isParseableDate(value) {
+    if (typeof value === 'string') {
+        const d = new Date(value);
+        return !Number.isNaN(d.getTime());
+    }
+    return false;
+}
+export function formatToLocale(value) {
+    if (isParseableDate(value)) {
+        return new Date(value).toLocaleString();
+    }
+    if (isDate(value)) {
+        return value.toLocaleString();
+    }
+    switch (typeof value) {
+        case 'string':
+            return value;
+        case 'number':
+            return value.toLocaleString();
+        case 'object':
+            return JSON.stringify(value);
+        default:
+            return '';
+    }
+}
 /**
  * Both dates have to be UNIX timestamps
  *

package/lib/utils.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,UAAU,OAAO,CAAC,QAAkB;IACxC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,OAAO,CAAC,QAAS,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAiB;IACzC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,SAAiB;IAC5C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACpC,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,IAAI,CAAC,KAAe,CAAC,CAAC,cAAc,EAAE,CAAC;IACpD,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,cAAc,EAAE,CAAC;IAChC,CAAC;IACD,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC,cAAc,EAAE,CAAC;QAChC,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC/B;YACE,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAsB,EAAE,KAAsB;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,GAAG,cAAc,CAAC,CAAC;IACvD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC"}

package/lib/ux/auditRunMultiStage.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { MultiStageOutput, MultiStageOutputOptions } from '@oclif/multi-stage-output';
-import AuditRun from '../libs/core/auditRun.js';
+import { AuditRun } from '../libs/audit-engine/index.js';
 export declare const LOAD_AUDIT_CONFIG = "Loading audit config";
 export declare const RESOLVE_POLICIES = "Resolving policies";
 export declare const EXECUTE_RULES = "Executing rules";

package/lib/ux/auditRunMultiStage.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { MultiStageOutput } from '@oclif/multi-stage-output';
-import { capitalize } from '../libs/core/utils.js';
+import { capitalize } from '../utils.js';
 export const LOAD_AUDIT_CONFIG = 'Loading audit config';
 export const RESOLVE_POLICIES = 'Resolving policies';
 export const EXECUTE_RULES = 'Executing rules';
@@ -61,8 +61,8 @@ export default class AuditRunMultiStageOutput {
     }
     startPolicyResolve(runInstance) {
         this.mso.goto(RESOLVE_POLICIES, { currentStatus: 'Resolving' });
-        Object.entries(runInstance.configs.policies).forEach(([policyName, policy]) => {
-            if (policy.content.enabled) {
+        Object.entries(runInstance.config.policies).forEach(([policyName, policy]) => {
+            if (policy.enabled) {
                 this.addPolicyStatsListener(policyName, runInstance);
                 this.stageSpecificBlocks.push({
                     stage: RESOLVE_POLICIES,
@@ -83,8 +83,8 @@ export default class AuditRunMultiStageOutput {
     }
     startRuleExecution(runInstance) {
         this.mso.goto(EXECUTE_RULES, { currentStatus: 'Executing' });
-        Object.entries(runInstance.configs.policies).forEach(([policyName, policy]) => {
-            if (policy.content.enabled) {
+        Object.entries(runInstance.config.policies).forEach(([policyName, policy]) => {
+            if (policy.enabled) {
                 const enabledRules = runInstance.getExecutableRulesCount(policyName);
                 this.stageSpecificBlocks.push({
                     stage: EXECUTE_RULES,

package/lib/ux/auditRunMultiStage.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auditRunMultiStage.js","sourceRoot":"","sources":["../../src/ux/auditRunMultiStage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,2BAA2B,CAAC;~~AAEtF~~,OAAO,EAAE,UAAU,EAAE,MAAM,~~uBAAuB~~,CAAC;~~AAGnD~~,MAAM,CAAC,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AACxD,MAAM,CAAC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AACrD,MAAM,CAAC,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAC/C,MAAM,CAAC,MAAM,QAAQ,GAAG,oBAAoB,CAAC;AAmB7C,MAAM,CAAC,OAAO,OAAO,wBAAwB;IACpC,GAAG,CAAiC;IACpC,mBAAmB,CAAsC;IACxD,QAAQ,CAAmB;IAEnC,YAAmB,IAA2C;QAC5D,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,kBAAyD,CAAC;QAC1F,IAAI,CAAC,GAAG,GAAG,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,MAAM,CAAC,IAA2C;QAC9D,OAAO,IAAI,gBAAgB,CAAe,IAAI,CAAC,CAAC;IAClD,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,MAAM,CAAC,MAAM,CAAC,IAA0B;QAC7C,OAAO,IAAI,wBAAwB,CAAC;YAClC,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,KAAK;YACtC,MAAM,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,EAAE,aAAa,EAAE,QAAQ,CAAC;YACtE,KAAK,EAAE,cAAc;YACrB,cAAc,EAAE;gBACd;oBACE,IAAI,EAAE,SAAS;oBACf,GAAG,EAAE,GAAG,EAAE,CAAC,YAAY,IAAI,CAAC,SAAS,qBAAqB,IAAI,CAAC,iBAAiB,EAAE;iBACnF;aACF;YACD,eAAe,EAAE;gBACf;oBACE,IAAI,EAAE,kBAAkB;oBACxB,KAAK,EAAE,QAAQ;oBACf,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,aAAa;iBACnC;aACF;YACD,kBAAkB,EAAE,EAAE;SACvB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK;QACV,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,aAAa,EAAE,cAAc,EAAE,CAAC,CAAC;IACtE,CAAC;IAEM,kBAAkB,CAAC,WAAqB;QAC7C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,CAAC;QAChE,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,~~OAAO~~,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE;~~YAC5E~~,IAAI,MAAM,CAAC,OAAO,~~CAAC,OAAO,~~EAAE,CAAC;~~gBAC3B~~,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;gBACrD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,gBAAgB;oBACvB,IAAI,EAAE,mBAAmB;oBACzB,KAAK,EAAE,UAAU,CAAC,UAAU,CAAC;oBAC7B,GAAG,EAAE,CAAC,IAAkB,EAAU,EAAE;wBAClC,IAAI,IAAI,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;4BACjC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;wBAC9F,CAAC;6BAAM,CAAC;4BACN,OAAO,EAAE,CAAC;wBACZ,CAAC;oBACH,CAAC;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;IAEM,kBAAkB,CAAC,WAAqB;QAC7C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,~~OAAO~~,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE;~~YAC5E~~,IAAI,MAAM,CAAC,OAAO,~~CAAC,OAAO,~~EAAE,CAAC;~~gBAC3B~~,MAAM,YAAY,GAAG,WAAW,CAAC,uBAAuB,CAAC,~~UAAyB~~,CAAC,CAAC;~~gBACpF~~,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,aAAa;oBACpB,IAAI,EAAE,SAAS;oBACf,GAAG,EAAE,GAAG,EAAE,CAAC,GAAG,YAAY,gBAAgB,UAAU,CAAC,UAAU,CAAC,EAAE;iBACnE,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;IAEM,MAAM;QACX,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;IAEO,sBAAsB,GAAG,CAAC,UAAkB,EAAE,WAAqB,EAAQ,EAAE;QACnF,2EAA2E;QAC3E,oEAAoE;QACpE,qFAAqF;QACrF,4DAA4D;QAC5D,WAAW,CAAC,WAAW,CAAC,iBAAiB,UAAU,EAAE,EAAE,CAAC,IAAwB,EAAE,EAAE;YAClF,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAClB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;gBACrD,CAAC;gBACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBAC/C,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YACvF,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;CACH"}
1	+ {"version":3,"file":"auditRunMultiStage.js","sourceRoot":"","sources":["../../src/ux/auditRunMultiStage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,2BAA2B,CAAC;AACtF,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC,MAAM,CAAC,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AACxD,MAAM,CAAC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AACrD,MAAM,CAAC,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAC/C,MAAM,CAAC,MAAM,QAAQ,GAAG,oBAAoB,CAAC;AAmB7C,MAAM,CAAC,OAAO,OAAO,wBAAwB;IACpC,GAAG,CAAiC;IACpC,mBAAmB,CAAsC;IACxD,QAAQ,CAAmB;IAEnC,YAAmB,IAA2C;QAC5D,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,kBAAyD,CAAC;QAC1F,IAAI,CAAC,GAAG,GAAG,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,MAAM,CAAC,IAA2C;QAC9D,OAAO,IAAI,gBAAgB,CAAe,IAAI,CAAC,CAAC;IAClD,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,MAAM,CAAC,MAAM,CAAC,IAA0B;QAC7C,OAAO,IAAI,wBAAwB,CAAC;YAClC,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,KAAK;YACtC,MAAM,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,EAAE,aAAa,EAAE,QAAQ,CAAC;YACtE,KAAK,EAAE,cAAc;YACrB,cAAc,EAAE;gBACd;oBACE,IAAI,EAAE,SAAS;oBACf,GAAG,EAAE,GAAG,EAAE,CAAC,YAAY,IAAI,CAAC,SAAS,qBAAqB,IAAI,CAAC,iBAAiB,EAAE;iBACnF;aACF;YACD,eAAe,EAAE;gBACf;oBACE,IAAI,EAAE,kBAAkB;oBACxB,KAAK,EAAE,QAAQ;oBACf,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,aAAa;iBACnC;aACF;YACD,kBAAkB,EAAE,EAAE;SACvB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK;QACV,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,aAAa,EAAE,cAAc,EAAE,CAAC,CAAC;IACtE,CAAC;IAEM,kBAAkB,CAAC,WAAqB;QAC7C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,CAAC;QAChE,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE;YAC3E,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;gBACrD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,gBAAgB;oBACvB,IAAI,EAAE,mBAAmB;oBACzB,KAAK,EAAE,UAAU,CAAC,UAAU,CAAC;oBAC7B,GAAG,EAAE,CAAC,IAAkB,EAAU,EAAE;wBAClC,IAAI,IAAI,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;4BACjC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;wBAC9F,CAAC;6BAAM,CAAC;4BACN,OAAO,EAAE,CAAC;wBACZ,CAAC;oBACH,CAAC;iBACF,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;IAEM,kBAAkB,CAAC,WAAqB;QAC7C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE;YAC3E,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,MAAM,YAAY,GAAG,WAAW,CAAC,uBAAuB,CAAC,UAAsB,CAAC,CAAC;gBACjF,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,aAAa;oBACpB,IAAI,EAAE,SAAS;oBACf,GAAG,EAAE,GAAG,EAAE,CAAC,GAAG,YAAY,gBAAgB,UAAU,CAAC,UAAU,CAAC,EAAE;iBACnE,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;IAEM,MAAM;QACX,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;IAEO,sBAAsB,GAAG,CAAC,UAAkB,EAAE,WAAqB,EAAQ,EAAE;QACnF,2EAA2E;QAC3E,oEAAoE;QACpE,qFAAqF;QACrF,4DAA4D;QAC5D,WAAW,CAAC,WAAW,CAAC,iBAAiB,UAAU,EAAE,EAAE,CAAC,IAAwB,EAAE,EAAE;YAClF,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAClB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;gBACrD,CAAC;gBACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBAC/C,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YACvF,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;CACH"}

package/messages/policies.general.md CHANGED Viewed

@@ -1,11 +1,19 @@
 # entity-not-found
-Entity was not found on the target org.
+Entity was classified, but not found on the target org.
+# entity-not-classified
+Entity was found on the target org, but not classified.
 # profile-invalid-no-metadata
 Org did not return valid metadata for the profile. Entity cannot be processed.
+# permission-set-invalid-no-metadata
+Org did not return valid metadata for the permission set. Entity cannot be processed.
 # preset-unknown
 %ss with preset UNKNOWN are ignored.

package/messages/policyclassifications.md CHANGED Viewed

@@ -69,3 +69,11 @@ Reports allow to export classified or sensitive data.
 # ManageRemoteAccess
 Manage, create, edit, and delete connected applications.
+# DeleteFieldHistoryArchive
+Enabled in "User Interface" and allows to delete audit records. It should be limited to technical users.
+# DeleteFieldHistory
+Enabled in "User Interface" and allows to delete audit records. It should be limited to technical users.

package/messages/rules.enforceClassificationPresets.md CHANGED Viewed

@@ -1,10 +1,10 @@
 # violations.classification-preset-mismatch
-Permission is classified as "%s" and not allowed in preset "%s".
+Permission is classified as "%s" and not allowed in role "%s".
 # violations.permission-is-blocked
-Permission is BLOCKED and not allowed in any preset.
+Permission is BLOCKED and not allowed for any role.
 # warnings.permission-unknown

package/messages/rules.users.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # violations.no-other-apex-api-logins
-Has %s logins with "Other Apex API", which is a deprecated and insecure login type.
+%s logins with "Other Apex API" in the last %s days, which is a deprecated and insecure login type.
 # violations.inactive-since-n-days

package/oclif.manifest.json CHANGED Viewed

@@ -251,5 +251,5 @@
       ]
     }
   },
-  "version": "0.11.0"
+  "version": "0.11.2"
 }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@j-schreiber/sf-cli-security-audit",
   "description": "Salesforce CLI plugin to automate highly configurable security audits",
-  "version": "0.11.0",
+  "version": "0.11.2",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"

package/lib/libs/conf-init/permissionsClassification.d.ts DELETED Viewed

@@ -1,37 +0,0 @@
-import { Connection } from '@salesforce/core';
-import { PermissionsClassificationContent, PermissionSetsClassificationContent, ProfilesClassificationContent, UsersClassificationContent } from '../core/file-mgmt/schema.js';
-import { AuditInitPresets } from './presets.js';
-/**
- * Initialises a fresh set of user permissions from target org connection.
- *
- * @param con
- * @returns
- */
-export declare function initUserPermissions(con: Connection, preset?: AuditInitPresets): Promise<PermissionsClassificationContent>;
-/**
- * Initialises a fresh set of custom permissions from the target org
- *
- * @param con
- * @returns
- */
-export declare function initCustomPermissions(con: Connection): Promise<PermissionsClassificationContent | undefined>;
-/**
- * Initialises a profiles classification with all profiles from the org.
- *
- * @param targetOrgCon
- * @returns
- */
-export declare function initProfiles(targetOrgCon: Connection): Promise<ProfilesClassificationContent>;
-/**
- * Initialises permission set classification with all perm sets
- *
- * @param targetOrgCon
- * @returns
- */
-export declare function initPermissionSets(targetOrgCon: Connection): Promise<PermissionSetsClassificationContent>;
-/**
- * Initialises users classification with all users classified as standard users.
- *
- * @param targetOrgCon
- */
-export declare function initUsers(targetOrgCon: Connection): Promise<UsersClassificationContent>;

package/lib/libs/conf-init/permissionsClassification.js DELETED Viewed

@@ -1,126 +0,0 @@
-import { ACTIVE_USERS_QUERY, CUSTOM_PERMS_QUERY, PERMISSION_SETS_QUERY, PROFILES_QUERY } from '../core/constants.js';
-import MDAPI from '../core/mdapi/mdapiRetriever.js';
-import { classificationSorter, PermissionRiskLevel } from '../core/classification-types.js';
-import { UserPrivilegeLevel } from '../core/policy-types.js';
-import { loadPreset } from './presets.js';
-/**
- * Initialises a fresh set of user permissions from target org connection.
- *
- * @param con
- * @returns
- */
-export async function initUserPermissions(con, preset) {
-    const describePerms = await parsePermsFromDescribe(con);
-    const assignedPerms = await findAssignedPerms(con);
-    const allPerms = { ...describePerms, ...assignedPerms };
-    const presConfig = loadPreset(preset);
-    const perms = presConfig.classifyUserPermissions(Object.values(allPerms));
-    perms.sort(classificationSorter);
-    const result = { permissions: {} };
-    perms.forEach((perm) => (result.permissions[perm.name] = {
-        label: sanitiseLabel(perm.label),
-        classification: perm.classification,
-        reason: perm.reason,
-    }));
-    return result;
-}
-/**
- * Initialises a fresh set of custom permissions from the target org
- *
- * @param con
- * @returns
- */
-export async function initCustomPermissions(con) {
-    const result = { permissions: {} };
-    const customPerms = await con.query(CUSTOM_PERMS_QUERY);
-    if (customPerms.records.length === 0) {
-        return undefined;
-    }
-    const perms = customPerms.records.map((cp) => ({
-        name: cp.DeveloperName,
-        label: cp.MasterLabel,
-        classification: PermissionRiskLevel.UNKNOWN,
-    }));
-    perms.forEach((perm) => (result.permissions[perm.name] = {
-        label: perm.label,
-        classification: perm.classification,
-    }));
-    return result;
-}
-/**
- * Initialises a profiles classification with all profiles from the org.
- *
- * @param targetOrgCon
- * @returns
- */
-export async function initProfiles(targetOrgCon) {
-    const profiles = await targetOrgCon.query(PROFILES_QUERY);
-    const content = { profiles: {} };
-    profiles.records.forEach((permsetRecord) => {
-        content.profiles[permsetRecord.Profile.Name] = { role: UserPrivilegeLevel.UNKNOWN };
-    });
-    return content;
-}
-/**
- * Initialises permission set classification with all perm sets
- *
- * @param targetOrgCon
- * @returns
- */
-export async function initPermissionSets(targetOrgCon) {
-    const permSets = await targetOrgCon.query(PERMISSION_SETS_QUERY);
-    const content = { permissionSets: {} };
-    permSets.records
-        .filter((permsetRecord) => permsetRecord.IsCustom)
-        .forEach((permsetRecord) => {
-        content.permissionSets[permsetRecord.Name] = { role: UserPrivilegeLevel.UNKNOWN };
-    });
-    return content;
-}
-/**
- * Initialises users classification with all users classified as standard users.
- *
- * @param targetOrgCon
- */
-export async function initUsers(targetOrgCon) {
-    const users = await targetOrgCon.query(ACTIVE_USERS_QUERY);
-    const content = {
-        users: {},
-    };
-    users.records.forEach((userRecord) => {
-        content.users[userRecord.Username] = { role: UserPrivilegeLevel.STANDARD_USER };
-    });
-    return content;
-}
-async function parsePermsFromDescribe(con) {
-    const permSet = await con.describe('PermissionSet');
-    const describeAvailablePerms = {};
-    permSet.fields
-        .filter((field) => field.name.startsWith('Permissions'))
-        .forEach((field) => {
-        const permName = field.name.replace('Permissions', '');
-        describeAvailablePerms[permName] = {
-            label: field.label,
-            name: permName,
-        };
-    });
-    return describeAvailablePerms;
-}
-async function findAssignedPerms(con) {
-    const assignedPerms = {};
-    const profiles = await con.query(PROFILES_QUERY);
-    if (profiles.records?.length > 0) {
-        const mdapi = new MDAPI(con);
-        const resolvedProfiles = await mdapi.resolve('Profile', profiles.records.map((p) => p.Profile.Name));
-        Object.values(resolvedProfiles).forEach((profile) => {
-            profile.userPermissions.forEach((userPerm) => {
-                assignedPerms[userPerm.name] = { name: userPerm.name };
-            });
-        });
-    }
-    return assignedPerms;
-}
-function sanitiseLabel(rawLabel) {
-    return rawLabel?.replaceAll(/[ \t]+$|[\r\n]+/g, '');
-}
-//# sourceMappingURL=permissionsClassification.js.map

package/lib/libs/conf-init/permissionsClassification.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACrH,OAAO,KAAK,MAAM,iCAAiC,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC5F,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAoB,UAAU,EAAE,MAAM,cAAc,CAAC;AAG5D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,GAAe,EACf,MAAyB;IAEzB,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,aAAa,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAAqC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACrE,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAChC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,MAAM,GAAqC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACrE,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAmB,kBAAkB,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,EAAE,CAAC,aAAa;QACtB,KAAK,EAAE,EAAE,CAAC,WAAW;QACrB,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,YAAwB;IACzD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IACzE,MAAM,OAAO,GAAkC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAChE,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACtF,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,qBAAqB,CAAC,CAAC;IAChF,MAAM,OAAO,GAAwC,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;IAC5E,QAAQ,CAAC,OAAO;SACb,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;SACjD,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzB,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACpF,CAAC,CAAC,CAAC;IACL,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,YAAwB;IACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,KAAK,CAAO,kBAAkB,CAAC,CAAC;IACjE,MAAM,OAAO,GAA+B;QAC1C,KAAK,EAAE,EAAE;KACV,CAAC;IACF,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;QACnC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAClF,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAe;IACnD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,sBAAsB,GAAqC,EAAE,CAAC;IACpE,OAAO,CAAC,MAAM;SACX,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;SACvD,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,sBAAsB,CAAC,QAAQ,CAAC,GAAG;YACjC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC,CAAC,CAAC;IACL,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAe;IAC9C,MAAM,aAAa,GAAqC,EAAE,CAAC;IAC3D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IAChE,IAAI,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAC1C,SAAS,EACT,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAC5C,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC3C,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;YACzD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,OAAO,QAAQ,EAAE,UAAU,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AACtD,CAAC"}

package/lib/libs/conf-init/policyConfigs.d.ts DELETED Viewed

@@ -1,21 +0,0 @@
-import { BasePolicyFileContent, UsersPolicyFileContent } from '../core/file-mgmt/schema.js';
-import { PolicyNames } from '../core/policyRegistry.js';
-/**
- * Initialises a new settings policy with default rules enabled.
- *
- * @returns
- */
-export declare function initSettings(): BasePolicyFileContent;
-/**
- * Initialises a users policy with all users flagged as standard user
- *
- * @param targetOrgCon
- */
-export declare function initUserPolicy(): UsersPolicyFileContent;
-/**
- * Initialises a default policy with all registered rules.
- *
- * @param policyName
- * @returns
- */
-export declare function initDefaultPolicy(policyName: PolicyNames): BasePolicyFileContent;