@j-schreiber/sf-cli-security-audit 0.13.0 → 0.14.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.d.ts +18 -0
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.js +65 -0
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.js.map +1 -0
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.types.d.ts +7 -0
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.types.js +2 -0
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.types.js.map +1 -0
- package/lib/libs/audit-engine/registry/definitions.js +2 -0
- package/lib/libs/audit-engine/registry/definitions.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/connectedApps.js +1 -1
- package/lib/libs/audit-engine/registry/policies/connectedApps.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.js +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/settings.js +1 -1
- package/lib/libs/audit-engine/registry/policies/settings.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js +5 -1
- package/lib/libs/audit-engine/registry/policies/users.js.map +1 -1
- package/lib/libs/audit-engine/registry/policy.d.ts +5 -2
- package/lib/libs/audit-engine/registry/policy.js +12 -5
- package/lib/libs/audit-engine/registry/policy.js.map +1 -1
- package/lib/libs/audit-engine/registry/result.types.d.ts +2 -2
- package/lib/libs/audit-engine/registry/rules/noStandardProfilesOnActiveUsers.d.ts +7 -0
- package/lib/libs/audit-engine/registry/rules/noStandardProfilesOnActiveUsers.js +31 -0
- package/lib/libs/audit-engine/registry/rules/noStandardProfilesOnActiveUsers.js.map +1 -0
- package/lib/salesforce/repositories/users/queries.d.ts +1 -1
- package/lib/salesforce/repositories/users/queries.js +1 -1
- package/lib/salesforce/repositories/users/queries.js.map +1 -1
- package/lib/salesforce/repositories/users/user.types.d.ts +1 -0
- package/lib/salesforce/repositories/users/user.types.js.map +1 -1
- package/lib/salesforce/repositories/users/users.js +1 -0
- package/lib/salesforce/repositories/users/users.js.map +1 -1
- package/messages/acceptedRisks.md +3 -0
- package/messages/rules.users.md +8 -0
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -85,7 +85,7 @@ FLAG DESCRIPTIONS
|
|
|
85
85
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
86
86
|
```
|
|
87
87
|
|
|
88
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
88
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.14.0/src/commands/org/audit/init.ts)_
|
|
89
89
|
|
|
90
90
|
## `sf org audit run`
|
|
91
91
|
|
|
@@ -130,7 +130,7 @@ FLAG DESCRIPTIONS
|
|
|
130
130
|
never truncated.
|
|
131
131
|
```
|
|
132
132
|
|
|
133
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
133
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.14.0/src/commands/org/audit/run.ts)_
|
|
134
134
|
|
|
135
135
|
## `sf org scan user-perms`
|
|
136
136
|
|
|
@@ -169,7 +169,7 @@ FLAG DESCRIPTIONS
|
|
|
169
169
|
retun 0 results).
|
|
170
170
|
```
|
|
171
171
|
|
|
172
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
172
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.14.0/src/commands/org/scan/user-perms.ts)_
|
|
173
173
|
|
|
174
174
|
<!-- commandsstop -->
|
|
175
175
|
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { PartialPolicyRuleResult } from '../registry/context.types.js';
|
|
2
|
+
import { Policies } from '../registry/shape/auditConfigShape.js';
|
|
3
|
+
/**
|
|
4
|
+
* Post-processing for violations from an audit run. Filters violations
|
|
5
|
+
* where identifier matches one of the documented accept risks pattern
|
|
6
|
+
* and mutes them.
|
|
7
|
+
*/
|
|
8
|
+
export default class AcceptedRisks {
|
|
9
|
+
private readonly config;
|
|
10
|
+
constructor();
|
|
11
|
+
/**
|
|
12
|
+
* Scrubs a policy result from all accepted risks
|
|
13
|
+
*
|
|
14
|
+
* @param policyName
|
|
15
|
+
* @param ruleResult
|
|
16
|
+
*/
|
|
17
|
+
scrub(policyName: Policies, ruleResult: PartialPolicyRuleResult): PartialPolicyRuleResult;
|
|
18
|
+
}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { Messages } from '@salesforce/core';
|
|
2
|
+
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
3
|
+
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'acceptedRisks');
|
|
4
|
+
/**
|
|
5
|
+
* Post-processing for violations from an audit run. Filters violations
|
|
6
|
+
* where identifier matches one of the documented accept risks pattern
|
|
7
|
+
* and mutes them.
|
|
8
|
+
*/
|
|
9
|
+
export default class AcceptedRisks {
|
|
10
|
+
config;
|
|
11
|
+
constructor() {
|
|
12
|
+
this.config = {
|
|
13
|
+
users: {
|
|
14
|
+
NoStandardProfilesOnActiveUsers: [
|
|
15
|
+
{
|
|
16
|
+
identifierMatcher: ['*', 'Sales Insights Integration User'],
|
|
17
|
+
reason: messages.getMessage('user-skipped-cannot-manage'),
|
|
18
|
+
},
|
|
19
|
+
],
|
|
20
|
+
},
|
|
21
|
+
profiles: {},
|
|
22
|
+
permissionSets: {},
|
|
23
|
+
connectedApps: {},
|
|
24
|
+
settings: {},
|
|
25
|
+
};
|
|
26
|
+
}
|
|
27
|
+
/**
|
|
28
|
+
* Scrubs a policy result from all accepted risks
|
|
29
|
+
*
|
|
30
|
+
* @param policyName
|
|
31
|
+
* @param ruleResult
|
|
32
|
+
*/
|
|
33
|
+
scrub(policyName, ruleResult) {
|
|
34
|
+
const ruleConfig = this.config[policyName][ruleResult.ruleName];
|
|
35
|
+
if (!ruleConfig || ruleConfig.length === 0) {
|
|
36
|
+
return ruleResult;
|
|
37
|
+
}
|
|
38
|
+
const { violations, mutedViolations } = scrubViolations(ruleResult.violations, ruleConfig);
|
|
39
|
+
return {
|
|
40
|
+
...ruleResult,
|
|
41
|
+
violations,
|
|
42
|
+
mutedViolations,
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
function scrubViolations(violations, acceptedRisks) {
|
|
47
|
+
const mutedViolations = [];
|
|
48
|
+
for (const risk of acceptedRisks) {
|
|
49
|
+
// can we truly iterate all violations per each risk?
|
|
50
|
+
// this is quadratic runtime (O(n2))
|
|
51
|
+
// need to find a smart algorithm that hashes identifiers and only
|
|
52
|
+
// iterates wildcards - linear runtime is MUST
|
|
53
|
+
violations.forEach((violation, index) => {
|
|
54
|
+
if (matches(violation.identifier, risk.identifierMatcher)) {
|
|
55
|
+
mutedViolations.push({ ...violation, reason: risk.reason });
|
|
56
|
+
violations.splice(index, 1);
|
|
57
|
+
}
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
return { violations, mutedViolations };
|
|
61
|
+
}
|
|
62
|
+
function matches(identifier, identifierMatcher) {
|
|
63
|
+
return identifier.length === 2 && identifier[1] === identifierMatcher[1];
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=acceptedRisks.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"acceptedRisks.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/accepted-risks/acceptedRisks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAM5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAO9F;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,aAAa;IACf,MAAM,CAAsB;IAE7C;QACE,IAAI,CAAC,MAAM,GAAG;YACZ,KAAK,EAAE;gBACL,+BAA+B,EAAE;oBAC/B;wBACE,iBAAiB,EAAE,CAAC,GAAG,EAAE,iCAAiC,CAAC;wBAC3D,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,4BAA4B,CAAC;qBAC1D;iBACF;aACF;YACD,QAAQ,EAAE,EAAE;YACZ,cAAc,EAAE,EAAE;YAClB,aAAa,EAAE,EAAE;YACjB,QAAQ,EAAE,EAAE;SACb,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,UAAoB,EAAE,UAAmC;QACpE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAChE,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3C,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,eAAe,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAC3F,OAAO;YACL,GAAG,UAAU;YACb,UAAU;YACV,eAAe;SAChB,CAAC;IACJ,CAAC;CACF;AAED,SAAS,eAAe,CAAC,UAAiC,EAAE,aAAkC;IAC5F,MAAM,eAAe,GAA8B,EAAE,CAAC;IACtD,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,qDAAqD;QACrD,oCAAoC;QACpC,kEAAkE;QAClE,8CAA8C;QAC9C,UAAU,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,KAAK,EAAE,EAAE;YACtC,IAAI,OAAO,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;gBAC1D,eAAe,CAAC,IAAI,CAAC,EAAE,GAAG,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC5D,UAAU,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC;AACzC,CAAC;AAED,SAAS,OAAO,CAAC,UAAoB,EAAE,iBAA2B;IAChE,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,iBAAiB,CAAC,CAAC,CAAC,CAAC;AAC3E,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { Policies } from '../registry/shape/auditConfigShape.js';
|
|
2
|
+
export type AcceptedRisksConfig = Record<Policies, AcceptedPolicyRisks>;
|
|
3
|
+
export type AcceptedPolicyRisks = Record<string, AcceptedRuleRisks[]>;
|
|
4
|
+
export type AcceptedRuleRisks = {
|
|
5
|
+
identifierMatcher: string[];
|
|
6
|
+
reason: string;
|
|
7
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"acceptedRisks.types.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/accepted-risks/acceptedRisks.types.ts"],"names":[],"mappings":""}
|
|
@@ -11,6 +11,7 @@ import EnforcePermissionsOnProfileLike from './rules/enforcePermissionsOnProfile
|
|
|
11
11
|
import EnforcePermissionsOnUser from './rules/enforcePermissionsOnUser.js';
|
|
12
12
|
import NoInactiveUsers from './rules/noInactiveUsers.js';
|
|
13
13
|
import NoOtherApexApiLogins from './rules/noOtherApexApiLogins.js';
|
|
14
|
+
import NoStandardProfilesOnActiveUsers from './rules/noStandardProfilesOnActiveUsers.js';
|
|
14
15
|
import NoUserCanSelfAuthorize from './rules/noUserCanSelfAuthorize.js';
|
|
15
16
|
export const PolicyDefinitions = {
|
|
16
17
|
permissionSets: {
|
|
@@ -33,6 +34,7 @@ export const PolicyDefinitions = {
|
|
|
33
34
|
NoInactiveUsers,
|
|
34
35
|
EnforcePermissionClassifications: EnforcePermissionsOnUser,
|
|
35
36
|
EnforcePermissionPresets,
|
|
37
|
+
NoStandardProfilesOnActiveUsers,
|
|
36
38
|
},
|
|
37
39
|
},
|
|
38
40
|
connectedApps: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/definitions.ts"],"names":[],"mappings":"AAAA,OAAO,mBAAmB,MAAM,6BAA6B,CAAC;AAC9D,OAAO,oBAAoB,MAAM,8BAA8B,CAAC;AAChE,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,WAAW,MAAM,qBAAqB,CAAC;AAC9C,OAAO,YAA6C,MAAM,mBAAmB,CAAC;AAC9E,OAAO,0BAA0B,MAAM,uCAAuC,CAAC;AAC/E,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AACnE,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,+BAA+B,MAAM,4CAA4C,CAAC;AACzF,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,eAAe,MAAM,4BAA4B,CAAC;AACzD,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AACnE,OAAO,sBAAsB,MAAM,mCAAmC,CAAC;AAkBvE,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,cAAc,EAAE;QACd,OAAO,EAAE,oBAAoB;QAC7B,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;SAClE;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;YACjE,oBAAoB;SACrB;KACF;IACD,KAAK,EAAE;QACL,OAAO,EAAE,WAAW;QACpB,KAAK,EAAE;YACL,oBAAoB;YACpB,eAAe;YACf,gCAAgC,EAAE,wBAAwB;YAC1D,wBAAwB;
|
|
1
|
+
{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/definitions.ts"],"names":[],"mappings":"AAAA,OAAO,mBAAmB,MAAM,6BAA6B,CAAC;AAC9D,OAAO,oBAAoB,MAAM,8BAA8B,CAAC;AAChE,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,WAAW,MAAM,qBAAqB,CAAC;AAC9C,OAAO,YAA6C,MAAM,mBAAmB,CAAC;AAC9E,OAAO,0BAA0B,MAAM,uCAAuC,CAAC;AAC/E,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AACnE,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,+BAA+B,MAAM,4CAA4C,CAAC;AACzF,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,eAAe,MAAM,4BAA4B,CAAC;AACzD,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AACnE,OAAO,+BAA+B,MAAM,4CAA4C,CAAC;AACzF,OAAO,sBAAsB,MAAM,mCAAmC,CAAC;AAkBvE,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,cAAc,EAAE;QACd,OAAO,EAAE,oBAAoB;QAC7B,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;SAClE;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;YACjE,oBAAoB;SACrB;KACF;IACD,KAAK,EAAE;QACL,OAAO,EAAE,WAAW;QACpB,KAAK,EAAE;YACL,oBAAoB;YACpB,eAAe;YACf,gCAAgC,EAAE,wBAAwB;YAC1D,wBAAwB;YACxB,+BAA+B;SAChC;KACF;IACD,aAAa,EAAE;QACb,OAAO,EAAE,mBAAmB;QAC5B,KAAK,EAAE;YACL,0BAA0B;YAC1B,sBAAsB;SACvB;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;KACxB;CACF,CAAC;AAEF,MAAM,UAAU,UAAU,CACxB,UAAa,EACb,MAAsB;IAEtB,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAE/E,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -4,7 +4,7 @@ export default class ConnectedAppsPolicy extends Policy {
|
|
|
4
4
|
config;
|
|
5
5
|
auditConfig;
|
|
6
6
|
constructor(config, auditConfig, registry) {
|
|
7
|
-
super(config, auditConfig, registry);
|
|
7
|
+
super('users', config, auditConfig, registry);
|
|
8
8
|
this.config = config;
|
|
9
9
|
this.auditConfig = auditConfig;
|
|
10
10
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"connectedApps.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/connectedApps.ts"],"names":[],"mappings":"AACA,OAAO,EAAgB,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAI9E,OAAO,MAA+B,MAAM,gBAAgB,CAAC;AAE7D,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAAoB;IACzC;IAA6B;IAAvD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"connectedApps.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/connectedApps.ts"],"names":[],"mappings":"AACA,OAAO,EAAgB,aAAa,EAAE,MAAM,iCAAiC,CAAC;AAI9E,OAAO,MAA+B,MAAM,gBAAgB,CAAC;AAE7D,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAAoB;IACzC;IAA6B;IAAvD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADtB,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;IAElF,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,QAAQ,GAAG,IAAI,aAAa,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAChE,QAAQ,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,UAAU,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC,CAAC;QAC9F,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9D,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YAChC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;QACnC,CAAC;QACD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;IACnD,CAAC;CACF"}
|
|
@@ -10,7 +10,7 @@ export default class PermissionSetsPolicy extends Policy {
|
|
|
10
10
|
totalEntities;
|
|
11
11
|
classifications;
|
|
12
12
|
constructor(config, auditConfig, registry) {
|
|
13
|
-
super(config, auditConfig, registry);
|
|
13
|
+
super('permissionSets', config, auditConfig, registry);
|
|
14
14
|
this.config = config;
|
|
15
15
|
this.auditConfig = auditConfig;
|
|
16
16
|
this.classifications = this.auditConfig.classifications.permissionSets?.permissionSets ?? {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA+B;IAIrD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA+B;IAIrD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAD/B,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,cAAc,IAAI,EAAE,CAAC;QAC7F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;IAChE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrE,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;QAChG,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CACjE,CAAC,WAAW,EAAE,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,CAC5D,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7G,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,MAAM,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ;oBACX,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,IAAI;iBAC7C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,IAAI,CAAC,aAAa;SAC7B,CAAC,CAAC;QACH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;IAEO,oBAAoB,CAAC,WAAuC;QAClE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACnD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;iBACnE,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -10,7 +10,7 @@ export default class ProfilesPolicy extends Policy {
|
|
|
10
10
|
resolveState = { total: 0, resolved: 0 };
|
|
11
11
|
classifications;
|
|
12
12
|
constructor(config, auditConfig, registry) {
|
|
13
|
-
super(config, auditConfig, registry);
|
|
13
|
+
super('profiles', config, auditConfig, registry);
|
|
14
14
|
this.config = config;
|
|
15
15
|
this.auditConfig = auditConfig;
|
|
16
16
|
this.classifications = this.auditConfig.classifications.profiles?.profiles ?? {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAW,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAIrE,OAAO,EAAwC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE9F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AASjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAuB;IAIvC;IAA6B;IAH/C,YAAY,GAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,eAAe,CAAyB;IAEzD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAW,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAIrE,OAAO,EAAwC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE9F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AASjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAuB;IAIvC;IAA6B;IAH/C,YAAY,GAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,eAAe,CAAyB;IAEzD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADzB,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE,CAAC;QACjF,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACnD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC;QACpG,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACrG,MAAM,gBAAgB,GAAoC,EAAE,CAAC;QAC7D,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3D,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAE;oBAC7B,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC;iBACrC,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QACrF,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,kBAAkB,CAAC,MAA6B;QACtD,IAAI,CAAC,YAAY,GAAG,EAAE,GAAG,IAAI,CAAC,YAAY,EAAE,GAAG,MAAM,EAAE,CAAC;QACxD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;CACF"}
|
|
@@ -44,7 +44,7 @@ export default class SettingsPolicy extends Policy {
|
|
|
44
44
|
config;
|
|
45
45
|
auditConfig;
|
|
46
46
|
constructor(config, auditConfig) {
|
|
47
|
-
super(config, auditConfig, new SettingsRuleRegistry());
|
|
47
|
+
super('settings', config, auditConfig, new SettingsRuleRegistry());
|
|
48
48
|
this.config = config;
|
|
49
49
|
this.auditConfig = auditConfig;
|
|
50
50
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"settings.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/settings.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,YAA2C,MAAM,oBAAoB,CAAC;AAC7E,OAAO,eAAe,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAE,KAAK,EAAiB,MAAM,iCAAiC,CAAC;AACvE,OAAO,MAA+B,MAAM,cAAc,CAAC;AAM3D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAIjG,MAAM,OAAO,oBAAqB,SAAQ,YAAY;IACpD;QACE,KAAK,CAAC,EAAE,CAAC,CAAC;IACZ,CAAC;IAED,kDAAkD;IAClC,YAAY,CAC1B,QAA+B,EAC/B,YAA4B;QAE5B,MAAM,MAAM,GAA8B,EAAE,YAAY,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC;QACpG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1D,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC/C,IAAI,WAAW,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBACtC,MAAM,CAAC,YAAY,CAAC,IAAI,CACtB,IAAI,eAAe,CAAC;oBAClB,WAAW,EAAE,YAAY;oBACzB,eAAe,EAAE,QAAQ;oBACzB,WAAW;oBACX,UAAU,EAAE,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,IAAI,EAAE,CAAC;iBACrE,CAAC,CACH,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/B,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC;YAChH,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC;oBACvB,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,sCAAsC,CAAC;iBACxE,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAyB;IACzC;IAA6B;IAAvD,YAA0B,MAAoB,EAAS,WAA2B;QAChF,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,oBAAoB,EAAE,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"settings.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/settings.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,YAA2C,MAAM,oBAAoB,CAAC;AAC7E,OAAO,eAAe,MAAM,6BAA6B,CAAC;AAC1D,OAAO,EAAE,KAAK,EAAiB,MAAM,iCAAiC,CAAC;AACvE,OAAO,MAA+B,MAAM,cAAc,CAAC;AAM3D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAIjG,MAAM,OAAO,oBAAqB,SAAQ,YAAY;IACpD;QACE,KAAK,CAAC,EAAE,CAAC,CAAC;IACZ,CAAC;IAED,kDAAkD;IAClC,YAAY,CAC1B,QAA+B,EAC/B,YAA4B;QAE5B,MAAM,MAAM,GAA8B,EAAE,YAAY,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC;QACpG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1D,MAAM,WAAW,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YAC/C,IAAI,WAAW,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBACtC,MAAM,CAAC,YAAY,CAAC,IAAI,CACtB,IAAI,eAAe,CAAC;oBAClB,WAAW,EAAE,YAAY;oBACzB,eAAe,EAAE,QAAQ;oBACzB,WAAW;oBACX,UAAU,EAAE,wBAAwB,CAAC,KAAK,CAAC,UAAU,CAAC,OAAO,IAAI,EAAE,CAAC;iBACrE,CAAC,CACH,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/B,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC;YAChH,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC;oBACvB,IAAI,EAAE,QAAQ;oBACd,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,sCAAsC,CAAC;iBACxE,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAyB;IACzC;IAA6B;IAAvD,YAA0B,MAAoB,EAAS,WAA2B;QAChF,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,oBAAoB,EAAE,CAAC,CAAC;QAD3C,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;IAElF,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,aAAa,GAAG,2BAA2B,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACrE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,aAAa,CAAC,MAAM;YAC3B,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,iBAAiB,GAAG,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACpE,MAAM,wBAAwB,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;QAC5F,IAAI,CAAC,sCAAsC,CAAC,wBAAwB,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,aAAa,CAAC,MAAM;YAC3B,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,MAAM;SACvD,CAAC,CAAC;QACH,OAAO;YACL,gBAAgB,EAAE,wBAAwB;YAC1C,eAAe,EAAE,mBAAmB,CAAC,wBAAwB,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;SAClF,CAAC;IACJ,CAAC;IAEO,sCAAsC,CAAC,aAAgD;QAC7F,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YACtD,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;oBACrC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;oBACjD,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC;wBACnC,IAAI,EAAE,IAAI,CAAC,eAAe;wBAC1B,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,uCAAuC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;qBAC7F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,2BAA2B,CAAC,KAA4B;IAC/D,MAAM,QAAQ,GAAG,EAAE,CAAC;IACpB,KAAK,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3D,MAAM,gBAAgB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,gBAAgB,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YAC3C,QAAQ,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAY;IACzC,OAAQ,GAAuB,CAAC,eAAe,KAAK,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,mBAAmB,CAC1B,WAA8C,EAC9C,KAA4B;IAE5B,MAAM,MAAM,GAAG,IAAI,KAAK,EAAsB,CAAC;IAC/C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,OAAO,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC;YAC/F,SAAS;QACX,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yCAAyC,CAAC,EAAE,CAAC,CAAC;QAC5G,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,MAAM,KAAK,GAAG,uBAAuB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrD,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjC,CAAC;AAED,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC"}
|
|
@@ -11,7 +11,7 @@ export default class UsersPolicy extends Policy {
|
|
|
11
11
|
classifications;
|
|
12
12
|
resolveOptions;
|
|
13
13
|
constructor(config, auditConfig, registry) {
|
|
14
|
-
super(config, auditConfig, registry);
|
|
14
|
+
super('users', config, auditConfig, registry);
|
|
15
15
|
this.config = config;
|
|
16
16
|
this.auditConfig = auditConfig;
|
|
17
17
|
this.classifications = this.auditConfig.classifications.users?.users ?? {};
|
|
@@ -71,6 +71,10 @@ function buildResolveOptions(policyConfig) {
|
|
|
71
71
|
opts.withPermissions = true;
|
|
72
72
|
opts.withPermissionsMetadata = true;
|
|
73
73
|
}
|
|
74
|
+
if (policyConfig.rules['NoStandardProfilesOnActiveUsers']) {
|
|
75
|
+
opts.withPermissions = true;
|
|
76
|
+
opts.withPermissionsMetadata = true;
|
|
77
|
+
}
|
|
74
78
|
return opts;
|
|
75
79
|
}
|
|
76
80
|
//# sourceMappingURL=users.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAA6B,KAAK,EAAE,MAAM,iCAAiC,CAAC;AACnF,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAGrE,OAAO,EAAyC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG/F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,MAAoB;IAKjC;IAAiC;IAJnD,aAAa,CAAS;IACb,eAAe,CAAsB;IACrC,cAAc,CAA+B;IAE9D,YAA0B,MAAwB,EAAS,WAA2B,EAAE,QAAsB;QAC5G,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAA6B,KAAK,EAAE,MAAM,iCAAiC,CAAC;AACnF,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAGrE,OAAO,EAAyC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG/F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,MAAoB;IAKjC;IAAiC;IAJnD,aAAa,CAAS;IACb,eAAe,CAAsB;IACrC,cAAc,CAA+B;IAE9D,YAA0B,MAAwB,EAAS,WAA2B,EAAE,QAAsB;QAC5G,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADtB,WAAM,GAAN,MAAM,CAAkB;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEpF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC;QAC3E,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;QAC9D,IAAI,CAAC,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,qBAAqB,CAAC,KAAwB;QACpD,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,MAAM,SAAS,GAAiB;gBAC9B,GAAG,IAAI;gBACP,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B;aAClG,CAAC;YACF,IAAI,SAAS,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBAClD,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAC/B,IAAI,EAAE,IAAI,CAAC,QAAQ;oBACnB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;iBACvD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;YAC9C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,YAA8B;IACzD,MAAM,IAAI,GAAiC,EAAE,CAAC;IAC9C,IAAI,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACxF,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,IAAI,CAAC,yBAAyB,GAAG,YAAY,CAAC,OAAO,CAAC,8BAA8B,CAAC;IACvF,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;IAC9B,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,kCAAkC,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;IACtC,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,iCAAiC,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -1,20 +1,23 @@
|
|
|
1
1
|
import EventEmitter from 'node:events';
|
|
2
|
+
import AcceptedRisks from '../accepted-risks/acceptedRisks.js';
|
|
2
3
|
import RuleRegistry, { RegistryRuleResolveResult } from './ruleRegistry.js';
|
|
3
4
|
import { AuditPolicyResult, EntityResolveError } from './result.types.js';
|
|
4
5
|
import { AuditContext, IPolicy, RowLevelPolicyRule } from './context.types.js';
|
|
5
6
|
import { PolicyConfig } from './shape/schema.js';
|
|
6
|
-
import { AuditRunConfig } from './shape/auditConfigShape.js';
|
|
7
|
+
import { AuditRunConfig, Policies } from './shape/auditConfigShape.js';
|
|
7
8
|
export type ResolveEntityResult<T> = {
|
|
8
9
|
resolvedEntities: Record<string, T>;
|
|
9
10
|
ignoredEntities: EntityResolveError[];
|
|
10
11
|
};
|
|
11
12
|
export default abstract class Policy<T> extends EventEmitter implements IPolicy {
|
|
13
|
+
protected policyName: Policies;
|
|
12
14
|
config: PolicyConfig;
|
|
13
15
|
auditConfig: AuditRunConfig;
|
|
14
16
|
protected registry: RuleRegistry;
|
|
15
17
|
protected resolvedRules: RegistryRuleResolveResult;
|
|
16
18
|
protected entities?: ResolveEntityResult<T>;
|
|
17
|
-
|
|
19
|
+
protected riskManager: AcceptedRisks;
|
|
20
|
+
constructor(policyName: Policies, config: PolicyConfig, auditConfig: AuditRunConfig, registry: RuleRegistry);
|
|
18
21
|
getExecutableRules(): Array<RowLevelPolicyRule<T>>;
|
|
19
22
|
/**
|
|
20
23
|
* Resolves all entities of the policy.
|
|
@@ -1,16 +1,21 @@
|
|
|
1
1
|
import EventEmitter from 'node:events';
|
|
2
|
+
import AcceptedRisks from '../accepted-risks/acceptedRisks.js';
|
|
2
3
|
export default class Policy extends EventEmitter {
|
|
4
|
+
policyName;
|
|
3
5
|
config;
|
|
4
6
|
auditConfig;
|
|
5
7
|
registry;
|
|
6
8
|
resolvedRules;
|
|
7
9
|
entities;
|
|
8
|
-
|
|
10
|
+
riskManager;
|
|
11
|
+
constructor(policyName, config, auditConfig, registry) {
|
|
9
12
|
super();
|
|
13
|
+
this.policyName = policyName;
|
|
10
14
|
this.config = config;
|
|
11
15
|
this.auditConfig = auditConfig;
|
|
12
16
|
this.registry = registry;
|
|
13
17
|
this.resolvedRules = registry.resolveRules(config.rules, auditConfig);
|
|
18
|
+
this.riskManager = new AcceptedRisks();
|
|
14
19
|
}
|
|
15
20
|
getExecutableRules() {
|
|
16
21
|
return this.resolvedRules.enabledRules;
|
|
@@ -53,11 +58,13 @@ export default class Policy extends EventEmitter {
|
|
|
53
58
|
const ruleResults = await Promise.all(ruleResultPromises);
|
|
54
59
|
const executedRules = {};
|
|
55
60
|
for (const ruleResult of ruleResults) {
|
|
61
|
+
// scrub violations from accepted risks before evaluating entities
|
|
62
|
+
const scrubbedResult = this.riskManager.scrub(this.policyName, ruleResult);
|
|
56
63
|
// only fill compliant & violated entities, if they have not been set already
|
|
57
|
-
const { compliantEntities, violatedEntities } = evalResolvedEntities(
|
|
58
|
-
executedRules[
|
|
59
|
-
...
|
|
60
|
-
isCompliant:
|
|
64
|
+
const { compliantEntities, violatedEntities } = evalResolvedEntities(scrubbedResult, resolveResult);
|
|
65
|
+
executedRules[scrubbedResult.ruleName] = {
|
|
66
|
+
...scrubbedResult,
|
|
67
|
+
isCompliant: scrubbedResult.violations.length === 0,
|
|
61
68
|
compliantEntities,
|
|
62
69
|
violatedEntities,
|
|
63
70
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AACvC,OAAO,aAAa,MAAM,oCAAoC,CAAC;AAY/D,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAM9C;IACH;IACA;IACG;IARF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAClC,WAAW,CAAgB;IAErC,YACY,UAAoB,EACvB,MAAoB,EACpB,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QALE,eAAU,GAAV,UAAU,CAAU;QACvB,WAAM,GAAN,MAAM,CAAc;QACpB,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QACtE,IAAI,CAAC,WAAW,GAAG,IAAI,aAAa,EAAE,CAAC;IACzC,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;IACzC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,GAAG,CAAC,OAAqB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,OAAO,EAAE,KAAK;gBACd,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,EAAE;gBACnB,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAoC,CAAC;QACzE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,aAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACtG,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,kEAAkE;YAClE,MAAM,cAAc,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YAC3E,6EAA6E;YAC7E,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAI,cAAc,EAAE,aAAa,CAAC,CAAC;YACvG,aAAa,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG;gBACvC,GAAG,cAAc;gBACjB,WAAW,EAAE,cAAc,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBACnD,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI;YACb,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAAgC;IAEhC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO;QACL,iBAAiB,EAAE,UAAU,CAAC,iBAAiB,IAAI,iBAAiB;QACpE,gBAAgB,EAAE,UAAU,CAAC,gBAAgB,IAAI,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;KAC9E,CAAC;AACJ,CAAC;AAED,6DAA6D;AAC7D,wDAAwD;AACxD,MAAM,UAAU,QAAQ,CAAC,aAA2C;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}
|
|
@@ -9,7 +9,7 @@ export type PolicyRuleViolation = RuleComponentMessage & {
|
|
|
9
9
|
hint?: string;
|
|
10
10
|
};
|
|
11
11
|
/**
|
|
12
|
-
*
|
|
12
|
+
* Violation that was muted by an documented accepted risk.
|
|
13
13
|
*/
|
|
14
14
|
export type PolicyRuleViolationMute = PolicyRuleViolation & {
|
|
15
15
|
/**
|
|
@@ -44,7 +44,7 @@ export type RuleComponentMessage = {
|
|
|
44
44
|
* Path to a component. This can be a developer name of a connected app,
|
|
45
45
|
* permission set name or the permission within a profile.
|
|
46
46
|
*/
|
|
47
|
-
identifier: string
|
|
47
|
+
identifier: string[];
|
|
48
48
|
/**
|
|
49
49
|
* Descriptive message of the error, warning or violation.
|
|
50
50
|
*/
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { PartialPolicyRuleResult, RuleAuditContext } from '../context.types.js';
|
|
2
|
+
import { ResolvedUser } from '../policies/users.js';
|
|
3
|
+
import PolicyRule, { RuleOptions } from './policyRule.js';
|
|
4
|
+
export default class NoStandardProfilesOnActiveUsers extends PolicyRule<ResolvedUser> {
|
|
5
|
+
constructor(opts: RuleOptions);
|
|
6
|
+
run(context: RuleAuditContext<ResolvedUser>): Promise<PartialPolicyRuleResult>;
|
|
7
|
+
}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { Messages } from '@salesforce/core';
|
|
2
|
+
import PolicyRule from './policyRule.js';
|
|
3
|
+
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
4
|
+
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.users');
|
|
5
|
+
export default class NoStandardProfilesOnActiveUsers extends PolicyRule {
|
|
6
|
+
constructor(opts) {
|
|
7
|
+
super(opts);
|
|
8
|
+
}
|
|
9
|
+
run(context) {
|
|
10
|
+
const result = this.initResult();
|
|
11
|
+
for (const user of Object.values(context.resolvedEntities)) {
|
|
12
|
+
if (!user.profileMetadata) {
|
|
13
|
+
continue;
|
|
14
|
+
}
|
|
15
|
+
if (!user.profileMetadata.custom && user.isActive) {
|
|
16
|
+
result.violations.push({
|
|
17
|
+
identifier: [user.username, user.profileName],
|
|
18
|
+
message: messages.getMessage('violations.active-user-has-standard-profile'),
|
|
19
|
+
});
|
|
20
|
+
}
|
|
21
|
+
else if (!user.isActive && !user.profileMetadata.custom) {
|
|
22
|
+
result.warnings.push({
|
|
23
|
+
identifier: [user.username, user.profileName],
|
|
24
|
+
message: messages.getMessage('violations.inactive-user-has-standard-profile'),
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
return Promise.resolve(result);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=noStandardProfilesOnActiveUsers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"noStandardProfilesOnActiveUsers.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/noStandardProfilesOnActiveUsers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,+BAAgC,SAAQ,UAAwB;IACnF,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC1B,SAAS;YACX,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;oBAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6CAA6C,CAAC;iBAC5E,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC;gBAC1D,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACnB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC;oBAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,+CAA+C,CAAC;iBAC9E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export declare const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
|
|
1
|
+
export declare const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate,IsActive FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
|
|
2
2
|
export declare const buildPermsetAssignmentsQuery: (userIds: string[]) => string;
|
|
3
3
|
export declare const buildLoginHistoryQuery: (daysToAnalayse?: number) => string;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
|
|
1
|
+
export const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate,IsActive FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
|
|
2
2
|
// DYNAMIC QUERIES
|
|
3
3
|
export const buildPermsetAssignmentsQuery = (userIds) => `${USERS_PERMSET_ASSIGNMENTS_QUERY} AND AssigneeId IN (${userIds.map((userId) => `'${userId}'`).join(',')})`;
|
|
4
4
|
export const buildLoginHistoryQuery = (daysToAnalayse) => daysToAnalayse
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/queries.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GACrC,
|
|
1
|
+
{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/queries.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GACrC,4IAA4I,CAAC;AAE/I,kBAAkB;AAClB,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,OAAiB,EAAU,EAAE,CACxE,GAAG,+BAA+B,uBAAuB,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAE/G,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,cAAuB,EAAU,EAAE,CACxE,cAAc;IACZ,CAAC,CAAC,GAAG,yBAAyB,mCAAmC,cAAc,wCAAwC;IACvH,CAAC,CAAC,GAAG,yBAAyB,wCAAwC,CAAC;AAE3E,eAAe;AACf,MAAM,yBAAyB,GAC7B,mGAAmG,CAAC;AACtG,MAAM,+BAA+B,GACnC,yJAAyJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user.types.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/user.types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"user.types.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/user.types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AA+CpB,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,uCAAuC;IACvC,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5C,wEAAwE;IACxE,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChD,mDAAmD;IACnD,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC3C,+EAA+E;IAC/E,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACpD,CAAC,CAAC"}
|
|
@@ -25,6 +25,7 @@ export default class Users {
|
|
|
25
25
|
userId: user.Id,
|
|
26
26
|
username: user.Username,
|
|
27
27
|
lastLogin: user.LastLoginDate ? Date.parse(user.LastLoginDate) : undefined,
|
|
28
|
+
isActive: Boolean(user.IsActive),
|
|
28
29
|
createdDate: Date.parse(user.CreatedDate),
|
|
29
30
|
profileName: user.Profile.Name,
|
|
30
31
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,EAGL,yBAAyB,GAG1B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,0BAA0B,EAAE,sBAAsB,EAAE,4BAA4B,EAAE,MAAM,cAAc,CAAC;AAEhH,MAAM,CAAC,OAAO,OAAO,KAAK;IAGY;IAFnB,SAAS,CAAQ;IAElC,YAAoC,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QACxD,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,IAAmC;QACtD,MAAM,cAAc,GAAG,yBAAyB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACnE,MAAM,MAAM,GAAsB,IAAI,GAAG,EAAgB,CAAC;QAC1D,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAS,0BAA0B,CAAC,CAAC;QACtF,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG;gBACV,MAAM,EAAE,IAAI,CAAC,EAAG;gBAChB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;gBACzC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;aAC/B,CAAC;YACF,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC;QACD,IAAI,cAAc,CAAC,gBAAgB,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,yBAAyB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,cAAc,CAAC,eAAe,EAAE,CAAC;YACnC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,cAAc,CAAC,uBAAuB,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sBAAsB;IAEd,KAAK,CAAC,aAAa,CAAC,KAAwB,EAAE,aAAsB;QAC1E,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,KAAwB,EAAE,YAAqB;QAC9E,MAAM,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC;QAC5C,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,aAAsB;QACjD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAwB,sBAAsB,CAAC,aAAa,CAAC,CAAC,CAAC;QAC/G,MAAM,YAAY,GAAG,IAAI,GAAG,EAAwB,CAAC;QACrD,KAAK,MAAM,eAAe,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACnD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9C,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC;gBAC7C,SAAS,EAAE,eAAe,CAAC,SAAS;gBACpC,UAAU,EAAE,eAAe,CAAC,UAAU;gBACtC,WAAW,EAAE,eAAe,CAAC,WAAW;gBACxC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC;aACjD,CAAC,CAAC;QACL,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,KAAwB;QAC9D,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACzD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,KAAwB;QACpD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7F,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,KAAwB;QAC1D,MAAM,YAAY,GAAG,wBAAwB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAC7E,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,WAAY,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAiB;QAC9C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAqC,CAAC;QACjE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAA4B,4BAA4B,CAAC,OAAO,CAAC,CAAC,CAAC;QACpH,KAAK,MAAM,UAAU,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;YAC/C,IAAI,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;gBACtD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAE,CAAC,IAAI,CAAC;gBAC3C,uBAAuB,EAAE,UAAU,CAAC,aAAa,CAAC,IAAI;gBACtD,mBAAmB,EAAE,UAAU,CAAC,oBAAoB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ;gBACzE,GAAG,CAAC,UAAU,CAAC,kBAAkB,EAAE,aAAa,IAAI;oBAClD,SAAS,EAAE,UAAU,CAAC,kBAAkB,EAAE,aAAa;iBACxD,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AAED,SAAS,wBAAwB,CAAC,KAAqB;IACrD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;gBAClC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAqB;IAC/C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AACpC,CAAC"}
|
|
1
|
+
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,EAGL,yBAAyB,GAG1B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,0BAA0B,EAAE,sBAAsB,EAAE,4BAA4B,EAAE,MAAM,cAAc,CAAC;AAEhH,MAAM,CAAC,OAAO,OAAO,KAAK;IAGY;IAFnB,SAAS,CAAQ;IAElC,YAAoC,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QACxD,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,IAAmC;QACtD,MAAM,cAAc,GAAG,yBAAyB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACnE,MAAM,MAAM,GAAsB,IAAI,GAAG,EAAgB,CAAC;QAC1D,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAS,0BAA0B,CAAC,CAAC;QACtF,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG;gBACV,MAAM,EAAE,IAAI,CAAC,EAAG;gBAChB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAChC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;gBACzC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;aAC/B,CAAC;YACF,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC;QACD,IAAI,cAAc,CAAC,gBAAgB,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,yBAAyB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,cAAc,CAAC,eAAe,EAAE,CAAC;YACnC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,cAAc,CAAC,uBAAuB,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sBAAsB;IAEd,KAAK,CAAC,aAAa,CAAC,KAAwB,EAAE,aAAsB;QAC1E,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,KAAwB,EAAE,YAAqB;QAC9E,MAAM,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC;QAC5C,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,aAAsB;QACjD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAwB,sBAAsB,CAAC,aAAa,CAAC,CAAC,CAAC;QAC/G,MAAM,YAAY,GAAG,IAAI,GAAG,EAAwB,CAAC;QACrD,KAAK,MAAM,eAAe,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACnD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9C,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC;gBAC7C,SAAS,EAAE,eAAe,CAAC,SAAS;gBACpC,UAAU,EAAE,eAAe,CAAC,UAAU;gBACtC,WAAW,EAAE,eAAe,CAAC,WAAW;gBACxC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC;aACjD,CAAC,CAAC;QACL,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,KAAwB;QAC9D,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACzD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,KAAwB;QACpD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7F,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,KAAwB;QAC1D,MAAM,YAAY,GAAG,wBAAwB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAC7E,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,WAAY,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAiB;QAC9C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAqC,CAAC;QACjE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAA4B,4BAA4B,CAAC,OAAO,CAAC,CAAC,CAAC;QACpH,KAAK,MAAM,UAAU,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;YAC/C,IAAI,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;gBACtD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAE,CAAC,IAAI,CAAC;gBAC3C,uBAAuB,EAAE,UAAU,CAAC,aAAa,CAAC,IAAI;gBACtD,mBAAmB,EAAE,UAAU,CAAC,oBAAoB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ;gBACzE,GAAG,CAAC,UAAU,CAAC,kBAAkB,EAAE,aAAa,IAAI;oBAClD,SAAS,EAAE,UAAU,CAAC,kBAAkB,EAAE,aAAa;iBACxD,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AAED,SAAS,wBAAwB,CAAC,KAAqB;IACrD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;gBAClC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAqB;IAC/C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AACpC,CAAC"}
|
package/messages/rules.users.md
CHANGED
|
@@ -21,3 +21,11 @@ User was created %s (%s days ago), but never logged in.
|
|
|
21
21
|
# violations.entity-not-allowed-for-user-role
|
|
22
22
|
|
|
23
23
|
User has the role "%s", but %s is classified as "%s". This is not allowed.
|
|
24
|
+
|
|
25
|
+
# violations.active-user-has-standard-profile
|
|
26
|
+
|
|
27
|
+
Active user has a standard profile assigned.
|
|
28
|
+
|
|
29
|
+
# violations.inactive-user-has-standard-profile
|
|
30
|
+
|
|
31
|
+
User has standard profile assigned, but is inactive.
|
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j-schreiber/sf-cli-security-audit",
|
|
3
3
|
"description": "Salesforce CLI plugin to automate highly configurable security audits",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.14.0",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
7
7
|
"url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"
|