@j-schreiber/sf-cli-security-audit 0.14.0 → 0.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -5
- package/lib/commands/org/audit/init.d.ts +2 -2
- package/lib/commands/org/audit/init.js +2 -2
- package/lib/commands/org/audit/init.js.map +1 -1
- package/lib/commands/org/audit/run.d.ts +2 -0
- package/lib/commands/org/audit/run.js +65 -13
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/commands/org/scan/user-perms.d.ts +3 -0
- package/lib/commands/org/scan/user-perms.js +31 -1
- package/lib/commands/org/scan/user-perms.js.map +1 -1
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.d.ts +11 -3
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.js +82 -21
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.js.map +1 -1
- package/lib/libs/audit-engine/accepted-risks/acceptedRisks.types.d.ts +10 -5
- package/lib/libs/audit-engine/auditRun.d.ts +17 -7
- package/lib/libs/audit-engine/auditRun.js +43 -17
- package/lib/libs/audit-engine/auditRun.js.map +1 -1
- package/lib/libs/audit-engine/file-manager/fileManager.d.ts +4 -4
- package/lib/libs/audit-engine/file-manager/fileManager.js +84 -32
- package/lib/libs/audit-engine/file-manager/fileManager.js.map +1 -1
- package/lib/libs/audit-engine/file-manager/fileManager.types.d.ts +100 -15
- package/lib/libs/audit-engine/index.d.ts +140 -101
- package/lib/libs/audit-engine/index.js +33 -3
- package/lib/libs/audit-engine/index.js.map +1 -1
- package/lib/libs/audit-engine/registry/context.types.d.ts +7 -1
- package/lib/libs/audit-engine/registry/definitions.d.ts +146 -1
- package/lib/libs/audit-engine/registry/definitions.js +25 -0
- package/lib/libs/audit-engine/registry/definitions.js.map +1 -1
- package/lib/libs/audit-engine/registry/helpers/permissionsScanning.d.ts +1 -1
- package/lib/libs/audit-engine/registry/policies/connectedApps.d.ts +1 -1
- package/lib/libs/audit-engine/registry/policies/connectedApps.js +1 -1
- package/lib/libs/audit-engine/registry/policies/connectedApps.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.d.ts +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.d.ts +1 -1
- package/lib/libs/audit-engine/registry/policies/settings.d.ts +1 -1
- package/lib/libs/audit-engine/registry/policies/users.d.ts +1 -1
- package/lib/libs/audit-engine/registry/policy.d.ts +12 -7
- package/lib/libs/audit-engine/registry/policy.js +23 -22
- package/lib/libs/audit-engine/registry/policy.js.map +1 -1
- package/lib/libs/audit-engine/registry/result.types.d.ts +35 -3
- package/lib/libs/audit-engine/registry/ruleRegistry.d.ts +1 -1
- package/lib/libs/audit-engine/registry/rules/policyRule.d.ts +1 -1
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.d.ts +103 -105
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.js +44 -40
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/schema.d.ts +11 -0
- package/lib/libs/audit-engine/registry/shape/schema.js +6 -0
- package/lib/libs/audit-engine/registry/shape/schema.js.map +1 -1
- package/lib/libs/conf-init/auditConfig.js +1 -1
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/libs/conf-init/defaultClassifications.js +10 -42
- package/lib/libs/conf-init/defaultClassifications.js.map +1 -1
- package/lib/libs/conf-init/init.types.d.ts +1 -8
- package/lib/libs/conf-init/init.types.js +0 -1
- package/lib/libs/conf-init/init.types.js.map +1 -1
- package/lib/libs/quick-scan/types.d.ts +7 -0
- package/lib/libs/quick-scan/userPermissionScanner.d.ts +3 -0
- package/lib/libs/quick-scan/userPermissionScanner.js +63 -14
- package/lib/libs/quick-scan/userPermissionScanner.js.map +1 -1
- package/lib/salesforce/describes/orgDescribe.d.ts +29 -0
- package/lib/salesforce/describes/orgDescribe.js +91 -0
- package/lib/salesforce/describes/orgDescribe.js.map +1 -0
- package/lib/salesforce/describes/orgDescribe.types.d.ts +11 -0
- package/lib/salesforce/describes/orgDescribe.types.js +2 -0
- package/lib/salesforce/describes/orgDescribe.types.js.map +1 -0
- package/lib/salesforce/index.d.ts +1 -0
- package/lib/salesforce/index.js +1 -0
- package/lib/salesforce/index.js.map +1 -1
- package/lib/salesforce/repositories/users/user.types.js +1 -1
- package/lib/salesforce/repositories/users/user.types.js.map +1 -1
- package/lib/ux/auditRunMultiStage.d.ts +3 -1
- package/lib/ux/auditRunMultiStage.js +5 -1
- package/lib/ux/auditRunMultiStage.js.map +1 -1
- package/messages/org.audit.run.md +8 -0
- package/messages/org.scan.user-perms.md +12 -0
- package/oclif.manifest.json +8 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
#
|
|
1
|
+
# Security Audit Engine (SAE)
|
|
2
2
|
|
|
3
3
|
<p align="center">
|
|
4
4
|
<a href="https://www.npmjs.com/package/@j-schreiber/sf-cli-security-audit"><img src="https://img.shields.io/npm/v/@j-schreiber/sf-cli-security-audit.svg?logo=npm" alt="NPM version"/></a>
|
|
@@ -85,7 +85,7 @@ FLAG DESCRIPTIONS
|
|
|
85
85
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
86
86
|
```
|
|
87
87
|
|
|
88
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
88
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.16.0/src/commands/org/audit/init.ts)_
|
|
89
89
|
|
|
90
90
|
## `sf org audit run`
|
|
91
91
|
|
|
@@ -130,7 +130,7 @@ FLAG DESCRIPTIONS
|
|
|
130
130
|
never truncated.
|
|
131
131
|
```
|
|
132
132
|
|
|
133
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
133
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.16.0/src/commands/org/audit/run.ts)_
|
|
134
134
|
|
|
135
135
|
## `sf org scan user-perms`
|
|
136
136
|
|
|
@@ -138,12 +138,13 @@ Performs a quick scan for specific user permissions.
|
|
|
138
138
|
|
|
139
139
|
```
|
|
140
140
|
USAGE
|
|
141
|
-
$ sf org scan user-perms -n <value>... -o <value> [--json] [--flags-dir <value>] [--api-version <value>]
|
|
141
|
+
$ sf org scan user-perms -n <value>... -o <value> [--json] [--flags-dir <value>] [--api-version <value>] [--deep-scan]
|
|
142
142
|
|
|
143
143
|
FLAGS
|
|
144
144
|
-n, --name=<value>... (required) One or more permissions to be searched for.
|
|
145
145
|
-o, --target-org=<value> (required) The target org to scan.
|
|
146
146
|
--api-version=<value> Override the api version used for api requests made by this command
|
|
147
|
+
--deep-scan Include all user permission assignments.
|
|
147
148
|
|
|
148
149
|
GLOBAL FLAGS
|
|
149
150
|
--flags-dir=<value> Import flag values from a directory.
|
|
@@ -167,9 +168,13 @@ FLAG DESCRIPTIONS
|
|
|
167
168
|
If you are unsure what permissions are available on your org, initialise a new audit config and check the created
|
|
168
169
|
userPermissions.yml. Currently, the names are not validated: If you have a typo (such as "AutorApex", the scan will
|
|
169
170
|
retun 0 results).
|
|
171
|
+
|
|
172
|
+
--deep-scan Include all user permission assignments.
|
|
173
|
+
|
|
174
|
+
Searches the profile and all assigned permission sets for every active user on the org.
|
|
170
175
|
```
|
|
171
176
|
|
|
172
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
177
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.16.0/src/commands/org/scan/user-perms.ts)_
|
|
173
178
|
|
|
174
179
|
<!-- commandsstop -->
|
|
175
180
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { SfCommand } from '@salesforce/sf-plugins-core';
|
|
2
2
|
import { AuditInitPresets } from '../../../libs/conf-init/init.types.js';
|
|
3
|
-
import {
|
|
4
|
-
type AuditConfigSaveResult = ReturnType<
|
|
3
|
+
import { saveAuditConfig } from '../../../libs/audit-engine/index.js';
|
|
4
|
+
type AuditConfigSaveResult = ReturnType<typeof saveAuditConfig>;
|
|
5
5
|
export type OrgAuditInitResult = AuditConfigSaveResult;
|
|
6
6
|
export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
|
|
7
7
|
static readonly summary: string;
|
|
@@ -3,7 +3,7 @@ import { Messages } from '@salesforce/core';
|
|
|
3
3
|
import AuditConfig from '../../../libs/conf-init/auditConfig.js';
|
|
4
4
|
import { AuditInitPresets } from '../../../libs/conf-init/init.types.js';
|
|
5
5
|
import { capitalize } from '../../../utils.js';
|
|
6
|
-
import {
|
|
6
|
+
import { saveAuditConfig } from '../../../libs/audit-engine/index.js';
|
|
7
7
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
8
8
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.init');
|
|
9
9
|
const presetFlag = Flags.custom({
|
|
@@ -37,7 +37,7 @@ export default class OrgAuditInit extends SfCommand {
|
|
|
37
37
|
const auditConfig = await AuditConfig.init(flags['target-org'].getConnection(flags['api-version']), {
|
|
38
38
|
preset: flags.preset,
|
|
39
39
|
});
|
|
40
|
-
const saveResult =
|
|
40
|
+
const saveResult = saveAuditConfig(flags['output-dir'], auditConfig);
|
|
41
41
|
this.printResults(saveResult);
|
|
42
42
|
return saveResult;
|
|
43
43
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,wCAAwC,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,wCAAwC,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAC;AAEtE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAK/F,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAmB;IAChD,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC;IACpD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;IAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;IACxC,OAAO,EAAE,gBAAgB,CAAC,MAAM;CACjC,CAAC,EAAE,CAAC;AAEL,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,SAA6B;IAC9D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,EAAE,UAAU;QAClB,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE;YAClG,MAAM,EAAE,KAAK,CAAC,MAAM;SACrB,CAAC,CAAC;QACH,MAAM,UAAU,GAAG,eAAe,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,WAAW,CAAC,CAAC;QACrE,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;QAC9B,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,YAAY,CAAC,MAA6B;QAChD,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,eAAyD;QACpF,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YACrD,IAAI,GAAG,CAAC,aAAa,GAAG,CAAC,EAAE,CAAC;gBAC1B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,EAAE,CAAC,GAAG,CAAC,aAAa,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;YACjH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAA2C;QAC/D,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;YAC/C,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;gBACjB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE;oBAC5C,UAAU,CAAC,IAAI,CAAC;oBAChB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC;oBAC1C,GAAG,CAAC,QAAQ;iBACb,CAAC,CACH,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC"}
|
|
@@ -17,7 +17,9 @@ export default class OrgAuditRun extends SfCommand<OrgAuditRunResult> {
|
|
|
17
17
|
};
|
|
18
18
|
run(): Promise<OrgAuditRunResult>;
|
|
19
19
|
private printResults;
|
|
20
|
+
private printHighlights;
|
|
20
21
|
private printPoliciesSummary;
|
|
22
|
+
private printAcceptedRisksSummary;
|
|
21
23
|
private printExecutedRulesSummary;
|
|
22
24
|
private printRuleViolations;
|
|
23
25
|
private writeReport;
|
|
@@ -42,35 +42,83 @@ export default class OrgAuditRun extends SfCommand {
|
|
|
42
42
|
});
|
|
43
43
|
stageOutput.start();
|
|
44
44
|
const auditRun = startAuditRun(flags['source-dir']);
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
45
|
+
auditRun.on('stageupdate', (stageUpdate) => {
|
|
46
|
+
switch (stageUpdate.newStage) {
|
|
47
|
+
case 'resolving':
|
|
48
|
+
stageOutput.startPolicyResolve(auditRun);
|
|
49
|
+
break;
|
|
50
|
+
case 'executing':
|
|
51
|
+
stageOutput.startRuleExecution(auditRun);
|
|
52
|
+
break;
|
|
53
|
+
case 'finalising':
|
|
54
|
+
stageOutput.startFinalising();
|
|
55
|
+
break;
|
|
56
|
+
case 'completed':
|
|
57
|
+
stageOutput.finish();
|
|
58
|
+
break;
|
|
59
|
+
}
|
|
60
|
+
});
|
|
61
|
+
const result = await auditRun.execute(flags['target-org'].getConnection(flags['api-version']));
|
|
51
62
|
this.printResults(result, flags['verbose']);
|
|
52
63
|
const filePath = this.writeReport(result, flags);
|
|
53
64
|
return { ...result, filePath };
|
|
54
65
|
}
|
|
55
66
|
printResults(result, isVerbose) {
|
|
67
|
+
this.printHighlights(result);
|
|
56
68
|
this.printPoliciesSummary(result);
|
|
69
|
+
this.printAcceptedRisksSummary(result.acceptedRisks);
|
|
70
|
+
this.log('=== Rule Reports ===');
|
|
71
|
+
this.log('');
|
|
57
72
|
for (const [policyName, policyDetails] of Object.entries(result.policies)) {
|
|
58
73
|
this.printExecutedRulesSummary(policyName, policyDetails);
|
|
59
74
|
this.printRuleViolations(policyDetails.executedRules, isVerbose);
|
|
60
75
|
}
|
|
61
76
|
}
|
|
62
|
-
|
|
63
|
-
const polSummaries = transposePoliciesToTable(result);
|
|
77
|
+
printHighlights(result) {
|
|
64
78
|
if (result.isCompliant) {
|
|
65
79
|
this.logSuccess(messages.getMessage('success.all-policies-compliant'));
|
|
66
|
-
this.log('');
|
|
67
80
|
}
|
|
68
81
|
else {
|
|
69
82
|
this.log(StandardColors.error(messages.getMessage('summary-non-compliant')));
|
|
70
|
-
this.log('');
|
|
71
83
|
}
|
|
84
|
+
const customRisksCount = result.acceptedRisks ? result.acceptedRisks.filter((r) => r.type === 'custom').length : 0;
|
|
85
|
+
if (customRisksCount > 0) {
|
|
86
|
+
const totalViolationsMuted = result.acceptedRisks
|
|
87
|
+
.filter((r) => r.type === 'custom')
|
|
88
|
+
.reduce((sum, risk) => sum + risk.appliedCount, 0);
|
|
89
|
+
this.log(StandardColors.warning(messages.getMessage('has-documented-accepted-risks', [customRisksCount, totalViolationsMuted])));
|
|
90
|
+
}
|
|
91
|
+
else {
|
|
92
|
+
this.info(messages.getMessage('no-accepted-risks-configured'));
|
|
93
|
+
}
|
|
94
|
+
this.log('');
|
|
95
|
+
}
|
|
96
|
+
printPoliciesSummary(result) {
|
|
97
|
+
const polSummaries = transposePoliciesToTable(result);
|
|
72
98
|
this.table({ data: polSummaries, title: '=== Summary ===', titleOptions: { bold: true } });
|
|
73
99
|
}
|
|
100
|
+
printAcceptedRisksSummary(risks) {
|
|
101
|
+
if (!risks) {
|
|
102
|
+
return;
|
|
103
|
+
}
|
|
104
|
+
const data = risks
|
|
105
|
+
.filter((r) => r.type === 'custom')
|
|
106
|
+
.map((risk) => ({
|
|
107
|
+
policy: capitalize(risk.policy),
|
|
108
|
+
rule: risk.rule,
|
|
109
|
+
matcher: formatIdentifier(risk.matcher),
|
|
110
|
+
applied: risk.appliedCount,
|
|
111
|
+
}))
|
|
112
|
+
.sort((current, next) => next.applied - current.applied);
|
|
113
|
+
if (data.length === 0) {
|
|
114
|
+
return;
|
|
115
|
+
}
|
|
116
|
+
this.table({
|
|
117
|
+
data,
|
|
118
|
+
title: '=== Accepted Risks ===',
|
|
119
|
+
titleOptions: { bold: true },
|
|
120
|
+
});
|
|
121
|
+
}
|
|
74
122
|
printExecutedRulesSummary(policyName, policyDetails) {
|
|
75
123
|
if (!policyDetails.enabled) {
|
|
76
124
|
return;
|
|
@@ -89,9 +137,7 @@ export default class OrgAuditRun extends SfCommand {
|
|
|
89
137
|
for (const uncompliantRule of Object.values(executedRules).filter((ruleDetails) => !ruleDetails.isCompliant)) {
|
|
90
138
|
const data = uncompliantRule.violations.map((viol) => ({
|
|
91
139
|
...omit(viol, 'details'),
|
|
92
|
-
identifier:
|
|
93
|
-
? formatToLocale(viol.identifier)
|
|
94
|
-
: viol.identifier.map((id) => formatToLocale(id)).join(MERGE_CHAR),
|
|
140
|
+
identifier: formatIdentifier(viol.identifier),
|
|
95
141
|
}));
|
|
96
142
|
this.table({
|
|
97
143
|
data: isVerbose ? data : data.slice(0, maxLength),
|
|
@@ -132,8 +178,14 @@ function transposeExecutedPolicyRules(result) {
|
|
|
132
178
|
compliantEntities: ruleDetails.compliantEntities?.length ?? 0,
|
|
133
179
|
violatedEntities: ruleDetails.violatedEntities?.length ?? 0,
|
|
134
180
|
violations: ruleDetails.violations.length,
|
|
181
|
+
acceptedViolations: ruleDetails.mutedViolations.length,
|
|
135
182
|
warnings: ruleDetails.warnings.length,
|
|
136
183
|
errors: ruleDetails.errors.length,
|
|
137
184
|
}));
|
|
138
185
|
}
|
|
186
|
+
function formatIdentifier(identifier) {
|
|
187
|
+
return typeof identifier === 'string'
|
|
188
|
+
? formatToLocale(identifier)
|
|
189
|
+
: identifier.map((id) => formatToLocale(id)).join(MERGE_CHAR);
|
|
190
|
+
}
|
|
139
191
|
//# sourceMappingURL=run.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAMvC,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAMvC,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AAGrD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC;YAChE,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;QACpC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC;YACrB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;YACrD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,2BAA2B,CAAC;SAC9D,CAAC;KACH,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QAEpD,QAAQ,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC,WAAgC,EAAE,EAAE;YAC9D,QAAQ,WAAW,CAAC,QAAQ,EAAE,CAAC;gBAC7B,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,YAAY;oBACf,WAAW,CAAC,eAAe,EAAE,CAAC;oBAC9B,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,MAAM,EAAE,CAAC;oBACrB,MAAM;YACV,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/F,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB,EAAE,SAAkB;QAC1D,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACb,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,MAAmB;QACzC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACnH,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,aAAa;iBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;iBAClC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;YACrD,IAAI,CAAC,GAAG,CACN,cAAc,CAAC,OAAO,CACpB,QAAQ,CAAC,UAAU,CAAC,+BAA+B,EAAE,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAC,CAC/F,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACf,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,KAAmC;QACnE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,KAAK;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;aAClC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACd,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,YAAY;SAC3B,CAAC,CAAC;aACF,IAAI,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,CAAC;YACT,IAAI;YACJ,KAAK,EAAE,wBAAwB;YAC/B,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SAC7B,CAAC,CAAC;IACL,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7D,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD,EAAE,SAAkB;QACtG,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,+BAA+B,CAAE,CAAC;QACpE,KAAK,MAAM,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,MAAM,IAAI,GAAG,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrD,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC;gBACxB,UAAU,EAAE,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC;aAC9C,CAAC,CAAC,CAAC;YACJ,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC;gBACjD,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE;aACpD,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACtF,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAkBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACnC,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,OAAO;YACL,MAAM,EAAE,UAAU,CAAC,UAAU,CAAC;YAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,kBAAkB,EAAE,WAAW,CAAC,eAAe,CAAC,MAAM;QACtD,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAoB;IAC5C,OAAO,OAAO,UAAU,KAAK,QAAQ;QACnC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC;QAC5B,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAClE,CAAC"}
|
|
@@ -10,11 +10,14 @@ export default class OrgUserPermScan extends SfCommand<OrgUserPermScanResult> {
|
|
|
10
10
|
name: import("@oclif/core/interfaces").OptionFlag<string[], import("@oclif/core/interfaces").CustomOptions>;
|
|
11
11
|
'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
|
|
12
12
|
'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
|
|
13
|
+
'deep-scan': import("@oclif/core/interfaces").BooleanFlag<boolean>;
|
|
13
14
|
};
|
|
14
15
|
run(): Promise<OrgUserPermScanResult>;
|
|
15
16
|
private reportProgress;
|
|
17
|
+
private reportWarning;
|
|
16
18
|
private print;
|
|
17
19
|
private printSummary;
|
|
18
20
|
private printPermissionResults;
|
|
21
|
+
private printUserAssignments;
|
|
19
22
|
}
|
|
20
23
|
export declare function isEntityStatus(cls: unknown): cls is EntityScanStatus;
|
|
@@ -22,14 +22,20 @@ export default class OrgUserPermScan extends SfCommand {
|
|
|
22
22
|
required: true,
|
|
23
23
|
}),
|
|
24
24
|
'api-version': Flags.orgApiVersion(),
|
|
25
|
+
'deep-scan': Flags.boolean({
|
|
26
|
+
summary: messages.getMessage('flags.deep-scan.summary'),
|
|
27
|
+
description: messages.getMessage('flags.deep-scan.description'),
|
|
28
|
+
}),
|
|
25
29
|
};
|
|
26
30
|
async run() {
|
|
27
31
|
const { flags } = await this.parse(OrgUserPermScan);
|
|
28
32
|
const scanner = new UserPermissionScanner();
|
|
29
33
|
scanner.on('progress', this.reportProgress);
|
|
34
|
+
scanner.on('permissionNotFound', this.reportWarning);
|
|
30
35
|
const result = await scanner.quickScan({
|
|
31
36
|
targetOrg: flags['target-org'].getConnection(flags['api-version']),
|
|
32
37
|
permissions: flags.name,
|
|
38
|
+
deepScan: flags['deep-scan'],
|
|
33
39
|
});
|
|
34
40
|
this.print(result);
|
|
35
41
|
return result;
|
|
@@ -51,10 +57,14 @@ export default class OrgUserPermScan extends SfCommand {
|
|
|
51
57
|
this.log();
|
|
52
58
|
}
|
|
53
59
|
};
|
|
60
|
+
reportWarning = (event) => {
|
|
61
|
+
this.warn(messages.createWarning('warning.permission-not-found', [event.permissionName]));
|
|
62
|
+
};
|
|
54
63
|
print(result) {
|
|
55
64
|
this.printSummary(result);
|
|
56
65
|
Object.entries(result.permissions).forEach(([permName, permResult]) => {
|
|
57
66
|
this.printPermissionResults(permName, permResult);
|
|
67
|
+
this.printUserAssignments(permName, permResult.users);
|
|
58
68
|
});
|
|
59
69
|
}
|
|
60
70
|
printSummary(result) {
|
|
@@ -64,9 +74,12 @@ export default class OrgUserPermScan extends SfCommand {
|
|
|
64
74
|
permissionName,
|
|
65
75
|
profiles: permResult.profiles.length,
|
|
66
76
|
permissionSets: permResult.permissionSets.length,
|
|
77
|
+
...(permResult.users ? { users: permResult.users.length } : undefined),
|
|
67
78
|
});
|
|
68
79
|
});
|
|
69
|
-
|
|
80
|
+
if (data.length > 0) {
|
|
81
|
+
this.table({ data, title: '=== Summary ===', titleOptions: { bold: true } });
|
|
82
|
+
}
|
|
70
83
|
}
|
|
71
84
|
printPermissionResults(permissionName, result) {
|
|
72
85
|
const data = [];
|
|
@@ -80,6 +93,23 @@ export default class OrgUserPermScan extends SfCommand {
|
|
|
80
93
|
this.table({ data, title: permissionName, titleOptions: { underline: true } });
|
|
81
94
|
}
|
|
82
95
|
}
|
|
96
|
+
printUserAssignments(permName, data) {
|
|
97
|
+
if (!data || data.length === 0) {
|
|
98
|
+
return;
|
|
99
|
+
}
|
|
100
|
+
data.sort((a, b) => {
|
|
101
|
+
const byUser = a.username.localeCompare(b.username);
|
|
102
|
+
if (byUser !== 0) {
|
|
103
|
+
return byUser;
|
|
104
|
+
}
|
|
105
|
+
const byType = b.type.localeCompare(a.type);
|
|
106
|
+
if (byType !== 0) {
|
|
107
|
+
return byType;
|
|
108
|
+
}
|
|
109
|
+
return a.source.localeCompare(b.source);
|
|
110
|
+
});
|
|
111
|
+
this.table({ title: `${permName} (Assignments)`, data });
|
|
112
|
+
}
|
|
83
113
|
}
|
|
84
114
|
export function isEntityStatus(cls) {
|
|
85
115
|
return cls.total !== undefined && cls.resolved !== undefined;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-perms.js","sourceRoot":"","sources":["../../../../src/commands/org/scan/user-perms.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,
|
|
1
|
+
{"version":3,"file":"user-perms.js","sourceRoot":"","sources":["../../../../src/commands/org/scan/user-perms.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,qBAIN,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAIpG,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,SAAgC;IACpE,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oBAAoB,CAAC;YAClD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;YAC1D,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;QACpC,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC;YACzB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yBAAyB,CAAC;YACvD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;SAChE,CAAC;KACH,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,qBAAqB,EAAE,CAAC;QAC5C,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC;YACrC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAClE,WAAW,EAAE,KAAK,CAAC,IAAI;YACvB,QAAQ,EAAE,KAAK,CAAC,WAAW,CAAC;SAC7B,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,cAAc,GAAG,CAAC,KAAsB,EAAQ,EAAE;QACxD,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QACD,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,EAAE;YACzD,IAAI,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,QAAS,IAAI,YAAY,CAAC,KAAM,GAAG,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,gCAAgC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAC1G,CAAC;YACF,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,CAAC;IACH,CAAC,CAAC;IAEM,aAAa,GAAG,CAAC,KAA+B,EAAQ,EAAE;QAChE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,8BAA8B,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;IAC5F,CAAC,CAAC;IAEM,KAAK,CAAC,MAAuB;QACnC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACpE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAClD,IAAI,CAAC,oBAAoB,CAAC,QAAQ,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,MAAuB;QAC1C,MAAM,IAAI,GAAgG,EAAE,CAAC;QAC7G,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1E,IAAI,CAAC,IAAI,CAAC;gBACR,cAAc;gBACd,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,MAAM;gBACpC,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,MAAM;gBAChD,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;aACvE,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAEO,sBAAsB,CAAC,cAAsB,EAAE,MAA4B;QACjF,MAAM,IAAI,GAAgD,EAAE,CAAC;QAC7D,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACrC,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC3C,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,oBAAoB,CAAC,QAAgB,EAAE,IAAmC;QAChF,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACjB,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACpD,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjB,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC5C,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjB,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,OAAO,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,GAAG,QAAQ,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,CAAC;;AAGH,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAwB,CAAC,KAAK,KAAK,SAAS,IAAK,GAAwB,CAAC,QAAQ,KAAK,SAAS,CAAC;AAC3G,CAAC"}
|
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
import { PartialPolicyRuleResult } from '../registry/context.types.js';
|
|
2
|
-
import {
|
|
2
|
+
import { AcceptedRiskStatistics } from '../registry/result.types.js';
|
|
3
|
+
import { Policies } from '../registry/definitions.js';
|
|
4
|
+
import { RiskTree } from './acceptedRisks.types.js';
|
|
3
5
|
/**
|
|
4
6
|
* Post-processing for violations from an audit run. Filters violations
|
|
5
7
|
* where identifier matches one of the documented accept risks pattern
|
|
@@ -7,9 +9,15 @@ import { Policies } from '../registry/shape/auditConfigShape.js';
|
|
|
7
9
|
*/
|
|
8
10
|
export default class AcceptedRisks {
|
|
9
11
|
private readonly config;
|
|
10
|
-
constructor();
|
|
12
|
+
constructor(risks?: RiskTree);
|
|
11
13
|
/**
|
|
12
|
-
*
|
|
14
|
+
* Returns all accepted risks in a flattend lists
|
|
15
|
+
* with usage statistics.
|
|
16
|
+
*/
|
|
17
|
+
getStats(): AcceptedRiskStatistics[];
|
|
18
|
+
/**
|
|
19
|
+
* Scrubs all accepted risks from the violations of a policy result.
|
|
20
|
+
* The "muted" violations are augmented with the documented reason.
|
|
13
21
|
*
|
|
14
22
|
* @param policyName
|
|
15
23
|
* @param ruleResult
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
|
+
import { merge } from '@salesforce/kit';
|
|
2
3
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
3
4
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'acceptedRisks');
|
|
4
5
|
/**
|
|
@@ -8,34 +9,52 @@ const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'ac
|
|
|
8
9
|
*/
|
|
9
10
|
export default class AcceptedRisks {
|
|
10
11
|
config;
|
|
11
|
-
constructor() {
|
|
12
|
+
constructor(risks) {
|
|
12
13
|
this.config = {
|
|
13
14
|
users: {
|
|
14
|
-
NoStandardProfilesOnActiveUsers:
|
|
15
|
-
{
|
|
16
|
-
|
|
17
|
-
|
|
15
|
+
NoStandardProfilesOnActiveUsers: {
|
|
16
|
+
'*': {
|
|
17
|
+
'Sales Insights Integration User': {
|
|
18
|
+
reason: messages.getMessage('user-skipped-cannot-manage'),
|
|
19
|
+
type: 'standard',
|
|
20
|
+
},
|
|
18
21
|
},
|
|
19
|
-
|
|
22
|
+
},
|
|
20
23
|
},
|
|
21
24
|
profiles: {},
|
|
22
25
|
permissionSets: {},
|
|
23
26
|
connectedApps: {},
|
|
24
27
|
settings: {},
|
|
25
28
|
};
|
|
29
|
+
merge(this.config, risks);
|
|
26
30
|
}
|
|
27
31
|
/**
|
|
28
|
-
*
|
|
32
|
+
* Returns all accepted risks in a flattend lists
|
|
33
|
+
* with usage statistics.
|
|
34
|
+
*/
|
|
35
|
+
getStats() {
|
|
36
|
+
const stats = new Array();
|
|
37
|
+
for (const [policy, policyRisks] of Object.entries(this.config)) {
|
|
38
|
+
for (const [rule, ruleRisks] of Object.entries(policyRisks)) {
|
|
39
|
+
const flattenedRuleRisks = flatten(ruleRisks);
|
|
40
|
+
stats.push(...flattenedRuleRisks.map((rr) => ({ ...rr, policy, rule })));
|
|
41
|
+
}
|
|
42
|
+
}
|
|
43
|
+
return stats;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Scrubs all accepted risks from the violations of a policy result.
|
|
47
|
+
* The "muted" violations are augmented with the documented reason.
|
|
29
48
|
*
|
|
30
49
|
* @param policyName
|
|
31
50
|
* @param ruleResult
|
|
32
51
|
*/
|
|
33
52
|
scrub(policyName, ruleResult) {
|
|
34
|
-
const
|
|
35
|
-
if (!
|
|
53
|
+
const risks = this.config[policyName]?.[ruleResult.ruleName];
|
|
54
|
+
if (!risks) {
|
|
36
55
|
return ruleResult;
|
|
37
56
|
}
|
|
38
|
-
const { violations, mutedViolations } = scrubViolations(ruleResult.violations,
|
|
57
|
+
const { violations, mutedViolations } = scrubViolations(ruleResult.violations, risks);
|
|
39
58
|
return {
|
|
40
59
|
...ruleResult,
|
|
41
60
|
violations,
|
|
@@ -43,23 +62,65 @@ export default class AcceptedRisks {
|
|
|
43
62
|
};
|
|
44
63
|
}
|
|
45
64
|
}
|
|
46
|
-
function
|
|
65
|
+
function flatten(node, nodePathToFar = []) {
|
|
66
|
+
if (isLeaf(node)) {
|
|
67
|
+
return [{ matcher: nodePathToFar, appliedCount: node.usageCount ?? 0, type: node.type ?? 'custom' }];
|
|
68
|
+
}
|
|
69
|
+
const flattendChildren = [];
|
|
70
|
+
for (const [key, maybeLeaf] of Object.entries(node)) {
|
|
71
|
+
flattendChildren.push(...flatten(maybeLeaf, [...nodePathToFar, key]));
|
|
72
|
+
}
|
|
73
|
+
return flattendChildren;
|
|
74
|
+
}
|
|
75
|
+
function isLeaf(node) {
|
|
76
|
+
return 'reason' in node;
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Traverses the node path and returns the leaf-node or undefined
|
|
80
|
+
* if no LeafNode exists
|
|
81
|
+
*
|
|
82
|
+
* @param node
|
|
83
|
+
* @param path
|
|
84
|
+
* @returns
|
|
85
|
+
*/
|
|
86
|
+
function traverseRisks(node, ...path) {
|
|
87
|
+
let current = node;
|
|
88
|
+
for (const key of path) {
|
|
89
|
+
if (isLeaf(current)) {
|
|
90
|
+
// iteration is already one key ahead, so when key = lastElement
|
|
91
|
+
// the current is actually from the second-to-last
|
|
92
|
+
return key === path.at(-2) ? current : undefined;
|
|
93
|
+
}
|
|
94
|
+
if (current[key] && typeof current[key] === 'object') {
|
|
95
|
+
current = current[key];
|
|
96
|
+
}
|
|
97
|
+
else if (current['*']) {
|
|
98
|
+
current = current['*'];
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
return current;
|
|
102
|
+
}
|
|
103
|
+
function findLeaf(node, ...path) {
|
|
104
|
+
const maybeLeaf = traverseRisks(node, ...path);
|
|
105
|
+
return maybeLeaf && isLeaf(maybeLeaf) ? maybeLeaf : undefined;
|
|
106
|
+
}
|
|
107
|
+
function scrubViolations(unscrubbed, acceptedRuleRisks) {
|
|
47
108
|
const mutedViolations = [];
|
|
48
|
-
|
|
109
|
+
const violations = [];
|
|
110
|
+
for (const violation of unscrubbed) {
|
|
49
111
|
// can we truly iterate all violations per each risk?
|
|
50
112
|
// this is quadratic runtime (O(n2))
|
|
51
113
|
// need to find a smart algorithm that hashes identifiers and only
|
|
52
114
|
// iterates wildcards - linear runtime is MUST
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
115
|
+
const riskOrNothing = findLeaf(acceptedRuleRisks, ...violation.identifier);
|
|
116
|
+
if (riskOrNothing) {
|
|
117
|
+
riskOrNothing.usageCount = riskOrNothing.usageCount ? ++riskOrNothing.usageCount : 1;
|
|
118
|
+
mutedViolations.push({ ...violation, reason: riskOrNothing.reason });
|
|
119
|
+
}
|
|
120
|
+
else {
|
|
121
|
+
violations.push(violation);
|
|
122
|
+
}
|
|
59
123
|
}
|
|
60
124
|
return { violations, mutedViolations };
|
|
61
125
|
}
|
|
62
|
-
function matches(identifier, identifierMatcher) {
|
|
63
|
-
return identifier.length === 2 && identifier[1] === identifierMatcher[1];
|
|
64
|
-
}
|
|
65
126
|
//# sourceMappingURL=acceptedRisks.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"acceptedRisks.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/accepted-risks/acceptedRisks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"acceptedRisks.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/accepted-risks/acceptedRisks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAMxC,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAO9F;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,aAAa;IACf,MAAM,CAAW;IAElC,YAAmB,KAAgB;QACjC,IAAI,CAAC,MAAM,GAAG;YACZ,KAAK,EAAE;gBACL,+BAA+B,EAAE;oBAC/B,GAAG,EAAE;wBACH,iCAAiC,EAAE;4BACjC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,4BAA4B,CAAC;4BACzD,IAAI,EAAE,UAAU;yBACjB;qBACF;iBACF;aACF;YACD,QAAQ,EAAE,EAAE;YACZ,cAAc,EAAE,EAAE;YAClB,aAAa,EAAE,EAAE;YACjB,QAAQ,EAAE,EAAE;SACb,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACI,QAAQ;QACb,MAAM,KAAK,GAAG,IAAI,KAAK,EAA0B,CAAC;QAClD,KAAK,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAChE,KAAK,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC5D,MAAM,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;gBAC9C,KAAK,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,UAAoB,EAAE,UAAmC;QACpE,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC7D,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,eAAe,CAAC,UAAU,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACtF,OAAO;YACL,GAAG,UAAU;YACb,UAAU;YACV,eAAe;SAChB,CAAC;IACJ,CAAC;CACF;AAED,SAAS,OAAO,CAAC,IAAc,EAAE,gBAA0B,EAAE;IAC3D,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QACjB,OAAO,CAAC,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,IAAI,CAAC,UAAU,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,QAAQ,EAAE,CAAC,CAAC;IACvG,CAAC;IACD,MAAM,gBAAgB,GAAG,EAAE,CAAC;IAC5B,KAAK,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACpD,gBAAgB,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC,GAAG,aAAa,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,SAAS,MAAM,CAAC,IAAc;IAC5B,OAAO,QAAQ,IAAI,IAAI,CAAC;AAC1B,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,IAAc,EAAE,GAAG,IAAc;IACtD,IAAI,OAAO,GAAG,IAAI,CAAC;IACnB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YACpB,gEAAgE;YAChE,kDAAkD;YAClD,OAAO,GAAG,KAAK,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;QACnD,CAAC;QACD,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,OAAO,OAAO,CAAC,GAAG,CAAC,KAAK,QAAQ,EAAE,CAAC;YACrD,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,QAAQ,CAAC,IAAc,EAAE,GAAG,IAAc;IACjD,MAAM,SAAS,GAAG,aAAa,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,CAAC;IAC/C,OAAO,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,eAAe,CAAC,UAAiC,EAAE,iBAA2B;IACrF,MAAM,eAAe,GAA8B,EAAE,CAAC;IACtD,MAAM,UAAU,GAA0B,EAAE,CAAC;IAC7C,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,qDAAqD;QACrD,oCAAoC;QACpC,kEAAkE;QAClE,8CAA8C;QAC9C,MAAM,aAAa,GAAG,QAAQ,CAAC,iBAAiB,EAAE,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;QAC3E,IAAI,aAAa,EAAE,CAAC;YAClB,aAAa,CAAC,UAAU,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YACrF,eAAe,CAAC,IAAI,CAAC,EAAE,GAAG,SAAS,EAAE,MAAM,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC;AACzC,CAAC"}
|
|
@@ -1,7 +1,12 @@
|
|
|
1
|
-
import { Policies } from '../registry/
|
|
2
|
-
export type
|
|
3
|
-
export type
|
|
4
|
-
export type
|
|
5
|
-
|
|
1
|
+
import { Policies } from '../registry/definitions.js';
|
|
2
|
+
export type RiskTree = Partial<Record<Policies, RuleRisks>>;
|
|
3
|
+
export type RuleRisks = Record<string, TreeNode>;
|
|
4
|
+
export type TreeNode = LeafNode | BranchNode;
|
|
5
|
+
export type BranchNode = {
|
|
6
|
+
[nodePath: string]: TreeNode;
|
|
7
|
+
};
|
|
8
|
+
export type LeafNode = {
|
|
6
9
|
reason: string;
|
|
10
|
+
usageCount?: number;
|
|
11
|
+
type?: 'standard';
|
|
7
12
|
};
|