@j-schreiber/sf-cli-security-audit 0.18.0 → 0.18.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/lib/commands/org/audit/run.js +3 -0
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/libs/audit-engine/auditRun.js +2 -0
- package/lib/libs/audit-engine/auditRun.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/connectedApps.js +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.js +4 -0
- package/lib/libs/audit-engine/registry/policies/permissionSets.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/allUsedAppsUnderManagement.js +1 -0
- package/lib/libs/audit-engine/registry/rules/allUsedAppsUnderManagement.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/noUserCanSelfAuthorize.js +3 -1
- package/lib/libs/audit-engine/registry/rules/noUserCanSelfAuthorize.js.map +1 -1
- package/lib/salesforce/index.d.ts +2 -0
- package/lib/salesforce/index.js +2 -0
- package/lib/salesforce/index.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/connected-app.types.d.ts +22 -1
- package/lib/salesforce/repositories/connected-apps/connected-app.types.js +1 -1
- package/lib/salesforce/repositories/connected-apps/connected-app.types.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/connected-apps.d.ts +2 -0
- package/lib/salesforce/repositories/connected-apps/connected-apps.js +81 -23
- package/lib/salesforce/repositories/connected-apps/connected-apps.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.d.ts +20 -0
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js +79 -0
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js.map +1 -0
- package/lib/salesforce/repositories/connected-apps/queries.d.ts +8 -2
- package/lib/salesforce/repositories/connected-apps/queries.js +13 -2
- package/lib/salesforce/repositories/connected-apps/queries.js.map +1 -1
- package/lib/salesforce/repositories/users/queries.d.ts +11 -3
- package/lib/salesforce/repositories/users/queries.js +30 -5
- package/lib/salesforce/repositories/users/queries.js.map +1 -1
- package/lib/salesforce/repositories/users/users.d.ts +5 -4
- package/lib/salesforce/repositories/users/users.js +72 -50
- package/lib/salesforce/repositories/users/users.js.map +1 -1
- package/lib/salesforce/resolve-entity-lifecycle-bus.d.ts +9 -0
- package/lib/salesforce/resolve-entity-lifecycle-bus.js +13 -0
- package/lib/salesforce/resolve-entity-lifecycle-bus.js.map +1 -0
- package/lib/salesforce/utils.d.ts +2 -0
- package/lib/salesforce/utils.js +11 -0
- package/lib/salesforce/utils.js.map +1 -0
- package/lib/utils.js +2 -2
- package/lib/utils.js.map +1 -1
- package/lib/ux/environment.d.ts +15 -0
- package/lib/ux/environment.js +15 -0
- package/lib/ux/environment.js.map +1 -1
- package/messages/metadataretrieve.md +12 -0
- package/messages/rules.connectedApps.md +6 -2
- package/oclif.manifest.json +1 -1
- package/package.json +3 -1
- /package/{LICENSE.md → LICENSE} +0 -0
package/README.md
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<a href="https://github.com/j-schreiber/js-sf-cli-security-audit/blob/main/LICENSE"><img src="https://img.shields.io/badge/License-blue" alt="License"></a>
|
|
6
6
|
</p>
|
|
7
7
|
|
|
8
|
-
A plugin for the sf CLI to
|
|
8
|
+
A plugin for the sf CLI to automate security audits. Run audits on your CI platform in minutes, instead of manually documenting for hours.
|
|
9
9
|
|
|
10
10
|
|
|
11
11
|
|
|
@@ -89,7 +89,7 @@ FLAG DESCRIPTIONS
|
|
|
89
89
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
90
90
|
```
|
|
91
91
|
|
|
92
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.18.
|
|
92
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.18.2/src/commands/org/audit/init.ts)_
|
|
93
93
|
|
|
94
94
|
## `sf org audit run`
|
|
95
95
|
|
|
@@ -134,7 +134,7 @@ FLAG DESCRIPTIONS
|
|
|
134
134
|
never truncated.
|
|
135
135
|
```
|
|
136
136
|
|
|
137
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.18.
|
|
137
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.18.2/src/commands/org/audit/run.ts)_
|
|
138
138
|
|
|
139
139
|
## `sf org scan user-perms`
|
|
140
140
|
|
|
@@ -183,7 +183,7 @@ FLAG DESCRIPTIONS
|
|
|
183
183
|
userPermissions.yml.
|
|
184
184
|
```
|
|
185
185
|
|
|
186
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.18.
|
|
186
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.18.2/src/commands/org/scan/user-perms.ts)_
|
|
187
187
|
|
|
188
188
|
<!-- commandsstop -->
|
|
189
189
|
|
|
@@ -58,6 +58,9 @@ export default class OrgAuditRun extends SfCommand {
|
|
|
58
58
|
break;
|
|
59
59
|
}
|
|
60
60
|
});
|
|
61
|
+
auditRun.on('resolvewarning', (warning) => {
|
|
62
|
+
this.warn(warning.message);
|
|
63
|
+
});
|
|
61
64
|
const result = await auditRun.execute(flags['target-org'].getConnection(flags['api-version']));
|
|
62
65
|
this.printResults(result, flags['verbose']);
|
|
63
66
|
const filePath = this.writeReport(result, flags);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAMvC,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAMvC,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AAIrD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC;YAChE,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;QACpC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC;YACrB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;YACrD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,2BAA2B,CAAC;SAC9D,CAAC;KACH,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QAEpD,QAAQ,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC,WAAgC,EAAE,EAAE;YAC9D,QAAQ,WAAW,CAAC,QAAQ,EAAE,CAAC;gBAC7B,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,YAAY;oBACf,WAAW,CAAC,eAAe,EAAE,CAAC;oBAC9B,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,MAAM,EAAE,CAAC;oBACrB,MAAM;YACV,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,OAAqB,EAAE,EAAE;YACtD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/F,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB,EAAE,SAAkB;QAC1D,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACb,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,MAAmB;QACzC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACnH,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,aAAa;iBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;iBAClC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;YACrD,IAAI,CAAC,GAAG,CACN,cAAc,CAAC,OAAO,CACpB,QAAQ,CAAC,UAAU,CAAC,+BAA+B,EAAE,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAC,CAC/F,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACf,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,KAAmC;QACnE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,KAAK;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;aAClC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACd,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,YAAY;SAC3B,CAAC,CAAC;aACF,IAAI,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,CAAC;YACT,IAAI;YACJ,KAAK,EAAE,wBAAwB;YAC/B,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SAC7B,CAAC,CAAC;IACL,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7D,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD,EAAE,SAAkB;QACtG,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,+BAA+B,CAAE,CAAC;QACpE,KAAK,MAAM,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,MAAM,IAAI,GAAG,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrD,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC;gBACxB,UAAU,EAAE,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC;aAC9C,CAAC,CAAC,CAAC;YACJ,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC;gBACjD,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE;aACpD,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACtF,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAkBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACnC,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,OAAO;YACL,MAAM,EAAE,UAAU,CAAC,UAAU,CAAC;YAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,kBAAkB,EAAE,WAAW,CAAC,eAAe,CAAC,MAAM;QACtD,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAoB;IAC5C,OAAO,OAAO,UAAU,KAAK,QAAQ;QACnC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC;QAC5B,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAClE,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import EventEmitter from 'node:events';
|
|
2
|
+
import { ResolveLifecycle } from '../../salesforce/index.js';
|
|
2
3
|
import { loadPolicy } from './registry/definitions.js';
|
|
3
4
|
import AcceptedRisks from './accepted-risks/acceptedRisks.js';
|
|
4
5
|
/**
|
|
@@ -10,6 +11,7 @@ export default class AuditRun extends EventEmitter {
|
|
|
10
11
|
constructor(config) {
|
|
11
12
|
super();
|
|
12
13
|
this.config = { ...{ classifications: {}, policies: {}, acceptedRisks: {} }, ...config };
|
|
14
|
+
ResolveLifecycle.on('resolvewarning', (warning) => this.emit('resolvewarning', warning));
|
|
13
15
|
}
|
|
14
16
|
getExecutableRulesCount(policyName) {
|
|
15
17
|
if (this.executablePolicies?.[policyName] !== undefined) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/auditRun.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/auditRun.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAG7D,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAEvD,OAAO,aAAa,MAAM,mCAAmC,CAAC;AAkB9D;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,YAAY;IACzC,MAAM,CAAiB;IACtB,kBAAkB,CAAa;IAEvC,YAAmB,MAA+B;QAChD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC;QACzF,gBAAgB,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;IAC3F,CAAC;IAEM,uBAAuB,CAAC,UAAoB;QACjD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,kBAAkB,EAAE,CAAC,MAAM,CAAC;QACzE,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAClC,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,MAAM,WAAW,CAAC,kBAAkB,EAAE,mBAAmB,CAAC,CAAC;QAClF,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG;YACb,KAAK,EAAE,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,KAAK;YACpD,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC;SACjC,CAAC;QACF,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,eAAe;IAEf;;;;OAIG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC;QACjC,CAAC;QACD,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAC9C,MAAM,qBAAqB,GAAiD,EAAE,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC5D,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACK,QAAQ,CAAC,cAAoC;QACnD,MAAM,gBAAgB,GAAe,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YACzE,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC,UAAU,CAAC,CAAC;YACrD,IAAI,MAAM,EAAE,CAAC;gBACX,gBAAgB,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QACD,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,WAAW,CAAC,gBAAgB,CAAC;YAC1C,QAAQ,EAAE,gBAAgB;YAC1B,aAAa,EAAE,WAAW,CAAC,QAAQ,EAAE;SACtC,CAAC;IACJ,CAAC;IAEO,YAAY;QAClB,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,MAAM,MAAM,GAAG,UAAU,CAAC,UAAsB,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/D,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,YAAoD,EAAE,EAAE;oBAC3F,IAAI,CAAC,IAAI,CAAC,iBAAiB,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC;gBAC5E,CAAC,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;YAC5B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,eAAe,CAAC,QAAuB;QAC7C,MAAM,SAAS,GAAwB;YACrC,QAAQ;SACT,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IACtC,CAAC;CACF;AAED,SAAS,WAAW,CAAC,OAAmB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAmB,EAAE,mBAA+B;IAC7E,MAAM,YAAY,GAAuC,EAAE,CAAC;IAC5D,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE;QAC3D,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,WAAW,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QACnC,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -12,7 +12,7 @@ export default class ConnectedAppsPolicy extends Policy {
|
|
|
12
12
|
const resolvedEntities = {};
|
|
13
13
|
const appsRepo = new ConnectedApps(context.targetOrgConnection);
|
|
14
14
|
appsRepo.addListener('entityresolve', (resolveEvt) => this.emit('entityresolve', resolveEvt));
|
|
15
|
-
const apps = await appsRepo.resolve({
|
|
15
|
+
const apps = await appsRepo.resolve({ withTokenUsage: true });
|
|
16
16
|
for (const app of apps.values()) {
|
|
17
17
|
resolvedEntities[app.name] = app;
|
|
18
18
|
}
|
|
@@ -17,6 +17,10 @@ export default class PermissionSetsPolicy extends Policy {
|
|
|
17
17
|
this.totalEntities = Object.keys(this.classifications).length;
|
|
18
18
|
}
|
|
19
19
|
async resolveEntities(context) {
|
|
20
|
+
this.emit('entityresolve', {
|
|
21
|
+
total: this.totalEntities,
|
|
22
|
+
resolved: 0,
|
|
23
|
+
});
|
|
20
24
|
const permsetsRepo = new PermissionSets(context.targetOrgConnection);
|
|
21
25
|
permsetsRepo.addListener('entityresolve', (statusEvt) => this.emit('entityresolve', statusEvt));
|
|
22
26
|
const allPermsets = await permsetsRepo.resolve();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA+B;IAIrD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAD/B,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,cAAc,IAAI,EAAE,CAAC;QAC7F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;IAChE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrE,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;QAChG,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CACjE,CAAC,WAAW,EAAE,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,CAC5D,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7G,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,MAAM,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ;oBACX,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,IAAI;iBAC7C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,IAAI,CAAC,aAAa;SAC7B,CAAC,CAAC;QACH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;IAEO,oBAAoB,CAAC,WAAuC;QAClE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACnD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;iBACnE,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA+B;IAIrD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAD/B,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,cAAc,IAAI,EAAE,CAAC;QAC7F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;IAChE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrE,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;QAChG,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CACjE,CAAC,WAAW,EAAE,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,CAC5D,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7G,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,MAAM,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ;oBACX,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,IAAI;iBAC7C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,IAAI,CAAC,aAAa;SAC7B,CAAC,CAAC;QACH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;IAEO,oBAAoB,CAAC,WAAuC;QAClE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACnD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;iBACnE,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -14,6 +14,7 @@ export default class AllUsedAppsUnderManagement extends PolicyRule {
|
|
|
14
14
|
result.violations.push({
|
|
15
15
|
identifier: [app.name],
|
|
16
16
|
message: messages.getMessage('violations.app-used-but-not-registered', [app.users.length, app.useCount]),
|
|
17
|
+
details: app.users,
|
|
17
18
|
});
|
|
18
19
|
}
|
|
19
20
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"allUsedAppsUnderManagement.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/allUsedAppsUnderManagement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,0BAA2B,SAAQ,UAAwB;IAC9E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBAChC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;oBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wCAAwC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"allUsedAppsUnderManagement.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/allUsedAppsUnderManagement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,0BAA2B,SAAQ,UAAwB;IAC9E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBAChC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;oBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wCAAwC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;oBACxG,OAAO,EAAE,GAAG,CAAC,KAAK;iBACnB,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -20,7 +20,9 @@ export default class NoUserCanSelfAuthorize extends PolicyRule {
|
|
|
20
20
|
else {
|
|
21
21
|
result.violations.push({
|
|
22
22
|
identifier: [app.name],
|
|
23
|
-
message:
|
|
23
|
+
message: app.type === 'Unknown'
|
|
24
|
+
? messages.getMessage('violations.users-can-self-authorize-unknown-app')
|
|
25
|
+
: messages.getMessage('violations.users-can-self-authorize-known-app', [app.type]),
|
|
24
26
|
});
|
|
25
27
|
}
|
|
26
28
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"noUserCanSelfAuthorize.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/noUserCanSelfAuthorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,sBAAuB,SAAQ,UAAwB;IAC1E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC;gBACvC,IAAI,GAAG,CAAC,2BAA2B,EAAE,CAAC;oBACpC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yDAAyD,CAAC;qBACxF,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,
|
|
1
|
+
{"version":3,"file":"noUserCanSelfAuthorize.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/noUserCanSelfAuthorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,sBAAuB,SAAQ,UAAwB;IAC1E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC;gBACvC,IAAI,GAAG,CAAC,2BAA2B,EAAE,CAAC;oBACpC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yDAAyD,CAAC;qBACxF,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,EACL,GAAG,CAAC,IAAI,KAAK,SAAS;4BACpB,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,iDAAiD,CAAC;4BACxE,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,+CAA+C,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;qBACvF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -7,5 +7,7 @@ export type { User, ResolveUsersOptions } from './repositories/users/user.types.
|
|
|
7
7
|
export type { Profile } from './repositories/profiles/profile.types.js';
|
|
8
8
|
export type { ConnectedApp } from './repositories/connected-apps/connected-app.types.js';
|
|
9
9
|
export type { PermissionSet } from './repositories/perm-sets/perm-sets.types.js';
|
|
10
|
+
export { ResolveLifecycle } from './resolve-entity-lifecycle-bus.js';
|
|
11
|
+
export type { MessageEvent } from './resolve-entity-lifecycle-bus.js';
|
|
10
12
|
export { default as MDAPI } from './mdapi/mdapi.js';
|
|
11
13
|
export type { MdapiRegistry } from './mdapi/metadataRegistry.js';
|
package/lib/salesforce/index.js
CHANGED
|
@@ -4,6 +4,8 @@ export { default as Profiles } from './repositories/profiles/profiles.js';
|
|
|
4
4
|
export { default as ConnectedApps } from './repositories/connected-apps/connected-apps.js';
|
|
5
5
|
export { default as PermissionSets } from './repositories/perm-sets/permission-sets.js';
|
|
6
6
|
export { default as OrgDescribe } from './describes/orgDescribe.js';
|
|
7
|
+
// RESOLVE EVENT BUS
|
|
8
|
+
export { ResolveLifecycle } from './resolve-entity-lifecycle-bus.js';
|
|
7
9
|
// MDAPI
|
|
8
10
|
export { default as MDAPI } from './mdapi/mdapi.js';
|
|
9
11
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/salesforce/index.ts"],"names":[],"mappings":"AAAA,QAAQ;AACR,OAAO,EAAE,OAAO,IAAI,KAAK,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,qCAAqC,CAAC;AAC1E,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,iDAAiD,CAAC;AAC3F,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,6CAA6C,CAAC;AACxF,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAQpE,QAAQ;AACR,OAAO,EAAE,OAAO,IAAI,KAAK,EAAE,MAAM,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/salesforce/index.ts"],"names":[],"mappings":"AAAA,QAAQ;AACR,OAAO,EAAE,OAAO,IAAI,KAAK,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,qCAAqC,CAAC;AAC1E,OAAO,EAAE,OAAO,IAAI,aAAa,EAAE,MAAM,iDAAiD,CAAC;AAC3F,OAAO,EAAE,OAAO,IAAI,cAAc,EAAE,MAAM,6CAA6C,CAAC;AACxF,OAAO,EAAE,OAAO,IAAI,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAQpE,oBAAoB;AACpB,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAGrE,QAAQ;AACR,OAAO,EAAE,OAAO,IAAI,KAAK,EAAE,MAAM,kBAAkB,CAAC"}
|
|
@@ -1,28 +1,49 @@
|
|
|
1
1
|
import { Record } from '@jsforce/jsforce-node';
|
|
2
2
|
import z from 'zod';
|
|
3
|
+
type ExtlClntAppDistState = 'Local' | 'Packaged';
|
|
4
|
+
type ExtlClntAppOauthPermittedUsers = 'AllSelfAuthorized' | 'AdminApprovedPreAuthorized';
|
|
3
5
|
export type SfConnectedApp = Record & {
|
|
4
6
|
Id: string;
|
|
5
7
|
Name: string;
|
|
6
8
|
OptionsAllowAdminApprovedUsersOnly: boolean;
|
|
7
9
|
};
|
|
10
|
+
export type SfExternalClientApp = Record & {
|
|
11
|
+
Id: string;
|
|
12
|
+
MasterLabel: string;
|
|
13
|
+
DeveloperName: string;
|
|
14
|
+
DistributionState: ExtlClntAppDistState;
|
|
15
|
+
};
|
|
16
|
+
export type SfExternalAppOauthPolicy = Record & {
|
|
17
|
+
ExternalClientApplicationId: string;
|
|
18
|
+
PermittedUsersPolicyType: ExtlClntAppOauthPermittedUsers;
|
|
19
|
+
};
|
|
8
20
|
export type SfOauthToken = Record & {
|
|
9
21
|
Id: string;
|
|
10
22
|
User: {
|
|
11
23
|
Username: string;
|
|
12
24
|
};
|
|
13
25
|
AppName: string;
|
|
26
|
+
AppMenuItem?: {
|
|
27
|
+
ApplicationId: string;
|
|
28
|
+
};
|
|
14
29
|
UseCount: number;
|
|
15
30
|
};
|
|
31
|
+
export type SfMinimalUser = Record & {
|
|
32
|
+
Id: string;
|
|
33
|
+
};
|
|
16
34
|
export type ConnectedApp = {
|
|
35
|
+
id?: string;
|
|
17
36
|
name: string;
|
|
18
37
|
origin: 'Installed' | 'OauthToken' | 'Owned';
|
|
38
|
+
type: 'ConnectedApp' | 'ExternalClientApp' | 'Unknown';
|
|
19
39
|
onlyAdminApprovedUsersAllowed: boolean;
|
|
20
40
|
overrideByApiSecurityAccess: boolean;
|
|
21
41
|
useCount: number;
|
|
22
42
|
users: string[];
|
|
23
43
|
};
|
|
24
44
|
export declare const ResolveAppsOptionsSchema: z.ZodObject<{
|
|
25
|
-
|
|
45
|
+
withTokenUsage: z.ZodDefault<z.ZodBoolean>;
|
|
26
46
|
withOrgOwned: z.ZodDefault<z.ZodBoolean>;
|
|
27
47
|
}, z.z.core.$strip>;
|
|
28
48
|
export type ResolveAppsOptions = z.infer<typeof ResolveAppsOptionsSchema>;
|
|
49
|
+
export {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"connected-app.types.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/connected-apps/connected-app.types.ts"],"names":[],"mappings":"AACA,OAAO,CAAC,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"connected-app.types.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/connected-apps/connected-app.types.ts"],"names":[],"mappings":"AACA,OAAO,CAAC,MAAM,KAAK,CAAC;AAgDpB,MAAM,CAAC,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC1C,YAAY,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACzC,CAAC,CAAC"}
|
|
@@ -4,6 +4,7 @@ import { ConnectedApp, ResolveAppsOptions } from './connected-app.types.js';
|
|
|
4
4
|
export default class ConnectedApps extends EventEmitter {
|
|
5
5
|
private readonly con;
|
|
6
6
|
private readonly mdapi;
|
|
7
|
+
private readonly oauthTokenRepo;
|
|
7
8
|
constructor(con: Connection);
|
|
8
9
|
/**
|
|
9
10
|
* Resolves all connected apps from the org. Optionally include apps
|
|
@@ -13,4 +14,5 @@ export default class ConnectedApps extends EventEmitter {
|
|
|
13
14
|
* @returns
|
|
14
15
|
*/
|
|
15
16
|
resolve(opts?: Partial<ResolveAppsOptions>): Promise<Map<string, ConnectedApp>>;
|
|
17
|
+
private setOverrideByApiAccess;
|
|
16
18
|
}
|
|
@@ -1,14 +1,17 @@
|
|
|
1
1
|
import EventEmitter from 'node:events';
|
|
2
2
|
import MDAPI from '../../mdapi/mdapi.js';
|
|
3
3
|
import { ResolveAppsOptionsSchema, } from './connected-app.types.js';
|
|
4
|
-
import { CONNECTED_APPS_QUERY,
|
|
4
|
+
import { CONNECTED_APPS_QUERY, EXTERNAL_APPS_OAUTH_POLICY, EXTERNAL_CLIENT_APPS_QUERY } from './queries.js';
|
|
5
|
+
import OAuthTokens from './oauth-tokens.js';
|
|
5
6
|
export default class ConnectedApps extends EventEmitter {
|
|
6
7
|
con;
|
|
7
8
|
mdapi;
|
|
9
|
+
oauthTokenRepo;
|
|
8
10
|
constructor(con) {
|
|
9
11
|
super();
|
|
10
12
|
this.con = con;
|
|
11
13
|
this.mdapi = MDAPI.create(this.con);
|
|
14
|
+
this.oauthTokenRepo = new OAuthTokens(this.con);
|
|
12
15
|
}
|
|
13
16
|
/**
|
|
14
17
|
* Resolves all connected apps from the org. Optionally include apps
|
|
@@ -23,26 +26,19 @@ export default class ConnectedApps extends EventEmitter {
|
|
|
23
26
|
total: 0,
|
|
24
27
|
resolved: 0,
|
|
25
28
|
});
|
|
26
|
-
const installedApps = await this.con
|
|
29
|
+
const installedApps = await fetchAllInstalledApps(this.con);
|
|
30
|
+
const apps = initResolvedApps(installedApps);
|
|
31
|
+
const appIndex = buildMapIdIndex(apps);
|
|
27
32
|
this.emit('entityresolve', {
|
|
28
|
-
total:
|
|
33
|
+
total: apps.size,
|
|
29
34
|
resolved: 0,
|
|
30
35
|
});
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
overrideByApiSecurityAccess: false,
|
|
38
|
-
useCount: 0,
|
|
39
|
-
users: [],
|
|
40
|
-
});
|
|
41
|
-
}
|
|
42
|
-
if (definitiveOpts.withOAuthToken) {
|
|
43
|
-
const usersOAuthToken = await this.con.query(OAUTH_TOKEN_QUERY);
|
|
44
|
-
for (const sfToken of usersOAuthToken.records) {
|
|
45
|
-
const appRef = apps.get(sfToken.AppName);
|
|
36
|
+
if (definitiveOpts.withTokenUsage) {
|
|
37
|
+
const usersOAuthToken = await this.oauthTokenRepo.queryAll();
|
|
38
|
+
for (const sfToken of usersOAuthToken) {
|
|
39
|
+
const appRef = sfToken.AppMenuItem?.ApplicationId && appIndex.get(sfToken.AppMenuItem.ApplicationId)
|
|
40
|
+
? appIndex.get(sfToken.AppMenuItem.ApplicationId)
|
|
41
|
+
: apps.get(sfToken.AppName);
|
|
46
42
|
if (appRef) {
|
|
47
43
|
appRef.useCount += sfToken.UseCount;
|
|
48
44
|
if (!appRef.users.includes(sfToken.User.Username)) {
|
|
@@ -53,6 +49,7 @@ export default class ConnectedApps extends EventEmitter {
|
|
|
53
49
|
apps.set(sfToken.AppName, {
|
|
54
50
|
name: sfToken.AppName,
|
|
55
51
|
origin: 'OauthToken',
|
|
52
|
+
type: 'Unknown',
|
|
56
53
|
onlyAdminApprovedUsersAllowed: false,
|
|
57
54
|
overrideByApiSecurityAccess: false,
|
|
58
55
|
useCount: sfToken.UseCount,
|
|
@@ -65,19 +62,80 @@ export default class ConnectedApps extends EventEmitter {
|
|
|
65
62
|
resolved: 0,
|
|
66
63
|
});
|
|
67
64
|
}
|
|
65
|
+
await this.setOverrideByApiAccess(Array.from(apps.values()));
|
|
66
|
+
this.emit('entityresolve', {
|
|
67
|
+
total: apps.size,
|
|
68
|
+
resolved: apps.size,
|
|
69
|
+
});
|
|
70
|
+
return apps;
|
|
71
|
+
}
|
|
72
|
+
async setOverrideByApiAccess(apps) {
|
|
73
|
+
this.emit('entityresolve', {
|
|
74
|
+
total: apps.length,
|
|
75
|
+
resolved: apps.filter((app) => app.type !== 'ConnectedApp').length,
|
|
76
|
+
});
|
|
68
77
|
let overrideByApiSecurityAccess = false;
|
|
69
78
|
const apiSecurityAccessSetting = await this.mdapi.resolveSingleton('ConnectedAppSettings');
|
|
70
79
|
if (apiSecurityAccessSetting?.enableAdminApprovedAppsOnly) {
|
|
71
80
|
overrideByApiSecurityAccess = true;
|
|
72
81
|
}
|
|
73
|
-
for (const app of apps.
|
|
82
|
+
for (const app of apps.filter((a) => a.type === 'ConnectedApp')) {
|
|
74
83
|
app.overrideByApiSecurityAccess = overrideByApiSecurityAccess;
|
|
75
84
|
}
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
async function fetchAllInstalledApps(con) {
|
|
88
|
+
const resultPromises = [
|
|
89
|
+
con.query(CONNECTED_APPS_QUERY),
|
|
90
|
+
con.query(EXTERNAL_CLIENT_APPS_QUERY),
|
|
91
|
+
con.query(EXTERNAL_APPS_OAUTH_POLICY),
|
|
92
|
+
];
|
|
93
|
+
const results = await Promise.all(resultPromises);
|
|
94
|
+
return {
|
|
95
|
+
connectedApps: results[0].records,
|
|
96
|
+
externalClientApps: results[1].records,
|
|
97
|
+
externalAppOauthPolicies: results[2].records,
|
|
98
|
+
};
|
|
99
|
+
}
|
|
100
|
+
function initResolvedApps(result) {
|
|
101
|
+
const apps = new Map();
|
|
102
|
+
for (const sfrecord of result.connectedApps) {
|
|
103
|
+
apps.set(sfrecord.Name, {
|
|
104
|
+
id: sfrecord.Id,
|
|
105
|
+
name: sfrecord.Name,
|
|
106
|
+
origin: 'Installed',
|
|
107
|
+
type: 'ConnectedApp',
|
|
108
|
+
onlyAdminApprovedUsersAllowed: sfrecord.OptionsAllowAdminApprovedUsersOnly,
|
|
109
|
+
overrideByApiSecurityAccess: false,
|
|
110
|
+
useCount: 0,
|
|
111
|
+
users: [],
|
|
79
112
|
});
|
|
80
|
-
return apps;
|
|
81
113
|
}
|
|
114
|
+
const policies = new Map();
|
|
115
|
+
for (const pol of result.externalAppOauthPolicies) {
|
|
116
|
+
policies.set(pol.ExternalClientApplicationId, pol);
|
|
117
|
+
}
|
|
118
|
+
for (const sfrecord of result.externalClientApps) {
|
|
119
|
+
apps.set(sfrecord.MasterLabel, {
|
|
120
|
+
id: sfrecord.Id,
|
|
121
|
+
name: sfrecord.MasterLabel,
|
|
122
|
+
origin: sfrecord.DistributionState === 'Local' ? 'Owned' : 'Installed',
|
|
123
|
+
type: 'ExternalClientApp',
|
|
124
|
+
onlyAdminApprovedUsersAllowed: policies.get(sfrecord.Id)?.PermittedUsersPolicyType === 'AdminApprovedPreAuthorized',
|
|
125
|
+
overrideByApiSecurityAccess: false,
|
|
126
|
+
useCount: 0,
|
|
127
|
+
users: [],
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
return apps;
|
|
131
|
+
}
|
|
132
|
+
function buildMapIdIndex(apps) {
|
|
133
|
+
const byId = new Map();
|
|
134
|
+
for (const app of apps.values()) {
|
|
135
|
+
if (app.id) {
|
|
136
|
+
byId.set(app.id, app);
|
|
137
|
+
}
|
|
138
|
+
}
|
|
139
|
+
return byId;
|
|
82
140
|
}
|
|
83
141
|
//# sourceMappingURL=connected-apps.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"connected-apps.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/connected-apps/connected-apps.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAEvC,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,EAGL,wBAAwB,
|
|
1
|
+
{"version":3,"file":"connected-apps.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/connected-apps/connected-apps.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAEvC,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,EAGL,wBAAwB,GAIzB,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,oBAAoB,EAAE,0BAA0B,EAAE,0BAA0B,EAAE,MAAM,cAAc,CAAC;AAC5G,OAAO,WAAW,MAAM,mBAAmB,CAAC;AAQ5C,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,YAAY;IAIjB;IAHnB,KAAK,CAAQ;IACb,cAAc,CAAc;IAE7C,YAAoC,GAAe;QACjD,KAAK,EAAE,CAAC;QAD0B,QAAG,GAAH,GAAG,CAAY;QAEjD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,cAAc,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAClD,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,IAAkC;QACrD,MAAM,cAAc,GAAG,wBAAwB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QAClE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC5D,MAAM,IAAI,GAAG,gBAAgB,CAAC,aAAa,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;QACvC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,IAAI;YAChB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,IAAI,cAAc,CAAC,cAAc,EAAE,CAAC;YAClC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,QAAQ,EAAE,CAAC;YAC7D,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;gBACtC,MAAM,MAAM,GACV,OAAO,CAAC,WAAW,EAAE,aAAa,IAAI,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC;oBACnF,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,aAAa,CAAC;oBACjD,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBAChC,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,QAAQ,IAAI,OAAO,CAAC,QAAQ,CAAC;oBACpC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;wBAClD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;oBAC3C,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE;wBACxB,IAAI,EAAE,OAAO,CAAC,OAAO;wBACrB,MAAM,EAAE,YAAY;wBACpB,IAAI,EAAE,SAAS;wBACf,6BAA6B,EAAE,KAAK;wBACpC,2BAA2B,EAAE,KAAK;wBAClC,QAAQ,EAAE,OAAO,CAAC,QAAQ;wBAC1B,KAAK,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;qBAC/B,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;gBACzB,KAAK,EAAE,IAAI,CAAC,IAAI;gBAChB,QAAQ,EAAE,CAAC;aACZ,CAAC,CAAC;QACL,CAAC;QACD,MAAM,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,IAAI;YAChB,QAAQ,EAAE,IAAI,CAAC,IAAI;SACpB,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,sBAAsB,CAAC,IAAoB;QACvD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,MAAM;YAClB,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,cAAc,CAAC,CAAC,MAAM;SACnE,CAAC,CAAC;QACH,IAAI,2BAA2B,GAAG,KAAK,CAAC;QACxC,MAAM,wBAAwB,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;QAC3F,IAAI,wBAAwB,EAAE,2BAA2B,EAAE,CAAC;YAC1D,2BAA2B,GAAG,IAAI,CAAC;QACrC,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,cAAc,CAAC,EAAE,CAAC;YAChE,GAAG,CAAC,2BAA2B,GAAG,2BAA2B,CAAC;QAChE,CAAC;IACH,CAAC;CACF;AAED,KAAK,UAAU,qBAAqB,CAAC,GAAe;IAClD,MAAM,cAAc,GAAG;QACrB,GAAG,CAAC,KAAK,CAAiB,oBAAoB,CAAC;QAC/C,GAAG,CAAC,KAAK,CAAsB,0BAA0B,CAAC;QAC1D,GAAG,CAAC,KAAK,CAA2B,0BAA0B,CAAC;KAChE,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAClD,OAAO;QACL,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,OAA2B;QACrD,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,OAAgC;QAC/D,wBAAwB,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,OAAqC;KAC3E,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAoB;IAC5C,MAAM,IAAI,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC7C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QAC5C,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE;YACtB,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,MAAM,EAAE,WAAW;YACnB,IAAI,EAAE,cAAc;YACpB,6BAA6B,EAAE,QAAQ,CAAC,kCAAkC;YAC1E,2BAA2B,EAAE,KAAK;YAClC,QAAQ,EAAE,CAAC;YACX,KAAK,EAAE,EAAE;SACV,CAAC,CAAC;IACL,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAoC,CAAC;IAC7D,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,wBAAwB,EAAE,CAAC;QAClD,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAC;IACrD,CAAC;IACD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QACjD,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE;YAC7B,EAAE,EAAE,QAAQ,CAAC,EAAE;YACf,IAAI,EAAE,QAAQ,CAAC,WAAW;YAC1B,MAAM,EAAE,QAAQ,CAAC,iBAAiB,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW;YACtE,IAAI,EAAE,mBAAmB;YACzB,6BAA6B,EAC3B,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,wBAAwB,KAAK,4BAA4B;YACtF,2BAA2B,EAAE,KAAK;YAClC,QAAQ,EAAE,CAAC;YACX,KAAK,EAAE,EAAE;SACV,CAAC,CAAC;IACL,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CAAC,IAA+B;IACtD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAwB,CAAC;IAC7C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;QAChC,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC;YACX,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import { EventEmitter } from 'node:events';
|
|
2
|
+
import { Connection } from '@salesforce/core';
|
|
3
|
+
import { SfOauthToken } from './connected-app.types.js';
|
|
4
|
+
type QueryOptions = {
|
|
5
|
+
/** Result size for query when batching starts */
|
|
6
|
+
totalSizeThreshold: number;
|
|
7
|
+
/** Number of user ids that are batched in a retrieve */
|
|
8
|
+
startingBatchSize: number;
|
|
9
|
+
};
|
|
10
|
+
export default class OAuthTokens extends EventEmitter {
|
|
11
|
+
private readonly con;
|
|
12
|
+
private readonly defaultOptions;
|
|
13
|
+
private readonly maxUserCount;
|
|
14
|
+
constructor(con: Connection);
|
|
15
|
+
queryAll(options?: QueryOptions): Promise<SfOauthToken[]>;
|
|
16
|
+
private batchQueryTokens;
|
|
17
|
+
private fetchTokenChunk;
|
|
18
|
+
private fetchUserIds;
|
|
19
|
+
}
|
|
20
|
+
export {};
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
import { EventEmitter } from 'node:events';
|
|
2
|
+
import { Messages } from '@salesforce/core';
|
|
3
|
+
import { ResolveLifecycle } from '../../resolve-entity-lifecycle-bus.js';
|
|
4
|
+
import { envVars } from '../../../ux/environment.js';
|
|
5
|
+
import { chunkArray } from '../../utils.js';
|
|
6
|
+
import { ALL_EXISTING_USER_IDS, COUNT_TOKEN_QUERY, formatCountSoql, formatTokenSoql, OAUTH_TOKEN_QUERY, } from './queries.js';
|
|
7
|
+
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
8
|
+
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'metadataretrieve');
|
|
9
|
+
export default class OAuthTokens extends EventEmitter {
|
|
10
|
+
con;
|
|
11
|
+
defaultOptions = {
|
|
12
|
+
totalSizeThreshold: envVars.resolve('SAE_MAX_OAUTH_TOKEN_THRESHOLD') ?? 2500,
|
|
13
|
+
startingBatchSize: envVars.resolve('SAE_OAUTH_TOKEN_BATCH_SIZE') ?? 256,
|
|
14
|
+
};
|
|
15
|
+
maxUserCount;
|
|
16
|
+
constructor(con) {
|
|
17
|
+
super();
|
|
18
|
+
this.con = con;
|
|
19
|
+
this.maxUserCount = envVars.resolve('SAE_MAX_USERS_LIMIT') ?? 100_000;
|
|
20
|
+
}
|
|
21
|
+
async queryAll(options) {
|
|
22
|
+
const definitiveOptions = { ...this.defaultOptions, ...options };
|
|
23
|
+
const countResult = await this.con.query(COUNT_TOKEN_QUERY);
|
|
24
|
+
let allTokens;
|
|
25
|
+
if (countResult.totalSize > definitiveOptions.totalSizeThreshold) {
|
|
26
|
+
const userIds = await this.fetchUserIds();
|
|
27
|
+
allTokens = await this.batchQueryTokens(userIds, definitiveOptions);
|
|
28
|
+
}
|
|
29
|
+
else {
|
|
30
|
+
const tokenResult = await this.con.query(OAUTH_TOKEN_QUERY, {
|
|
31
|
+
autoFetch: true,
|
|
32
|
+
});
|
|
33
|
+
allTokens = tokenResult.records;
|
|
34
|
+
if (!tokenResult.done) {
|
|
35
|
+
ResolveLifecycle.emitWarn(messages.getMessage('warning.NotAllOauthTokenReturned', [tokenResult.totalSize, tokenResult.records.length]));
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
if (countResult.totalSize > allTokens.length) {
|
|
39
|
+
ResolveLifecycle.emitWarn(messages.getMessage('warning.NotAllOauthTokenReturned', [countResult.totalSize, allTokens.length]));
|
|
40
|
+
}
|
|
41
|
+
return allTokens;
|
|
42
|
+
}
|
|
43
|
+
async batchQueryTokens(allUserIds, options) {
|
|
44
|
+
const userIdChunks = chunkArray(allUserIds, options.startingBatchSize);
|
|
45
|
+
const queryPromises = userIdChunks.map((idChunk) => this.fetchTokenChunk(idChunk, options));
|
|
46
|
+
const results = await Promise.all(queryPromises);
|
|
47
|
+
return results.flat();
|
|
48
|
+
}
|
|
49
|
+
async fetchTokenChunk(userIds, options) {
|
|
50
|
+
const countResult = await this.con.query(formatCountSoql(userIds));
|
|
51
|
+
if (countResult.totalSize > options.totalSizeThreshold && options.startingBatchSize > 1) {
|
|
52
|
+
const reducedChunkSize = Math.floor(options.startingBatchSize / 2);
|
|
53
|
+
const subChunks = chunkArray(userIds, reducedChunkSize);
|
|
54
|
+
const subResultProms = subChunks.map((chunk) => this.fetchTokenChunk(chunk, {
|
|
55
|
+
totalSizeThreshold: options.totalSizeThreshold,
|
|
56
|
+
startingBatchSize: reducedChunkSize,
|
|
57
|
+
}));
|
|
58
|
+
const subResults = await Promise.all(subResultProms);
|
|
59
|
+
return subResults.flat();
|
|
60
|
+
}
|
|
61
|
+
else {
|
|
62
|
+
const direktResult = await this.con.query(formatTokenSoql(userIds), {
|
|
63
|
+
autoFetch: true,
|
|
64
|
+
});
|
|
65
|
+
return direktResult.records;
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
async fetchUserIds() {
|
|
69
|
+
const userResult = await this.con.query(ALL_EXISTING_USER_IDS, {
|
|
70
|
+
autoFetch: true,
|
|
71
|
+
maxFetch: this.maxUserCount,
|
|
72
|
+
});
|
|
73
|
+
if (userResult.totalSize > this.maxUserCount) {
|
|
74
|
+
ResolveLifecycle.emitWarn(messages.getMessage('warning.TooManyUsersIncreaseLimit', [userResult.totalSize, this.maxUserCount]));
|
|
75
|
+
}
|
|
76
|
+
return userResult.records.map((userRecord) => userRecord.Id);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
//# sourceMappingURL=oauth-tokens.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oauth-tokens.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/connected-apps/oauth-tokens.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAc,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,iBAAiB,GAClB,MAAM,cAAc,CAAC;AAEtB,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AASjG,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,YAAY;IAOf;IANnB,cAAc,GAAiB;QAC9C,kBAAkB,EAAE,OAAO,CAAC,OAAO,CAAC,+BAA+B,CAAC,IAAI,IAAI;QAC5E,iBAAiB,EAAE,OAAO,CAAC,OAAO,CAAC,4BAA4B,CAAC,IAAI,GAAG;KACxE,CAAC;IACe,YAAY,CAAC;IAE9B,YAAoC,GAAe;QACjD,KAAK,EAAE,CAAC;QAD0B,QAAG,GAAH,GAAG,CAAY;QAEjD,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC;IACxE,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,OAAsB;QAC1C,MAAM,iBAAiB,GAAG,EAAE,GAAG,IAAI,CAAC,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;QACjE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC5D,IAAI,SAAyB,CAAC;QAC9B,IAAI,WAAW,CAAC,SAAS,GAAG,iBAAiB,CAAC,kBAAkB,EAAE,CAAC;YACjE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1C,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACtE,CAAC;aAAM,CAAC;YACN,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAe,iBAAiB,EAAE;gBACxE,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YACH,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC;YAChC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC;gBACtB,gBAAgB,CAAC,QAAQ,CACvB,QAAQ,CAAC,UAAU,CAAC,kCAAkC,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAC7G,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,WAAW,CAAC,SAAS,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;YAC7C,gBAAgB,CAAC,QAAQ,CACvB,QAAQ,CAAC,UAAU,CAAC,kCAAkC,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CACnG,CAAC;QACJ,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,UAAoB,EAAE,OAAqB;QACxE,MAAM,YAAY,GAAG,UAAU,CAAC,UAAU,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;QACvE,MAAM,aAAa,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAC5F,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACjD,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,OAAiB,EAAE,OAAqB;QACpE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC;QACnE,IAAI,WAAW,CAAC,SAAS,GAAG,OAAO,CAAC,kBAAkB,IAAI,OAAO,CAAC,iBAAiB,GAAG,CAAC,EAAE,CAAC;YACxF,MAAM,gBAAgB,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC;YACnE,MAAM,SAAS,GAAG,UAAU,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;YACxD,MAAM,cAAc,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAC7C,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE;gBAC1B,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;gBAC9C,iBAAiB,EAAE,gBAAgB;aACpC,CAAC,CACH,CAAC;YACF,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACrD,OAAO,UAAU,CAAC,IAAI,EAAE,CAAC;QAC3B,CAAC;aAAM,CAAC;YACN,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAe,eAAe,CAAC,OAAO,CAAC,EAAE;gBAChF,SAAS,EAAE,IAAI;aAChB,CAAC,CAAC;YACH,OAAO,YAAY,CAAC,OAAO,CAAC;QAC9B,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,CAAgB,qBAAqB,EAAE;YAC5E,SAAS,EAAE,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,YAAY;SAC5B,CAAC,CAAC;QACH,IAAI,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YAC7C,gBAAgB,CAAC,QAAQ,CACvB,QAAQ,CAAC,UAAU,CAAC,mCAAmC,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,CACpG,CAAC;QACJ,CAAC;QACD,OAAO,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC/D,CAAC;CACF"}
|
|
@@ -1,2 +1,8 @@
|
|
|
1
|
-
export declare const CONNECTED_APPS_QUERY = "SELECT Name,OptionsAllowAdminApprovedUsersOnly FROM ConnectedApplication";
|
|
2
|
-
export declare const
|
|
1
|
+
export declare const CONNECTED_APPS_QUERY = "SELECT Id,Name,OptionsAllowAdminApprovedUsersOnly FROM ConnectedApplication";
|
|
2
|
+
export declare const ALL_EXISTING_USER_IDS = "SELECT Id FROM User";
|
|
3
|
+
export declare const EXTERNAL_CLIENT_APPS_QUERY = "SELECT Id,MasterLabel,DeveloperName,DistributionState FROM ExternalClientApplication";
|
|
4
|
+
export declare const EXTERNAL_APPS_OAUTH_POLICY = "SELECT ExternalClientApplicationId,PermittedUsersPolicyType FROM ExtlClntAppOauthPlcyCnfg";
|
|
5
|
+
export declare const OAUTH_TOKEN_QUERY = "SELECT User.Username,UseCount,AppName,AppMenuItem.ApplicationId FROM OauthToken";
|
|
6
|
+
export declare const COUNT_TOKEN_QUERY = "SELECT COUNT() FROM OauthToken";
|
|
7
|
+
export declare function formatCountSoql(userIds: string[]): string;
|
|
8
|
+
export declare function formatTokenSoql(userIds: string[]): string;
|
|
@@ -1,3 +1,14 @@
|
|
|
1
|
-
|
|
2
|
-
export const
|
|
1
|
+
import { joinToSoqlIN } from '../../utils.js';
|
|
2
|
+
export const CONNECTED_APPS_QUERY = 'SELECT Id,Name,OptionsAllowAdminApprovedUsersOnly FROM ConnectedApplication';
|
|
3
|
+
export const ALL_EXISTING_USER_IDS = 'SELECT Id FROM User';
|
|
4
|
+
export const EXTERNAL_CLIENT_APPS_QUERY = 'SELECT Id,MasterLabel,DeveloperName,DistributionState FROM ExternalClientApplication';
|
|
5
|
+
export const EXTERNAL_APPS_OAUTH_POLICY = 'SELECT ExternalClientApplicationId,PermittedUsersPolicyType FROM ExtlClntAppOauthPlcyCnfg';
|
|
6
|
+
export const OAUTH_TOKEN_QUERY = 'SELECT User.Username,UseCount,AppName,AppMenuItem.ApplicationId FROM OauthToken';
|
|
7
|
+
export const COUNT_TOKEN_QUERY = 'SELECT COUNT() FROM OauthToken';
|
|
8
|
+
export function formatCountSoql(userIds) {
|
|
9
|
+
return `${COUNT_TOKEN_QUERY} WHERE UserId IN (${joinToSoqlIN(userIds)})`;
|
|
10
|
+
}
|
|
11
|
+
export function formatTokenSoql(userIds) {
|
|
12
|
+
return `${OAUTH_TOKEN_QUERY} WHERE UserId IN (${joinToSoqlIN(userIds)})`;
|
|
13
|
+
}
|
|
3
14
|
//# sourceMappingURL=queries.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/connected-apps/queries.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,oBAAoB,GAAG,
|
|
1
|
+
{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/connected-apps/queries.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,MAAM,CAAC,MAAM,oBAAoB,GAAG,6EAA6E,CAAC;AAClH,MAAM,CAAC,MAAM,qBAAqB,GAAG,qBAAqB,CAAC;AAC3D,MAAM,CAAC,MAAM,0BAA0B,GACrC,sFAAsF,CAAC;AACzF,MAAM,CAAC,MAAM,0BAA0B,GACrC,2FAA2F,CAAC;AAC9F,MAAM,CAAC,MAAM,iBAAiB,GAAG,iFAAiF,CAAC;AACnH,MAAM,CAAC,MAAM,iBAAiB,GAAG,gCAAgC,CAAC;AAElE,MAAM,UAAU,eAAe,CAAC,OAAiB;IAC/C,OAAO,GAAG,iBAAiB,qBAAqB,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC;AAC3E,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,OAAiB;IAC/C,OAAO,GAAG,iBAAiB,qBAAqB,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC;AAC3E,CAAC"}
|
|
@@ -1,4 +1,12 @@
|
|
|
1
|
-
export declare const
|
|
2
|
-
export declare const ALL_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate,IsActive FROM User WHERE UserType IN ('Standard') LIMIT 2000";
|
|
1
|
+
export declare const USERS_QUERY: string;
|
|
3
2
|
export declare const buildPermsetAssignmentsQuery: (userIds: string[]) => string;
|
|
4
|
-
|
|
3
|
+
/**
|
|
4
|
+
* Builds aggregate query for login history. Query is expected to
|
|
5
|
+
* throw an exception, if too many rows are returned. The chunking
|
|
6
|
+
* logic depends on this exception, so LIMIT in query would BREAK this.
|
|
7
|
+
*
|
|
8
|
+
* @param userIds
|
|
9
|
+
* @param daysToAnalayse
|
|
10
|
+
* @returns
|
|
11
|
+
*/
|
|
12
|
+
export declare const buildScopedLoginHistoryQuery: (userIds: string[], daysToAnalayse?: number) => string;
|
|
@@ -1,10 +1,35 @@
|
|
|
1
|
-
|
|
2
|
-
export const
|
|
1
|
+
import { joinToSoqlIN } from '../../utils.js';
|
|
2
|
+
export const USERS_QUERY = buildUsersQuery();
|
|
3
3
|
// DYNAMIC QUERIES
|
|
4
4
|
export const buildPermsetAssignmentsQuery = (userIds) => `${USERS_PERMSET_ASSIGNMENTS_QUERY} AND AssigneeId IN (${userIds.map((userId) => `'${userId}'`).join(',')})`;
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
5
|
+
/**
|
|
6
|
+
* Builds aggregate query for login history. Query is expected to
|
|
7
|
+
* throw an exception, if too many rows are returned. The chunking
|
|
8
|
+
* logic depends on this exception, so LIMIT in query would BREAK this.
|
|
9
|
+
*
|
|
10
|
+
* @param userIds
|
|
11
|
+
* @param daysToAnalayse
|
|
12
|
+
* @returns
|
|
13
|
+
*/
|
|
14
|
+
export const buildScopedLoginHistoryQuery = (userIds, daysToAnalayse) => {
|
|
15
|
+
const groupBy = 'LoginType,Application,UserId';
|
|
16
|
+
const where = daysToAnalayse
|
|
17
|
+
? `UserId IN (${joinToSoqlIN(userIds)}) AND LoginTime >= LAST_N_DAYS:${daysToAnalayse}`
|
|
18
|
+
: `UserId IN (${joinToSoqlIN(userIds)})`;
|
|
19
|
+
return `${USERS_LOGIN_HISTORY_QUERY} WHERE ${where} GROUP BY ${groupBy}`;
|
|
20
|
+
};
|
|
21
|
+
function buildUsersQuery() {
|
|
22
|
+
const fieldLiterals = [
|
|
23
|
+
'Id',
|
|
24
|
+
'Username',
|
|
25
|
+
'Profile.Name',
|
|
26
|
+
'CreatedDate',
|
|
27
|
+
'LastLoginDate',
|
|
28
|
+
'IsActive',
|
|
29
|
+
'(SELECT PermissionSet.Name FROM PermissionSetAssignments WHERE PermissionSet.IsOwnedByProfile = FALSE AND PermissionSet.NamespacePrefix = NULL)',
|
|
30
|
+
];
|
|
31
|
+
return `SELECT ${fieldLiterals.join(',')} FROM User WHERE UserType IN ('Standard')`;
|
|
32
|
+
}
|
|
8
33
|
// BASE QUERIES
|
|
9
34
|
const USERS_LOGIN_HISTORY_QUERY = 'SELECT LoginType,Application,UserId,COUNT(Id)LoginCount,MAX(LoginTime)LastLogin FROM LoginHistory';
|
|
10
35
|
const USERS_PERMSET_ASSIGNMENTS_QUERY = 'SELECT AssigneeId,PermissionSet.Name FROM PermissionSetAssignment WHERE PermissionSet.IsOwnedByProfile = FALSE AND PermissionSet.NamespacePrefix = NULL';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/queries.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/queries.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAE9C,MAAM,CAAC,MAAM,WAAW,GAAG,eAAe,EAAE,CAAC;AAE7C,kBAAkB;AAClB,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,OAAiB,EAAU,EAAE,CACxE,GAAG,+BAA+B,uBAAuB,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAE/G;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,OAAiB,EAAE,cAAuB,EAAU,EAAE;IACjG,MAAM,OAAO,GAAG,8BAA8B,CAAC;IAC/C,MAAM,KAAK,GAAG,cAAc;QAC1B,CAAC,CAAC,cAAc,YAAY,CAAC,OAAO,CAAC,kCAAkC,cAAc,EAAE;QACvF,CAAC,CAAC,cAAc,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC;IAC3C,OAAO,GAAG,yBAAyB,UAAU,KAAK,aAAa,OAAO,EAAE,CAAC;AAC3E,CAAC,CAAC;AAEF,SAAS,eAAe;IACtB,MAAM,aAAa,GAAG;QACpB,IAAI;QACJ,UAAU;QACV,cAAc;QACd,aAAa;QACb,eAAe;QACf,UAAU;QACV,iJAAiJ;KAClJ,CAAC;IACF,OAAO,UAAU,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,2CAA2C,CAAC;AACtF,CAAC;AAED,eAAe;AACf,MAAM,yBAAyB,GAC7B,mGAAmG,CAAC;AACtG,MAAM,+BAA+B,GACnC,yJAAyJ,CAAC"}
|
|
@@ -3,6 +3,8 @@ import { ResolveUsersOptions, User } from './user.types.js';
|
|
|
3
3
|
export default class Users {
|
|
4
4
|
private readonly connection;
|
|
5
5
|
private readonly mdapiRepo;
|
|
6
|
+
private readonly usersMaxFetch;
|
|
7
|
+
private readonly startingBatchSize;
|
|
6
8
|
constructor(connection: Connection);
|
|
7
9
|
/**
|
|
8
10
|
* Resolve all users from the target connection. Options controls
|
|
@@ -12,11 +14,10 @@ export default class Users {
|
|
|
12
14
|
* @returns
|
|
13
15
|
*/
|
|
14
16
|
resolve(opts?: Partial<ResolveUsersOptions>): Promise<Map<string, User>>;
|
|
17
|
+
private fetchUsers;
|
|
15
18
|
private resolveLogins;
|
|
16
|
-
private
|
|
17
|
-
private
|
|
18
|
-
private resolvePermSetAssignments;
|
|
19
|
+
private fetchLoginAggregates;
|
|
20
|
+
private fetchLoginAggregateChunks;
|
|
19
21
|
private resolveProfiles;
|
|
20
22
|
private resolvePermissionSets;
|
|
21
|
-
private fetchAssignments;
|
|
22
23
|
}
|
|
@@ -1,13 +1,22 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { Messages } from '@salesforce/core';
|
|
2
2
|
import MDAPI from '../../mdapi/mdapi.js';
|
|
3
|
-
import {
|
|
4
|
-
import {
|
|
3
|
+
import { envVars } from '../../../ux/environment.js';
|
|
4
|
+
import { ResolveLifecycle } from '../../resolve-entity-lifecycle-bus.js';
|
|
5
|
+
import { chunkArray } from '../../utils.js';
|
|
6
|
+
import { ResolveUsersOptionsSchema } from './user.types.js';
|
|
7
|
+
import { buildScopedLoginHistoryQuery, USERS_QUERY } from './queries.js';
|
|
8
|
+
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
9
|
+
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'metadataretrieve');
|
|
5
10
|
export default class Users {
|
|
6
11
|
connection;
|
|
7
12
|
mdapiRepo;
|
|
13
|
+
usersMaxFetch;
|
|
14
|
+
startingBatchSize;
|
|
8
15
|
constructor(connection) {
|
|
9
16
|
this.connection = connection;
|
|
10
17
|
this.mdapiRepo = MDAPI.create(this.connection);
|
|
18
|
+
this.usersMaxFetch = envVars.resolve('SAE_MAX_USERS_LIMIT') ?? 100_000;
|
|
19
|
+
this.startingBatchSize = 256;
|
|
11
20
|
}
|
|
12
21
|
/**
|
|
13
22
|
* Resolve all users from the target connection. Options controls
|
|
@@ -19,10 +28,8 @@ export default class Users {
|
|
|
19
28
|
async resolve(opts) {
|
|
20
29
|
const definitiveOpts = ResolveUsersOptionsSchema.parse(opts ?? {});
|
|
21
30
|
const result = new Map();
|
|
22
|
-
const usersOnOrg = definitiveOpts
|
|
23
|
-
|
|
24
|
-
: await this.connection.query(ACTIVE_USERS_DETAILS_QUERY);
|
|
25
|
-
for (const user of usersOnOrg.records) {
|
|
31
|
+
const usersOnOrg = await this.fetchUsers(definitiveOpts);
|
|
32
|
+
for (const user of usersOnOrg) {
|
|
26
33
|
const usr = {
|
|
27
34
|
userId: user.Id,
|
|
28
35
|
username: user.Username,
|
|
@@ -31,19 +38,43 @@ export default class Users {
|
|
|
31
38
|
createdDate: Date.parse(user.CreatedDate),
|
|
32
39
|
profileName: user.Profile.Name,
|
|
33
40
|
};
|
|
41
|
+
if (definitiveOpts.withPermissions && user.PermissionSetAssignments) {
|
|
42
|
+
usr.assignments = user.PermissionSetAssignments.records.map((assignment) => ({
|
|
43
|
+
permissionSetIdentifier: assignment.PermissionSet.Name,
|
|
44
|
+
permissionSetSource: assignment.PermissionSetGroupId ? 'group' : 'direct',
|
|
45
|
+
...(assignment.PermissionSetGroup?.DeveloperName && {
|
|
46
|
+
groupName: assignment.PermissionSetGroup?.DeveloperName,
|
|
47
|
+
}),
|
|
48
|
+
}));
|
|
49
|
+
}
|
|
50
|
+
else if (definitiveOpts.withPermissions) {
|
|
51
|
+
usr.assignments = [];
|
|
52
|
+
}
|
|
34
53
|
result.set(user.Username, usr);
|
|
35
54
|
}
|
|
36
55
|
if (definitiveOpts.withLoginHistory) {
|
|
37
56
|
await this.resolveLogins(result, definitiveOpts.loginHistoryDaysToAnalyse);
|
|
38
57
|
}
|
|
39
|
-
if (definitiveOpts.
|
|
40
|
-
await this.
|
|
58
|
+
if (definitiveOpts.withPermissionsMetadata) {
|
|
59
|
+
await this.resolveProfiles(result);
|
|
60
|
+
await this.resolvePermissionSets(result);
|
|
41
61
|
}
|
|
42
62
|
return result;
|
|
43
63
|
}
|
|
44
64
|
// PRIVATE ZONE
|
|
65
|
+
async fetchUsers(opts) {
|
|
66
|
+
const usersOnOrg = await this.connection.query(USERS_QUERY, {
|
|
67
|
+
autoFetch: true,
|
|
68
|
+
maxFetch: this.usersMaxFetch,
|
|
69
|
+
});
|
|
70
|
+
if (usersOnOrg.totalSize > this.usersMaxFetch) {
|
|
71
|
+
ResolveLifecycle.emitWarn(messages.getMessage('warning.TooManyActiveUsersIncreaseLimit', [usersOnOrg.totalSize, this.usersMaxFetch]));
|
|
72
|
+
}
|
|
73
|
+
return usersOnOrg.records.filter((user) => (opts.includeInactive ? true : user.IsActive));
|
|
74
|
+
}
|
|
45
75
|
async resolveLogins(users, daysToAnalyse) {
|
|
46
|
-
const
|
|
76
|
+
const loginAggregates = await this.fetchLoginAggregates(Array.from(users.values()).map((user) => user.userId), daysToAnalyse);
|
|
77
|
+
const userLogins = indexLoginData(loginAggregates.flat());
|
|
47
78
|
for (const user of users.values()) {
|
|
48
79
|
if (userLogins.has(user.userId)) {
|
|
49
80
|
user.logins = userLogins.get(user.userId);
|
|
@@ -53,35 +84,28 @@ export default class Users {
|
|
|
53
84
|
}
|
|
54
85
|
}
|
|
55
86
|
}
|
|
56
|
-
async
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
await this.resolveProfiles(users);
|
|
60
|
-
await this.resolvePermissionSets(users);
|
|
87
|
+
async fetchLoginAggregates(userIds, daysToAnalyse) {
|
|
88
|
+
try {
|
|
89
|
+
return await this.fetchLoginAggregateChunks(userIds, this.startingBatchSize, daysToAnalyse);
|
|
61
90
|
}
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
91
|
+
catch (error) {
|
|
92
|
+
if (typeof error === 'object' && error != null && 'errorCode' in error) {
|
|
93
|
+
// only split if it's aggregate queryMore() problem and we can still drill down
|
|
94
|
+
if (error.errorCode === 'EXCEEDED_ID_LIMIT' && userIds.length >= 2) {
|
|
95
|
+
// note for future me: This will fail, if a single user exists that has more than 2000 rows
|
|
96
|
+
// in this aggregate query. This would require more than 2000 combinations of "LoginType"
|
|
97
|
+
// and "Application" - time will tell if we need to add a dynamic LIMIT 2000 here with resolve warning.
|
|
98
|
+
return await this.fetchLoginAggregateChunks(userIds, Math.floor(userIds.length / 2), daysToAnalyse);
|
|
99
|
+
}
|
|
69
100
|
}
|
|
70
|
-
|
|
71
|
-
loginType: loginHistoryRow.LoginType,
|
|
72
|
-
loginCount: loginHistoryRow.LoginCount,
|
|
73
|
-
application: loginHistoryRow.Application,
|
|
74
|
-
lastLogin: Date.parse(loginHistoryRow.LastLogin),
|
|
75
|
-
});
|
|
101
|
+
throw error;
|
|
76
102
|
}
|
|
77
|
-
return partialUsers;
|
|
78
103
|
}
|
|
79
|
-
async
|
|
80
|
-
const
|
|
81
|
-
const
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
}
|
|
104
|
+
async fetchLoginAggregateChunks(userIds, chunkSize, daysToAnalyse) {
|
|
105
|
+
const initialIdChunks = chunkArray(userIds, chunkSize);
|
|
106
|
+
const loginAggregateProms = initialIdChunks.map((idChunk) => this.connection.query(buildScopedLoginHistoryQuery(idChunk, daysToAnalyse)));
|
|
107
|
+
const loginAggregates = await Promise.all(loginAggregateProms);
|
|
108
|
+
return loginAggregates.map((queryResult) => queryResult.records).flat();
|
|
85
109
|
}
|
|
86
110
|
async resolveProfiles(users) {
|
|
87
111
|
const profiles = await this.mdapiRepo.resolve('Profile', uniqueProfileNames(users.values()));
|
|
@@ -98,23 +122,21 @@ export default class Users {
|
|
|
98
122
|
}
|
|
99
123
|
}
|
|
100
124
|
}
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
}
|
|
108
|
-
assignments.get(assignment.AssigneeId).push({
|
|
109
|
-
permissionSetIdentifier: assignment.PermissionSet.Name,
|
|
110
|
-
permissionSetSource: assignment.PermissionSetGroupId ? 'group' : 'direct',
|
|
111
|
-
...(assignment.PermissionSetGroup?.DeveloperName && {
|
|
112
|
-
groupName: assignment.PermissionSetGroup?.DeveloperName,
|
|
113
|
-
}),
|
|
114
|
-
});
|
|
125
|
+
}
|
|
126
|
+
function indexLoginData(rawLogins) {
|
|
127
|
+
const loginData = new Map();
|
|
128
|
+
for (const loginHistoryRow of rawLogins) {
|
|
129
|
+
if (!loginData.has(loginHistoryRow.UserId)) {
|
|
130
|
+
loginData.set(loginHistoryRow.UserId, []);
|
|
115
131
|
}
|
|
116
|
-
|
|
132
|
+
loginData.get(loginHistoryRow.UserId).push({
|
|
133
|
+
loginType: loginHistoryRow.LoginType,
|
|
134
|
+
loginCount: loginHistoryRow.LoginCount,
|
|
135
|
+
application: loginHistoryRow.Application,
|
|
136
|
+
lastLogin: Date.parse(loginHistoryRow.LastLogin),
|
|
137
|
+
});
|
|
117
138
|
}
|
|
139
|
+
return loginData;
|
|
118
140
|
}
|
|
119
141
|
function uniquePermissionSetNames(users) {
|
|
120
142
|
const permSetNames = new Set();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/users.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AACrD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAuB,yBAAyB,EAAoB,MAAM,iBAAiB,CAAC;AACnG,OAAO,EAAE,4BAA4B,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAEzE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,KAAK;IAKY;IAJnB,SAAS,CAAQ;IACjB,aAAa,CAAC;IACd,iBAAiB,CAAC;IAEnC,YAAoC,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QACxD,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/C,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,qBAAqB,CAAC,IAAI,OAAO,CAAC;QACvE,IAAI,CAAC,iBAAiB,GAAG,GAAG,CAAC;IAC/B,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,IAAmC;QACtD,MAAM,cAAc,GAAG,yBAAyB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACnE,MAAM,MAAM,GAAsB,IAAI,GAAG,EAAgB,CAAC;QAC1D,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;QACzD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,MAAM,GAAG,GAAS;gBAChB,MAAM,EAAE,IAAI,CAAC,EAAG;gBAChB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAChC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;gBACzC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;aAC/B,CAAC;YACF,IAAI,cAAc,CAAC,eAAe,IAAI,IAAI,CAAC,wBAAwB,EAAE,CAAC;gBACpE,GAAG,CAAC,WAAW,GAAG,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;oBAC3E,uBAAuB,EAAE,UAAU,CAAC,aAAa,CAAC,IAAI;oBACtD,mBAAmB,EAAE,UAAU,CAAC,oBAAoB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ;oBACzE,GAAG,CAAC,UAAU,CAAC,kBAAkB,EAAE,aAAa,IAAI;wBAClD,SAAS,EAAE,UAAU,CAAC,kBAAkB,EAAE,aAAa;qBACxD,CAAC;iBACH,CAAC,CAAC,CAAC;YACN,CAAC;iBAAM,IAAI,cAAc,CAAC,eAAe,EAAE,CAAC;gBAC1C,GAAG,CAAC,WAAW,GAAG,EAAE,CAAC;YACvB,CAAC;YACD,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC;QACD,IAAI,cAAc,CAAC,gBAAgB,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,yBAAyB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,cAAc,CAAC,uBAAuB,EAAE,CAAC;YAC3C,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YACnC,MAAM,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sBAAsB;IAEd,KAAK,CAAC,UAAU,CAAC,IAAyB;QAChD,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAS,WAAW,EAAE;YAClE,SAAS,EAAE,IAAI;YACf,QAAQ,EAAE,IAAI,CAAC,aAAa;SAC7B,CAAC,CAAC;QACH,IAAI,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;YAC9C,gBAAgB,CAAC,QAAQ,CACvB,QAAQ,CAAC,UAAU,CAAC,yCAAyC,EAAE,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAC3G,CAAC;QACJ,CAAC;QACD,OAAO,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC5F,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,KAAwB,EAAE,aAAsB;QAC1E,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,oBAAoB,CACrD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,EACrD,aAAa,CACd,CAAC;QACF,MAAM,UAAU,GAAG,cAAc,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAAC,OAAiB,EAAE,aAAsB;QAC1E,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,yBAAyB,CAAC,OAAO,EAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;QAC9F,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,IAAI,IAAI,WAAW,IAAI,KAAK,EAAE,CAAC;gBACvE,+EAA+E;gBAC/E,IAAI,KAAK,CAAC,SAAS,KAAK,mBAAmB,IAAI,OAAO,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;oBACnE,2FAA2F;oBAC3F,yFAAyF;oBACzF,uGAAuG;oBACvG,OAAO,MAAM,IAAI,CAAC,yBAAyB,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;gBACtG,CAAC;YACH,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,yBAAyB,CACrC,OAAiB,EACjB,SAAiB,EACjB,aAAsB;QAEtB,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QACvD,MAAM,mBAAmB,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAC1D,IAAI,CAAC,UAAU,CAAC,KAAK,CAAwB,4BAA4B,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC,CACnG,CAAC;QACF,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAC/D,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;IAC1E,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,KAAwB;QACpD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7F,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,KAAwB;QAC1D,MAAM,YAAY,GAAG,wBAAwB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAC7E,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,WAAY,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,SAAS,cAAc,CAAC,SAAkC;IACxD,MAAM,SAAS,GAAG,IAAI,GAAG,EAAwB,CAAC;IAClD,KAAK,MAAM,eAAe,IAAI,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3C,SAAS,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAC5C,CAAC;QACD,SAAS,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC;YAC1C,SAAS,EAAE,eAAe,CAAC,SAAS;YACpC,UAAU,EAAE,eAAe,CAAC,UAAU;YACtC,WAAW,EAAE,eAAe,CAAC,WAAW;YACxC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC;SACjD,CAAC,CAAC;IACL,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAqB;IACrD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;gBAClC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAqB;IAC/C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AACpC,CAAC"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import { EventEmitter } from 'node:events';
|
|
2
|
+
export type MessageEvent = {
|
|
3
|
+
message: string;
|
|
4
|
+
};
|
|
5
|
+
export default class ResolveEntityLifecycle extends EventEmitter {
|
|
6
|
+
constructor();
|
|
7
|
+
emitWarn(message: string): void;
|
|
8
|
+
}
|
|
9
|
+
export declare const ResolveLifecycle: ResolveEntityLifecycle;
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { EventEmitter } from 'node:events';
|
|
2
|
+
export default class ResolveEntityLifecycle extends EventEmitter {
|
|
3
|
+
constructor() {
|
|
4
|
+
super();
|
|
5
|
+
}
|
|
6
|
+
emitWarn(message) {
|
|
7
|
+
this.emit('resolvewarning', {
|
|
8
|
+
message,
|
|
9
|
+
});
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
export const ResolveLifecycle = new ResolveEntityLifecycle();
|
|
13
|
+
//# sourceMappingURL=resolve-entity-lifecycle-bus.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"resolve-entity-lifecycle-bus.js","sourceRoot":"","sources":["../../src/salesforce/resolve-entity-lifecycle-bus.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAM3C,MAAM,CAAC,OAAO,OAAO,sBAAuB,SAAQ,YAAY;IAC9D;QACE,KAAK,EAAE,CAAC;IACV,CAAC;IAEM,QAAQ,CAAC,OAAe;QAC7B,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAC1B,OAAO;SACQ,CAAC,CAAC;IACrB,CAAC;CACF;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,sBAAsB,EAAE,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export function chunkArray(ids, chunkSize) {
|
|
2
|
+
const chunks = [];
|
|
3
|
+
for (let i = 0; i < ids.length; i += chunkSize) {
|
|
4
|
+
chunks.push(ids.slice(i, i + chunkSize));
|
|
5
|
+
}
|
|
6
|
+
return chunks;
|
|
7
|
+
}
|
|
8
|
+
export function joinToSoqlIN(ids) {
|
|
9
|
+
return ids.map((id) => `'${id}'`).join(',');
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/salesforce/utils.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,UAAU,CAAC,GAAa,EAAE,SAAiB;IACzD,MAAM,MAAM,GAAG,EAAE,CAAC;IAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,SAAS,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAa;IACxC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9C,CAAC"}
|
package/lib/utils.js
CHANGED
|
@@ -19,9 +19,9 @@ export function uncapitalize(anyString) {
|
|
|
19
19
|
return `${anyString[0].toLowerCase()}${anyString.slice(1)}`;
|
|
20
20
|
}
|
|
21
21
|
export function isParseableDate(value) {
|
|
22
|
+
const matcher = /^\d{4}-\d{2}-\d{2}(T\d{2}:\d{2}:\d{2}(\.\d+)?Z?)?$/;
|
|
22
23
|
if (typeof value === 'string') {
|
|
23
|
-
|
|
24
|
-
return !Number.isNaN(d.getTime());
|
|
24
|
+
return matcher.test(value);
|
|
25
25
|
}
|
|
26
26
|
return false;
|
|
27
27
|
}
|
package/lib/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,UAAU,OAAO,CAAC,QAAkB;IACxC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,OAAO,CAAC,QAAS,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAiB;IACzC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,SAAiB;IAC5C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AAEzC,MAAM,UAAU,OAAO,CAAC,QAAkB;IACxC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,OAAO,CAAC,QAAS,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAiB;IACzC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,SAAiB;IAC1C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,SAAiB;IAC5C,OAAO,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,KAAc;IAC5C,MAAM,OAAO,GAAG,oDAAoD,CAAC;IACrE,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC7B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,KAAc;IAC3C,IAAI,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,OAAO,IAAI,IAAI,CAAC,KAAe,CAAC,CAAC,cAAc,EAAE,CAAC;IACpD,CAAC;IACD,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,KAAK,CAAC,cAAc,EAAE,CAAC;IAChC,CAAC;IACD,QAAQ,OAAO,KAAK,EAAE,CAAC;QACrB,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC;QACf,KAAK,QAAQ;YACX,OAAO,KAAK,CAAC,cAAc,EAAE,CAAC;QAChC,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC/B;YACE,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAY,EAAE,SAAiB,CAAC;IAC3D,MAAM,IAAI,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAClB,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,KAAsB,EAAE,KAAsB;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,cAAc,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,GAAG,cAAc,CAAC,CAAC;IACvD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC"}
|
package/lib/ux/environment.d.ts
CHANGED
|
@@ -6,6 +6,21 @@ export declare const SUPPORTED_ENV_VARS: {
|
|
|
6
6
|
readonly expectedType: "number";
|
|
7
7
|
readonly defaultValue: 30;
|
|
8
8
|
};
|
|
9
|
+
readonly SAE_MAX_OAUTH_TOKEN_THRESHOLD: {
|
|
10
|
+
readonly description: "Maximum number of OauthToken before engine starts batching retrieval with user ids.";
|
|
11
|
+
readonly expectedType: "number";
|
|
12
|
+
readonly defaultValue: 2500;
|
|
13
|
+
};
|
|
14
|
+
readonly SAE_OAUTH_TOKEN_BATCH_SIZE: {
|
|
15
|
+
readonly description: "Starting batch size when engine batches OauthToken retrieval by user ids.";
|
|
16
|
+
readonly expectedType: "number";
|
|
17
|
+
readonly defaultValue: 256;
|
|
18
|
+
};
|
|
19
|
+
readonly SAE_MAX_USERS_LIMIT: {
|
|
20
|
+
readonly description: "The maximum number of users that are retrieved from the org.";
|
|
21
|
+
readonly expectedType: "number";
|
|
22
|
+
readonly defaultValue: 100000;
|
|
23
|
+
};
|
|
9
24
|
};
|
|
10
25
|
type EnvironmentVariable = keyof typeof SUPPORTED_ENV_VARS;
|
|
11
26
|
type EnvironmentConfig = typeof SUPPORTED_ENV_VARS;
|
package/lib/ux/environment.js
CHANGED
|
@@ -5,6 +5,21 @@ export const SUPPORTED_ENV_VARS = {
|
|
|
5
5
|
expectedType: 'number',
|
|
6
6
|
defaultValue: 30,
|
|
7
7
|
},
|
|
8
|
+
SAE_MAX_OAUTH_TOKEN_THRESHOLD: {
|
|
9
|
+
description: 'Maximum number of OauthToken before engine starts batching retrieval with user ids.',
|
|
10
|
+
expectedType: 'number',
|
|
11
|
+
defaultValue: 2500,
|
|
12
|
+
},
|
|
13
|
+
SAE_OAUTH_TOKEN_BATCH_SIZE: {
|
|
14
|
+
description: 'Starting batch size when engine batches OauthToken retrieval by user ids.',
|
|
15
|
+
expectedType: 'number',
|
|
16
|
+
defaultValue: 256,
|
|
17
|
+
},
|
|
18
|
+
SAE_MAX_USERS_LIMIT: {
|
|
19
|
+
description: 'The maximum number of users that are retrieved from the org.',
|
|
20
|
+
expectedType: 'number',
|
|
21
|
+
defaultValue: 100_000,
|
|
22
|
+
},
|
|
8
23
|
};
|
|
9
24
|
export default class EnvVars extends Env {
|
|
10
25
|
constructor(env = process.env) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"environment.js","sourceRoot":"","sources":["../../src/ux/environment.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAgBtC,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,6BAA6B,EAAE;QAC7B,WAAW,EAAE,iEAAiE;QAC9E,YAAY,EAAE,QAAQ;QACtB,YAAY,EAAE,EAAE;KACjB;CAC6D,CAAC;AAajE,MAAM,CAAC,OAAO,OAAO,OAAQ,SAAQ,GAAG;IACtC,YAAmB,GAAG,GAAG,OAAO,CAAC,GAAG;QAClC,KAAK,CAAC,GAAG,CAAC,CAAC;IACb,CAAC;IAEM,OAAO,CAAgC,QAAW;QACvD,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC1C,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1B,KAAK,QAAQ;gBACX,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,YAAY,CAAiB,CAAC;YACzE,kBAAkB;YAClB,6EAA6E;YAC7E,iBAAiB;YACjB,4EAA4E;YAC5E;gBACE,MAAM;QACV,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,YAAY;QACjB,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5C,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,GAAG,CAAkB,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAClD,CAAC;CACF;AAED,MAAM,CAAC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"environment.js","sourceRoot":"","sources":["../../src/ux/environment.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,GAAG,EAAE,MAAM,iBAAiB,CAAC;AAgBtC,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,6BAA6B,EAAE;QAC7B,WAAW,EAAE,iEAAiE;QAC9E,YAAY,EAAE,QAAQ;QACtB,YAAY,EAAE,EAAE;KACjB;IACD,6BAA6B,EAAE;QAC7B,WAAW,EAAE,qFAAqF;QAClG,YAAY,EAAE,QAAQ;QACtB,YAAY,EAAE,IAAI;KACnB;IACD,0BAA0B,EAAE;QAC1B,WAAW,EAAE,2EAA2E;QACxF,YAAY,EAAE,QAAQ;QACtB,YAAY,EAAE,GAAG;KAClB;IACD,mBAAmB,EAAE;QACnB,WAAW,EAAE,8DAA8D;QAC3E,YAAY,EAAE,QAAQ;QACtB,YAAY,EAAE,OAAO;KACtB;CAC6D,CAAC;AAajE,MAAM,CAAC,OAAO,OAAO,OAAQ,SAAQ,GAAG;IACtC,YAAmB,GAAG,GAAG,OAAO,CAAC,GAAG;QAClC,KAAK,CAAC,GAAG,CAAC,CAAC;IACb,CAAC;IAEM,OAAO,CAAgC,QAAW;QACvD,MAAM,IAAI,GAAG,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QAC1C,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;YAC1B,KAAK,QAAQ;gBACX,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,YAAY,CAAiB,CAAC;YACzE,kBAAkB;YAClB,6EAA6E;YAC7E,iBAAiB;YACjB,4EAA4E;YAC5E;gBACE,MAAM;QACV,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEM,YAAY;QACjB,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5C,CAAC;IAEM,KAAK;QACV,OAAO,IAAI,GAAG,CAAkB,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IAClD,CAAC;CACF;AAED,MAAM,CAAC,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC"}
|
|
@@ -9,3 +9,15 @@ Failed to retrieve the following metadata. This is most likely an error on Sales
|
|
|
9
9
|
Check if the metadata actually exists on your org. If you believe this is an error, please open a ticket and describe how to reproduce this:
|
|
10
10
|
|
|
11
11
|
https://github.com/j-schreiber/js-sf-cli-security-audit/issues/new
|
|
12
|
+
|
|
13
|
+
# warning.NotAllOauthTokenReturned
|
|
14
|
+
|
|
15
|
+
The org has %s oauth tokens, but only %s were retrieved. Results may be incomplete.
|
|
16
|
+
|
|
17
|
+
# warning.TooManyUsersIncreaseLimit
|
|
18
|
+
|
|
19
|
+
The org has %s total users, but the current limit is %s. Oauth tokens may be missing. You can increase this limit by setting the SAE_MAX_USERS_LIMIT environment variable.
|
|
20
|
+
|
|
21
|
+
# warning.TooManyActiveUsersIncreaseLimit
|
|
22
|
+
|
|
23
|
+
The org has %s total active users, but the current limit is %s. Permissions and login history may be missing. You can increase this limit by setting the SAE_MAX_USERS_LIMIT environment variable.
|
|
@@ -1,6 +1,10 @@
|
|
|
1
|
-
# violations.users-can-self-authorize
|
|
1
|
+
# violations.users-can-self-authorize-unknown-app
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Unknown app allows users to self-authorize.
|
|
4
|
+
|
|
5
|
+
# violations.users-can-self-authorize-known-app
|
|
6
|
+
|
|
7
|
+
%s allows users to self-authorize.
|
|
4
8
|
|
|
5
9
|
# warnings.users-can-self-authorize-but-setting-overrides
|
|
6
10
|
|
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j-schreiber/sf-cli-security-audit",
|
|
3
3
|
"description": "Salesforce CLI plugin to automate highly configurable security audits",
|
|
4
|
-
"version": "0.18.
|
|
4
|
+
"version": "0.18.2",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
7
7
|
"url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"
|
|
@@ -90,7 +90,9 @@
|
|
|
90
90
|
"prepack": "sf-prepack",
|
|
91
91
|
"test": "wireit",
|
|
92
92
|
"test:nuts": "nyc mocha \"**/*.nut.ts\" --slow 4500 --timeout 600000 --parallel",
|
|
93
|
+
"test:api:nuts": "nyc mocha \"**/salesforce-apis.nut.ts\" --slow 4500 --timeout 600000 --parallel",
|
|
93
94
|
"debug:nuts": "yarn build && nyc mocha \"**/*.nut.ts\" --slow 4500 --timeout 600000 --inspect-brk",
|
|
95
|
+
"debug:api:nuts": "yarn build && nyc mocha \"**/salesforce-apis.nut.ts\" --slow 4500 --timeout 600000 --inspect-brk",
|
|
94
96
|
"test:only": "wireit",
|
|
95
97
|
"readme": "wireit",
|
|
96
98
|
"prepare": "husky",
|
/package/{LICENSE.md → LICENSE}
RENAMED
|
File without changes
|