@j-schreiber/sf-cli-security-audit 0.18.1 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/lib/libs/audit-engine/auditRun.js +1 -1
- package/lib/libs/audit-engine/auditRun.js.map +1 -1
- package/lib/libs/audit-engine/auditRunLifecycle.d.ts +12 -0
- package/lib/libs/audit-engine/auditRunLifecycle.js +16 -0
- package/lib/libs/audit-engine/auditRunLifecycle.js.map +1 -0
- package/lib/libs/audit-engine/file-manager/fileManager.d.ts +3 -2
- package/lib/libs/audit-engine/file-manager/fileManager.js +19 -9
- package/lib/libs/audit-engine/file-manager/fileManager.js.map +1 -1
- package/lib/libs/audit-engine/file-manager/fileManager.types.d.ts +4 -0
- package/lib/libs/audit-engine/index.d.ts +15 -4
- package/lib/libs/audit-engine/index.js +2 -1
- package/lib/libs/audit-engine/index.js.map +1 -1
- package/lib/libs/audit-engine/registry/definitions.d.ts +15 -4
- package/lib/libs/audit-engine/registry/policies/permissionSets.d.ts +2 -2
- package/lib/libs/audit-engine/registry/policies/permissionSets.js +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/users.d.ts +2 -2
- package/lib/libs/audit-engine/registry/policies/users.js +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.d.ts +62 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.js +168 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.js.map +1 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.types.d.ts +43 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js +2 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js.map +1 -0
- package/lib/libs/audit-engine/registry/roles/userRole.d.ts +12 -0
- package/lib/libs/audit-engine/registry/roles/userRole.js +75 -0
- package/lib/libs/audit-engine/registry/roles/userRole.js.map +1 -0
- package/lib/libs/audit-engine/registry/rules/enforcePermissionPresets.d.ts +2 -0
- package/lib/libs/audit-engine/registry/rules/enforcePermissionPresets.js +36 -23
- package/lib/libs/audit-engine/registry/rules/enforcePermissionPresets.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.d.ts +2 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js +19 -9
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.d.ts +1 -0
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js +18 -3
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.d.ts +15 -4
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.js +6 -1
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/schema.d.ts +14 -7
- package/lib/libs/audit-engine/registry/shape/schema.js +10 -3
- package/lib/libs/audit-engine/registry/shape/schema.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/shapeValidation.d.ts +3 -0
- package/lib/libs/audit-engine/registry/shape/shapeValidation.js +37 -0
- package/lib/libs/audit-engine/registry/shape/shapeValidation.js.map +1 -0
- package/lib/libs/conf-init/auditConfig.js +1 -1
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js +3 -9
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/queries.js +1 -3
- package/lib/salesforce/repositories/connected-apps/queries.js.map +1 -1
- package/lib/salesforce/repositories/users/queries.d.ts +11 -4
- package/lib/salesforce/repositories/users/queries.js +30 -8
- package/lib/salesforce/repositories/users/queries.js.map +1 -1
- package/lib/salesforce/repositories/users/users.d.ts +3 -4
- package/lib/salesforce/repositories/users/users.js +60 -57
- package/lib/salesforce/repositories/users/users.js.map +1 -1
- package/lib/salesforce/utils.d.ts +2 -0
- package/lib/salesforce/utils.js +11 -0
- package/lib/salesforce/utils.js.map +1 -0
- package/messages/auditShapeValidation.md +11 -0
- package/messages/org.audit.run.md +4 -4
- package/messages/rules.enforceClassificationPresets.md +12 -0
- package/messages/rules.users.md +4 -0
- package/oclif.manifest.json +1 -1
- package/package.json +2 -1
package/README.md
CHANGED
|
@@ -89,7 +89,7 @@ FLAG DESCRIPTIONS
|
|
|
89
89
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
90
90
|
```
|
|
91
91
|
|
|
92
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
92
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.19.0/src/commands/org/audit/init.ts)_
|
|
93
93
|
|
|
94
94
|
## `sf org audit run`
|
|
95
95
|
|
|
@@ -134,7 +134,7 @@ FLAG DESCRIPTIONS
|
|
|
134
134
|
never truncated.
|
|
135
135
|
```
|
|
136
136
|
|
|
137
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
137
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.19.0/src/commands/org/audit/run.ts)_
|
|
138
138
|
|
|
139
139
|
## `sf org scan user-perms`
|
|
140
140
|
|
|
@@ -183,7 +183,7 @@ FLAG DESCRIPTIONS
|
|
|
183
183
|
userPermissions.yml.
|
|
184
184
|
```
|
|
185
185
|
|
|
186
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
186
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.19.0/src/commands/org/scan/user-perms.ts)_
|
|
187
187
|
|
|
188
188
|
<!-- commandsstop -->
|
|
189
189
|
|
|
@@ -10,7 +10,7 @@ export default class AuditRun extends EventEmitter {
|
|
|
10
10
|
executablePolicies;
|
|
11
11
|
constructor(config) {
|
|
12
12
|
super();
|
|
13
|
-
this.config = { ...{ classifications: {}, policies: {}, acceptedRisks: {} }, ...config };
|
|
13
|
+
this.config = { ...{ classifications: {}, policies: {}, acceptedRisks: {}, definitions: {} }, ...config };
|
|
14
14
|
ResolveLifecycle.on('resolvewarning', (warning) => this.emit('resolvewarning', warning));
|
|
15
15
|
}
|
|
16
16
|
getExecutableRulesCount(policyName) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/auditRun.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAG7D,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAEvD,OAAO,aAAa,MAAM,mCAAmC,CAAC;AAkB9D;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,YAAY;IACzC,MAAM,CAAiB;IACtB,kBAAkB,CAAa;IAEvC,YAAmB,MAA+B;QAChD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/auditRun.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAG7D,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAEvD,OAAO,aAAa,MAAM,mCAAmC,CAAC;AAkB9D;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,YAAY;IACzC,MAAM,CAAiB;IACtB,kBAAkB,CAAa;IAEvC,YAAmB,MAA+B;QAChD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC;QAC1G,gBAAgB,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC;IAC3F,CAAC;IAEM,uBAAuB,CAAC,UAAoB;QACjD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,kBAAkB,EAAE,CAAC,MAAM,CAAC;QACzE,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAClC,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,MAAM,WAAW,CAAC,kBAAkB,EAAE,mBAAmB,CAAC,CAAC;QAClF,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG;YACb,KAAK,EAAE,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,KAAK;YACpD,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC;SACjC,CAAC;QACF,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,eAAe;IAEf;;;;OAIG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC;QACjC,CAAC;QACD,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAC9C,MAAM,qBAAqB,GAAiD,EAAE,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC5D,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACK,QAAQ,CAAC,cAAoC;QACnD,MAAM,gBAAgB,GAAe,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YACzE,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC,UAAU,CAAC,CAAC;YACrD,IAAI,MAAM,EAAE,CAAC;gBACX,gBAAgB,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QACD,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,WAAW,CAAC,gBAAgB,CAAC;YAC1C,QAAQ,EAAE,gBAAgB;YAC1B,aAAa,EAAE,WAAW,CAAC,QAAQ,EAAE;SACtC,CAAC;IACJ,CAAC;IAEO,YAAY;QAClB,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,MAAM,MAAM,GAAG,UAAU,CAAC,UAAsB,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/D,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,YAAoD,EAAE,EAAE;oBAC3F,IAAI,CAAC,IAAI,CAAC,iBAAiB,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC;gBAC5E,CAAC,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;YAC5B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,eAAe,CAAC,QAAuB;QAC7C,MAAM,SAAS,GAAwB;YACrC,QAAQ;SACT,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IACtC,CAAC;CACF;AAED,SAAS,WAAW,CAAC,OAAmB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAmB,EAAE,mBAA+B;IAC7E,MAAM,YAAY,GAAuC,EAAE,CAAC;IAC5D,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE;QAC3D,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;IACtE,CAAC,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,WAAW,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QACnC,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { EventEmitter } from 'node:events';
|
|
2
|
+
export type MessageEvent = {
|
|
3
|
+
message: string;
|
|
4
|
+
};
|
|
5
|
+
/**
|
|
6
|
+
* Internal event bus for audit run modules to share messages
|
|
7
|
+
*/
|
|
8
|
+
export default class AuditRunLifecycle extends EventEmitter {
|
|
9
|
+
constructor();
|
|
10
|
+
emitResolveWarn(message: string): void;
|
|
11
|
+
}
|
|
12
|
+
export declare const AuditRunLifecycleBus: AuditRunLifecycle;
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { EventEmitter } from 'node:events';
|
|
2
|
+
/**
|
|
3
|
+
* Internal event bus for audit run modules to share messages
|
|
4
|
+
*/
|
|
5
|
+
export default class AuditRunLifecycle extends EventEmitter {
|
|
6
|
+
constructor() {
|
|
7
|
+
super();
|
|
8
|
+
}
|
|
9
|
+
emitResolveWarn(message) {
|
|
10
|
+
this.emit('resolvewarning', {
|
|
11
|
+
message,
|
|
12
|
+
});
|
|
13
|
+
}
|
|
14
|
+
}
|
|
15
|
+
export const AuditRunLifecycleBus = new AuditRunLifecycle();
|
|
16
|
+
//# sourceMappingURL=auditRunLifecycle.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auditRunLifecycle.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/auditRunLifecycle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAM3C;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,iBAAkB,SAAQ,YAAY;IACzD;QACE,KAAK,EAAE,CAAC;IACV,CAAC;IAEM,eAAe,CAAC,OAAe;QACpC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE;YAC1B,OAAO;SACQ,CAAC,CAAC;IACrB,CAAC;CACF;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,IAAI,iBAAiB,EAAE,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { PathLike } from 'node:fs';
|
|
2
|
-
import { AuditConfigShapeDefinition, AuditShapeSaveResult, ExtractAuditConfigTypes } from './fileManager.types.js';
|
|
2
|
+
import { AuditConfigShapeDefinition, AuditShapeSaveResult, ExtractAuditConfigTypes, RefineError } from './fileManager.types.js';
|
|
3
3
|
/**
|
|
4
4
|
* The file manager streamlines initialisation of an audit config from
|
|
5
5
|
* a source directory and writing updated content back to disk. The directory
|
|
@@ -8,7 +8,8 @@ import { AuditConfigShapeDefinition, AuditShapeSaveResult, ExtractAuditConfigTyp
|
|
|
8
8
|
*/
|
|
9
9
|
export default class FileManager<ConfShape extends AuditConfigShapeDefinition> {
|
|
10
10
|
private schema;
|
|
11
|
-
|
|
11
|
+
private refine?;
|
|
12
|
+
constructor(schema: ConfShape, refine?: ((parseResult: ExtractAuditConfigTypes<ConfShape>) => RefineError[]) | undefined);
|
|
12
13
|
/**
|
|
13
14
|
* Parses a directory path for policy and classification files
|
|
14
15
|
* and initialises an audit config from file contents.
|
|
@@ -16,8 +16,10 @@ const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'or
|
|
|
16
16
|
*/
|
|
17
17
|
export default class FileManager {
|
|
18
18
|
schema;
|
|
19
|
-
|
|
19
|
+
refine;
|
|
20
|
+
constructor(schema, refine) {
|
|
20
21
|
this.schema = schema;
|
|
22
|
+
this.refine = refine;
|
|
21
23
|
}
|
|
22
24
|
/**
|
|
23
25
|
* Parses a directory path for policy and classification files
|
|
@@ -33,8 +35,18 @@ export default class FileManager {
|
|
|
33
35
|
for (const dirName of typedKeys(this.schema)) {
|
|
34
36
|
parseResult[dirName] = this.parseSubdir(dirName, dirPath);
|
|
35
37
|
}
|
|
36
|
-
assertIsMinimalConfig(parseResult, dirPath);
|
|
37
38
|
this.validateDependencies(parseResult);
|
|
39
|
+
if (this.refine) {
|
|
40
|
+
const errs = this.refine(parseResult);
|
|
41
|
+
if (errs.length > 0) {
|
|
42
|
+
const formattedDirPath = !dirPath || dirPath.toString().length === 0 ? '<root-dir>' : dirPath.toString();
|
|
43
|
+
throw messages.createError('error.FailedToValidateAuditConfig', [
|
|
44
|
+
formattedDirPath,
|
|
45
|
+
errs[0].message,
|
|
46
|
+
errs[0].path.join('.'),
|
|
47
|
+
]);
|
|
48
|
+
}
|
|
49
|
+
}
|
|
38
50
|
return parseResult;
|
|
39
51
|
}
|
|
40
52
|
/**
|
|
@@ -112,12 +124,16 @@ function writeSubdir(conf) {
|
|
|
112
124
|
const dirSaveResults = {};
|
|
113
125
|
for (const [fileName, fileDefinition] of Object.entries(conf.dirDefinition.files)) {
|
|
114
126
|
const maybeContent = conf.dirContent[fileName];
|
|
127
|
+
const filePath = path.join(conf.targetPath, `${fileName}.yml`);
|
|
115
128
|
if (maybeContent) {
|
|
116
|
-
const filePath = path.join(conf.targetPath, `${fileName}.yml`);
|
|
117
129
|
const entitiesCount = fileDefinition.entities ? countEntities(maybeContent[fileDefinition.entities]) : 0;
|
|
118
130
|
dirSaveResults[fileName] = { filePath, content: maybeContent, totalEntities: entitiesCount };
|
|
119
131
|
fs.writeFileSync(filePath, yaml.dump(maybeContent));
|
|
120
132
|
}
|
|
133
|
+
else if (fs.existsSync(filePath)) {
|
|
134
|
+
fs.rmSync(filePath);
|
|
135
|
+
dirSaveResults[fileName] = { filePath, content: undefined, totalEntities: 0 };
|
|
136
|
+
}
|
|
121
137
|
}
|
|
122
138
|
return dirSaveResults;
|
|
123
139
|
}
|
|
@@ -153,12 +169,6 @@ function countEntities(content) {
|
|
|
153
169
|
return 0;
|
|
154
170
|
}
|
|
155
171
|
}
|
|
156
|
-
function assertIsMinimalConfig(conf, dirPath) {
|
|
157
|
-
if (Object.keys(conf.policies).length === 0) {
|
|
158
|
-
const formattedDirPath = !dirPath || dirPath.toString().length === 0 ? '<root-dir>' : dirPath.toString();
|
|
159
|
-
throw messages.createError('NoAuditConfigFound', [formattedDirPath]);
|
|
160
|
-
}
|
|
161
|
-
}
|
|
162
172
|
function typedKeys(obj) {
|
|
163
173
|
return Object.keys(obj);
|
|
164
174
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fileManager.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/file-manager/fileManager.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,0DAA0D;AAC1D,+DAA+D;AAC/D,uDAAuD;AACvD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAgB,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,SAAS,CAAC;AAE3B,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"fileManager.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/file-manager/fileManager.ts"],"names":[],"mappings":"AAAA,4DAA4D;AAC5D,0DAA0D;AAC1D,+DAA+D;AAC/D,uDAAuD;AACvD,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAgB,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,SAAS,CAAC;AAE3B,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAY5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F;;;;;GAKG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAEpB;IACA;IAFV,YACU,MAAiB,EACjB,MAA2E;QAD3E,WAAM,GAAN,MAAM,CAAW;QACjB,WAAM,GAAN,MAAM,CAAqE;IAClF,CAAC;IAEJ;;;;;;OAMG;IACI,KAAK,CAAC,OAAiB;QAC5B,kEAAkE;QAClE,2DAA2D;QAC3D,MAAM,WAAW,GAAQ,EAAE,CAAC;QAC5B,KAAK,MAAM,OAAO,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,WAAW,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QACvC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACtC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,gBAAgB,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACzG,MAAM,QAAQ,CAAC,WAAW,CAAC,mCAAmC,EAAE;oBAC9D,gBAAgB;oBAChB,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO;oBACf,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;iBACvB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,WAAiD,CAAC;IAC3D,CAAC;IAED;;;;;;;OAOG;IACI,IAAI,CAAC,aAAqB,EAAE,IAA6B;QAC9D,MAAM,UAAU,GAA4B,EAAE,CAAC;QAC/C,KAAK,MAAM,OAAO,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;gBAC9B,SAAS;YACX,CAAC;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YACtD,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;gBAC9B,MAAM,OAAO,GAAkB;oBAC7B,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;oBACpC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;oBACnE,aAAa;iBACd,CAAC;gBACF,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtD,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;YACxD,CAAC;iBAAM,IAAI,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,MAAM,iBAAiB,GAA4B,EAAE,CAAC;gBACtD,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAA4B,CAAC;gBACxE,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3E,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;wBAC9B,SAAS;oBACX,CAAC;oBACD,MAAM,OAAO,GAAkB;wBAC7B,UAAU,EAAE,WAAW,CAAC,WAAW,CAAC;wBACpC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,QAAQ,EAAE,EAAE,WAAW,CAAC;wBAChF,aAAa,EAAE,UAAU;qBAC1B,CAAC;oBACF,EAAE,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;oBACtD,iBAAiB,CAAC,WAAW,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;gBACxD,CAAC;gBACD,UAAU,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,GAAG,iBAAiB,CAAC;YACrD,CAAC;QACH,CAAC;QACD,OAAO,UAA6C,CAAC;IACvD,CAAC;IAED,oBAAoB;IAEZ,WAAW,CAA4B,UAAa,EAAE,OAAiB;QAC7E,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAC3C,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,OAAO,mBAAmB,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAC/F,CAAC;aAAM,IAAI,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;YACnC,MAAM,UAAU,GAA4B,EAAE,CAAC;YAC/C,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBACzE,UAAU,CAAC,UAAU,CAAC,GAAG,mBAAmB,CAC1C,YAAY,EACZ,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,UAAU,CAAC,QAAQ,EAAE,EAAE,UAAU,CAAC,CACjE,CAAC;YACJ,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,oBAAoB,CAAC,WAA+C;QAC1E,KAAK,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/D,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;gBACvB,KAAK,MAAM,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;oBACrE,IAAI,WAAW,CAAC,YAAY,IAAI,WAAW,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC;wBACpE,kBAAkB,CAAC,WAAW,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;oBAC5D,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,SAAS,WAAW,CAAC,IAAmB;IACtC,MAAM,cAAc,GAAwC,EAAE,CAAC;IAC/D,KAAK,MAAM,CAAC,QAAQ,EAAE,cAAc,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,EAAE,CAAC;QAClF,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;QAC/D,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,aAAa,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,aAAa,CAAC,YAAY,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACzG,cAAc,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,CAAC;YAC7F,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QACtD,CAAC;aAAM,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACnC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACpB,cAAc,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,EAAE,CAAC;QAChF,CAAC;IACH,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAQD,SAAS,mBAAmB,CAAC,GAAmB,EAAE,OAAiB;IACjE,MAAM,YAAY,GAA4B,EAAE,CAAC;IACjD,KAAK,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;QAClE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC7B,SAAS;QACX,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;QAClE,MAAM,WAAW,GAAG,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;QAC7D,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACxB,YAAY,CAAC,QAAQ,CAAC,GAAG,WAAW,CAAC,IAAI,CAAC;QAC5C,CAAC;aAAM,CAAC;YACN,cAAc,CAAC,QAAQ,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,SAAS,UAAU,CAAC,GAAqC;IACvD,OAAO,OAAO,IAAI,GAAG,CAAC;AACxB,CAAC;AAED,SAAS,WAAW,CAAC,GAAqC;IACxD,OAAO,MAAM,IAAI,GAAG,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,OAAgB;IACrC,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,CAAC;IACX,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAmB,GAAM;IACzC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAmB,CAAC;AAC5C,CAAC;AAED,SAAS,kBAAkB,CAAC,YAAoC,EAAE,WAAoC;IACpG,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,CAAC;YAC7C,MAAM,QAAQ,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAkB,EAAE,QAAiC;IAC7E,MAAM,GAAG,GAAG,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACvD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,sBAAsB,CAAC,aAAuB,EAAE,QAAiC;IACxF,IAAI,aAAa,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,sBAAsB,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAA4B,CAAC,CAAC;IAC/G,CAAC;SAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;SAAM,CAAC;QACN,OAAO,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,QAAgB,EAAE,UAAoB;IAC5D,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAChD,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CACpG,CAAC;IACF,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC"}
|
|
@@ -21,6 +21,17 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
21
21
|
};
|
|
22
22
|
};
|
|
23
23
|
};
|
|
24
|
+
definitions: {
|
|
25
|
+
files: {
|
|
26
|
+
roles: {
|
|
27
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
28
|
+
allowedClassifications: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodEnum<typeof import("./registry/shape/schema.js").PermissionRiskLevel>>>;
|
|
29
|
+
allowedPermissions: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
30
|
+
deniedPermissions: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
31
|
+
}, import("zod/v4/core").$strip>>;
|
|
32
|
+
};
|
|
33
|
+
};
|
|
34
|
+
};
|
|
24
35
|
classifications: {
|
|
25
36
|
files: {
|
|
26
37
|
userPermissions: {
|
|
@@ -46,7 +57,7 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
46
57
|
profiles: {
|
|
47
58
|
schema: import("zod").ZodObject<{
|
|
48
59
|
profiles: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
49
|
-
role: import("zod").
|
|
60
|
+
role: import("zod").ZodString;
|
|
50
61
|
allowedLoginIps: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodObject<{
|
|
51
62
|
from: import("zod").ZodString;
|
|
52
63
|
to: import("zod").ZodString;
|
|
@@ -58,7 +69,7 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
58
69
|
permissionSets: {
|
|
59
70
|
schema: import("zod").ZodObject<{
|
|
60
71
|
permissionSets: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
61
|
-
role: import("zod").
|
|
72
|
+
role: import("zod").ZodString;
|
|
62
73
|
}, import("zod/v4/core").$strict>>;
|
|
63
74
|
}, import("zod/v4/core").$strip>;
|
|
64
75
|
entities: string;
|
|
@@ -66,7 +77,7 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
66
77
|
users: {
|
|
67
78
|
schema: import("zod").ZodObject<{
|
|
68
79
|
users: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
69
|
-
role: import("zod").
|
|
80
|
+
role: import("zod").ZodString;
|
|
70
81
|
}, import("zod/v4/core").$strip>>;
|
|
71
82
|
}, import("zod/v4/core").$strip>;
|
|
72
83
|
entities: string;
|
|
@@ -121,7 +132,7 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
121
132
|
options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
|
|
122
133
|
}, import("zod/v4/core").$strip>>>;
|
|
123
134
|
options: import("zod").ZodObject<{
|
|
124
|
-
defaultRoleForMissingUsers: import("zod").ZodDefault<import("zod").
|
|
135
|
+
defaultRoleForMissingUsers: import("zod").ZodDefault<import("zod").ZodString>;
|
|
125
136
|
analyseLastNDaysOfLoginHistory: import("zod").ZodOptional<import("zod").ZodNumber>;
|
|
126
137
|
}, import("zod/v4/core").$strict>;
|
|
127
138
|
}, import("zod/v4/core").$strip>;
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import AuditRun from './auditRun.js';
|
|
2
2
|
import FileManager from './file-manager/fileManager.js';
|
|
3
3
|
import { AuditConfigShape } from './registry/definitions.js';
|
|
4
|
+
import { validator } from './registry/shape/shapeValidation.js';
|
|
4
5
|
export { default as AuditRun } from './auditRun.js';
|
|
5
6
|
export { AuditConfigShape } from './registry/definitions.js';
|
|
6
7
|
export { PermissionRiskLevel, UserPrivilegeLevel } from './registry/shape/schema.js';
|
|
7
8
|
export { default as RuleRegistry } from './registry/ruleRegistry.js';
|
|
8
|
-
export const ConfigFileManager = new FileManager(AuditConfigShape);
|
|
9
|
+
export const ConfigFileManager = new FileManager(AuditConfigShape, validator);
|
|
9
10
|
export { PolicyDefinitions, loadPolicy } from './registry/definitions.js';
|
|
10
11
|
/**
|
|
11
12
|
* Loads audit config from directory and initialises audit run.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/index.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,eAAe,CAAC;AACrC,OAAO,WAAW,MAAM,+BAA+B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAkB,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/index.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,eAAe,CAAC;AACrC,OAAO,WAAW,MAAM,+BAA+B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAkB,MAAM,2BAA2B,CAAC;AAC7E,OAAO,EAAE,SAAS,EAAE,MAAM,qCAAqC,CAAC;AAEhE,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AACrF,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAOrE,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,WAAW,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAE1E;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,aAAqB;IACjD,OAAO,IAAI,QAAQ,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,CAAC;AACtD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,eAAe,CAAC,aAAqB;IACnD,OAAO,iBAAiB,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;AAChD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,eAAe,CAC7B,aAAqB,EACrB,MAAsB;IAEtB,MAAM,EAAE,GAAG,IAAI,WAAW,CAAC,gBAAgB,CAAC,CAAC;IAC7C,OAAO,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;AACxC,CAAC"}
|
|
@@ -46,6 +46,17 @@ export declare const AuditConfigShape: {
|
|
|
46
46
|
};
|
|
47
47
|
};
|
|
48
48
|
};
|
|
49
|
+
definitions: {
|
|
50
|
+
files: {
|
|
51
|
+
roles: {
|
|
52
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
53
|
+
allowedClassifications: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodEnum<typeof import("./shape/schema.js").PermissionRiskLevel>>>;
|
|
54
|
+
allowedPermissions: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
55
|
+
deniedPermissions: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
56
|
+
}, import("zod/v4/core").$strip>>;
|
|
57
|
+
};
|
|
58
|
+
};
|
|
59
|
+
};
|
|
49
60
|
classifications: {
|
|
50
61
|
files: {
|
|
51
62
|
userPermissions: {
|
|
@@ -71,7 +82,7 @@ export declare const AuditConfigShape: {
|
|
|
71
82
|
profiles: {
|
|
72
83
|
schema: import("zod").ZodObject<{
|
|
73
84
|
profiles: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
74
|
-
role: import("zod").
|
|
85
|
+
role: import("zod").ZodString;
|
|
75
86
|
allowedLoginIps: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodObject<{
|
|
76
87
|
from: import("zod").ZodString;
|
|
77
88
|
to: import("zod").ZodString;
|
|
@@ -83,7 +94,7 @@ export declare const AuditConfigShape: {
|
|
|
83
94
|
permissionSets: {
|
|
84
95
|
schema: import("zod").ZodObject<{
|
|
85
96
|
permissionSets: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
86
|
-
role: import("zod").
|
|
97
|
+
role: import("zod").ZodString;
|
|
87
98
|
}, import("zod/v4/core").$strict>>;
|
|
88
99
|
}, import("zod/v4/core").$strip>;
|
|
89
100
|
entities: string;
|
|
@@ -91,7 +102,7 @@ export declare const AuditConfigShape: {
|
|
|
91
102
|
users: {
|
|
92
103
|
schema: import("zod").ZodObject<{
|
|
93
104
|
users: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
94
|
-
role: import("zod").
|
|
105
|
+
role: import("zod").ZodString;
|
|
95
106
|
}, import("zod/v4/core").$strip>>;
|
|
96
107
|
}, import("zod/v4/core").$strip>;
|
|
97
108
|
entities: string;
|
|
@@ -146,7 +157,7 @@ export declare const AuditConfigShape: {
|
|
|
146
157
|
options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
|
|
147
158
|
}, import("zod/v4/core").$strip>>>;
|
|
148
159
|
options: import("zod").ZodObject<{
|
|
149
|
-
defaultRoleForMissingUsers: import("zod").ZodDefault<import("zod").
|
|
160
|
+
defaultRoleForMissingUsers: import("zod").ZodDefault<import("zod").ZodString>;
|
|
150
161
|
analyseLastNDaysOfLoginHistory: import("zod").ZodOptional<import("zod").ZodNumber>;
|
|
151
162
|
}, import("zod/v4/core").$strict>;
|
|
152
163
|
}, import("zod/v4/core").$strip>;
|
|
@@ -3,9 +3,9 @@ import Policy, { ResolveEntityResult } from '../policy.js';
|
|
|
3
3
|
import RuleRegistry from '../ruleRegistry.js';
|
|
4
4
|
import { AuditContext } from '../context.types.js';
|
|
5
5
|
import { AuditRunConfig } from '../definitions.js';
|
|
6
|
-
import { PolicyConfig
|
|
6
|
+
import { PolicyConfig } from '../shape/schema.js';
|
|
7
7
|
export type ClassifiedPermissionSet = PermissionSet & {
|
|
8
|
-
role:
|
|
8
|
+
role: string;
|
|
9
9
|
};
|
|
10
10
|
export default class PermissionSetsPolicy extends Policy<ClassifiedPermissionSet> {
|
|
11
11
|
config: PolicyConfig;
|
|
@@ -57,7 +57,7 @@ export default class PermissionSetsPolicy extends Policy {
|
|
|
57
57
|
buildIgnoredEntities(allPermsets) {
|
|
58
58
|
const ignoredEntities = {};
|
|
59
59
|
for (const [permsetName, permsetDef] of Object.entries(this.classifications)) {
|
|
60
|
-
if (permsetDef.role === UserPrivilegeLevel.UNKNOWN) {
|
|
60
|
+
if (permsetDef.role === UserPrivilegeLevel.UNKNOWN.toString()) {
|
|
61
61
|
ignoredEntities[permsetName] = {
|
|
62
62
|
name: permsetName,
|
|
63
63
|
message: messages.getMessage('preset-unknown', ['Permission Set']),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA+B;IAIrD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAD/B,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,cAAc,IAAI,EAAE,CAAC;QAC7F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;IAChE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrE,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;QAChG,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CACjE,CAAC,WAAW,EAAE,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,CAC5D,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7G,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,MAAM,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ;oBACX,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,IAAI;iBAC7C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,IAAI,CAAC,aAAa;SAC7B,CAAC,CAAC;QACH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;IAEO,oBAAoB,CAAC,WAAuC;QAClE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA+B;IAIrD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAD/B,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,cAAc,IAAI,EAAE,CAAC;QAC7F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;IAChE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrE,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;QAChG,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CACjE,CAAC,WAAW,EAAE,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,CAC5D,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7G,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,MAAM,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ;oBACX,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,IAAI;iBAC7C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,IAAI,CAAC,aAAa;SAC7B,CAAC,CAAC;QACH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;IAEO,oBAAoB,CAAC,WAAuC;QAClE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC9D,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;iBACnE,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -23,7 +23,7 @@ export default class ProfilesPolicy extends Policy {
|
|
|
23
23
|
const ignoredEntities = {};
|
|
24
24
|
const classifiedProfiles = [];
|
|
25
25
|
for (const [profileName, profileDef] of Object.entries(this.classifications)) {
|
|
26
|
-
if (profileDef.role === UserPrivilegeLevel.UNKNOWN) {
|
|
26
|
+
if (profileDef.role === UserPrivilegeLevel.UNKNOWN.toString()) {
|
|
27
27
|
ignoredEntities[profileName] = {
|
|
28
28
|
name: profileName,
|
|
29
29
|
message: messages.getMessage('preset-unknown', ['Profile']),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAW,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAIrE,OAAO,EAAwC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE9F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AASjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAuB;IAIvC;IAA6B;IAH/C,YAAY,GAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,eAAe,CAAyB;IAEzD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADzB,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE,CAAC;QACjF,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAW,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAIrE,OAAO,EAAwC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE9F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AASjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAuB;IAIvC;IAA6B;IAH/C,YAAY,GAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,eAAe,CAAyB;IAEzD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADzB,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,IAAI,EAAE,CAAC;QACjF,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC9D,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC;QACpG,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACrG,MAAM,gBAAgB,GAAoC,EAAE,CAAC;QAC7D,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3D,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAE;oBAC7B,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC;iBACrC,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QACrF,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,kBAAkB,CAAC,MAA6B;QACtD,IAAI,CAAC,YAAY,GAAG,EAAE,GAAG,IAAI,CAAC,YAAY,EAAE,GAAG,MAAM,EAAE,CAAC;QACxD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;CACF"}
|
|
@@ -2,10 +2,10 @@ import RuleRegistry from '../ruleRegistry.js';
|
|
|
2
2
|
import { User } from '../../../../salesforce/index.js';
|
|
3
3
|
import Policy, { ResolveEntityResult } from '../policy.js';
|
|
4
4
|
import { AuditContext } from '../context.types.js';
|
|
5
|
-
import { UserPolicyConfig
|
|
5
|
+
import { UserPolicyConfig } from '../shape/schema.js';
|
|
6
6
|
import { AuditRunConfig } from '../definitions.js';
|
|
7
7
|
export type ResolvedUser = User & {
|
|
8
|
-
role:
|
|
8
|
+
role: string;
|
|
9
9
|
};
|
|
10
10
|
export default class UsersPolicy extends Policy<ResolvedUser> {
|
|
11
11
|
config: UserPolicyConfig;
|
|
@@ -45,7 +45,7 @@ export default class UsersPolicy extends Policy {
|
|
|
45
45
|
...user,
|
|
46
46
|
role: this.classifications[user.username]?.role ?? this.config.options.defaultRoleForMissingUsers,
|
|
47
47
|
};
|
|
48
|
-
if (finalUser.role === UserPrivilegeLevel.UNKNOWN) {
|
|
48
|
+
if (finalUser.role === UserPrivilegeLevel.UNKNOWN.toString()) {
|
|
49
49
|
ignoredEntities[user.username] = {
|
|
50
50
|
name: user.username,
|
|
51
51
|
message: messages.getMessage('user-with-role-unknown'),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAA6B,KAAK,EAAE,MAAM,iCAAiC,CAAC;AACnF,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAGrE,OAAO,EAAyC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG/F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,MAAoB;IAKjC;IAAiC;IAJnD,aAAa,CAAS;IACb,eAAe,CAAsB;IACrC,cAAc,CAA+B;IAE9D,YAA0B,MAAwB,EAAS,WAA2B,EAAE,QAAsB;QAC5G,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADtB,WAAM,GAAN,MAAM,CAAkB;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEpF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC;QAC3E,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;QAC9D,IAAI,CAAC,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,qBAAqB,CAAC,KAAwB;QACpD,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,MAAM,SAAS,GAAiB;gBAC9B,GAAG,IAAI;gBACP,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B;aAClG,CAAC;YACF,IAAI,SAAS,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAA6B,KAAK,EAAE,MAAM,iCAAiC,CAAC;AACnF,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAGrE,OAAO,EAAyC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG/F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,MAAoB;IAKjC;IAAiC;IAJnD,aAAa,CAAS;IACb,eAAe,CAAsB;IACrC,cAAc,CAA+B;IAE9D,YAA0B,MAAwB,EAAS,WAA2B,EAAE,QAAsB;QAC5G,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADtB,WAAM,GAAN,MAAM,CAAkB;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEpF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,KAAK,EAAE,KAAK,IAAI,EAAE,CAAC;QAC3E,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;QAC9D,IAAI,CAAC,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,qBAAqB,CAAC,KAAwB;QACpD,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,MAAM,SAAS,GAAiB;gBAC9B,GAAG,IAAI;gBACP,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B;aAClG,CAAC;YACF,IAAI,SAAS,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC7D,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAC/B,IAAI,EAAE,IAAI,CAAC,QAAQ;oBACnB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;iBACvD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;YAC9C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,YAA8B;IACzD,MAAM,IAAI,GAAiC,EAAE,CAAC;IAC9C,IAAI,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACxF,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,IAAI,CAAC,yBAAyB,GAAG,YAAY,CAAC,OAAO,CAAC,8BAA8B,CAAC;IACvF,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;IAC9B,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,kCAAkC,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;IACtC,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,iCAAiC,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
import { EventEmitter } from 'node:events';
|
|
2
|
+
import { PermissionClassifications, RoleDefinitions } from '../shape/schema.js';
|
|
3
|
+
import { ResolvedProfileLike, ScanResult, UserRoleCompareResult } from './roleManager.types.js';
|
|
4
|
+
import UserRole from './userRole.js';
|
|
5
|
+
type Classifications = {
|
|
6
|
+
userPermissions: PermissionClassifications;
|
|
7
|
+
customPermissions: PermissionClassifications;
|
|
8
|
+
};
|
|
9
|
+
export default class RoleManager extends EventEmitter {
|
|
10
|
+
private definitions?;
|
|
11
|
+
private classifications?;
|
|
12
|
+
private roles;
|
|
13
|
+
constructor(definitions?: RoleDefinitions | undefined, classifications?: Partial<Classifications> | undefined);
|
|
14
|
+
/**
|
|
15
|
+
* Scan userPermissions and customPermissions of a profile or permission set and
|
|
16
|
+
* get a unified scan result with violations (risk level not allowed) and warnings
|
|
17
|
+
* (risk level not classified)
|
|
18
|
+
*
|
|
19
|
+
* @param profileLike
|
|
20
|
+
* @param auditRun
|
|
21
|
+
* @param rootIdentifier Optional root identifier for messages to prepend.
|
|
22
|
+
* @returns
|
|
23
|
+
*/
|
|
24
|
+
scanProfileLike(profileLike: ResolvedProfileLike, rootIdentifier?: string[]): ScanResult;
|
|
25
|
+
/**
|
|
26
|
+
* Checks if a role allows a certain classifcation level. If the role is
|
|
27
|
+
* not configured or unknown, always returns false.
|
|
28
|
+
*
|
|
29
|
+
* @param roleName
|
|
30
|
+
* @param permission
|
|
31
|
+
* @returns
|
|
32
|
+
*/
|
|
33
|
+
allowsPermission(roleName: string, permission: string): boolean;
|
|
34
|
+
/**
|
|
35
|
+
* Checks if a given role name is a valid role for the context
|
|
36
|
+
* of the current audit run.
|
|
37
|
+
*
|
|
38
|
+
* @param roleName
|
|
39
|
+
* @returns
|
|
40
|
+
*/
|
|
41
|
+
isValidRole(roleName: string): boolean;
|
|
42
|
+
/**
|
|
43
|
+
* Compares two roles (both must exist)
|
|
44
|
+
*
|
|
45
|
+
* @param baseRoleName
|
|
46
|
+
* @param compareWithName
|
|
47
|
+
* @returns
|
|
48
|
+
*/
|
|
49
|
+
compare(baseRoleName: string, compareWithName: string): UserRoleCompareResult;
|
|
50
|
+
/**
|
|
51
|
+
* Returns the role or throws an error, if role name is invalid.
|
|
52
|
+
*
|
|
53
|
+
* @param roleName
|
|
54
|
+
* @returns
|
|
55
|
+
*/
|
|
56
|
+
getRole(roleName: string): UserRole;
|
|
57
|
+
private scanPermissions;
|
|
58
|
+
private resolvePerm;
|
|
59
|
+
private resolveUserPerm;
|
|
60
|
+
private resolveCustomPerm;
|
|
61
|
+
}
|
|
62
|
+
export {};
|