@j-schreiber/sf-cli-security-audit 0.18.1 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/lib/libs/audit-engine/auditRun.js +1 -1
- package/lib/libs/audit-engine/auditRun.js.map +1 -1
- package/lib/libs/audit-engine/auditRunLifecycle.d.ts +12 -0
- package/lib/libs/audit-engine/auditRunLifecycle.js +16 -0
- package/lib/libs/audit-engine/auditRunLifecycle.js.map +1 -0
- package/lib/libs/audit-engine/file-manager/fileManager.d.ts +3 -2
- package/lib/libs/audit-engine/file-manager/fileManager.js +19 -9
- package/lib/libs/audit-engine/file-manager/fileManager.js.map +1 -1
- package/lib/libs/audit-engine/file-manager/fileManager.types.d.ts +4 -0
- package/lib/libs/audit-engine/index.d.ts +15 -4
- package/lib/libs/audit-engine/index.js +2 -1
- package/lib/libs/audit-engine/index.js.map +1 -1
- package/lib/libs/audit-engine/registry/definitions.d.ts +15 -4
- package/lib/libs/audit-engine/registry/policies/permissionSets.d.ts +2 -2
- package/lib/libs/audit-engine/registry/policies/permissionSets.js +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/users.d.ts +2 -2
- package/lib/libs/audit-engine/registry/policies/users.js +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.d.ts +62 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.js +168 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.js.map +1 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.types.d.ts +43 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js +2 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js.map +1 -0
- package/lib/libs/audit-engine/registry/roles/userRole.d.ts +12 -0
- package/lib/libs/audit-engine/registry/roles/userRole.js +75 -0
- package/lib/libs/audit-engine/registry/roles/userRole.js.map +1 -0
- package/lib/libs/audit-engine/registry/rules/enforcePermissionPresets.d.ts +2 -0
- package/lib/libs/audit-engine/registry/rules/enforcePermissionPresets.js +36 -23
- package/lib/libs/audit-engine/registry/rules/enforcePermissionPresets.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.d.ts +2 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js +19 -9
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.d.ts +1 -0
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js +18 -3
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.d.ts +15 -4
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.js +6 -1
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/schema.d.ts +14 -7
- package/lib/libs/audit-engine/registry/shape/schema.js +10 -3
- package/lib/libs/audit-engine/registry/shape/schema.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/shapeValidation.d.ts +3 -0
- package/lib/libs/audit-engine/registry/shape/shapeValidation.js +37 -0
- package/lib/libs/audit-engine/registry/shape/shapeValidation.js.map +1 -0
- package/lib/libs/conf-init/auditConfig.js +1 -1
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js +3 -9
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/queries.js +1 -3
- package/lib/salesforce/repositories/connected-apps/queries.js.map +1 -1
- package/lib/salesforce/repositories/users/queries.d.ts +11 -4
- package/lib/salesforce/repositories/users/queries.js +30 -8
- package/lib/salesforce/repositories/users/queries.js.map +1 -1
- package/lib/salesforce/repositories/users/users.d.ts +3 -4
- package/lib/salesforce/repositories/users/users.js +60 -57
- package/lib/salesforce/repositories/users/users.js.map +1 -1
- package/lib/salesforce/utils.d.ts +2 -0
- package/lib/salesforce/utils.js +11 -0
- package/lib/salesforce/utils.js.map +1 -0
- package/messages/auditShapeValidation.md +11 -0
- package/messages/org.audit.run.md +4 -4
- package/messages/rules.enforceClassificationPresets.md +12 -0
- package/messages/rules.users.md +4 -0
- package/oclif.manifest.json +1 -1
- package/package.json +2 -1
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
export function chunkArray(ids, chunkSize) {
|
|
2
|
+
const chunks = [];
|
|
3
|
+
for (let i = 0; i < ids.length; i += chunkSize) {
|
|
4
|
+
chunks.push(ids.slice(i, i + chunkSize));
|
|
5
|
+
}
|
|
6
|
+
return chunks;
|
|
7
|
+
}
|
|
8
|
+
export function joinToSoqlIN(ids) {
|
|
9
|
+
return ids.map((id) => `'${id}'`).join(',');
|
|
10
|
+
}
|
|
11
|
+
//# sourceMappingURL=utils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/salesforce/utils.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,UAAU,CAAC,GAAa,EAAE,SAAiB;IACzD,MAAM,MAAM,GAAG,EAAE,CAAC;IAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,SAAS,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAa;IACxC,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC9C,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# RoleNotInDefinition
|
|
2
|
+
|
|
3
|
+
%s is not a valid role for audit config.
|
|
4
|
+
|
|
5
|
+
# FailedToParseAuditConfig
|
|
6
|
+
|
|
7
|
+
Failed to parse audit config at location %s: %s (%s).
|
|
8
|
+
|
|
9
|
+
# NoAuditConfigFound
|
|
10
|
+
|
|
11
|
+
Directory is empty or no valid audit config was found. A valid audit config must contain at least one policy.
|
|
@@ -52,10 +52,6 @@ Audit config has %s accepted risks documented. %s violations were muted.
|
|
|
52
52
|
|
|
53
53
|
Full report was written to: %s.
|
|
54
54
|
|
|
55
|
-
# NoAuditConfigFound
|
|
56
|
-
|
|
57
|
-
The target directory %s is empty or no valid audit config was found. A valid audit config must contain at least one policy.
|
|
58
|
-
|
|
59
55
|
# UserPermClassificationRequiredForProfiles
|
|
60
56
|
|
|
61
57
|
The "Profiles" policy requires at least userPermissions to be initialised, but none were found at the target directory.
|
|
@@ -76,6 +72,10 @@ Failed to parse %s: %s.
|
|
|
76
72
|
|
|
77
73
|
Verify that your config matches the expected schema.
|
|
78
74
|
|
|
75
|
+
# error.FailedToValidateAuditConfig
|
|
76
|
+
|
|
77
|
+
Failed to validate audit config at location %s: Error "%s" at %s.
|
|
78
|
+
|
|
79
79
|
# info.RemovedViolationRows
|
|
80
80
|
|
|
81
81
|
%s out of %s violations shown. See report for full results or use --verbose flag.
|
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
# DuplicateRoleAfterNormalization
|
|
2
|
+
|
|
3
|
+
Duplicate role identifier after normalization found: %s was already defined, %s will be ignored.
|
|
4
|
+
|
|
5
|
+
# TriedToAccessRoleThatDoesNotExist
|
|
6
|
+
|
|
7
|
+
Tried to access a role that does not exist: %s.
|
|
8
|
+
|
|
1
9
|
# violations.classification-preset-mismatch
|
|
2
10
|
|
|
3
11
|
Permission is classified as "%s" and not allowed in role "%s".
|
|
@@ -21,3 +29,7 @@ Profile assigns the permission, but it was not found in classification. Refresh
|
|
|
21
29
|
# warnings.permission-not-classified-in-permission-set
|
|
22
30
|
|
|
23
31
|
PermissionSet assigns the permission, but it was not found in classification. Refresh or add manually.
|
|
32
|
+
|
|
33
|
+
# error.failed-to-resolve-role
|
|
34
|
+
|
|
35
|
+
The assigned role "%s" was not valid for this audit. Check your role definitions.
|
package/messages/rules.users.md
CHANGED
|
@@ -14,6 +14,10 @@ User was created %s (%s days ago), but never logged in.
|
|
|
14
14
|
|
|
15
15
|
%s is used, but classified as UNKNOWN. Cannot audit user role.
|
|
16
16
|
|
|
17
|
+
# violations.invalid-entity-role
|
|
18
|
+
|
|
19
|
+
%s is classified with invalid role "%s". Cannot audit user role.
|
|
20
|
+
|
|
17
21
|
# violations.entity-not-classified-but-used
|
|
18
22
|
|
|
19
23
|
%s is used, but not classified in %ss policy.
|
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j-schreiber/sf-cli-security-audit",
|
|
3
3
|
"description": "Salesforce CLI plugin to automate highly configurable security audits",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.19.0",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
7
7
|
"url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"
|
|
@@ -92,6 +92,7 @@
|
|
|
92
92
|
"test:nuts": "nyc mocha \"**/*.nut.ts\" --slow 4500 --timeout 600000 --parallel",
|
|
93
93
|
"test:api:nuts": "nyc mocha \"**/salesforce-apis.nut.ts\" --slow 4500 --timeout 600000 --parallel",
|
|
94
94
|
"debug:nuts": "yarn build && nyc mocha \"**/*.nut.ts\" --slow 4500 --timeout 600000 --inspect-brk",
|
|
95
|
+
"debug:audit-run:nuts": "yarn build && nyc mocha \"**/org.audit.nut.ts\" --slow 4500 --timeout 600000 --inspect-brk",
|
|
95
96
|
"debug:api:nuts": "yarn build && nyc mocha \"**/salesforce-apis.nut.ts\" --slow 4500 --timeout 600000 --inspect-brk",
|
|
96
97
|
"test:only": "wireit",
|
|
97
98
|
"readme": "wireit",
|