@j-schreiber/sf-cli-security-audit 0.19.3 → 0.20.0

package/lib/libs/conf-init/auditConfig.js

@@ -1,5 +1,5 @@
-import { RuleRegistry, PolicyDefinitions, } from '../audit-engine/index.js';
-import { ClassificationInitDefinitions } from './defaultClassifications.js';
+import { RuleRegistry, PolicyDefinitions } from '../audit-engine/index.js';
+import { InventoryInitialisers, ShapeInitialisers } from './defaultClassifications.js';
 import { DefaultPolicyDefinitions } from './defaultPolicies.js';
 /**
  * Exposes key functionality to load an audit config as static methods. This makes
@@ -13,20 +13,25 @@ export default class AuditConfig {
      * @param con
      */
     static async init(targetCon, opts) {
-        const conf = { classifications: {}, policies: {}, acceptedRisks: {}, definitions: {} };
-        for (const [className, classInitDef] of Object.entries(ClassificationInitDefinitions)) {
-            // eslint-disable-next-line no-await-in-loop
-            const defaultClassification = await classInitDef.initialiser(targetCon, opts?.preset);
-            if (defaultClassification) {
-                conf.classifications[className] = defaultClassification;
-            }
-        }
+        const conf = { shape: {}, inventory: {}, policies: {}, acceptedRisks: {}, controls: {} };
+        conf.shape = await this.initSubtype(ShapeInitialisers, targetCon, opts);
+        conf.inventory = await this.initSubtype(InventoryInitialisers, targetCon, opts);
         for (const policyName of Object.keys(PolicyDefinitions)) {
             const policy = initPolicyConfig(policyName);
             conf.policies[policyName] = policy;
         }
         return conf;
     }
+    static async initSubtype(initialisable, targetCon, opts) {
+        const initPromises = Object.entries(initialisable).map(([, init]) => init(targetCon, opts?.preset));
+        const inits = await Promise.all(initPromises);
+        const result = {};
+        const keys = Object.keys(initialisable);
+        for (const initEntry of keys) {
+            result[initEntry] = inits.at(keys.indexOf(initEntry));
+        }
+        return result;
+    }
 }
 export function initPolicyConfig(policyName) {
     const def = PolicyDefinitions[policyName];

package/lib/libs/conf-init/auditConfig.js.map

@@ -1 +1 @@
-{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAGA,OAAO,EAGL,YAAY,EAGZ,iBAAiB,GAClB,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,6BAA6B,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAYhE;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,IAAI,GAAmB,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;QACvG,KAAK,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,6BAA6B,CAAC,EAAE,CAAC;YACtF,4CAA4C;YAC5C,MAAM,qBAAqB,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YACtF,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,IAAI,CAAC,eAAe,CAAC,SAA4B,CAAC,GAAG,qBAA4B,CAAC;YACpF,CAAC;QACH,CAAC;QACD,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACxD,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAsB,CAAC,CAAC;YACxD,IAAI,CAAC,QAAQ,CAAC,UAAsB,CAAC,GAAG,MAAa,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,MAAM,UAAU,gBAAgB,CAAqB,UAAa;IAChE,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAiB,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAC3D,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,eAAe,EAAE,EAAE,CAAC;QACnD,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG;YACzB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IACD,IAAI,wBAAwB,CAAC,UAAU,CAAC,EAAE,CAAC;QACzC,OAAO,EAAE,GAAG,OAAO,EAAE,GAAG,wBAAwB,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;IACnE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}
+{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAGA,OAAO,EAAkB,YAAY,EAA0B,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAEnH,OAAO,EAAe,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACpG,OAAO,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAYhE;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,IAAI,GAAmB,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACzG,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,iBAAiB,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QACxE,IAAI,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QAChF,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACxD,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAsB,CAAC,CAAC;YACxD,IAAI,CAAC,QAAQ,CAAC,UAAsB,CAAC,GAAG,MAAa,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,WAAW,CAC9B,aAA0C,EAC1C,SAAqB,EACrB,IAAuB;QAEvB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QACpG,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC9C,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACxC,KAAK,MAAM,SAAS,IAAI,IAAI,EAAE,CAAC;YAC7B,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,MAAM,UAAU,gBAAgB,CAAqB,UAAa;IAChE,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAiB,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAC3D,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,eAAe,EAAE,EAAE,CAAC;QACnD,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG;YACzB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IACD,IAAI,wBAAwB,CAAC,UAAU,CAAC,EAAE,CAAC;QACzC,OAAO,EAAE,GAAG,OAAO,EAAE,GAAG,wBAAwB,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;IACnE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/lib/libs/conf-init/defaultClassifications.d.ts

@@ -1,8 +1,6 @@
 import { Connection } from '@salesforce/core';
-import { Classifications } from '../audit-engine/index.js';
+import { Inventories, Shapes } from '../audit-engine/registry/definitions.js';
 import { AuditInitPresets } from './init.types.js';
-type ClassificationDefinition = {
-    initialiser: (con: Connection, preset?: AuditInitPresets) => unknown;
-};
-export declare const ClassificationInitDefinitions: Record<Classifications, ClassificationDefinition>;
-export {};
+export type Initialiser = (con: Connection, preset?: AuditInitPresets) => Promise<unknown>;
+export declare const ShapeInitialisers: Record<Shapes, Initialiser>;
+export declare const InventoryInitialisers: Record<Inventories, Initialiser>;

package/lib/libs/conf-init/defaultClassifications.js

@@ -1,22 +1,14 @@
 import { PermissionRiskLevel, UserPrivilegeLevel } from '../audit-engine/index.js';
 import { OrgDescribe, PermissionSets, Profiles, Users } from '../../salesforce/index.js';
 import { loadPreset } from './presets.js';
-export const ClassificationInitDefinitions = {
-    userPermissions: {
-        initialiser: initUserPermissions,
-    },
-    customPermissions: {
-        initialiser: initCustomPermissions,
-    },
-    profiles: {
-        initialiser: initProfiles,
-    },
-    permissionSets: {
-        initialiser: initPermissionSets,
-    },
-    users: {
-        initialiser: initUsers,
-    },
+export const ShapeInitialisers = {
+    userPermissions: initUserPermissions,
+    customPermissions: initCustomPermissions,
+};
+export const InventoryInitialisers = {
+    profiles: initProfiles,
+    permissionSets: initPermissionSets,
+    users: initUsers,
 };
 async function initUserPermissions(con, preset) {
     const orgManager = await OrgDescribe.create(con);
@@ -24,8 +16,8 @@ async function initUserPermissions(con, preset) {
     const presConfig = loadPreset(preset);
     const perms = presConfig.classifyUserPermissions(userPerms);
     perms.sort(classificationSorter);
-    const result = { permissions: {} };
-    perms.forEach((perm) => (result.permissions[perm.name] = {
+    const result = {};
+    perms.forEach((perm) => (result[perm.name] = {
         label: perm.label,
         classification: perm.classification,
         reason: perm.reason,
@@ -33,7 +25,7 @@ async function initUserPermissions(con, preset) {
     return result;
 }
 async function initCustomPermissions(con) {
-    const result = { permissions: {} };
+    const result = {};
     const orgManager = await OrgDescribe.create(con);
     const customPerms = orgManager.getCustomPermissions();
     if (customPerms.length === 0) {
@@ -43,7 +35,7 @@ async function initCustomPermissions(con) {
         ...cp,
         classification: PermissionRiskLevel.UNKNOWN,
     }));
-    perms.forEach((perm) => (result.permissions[perm.name] = {
+    perms.forEach((perm) => (result[perm.name] = {
         label: perm.label,
         classification: perm.classification,
     }));
@@ -52,29 +44,27 @@ async function initCustomPermissions(con) {
 async function initProfiles(targetOrgCon) {
     const profilesRepo = new Profiles(targetOrgCon);
     const profiles = await profilesRepo.resolve();
-    const content = { profiles: {} };
+    const content = {};
     for (const profileName of profiles.keys()) {
-        content.profiles[profileName] = { role: UserPrivilegeLevel.UNKNOWN };
+        content[profileName] = { role: UserPrivilegeLevel.UNKNOWN };
     }
     return content;
 }
 async function initPermissionSets(targetOrgCon) {
     const permsetsRepo = new PermissionSets(targetOrgCon);
     const permsets = await permsetsRepo.resolve({ isCustomOnly: true });
-    const content = { permissionSets: {} };
+    const content = {};
     for (const permsetName of permsets.keys()) {
-        content.permissionSets[permsetName] = { role: UserPrivilegeLevel.UNKNOWN };
+        content[permsetName] = { role: UserPrivilegeLevel.UNKNOWN };
     }
     return content;
 }
 async function initUsers(targetOrgCon) {
     const usersRepo = new Users(targetOrgCon);
     const users = await usersRepo.resolve();
-    const content = {
-        users: {},
-    };
+    const content = {};
     for (const username of users.keys())
-        content.users[username] = { role: UserPrivilegeLevel.STANDARD_USER };
+        content[username] = { role: UserPrivilegeLevel.STANDARD_USER };
     return content;
 }
 function resolveRiskLevelOrdinalValue(value) {

package/lib/libs/conf-init/defaultClassifications.js.map

@@ -1 +1 @@
-{"version":3,"file":"defaultClassifications.js","sourceRoot":"","sources":["../../../src/libs/conf-init/defaultClassifications.ts"],"names":[],"mappings":"AACA,OAAO,EAAmB,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AACpG,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,2BAA2B,CAAC;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAc1C,MAAM,CAAC,MAAM,6BAA6B,GAAsD;IAC9F,eAAe,EAAE;QACf,WAAW,EAAE,mBAAmB;KACjC;IACD,iBAAiB,EAAE;QACjB,WAAW,EAAE,qBAAqB;KACnC;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,YAAY;KAC1B;IACD,cAAc,EAAE;QACd,WAAW,EAAE,kBAAkB;KAChC;IACD,KAAK,EAAE;QACL,WAAW,EAAE,SAAS;KACvB;CACF,CAAC;AAEF,KAAK,UAAU,mBAAmB,CAAC,GAAe,EAAE,MAAyB;IAC3E,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,UAAU,CAAC,kBAAkB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC;IAC5D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAA8B,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAC9D,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,GAAe;IAClD,MAAM,MAAM,GAA8B,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAC9D,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,UAAU,CAAC,oBAAoB,EAAE,CAAC;IACtD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACrC,GAAG,EAAE;QACL,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,YAAwB;IAClD,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;IAC9C,MAAM,OAAO,GAA2B,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACzD,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACvE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IACxD,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACpE,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;IAC/D,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IAC7E,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,YAAwB;IAC/C,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,OAAO,GAAwB;QACnC,KAAK,EAAE,EAAE;KACV,CAAC;IACF,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE;QAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAC1G,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,oBAAoB,GAAG,CAAC,CAAgC,EAAE,CAAgC,EAAU,EAAE,CAC1G,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC"}
+{"version":3,"file":"defaultClassifications.js","sourceRoot":"","sources":["../../../src/libs/conf-init/defaultClassifications.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,2BAA2B,CAAC;AAEzF,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAY1C,MAAM,CAAC,MAAM,iBAAiB,GAAgC;IAC5D,eAAe,EAAE,mBAAmB;IACpC,iBAAiB,EAAE,qBAAqB;CACzC,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAqC;IACrE,QAAQ,EAAE,YAAY;IACtB,cAAc,EAAE,kBAAkB;IAClC,KAAK,EAAE,SAAS;CACjB,CAAC;AAEF,KAAK,UAAU,mBAAmB,CAAC,GAAe,EAAE,MAAyB;IAC3E,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,UAAU,CAAC,kBAAkB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC;IAC5D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAA8B,EAAE,CAAC;IAC7C,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QACnB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,GAAe;IAClD,MAAM,MAAM,GAA8B,EAAE,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,UAAU,CAAC,oBAAoB,EAAE,CAAC;IACtD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACrC,GAAG,EAAE;QACL,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QACnB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,YAAwB;IAClD,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;IAC9C,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IAC9D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IACxD,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACpE,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IAC9D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,YAAwB;IAC/C,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE;QAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IACpG,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,oBAAoB,GAAG,CAAC,CAAgC,EAAE,CAAgC,EAAU,EAAE,CAC1G,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC"}

package/lib/libs/conf-init/init.types.d.ts

@@ -1,14 +1,15 @@
 import z from 'zod';
 import { AuditConfigShape } from '../audit-engine/index.js';
-type AuditClassifications = (typeof AuditConfigShape)['classifications']['files'];
-export type PermissionClassifications = z.infer<AuditClassifications['userPermissions']['schema']>;
-export type NamedPermissionClassification = PermissionClassifications['permissions']['string'] & {
+type Shapes = (typeof AuditConfigShape)['shape']['files'];
+type Inventories = (typeof AuditConfigShape)['inventory']['files'];
+export type PermissionClassifications = z.infer<Shapes['userPermissions']['schema']>;
+export type NamedPermissionClassification = PermissionClassifications['string'] & {
     name: string;
 };
 export type UnclassifiedPerm = Omit<NamedPermissionClassification, 'classification'>;
-export type ProfileClassifications = z.infer<AuditClassifications['profiles']['schema']>;
-export type PermsetClassifications = z.infer<AuditClassifications['permissionSets']['schema']>;
-export type UserClassifications = z.infer<AuditClassifications['users']['schema']>;
+export type ProfileClassifications = z.infer<Inventories['profiles']['schema']>;
+export type PermsetClassifications = z.infer<Inventories['permissionSets']['schema']>;
+export type UserClassifications = z.infer<Inventories['users']['schema']>;
 export declare enum AuditInitPresets {
     strict = "strict",
     loose = "loose",

package/lib/libs/conf-init/init.types.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.types.js","sourceRoot":"","sources":["../../../src/libs/conf-init/init.types.ts"],"names":[],"mappings":"AAYA,MAAM,CAAN,IAAY,gBAIX;AAJD,WAAY,gBAAgB;IAC1B,qCAAiB,CAAA;IACjB,mCAAe,CAAA;IACf,iCAAa,CAAA;AACf,CAAC,EAJW,gBAAgB,KAAhB,gBAAgB,QAI3B"}
+{"version":3,"file":"init.types.js","sourceRoot":"","sources":["../../../src/libs/conf-init/init.types.ts"],"names":[],"mappings":"AAaA,MAAM,CAAN,IAAY,gBAIX;AAJD,WAAY,gBAAgB;IAC1B,qCAAiB,CAAA;IACjB,mCAAe,CAAA;IACf,iCAAa,CAAA;AACf,CAAC,EAJW,gBAAgB,KAAhB,gBAAgB,QAI3B"}

package/messages/auditShapeValidation.md

@@ -2,6 +2,10 @@
 
 %s is not a valid role for audit config.
 
+# PermissionDoesNotExistOnOrg
+
+Permission does not exist on Org.
+
 # FailedToParseAuditConfig
 
 Failed to parse audit config at location %s: %s (%s).

package/messages/org.audit.run.md

@@ -64,6 +64,10 @@ The "Permission Sets" policy requires at least userPermissions to be initialised
 
 The "Profiles" policy requires a corresponding classification to be initialised.
 
+# error.DirectoryDoesNotExistOrIsEmpty
+
+%s does not exist or the directory is empty.
+
 # error.InvalidConfigFileSchema
 
 Failed to parse %s: %s.

package/messages/rules.enforceClassificationPresets.md

@@ -6,6 +6,10 @@ Duplicate role identifier after normalization found: %s was already defined, %s
 
 Tried to access a role that does not exist: %s.
 
+# RoleReferencesPermissionThatDoesNotExist
+
+Role %s references permission control %s that does not exist.
+
 # violations.classification-preset-mismatch
 
 Permission is classified as "%s" and not allowed in role "%s".
@@ -22,14 +26,6 @@ Permission classified as UNKNOWN. Update classification to LOW or higher to reso
 
 Permission is assigned, but was not found in classification. Refresh or add manually.
 
-# warnings.permission-not-classified-in-profile
-
-Profile assigns the permission, but it was not found in classification. Refresh or add manually.
-
-# warnings.permission-not-classified-in-permission-set
-
-PermissionSet assigns the permission, but it was not found in classification. Refresh or add manually.
-
 # error.failed-to-resolve-role
 
 The assigned role "%s" was not valid for this audit. Check your role definitions.

package/oclif.manifest.json

@@ -278,5 +278,5 @@
       ]
     }
   },
-  "version": "0.19.3"
+  "version": "0.20.0"
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@j-schreiber/sf-cli-security-audit",
   "description": "Salesforce CLI plugin to automate highly configurable security audits",
-  "version": "0.19.3",
+  "version": "0.20.0",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"

package/lib/libs/audit-engine/registry/helpers/permissionsScanning.d.ts

@@ -1,37 +0,0 @@
-import { Profile } from '@jsforce/jsforce-node/lib/api/metadata.js';
-import { PolicyRuleViolation, RuleComponentMessage } from '../result.types.js';
-import { AuditRunConfig } from '../definitions.js';
-import { PermissionClassifications } from '../shape/schema.js';
-export type ResolvedProfileLike = {
-    name: string;
-    role: string;
-    metadata: PartialProfileLike;
-};
-export type ScanResult = {
-    violations: PolicyRuleViolation[];
-    warnings: RuleComponentMessage[];
-};
-export type PartialProfileLike = Pick<Profile, 'userPermissions' | 'customPermissions'>;
-type PermissionsListKey = keyof PartialProfileLike;
-/**
- * Moves the "name" from the classifications map to object prop
- */
-type NamedPermissionClassification = PermissionClassifications['string'] & {
-    name: string;
-};
-/**
- * Scan userPermissions and customPermissions of a profile or permission set and
- * get a unified scan result with violations (risk level not allowed) and warnings
- * (risk level not classified)
- *
- * @param profileLike
- * @param auditRun
- * @param rootIdentifier Optional root identifier for messages to prepend.
- * @returns
- */
-export declare function scanProfileLike(profileLike: ResolvedProfileLike, auditRun: AuditRunConfig, rootIdentifier?: string[]): ScanResult;
-export declare function scanPermissions(profile: ResolvedProfileLike, permissionListName: PermissionsListKey, auditRun: AuditRunConfig, rootIdentifier?: string[]): ScanResult;
-export declare function resolvePresetOrdinalValue(value: string): number;
-export declare function permissionAllowedInPreset(permClassification: string, preset: string): boolean;
-export declare const classificationSorter: (a: NamedPermissionClassification, b: NamedPermissionClassification) => number;
-export {};

package/lib/libs/audit-engine/registry/helpers/permissionsScanning.js

@@ -1,81 +0,0 @@
-import { Messages } from '@salesforce/core';
-import { PermissionRiskLevel, UserPrivilegeLevel } from '../shape/schema.js';
-Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
-const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
-/**
- * Scan userPermissions and customPermissions of a profile or permission set and
- * get a unified scan result with violations (risk level not allowed) and warnings
- * (risk level not classified)
- *
- * @param profileLike
- * @param auditRun
- * @param rootIdentifier Optional root identifier for messages to prepend.
- * @returns
- */
-export function scanProfileLike(profileLike, auditRun, rootIdentifier) {
-    if (!profileLike.metadata) {
-        return { violations: [], warnings: [] };
-    }
-    const userPermsResult = scanPermissions(profileLike, 'userPermissions', auditRun, rootIdentifier);
-    const customPermsResult = scanPermissions(profileLike, 'customPermissions', auditRun, rootIdentifier);
-    userPermsResult.violations.push(...customPermsResult.violations);
-    userPermsResult.warnings.push(...customPermsResult.warnings);
-    return userPermsResult;
-}
-export function scanPermissions(profile, permissionListName, auditRun, rootIdentifier) {
-    const result = { warnings: [], violations: [] };
-    for (const perm of profile.metadata[permissionListName]) {
-        const identifier = rootIdentifier ? [...rootIdentifier, profile.name, perm.name] : [profile.name, perm.name];
-        const permClassification = resolvePerm(perm.name, auditRun, permissionListName);
-        if (permClassification) {
-            if (permClassification.classification === PermissionRiskLevel.BLOCKED) {
-                result.violations.push({
-                    identifier,
-                    message: messages.getMessage('violations.permission-is-blocked'),
-                });
-            }
-            else if (!permissionAllowedInPreset(permClassification.classification, profile.role)) {
-                result.violations.push({
-                    identifier,
-                    message: messages.getMessage('violations.classification-preset-mismatch', [
-                        permClassification.classification,
-                        profile.role,
-                    ]),
-                });
-            }
-            else if (permClassification.classification === PermissionRiskLevel.UNKNOWN) {
-                result.warnings.push({
-                    identifier,
-                    message: messages.getMessage('warnings.permission-unknown'),
-                });
-            }
-        }
-        else {
-            result.warnings.push({
-                identifier,
-                message: messages.getMessage('warnings.permission-not-classified'),
-            });
-        }
-    }
-    return result;
-}
-export function resolvePresetOrdinalValue(value) {
-    return Object.keys(UserPrivilegeLevel).indexOf(value.toUpperCase().replace(' ', '_'));
-}
-export function permissionAllowedInPreset(permClassification, preset) {
-    // this works, as long as we are mindful when adding new risk levels and presets
-    const invertedPermValue = Object.keys(PermissionRiskLevel).length - resolveRiskLevelOrdinalValue(permClassification);
-    const invertedPresetValue = Object.keys(UserPrivilegeLevel).length - resolvePresetOrdinalValue(preset);
-    return invertedPresetValue >= invertedPermValue;
-}
-function resolveRiskLevelOrdinalValue(value) {
-    return Object.keys(PermissionRiskLevel).indexOf(value.toUpperCase());
-}
-export const classificationSorter = (a, b) => resolveRiskLevelOrdinalValue(a.classification) - resolveRiskLevelOrdinalValue(b.classification);
-function resolvePerm(permName, auditRun, type) {
-    return nameClassification(permName, auditRun.classifications[type]?.permissions[permName]);
-}
-function nameClassification(permName, perm) {
-    return perm ? { name: permName, ...perm } : undefined;
-}
-//# sourceMappingURL=permissionsScanning.js.map

package/lib/libs/audit-engine/registry/helpers/permissionsScanning.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"permissionsScanning.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/helpers/permissionsScanning.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAA6B,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAsBnH;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAgC,EAChC,QAAwB,EACxB,cAAyB;IAEzB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC1B,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,eAAe,GAAG,eAAe,CAAC,WAAW,EAAE,iBAAiB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IAClG,MAAM,iBAAiB,GAAG,eAAe,CAAC,WAAW,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IACtG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACjE,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,OAA4B,EAC5B,kBAAsC,EACtC,QAAwB,EACxB,cAAyB;IAEzB,MAAM,MAAM,GAAe,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5D,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,cAAc,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7G,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QAChF,IAAI,kBAAkB,EAAE,CAAC;YACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;iBACjE,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;wBACxE,kBAAkB,CAAC,cAAc;wBACjC,OAAO,CAAC,IAAI;qBACb,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACnB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACnB,UAAU;gBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;aACnE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAa;IACrD,OAAO,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AACxF,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,kBAA0B,EAAE,MAAc;IAClF,gFAAgF;IAChF,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,MAAM,GAAG,4BAA4B,CAAC,kBAAkB,CAAC,CAAC;IACrH,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACvG,OAAO,mBAAmB,IAAI,iBAAiB,CAAC;AAClD,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAgC,EAAE,CAAgC,EAAU,EAAE,CACjH,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;AAElG,SAAS,WAAW,CAClB,QAAgB,EAChB,QAAwB,EACxB,IAAwB;IAExB,OAAO,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAA0C;IAE1C,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC"}