@j-schreiber/sf-cli-security-audit 0.19.3 → 0.20.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/lib/commands/org/audit/init.d.ts +1 -1
- package/lib/commands/org/audit/init.js +8 -8
- package/lib/commands/org/audit/init.js.map +1 -1
- package/lib/commands/org/audit/run.js +4 -1
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/libs/audit-engine/auditRun.d.ts +7 -4
- package/lib/libs/audit-engine/auditRun.js +27 -9
- package/lib/libs/audit-engine/auditRun.js.map +1 -1
- package/lib/libs/audit-engine/file-manager/fileManager.d.ts +5 -6
- package/lib/libs/audit-engine/file-manager/fileManager.js +34 -15
- package/lib/libs/audit-engine/file-manager/fileManager.js.map +1 -1
- package/lib/libs/audit-engine/file-manager/fileManager.types.d.ts +1 -0
- package/lib/libs/audit-engine/index.d.ts +72 -43
- package/lib/libs/audit-engine/registry/context.types.d.ts +8 -2
- package/lib/libs/audit-engine/registry/definitions.d.ts +73 -44
- package/lib/libs/audit-engine/registry/policies/permissionSets.js +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js.map +1 -1
- package/lib/libs/audit-engine/registry/policy.js +2 -2
- package/lib/libs/audit-engine/registry/policy.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.d.ts +3 -19
- package/lib/libs/audit-engine/registry/roles/roleManager.js +17 -29
- package/lib/libs/audit-engine/registry/roles/roleManager.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.types.d.ts +21 -3
- package/lib/libs/audit-engine/registry/roles/userRole.d.ts +7 -6
- package/lib/libs/audit-engine/registry/roles/userRole.js +78 -31
- package/lib/libs/audit-engine/registry/roles/userRole.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionPresets.js +5 -4
- package/lib/libs/audit-engine/registry/rules/enforcePermissionPresets.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js +3 -3
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js +4 -4
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.d.ts +71 -42
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.js +26 -30
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/schema.d.ts +77 -43
- package/lib/libs/audit-engine/registry/shape/schema.js +22 -20
- package/lib/libs/audit-engine/registry/shape/schema.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/shapeValidation.d.ts +3 -0
- package/lib/libs/audit-engine/registry/shape/shapeValidation.js +36 -7
- package/lib/libs/audit-engine/registry/shape/shapeValidation.js.map +1 -1
- package/lib/libs/conf-init/auditConfig.d.ts +1 -0
- package/lib/libs/conf-init/auditConfig.js +18 -10
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/libs/conf-init/defaultClassifications.d.ts +5 -7
- package/lib/libs/conf-init/defaultClassifications.js +18 -28
- package/lib/libs/conf-init/defaultClassifications.js.map +1 -1
- package/lib/libs/conf-init/init.types.d.ts +7 -6
- package/lib/libs/conf-init/init.types.js.map +1 -1
- package/lib/libs/quick-scan/userPermissionScanner.js +12 -9
- package/lib/libs/quick-scan/userPermissionScanner.js.map +1 -1
- package/lib/salesforce/connection.d.ts +52 -0
- package/lib/salesforce/connection.js +130 -0
- package/lib/salesforce/connection.js.map +1 -0
- package/lib/salesforce/describes/orgDescribe.d.ts +13 -2
- package/lib/salesforce/describes/orgDescribe.js +16 -0
- package/lib/salesforce/describes/orgDescribe.js.map +1 -1
- package/lib/salesforce/index.d.ts +1 -0
- package/lib/salesforce/index.js +1 -0
- package/lib/salesforce/index.js.map +1 -1
- package/lib/salesforce/mdapi/genericSettingsMetadata.d.ts +2 -2
- package/lib/salesforce/mdapi/genericSettingsMetadata.js.map +1 -1
- package/lib/salesforce/mdapi/mdapi.d.ts +4 -4
- package/lib/salesforce/mdapi/mdapi.js +8 -8
- package/lib/salesforce/mdapi/mdapi.js.map +1 -1
- package/lib/salesforce/mdapi/metadataRegistryEntry.d.ts +3 -3
- package/lib/salesforce/mdapi/metadataRegistryEntry.js +1 -9
- package/lib/salesforce/mdapi/metadataRegistryEntry.js.map +1 -1
- package/lib/salesforce/mdapi/namedMetadataToolingQueryable.d.ts +2 -2
- package/lib/salesforce/mdapi/namedMetadataToolingQueryable.js +1 -1
- package/lib/salesforce/mdapi/namedMetadataToolingQueryable.js.map +1 -1
- package/lib/salesforce/mdapi/namedMetadataType.d.ts +2 -2
- package/lib/salesforce/mdapi/namedMetadataType.js.map +1 -1
- package/lib/salesforce/mdapi/singletonMetadataType.d.ts +2 -2
- package/lib/salesforce/mdapi/singletonMetadataType.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/connected-apps.d.ts +2 -2
- package/lib/salesforce/repositories/connected-apps/connected-apps.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.d.ts +2 -2
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js +3 -7
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js.map +1 -1
- package/lib/salesforce/repositories/perm-sets/permission-sets.d.ts +2 -2
- package/lib/salesforce/repositories/perm-sets/permission-sets.js.map +1 -1
- package/lib/salesforce/repositories/profiles/profiles.d.ts +2 -2
- package/lib/salesforce/repositories/profiles/profiles.js.map +1 -1
- package/lib/salesforce/repositories/users/users.d.ts +3 -3
- package/lib/salesforce/repositories/users/users.js +6 -6
- package/lib/salesforce/repositories/users/users.js.map +1 -1
- package/messages/auditShapeValidation.md +4 -0
- package/messages/org.audit.run.md +4 -0
- package/messages/rules.enforceClassificationPresets.md +4 -8
- package/messages/salesforceConnectionErrors.md +11 -0
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
- package/lib/libs/audit-engine/registry/helpers/permissionsScanning.d.ts +0 -37
- package/lib/libs/audit-engine/registry/helpers/permissionsScanning.js +0 -81
- package/lib/libs/audit-engine/registry/helpers/permissionsScanning.js.map +0 -1
|
@@ -5,7 +5,7 @@ export { default as AuditRun } from './auditRun.js';
|
|
|
5
5
|
export { AuditConfigShape } from './registry/definitions.js';
|
|
6
6
|
export { PermissionRiskLevel, UserPrivilegeLevel } from './registry/shape/schema.js';
|
|
7
7
|
export { default as RuleRegistry } from './registry/ruleRegistry.js';
|
|
8
|
-
export type { AuditRunConfig, Policies,
|
|
8
|
+
export type { AuditRunConfig, Policies, Shapes, Inventories } from './registry/definitions.js';
|
|
9
9
|
export type { PolicyConfig } from './registry/shape/schema.js';
|
|
10
10
|
export type { EntityResolveEvent } from './auditRun.js';
|
|
11
11
|
export type { AuditResult } from './registry/result.types.js';
|
|
@@ -21,66 +21,85 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
21
21
|
};
|
|
22
22
|
};
|
|
23
23
|
};
|
|
24
|
-
|
|
24
|
+
controls: {
|
|
25
25
|
files: {
|
|
26
26
|
roles: {
|
|
27
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
28
|
+
permissions: import("zod").ZodOptional<import("zod").ZodXor<readonly [import("zod").ZodArray<import("zod").ZodString>, import("zod").ZodObject<{
|
|
29
|
+
allowedClassifications: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodEnum<typeof import("./registry/shape/schema.js").PermissionRiskLevel>>>;
|
|
30
|
+
userPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
31
|
+
allowed: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
32
|
+
denied: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
33
|
+
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
34
|
+
}, import("zod/v4/core").$strip>>;
|
|
35
|
+
customPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
36
|
+
allowed: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
37
|
+
denied: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
38
|
+
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
39
|
+
}, import("zod/v4/core").$strip>>;
|
|
40
|
+
}, import("zod/v4/core").$strip>]>>;
|
|
41
|
+
}, import("zod/v4/core").$strict>>;
|
|
42
|
+
};
|
|
43
|
+
permissions: {
|
|
27
44
|
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
28
45
|
allowedClassifications: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodEnum<typeof import("./registry/shape/schema.js").PermissionRiskLevel>>>;
|
|
29
|
-
|
|
30
|
-
|
|
46
|
+
userPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
47
|
+
allowed: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
48
|
+
denied: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
49
|
+
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
50
|
+
}, import("zod/v4/core").$strip>>;
|
|
51
|
+
customPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
52
|
+
allowed: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
53
|
+
denied: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
54
|
+
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
55
|
+
}, import("zod/v4/core").$strip>>;
|
|
31
56
|
}, import("zod/v4/core").$strip>>;
|
|
32
57
|
};
|
|
33
58
|
};
|
|
34
59
|
};
|
|
35
|
-
|
|
60
|
+
shape: {
|
|
36
61
|
files: {
|
|
37
62
|
userPermissions: {
|
|
38
|
-
schema: import("zod").ZodObject<{
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
}, import("zod/v4/core").$strip>;
|
|
45
|
-
entities: string;
|
|
63
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
64
|
+
label: import("zod").ZodOptional<import("zod").ZodString>;
|
|
65
|
+
reason: import("zod").ZodOptional<import("zod").ZodString>;
|
|
66
|
+
classification: import("zod").ZodEnum<typeof import("./registry/shape/schema.js").PermissionRiskLevel>;
|
|
67
|
+
}, import("zod/v4/core").$strip>>;
|
|
68
|
+
isCountable: boolean;
|
|
46
69
|
};
|
|
47
70
|
customPermissions: {
|
|
48
|
-
schema: import("zod").ZodObject<{
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
}, import("zod/v4/core").$strip>;
|
|
55
|
-
entities: string;
|
|
71
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
72
|
+
label: import("zod").ZodOptional<import("zod").ZodString>;
|
|
73
|
+
reason: import("zod").ZodOptional<import("zod").ZodString>;
|
|
74
|
+
classification: import("zod").ZodEnum<typeof import("./registry/shape/schema.js").PermissionRiskLevel>;
|
|
75
|
+
}, import("zod/v4/core").$strip>>;
|
|
76
|
+
isCountable: boolean;
|
|
56
77
|
};
|
|
78
|
+
};
|
|
79
|
+
};
|
|
80
|
+
inventory: {
|
|
81
|
+
files: {
|
|
57
82
|
profiles: {
|
|
58
|
-
schema: import("zod").ZodObject<{
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
}, import("zod/v4/core").$strip>;
|
|
67
|
-
entities: string;
|
|
83
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
84
|
+
role: import("zod").ZodString;
|
|
85
|
+
allowedLoginIps: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodObject<{
|
|
86
|
+
from: import("zod").ZodString;
|
|
87
|
+
to: import("zod").ZodString;
|
|
88
|
+
}, import("zod/v4/core").$strip>>>;
|
|
89
|
+
}, import("zod/v4/core").$strict>>;
|
|
90
|
+
isCountable: boolean;
|
|
68
91
|
};
|
|
69
92
|
permissionSets: {
|
|
70
|
-
schema: import("zod").ZodObject<{
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
}, import("zod/v4/core").$strip>;
|
|
75
|
-
entities: string;
|
|
93
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
94
|
+
role: import("zod").ZodString;
|
|
95
|
+
}, import("zod/v4/core").$strict>>;
|
|
96
|
+
isCountable: boolean;
|
|
76
97
|
};
|
|
77
98
|
users: {
|
|
78
|
-
schema: import("zod").ZodObject<{
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
}, import("zod/v4/core").$strip>;
|
|
83
|
-
entities: string;
|
|
99
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
100
|
+
role: import("zod").ZodString;
|
|
101
|
+
}, import("zod/v4/core").$strip>>;
|
|
102
|
+
isCountable: boolean;
|
|
84
103
|
};
|
|
85
104
|
};
|
|
86
105
|
};
|
|
@@ -99,6 +118,8 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
99
118
|
path: string[];
|
|
100
119
|
errorName: string;
|
|
101
120
|
}[];
|
|
121
|
+
isCountable: boolean;
|
|
122
|
+
entities: string;
|
|
102
123
|
};
|
|
103
124
|
permissionSets: {
|
|
104
125
|
schema: import("zod").ZodObject<{
|
|
@@ -113,6 +134,8 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
113
134
|
path: string[];
|
|
114
135
|
errorName: string;
|
|
115
136
|
}[];
|
|
137
|
+
isCountable: boolean;
|
|
138
|
+
entities: string;
|
|
116
139
|
};
|
|
117
140
|
connectedApps: {
|
|
118
141
|
schema: import("zod").ZodObject<{
|
|
@@ -123,6 +146,8 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
123
146
|
}, import("zod/v4/core").$strip>>>;
|
|
124
147
|
options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
|
|
125
148
|
}, import("zod/v4/core").$strip>;
|
|
149
|
+
isCountable: boolean;
|
|
150
|
+
entities: string;
|
|
126
151
|
};
|
|
127
152
|
users: {
|
|
128
153
|
schema: import("zod").ZodObject<{
|
|
@@ -136,6 +161,8 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
136
161
|
analyseLastNDaysOfLoginHistory: import("zod").ZodOptional<import("zod").ZodNumber>;
|
|
137
162
|
}, import("zod/v4/core").$strict>;
|
|
138
163
|
}, import("zod/v4/core").$strip>;
|
|
164
|
+
isCountable: boolean;
|
|
165
|
+
entities: string;
|
|
139
166
|
};
|
|
140
167
|
settings: {
|
|
141
168
|
schema: import("zod").ZodObject<{
|
|
@@ -146,6 +173,8 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
146
173
|
}, import("zod/v4/core").$strip>>>;
|
|
147
174
|
options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
|
|
148
175
|
}, import("zod/v4/core").$strip>;
|
|
176
|
+
isCountable: boolean;
|
|
177
|
+
entities: string;
|
|
149
178
|
};
|
|
150
179
|
};
|
|
151
180
|
};
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
import { Connection } from '@salesforce/core';
|
|
2
1
|
import { Optional } from '../../../utils.js';
|
|
2
|
+
import { OrgDescribe } from '../../../salesforce/index.js';
|
|
3
3
|
import AcceptedRisks from '../accepted-risks/acceptedRisks.js';
|
|
4
|
+
import SfConnection from '../../../salesforce/connection.js';
|
|
4
5
|
import { AuditPolicyResult, PolicyRuleExecutionResult } from './result.types.js';
|
|
5
6
|
/**
|
|
6
7
|
* A rule must only implement a subset of the rule result. All optional
|
|
@@ -25,7 +26,12 @@ export type AuditContext = {
|
|
|
25
26
|
/**
|
|
26
27
|
* Connection to the target org
|
|
27
28
|
*/
|
|
28
|
-
targetOrgConnection:
|
|
29
|
+
targetOrgConnection: SfConnection;
|
|
30
|
+
/**
|
|
31
|
+
* Global describe of the target org to validate the audit config
|
|
32
|
+
* against this specific org.
|
|
33
|
+
*/
|
|
34
|
+
orgDescribe: OrgDescribe;
|
|
29
35
|
};
|
|
30
36
|
/**
|
|
31
37
|
* Run-time context of execution, that is directly resolved
|
|
@@ -21,8 +21,8 @@ type PolicyDefinitions = {
|
|
|
21
21
|
export type AuditRunConfig = ExtractAuditConfigTypes<typeof AuditConfigShape>;
|
|
22
22
|
export type Policies = keyof AuditRunConfig['policies'];
|
|
23
23
|
export type PolicyShapes = AuditRunConfig['policies'];
|
|
24
|
-
export type
|
|
25
|
-
export type
|
|
24
|
+
export type Shapes = keyof AuditRunConfig['shape'];
|
|
25
|
+
export type Inventories = keyof AuditRunConfig['inventory'];
|
|
26
26
|
/**
|
|
27
27
|
* Central definition of policies (handlers + registered rules).
|
|
28
28
|
* These definitions are used to load policies and derive config
|
|
@@ -46,66 +46,85 @@ export declare const AuditConfigShape: {
|
|
|
46
46
|
};
|
|
47
47
|
};
|
|
48
48
|
};
|
|
49
|
-
|
|
49
|
+
controls: {
|
|
50
50
|
files: {
|
|
51
51
|
roles: {
|
|
52
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
53
|
+
permissions: import("zod").ZodOptional<import("zod").ZodXor<readonly [import("zod").ZodArray<import("zod").ZodString>, import("zod").ZodObject<{
|
|
54
|
+
allowedClassifications: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodEnum<typeof import("./shape/schema.js").PermissionRiskLevel>>>;
|
|
55
|
+
userPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
56
|
+
allowed: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
57
|
+
denied: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
58
|
+
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
59
|
+
}, import("zod/v4/core").$strip>>;
|
|
60
|
+
customPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
61
|
+
allowed: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
62
|
+
denied: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
63
|
+
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
64
|
+
}, import("zod/v4/core").$strip>>;
|
|
65
|
+
}, import("zod/v4/core").$strip>]>>;
|
|
66
|
+
}, import("zod/v4/core").$strict>>;
|
|
67
|
+
};
|
|
68
|
+
permissions: {
|
|
52
69
|
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
53
70
|
allowedClassifications: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodEnum<typeof import("./shape/schema.js").PermissionRiskLevel>>>;
|
|
54
|
-
|
|
55
|
-
|
|
71
|
+
userPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
72
|
+
allowed: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
73
|
+
denied: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
74
|
+
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
75
|
+
}, import("zod/v4/core").$strip>>;
|
|
76
|
+
customPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
77
|
+
allowed: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
78
|
+
denied: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
79
|
+
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
80
|
+
}, import("zod/v4/core").$strip>>;
|
|
56
81
|
}, import("zod/v4/core").$strip>>;
|
|
57
82
|
};
|
|
58
83
|
};
|
|
59
84
|
};
|
|
60
|
-
|
|
85
|
+
shape: {
|
|
61
86
|
files: {
|
|
62
87
|
userPermissions: {
|
|
63
|
-
schema: import("zod").ZodObject<{
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
}, import("zod/v4/core").$strip>;
|
|
70
|
-
entities: string;
|
|
88
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
89
|
+
label: import("zod").ZodOptional<import("zod").ZodString>;
|
|
90
|
+
reason: import("zod").ZodOptional<import("zod").ZodString>;
|
|
91
|
+
classification: import("zod").ZodEnum<typeof import("./shape/schema.js").PermissionRiskLevel>;
|
|
92
|
+
}, import("zod/v4/core").$strip>>;
|
|
93
|
+
isCountable: boolean;
|
|
71
94
|
};
|
|
72
95
|
customPermissions: {
|
|
73
|
-
schema: import("zod").ZodObject<{
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
}, import("zod/v4/core").$strip>;
|
|
80
|
-
entities: string;
|
|
96
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
97
|
+
label: import("zod").ZodOptional<import("zod").ZodString>;
|
|
98
|
+
reason: import("zod").ZodOptional<import("zod").ZodString>;
|
|
99
|
+
classification: import("zod").ZodEnum<typeof import("./shape/schema.js").PermissionRiskLevel>;
|
|
100
|
+
}, import("zod/v4/core").$strip>>;
|
|
101
|
+
isCountable: boolean;
|
|
81
102
|
};
|
|
103
|
+
};
|
|
104
|
+
};
|
|
105
|
+
inventory: {
|
|
106
|
+
files: {
|
|
82
107
|
profiles: {
|
|
83
|
-
schema: import("zod").ZodObject<{
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
}, import("zod/v4/core").$strip>;
|
|
92
|
-
entities: string;
|
|
108
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
109
|
+
role: import("zod").ZodString;
|
|
110
|
+
allowedLoginIps: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodObject<{
|
|
111
|
+
from: import("zod").ZodString;
|
|
112
|
+
to: import("zod").ZodString;
|
|
113
|
+
}, import("zod/v4/core").$strip>>>;
|
|
114
|
+
}, import("zod/v4/core").$strict>>;
|
|
115
|
+
isCountable: boolean;
|
|
93
116
|
};
|
|
94
117
|
permissionSets: {
|
|
95
|
-
schema: import("zod").ZodObject<{
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
}, import("zod/v4/core").$strip>;
|
|
100
|
-
entities: string;
|
|
118
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
119
|
+
role: import("zod").ZodString;
|
|
120
|
+
}, import("zod/v4/core").$strict>>;
|
|
121
|
+
isCountable: boolean;
|
|
101
122
|
};
|
|
102
123
|
users: {
|
|
103
|
-
schema: import("zod").ZodObject<{
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
}, import("zod/v4/core").$strip>;
|
|
108
|
-
entities: string;
|
|
124
|
+
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
125
|
+
role: import("zod").ZodString;
|
|
126
|
+
}, import("zod/v4/core").$strip>>;
|
|
127
|
+
isCountable: boolean;
|
|
109
128
|
};
|
|
110
129
|
};
|
|
111
130
|
};
|
|
@@ -124,6 +143,8 @@ export declare const AuditConfigShape: {
|
|
|
124
143
|
path: string[];
|
|
125
144
|
errorName: string;
|
|
126
145
|
}[];
|
|
146
|
+
isCountable: boolean;
|
|
147
|
+
entities: string;
|
|
127
148
|
};
|
|
128
149
|
permissionSets: {
|
|
129
150
|
schema: import("zod").ZodObject<{
|
|
@@ -138,6 +159,8 @@ export declare const AuditConfigShape: {
|
|
|
138
159
|
path: string[];
|
|
139
160
|
errorName: string;
|
|
140
161
|
}[];
|
|
162
|
+
isCountable: boolean;
|
|
163
|
+
entities: string;
|
|
141
164
|
};
|
|
142
165
|
connectedApps: {
|
|
143
166
|
schema: import("zod").ZodObject<{
|
|
@@ -148,6 +171,8 @@ export declare const AuditConfigShape: {
|
|
|
148
171
|
}, import("zod/v4/core").$strip>>>;
|
|
149
172
|
options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
|
|
150
173
|
}, import("zod/v4/core").$strip>;
|
|
174
|
+
isCountable: boolean;
|
|
175
|
+
entities: string;
|
|
151
176
|
};
|
|
152
177
|
users: {
|
|
153
178
|
schema: import("zod").ZodObject<{
|
|
@@ -161,6 +186,8 @@ export declare const AuditConfigShape: {
|
|
|
161
186
|
analyseLastNDaysOfLoginHistory: import("zod").ZodOptional<import("zod").ZodNumber>;
|
|
162
187
|
}, import("zod/v4/core").$strict>;
|
|
163
188
|
}, import("zod/v4/core").$strip>;
|
|
189
|
+
isCountable: boolean;
|
|
190
|
+
entities: string;
|
|
164
191
|
};
|
|
165
192
|
settings: {
|
|
166
193
|
schema: import("zod").ZodObject<{
|
|
@@ -171,6 +198,8 @@ export declare const AuditConfigShape: {
|
|
|
171
198
|
}, import("zod/v4/core").$strip>>>;
|
|
172
199
|
options: import("zod").ZodOptional<import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodUnknown>>;
|
|
173
200
|
}, import("zod/v4/core").$strip>;
|
|
201
|
+
isCountable: boolean;
|
|
202
|
+
entities: string;
|
|
174
203
|
};
|
|
175
204
|
};
|
|
176
205
|
};
|
|
@@ -13,7 +13,7 @@ export default class PermissionSetsPolicy extends Policy {
|
|
|
13
13
|
super('permissionSets', config, auditConfig, registry);
|
|
14
14
|
this.config = config;
|
|
15
15
|
this.auditConfig = auditConfig;
|
|
16
|
-
this.classifications = this.auditConfig.
|
|
16
|
+
this.classifications = this.auditConfig.inventory.permissionSets ?? {};
|
|
17
17
|
this.totalEntities = Object.keys(this.classifications).length;
|
|
18
18
|
}
|
|
19
19
|
async resolveEntities(context) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA+B;IAIrD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAD/B,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,
|
|
1
|
+
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA+B;IAIrD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAD/B,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,cAAc,IAAI,EAAE,CAAC;QACvE,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;IAChE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrE,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;QAChG,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CACjE,CAAC,WAAW,EAAE,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,CAC5D,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7G,MAAM,gBAAgB,GAA4C,EAAE,CAAC;QACrE,KAAK,MAAM,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ;oBACX,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,IAAI;iBAC7C,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,IAAI,CAAC,aAAa;SAC7B,CAAC,CAAC;QACH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;IAEO,oBAAoB,CAAC,WAAuC;QAClE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC9D,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;iBACnE,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -13,7 +13,7 @@ export default class ProfilesPolicy extends Policy {
|
|
|
13
13
|
super('profiles', config, auditConfig, registry);
|
|
14
14
|
this.config = config;
|
|
15
15
|
this.auditConfig = auditConfig;
|
|
16
|
-
this.classifications = this.auditConfig.
|
|
16
|
+
this.classifications = this.auditConfig.inventory.profiles ?? {};
|
|
17
17
|
this.updateResolveState({ total: Object.keys(this.classifications).length });
|
|
18
18
|
}
|
|
19
19
|
async resolveEntities(context) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAW,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAIrE,OAAO,EAAwC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE9F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AASjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAuB;IAIvC;IAA6B;IAH/C,YAAY,GAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,eAAe,CAAyB;IAEzD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADzB,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,
|
|
1
|
+
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAW,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAIrE,OAAO,EAAwC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE9F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AASjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAuB;IAIvC;IAA6B;IAH/C,YAAY,GAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,eAAe,CAAyB;IAEzD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADzB,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC;QACjE,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC9D,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC;QACpG,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACrG,MAAM,gBAAgB,GAAoC,EAAE,CAAC;QAC7D,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3D,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAE;oBAC7B,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC;iBACrC,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QACrF,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,kBAAkB,CAAC,MAA6B;QACtD,IAAI,CAAC,YAAY,GAAG,EAAE,GAAG,IAAI,CAAC,YAAY,EAAE,GAAG,MAAM,EAAE,CAAC;QACxD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;CACF"}
|
|
@@ -14,7 +14,7 @@ export default class UsersPolicy extends Policy {
|
|
|
14
14
|
super('users', config, auditConfig, registry);
|
|
15
15
|
this.config = config;
|
|
16
16
|
this.auditConfig = auditConfig;
|
|
17
|
-
this.classifications = this.auditConfig.
|
|
17
|
+
this.classifications = this.auditConfig.inventory.users ?? {};
|
|
18
18
|
this.totalEntities = Object.keys(this.classifications).length;
|
|
19
19
|
this.resolveOptions = buildResolveOptions(this.config);
|
|
20
20
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAA6B,KAAK,EAAE,MAAM,iCAAiC,CAAC;AACnF,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAGrE,OAAO,EAAyC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG/F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,MAAoB;IAKjC;IAAiC;IAJnD,aAAa,CAAS;IACb,eAAe,CAAsB;IACrC,cAAc,CAA+B;IAE9D,YAA0B,MAAwB,EAAS,WAA2B,EAAE,QAAsB;QAC5G,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADtB,WAAM,GAAN,MAAM,CAAkB;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEpF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,
|
|
1
|
+
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAA6B,KAAK,EAAE,MAAM,iCAAiC,CAAC;AACnF,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAGrE,OAAO,EAAyC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG/F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,MAAoB;IAKjC;IAAiC;IAJnD,aAAa,CAAS;IACb,eAAe,CAAsB;IACrC,cAAc,CAA+B;IAE9D,YAA0B,MAAwB,EAAS,WAA2B,EAAE,QAAsB;QAC5G,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADtB,WAAM,GAAN,MAAM,CAAkB;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEpF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9D,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;QAC9D,IAAI,CAAC,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,qBAAqB,CAAC,KAAwB;QACpD,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,MAAM,SAAS,GAAiB;gBAC9B,GAAG,IAAI;gBACP,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B;aAClG,CAAC;YACF,IAAI,SAAS,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC7D,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAC/B,IAAI,EAAE,IAAI,CAAC,QAAQ;oBACnB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;iBACvD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;YAC9C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,YAA8B;IACzD,MAAM,IAAI,GAAiC,EAAE,CAAC;IAC9C,IAAI,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACxF,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,IAAI,CAAC,yBAAyB,GAAG,YAAY,CAAC,OAAO,CAAC,8BAA8B,CAAC;IACvF,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;IAC9B,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,kCAAkC,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;IACtC,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,iCAAiC,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -38,10 +38,10 @@ export default class Policy extends EventEmitter {
|
|
|
38
38
|
if (!this.config.enabled) {
|
|
39
39
|
return {};
|
|
40
40
|
}
|
|
41
|
-
const
|
|
41
|
+
const { resolvedEntities } = await this.resolve(context);
|
|
42
42
|
const ruleResultPromises = new Array();
|
|
43
43
|
for (const rule of this.resolvedRules.enabledRules) {
|
|
44
|
-
ruleResultPromises.push(rule.run({ ...context, resolvedEntities
|
|
44
|
+
ruleResultPromises.push(rule.run({ ...context, resolvedEntities }));
|
|
45
45
|
}
|
|
46
46
|
const results = {};
|
|
47
47
|
const promises = await Promise.all(ruleResultPromises);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAmBvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAK9C;IACH;IACA;IACG;IAPF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACY,UAAoB,EACvB,MAAoB,EACpB,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QALE,eAAU,GAAV,UAAU,CAAU;QACvB,WAAM,GAAN,MAAM,CAAc;QACpB,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;IACzC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,QAAQ,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QAChE,CAAC;QACD,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,YAAY,CAAC,OAAqB;QAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAmBvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAK9C;IACH;IACA;IACG;IAPF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACY,UAAoB,EACvB,MAAoB,EACpB,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QALE,eAAU,GAAV,UAAU,CAAU;QACvB,WAAM,GAAN,MAAM,CAAc;QACpB,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;IACzC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,QAAQ,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QAChE,CAAC;QACD,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,YAAY,CAAC,OAAqB;QAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACzD,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAoC,CAAC;QACzE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACtE,CAAC;QACD,MAAM,OAAO,GAAuB,EAAE,CAAC;QACvC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QACvD,KAAK,MAAM,MAAM,IAAI,QAAQ,EAAE,CAAC;YAC9B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;QACpC,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;OAMG;IACI,QAAQ,CAAC,cAAkC,EAAE,WAA0B;QAC5E,MAAM,aAAa,GAAG,IAAI,CAAC,QAAS,CAAC;QACrC,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YACvD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YACtE,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAI,cAAc,EAAE,aAAa,CAAC,CAAC;YACvG,aAAa,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG;gBACvC,GAAG,cAAc;gBACjB,WAAW,EAAE,cAAc,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBACnD,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAAgC;IAEhC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO;QACL,iBAAiB,EAAE,UAAU,CAAC,iBAAiB,IAAI,iBAAiB;QACpE,gBAAgB,EAAE,UAAU,CAAC,gBAAgB,IAAI,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;KAC9E,CAAC;AACJ,CAAC;AAED,6DAA6D;AAC7D,wDAAwD;AACxD,MAAM,UAAU,QAAQ,CAAC,aAA2C;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}
|
|
@@ -1,16 +1,10 @@
|
|
|
1
1
|
import { EventEmitter } from 'node:events';
|
|
2
|
-
import {
|
|
3
|
-
import { ResolvedProfileLike, ScanResult, UserRoleCompareResult } from './roleManager.types.js';
|
|
2
|
+
import { ResolvedProfileLike, RoleManagerConfig, ScanResult, UserRoleCompareResult } from './roleManager.types.js';
|
|
4
3
|
import UserRole from './userRole.js';
|
|
5
|
-
type Classifications = {
|
|
6
|
-
userPermissions: PermissionClassifications;
|
|
7
|
-
customPermissions: PermissionClassifications;
|
|
8
|
-
};
|
|
9
4
|
export default class RoleManager extends EventEmitter {
|
|
10
|
-
private
|
|
11
|
-
private classifications?;
|
|
5
|
+
private readonly auditConfig;
|
|
12
6
|
private roles;
|
|
13
|
-
constructor(
|
|
7
|
+
constructor(auditConfig: RoleManagerConfig);
|
|
14
8
|
/**
|
|
15
9
|
* Scan userPermissions and customPermissions of a profile or permission set and
|
|
16
10
|
* get a unified scan result with violations (risk level not allowed) and warnings
|
|
@@ -22,15 +16,6 @@ export default class RoleManager extends EventEmitter {
|
|
|
22
16
|
* @returns
|
|
23
17
|
*/
|
|
24
18
|
scanProfileLike(profileLike: ResolvedProfileLike, rootIdentifier?: string[]): ScanResult;
|
|
25
|
-
/**
|
|
26
|
-
* Checks if a role allows a certain classifcation level. If the role is
|
|
27
|
-
* not configured or unknown, always returns false.
|
|
28
|
-
*
|
|
29
|
-
* @param roleName
|
|
30
|
-
* @param permission
|
|
31
|
-
* @returns
|
|
32
|
-
*/
|
|
33
|
-
allowsPermission(roleName: string, permission: string): boolean;
|
|
34
19
|
/**
|
|
35
20
|
* Checks if a given role name is a valid role for the context
|
|
36
21
|
* of the current audit run.
|
|
@@ -59,4 +44,3 @@ export default class RoleManager extends EventEmitter {
|
|
|
59
44
|
private resolveUserPerm;
|
|
60
45
|
private resolveCustomPerm;
|
|
61
46
|
}
|
|
62
|
-
export {};
|