@j-schreiber/sf-cli-security-audit 0.20.0 → 0.20.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/libs/audit-engine/auditRun.d.ts +4 -0
- package/lib/libs/audit-engine/auditRun.js +11 -5
- package/lib/libs/audit-engine/auditRun.js.map +1 -1
- package/lib/libs/audit-engine/registry/context.types.d.ts +2 -2
- package/lib/libs/audit-engine/registry/roles/roleManager.js +6 -0
- package/lib/libs/audit-engine/registry/roles/roleManager.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/userRole.d.ts +22 -3
- package/lib/libs/audit-engine/registry/roles/userRole.js +38 -14
- package/lib/libs/audit-engine/registry/roles/userRole.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/shapeValidation.js +15 -4
- package/lib/libs/audit-engine/registry/shape/shapeValidation.js.map +1 -1
- package/lib/libs/conf-init/auditConfig.js +5 -2
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/libs/conf-init/defaultClassifications.d.ts +2 -2
- package/lib/libs/conf-init/defaultClassifications.js.map +1 -1
- package/lib/libs/quick-scan/userPermissionScanner.js +12 -9
- package/lib/libs/quick-scan/userPermissionScanner.js.map +1 -1
- package/lib/salesforce/connection.d.ts +52 -0
- package/lib/salesforce/connection.js +130 -0
- package/lib/salesforce/connection.js.map +1 -0
- package/lib/salesforce/describes/orgDescribe.d.ts +19 -2
- package/lib/salesforce/describes/orgDescribe.js +26 -1
- package/lib/salesforce/describes/orgDescribe.js.map +1 -1
- package/lib/salesforce/index.d.ts +1 -0
- package/lib/salesforce/index.js +1 -0
- package/lib/salesforce/index.js.map +1 -1
- package/lib/salesforce/mdapi/genericSettingsMetadata.d.ts +2 -2
- package/lib/salesforce/mdapi/genericSettingsMetadata.js.map +1 -1
- package/lib/salesforce/mdapi/mdapi.d.ts +4 -4
- package/lib/salesforce/mdapi/mdapi.js +8 -8
- package/lib/salesforce/mdapi/mdapi.js.map +1 -1
- package/lib/salesforce/mdapi/metadataRegistryEntry.d.ts +3 -3
- package/lib/salesforce/mdapi/metadataRegistryEntry.js +1 -9
- package/lib/salesforce/mdapi/metadataRegistryEntry.js.map +1 -1
- package/lib/salesforce/mdapi/namedMetadataToolingQueryable.d.ts +2 -2
- package/lib/salesforce/mdapi/namedMetadataToolingQueryable.js +1 -1
- package/lib/salesforce/mdapi/namedMetadataToolingQueryable.js.map +1 -1
- package/lib/salesforce/mdapi/namedMetadataType.d.ts +2 -2
- package/lib/salesforce/mdapi/namedMetadataType.js.map +1 -1
- package/lib/salesforce/mdapi/singletonMetadataType.d.ts +2 -2
- package/lib/salesforce/mdapi/singletonMetadataType.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/connected-apps.d.ts +2 -2
- package/lib/salesforce/repositories/connected-apps/connected-apps.js.map +1 -1
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.d.ts +2 -2
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js +3 -7
- package/lib/salesforce/repositories/connected-apps/oauth-tokens.js.map +1 -1
- package/lib/salesforce/repositories/perm-sets/permission-sets.d.ts +2 -2
- package/lib/salesforce/repositories/perm-sets/permission-sets.js.map +1 -1
- package/lib/salesforce/repositories/profiles/profiles.d.ts +2 -2
- package/lib/salesforce/repositories/profiles/profiles.js.map +1 -1
- package/lib/salesforce/repositories/users/users.d.ts +3 -3
- package/lib/salesforce/repositories/users/users.js +6 -6
- package/lib/salesforce/repositories/users/users.js.map +1 -1
- package/messages/auditShapeValidation.md +4 -0
- package/messages/rules.enforceClassificationPresets.md +4 -0
- package/messages/salesforceConnectionErrors.md +11 -0
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -89,7 +89,7 @@ FLAG DESCRIPTIONS
|
|
|
89
89
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
90
90
|
```
|
|
91
91
|
|
|
92
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.20.
|
|
92
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.20.2/src/commands/org/audit/init.ts)_
|
|
93
93
|
|
|
94
94
|
## `sf org audit run`
|
|
95
95
|
|
|
@@ -134,7 +134,7 @@ FLAG DESCRIPTIONS
|
|
|
134
134
|
never truncated.
|
|
135
135
|
```
|
|
136
136
|
|
|
137
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.20.
|
|
137
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.20.2/src/commands/org/audit/run.ts)_
|
|
138
138
|
|
|
139
139
|
## `sf org scan user-perms`
|
|
140
140
|
|
|
@@ -183,7 +183,7 @@ FLAG DESCRIPTIONS
|
|
|
183
183
|
userPermissions.yml.
|
|
184
184
|
```
|
|
185
185
|
|
|
186
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.20.
|
|
186
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.20.2/src/commands/org/scan/user-perms.ts)_
|
|
187
187
|
|
|
188
188
|
<!-- commandsstop -->
|
|
189
189
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAMvC,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAMvC,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AAGrD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC;YAChE,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;QACpC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC;YACrB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;YACrD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,2BAA2B,CAAC;SAC9D,CAAC;KACH,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QAEpD,QAAQ,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC,WAAgC,EAAE,EAAE;YAC9D,QAAQ,WAAW,CAAC,QAAQ,EAAE,CAAC;gBAC7B,KAAK,cAAc;oBACjB,mCAAmC;oBACnC,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,YAAY;oBACf,WAAW,CAAC,eAAe,EAAE,CAAC;oBAC9B,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,MAAM,EAAE,CAAC;oBACrB,MAAM;YACV,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAyB,EAAE,EAAE;YACnD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/F,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB,EAAE,SAAkB;QAC1D,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACb,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,MAAmB;QACzC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACnH,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,aAAa;iBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;iBAClC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;YACrD,IAAI,CAAC,GAAG,CACN,cAAc,CAAC,OAAO,CACpB,QAAQ,CAAC,UAAU,CAAC,+BAA+B,EAAE,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAC,CAC/F,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACf,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,KAAmC;QACnE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,KAAK;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;aAClC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACd,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,YAAY;SAC3B,CAAC,CAAC;aACF,IAAI,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,CAAC;YACT,IAAI;YACJ,KAAK,EAAE,wBAAwB;YAC/B,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SAC7B,CAAC,CAAC;IACL,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7D,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD,EAAE,SAAkB;QACtG,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,+BAA+B,CAAE,CAAC;QACpE,KAAK,MAAM,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,MAAM,IAAI,GAAG,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrD,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC;gBACxB,UAAU,EAAE,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC;aAC9C,CAAC,CAAC,CAAC;YACJ,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC;gBACjD,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE;aACpD,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACtF,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAkBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACnC,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,OAAO;YACL,MAAM,EAAE,UAAU,CAAC,UAAU,CAAC;YAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,kBAAkB,EAAE,WAAW,CAAC,eAAe,CAAC,MAAM;QACtD,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAoB;IAC5C,OAAO,OAAO,UAAU,KAAK,QAAQ;QACnC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC;QAC5B,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAClE,CAAC"}
|
|
@@ -11,6 +11,9 @@ export type EntityResolveEvent = {
|
|
|
11
11
|
resolved: number;
|
|
12
12
|
policyName: string;
|
|
13
13
|
};
|
|
14
|
+
export type UserMessageEvent = {
|
|
15
|
+
message: string;
|
|
16
|
+
};
|
|
14
17
|
/**
|
|
15
18
|
* Instance of an audit run that manages high-level operations
|
|
16
19
|
*/
|
|
@@ -27,6 +30,7 @@ export default class AuditRun extends EventEmitter {
|
|
|
27
30
|
*/
|
|
28
31
|
execute(targetOrgConnection: Connection): Promise<AuditResult>;
|
|
29
32
|
private verifyAuditConfig;
|
|
33
|
+
private emitWarning;
|
|
30
34
|
/**
|
|
31
35
|
* Loads all policies, resolves entities and caches the results.
|
|
32
36
|
*
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import EventEmitter from 'node:events';
|
|
2
2
|
import { OrgDescribe, ResolveLifecycle } from '../../salesforce/index.js';
|
|
3
|
+
import SfConnection from '../../salesforce/connection.js';
|
|
3
4
|
import { loadPolicy } from './registry/definitions.js';
|
|
4
5
|
import AcceptedRisks from './accepted-risks/acceptedRisks.js';
|
|
5
6
|
import { verifyRoleDefinitions } from './registry/shape/shapeValidation.js';
|
|
@@ -12,7 +13,7 @@ export default class AuditRun extends EventEmitter {
|
|
|
12
13
|
constructor(config) {
|
|
13
14
|
super();
|
|
14
15
|
this.config = { ...{ shape: {}, inventory: {}, policies: {}, acceptedRisks: {}, controls: {} }, ...config };
|
|
15
|
-
ResolveLifecycle.on('
|
|
16
|
+
ResolveLifecycle.on('resolvewarning', (warning) => this.emitWarning(warning.message));
|
|
16
17
|
}
|
|
17
18
|
getExecutableRulesCount(policyName) {
|
|
18
19
|
if (this.executablePolicies?.[policyName] !== undefined) {
|
|
@@ -27,13 +28,14 @@ export default class AuditRun extends EventEmitter {
|
|
|
27
28
|
* @returns
|
|
28
29
|
*/
|
|
29
30
|
async execute(targetOrgConnection) {
|
|
31
|
+
const sfCon = await SfConnection.create(targetOrgConnection);
|
|
30
32
|
this.emitStageUpdate('initialising');
|
|
31
|
-
const orgDescribe = await OrgDescribe.create(
|
|
33
|
+
const orgDescribe = await OrgDescribe.create(sfCon);
|
|
32
34
|
this.verifyAuditConfig(orgDescribe);
|
|
33
35
|
this.emitStageUpdate('resolving');
|
|
34
|
-
const executablePolicies = await this.resolve(
|
|
36
|
+
const executablePolicies = await this.resolve(sfCon, orgDescribe);
|
|
35
37
|
this.emitStageUpdate('executing');
|
|
36
|
-
const pendingResults = await runPolicies(executablePolicies,
|
|
38
|
+
const pendingResults = await runPolicies(executablePolicies, sfCon, orgDescribe);
|
|
37
39
|
this.emitStageUpdate('finalising');
|
|
38
40
|
const result = {
|
|
39
41
|
orgId: targetOrgConnection.getAuthInfoFields().orgId,
|
|
@@ -47,10 +49,14 @@ export default class AuditRun extends EventEmitter {
|
|
|
47
49
|
if (this.config.controls.roles) {
|
|
48
50
|
const roleWarnings = verifyRoleDefinitions(this.config.controls.roles, orgDescribe);
|
|
49
51
|
for (const warning of roleWarnings) {
|
|
50
|
-
this.
|
|
52
|
+
this.emitWarning(`${warning.path.join(' > ')}: ${warning.message}`);
|
|
51
53
|
}
|
|
52
54
|
}
|
|
53
55
|
}
|
|
56
|
+
emitWarning(message) {
|
|
57
|
+
const warnMsg = { message };
|
|
58
|
+
this.emit('warning', warnMsg);
|
|
59
|
+
}
|
|
54
60
|
/**
|
|
55
61
|
* Loads all policies, resolves entities and caches the results.
|
|
56
62
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/auditRun.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/audit-engine/auditRun.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAGvC,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC1E,OAAO,YAAY,MAAM,gCAAgC,CAAC;AAG1D,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAEvD,OAAO,aAAa,MAAM,mCAAmC,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAsB5E;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,YAAY;IACzC,MAAM,CAAiB;IACtB,kBAAkB,CAAa;IAEvC,YAAmB,MAA+B;QAChD,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC;QAC5G,gBAAgB,CAAC,EAAE,CAAC,gBAAgB,EAAE,CAAC,OAAyB,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;IAC1G,CAAC;IAEM,uBAAuB,CAAC,UAAoB;QACjD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,kBAAkB,EAAE,CAAC,MAAM,CAAC;QACzE,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAC7D,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QACrC,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACpD,IAAI,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;QACpC,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAClC,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAClE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,MAAM,WAAW,CAAC,kBAAkB,EAAE,KAAK,EAAE,WAAW,CAAC,CAAC;QACjF,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;QACnC,MAAM,MAAM,GAAG;YACb,KAAK,EAAE,mBAAmB,CAAC,iBAAiB,EAAE,CAAC,KAAK;YACpD,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CAAC;SACjC,CAAC;QACF,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAClC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,eAAe;IAEP,iBAAiB,CAAC,WAAwB;QAChD,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YAC/B,MAAM,YAAY,GAAG,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;YACpF,KAAK,MAAM,OAAO,IAAI,YAAY,EAAE,CAAC;gBACnC,IAAI,CAAC,WAAW,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;YACtE,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,OAAe;QACjC,MAAM,OAAO,GAAqB,EAAE,OAAO,EAAE,CAAC;QAC9C,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAChC,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,OAAO,CAAC,mBAAiC,EAAE,WAAwB;QAC/E,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC;QACjC,CAAC;QACD,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAC9C,MAAM,qBAAqB,GAAiD,EAAE,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC5D,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,mBAAmB,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;QACvF,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;;;;OAKG;IACK,QAAQ,CAAC,cAAoC;QACnD,MAAM,gBAAgB,GAAe,EAAE,CAAC;QACxC,MAAM,WAAW,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACjE,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YACzE,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC,UAAU,CAAC,CAAC;YACrD,IAAI,MAAM,EAAE,CAAC;gBACX,gBAAgB,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;YAC7E,CAAC;QACH,CAAC;QACD,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,WAAW,CAAC,gBAAgB,CAAC;YAC1C,QAAQ,EAAE,gBAAgB;YAC1B,aAAa,EAAE,WAAW,CAAC,QAAQ,EAAE;SACtC,CAAC;IACJ,CAAC;IAEO,YAAY;QAClB,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3D,MAAM,MAAM,GAAG,UAAU,CAAC,UAAsB,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;YAC/D,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,YAAoD,EAAE,EAAE;oBAC3F,IAAI,CAAC,IAAI,CAAC,iBAAiB,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC;gBAC5E,CAAC,CAAC,CAAC;gBACH,IAAI,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;YAC5B,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,eAAe,CAAC,QAAuB;QAC7C,MAAM,SAAS,GAAwB;YACrC,QAAQ;SACT,CAAC;QACF,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IACtC,CAAC;CACF;AAED,SAAS,WAAW,CAAC,OAAmB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,QAAmB,EACnB,mBAAiC,EACjC,WAAwB;IAExB,MAAM,YAAY,GAAuC,EAAE,CAAC;IAC5D,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE;QAC3D,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,mBAAmB,EAAE,WAAW,EAAE,CAAC,CAAC,CAAC;IACnF,CAAC,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,OAAO,GAAyB,EAAE,CAAC;IACzC,WAAW,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QACnC,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { Connection } from '@salesforce/core';
|
|
2
1
|
import { Optional } from '../../../utils.js';
|
|
3
2
|
import { OrgDescribe } from '../../../salesforce/index.js';
|
|
4
3
|
import AcceptedRisks from '../accepted-risks/acceptedRisks.js';
|
|
4
|
+
import SfConnection from '../../../salesforce/connection.js';
|
|
5
5
|
import { AuditPolicyResult, PolicyRuleExecutionResult } from './result.types.js';
|
|
6
6
|
/**
|
|
7
7
|
* A rule must only implement a subset of the rule result. All optional
|
|
@@ -26,7 +26,7 @@ export type AuditContext = {
|
|
|
26
26
|
/**
|
|
27
27
|
* Connection to the target org
|
|
28
28
|
*/
|
|
29
|
-
targetOrgConnection:
|
|
29
|
+
targetOrgConnection: SfConnection;
|
|
30
30
|
/**
|
|
31
31
|
* Global describe of the target org to validate the audit config
|
|
32
32
|
* against this specific org.
|
|
@@ -117,6 +117,12 @@ export default class RoleManager extends EventEmitter {
|
|
|
117
117
|
});
|
|
118
118
|
}
|
|
119
119
|
}
|
|
120
|
+
else if (role.isDenied({ name: perm.name, type: permissionType })) {
|
|
121
|
+
result.violations.push({
|
|
122
|
+
identifier,
|
|
123
|
+
message: messages.getMessage('violations.permission-is-denied', [role.roleName]),
|
|
124
|
+
});
|
|
125
|
+
}
|
|
120
126
|
else {
|
|
121
127
|
result.warnings.push({
|
|
122
128
|
identifier,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"roleManager.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/roles/roleManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAA6B,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxG,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AASlE,OAAiB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAErF,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,YAAY;IAGf;IAF5B,KAAK,GAA6B,EAAE,CAAC;IAE7C,YAAoC,WAA8B;QAChE,KAAK,EAAE,CAAC;QAD0B,gBAAW,GAAX,WAAW,CAAmB;QAEhE,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzE,MAAM,cAAc,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;gBAC3C,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;oBAC/B,oBAAoB,CAAC,eAAe,CAClC,QAAQ,CAAC,UAAU,CAAC,iCAAiC,EAAE;wBACrD,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,QAAQ;wBACnC,cAAc;qBACf,CAAC,CACH,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBACjF,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC3D,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,GAAG,mBAAmB,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YAC/G,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACI,eAAe,CAAC,WAAgC,EAAE,cAAyB;QAChF,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC1C,CAAC;QACD,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,iBAAiB,EAAE,cAAc,CAAC,CAAC;QAC7F,MAAM,iBAAiB,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,mBAAmB,EAAE,cAAc,CAAC,CAAC;QACjG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACjE,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;;;;;OAMG;IACI,WAAW,CAAC,QAAgB;QACjC,MAAM,kBAAkB,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACI,OAAO,CAAC,YAAoB,EAAE,eAAuB;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAChD,OAAO,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED;;;;;OAKG;IACI,OAAO,CAAC,QAAgB;QAC7B,MAAM,kBAAkB,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,QAAQ,CAAC,WAAW,CAAC,mCAAmC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,wBAAwB;IAEhB,eAAe,CACrB,OAA4B,EAC5B,cAAkC,EAClC,cAAyB;QAEzB,MAAM,MAAM,GAAe,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACxC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACpD,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,cAAc,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7G,MAAM,kBAAkB,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;YACvE,IAAI,kBAAkB,EAAE,CAAC;gBACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;oBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;qBACjE,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,kBAAkB,CAAC,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;oBACpF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;4BACxE,kBAAkB,CAAC,cAAc;4BACjC,OAAO,CAAC,IAAI;yBACb,CAAC;qBACH,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;oBAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;qBAC5D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACnB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,WAAW,CAAC,QAAgB,EAAE,QAA4B;QAChE,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,QAAgB;QACtC,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,eAAe,EAAE,CAAC;YAC5C,OAAO,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxF,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,iBAAiB,CAAC,QAAgB;QACxC,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,iBAAiB,EAAE,CAAC;YAC9C,OAAO,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1F,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAA0C;IAE1C,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AACrD,CAAC"}
|
|
1
|
+
{"version":3,"file":"roleManager.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/roles/roleManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAA6B,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxG,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AASlE,OAAiB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAErF,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,YAAY;IAGf;IAF5B,KAAK,GAA6B,EAAE,CAAC;IAE7C,YAAoC,WAA8B;QAChE,KAAK,EAAE,CAAC;QAD0B,gBAAW,GAAX,WAAW,CAAmB;QAEhE,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzE,MAAM,cAAc,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;gBAC3C,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;oBAC/B,oBAAoB,CAAC,eAAe,CAClC,QAAQ,CAAC,UAAU,CAAC,iCAAiC,EAAE;wBACrD,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,QAAQ;wBACnC,cAAc;qBACf,CAAC,CACH,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBACjF,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC3D,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,GAAG,mBAAmB,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YAC/G,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACI,eAAe,CAAC,WAAgC,EAAE,cAAyB;QAChF,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC1B,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC1C,CAAC;QACD,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,iBAAiB,EAAE,cAAc,CAAC,CAAC;QAC7F,MAAM,iBAAiB,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,EAAE,mBAAmB,EAAE,cAAc,CAAC,CAAC;QACjG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;QACjE,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC7D,OAAO,eAAe,CAAC;IACzB,CAAC;IAED;;;;;;OAMG;IACI,WAAW,CAAC,QAAgB;QACjC,MAAM,kBAAkB,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACI,OAAO,CAAC,YAAoB,EAAE,eAAuB;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAChD,OAAO,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED;;;;;OAKG;IACI,OAAO,CAAC,QAAgB;QAC7B,MAAM,kBAAkB,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,QAAQ,CAAC,WAAW,CAAC,mCAAmC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,wBAAwB;IAEhB,eAAe,CACrB,OAA4B,EAC5B,cAAkC,EAClC,cAAyB;QAEzB,MAAM,MAAM,GAAe,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACxC,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACpD,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,cAAc,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7G,MAAM,kBAAkB,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;YACvE,IAAI,kBAAkB,EAAE,CAAC;gBACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;oBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;qBACjE,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,kBAAkB,CAAC,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;oBACpF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;4BACxE,kBAAkB,CAAC,cAAc;4BACjC,OAAO,CAAC,IAAI;yBACb,CAAC;qBACH,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;oBAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;qBAC5D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;gBACpE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,iCAAiC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;iBACjF,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACnB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,WAAW,CAAC,QAAgB,EAAE,QAA4B;QAChE,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,QAAgB;QACtC,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,eAAe,EAAE,CAAC;YAC5C,OAAO,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxF,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,iBAAiB,CAAC,QAAgB;QACxC,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,iBAAiB,EAAE,CAAC;YAC9C,OAAO,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1F,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAA0C;IAE1C,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AACrD,CAAC"}
|
|
@@ -1,13 +1,32 @@
|
|
|
1
1
|
import { PermissionClassifications, UserPrivilegeLevel } from '../shape/schema.js';
|
|
2
2
|
import { RoleManagerConfig, TypedPermission, UserRoleCompareResult } from './roleManager.types.js';
|
|
3
|
+
type UserRolePermissions = {
|
|
4
|
+
allowed: Set<string>;
|
|
5
|
+
denied: Set<string>;
|
|
6
|
+
};
|
|
3
7
|
export default class UserRole {
|
|
4
8
|
roleName: string;
|
|
5
|
-
private
|
|
6
|
-
private
|
|
9
|
+
private userPermissions;
|
|
10
|
+
private customPermissions;
|
|
7
11
|
private roleOrdinalValue?;
|
|
8
|
-
constructor(roleName: string,
|
|
12
|
+
constructor(roleName: string, userPermissions: UserRolePermissions, customPermissions: UserRolePermissions, roleOrdinalValue?: number | undefined);
|
|
13
|
+
/**
|
|
14
|
+
* Evaluates if a permission is explicitly denied
|
|
15
|
+
*
|
|
16
|
+
* @param permission
|
|
17
|
+
* @returns
|
|
18
|
+
*/
|
|
19
|
+
isDenied(permission: TypedPermission): boolean;
|
|
20
|
+
/**
|
|
21
|
+
* Evaluates if a permission of type userPermission or customPermission
|
|
22
|
+
* is allowed for the role.
|
|
23
|
+
*
|
|
24
|
+
* @param permission
|
|
25
|
+
* @returns
|
|
26
|
+
*/
|
|
9
27
|
isAllowed(permission: TypedPermission): boolean;
|
|
10
28
|
compareWith(otherRole: UserRole): UserRoleCompareResult;
|
|
11
29
|
}
|
|
12
30
|
export declare function newRoleFromDefinition(roleName: string, config: RoleManagerConfig): UserRole;
|
|
13
31
|
export declare function newRoleFromOrdinals(roleName: UserPrivilegeLevel, perms?: PermissionClassifications): UserRole;
|
|
32
|
+
export {};
|
|
@@ -5,33 +5,54 @@ Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
|
5
5
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
|
|
6
6
|
export default class UserRole {
|
|
7
7
|
roleName;
|
|
8
|
-
|
|
9
|
-
|
|
8
|
+
userPermissions;
|
|
9
|
+
customPermissions;
|
|
10
10
|
roleOrdinalValue;
|
|
11
|
-
constructor(roleName,
|
|
11
|
+
constructor(roleName, userPermissions, customPermissions, roleOrdinalValue) {
|
|
12
12
|
this.roleName = roleName;
|
|
13
|
-
this.
|
|
14
|
-
this.
|
|
13
|
+
this.userPermissions = userPermissions;
|
|
14
|
+
this.customPermissions = customPermissions;
|
|
15
15
|
this.roleOrdinalValue = roleOrdinalValue;
|
|
16
16
|
}
|
|
17
|
+
/**
|
|
18
|
+
* Evaluates if a permission is explicitly denied
|
|
19
|
+
*
|
|
20
|
+
* @param permission
|
|
21
|
+
* @returns
|
|
22
|
+
*/
|
|
23
|
+
isDenied(permission) {
|
|
24
|
+
if (permission.type === 'customPermissions') {
|
|
25
|
+
return this.customPermissions.denied.has(permission.name.toLowerCase());
|
|
26
|
+
}
|
|
27
|
+
else {
|
|
28
|
+
return this.userPermissions.denied.has(permission.name.toLowerCase());
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Evaluates if a permission of type userPermission or customPermission
|
|
33
|
+
* is allowed for the role.
|
|
34
|
+
*
|
|
35
|
+
* @param permission
|
|
36
|
+
* @returns
|
|
37
|
+
*/
|
|
17
38
|
isAllowed(permission) {
|
|
18
39
|
if (permission.type === 'customPermissions') {
|
|
19
|
-
return this.
|
|
40
|
+
return this.customPermissions.allowed.has(permission.name);
|
|
20
41
|
}
|
|
21
42
|
else {
|
|
22
|
-
return this.
|
|
43
|
+
return this.userPermissions.allowed.has(permission.name);
|
|
23
44
|
}
|
|
24
45
|
}
|
|
25
46
|
compareWith(otherRole) {
|
|
26
47
|
const missingPermsInOther = new Array();
|
|
27
48
|
const missingPermsInThis = new Array();
|
|
28
49
|
const isOrdinallyHigher = this.roleOrdinalValue && otherRole.roleOrdinalValue ? this.roleOrdinalValue >= otherRole.roleOrdinalValue : true;
|
|
29
|
-
const merged = new Set([...this.
|
|
50
|
+
const merged = new Set([...this.userPermissions.allowed, ...otherRole.userPermissions.allowed]);
|
|
30
51
|
for (const perm of merged) {
|
|
31
|
-
if (!this.
|
|
52
|
+
if (!this.userPermissions.allowed.has(perm)) {
|
|
32
53
|
missingPermsInThis.push(perm);
|
|
33
54
|
}
|
|
34
|
-
if (!otherRole.
|
|
55
|
+
if (!otherRole.userPermissions.allowed.has(perm)) {
|
|
35
56
|
missingPermsInOther.push(perm);
|
|
36
57
|
}
|
|
37
58
|
}
|
|
@@ -51,7 +72,7 @@ export function newRoleFromDefinition(roleName, config) {
|
|
|
51
72
|
export function newRoleFromOrdinals(roleName, perms) {
|
|
52
73
|
const roleOrdinalValue = resolvePresetOrdinalValue(roleName);
|
|
53
74
|
if (!perms || roleName === UserPrivilegeLevel.UNKNOWN) {
|
|
54
|
-
return new UserRole(roleName, new Set(), new Set(), roleOrdinalValue);
|
|
75
|
+
return new UserRole(roleName, { allowed: new Set(), denied: new Set() }, { allowed: new Set(), denied: new Set() }, roleOrdinalValue);
|
|
55
76
|
}
|
|
56
77
|
const allAllowed = new Set();
|
|
57
78
|
for (const [permName, permDef] of Object.entries(perms)) {
|
|
@@ -59,7 +80,7 @@ export function newRoleFromOrdinals(roleName, perms) {
|
|
|
59
80
|
allAllowed.add(permName);
|
|
60
81
|
}
|
|
61
82
|
}
|
|
62
|
-
return new UserRole(roleName, allAllowed, new Set(), roleOrdinalValue);
|
|
83
|
+
return new UserRole(roleName, { allowed: allAllowed, denied: new Set() }, { allowed: new Set(), denied: new Set() }, roleOrdinalValue);
|
|
63
84
|
}
|
|
64
85
|
function resolvePresetOrdinalValue(value) {
|
|
65
86
|
const indexOfValue = Object.values(UserPrivilegeLevel).indexOf(value);
|
|
@@ -100,7 +121,7 @@ function buildAllowedPerms(rolePermDef, permClassifications, allowedClassificati
|
|
|
100
121
|
}
|
|
101
122
|
}
|
|
102
123
|
if (!rolePermDef) {
|
|
103
|
-
return allowedPerms;
|
|
124
|
+
return { allowed: allowedPerms, denied: new Set() };
|
|
104
125
|
}
|
|
105
126
|
if (rolePermDef.allowed) {
|
|
106
127
|
for (const permName of rolePermDef.allowed) {
|
|
@@ -117,6 +138,9 @@ function buildAllowedPerms(rolePermDef, permClassifications, allowedClassificati
|
|
|
117
138
|
allowedPerms.delete(permName);
|
|
118
139
|
}
|
|
119
140
|
}
|
|
120
|
-
return
|
|
141
|
+
return {
|
|
142
|
+
allowed: allowedPerms,
|
|
143
|
+
denied: new Set(rolePermDef.denied ? rolePermDef.denied.map((p) => p.toLowerCase()) : []),
|
|
144
|
+
};
|
|
121
145
|
}
|
|
122
146
|
//# sourceMappingURL=userRole.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"userRole.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/roles/userRole.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAEL,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GAEpB,MAAM,oBAAoB,CAAC;AAS5B,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"userRole.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/roles/userRole.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAEL,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,GAEpB,MAAM,oBAAoB,CAAC;AAS5B,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAOnH,MAAM,CAAC,OAAO,OAAO,QAAQ;IAElB;IACC;IACA;IACA;IAJV,YACS,QAAgB,EACf,eAAoC,EACpC,iBAAsC,EACtC,gBAAyB;QAH1B,aAAQ,GAAR,QAAQ,CAAQ;QACf,oBAAe,GAAf,eAAe,CAAqB;QACpC,sBAAiB,GAAjB,iBAAiB,CAAqB;QACtC,qBAAgB,GAAhB,gBAAgB,CAAS;IAChC,CAAC;IAEJ;;;;;OAKG;IACI,QAAQ,CAAC,UAA2B;QACzC,IAAI,UAAU,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1E,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACI,SAAS,CAAC,UAA2B;QAC1C,IAAI,UAAU,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC7D,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;IAEM,WAAW,CAAC,SAAmB;QACpC,MAAM,mBAAmB,GAAG,IAAI,KAAK,EAAU,CAAC;QAChD,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAU,CAAC;QAC/C,MAAM,iBAAiB,GACrB,IAAI,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC;QACnH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC;QAChG,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAC1B,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5C,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QACD,OAAO;YACL,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,CAAC,IAAI,iBAAiB;YAChE,kBAAkB;YAClB,mBAAmB;SACpB,CAAC;IACJ,CAAC;CACF;AAED,MAAM,UAAU,qBAAqB,CAAC,QAAgB,EAAE,MAAyB;IAC/E,MAAM,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,iBAAiB,CACjC,WAAW,EAAE,eAAe,EAC5B,MAAM,CAAC,KAAK,CAAC,eAAe,EAC5B,WAAW,EAAE,sBAAsB,CACpC,CAAC;IACF,MAAM,WAAW,GAAG,iBAAiB,CACnC,WAAW,EAAE,iBAAiB,EAC9B,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAC9B,WAAW,EAAE,sBAAsB,CACpC,CAAC;IAEF,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,QAA4B,EAAE,KAAiC;IACjG,MAAM,gBAAgB,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;IAC7D,IAAI,CAAC,KAAK,IAAI,QAAQ,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;QACtD,OAAO,IAAI,QAAQ,CACjB,QAAQ,EACR,EAAE,OAAO,EAAE,IAAI,GAAG,EAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE,EACzD,EAAE,OAAO,EAAE,IAAI,GAAG,EAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE,EACzD,gBAAgB,CACjB,CAAC;IACJ,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,IAAI,gBAAgB,IAAI,4BAA4B,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7E,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,QAAQ,CACjB,QAAQ,EACR,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE,EAClD,EAAE,OAAO,EAAE,IAAI,GAAG,EAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE,EACzD,gBAAgB,CACjB,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAyB;IAC1D,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACtE,OAAO,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,YAAY,CAAC;AAC/D,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACjH,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB,EAAE,QAA0B;IAC/D,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,QAAQ,CAAC,WAAW,CAAC,mCAAmC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,WAAW,GAAG,EAAE,CAAC;IACvB,IAAI,mBAAmB,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChD,KAAK,CAAC,WAAW,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC;IAC7C,CAAC;SAAM,CAAC;QACN,KAAK,MAAM,OAAO,IAAI,UAAU,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;YACnD,MAAM,cAAc,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,CAAC;YACvD,IAAI,cAAc,EAAE,CAAC;gBACnB,KAAK,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACN,MAAM,QAAQ,CAAC,WAAW,CAAC,0CAA0C,EAAE,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,EAAE,WAAW,EAAE,CAAC;AACzB,CAAC;AAED,SAAS,iBAAiB,CACxB,WAAsC,EACtC,mBAA+C,EAC/C,sBAAiC;IAEjC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,IAAI,sBAAsB,IAAI,mBAAmB,EAAE,CAAC;QAClD,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACtE,IAAI,sBAAsB,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC5D,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE,CAAC;IAC9D,CAAC;IACD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,MAAM,QAAQ,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC3C,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM,QAAQ,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC5C,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACvB,KAAK,MAAM,QAAQ,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;YAC1C,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IACD,OAAO;QACL,OAAO,EAAE,YAAY;QACrB,MAAM,EAAE,IAAI,GAAG,CAAS,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KAClG,CAAC;AACJ,CAAC"}
|
|
@@ -14,6 +14,14 @@ export const validator = (parseResult) => {
|
|
|
14
14
|
if (parseResult.inventory.users) {
|
|
15
15
|
errors.push(...validateRoledEntity(parseResult.controls.roles, parseResult.inventory.users, 'users'));
|
|
16
16
|
}
|
|
17
|
+
const defaultRole = parseResult.policies.users?.options.defaultRoleForMissingUsers;
|
|
18
|
+
const defaultRoleExistsAndIsValid = defaultRole !== undefined && parseResult.controls.roles[defaultRole] !== undefined;
|
|
19
|
+
if (defaultRole && !defaultRoleExistsAndIsValid) {
|
|
20
|
+
errors.push({
|
|
21
|
+
message: messages.getMessage('DefaultRoleForMissingUsersDoesNotExist', [defaultRole]),
|
|
22
|
+
path: ['policies', 'users', 'options', 'defaultRoleForMissingUsers'],
|
|
23
|
+
});
|
|
24
|
+
}
|
|
17
25
|
}
|
|
18
26
|
if (!parseResult.policies || Object.keys(parseResult.policies).length === 0) {
|
|
19
27
|
errors.push({
|
|
@@ -29,8 +37,11 @@ export function verifyRoleDefinitions(roles, orgDescribe) {
|
|
|
29
37
|
if (!isPermissionControl(roleDef.permissions) || !roleDef.permissions) {
|
|
30
38
|
continue;
|
|
31
39
|
}
|
|
32
|
-
for (const permissionBlockName of [
|
|
33
|
-
|
|
40
|
+
for (const permissionBlockName of [
|
|
41
|
+
{ listName: 'userPermissions', isValid: (permName) => orgDescribe.isValid(permName) },
|
|
42
|
+
{ listName: 'customPermissions', isValid: (permName) => orgDescribe.isValidCustomPerm(permName) },
|
|
43
|
+
]) {
|
|
44
|
+
const permBlock = roleDef.permissions[permissionBlockName.listName];
|
|
34
45
|
if (!permBlock) {
|
|
35
46
|
continue;
|
|
36
47
|
}
|
|
@@ -38,9 +49,9 @@ export function verifyRoleDefinitions(roles, orgDescribe) {
|
|
|
38
49
|
const namedPerms = permBlock[permProp];
|
|
39
50
|
if (namedPerms) {
|
|
40
51
|
for (const permName of namedPerms) {
|
|
41
|
-
if (!
|
|
52
|
+
if (!permissionBlockName.isValid(permName)) {
|
|
42
53
|
warnings.push({
|
|
43
|
-
path: ['Controls', 'Roles', roleName, permissionBlockName, permProp, permName],
|
|
54
|
+
path: ['Controls', 'Roles', roleName, permissionBlockName.listName, permProp, permName],
|
|
44
55
|
message: messages.getMessage('PermissionDoesNotExistOnOrg'),
|
|
45
56
|
});
|
|
46
57
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"shapeValidation.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/shape/shapeValidation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAA0B,mBAAmB,EAAgC,MAAM,aAAa,CAAC;AAExG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,sBAAsB,CAAC,CAAC;AAErG,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,WAAiE,EAAiB,EAAE;IAC5G,MAAM,MAAM,GAAkB,EAAE,CAAC;IACjC,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QAC/B,IAAI,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;QAC9G,CAAC;QACD,IAAI,WAAW,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CACT,GAAG,mBAAmB,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAC3G,CAAC;QACJ,CAAC;QACD,IAAI,WAAW,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;QACxG,CAAC;IACH,CAAC;IACD,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5E,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oBAAoB,CAAC;YAClD,IAAI,EAAE,CAAC,UAAU,CAAC;SACnB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,UAAU,qBAAqB,CAAC,KAA6B,EAAE,WAAwB;IAC3F,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAe,CAAC;IAC1C,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YACtE,SAAS;QACX,CAAC;QACD,KAAK,MAAM,mBAAmB,IAAI,
|
|
1
|
+
{"version":3,"file":"shapeValidation.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/shape/shapeValidation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAA0B,mBAAmB,EAAgC,MAAM,aAAa,CAAC;AAExG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,sBAAsB,CAAC,CAAC;AAErG,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,WAAiE,EAAiB,EAAE;IAC5G,MAAM,MAAM,GAAkB,EAAE,CAAC;IACjC,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;QAC/B,IAAI,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;YACnC,MAAM,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,SAAS,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC;QAC9G,CAAC;QACD,IAAI,WAAW,CAAC,SAAS,CAAC,cAAc,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,CACT,GAAG,mBAAmB,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,SAAS,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAC3G,CAAC;QACJ,CAAC;QACD,IAAI,WAAW,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,GAAG,mBAAmB,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;QACxG,CAAC;QACD,MAAM,WAAW,GAAG,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC,0BAA0B,CAAC;QACnF,MAAM,2BAA2B,GAC/B,WAAW,KAAK,SAAS,IAAI,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,SAAS,CAAC;QACrF,IAAI,WAAW,IAAI,CAAC,2BAA2B,EAAE,CAAC;YAChD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wCAAwC,EAAE,CAAC,WAAW,CAAC,CAAC;gBACrF,IAAI,EAAE,CAAC,UAAU,EAAE,OAAO,EAAE,SAAS,EAAE,4BAA4B,CAAC;aACrE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5E,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oBAAoB,CAAC;YAClD,IAAI,EAAE,CAAC,UAAU,CAAC;SACnB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC,CAAC;AAEF,MAAM,UAAU,qBAAqB,CAAC,KAA6B,EAAE,WAAwB;IAC3F,MAAM,QAAQ,GAAG,IAAI,KAAK,EAAe,CAAC;IAC1C,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YACtE,SAAS;QACX,CAAC;QACD,KAAK,MAAM,mBAAmB,IAAI;YAChC,EAAE,QAAQ,EAAE,iBAAiB,EAAE,OAAO,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE;YAC7F,EAAE,QAAQ,EAAE,mBAAmB,EAAE,OAAO,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,WAAW,CAAC,iBAAiB,CAAC,QAAQ,CAAC,EAAE;SACjG,EAAE,CAAC;YACX,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YACpE,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS;YACX,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,CAAC,SAAS,EAAE,QAAQ,EAAE,UAAU,CAAU,EAAE,CAAC;gBAClE,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;gBACvC,IAAI,UAAU,EAAE,CAAC;oBACf,KAAK,MAAM,QAAQ,IAAI,UAAU,EAAE,CAAC;wBAClC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;4BAC3C,QAAQ,CAAC,IAAI,CAAC;gCACZ,IAAI,EAAE,CAAC,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC;gCACvF,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;6BAC5D,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,mBAAmB,CAC1B,KAA6B,EAC7B,OAAqC,EACrC,UAAkB;IAElB,MAAM,MAAM,GAAkB,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,UAAU,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3D,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qBAAqB,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;gBAClE,IAAI,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;aAC/B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { RuleRegistry, PolicyDefinitions } from '../audit-engine/index.js';
|
|
2
|
+
import { SfConnection } from '../../salesforce/index.js';
|
|
2
3
|
import { InventoryInitialisers, ShapeInitialisers } from './defaultClassifications.js';
|
|
3
4
|
import { DefaultPolicyDefinitions } from './defaultPolicies.js';
|
|
4
5
|
/**
|
|
@@ -13,15 +14,17 @@ export default class AuditConfig {
|
|
|
13
14
|
* @param con
|
|
14
15
|
*/
|
|
15
16
|
static async init(targetCon, opts) {
|
|
17
|
+
const sfCon = await SfConnection.create(targetCon);
|
|
16
18
|
const conf = { shape: {}, inventory: {}, policies: {}, acceptedRisks: {}, controls: {} };
|
|
17
|
-
conf.shape = await this.initSubtype(ShapeInitialisers,
|
|
18
|
-
conf.inventory = await this.initSubtype(InventoryInitialisers,
|
|
19
|
+
conf.shape = await this.initSubtype(ShapeInitialisers, sfCon, opts);
|
|
20
|
+
conf.inventory = await this.initSubtype(InventoryInitialisers, sfCon, opts);
|
|
19
21
|
for (const policyName of Object.keys(PolicyDefinitions)) {
|
|
20
22
|
const policy = initPolicyConfig(policyName);
|
|
21
23
|
conf.policies[policyName] = policy;
|
|
22
24
|
}
|
|
23
25
|
return conf;
|
|
24
26
|
}
|
|
27
|
+
// PRIVATE ZONE
|
|
25
28
|
static async initSubtype(initialisable, targetCon, opts) {
|
|
26
29
|
const initPromises = Object.entries(initialisable).map(([, init]) => init(targetCon, opts?.preset));
|
|
27
30
|
const inits = await Promise.all(initPromises);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAGA,OAAO,EAAkB,YAAY,EAA0B,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAGA,OAAO,EAAkB,YAAY,EAA0B,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AACnH,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAEzD,OAAO,EAAe,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACpG,OAAO,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAYhE;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,IAAI,GAAmB,EAAE,KAAK,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,aAAa,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACzG,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,iBAAiB,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QACpE,IAAI,CAAC,SAAS,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;QAC5E,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC;YACxD,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAsB,CAAC,CAAC;YACxD,IAAI,CAAC,QAAQ,CAAC,UAAsB,CAAC,GAAG,MAAa,CAAC;QACxD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,eAAe;IAEP,MAAM,CAAC,KAAK,CAAC,WAAW,CAC9B,aAA0C,EAC1C,SAAuB,EACvB,IAAuB;QAEvB,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;QACpG,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;QAC9C,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QACxC,KAAK,MAAM,SAAS,IAAI,IAAI,EAAE,CAAC;YAC7B,MAAM,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC;QACxD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,MAAM,UAAU,gBAAgB,CAAqB,UAAa;IAChE,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAiB,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IAC3D,KAAK,MAAM,SAAS,IAAI,QAAQ,CAAC,eAAe,EAAE,EAAE,CAAC;QACnD,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,GAAG;YACzB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IACD,IAAI,wBAAwB,CAAC,UAAU,CAAC,EAAE,CAAC;QACzC,OAAO,EAAE,GAAG,OAAO,EAAE,GAAG,wBAAwB,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;IACnE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { SfConnection } from '../../salesforce/index.js';
|
|
2
2
|
import { Inventories, Shapes } from '../audit-engine/registry/definitions.js';
|
|
3
3
|
import { AuditInitPresets } from './init.types.js';
|
|
4
|
-
export type Initialiser = (con:
|
|
4
|
+
export type Initialiser = (con: SfConnection, preset?: AuditInitPresets) => Promise<unknown>;
|
|
5
5
|
export declare const ShapeInitialisers: Record<Shapes, Initialiser>;
|
|
6
6
|
export declare const InventoryInitialisers: Record<Inventories, Initialiser>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"defaultClassifications.js","sourceRoot":"","sources":["../../../src/libs/conf-init/defaultClassifications.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"defaultClassifications.js","sourceRoot":"","sources":["../../../src/libs/conf-init/defaultClassifications.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAgB,KAAK,EAAE,MAAM,2BAA2B,CAAC;AAEvG,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAY1C,MAAM,CAAC,MAAM,iBAAiB,GAAgC;IAC5D,eAAe,EAAE,mBAAmB;IACpC,iBAAiB,EAAE,qBAAqB;CACzC,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAqC;IACrE,QAAQ,EAAE,YAAY;IACtB,cAAc,EAAE,kBAAkB;IAClC,KAAK,EAAE,SAAS;CACjB,CAAC;AAEF,KAAK,UAAU,mBAAmB,CAAC,GAAiB,EAAE,MAAyB;IAC7E,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,UAAU,CAAC,kBAAkB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC;IAC5D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAA8B,EAAE,CAAC;IAC7C,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QACnB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,GAAiB;IACpD,MAAM,MAAM,GAA8B,EAAE,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,UAAU,CAAC,oBAAoB,EAAE,CAAC;IACtD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACrC,GAAG,EAAE;QACL,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QACnB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,YAA0B;IACpD,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;IAC9C,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IAC9D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,YAA0B;IAC1D,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACpE,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IAC9D,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,YAA0B;IACjD,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,OAAO,GAAwB,EAAE,CAAC;IACxC,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE;QAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IACpG,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,oBAAoB,GAAG,CAAC,CAAgC,EAAE,CAAgC,EAAU,EAAE,CAC1G,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { EventEmitter } from 'node:events';
|
|
2
|
-
import { OrgDescribe, PermissionSets, Profiles, Users } from '../../salesforce/index.js';
|
|
2
|
+
import { OrgDescribe, PermissionSets, Profiles, SfConnection, Users } from '../../salesforce/index.js';
|
|
3
3
|
export default class UserPermissionScanner extends EventEmitter {
|
|
4
4
|
status = {
|
|
5
5
|
profiles: {},
|
|
@@ -10,10 +10,12 @@ export default class UserPermissionScanner extends EventEmitter {
|
|
|
10
10
|
constructor() {
|
|
11
11
|
super();
|
|
12
12
|
}
|
|
13
|
+
// PUBLIC APIS
|
|
13
14
|
async quickScan(opts) {
|
|
14
15
|
this.emitProgress({ status: 'Pending' });
|
|
15
|
-
const
|
|
16
|
-
const
|
|
16
|
+
const sfCon = await SfConnection.create(opts.targetOrg);
|
|
17
|
+
const normalizedPerms = await this.normalizePermissions(opts, sfCon);
|
|
18
|
+
const scannedEntities = await this.resolveEntities(opts, sfCon);
|
|
17
19
|
const scanResult = {
|
|
18
20
|
permissions: {},
|
|
19
21
|
scannedProfiles: Object.keys(scannedEntities.profiles),
|
|
@@ -34,9 +36,10 @@ export default class UserPermissionScanner extends EventEmitter {
|
|
|
34
36
|
this.emitProgress({ status: 'Completed' });
|
|
35
37
|
return scanResult;
|
|
36
38
|
}
|
|
37
|
-
|
|
39
|
+
// PRIVATE ZONE
|
|
40
|
+
async normalizePermissions(opts, sfCon) {
|
|
38
41
|
const sanitizedPerms = [];
|
|
39
|
-
const org = await OrgDescribe.create(
|
|
42
|
+
const org = await OrgDescribe.create(sfCon);
|
|
40
43
|
for (const permName of opts.permissions) {
|
|
41
44
|
if (org.isValid(permName)) {
|
|
42
45
|
sanitizedPerms.push(permName);
|
|
@@ -58,13 +61,13 @@ export default class UserPermissionScanner extends EventEmitter {
|
|
|
58
61
|
}
|
|
59
62
|
return sanitizedPerms;
|
|
60
63
|
}
|
|
61
|
-
async resolveEntities(opts) {
|
|
64
|
+
async resolveEntities(opts, sfCon) {
|
|
62
65
|
const promises = [];
|
|
63
66
|
this.emitProgress({ status: 'In Progress' });
|
|
64
|
-
promises.push(this.resolveProfiles(
|
|
65
|
-
promises.push(this.resolvePermissionSets(
|
|
67
|
+
promises.push(this.resolveProfiles(sfCon));
|
|
68
|
+
promises.push(this.resolvePermissionSets(sfCon));
|
|
66
69
|
if (opts.deepScan) {
|
|
67
|
-
const usersRepo = new Users(
|
|
70
|
+
const usersRepo = new Users(sfCon);
|
|
68
71
|
promises.push(usersRepo.resolve({
|
|
69
72
|
withLoginHistory: false,
|
|
70
73
|
withPermissions: true,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"userPermissionScanner.js","sourceRoot":"","sources":["../../../src/libs/quick-scan/userPermissionScanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"userPermissionScanner.js","sourceRoot":"","sources":["../../../src/libs/quick-scan/userPermissionScanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,YAAY,EAAQ,KAAK,EAAE,MAAM,2BAA2B,CAAC;AAsC7G,MAAM,CAAC,OAAO,OAAO,qBAAsB,SAAQ,YAAY;IACrD,MAAM,GAAoB;QAChC,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,EAAE;QAClB,KAAK,EAAE,EAAE;QACT,MAAM,EAAE,SAAS;KAClB,CAAC;IAEF;QACE,KAAK,EAAE,CAAC;IACV,CAAC;IAED,cAAc;IAEP,KAAK,CAAC,SAAS,CAAC,IAAsB;QAC3C,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACzC,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACrE,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAChE,MAAM,UAAU,GAAoB;YAClC,WAAW,EAAE,EAAE;YACf,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC;YACtD,qBAAqB,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC;SACnE,CAAC;QACF,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAC;YAC1E,MAAM,cAAc,GAAG,oBAAoB,CAAC,QAAQ,EAAE,eAAe,CAAC,cAAc,CAAC,CAAC;YACtF,MAAM,KAAK,GAAG,yBAAyB,CAAC,QAAQ,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;YACzF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrD,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG;oBACjC,cAAc;oBACd,QAAQ;oBACR,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBAC3C,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAC3C,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,eAAe;IAEP,KAAK,CAAC,oBAAoB,CAAC,IAAsB,EAAE,KAAmB;QAC5E,MAAM,cAAc,GAAG,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5C,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACxC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC9B,SAAS;YACX,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAC9C,IAAI,IAAI,EAAE,CAAC;gBACT,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE;oBAChC,KAAK,EAAE,QAAQ;oBACf,UAAU,EAAE,IAAI,CAAC,IAAI;iBACtB,CAAC,CAAC;gBACH,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;oBAC9B,cAAc,EAAE,QAAQ;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,cAAc,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,IAAsB,EAAE,KAAmB;QACvE,MAAM,QAAQ,GAA4B,EAAE,CAAC;QAC7C,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;QAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;QAC3C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;QACjD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC;YACnC,QAAQ,CAAC,IAAI,CACX,SAAS,CAAC,OAAO,CAAC;gBAChB,gBAAgB,EAAE,KAAK;gBACvB,eAAe,EAAE,IAAI;gBACrB,uBAAuB,EAAE,KAAK;gBAC9B,eAAe,EAAE,IAAI,CAAC,eAAe;aACtC,CAAC,CACH,CAAC;QACJ,CAAC;QACD,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAoB;YACxC,QAAQ,EAAE,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAuC,CAAC;YACnF,cAAc,EAAE,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAuC,CAAC;SAC1F,CAAC;QACF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,gBAAgB,CAAC,KAAK,GAAG,gBAAgB,CAAC,CAAC,CAAsB,CAAC;QACpE,CAAC;QACD,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,SAAuB;QACnD,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YACxC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,QAAS,CAAC;QAC3C,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7D,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,SAAuB;QACzD,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,SAAS,CAAC,CAAC;QACnD,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,UAAU,EAAE,EAAE,CACvD,IAAI,CAAC,YAAY,CAAC,EAAE,cAAc,EAAE,UAA+C,EAAE,CAAC,CACvF,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,MAAM,QAAQ,GAA0C,EAAE,CAAC;QAC3D,KAAK,MAAM,EAAE,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YACnC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,QAAS,CAAC;QACnC,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,YAAY,CAAC,MAAgC;QACnD,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,cAAc,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;QACzF,IAAI,CAAC,MAAM,CAAC,KAAK,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;CACF;AAED,SAAS,cAAc,CAAC,QAA4C;IAClE,MAAM,MAAM,GAAqC,EAAE,CAAC;IACpD,KAAK,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9D,MAAM,CAAC,UAAU,CAAC,GAAG;YACnB,eAAe,EAAE,IAAI,GAAG,CACtB,QAAQ,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CACjF;YACD,iBAAiB,EAAE,IAAI,GAAG,CACxB,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CACnF;SACF,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,yBAAyB,CAChC,QAAgB,EAChB,WAA4B,EAC5B,gBAAyB;IAEzB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACvB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,eAAe,GAA+B,EAAE,CAAC;IACvD,KAAK,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;QAClE,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC9D,IAAI,OAAO,IAAI,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,eAAe,CAAC,IAAI,CAAC;gBACnB,QAAQ;gBACR,MAAM,EAAE,WAAW,CAAC,WAAW;gBAC/B,IAAI,EAAE,SAAS;gBACf,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;aACvE,CAAC,CAAC;QACL,CAAC;QACD,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;YAC5B,KAAK,MAAM,UAAU,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;gBACjD,MAAM,OAAO,GAAG,WAAW,CAAC,cAAc,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC;gBAC/E,IAAI,OAAO,IAAI,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACrD,eAAe,CAAC,IAAI,CAAC;wBACnB,QAAQ;wBACR,MAAM,EAAE,UAAU,CAAC,uBAAuB;wBAC1C,IAAI,EAAE,gBAAgB;wBACtB,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;qBACvE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAS,oBAAoB,CAAC,QAAgB,EAAE,gBAAkD;IAChG,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE;QAClE,IAAI,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3C,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC"}
|