@j-schreiber/sf-cli-security-audit 0.20.2 → 0.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/lib/commands/org/audit/run.js +6 -2
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/libs/audit-engine/index.d.ts +8 -0
- package/lib/libs/audit-engine/registry/definitions.d.ts +8 -0
- package/lib/libs/audit-engine/registry/definitions.js +2 -0
- package/lib/libs/audit-engine/registry/definitions.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.d.ts +4 -3
- package/lib/libs/audit-engine/registry/policies/permissionSets.js +1 -0
- package/lib/libs/audit-engine/registry/policies/permissionSets.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.d.ts +3 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js +1 -0
- package/lib/libs/audit-engine/registry/policies/profiles.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js.map +1 -1
- package/lib/libs/audit-engine/registry/policy.js +2 -6
- package/lib/libs/audit-engine/registry/policy.js.map +1 -1
- package/lib/libs/audit-engine/registry/result.types.d.ts +0 -8
- package/lib/libs/audit-engine/registry/roles/roleManager.d.ts +15 -5
- package/lib/libs/audit-engine/registry/roles/roleManager.js +86 -14
- package/lib/libs/audit-engine/registry/roles/roleManager.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.types.d.ts +24 -5
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js +3 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/userRole.d.ts +28 -6
- package/lib/libs/audit-engine/registry/roles/userRole.js +102 -32
- package/lib/libs/audit-engine/registry/roles/userRole.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.d.ts +8 -0
- package/lib/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.js +39 -0
- package/lib/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.js.map +1 -0
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js +4 -16
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.d.ts +0 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js +17 -31
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.d.ts +8 -0
- package/lib/libs/audit-engine/registry/shape/schema.d.ts +33 -0
- package/lib/libs/audit-engine/registry/shape/schema.js +24 -3
- package/lib/libs/audit-engine/registry/shape/schema.js.map +1 -1
- package/lib/salesforce/mdapi/metadataRegistry.js +3 -1
- package/lib/salesforce/mdapi/metadataRegistry.js.map +1 -1
- package/messages/rules.enforceClassificationPresets.md +10 -2
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -20,7 +20,7 @@ To build from source, follow these steps
|
|
|
20
20
|
|
|
21
21
|
```bash
|
|
22
22
|
git clone https://github.com/j-schreiber/js-sf-cli-security-audit
|
|
23
|
-
|
|
23
|
+
cd js-sf-cli-security-audit
|
|
24
24
|
yarn && yarn build
|
|
25
25
|
sf plugins link .
|
|
26
26
|
```
|
|
@@ -89,7 +89,7 @@ FLAG DESCRIPTIONS
|
|
|
89
89
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
90
90
|
```
|
|
91
91
|
|
|
92
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
92
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.22.0/src/commands/org/audit/init.ts)_
|
|
93
93
|
|
|
94
94
|
## `sf org audit run`
|
|
95
95
|
|
|
@@ -134,7 +134,7 @@ FLAG DESCRIPTIONS
|
|
|
134
134
|
never truncated.
|
|
135
135
|
```
|
|
136
136
|
|
|
137
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
137
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.22.0/src/commands/org/audit/run.ts)_
|
|
138
138
|
|
|
139
139
|
## `sf org scan user-perms`
|
|
140
140
|
|
|
@@ -183,7 +183,7 @@ FLAG DESCRIPTIONS
|
|
|
183
183
|
userPermissions.yml.
|
|
184
184
|
```
|
|
185
185
|
|
|
186
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
186
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.22.0/src/commands/org/scan/user-perms.ts)_
|
|
187
187
|
|
|
188
188
|
<!-- commandsstop -->
|
|
189
189
|
|
|
@@ -167,11 +167,15 @@ function transposePoliciesToTable(result) {
|
|
|
167
167
|
return Object.entries(result.policies)
|
|
168
168
|
.filter(([, policyDetails]) => policyDetails.enabled)
|
|
169
169
|
.map(([policyName, policyDetails]) => {
|
|
170
|
-
const
|
|
170
|
+
const executedRules = policyDetails?.executedRules ? Object.keys(policyDetails.executedRules).length : 0;
|
|
171
|
+
const violatedRules = policyDetails?.executedRules
|
|
172
|
+
? Object.values(policyDetails.executedRules).filter((rule) => !rule.isCompliant).length
|
|
173
|
+
: 0;
|
|
171
174
|
return {
|
|
172
175
|
policy: capitalize(policyName),
|
|
173
176
|
isCompliant: policyDetails.isCompliant,
|
|
174
|
-
|
|
177
|
+
executedRules,
|
|
178
|
+
violatedRules,
|
|
175
179
|
auditedEntities: policyDetails.auditedEntities?.length ?? 0,
|
|
176
180
|
ignoredEntities: policyDetails.ignoredEntities?.length ?? 0,
|
|
177
181
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAMvC,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AAGrD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC;YAChE,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;QACpC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC;YACrB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;YACrD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,2BAA2B,CAAC;SAC9D,CAAC;KACH,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QAEpD,QAAQ,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC,WAAgC,EAAE,EAAE;YAC9D,QAAQ,WAAW,CAAC,QAAQ,EAAE,CAAC;gBAC7B,KAAK,cAAc;oBACjB,mCAAmC;oBACnC,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,YAAY;oBACf,WAAW,CAAC,eAAe,EAAE,CAAC;oBAC9B,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,MAAM,EAAE,CAAC;oBACrB,MAAM;YACV,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAyB,EAAE,EAAE;YACnD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/F,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB,EAAE,SAAkB;QAC1D,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACb,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,MAAmB;QACzC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACnH,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,aAAa;iBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;iBAClC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;YACrD,IAAI,CAAC,GAAG,CACN,cAAc,CAAC,OAAO,CACpB,QAAQ,CAAC,UAAU,CAAC,+BAA+B,EAAE,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAC,CAC/F,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACf,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,KAAmC;QACnE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,KAAK;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;aAClC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACd,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,YAAY;SAC3B,CAAC,CAAC;aACF,IAAI,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,CAAC;YACT,IAAI;YACJ,KAAK,EAAE,wBAAwB;YAC/B,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SAC7B,CAAC,CAAC;IACL,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7D,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD,EAAE,SAAkB;QACtG,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,+BAA+B,CAAE,CAAC;QACpE,KAAK,MAAM,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,MAAM,IAAI,GAAG,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrD,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC;gBACxB,UAAU,EAAE,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC;aAC9C,CAAC,CAAC,CAAC;YACJ,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC;gBACjD,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE;aACpD,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACtF,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;
|
|
1
|
+
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAC;AAMvC,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,MAAM,qCAAqC,CAAC;AACpE,OAAO,EAAE,OAAO,EAAE,MAAM,4BAA4B,CAAC;AAGrD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC;YAChE,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;QACpC,OAAO,EAAE,KAAK,CAAC,OAAO,CAAC;YACrB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;YACrD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,2BAA2B,CAAC;SAC9D,CAAC;KACH,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QAEpD,QAAQ,CAAC,EAAE,CAAC,aAAa,EAAE,CAAC,WAAgC,EAAE,EAAE;YAC9D,QAAQ,WAAW,CAAC,QAAQ,EAAE,CAAC;gBAC7B,KAAK,cAAc;oBACjB,mCAAmC;oBACnC,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;oBACzC,MAAM;gBACR,KAAK,YAAY;oBACf,WAAW,CAAC,eAAe,EAAE,CAAC;oBAC9B,MAAM;gBACR,KAAK,WAAW;oBACd,WAAW,CAAC,MAAM,EAAE,CAAC;oBACrB,MAAM;YACV,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,OAAyB,EAAE,EAAE;YACnD,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAC/F,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;QAC5C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB,EAAE,SAAkB;QAC1D,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACrD,IAAI,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;QACjC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACb,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,MAAmB;QACzC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;QAC/E,CAAC;QACD,MAAM,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACnH,IAAI,gBAAgB,GAAG,CAAC,EAAE,CAAC;YACzB,MAAM,oBAAoB,GAAG,MAAM,CAAC,aAAa;iBAC9C,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;iBAClC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC;YACrD,IAAI,CAAC,GAAG,CACN,cAAc,CAAC,OAAO,CACpB,QAAQ,CAAC,UAAU,CAAC,+BAA+B,EAAE,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,CAAC,CAC/F,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,CAAC,CAAC;QACjE,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACf,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,KAAmC;QACnE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,KAAK;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,QAAQ,CAAC;aAClC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YACd,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;YAC/B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,YAAY;SAC3B,CAAC,CAAC;aACF,IAAI,CAAC,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC3D,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QACD,IAAI,CAAC,KAAK,CAAC;YACT,IAAI;YACJ,KAAK,EAAE,wBAAwB;YAC/B,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SAC7B,CAAC,CAAC;IACL,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7D,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD,EAAE,SAAkB;QACtG,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,+BAA+B,CAAE,CAAC;QACpE,KAAK,MAAM,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,MAAM,IAAI,GAAG,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;gBACrD,GAAG,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC;gBACxB,UAAU,EAAE,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC;aAC9C,CAAC,CAAC,CAAC;YACJ,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC;gBACjD,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE;aACpD,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,MAAM,GAAG,SAAS,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1C,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBACtF,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAmBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACnC,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa;YAChD,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,MAAM;YACvF,CAAC,CAAC,CAAC,CAAC;QACN,OAAO;YACL,MAAM,EAAE,UAAU,CAAC,UAAU,CAAC;YAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,kBAAkB,EAAE,WAAW,CAAC,eAAe,CAAC,MAAM;QACtD,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,gBAAgB,CAAC,UAAoB;IAC5C,OAAO,OAAO,UAAU,KAAK,QAAQ;QACnC,CAAC,CAAC,cAAc,CAAC,UAAU,CAAC;QAC5B,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;AAClE,CAAC"}
|
|
@@ -25,6 +25,7 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
25
25
|
files: {
|
|
26
26
|
roles: {
|
|
27
27
|
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
28
|
+
strict: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
28
29
|
permissions: import("zod").ZodOptional<import("zod").ZodXor<readonly [import("zod").ZodArray<import("zod").ZodString>, import("zod").ZodObject<{
|
|
29
30
|
allowedClassifications: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodEnum<typeof import("./registry/shape/schema.js").PermissionRiskLevel>>>;
|
|
30
31
|
userPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
@@ -38,6 +39,13 @@ export declare const ConfigFileManager: FileManager<{
|
|
|
38
39
|
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
39
40
|
}, import("zod/v4/core").$strip>>;
|
|
40
41
|
}, import("zod/v4/core").$strip>]>>;
|
|
42
|
+
objectAccess: import("zod").ZodOptional<import("zod").ZodXor<readonly [import("zod").ZodArray<import("zod").ZodString>, import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
43
|
+
allowRead: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
44
|
+
allowCreate: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
45
|
+
allowEdit: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
46
|
+
allowDelete: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
47
|
+
viewAllFields: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
48
|
+
}, import("zod/v4/core").$strip>>]>>;
|
|
41
49
|
}, import("zod/v4/core").$strict>>;
|
|
42
50
|
};
|
|
43
51
|
permissions: {
|
|
@@ -50,6 +50,7 @@ export declare const AuditConfigShape: {
|
|
|
50
50
|
files: {
|
|
51
51
|
roles: {
|
|
52
52
|
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
53
|
+
strict: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
53
54
|
permissions: import("zod").ZodOptional<import("zod").ZodXor<readonly [import("zod").ZodArray<import("zod").ZodString>, import("zod").ZodObject<{
|
|
54
55
|
allowedClassifications: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodEnum<typeof import("./shape/schema.js").PermissionRiskLevel>>>;
|
|
55
56
|
userPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
@@ -63,6 +64,13 @@ export declare const AuditConfigShape: {
|
|
|
63
64
|
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
64
65
|
}, import("zod/v4/core").$strip>>;
|
|
65
66
|
}, import("zod/v4/core").$strip>]>>;
|
|
67
|
+
objectAccess: import("zod").ZodOptional<import("zod").ZodXor<readonly [import("zod").ZodArray<import("zod").ZodString>, import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
68
|
+
allowRead: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
69
|
+
allowCreate: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
70
|
+
allowEdit: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
71
|
+
allowDelete: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
72
|
+
viewAllFields: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
73
|
+
}, import("zod/v4/core").$strip>>]>>;
|
|
66
74
|
}, import("zod/v4/core").$strict>>;
|
|
67
75
|
};
|
|
68
76
|
permissions: {
|
|
@@ -6,6 +6,7 @@ import UsersPolicy from './policies/users.js';
|
|
|
6
6
|
import RuleRegistry from './ruleRegistry.js';
|
|
7
7
|
import AllUsedAppsUnderManagement from './rules/allUsedAppsUnderManagement.js';
|
|
8
8
|
import EnforceLoginIpRanges from './rules/enforceLoginIpRanges.js';
|
|
9
|
+
import EnforceObjectAccessOnUser from './rules/enforceObjectAccessOnUser.js';
|
|
9
10
|
import EnforcePermissionPresets from './rules/enforcePermissionPresets.js';
|
|
10
11
|
import EnforcePermissionsOnProfileLike from './rules/enforcePermissionsOnProfileLike.js';
|
|
11
12
|
import EnforcePermissionsOnUser from './rules/enforcePermissionsOnUser.js';
|
|
@@ -40,6 +41,7 @@ export const PolicyDefinitions = {
|
|
|
40
41
|
NoOtherApexApiLogins,
|
|
41
42
|
NoInactiveUsers,
|
|
42
43
|
EnforcePermissionClassifications: EnforcePermissionsOnUser,
|
|
44
|
+
EnforceObjectAccess: EnforceObjectAccessOnUser,
|
|
43
45
|
EnforcePermissionPresets,
|
|
44
46
|
NoStandardProfilesOnActiveUsers,
|
|
45
47
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/definitions.ts"],"names":[],"mappings":"AACA,OAAO,mBAAmB,MAAM,6BAA6B,CAAC;AAC9D,OAAO,oBAAoB,MAAM,8BAA8B,CAAC;AAChE,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,WAAW,MAAM,qBAAqB,CAAC;AAC9C,OAAO,YAA6C,MAAM,mBAAmB,CAAC;AAC9E,OAAO,0BAA0B,MAAM,uCAAuC,CAAC;AAC/E,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AACnE,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,+BAA+B,MAAM,4CAA4C,CAAC;AACzF,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,eAAe,MAAM,4BAA4B,CAAC;AACzD,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AACnE,OAAO,+BAA+B,MAAM,4CAA4C,CAAC;AACzF,OAAO,sBAAsB,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAkC,MAAM,mBAAmB,CAAC;AAsBxF;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,cAAc,EAAE;QACd,OAAO,EAAE,oBAAoB;QAC7B,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;SAClE;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;YACjE,oBAAoB;SACrB;KACF;IACD,KAAK,EAAE;QACL,OAAO,EAAE,WAAW;QACpB,KAAK,EAAE;YACL,oBAAoB;YACpB,eAAe;YACf,gCAAgC,EAAE,wBAAwB;YAC1D,wBAAwB;YACxB,+BAA+B;SAChC;KACF;IACD,aAAa,EAAE;QACb,OAAO,EAAE,mBAAmB;QAC5B,KAAK,EAAE;YACL,0BAA0B;YAC1B,sBAAsB;SACvB;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;KACxB;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,GAAG,oBAAoB;IACvB,aAAa,EAAE;QACb,IAAI,EAAE,MAAM,CAAC,WAAW,CACtB,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,SAAS,CAAC,EAAE,EAAE,CAAC;YACjE,UAAU;YACV;gBACE,KAAK,EAAE,SAAS,CAAC,KAAK;oBACpB,CAAC,CAAC,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC,CACrG;oBACH,CAAC,CAAC,EAAE;aACP;SACF,CAAC,CACH;KACF;CACmC,CAAC;AAEvC,MAAM,UAAU,UAAU,CACxB,UAAa,EACb,MAAsB;IAEtB,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAE/E,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
1
|
+
{"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/definitions.ts"],"names":[],"mappings":"AACA,OAAO,mBAAmB,MAAM,6BAA6B,CAAC;AAC9D,OAAO,oBAAoB,MAAM,8BAA8B,CAAC;AAChE,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,cAAc,MAAM,wBAAwB,CAAC;AACpD,OAAO,WAAW,MAAM,qBAAqB,CAAC;AAC9C,OAAO,YAA6C,MAAM,mBAAmB,CAAC;AAC9E,OAAO,0BAA0B,MAAM,uCAAuC,CAAC;AAC/E,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AACnE,OAAO,yBAAyB,MAAM,sCAAsC,CAAC;AAC7E,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,+BAA+B,MAAM,4CAA4C,CAAC;AACzF,OAAO,wBAAwB,MAAM,qCAAqC,CAAC;AAC3E,OAAO,eAAe,MAAM,4BAA4B,CAAC;AACzD,OAAO,oBAAoB,MAAM,iCAAiC,CAAC;AACnE,OAAO,+BAA+B,MAAM,4CAA4C,CAAC;AACzF,OAAO,sBAAsB,MAAM,mCAAmC,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAkC,MAAM,mBAAmB,CAAC;AAsBxF;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAsB;IAClD,cAAc,EAAE;QACd,OAAO,EAAE,oBAAoB;QAC7B,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;SAClE;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;QACvB,KAAK,EAAE;YACL,gCAAgC,EAAE,+BAA+B;YACjE,oBAAoB;SACrB;KACF;IACD,KAAK,EAAE;QACL,OAAO,EAAE,WAAW;QACpB,KAAK,EAAE;YACL,oBAAoB;YACpB,eAAe;YACf,gCAAgC,EAAE,wBAAwB;YAC1D,mBAAmB,EAAE,yBAAyB;YAC9C,wBAAwB;YACxB,+BAA+B;SAChC;KACF;IACD,aAAa,EAAE;QACb,OAAO,EAAE,mBAAmB;QAC5B,KAAK,EAAE;YACL,0BAA0B;YAC1B,sBAAsB;SACvB;KACF;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;KACxB;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG;IAC9B,GAAG,oBAAoB;IACvB,aAAa,EAAE;QACb,IAAI,EAAE,MAAM,CAAC,WAAW,CACtB,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,SAAS,CAAC,EAAE,EAAE,CAAC;YACjE,UAAU;YACV;gBACE,KAAK,EAAE,SAAS,CAAC,KAAK;oBACpB,CAAC,CAAC,MAAM,CAAC,WAAW,CAChB,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,UAAU,EAAE,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC,CAAC,CACrG;oBACH,CAAC,CAAC,EAAE;aACP;SACF,CAAC,CACH;KACF;CACmC,CAAC;AAEvC,MAAM,UAAU,UAAU,CACxB,UAAa,EACb,MAAsB;IAEtB,MAAM,GAAG,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,EAAE,IAAI,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAE/E,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -4,15 +4,16 @@ import RuleRegistry from '../ruleRegistry.js';
|
|
|
4
4
|
import { AuditContext } from '../context.types.js';
|
|
5
5
|
import { AuditRunConfig } from '../definitions.js';
|
|
6
6
|
import { PolicyConfig } from '../shape/schema.js';
|
|
7
|
-
export type
|
|
7
|
+
export type ResolvedPermissionSet = PermissionSet & {
|
|
8
8
|
role: string;
|
|
9
|
+
type: 'PermissionSet';
|
|
9
10
|
};
|
|
10
|
-
export default class PermissionSetsPolicy extends Policy<
|
|
11
|
+
export default class PermissionSetsPolicy extends Policy<ResolvedPermissionSet> {
|
|
11
12
|
config: PolicyConfig;
|
|
12
13
|
auditConfig: AuditRunConfig;
|
|
13
14
|
private totalEntities;
|
|
14
15
|
private readonly classifications;
|
|
15
16
|
constructor(config: PolicyConfig, auditConfig: AuditRunConfig, registry: RuleRegistry);
|
|
16
|
-
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<
|
|
17
|
+
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedPermissionSet>>;
|
|
17
18
|
private buildIgnoredEntities;
|
|
18
19
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAiB,cAAc,EAAE,MAAM,iCAAiC,CAAC;AAChF,OAAO,MAA+B,MAAM,cAAc,CAAC;AAK3D,OAAO,EAA8C,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEpG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAOjG,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,MAA6B;IAInD;IAA6B;IAH/C,aAAa,CAAS;IACb,eAAe,CAA+B;IAE/D,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAD/B,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,cAAc,IAAI,EAAE,CAAC;QACvE,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;IAChE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrE,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC,CAAC;QAChG,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QAC/D,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CACjE,CAAC,WAAW,EAAE,EAAE,CAAC,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,CAC5D,CAAC;QACF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC7G,MAAM,gBAAgB,GAA0C,EAAE,CAAC;QACnE,KAAK,MAAM,WAAW,IAAI,kBAAkB,EAAE,CAAC;YAC7C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACnD,IAAI,QAAQ,EAAE,CAAC;gBACb,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ;oBACX,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,IAAI;oBAC5C,IAAI,EAAE,eAAe;iBACtB,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,IAAI,CAAC,aAAa;SAC7B,CAAC,CAAC;QACH,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;IAEO,oBAAoB,CAAC,WAAuC;QAClE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC9D,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC;iBACnE,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,eAAe,CAAC;IACzB,CAAC;CACF"}
|
|
@@ -4,7 +4,9 @@ import Policy, { ResolveEntityResult } from '../policy.js';
|
|
|
4
4
|
import RuleRegistry from '../ruleRegistry.js';
|
|
5
5
|
import { AuditRunConfig } from '../definitions.js';
|
|
6
6
|
import { PolicyConfig, ProfileClassifications } from '../shape/schema.js';
|
|
7
|
-
export type ResolvedProfile = Profile & ProfileClassifications['string']
|
|
7
|
+
export type ResolvedProfile = Profile & ProfileClassifications['string'] & {
|
|
8
|
+
type: string;
|
|
9
|
+
};
|
|
8
10
|
export default class ProfilesPolicy extends Policy<ResolvedProfile> {
|
|
9
11
|
config: PolicyConfig;
|
|
10
12
|
auditConfig: AuditRunConfig;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAW,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAIrE,OAAO,EAAwC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE9F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AASjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAuB;IAIvC;IAA6B;IAH/C,YAAY,GAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,eAAe,CAAyB;IAEzD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADzB,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC;QACjE,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC9D,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC;QACpG,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACrG,MAAM,gBAAgB,GAAoC,EAAE,CAAC;QAC7D,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3D,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAE;oBAC7B,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAW,QAAQ,EAAE,MAAM,iCAAiC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAIrE,OAAO,EAAwC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE9F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AASjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAuB;IAIvC;IAA6B;IAH/C,YAAY,GAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC;IAC9C,eAAe,CAAyB;IAEzD,YAA0B,MAAoB,EAAS,WAA2B,EAAE,QAAsB;QACxG,KAAK,CAAC,UAAU,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADzB,WAAM,GAAN,MAAM,CAAc;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEhF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,QAAQ,IAAI,EAAE,CAAC;QACjE,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC;QACzC,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC/D,MAAM,WAAW,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;QACjD,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,WAAW,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,IAAI,UAAU,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC9D,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBACzC,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;YAC3C,IAAI,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBACrD,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG;oBAC9B,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC;iBACtD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,kBAAkB,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,EAAE,CAAC,CAAC;QACpG,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;QACrG,MAAM,gBAAgB,GAAoC,EAAE,CAAC;QAC7D,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3D,gBAAgB,CAAC,WAAW,CAAC,GAAG;oBAC9B,GAAG,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAE;oBAC7B,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC;oBACpC,IAAI,EAAE,SAAS;iBAChB,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QACrF,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,kBAAkB,CAAC,MAA6B;QACtD,IAAI,CAAC,YAAY,GAAG,EAAE,GAAG,IAAI,CAAC,YAAY,EAAE,GAAG,MAAM,EAAE,CAAC;QACxD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;CACF"}
|
|
@@ -67,7 +67,7 @@ function buildResolveOptions(policyConfig) {
|
|
|
67
67
|
if (policyConfig.rules['EnforcePermissionPresets']) {
|
|
68
68
|
opts.withPermissions = true;
|
|
69
69
|
}
|
|
70
|
-
if (policyConfig.rules['EnforcePermissionClassifications']) {
|
|
70
|
+
if (policyConfig.rules['EnforcePermissionClassifications'] || policyConfig.rules['EnforceObjectAccess']) {
|
|
71
71
|
opts.withPermissions = true;
|
|
72
72
|
opts.withPermissionsMetadata = true;
|
|
73
73
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAA6B,KAAK,EAAE,MAAM,iCAAiC,CAAC;AACnF,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAGrE,OAAO,EAAyC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG/F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,MAAoB;IAKjC;IAAiC;IAJnD,aAAa,CAAS;IACb,eAAe,CAAsB;IACrC,cAAc,CAA+B;IAE9D,YAA0B,MAAwB,EAAS,WAA2B,EAAE,QAAsB;QAC5G,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADtB,WAAM,GAAN,MAAM,CAAkB;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEpF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9D,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;QAC9D,IAAI,CAAC,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,qBAAqB,CAAC,KAAwB;QACpD,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,MAAM,SAAS,GAAiB;gBAC9B,GAAG,IAAI;gBACP,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B;aAClG,CAAC;YACF,IAAI,SAAS,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC7D,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAC/B,IAAI,EAAE,IAAI,CAAC,QAAQ;oBACnB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;iBACvD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;YAC9C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,YAA8B;IACzD,MAAM,IAAI,GAAiC,EAAE,CAAC;IAC9C,IAAI,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACxF,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,IAAI,CAAC,yBAAyB,GAAG,YAAY,CAAC,OAAO,CAAC,8BAA8B,CAAC;IACvF,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;IAC9B,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,kCAAkC,CAAC,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/policies/users.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAA6B,KAAK,EAAE,MAAM,iCAAiC,CAAC;AACnF,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,cAAc,CAAC;AAGrE,OAAO,EAAyC,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAG/F,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAMjG,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,MAAoB;IAKjC;IAAiC;IAJnD,aAAa,CAAS;IACb,eAAe,CAAsB;IACrC,cAAc,CAA+B;IAE9D,YAA0B,MAAwB,EAAS,WAA2B,EAAE,QAAsB;QAC5G,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QADtB,WAAM,GAAN,MAAM,CAAkB;QAAS,gBAAW,GAAX,WAAW,CAAgB;QAEpF,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,IAAI,EAAE,CAAC;QAC9D,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,CAAC;QAC9D,IAAI,CAAC,cAAc,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACzD,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,aAAa,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,qBAAqB,CAAC,KAAwB;QACpD,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,MAAM,SAAS,GAAiB;gBAC9B,GAAG,IAAI;gBACP,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B;aAClG,CAAC;YACF,IAAI,SAAS,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC;gBAC7D,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAC/B,IAAI,EAAE,IAAI,CAAC,QAAQ;oBACnB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;iBACvD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,SAAS,CAAC;YAC9C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;IAC/E,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,YAA8B;IACzD,MAAM,IAAI,GAAiC,EAAE,CAAC;IAC9C,IAAI,YAAY,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACxF,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC;QAC7B,IAAI,CAAC,yBAAyB,GAAG,YAAY,CAAC,OAAO,CAAC,8BAA8B,CAAC;IACvF,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,0BAA0B,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;IAC9B,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,kCAAkC,CAAC,IAAI,YAAY,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACxG,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;IACtC,CAAC;IACD,IAAI,YAAY,CAAC,KAAK,CAAC,iCAAiC,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,uBAAuB,GAAG,IAAI,CAAC;IACtC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|
|
@@ -39,13 +39,9 @@ export default class Policy extends EventEmitter {
|
|
|
39
39
|
return {};
|
|
40
40
|
}
|
|
41
41
|
const { resolvedEntities } = await this.resolve(context);
|
|
42
|
-
const
|
|
43
|
-
for (const rule of this.resolvedRules.enabledRules) {
|
|
44
|
-
ruleResultPromises.push(rule.run({ ...context, resolvedEntities }));
|
|
45
|
-
}
|
|
42
|
+
const ruleResults = await Promise.all(this.resolvedRules.enabledRules.map((rule) => rule.run({ ...context, resolvedEntities })));
|
|
46
43
|
const results = {};
|
|
47
|
-
const
|
|
48
|
-
for (const result of promises) {
|
|
44
|
+
for (const result of ruleResults) {
|
|
49
45
|
results[result.ruleName] = result;
|
|
50
46
|
}
|
|
51
47
|
return results;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAmBvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAK9C;IACH;IACA;IACG;IAPF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACY,UAAoB,EACvB,MAAoB,EACpB,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QALE,eAAU,GAAV,UAAU,CAAU;QACvB,WAAM,GAAN,MAAM,CAAc;QACpB,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;IACzC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,QAAQ,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QAChE,CAAC;QACD,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,YAAY,CAAC,OAAqB;QAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACzD,MAAM,
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/audit-engine/registry/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAmBvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAK9C;IACH;IACA;IACG;IAPF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACY,UAAoB,EACvB,MAAoB,EACpB,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QALE,eAAU,GAAV,UAAU,CAAU;QACvB,WAAM,GAAN,MAAM,CAAc;QACpB,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;IACzC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,QAAQ,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QAChE,CAAC;QACD,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,YAAY,CAAC,OAAqB;QAC7C,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACzD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CACnC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,CAAC,CAAC,CAC1F,CAAC;QACF,MAAM,OAAO,GAAuB,EAAE,CAAC;QACvC,KAAK,MAAM,MAAM,IAAI,WAAW,EAAE,CAAC;YACjC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;QACpC,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;OAMG;IACI,QAAQ,CAAC,cAAkC,EAAE,WAA0B;QAC5E,MAAM,aAAa,GAAG,IAAI,CAAC,QAAS,CAAC;QACrC,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE,CAAC;YACvD,MAAM,cAAc,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YACtE,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAI,cAAc,EAAE,aAAa,CAAC,CAAC;YACvG,aAAa,CAAC,cAAc,CAAC,QAAQ,CAAC,GAAG;gBACvC,GAAG,cAAc;gBACjB,WAAW,EAAE,cAAc,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBACnD,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO;YAC5B,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAAgC;IAEhC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO;QACL,iBAAiB,EAAE,UAAU,CAAC,iBAAiB,IAAI,iBAAiB;QACpE,gBAAgB,EAAE,UAAU,CAAC,gBAAgB,IAAI,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;KAC9E,CAAC;AACJ,CAAC;AAED,6DAA6D;AAC7D,wDAAwD;AACxD,MAAM,UAAU,QAAQ,CAAC,aAA2C;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}
|
|
@@ -132,14 +132,6 @@ export type AuditPolicyResult = {
|
|
|
132
132
|
* List of rules that exist for the policy that were not executed.
|
|
133
133
|
*/
|
|
134
134
|
skippedRules: PolicyRuleSkipResult[];
|
|
135
|
-
/**
|
|
136
|
-
* If the policy was not enabled, a brief message that explains why.
|
|
137
|
-
*/
|
|
138
|
-
disabledReason?: string;
|
|
139
|
-
/**
|
|
140
|
-
* Path to the config file that was processed for this audit.
|
|
141
|
-
*/
|
|
142
|
-
configPath?: string;
|
|
143
135
|
/**
|
|
144
136
|
* A full list of audited entities. Use together with violations to see, which
|
|
145
137
|
* entities were not compliant.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { EventEmitter } from 'node:events';
|
|
2
|
-
import {
|
|
2
|
+
import { ProfileLike, RoleManagerConfig, ScanResult, UserRoleCompareResult } from './roleManager.types.js';
|
|
3
3
|
import UserRole from './userRole.js';
|
|
4
4
|
export default class RoleManager extends EventEmitter {
|
|
5
5
|
private readonly auditConfig;
|
|
@@ -10,12 +10,21 @@ export default class RoleManager extends EventEmitter {
|
|
|
10
10
|
* get a unified scan result with violations (risk level not allowed) and warnings
|
|
11
11
|
* (risk level not classified)
|
|
12
12
|
*
|
|
13
|
-
* @param
|
|
14
|
-
* @param
|
|
13
|
+
* @param role The desired role
|
|
14
|
+
* @param profileLikes List or single instance of profiles to audit
|
|
15
15
|
* @param rootIdentifier Optional root identifier for messages to prepend.
|
|
16
16
|
* @returns
|
|
17
17
|
*/
|
|
18
|
-
|
|
18
|
+
scanPermissions(role: string, profileLikes: ProfileLike[] | ProfileLike, identifier?: string[]): ScanResult;
|
|
19
|
+
/**
|
|
20
|
+
* Scans object permissions of a profile or permission set and compares with
|
|
21
|
+
* the permissions that are allowed by the role.
|
|
22
|
+
*
|
|
23
|
+
* @param profileLike
|
|
24
|
+
* @param rootIdentifier
|
|
25
|
+
* @returns
|
|
26
|
+
*/
|
|
27
|
+
scanObjectAccess(role: string, profileLikes: ProfileLike[], rootIdentifier?: string[]): ScanResult;
|
|
19
28
|
/**
|
|
20
29
|
* Checks if a given role name is a valid role for the context
|
|
21
30
|
* of the current audit run.
|
|
@@ -39,7 +48,8 @@ export default class RoleManager extends EventEmitter {
|
|
|
39
48
|
* @returns
|
|
40
49
|
*/
|
|
41
50
|
getRole(roleName: string): UserRole;
|
|
42
|
-
private
|
|
51
|
+
private assertProfileLikeIntegrity;
|
|
52
|
+
private scanPermissionList;
|
|
43
53
|
private resolvePerm;
|
|
44
54
|
private resolveUserPerm;
|
|
45
55
|
private resolveCustomPerm;
|
|
@@ -2,6 +2,7 @@ import { EventEmitter } from 'node:events';
|
|
|
2
2
|
import { Messages } from '@salesforce/core';
|
|
3
3
|
import { PermissionRiskLevel, UserPrivilegeLevel } from '../shape/schema.js';
|
|
4
4
|
import { AuditRunLifecycleBus } from '../../auditRunLifecycle.js';
|
|
5
|
+
import { isRefinedProfileLike, } from './roleManager.types.js';
|
|
5
6
|
import { newRoleFromDefinition, newRoleFromOrdinals } from './userRole.js';
|
|
6
7
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
7
8
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
|
|
@@ -36,20 +37,50 @@ export default class RoleManager extends EventEmitter {
|
|
|
36
37
|
* get a unified scan result with violations (risk level not allowed) and warnings
|
|
37
38
|
* (risk level not classified)
|
|
38
39
|
*
|
|
39
|
-
* @param
|
|
40
|
-
* @param
|
|
40
|
+
* @param role The desired role
|
|
41
|
+
* @param profileLikes List or single instance of profiles to audit
|
|
41
42
|
* @param rootIdentifier Optional root identifier for messages to prepend.
|
|
42
43
|
* @returns
|
|
43
44
|
*/
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
45
|
+
scanPermissions(role, profileLikes, identifier = []) {
|
|
46
|
+
const profileLikesInput = Array.isArray(profileLikes) ? profileLikes : [profileLikes];
|
|
47
|
+
const result = { violations: [], warnings: [], errors: [] };
|
|
48
|
+
const refineResult = this.assertProfileLikeIntegrity(role, profileLikesInput, identifier);
|
|
49
|
+
result.errors.push(...refineResult.errors);
|
|
50
|
+
if (refineResult.role && refineResult.profileLikes.length > 0) {
|
|
51
|
+
for (const profileLike of refineResult.profileLikes) {
|
|
52
|
+
const localIdentifier = [...identifier, profileLike.name];
|
|
53
|
+
for (const permKey of ['userPermissions', 'customPermissions']) {
|
|
54
|
+
const { violations, warnings } = this.scanPermissionList(refineResult.role, profileLike, permKey, localIdentifier);
|
|
55
|
+
result.violations.push(...violations);
|
|
56
|
+
result.warnings.push(...warnings);
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
return result;
|
|
61
|
+
}
|
|
62
|
+
/**
|
|
63
|
+
* Scans object permissions of a profile or permission set and compares with
|
|
64
|
+
* the permissions that are allowed by the role.
|
|
65
|
+
*
|
|
66
|
+
* @param profileLike
|
|
67
|
+
* @param rootIdentifier
|
|
68
|
+
* @returns
|
|
69
|
+
*/
|
|
70
|
+
scanObjectAccess(role, profileLikes, rootIdentifier = []) {
|
|
71
|
+
const result = { violations: [], warnings: [], errors: [] };
|
|
72
|
+
const refineResult = this.assertProfileLikeIntegrity(role, profileLikes, rootIdentifier);
|
|
73
|
+
result.errors.push(...refineResult.errors);
|
|
74
|
+
if (refineResult.role && refineResult.profileLikes.length > 0) {
|
|
75
|
+
for (const profileLike of refineResult.profileLikes) {
|
|
76
|
+
const violations = scanProfileObjectPermissions(refineResult.role, profileLike, [
|
|
77
|
+
...rootIdentifier,
|
|
78
|
+
profileLike.name,
|
|
79
|
+
]);
|
|
80
|
+
result.violations.push(...violations);
|
|
81
|
+
}
|
|
47
82
|
}
|
|
48
|
-
|
|
49
|
-
const customPermsResult = this.scanPermissions(profileLike, 'customPermissions', rootIdentifier);
|
|
50
|
-
userPermsResult.violations.push(...customPermsResult.violations);
|
|
51
|
-
userPermsResult.warnings.push(...customPermsResult.warnings);
|
|
52
|
-
return userPermsResult;
|
|
83
|
+
return result;
|
|
53
84
|
}
|
|
54
85
|
/**
|
|
55
86
|
* Checks if a given role name is a valid role for the context
|
|
@@ -88,11 +119,34 @@ export default class RoleManager extends EventEmitter {
|
|
|
88
119
|
throw messages.createError('TriedToAccessRoleThatDoesNotExist', [roleName]);
|
|
89
120
|
}
|
|
90
121
|
// PRIVATE ZONE
|
|
91
|
-
|
|
122
|
+
assertProfileLikeIntegrity(role, profileLikes, identifier) {
|
|
123
|
+
const refineResult = { errors: [], profileLikes: [], role: undefined };
|
|
124
|
+
if (this.isValidRole(role)) {
|
|
125
|
+
refineResult.role = this.getRole(role);
|
|
126
|
+
}
|
|
127
|
+
else {
|
|
128
|
+
refineResult.errors.push(...profileLikes.map((pl) => ({
|
|
129
|
+
identifier: [...identifier, pl.name],
|
|
130
|
+
message: messages.getMessage('error.failed-to-resolve-role', [role]),
|
|
131
|
+
})));
|
|
132
|
+
}
|
|
133
|
+
for (const pl of profileLikes) {
|
|
134
|
+
if (isRefinedProfileLike(pl)) {
|
|
135
|
+
refineResult.profileLikes.push(pl);
|
|
136
|
+
}
|
|
137
|
+
else {
|
|
138
|
+
refineResult.errors.push({
|
|
139
|
+
identifier: [...identifier, pl.name],
|
|
140
|
+
message: messages.getMessage('errors.profile-like-has-no-metadata', [pl.type]),
|
|
141
|
+
});
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
return refineResult;
|
|
145
|
+
}
|
|
146
|
+
scanPermissionList(role, profile, permissionType, rootIdentifier) {
|
|
92
147
|
const result = { warnings: [], violations: [] };
|
|
93
|
-
const role = this.getRole(profile.role);
|
|
94
148
|
for (const perm of profile.metadata[permissionType]) {
|
|
95
|
-
const identifier =
|
|
149
|
+
const identifier = [...rootIdentifier, perm.name];
|
|
96
150
|
const permClassification = this.resolvePerm(perm.name, permissionType);
|
|
97
151
|
if (permClassification) {
|
|
98
152
|
if (permClassification.classification === PermissionRiskLevel.BLOCKED) {
|
|
@@ -106,7 +160,7 @@ export default class RoleManager extends EventEmitter {
|
|
|
106
160
|
identifier,
|
|
107
161
|
message: messages.getMessage('violations.classification-preset-mismatch', [
|
|
108
162
|
permClassification.classification,
|
|
109
|
-
|
|
163
|
+
role.roleName,
|
|
110
164
|
]),
|
|
111
165
|
});
|
|
112
166
|
}
|
|
@@ -153,6 +207,24 @@ export default class RoleManager extends EventEmitter {
|
|
|
153
207
|
return undefined;
|
|
154
208
|
}
|
|
155
209
|
}
|
|
210
|
+
function scanProfileObjectPermissions(role, profileLike, identifier) {
|
|
211
|
+
const violations = [];
|
|
212
|
+
for (const objectAccess of profileLike.metadata.objectPermissions ?? []) {
|
|
213
|
+
const allowedAccess = role.getObjectAccess(objectAccess.object);
|
|
214
|
+
for (const accessKey of ['allowRead', 'allowCreate', 'allowEdit', 'allowDelete', 'viewAllFields']) {
|
|
215
|
+
if (Object.hasOwn(objectAccess, accessKey)) {
|
|
216
|
+
const grantedAccess = objectAccess[accessKey];
|
|
217
|
+
if (grantedAccess && !allowedAccess[accessKey]) {
|
|
218
|
+
violations.push({
|
|
219
|
+
identifier: [...identifier, objectAccess.object, accessKey],
|
|
220
|
+
message: messages.getMessage('violations.object-access-denied', [role.roleName]),
|
|
221
|
+
});
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
return violations;
|
|
227
|
+
}
|
|
156
228
|
function nameClassification(permName, perm) {
|
|
157
229
|
return perm ? { name: permName, ...perm } : undefined;
|
|
158
230
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"roleManager.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/roles/roleManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAA6B,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxG,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;
|
|
1
|
+
{"version":3,"file":"roleManager.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/roles/roleManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAA6B,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxG,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AAClE,OAAO,EACL,oBAAoB,GAQrB,MAAM,wBAAwB,CAAC;AAChC,OAAiB,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAErF,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAQnH,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,YAAY;IAGf;IAF5B,KAAK,GAA6B,EAAE,CAAC;IAE7C,YAAoC,WAA8B;QAChE,KAAK,EAAE,CAAC;QAD0B,gBAAW,GAAX,WAAW,CAAmB;QAEhE,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACpC,KAAK,MAAM,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzE,MAAM,cAAc,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;gBAC3C,IAAI,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC;oBAC/B,oBAAoB,CAAC,eAAe,CAClC,QAAQ,CAAC,UAAU,CAAC,iCAAiC,EAAE;wBACrD,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,QAAQ;wBACnC,cAAc;qBACf,CAAC,CACH,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,GAAG,qBAAqB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;gBACjF,CAAC;YACH,CAAC;QACH,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,UAAU,IAAI,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBAC3D,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,GAAG,mBAAmB,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,eAAe,CAAC,CAAC;YAC/G,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACI,eAAe,CACpB,IAAY,EACZ,YAAyC,EACzC,aAAuB,EAAE;QAEzB,MAAM,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QACtF,MAAM,MAAM,GAAe,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;QACxE,MAAM,YAAY,GAAG,IAAI,CAAC,0BAA0B,CAAC,IAAI,EAAE,iBAAiB,EAAE,UAAU,CAAC,CAAC;QAC1F,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9D,KAAK,MAAM,WAAW,IAAI,YAAY,CAAC,YAAY,EAAE,CAAC;gBACpD,MAAM,eAAe,GAAG,CAAC,GAAG,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,CAAC;gBAC1D,KAAK,MAAM,OAAO,IAAI,CAAC,iBAAiB,EAAE,mBAAmB,CAAU,EAAE,CAAC;oBACxE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,kBAAkB,CACtD,YAAY,CAAC,IAAI,EACjB,WAAW,EACX,OAAO,EACP,eAAe,CAChB,CAAC;oBACF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;oBACtC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;OAOG;IACI,gBAAgB,CAAC,IAAY,EAAE,YAA2B,EAAE,iBAA2B,EAAE;QAC9F,MAAM,MAAM,GAAe,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;QACxE,MAAM,YAAY,GAAG,IAAI,CAAC,0BAA0B,CAAC,IAAI,EAAE,YAAY,EAAE,cAAc,CAAC,CAAC;QACzF,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,YAAY,CAAC,IAAI,IAAI,YAAY,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9D,KAAK,MAAM,WAAW,IAAI,YAAY,CAAC,YAAY,EAAE,CAAC;gBACpD,MAAM,UAAU,GAAG,4BAA4B,CAAC,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE;oBAC9E,GAAG,cAAc;oBACjB,WAAW,CAAC,IAAI;iBACjB,CAAC,CAAC;gBACH,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;YACxC,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;OAMG;IACI,WAAW,CAAC,QAAgB;QACjC,MAAM,kBAAkB,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACI,OAAO,CAAC,YAAoB,EAAE,eAAuB;QAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QAChD,OAAO,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;IAED;;;;;OAKG;IACI,OAAO,CAAC,QAAgB;QAC7B,MAAM,kBAAkB,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/C,IAAI,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,QAAQ,CAAC,WAAW,CAAC,mCAAmC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,wBAAwB;IAEhB,0BAA0B,CAChC,IAAY,EACZ,YAA2B,EAC3B,UAAoB;QAEpB,MAAM,YAAY,GAA4B,EAAE,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAChG,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3B,YAAY,CAAC,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,YAAY,CAAC,MAAM,CAAC,IAAI,CACtB,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBAC3B,UAAU,EAAE,CAAC,GAAG,UAAU,EAAE,EAAE,CAAC,IAAI,CAAC;gBACpC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,EAAE,CAAC,IAAI,CAAC,CAAC;aACrE,CAAC,CAAC,CACJ,CAAC;QACJ,CAAC;QACD,KAAK,MAAM,EAAE,IAAI,YAAY,EAAE,CAAC;YAC9B,IAAI,oBAAoB,CAAC,EAAE,CAAC,EAAE,CAAC;gBAC7B,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrC,CAAC;iBAAM,CAAC;gBACN,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC;oBACvB,UAAU,EAAE,CAAC,GAAG,UAAU,EAAE,EAAE,CAAC,IAAI,CAAC;oBACpC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;iBAC/E,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,kBAAkB,CACxB,IAAc,EACd,OAA2B,EAC3B,cAAkC,EAClC,cAAwB;QAExB,MAAM,MAAM,GAAgD,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC7F,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;YACpD,MAAM,UAAU,GAAG,CAAC,GAAG,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,kBAAkB,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;YACvE,IAAI,kBAAkB,EAAE,CAAC;gBACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;oBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;qBACjE,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,kBAAkB,CAAC,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;oBACpF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;4BACxE,kBAAkB,CAAC,cAAc;4BACjC,IAAI,CAAC,QAAQ;yBACd,CAAC;qBACH,CAAC,CAAC;gBACL,CAAC;qBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;oBAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;qBAC5D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,EAAE,CAAC;gBACpE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,iCAAiC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;iBACjF,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACnB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;iBACnE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,WAAW,CAAC,QAAgB,EAAE,QAA4B;QAChE,IAAI,QAAQ,KAAK,iBAAiB,EAAE,CAAC;YACnC,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QACxC,CAAC;aAAM,IAAI,QAAQ,KAAK,mBAAmB,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,QAAgB;QACtC,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,eAAe,EAAE,CAAC;YAC5C,OAAO,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxF,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,iBAAiB,CAAC,QAAgB;QACxC,IAAI,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,iBAAiB,EAAE,CAAC;YAC9C,OAAO,kBAAkB,CAAC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1F,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAED,SAAS,4BAA4B,CACnC,IAAc,EACd,WAA+B,EAC/B,UAAoB;IAEpB,MAAM,UAAU,GAA6B,EAAE,CAAC;IAChD,KAAK,MAAM,YAAY,IAAI,WAAW,CAAC,QAAQ,CAAC,iBAAiB,IAAI,EAAE,EAAE,CAAC;QACxE,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAChE,KAAK,MAAM,SAAS,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,aAAa,EAAE,eAAe,CAAU,EAAE,CAAC;YAC3G,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,EAAE,CAAC;gBAC3C,MAAM,aAAa,GAAG,YAAY,CAAC,SAAsC,CAAC,CAAC;gBAC3E,IAAI,aAAa,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC/C,UAAU,CAAC,IAAI,CAAC;wBACd,UAAU,EAAE,CAAC,GAAG,UAAU,EAAE,YAAY,CAAC,MAAM,EAAE,SAAS,CAAC;wBAC3D,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,iCAAiC,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;qBACjF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAA0C;IAE1C,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC;AAED,SAAS,SAAS,CAAC,QAAgB;IACjC,OAAO,QAAQ,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;AACrD,CAAC"}
|