@j-schreiber/sf-cli-security-audit 0.20.2 → 0.22.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/lib/commands/org/audit/run.js +6 -2
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/libs/audit-engine/index.d.ts +8 -0
- package/lib/libs/audit-engine/registry/definitions.d.ts +8 -0
- package/lib/libs/audit-engine/registry/definitions.js +2 -0
- package/lib/libs/audit-engine/registry/definitions.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.d.ts +4 -3
- package/lib/libs/audit-engine/registry/policies/permissionSets.js +1 -0
- package/lib/libs/audit-engine/registry/policies/permissionSets.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.d.ts +3 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js +1 -0
- package/lib/libs/audit-engine/registry/policies/profiles.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js.map +1 -1
- package/lib/libs/audit-engine/registry/policy.js +2 -6
- package/lib/libs/audit-engine/registry/policy.js.map +1 -1
- package/lib/libs/audit-engine/registry/result.types.d.ts +0 -8
- package/lib/libs/audit-engine/registry/roles/roleManager.d.ts +15 -5
- package/lib/libs/audit-engine/registry/roles/roleManager.js +86 -14
- package/lib/libs/audit-engine/registry/roles/roleManager.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.types.d.ts +24 -5
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js +3 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/userRole.d.ts +28 -6
- package/lib/libs/audit-engine/registry/roles/userRole.js +102 -32
- package/lib/libs/audit-engine/registry/roles/userRole.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.d.ts +8 -0
- package/lib/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.js +39 -0
- package/lib/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.js.map +1 -0
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js +4 -16
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.d.ts +0 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js +17 -31
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.d.ts +8 -0
- package/lib/libs/audit-engine/registry/shape/schema.d.ts +33 -0
- package/lib/libs/audit-engine/registry/shape/schema.js +24 -3
- package/lib/libs/audit-engine/registry/shape/schema.js.map +1 -1
- package/lib/salesforce/mdapi/metadataRegistry.js +3 -1
- package/lib/salesforce/mdapi/metadataRegistry.js.map +1 -1
- package/messages/rules.enforceClassificationPresets.md +10 -2
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
|
@@ -50,6 +50,13 @@ export declare const PermissionControlSchema: z.ZodObject<{
|
|
|
50
50
|
required: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
51
51
|
}, z.z.core.$strip>>;
|
|
52
52
|
}, z.z.core.$strip>;
|
|
53
|
+
export declare const ObjectAccessControlSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
54
|
+
allowRead: z.ZodOptional<z.ZodBoolean>;
|
|
55
|
+
allowCreate: z.ZodOptional<z.ZodBoolean>;
|
|
56
|
+
allowEdit: z.ZodOptional<z.ZodBoolean>;
|
|
57
|
+
allowDelete: z.ZodOptional<z.ZodBoolean>;
|
|
58
|
+
viewAllFields: z.ZodOptional<z.ZodBoolean>;
|
|
59
|
+
}, z.z.core.$strip>>;
|
|
53
60
|
export declare const PermissionControlsFileSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
54
61
|
allowedClassifications: z.ZodOptional<z.ZodArray<z.ZodEnum<typeof PermissionRiskLevel>>>;
|
|
55
62
|
userPermissions: z.ZodOptional<z.ZodObject<{
|
|
@@ -63,7 +70,15 @@ export declare const PermissionControlsFileSchema: z.ZodRecord<z.ZodString, z.Zo
|
|
|
63
70
|
required: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
64
71
|
}, z.z.core.$strip>>;
|
|
65
72
|
}, z.z.core.$strip>>;
|
|
73
|
+
export declare const ObjectAccessControlFileSchema: z.ZodRecord<z.ZodString, z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
74
|
+
allowRead: z.ZodOptional<z.ZodBoolean>;
|
|
75
|
+
allowCreate: z.ZodOptional<z.ZodBoolean>;
|
|
76
|
+
allowEdit: z.ZodOptional<z.ZodBoolean>;
|
|
77
|
+
allowDelete: z.ZodOptional<z.ZodBoolean>;
|
|
78
|
+
viewAllFields: z.ZodOptional<z.ZodBoolean>;
|
|
79
|
+
}, z.z.core.$strip>>>;
|
|
66
80
|
export declare const ResolvedRoleDefinitionSchema: z.ZodObject<{
|
|
81
|
+
strict: z.ZodOptional<z.ZodBoolean>;
|
|
67
82
|
permissions: z.ZodOptional<z.ZodObject<{
|
|
68
83
|
allowedClassifications: z.ZodOptional<z.ZodArray<z.ZodEnum<typeof PermissionRiskLevel>>>;
|
|
69
84
|
userPermissions: z.ZodOptional<z.ZodObject<{
|
|
@@ -77,8 +92,16 @@ export declare const ResolvedRoleDefinitionSchema: z.ZodObject<{
|
|
|
77
92
|
required: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
78
93
|
}, z.z.core.$strip>>;
|
|
79
94
|
}, z.z.core.$strip>>;
|
|
95
|
+
objectAccess: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
96
|
+
allowRead: z.ZodOptional<z.ZodBoolean>;
|
|
97
|
+
allowCreate: z.ZodOptional<z.ZodBoolean>;
|
|
98
|
+
allowEdit: z.ZodOptional<z.ZodBoolean>;
|
|
99
|
+
allowDelete: z.ZodOptional<z.ZodBoolean>;
|
|
100
|
+
viewAllFields: z.ZodOptional<z.ZodBoolean>;
|
|
101
|
+
}, z.z.core.$strip>>>;
|
|
80
102
|
}, z.z.core.$strip>;
|
|
81
103
|
export declare const ComposableRolesFileSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
104
|
+
strict: z.ZodOptional<z.ZodBoolean>;
|
|
82
105
|
permissions: z.ZodOptional<z.ZodXor<readonly [z.ZodArray<z.ZodString>, z.ZodObject<{
|
|
83
106
|
allowedClassifications: z.ZodOptional<z.ZodArray<z.ZodEnum<typeof PermissionRiskLevel>>>;
|
|
84
107
|
userPermissions: z.ZodOptional<z.ZodObject<{
|
|
@@ -92,6 +115,13 @@ export declare const ComposableRolesFileSchema: z.ZodRecord<z.ZodString, z.ZodOb
|
|
|
92
115
|
required: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
93
116
|
}, z.z.core.$strip>>;
|
|
94
117
|
}, z.z.core.$strip>]>>;
|
|
118
|
+
objectAccess: z.ZodOptional<z.ZodXor<readonly [z.ZodArray<z.ZodString>, z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
119
|
+
allowRead: z.ZodOptional<z.ZodBoolean>;
|
|
120
|
+
allowCreate: z.ZodOptional<z.ZodBoolean>;
|
|
121
|
+
allowEdit: z.ZodOptional<z.ZodBoolean>;
|
|
122
|
+
allowDelete: z.ZodOptional<z.ZodBoolean>;
|
|
123
|
+
viewAllFields: z.ZodOptional<z.ZodBoolean>;
|
|
124
|
+
}, z.z.core.$strip>>]>>;
|
|
95
125
|
}, z.z.core.$strict>>;
|
|
96
126
|
export declare const PermissionsClassificationFileSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
97
127
|
label: z.ZodOptional<z.ZodString>;
|
|
@@ -152,5 +182,8 @@ export type ResolvedRoleDefinition = z.infer<typeof ResolvedRoleDefinitionSchema
|
|
|
152
182
|
export type ComposableRolesControl = z.infer<typeof ComposableRolesFileSchema>;
|
|
153
183
|
export type PermissionControl = z.infer<typeof PermissionControlSchema>;
|
|
154
184
|
export type PermissionControls = z.infer<typeof PermissionControlsFileSchema>;
|
|
185
|
+
export type ObjectAccessControl = z.infer<typeof ObjectAccessControlSchema>;
|
|
186
|
+
export type ObjectAccessControls = z.infer<typeof ObjectAccessControlFileSchema>;
|
|
155
187
|
export declare function isPermissionControl(maybeRoleDef: unknown): maybeRoleDef is PermissionControl;
|
|
188
|
+
export declare function isObjectAccessControl(maybeObjectDef: unknown): maybeObjectDef is ObjectAccessControl;
|
|
156
189
|
export {};
|
|
@@ -71,10 +71,27 @@ export const PermissionControlSchema = z.object({
|
|
|
71
71
|
userPermissions: IndividualPermissionControlSchema.optional(),
|
|
72
72
|
customPermissions: IndividualPermissionControlSchema.optional(),
|
|
73
73
|
});
|
|
74
|
+
export const ObjectAccessControlSchema = z.record(z.string(), z.object({
|
|
75
|
+
allowRead: z.boolean().optional(),
|
|
76
|
+
allowCreate: z.boolean().optional(),
|
|
77
|
+
allowEdit: z.boolean().optional(),
|
|
78
|
+
allowDelete: z.boolean().optional(),
|
|
79
|
+
viewAllFields: z.boolean().optional(),
|
|
80
|
+
}));
|
|
74
81
|
export const PermissionControlsFileSchema = z.record(z.string(), PermissionControlSchema);
|
|
75
|
-
|
|
76
|
-
export const ResolvedRoleDefinitionSchema = z.object({
|
|
77
|
-
|
|
82
|
+
export const ObjectAccessControlFileSchema = z.record(z.string(), ObjectAccessControlSchema);
|
|
83
|
+
export const ResolvedRoleDefinitionSchema = z.object({
|
|
84
|
+
strict: z.boolean().optional(),
|
|
85
|
+
permissions: PermissionControlSchema.optional(),
|
|
86
|
+
objectAccess: ObjectAccessControlSchema.optional(),
|
|
87
|
+
});
|
|
88
|
+
export const ComposableRolesFileSchema = z.record(z.string(), z
|
|
89
|
+
.object({
|
|
90
|
+
strict: z.boolean().optional(),
|
|
91
|
+
permissions: z.xor([z.array(z.string()), PermissionControlSchema]).optional(),
|
|
92
|
+
objectAccess: z.xor([z.array(z.string()), ObjectAccessControlSchema]).optional(),
|
|
93
|
+
})
|
|
94
|
+
.strict());
|
|
78
95
|
// Classification File Schemata
|
|
79
96
|
export const PermissionsClassificationFileSchema = z.record(z.string(), PermClassification);
|
|
80
97
|
export const ProfilesClassificationFileSchema = z.record(z.string(), ProfileConfig);
|
|
@@ -100,4 +117,8 @@ export function isPermissionControl(maybeRoleDef) {
|
|
|
100
117
|
const parseResult = PermissionControlSchema.safeParse(maybeRoleDef);
|
|
101
118
|
return maybeRoleDef !== undefined && parseResult.success === true;
|
|
102
119
|
}
|
|
120
|
+
export function isObjectAccessControl(maybeObjectDef) {
|
|
121
|
+
const parseResult = ObjectAccessControlSchema.safeParse(maybeObjectDef);
|
|
122
|
+
return maybeObjectDef !== undefined && parseResult.success === true;
|
|
123
|
+
}
|
|
103
124
|
//# sourceMappingURL=schema.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/shape/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAEpB,MAAM,SAAS,GAAG,2CAA2C,CAAC;AAE9D;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,kBAWX;AAXD,WAAY,kBAAkB;IAC5B,0CAA0C;IAC1C,6CAAuB,CAAA;IACvB,sCAAsC;IACtC,qCAAe,CAAA;IACf,wCAAwC;IACxC,+CAAyB,CAAA;IACzB,oCAAoC;IACpC,qDAA+B,CAAA;IAC/B,qCAAqC;IACrC,yCAAmB,CAAA;AACrB,CAAC,EAXW,kBAAkB,KAAlB,kBAAkB,QAW7B;AAED,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAE3E,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,YAAY,CAAC;IACnC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC;IACzC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;CACtH,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAElD,MAAM,kBAAkB,GAAG,CAAC,CAAC,YAAY,CAAC;IACxC,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChF,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH,uBAAuB;AAEvB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvE,eAAe,EAAE,iCAAiC,CAAC,QAAQ,EAAE;IAC7D,iBAAiB,EAAE,iCAAiC,CAAC,QAAQ,EAAE;CAChE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;AAE1F,
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/shape/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAEpB,MAAM,SAAS,GAAG,2CAA2C,CAAC;AAE9D;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,kBAWX;AAXD,WAAY,kBAAkB;IAC5B,0CAA0C;IAC1C,6CAAuB,CAAA;IACvB,sCAAsC;IACtC,qCAAe,CAAA;IACf,wCAAwC;IACxC,+CAAyB,CAAA;IACzB,oCAAoC;IACpC,qDAA+B,CAAA;IAC/B,qCAAqC;IACrC,yCAAmB,CAAA;AACrB,CAAC,EAXW,kBAAkB,KAAlB,kBAAkB,QAW7B;AAED,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAE3E,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,YAAY,CAAC;IACnC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC;IACzC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;CACtH,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAElD,MAAM,kBAAkB,GAAG,CAAC,CAAC,YAAY,CAAC;IACxC,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChF,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH,uBAAuB;AAEvB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvE,eAAe,EAAE,iCAAiC,CAAC,QAAQ,EAAE;IAC7D,iBAAiB,EAAE,iCAAiC,CAAC,QAAQ,EAAE;CAChE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAC/C,CAAC,CAAC,MAAM,EAAE,EACV,CAAC,CAAC,MAAM,CAAC;IACP,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CACH,CAAC;AAEF,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;AAE1F,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC;AAE7F,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IACnD,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC9B,WAAW,EAAE,uBAAuB,CAAC,QAAQ,EAAE;IAC/C,YAAY,EAAE,yBAAyB,CAAC,QAAQ,EAAE;CACnD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAC/C,CAAC,CAAC,MAAM,EAAE,EACV,CAAC;KACE,MAAM,CAAC;IACN,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC9B,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,uBAAuB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7E,YAAY,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,yBAAyB,CAAC,CAAC,CAAC,QAAQ,EAAE;CACjF,CAAC;KACD,MAAM,EAAE,CACZ,CAAC;AAEF,+BAA+B;AAE/B,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAE5F,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEpF,MAAM,CAAC,MAAM,sCAAsC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAE1F,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAE7E,uBAAuB;AAEvB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;IAChC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC1D,OAAO,EAAE,kBAAkB;CAC5B,CAAC,CAAC;AAUH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAE3D;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAA+B,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CACzE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,CAAC,CACxE,CAAC;AAwBF,kBAAkB;AAElB,MAAM,UAAU,mBAAmB,CAAC,YAAqB;IACvD,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACpE,OAAO,YAAY,KAAK,SAAS,IAAI,WAAW,CAAC,OAAO,KAAK,IAAI,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,cAAuB;IAC3D,MAAM,WAAW,GAAG,yBAAyB,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IACxE,OAAO,cAAc,KAAK,SAAS,IAAI,WAAW,CAAC,OAAO,KAAK,IAAI,CAAC;AACtE,CAAC"}
|
|
@@ -8,13 +8,14 @@ const NamedTypesRegistry = {
|
|
|
8
8
|
retrieveType: 'PermissionSet',
|
|
9
9
|
rootNodeName: 'PermissionSet',
|
|
10
10
|
parser: new XMLParser({
|
|
11
|
-
isArray: (jpath) => ['userPermissions', 'fieldPermissions', 'customPermissions', 'classAccesses'].includes(jpath),
|
|
11
|
+
isArray: (jpath) => ['userPermissions', 'fieldPermissions', 'customPermissions', 'classAccesses', 'objectPermissions'].includes(jpath),
|
|
12
12
|
}),
|
|
13
13
|
parsePostProcessor: (parseResult) => ({
|
|
14
14
|
...parseResult,
|
|
15
15
|
userPermissions: parseResult.userPermissions ?? [],
|
|
16
16
|
customPermissions: parseResult.customPermissions ?? [],
|
|
17
17
|
classAccesses: parseResult.classAccesses ?? [],
|
|
18
|
+
objectPermissions: parseResult.objectPermissions ?? [],
|
|
18
19
|
}),
|
|
19
20
|
}),
|
|
20
21
|
Profile: new NamedMetadataQueryable({
|
|
@@ -25,6 +26,7 @@ const NamedTypesRegistry = {
|
|
|
25
26
|
userPermissions: parseResult.userPermissions ?? [],
|
|
26
27
|
customPermissions: parseResult.customPermissions ?? [],
|
|
27
28
|
classAccesses: parseResult.classAccesses ?? [],
|
|
29
|
+
objectPermissions: parseResult.objectPermissions ?? [],
|
|
28
30
|
}),
|
|
29
31
|
}),
|
|
30
32
|
Settings: new GenericSettingsMetadata(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadataRegistry.js","sourceRoot":"","sources":["../../../src/salesforce/mdapi/metadataRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAM5C,OAAO,aAAa,MAAM,wBAAwB,CAAC;AACnD,OAAO,iBAAiB,MAAM,4BAA4B,CAAC;AAC3D,OAAO,sBAAsB,MAAM,oCAAoC,CAAC;AACxE,OAAO,uBAAuB,MAAM,8BAA8B,CAAC;AAEnE,MAAM,kBAAkB,GAAG;IACzB,aAAa,EAAE,IAAI,aAAa,CAAoC;QAClE,YAAY,EAAE,eAAe;QAC7B,YAAY,EAAE,eAAe;QAC7B,MAAM,EAAE,IAAI,SAAS,CAAC;YACpB,OAAO,EAAE,CAAC,KAAK,EAAW,EAAE,CAC1B,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,CAAC,CAAC,QAAQ,
|
|
1
|
+
{"version":3,"file":"metadataRegistry.js","sourceRoot":"","sources":["../../../src/salesforce/mdapi/metadataRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAM5C,OAAO,aAAa,MAAM,wBAAwB,CAAC;AACnD,OAAO,iBAAiB,MAAM,4BAA4B,CAAC;AAC3D,OAAO,sBAAsB,MAAM,oCAAoC,CAAC;AACxE,OAAO,uBAAuB,MAAM,8BAA8B,CAAC;AAEnE,MAAM,kBAAkB,GAAG;IACzB,aAAa,EAAE,IAAI,aAAa,CAAoC;QAClE,YAAY,EAAE,eAAe;QAC7B,YAAY,EAAE,eAAe;QAC7B,MAAM,EAAE,IAAI,SAAS,CAAC;YACpB,OAAO,EAAE,CAAC,KAAK,EAAW,EAAE,CAC1B,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,EAAE,mBAAmB,CAAC,CAAC,QAAQ,CACzG,KAAK,CACN;SACJ,CAAC;QACF,kBAAkB,EAAE,CAAC,WAAW,EAAiB,EAAE,CAAC,CAAC;YACnD,GAAG,WAAW;YACd,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAClD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;YACtD,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;YAC9C,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;SACvD,CAAC;KACH,CAAC;IACF,OAAO,EAAE,IAAI,sBAAsB,CAAwB;QACzD,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,MAAM;QACjB,kBAAkB,EAAE,CAAC,WAAW,EAAmB,EAAE,CAAC,CAAC;YACrD,GAAG,WAAW;YACd,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAClD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;YACtD,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;YAC9C,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;SACvD,CAAC;KACH,CAAC;IACF,QAAQ,EAAE,IAAI,uBAAuB,EAAE;CACxC,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,oBAAoB,EAAE,IAAI,iBAAiB,CAAkD;QAC3F,YAAY,EAAE,sBAAsB;QACpC,YAAY,EAAE,cAAc;QAC5B,YAAY,EAAE,UAAU;KACzB,CAAC;CACH,CAAC;AAgBF,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,UAAU,EAAE,kBAAkB;IAC9B,cAAc,EAAE,iBAAiB;CAClC,CAAC"}
|
|
@@ -6,9 +6,9 @@ Duplicate role identifier after normalization found: %s was already defined, %s
|
|
|
6
6
|
|
|
7
7
|
Tried to access a role that does not exist: %s.
|
|
8
8
|
|
|
9
|
-
#
|
|
9
|
+
# RoleReferencesControlThatDoesNotExist
|
|
10
10
|
|
|
11
|
-
Role %s references
|
|
11
|
+
Role "%s" references a %s control that does not exist: %s
|
|
12
12
|
|
|
13
13
|
# violations.classification-preset-mismatch
|
|
14
14
|
|
|
@@ -22,6 +22,10 @@ Permission is BLOCKED and not allowed for any role.
|
|
|
22
22
|
|
|
23
23
|
Permission is denied by role "%s".
|
|
24
24
|
|
|
25
|
+
# violations.object-access-denied
|
|
26
|
+
|
|
27
|
+
Assigned role "%s" does not allow granted permission.
|
|
28
|
+
|
|
25
29
|
# warnings.permission-unknown
|
|
26
30
|
|
|
27
31
|
Permission classified as UNKNOWN. Update classification to LOW or higher to resolve.
|
|
@@ -33,3 +37,7 @@ Permission is assigned, but was not found in classification. Refresh or add manu
|
|
|
33
37
|
# error.failed-to-resolve-role
|
|
34
38
|
|
|
35
39
|
The assigned role "%s" was not valid for this audit. Check your role definitions.
|
|
40
|
+
|
|
41
|
+
# errors.profile-like-has-no-metadata
|
|
42
|
+
|
|
43
|
+
%s has no metadata and cannot be audited.
|
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j-schreiber/sf-cli-security-audit",
|
|
3
3
|
"description": "Salesforce CLI plugin to automate highly configurable security audits",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.22.0",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
7
7
|
"url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"
|