@j-schreiber/sf-cli-security-audit 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/commands/org/audit/run.js +18 -6
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/libs/config/audit-run/auditConfigFileManager.js +2 -1
- package/lib/libs/config/audit-run/auditConfigFileManager.js.map +1 -1
- package/lib/libs/config/audit-run/schema.d.ts +6 -6
- package/lib/libs/config/audit-run/schema.js +1 -1
- package/lib/libs/config/audit-run/schema.js.map +1 -1
- package/lib/libs/config/registries/ruleRegistry.d.ts +2 -2
- package/lib/libs/config/registries/ruleRegistry.js.map +1 -1
- package/lib/libs/config/registries/types.d.ts +1 -1
- package/lib/libs/policies/auditRun.d.ts +20 -3
- package/lib/libs/policies/auditRun.js +44 -18
- package/lib/libs/policies/auditRun.js.map +1 -1
- package/lib/libs/policies/connectedAppPolicy.js +30 -9
- package/lib/libs/policies/connectedAppPolicy.js.map +1 -1
- package/lib/libs/policies/interfaces/policyRuleInterfaces.d.ts +7 -4
- package/lib/libs/policies/permissionSetPolicy.d.ts +1 -0
- package/lib/libs/policies/permissionSetPolicy.js +13 -2
- package/lib/libs/policies/permissionSetPolicy.js.map +1 -1
- package/lib/libs/policies/policy.d.ts +10 -2
- package/lib/libs/policies/policy.js +21 -3
- package/lib/libs/policies/policy.js.map +1 -1
- package/lib/libs/policies/profilePolicy.d.ts +1 -0
- package/lib/libs/policies/profilePolicy.js +13 -2
- package/lib/libs/policies/profilePolicy.js.map +1 -1
- package/lib/libs/policies/rules/allUsedAppsUnderManagement.d.ts +3 -2
- package/lib/libs/policies/rules/allUsedAppsUnderManagement.js.map +1 -1
- package/lib/libs/policies/rules/enforceCustomPermsClassificationOnProfiles.d.ts +3 -2
- package/lib/libs/policies/rules/enforceCustomPermsClassificationOnProfiles.js.map +1 -1
- package/lib/libs/policies/rules/enforceUserPermsClassificationOnPermSets.d.ts +3 -2
- package/lib/libs/policies/rules/enforceUserPermsClassificationOnPermSets.js.map +1 -1
- package/lib/libs/policies/rules/enforceUserPermsClassificationOnProfiles.d.ts +3 -2
- package/lib/libs/policies/rules/enforceUserPermsClassificationOnProfiles.js.map +1 -1
- package/lib/libs/policies/rules/noUserCanSelfAuthorize.d.ts +3 -2
- package/lib/libs/policies/rules/noUserCanSelfAuthorize.js.map +1 -1
- package/lib/libs/policies/rules/policyRule.d.ts +2 -2
- package/lib/libs/utils.d.ts +1 -1
- package/lib/libs/utils.js +8 -2
- package/lib/libs/utils.js.map +1 -1
- package/lib/ux/auditRunMultiStage.d.ts +65 -0
- package/lib/ux/auditRunMultiStage.js +117 -0
- package/lib/ux/auditRunMultiStage.js.map +1 -0
- package/messages/org.audit.run.md +0 -4
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
|
@@ -3,6 +3,7 @@ import path from 'node:path';
|
|
|
3
3
|
import { SfCommand, Flags, StandardColors } from '@salesforce/sf-plugins-core';
|
|
4
4
|
import { Messages } from '@salesforce/core';
|
|
5
5
|
import { startAuditRun } from '../../../libs/policies/auditRun.js';
|
|
6
|
+
import AuditRunMultiStageOutput from '../../../ux/auditRunMultiStage.js';
|
|
6
7
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
7
8
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
|
|
8
9
|
export default class OrgAuditRun extends SfCommand {
|
|
@@ -25,9 +26,19 @@ export default class OrgAuditRun extends SfCommand {
|
|
|
25
26
|
};
|
|
26
27
|
async run() {
|
|
27
28
|
const { flags } = await this.parse(OrgAuditRun);
|
|
29
|
+
const stageOutput = AuditRunMultiStageOutput.create({
|
|
30
|
+
directoryRootPath: flags['source-dir'],
|
|
31
|
+
targetOrg: flags['target-org'].getUsername() ?? flags['target-org'].getOrgId(),
|
|
32
|
+
jsonEnabled: flags.json,
|
|
33
|
+
});
|
|
34
|
+
stageOutput.start();
|
|
28
35
|
const auditRun = startAuditRun(flags['source-dir']);
|
|
36
|
+
stageOutput.startPolicyResolve(auditRun);
|
|
37
|
+
await auditRun.resolve(flags['target-org'].getConnection(flags['api-version']));
|
|
38
|
+
stageOutput.startRuleExecution();
|
|
29
39
|
const partialResult = await auditRun.execute(flags['target-org'].getConnection(flags['api-version']));
|
|
30
40
|
const result = { orgId: flags['target-org'].getOrgId(), ...partialResult };
|
|
41
|
+
stageOutput.finish();
|
|
31
42
|
this.printResults(result);
|
|
32
43
|
const filePath = this.writeReport(result, flags);
|
|
33
44
|
return { ...result, filePath };
|
|
@@ -41,7 +52,6 @@ export default class OrgAuditRun extends SfCommand {
|
|
|
41
52
|
}
|
|
42
53
|
printPoliciesSummary(result) {
|
|
43
54
|
const polSummaries = transposePoliciesToTable(result);
|
|
44
|
-
this.log(`Successfully executed ${polSummaries.length} policies.`);
|
|
45
55
|
if (result.isCompliant) {
|
|
46
56
|
this.logSuccess(messages.getMessage('success.all-policies-compliant'));
|
|
47
57
|
this.log('');
|
|
@@ -54,11 +64,13 @@ export default class OrgAuditRun extends SfCommand {
|
|
|
54
64
|
}
|
|
55
65
|
printExecutedRulesSummary(policyName, policyDetails) {
|
|
56
66
|
const rulesSummary = transposeExecutedPolicyRules(policyDetails);
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
67
|
+
if (rulesSummary.length > 0) {
|
|
68
|
+
this.table({
|
|
69
|
+
data: rulesSummary,
|
|
70
|
+
title: `--- Executed Rules for ${policyName} ---`,
|
|
71
|
+
titleOptions: { underline: true },
|
|
72
|
+
});
|
|
73
|
+
}
|
|
62
74
|
}
|
|
63
75
|
printRuleViolations(executedRules) {
|
|
64
76
|
Object.values(executedRules)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;
|
|
1
|
+
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,oCAAoC,CAAC;AACnE,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AAEzE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAQ9F,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QACpD,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAChF,WAAW,CAAC,kBAAkB,EAAE,CAAC;QACjC,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QACtG,MAAM,MAAM,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,aAAa,EAAE,CAAC;QAC3E,WAAW,CAAC,MAAM,EAAE,CAAC;QACrB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB;QACtC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;YACtE,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,MAAM;gBACjD,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD;QAClF,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC;aACzB,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC;aACjD,OAAO,CAAC,CAAC,eAAe,EAAE,EAAE;YAC3B,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,eAAe,CAAC,UAAU,EAAE,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACxG,CAAC,CAAC,CAAC;IACP,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAkBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACzE,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,OAAO;YACL,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import path from 'node:path';
|
|
2
2
|
import fs from 'node:fs';
|
|
3
3
|
import yaml from 'js-yaml';
|
|
4
|
+
import { isEmpty } from '../../utils.js';
|
|
4
5
|
import { PermissionsConfigFileSchema, PermSetsPolicyFileSchema, PolicyFileSchema, ProfilesPolicyFileSchema, } from './schema.js';
|
|
5
6
|
export const loadAuditConfig = (dirPath) => {
|
|
6
7
|
const fileManager = new AuditConfigFileManager();
|
|
@@ -81,7 +82,7 @@ export default class AuditConfigFileManager {
|
|
|
81
82
|
Object.entries(configFiles).forEach(([fileKey, confFile]) => {
|
|
82
83
|
const uncapitalizedKey = `${fileKey[0].toLowerCase()}${fileKey.slice(1)}`;
|
|
83
84
|
const fileDef = dirConf[uncapitalizedKey];
|
|
84
|
-
if (fileDef && confFile.content) {
|
|
85
|
+
if (fileDef && !isEmpty(confFile.content)) {
|
|
85
86
|
// eslint-disable-next-line no-param-reassign
|
|
86
87
|
confFile.filePath = path.join(targetDirPath, dirName, `${uncapitalizedKey}.yml`);
|
|
87
88
|
fs.writeFileSync(confFile.filePath, yaml.dump(confFile.content));
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditConfigFileManager.js","sourceRoot":"","sources":["../../../../src/libs/config/audit-run/auditConfigFileManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,SAAS,CAAC;AAE3B,OAAO,EAGL,2BAA2B,EAC3B,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,aAAa,CAAC;AAUrB,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAkB,EAAE;IACjE,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;IACjD,OAAO,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAE,IAAoB,EAAQ,EAAE;IAC7E,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;IACjD,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AAClC,CAAC,CAAC;AAEF,MAAM,CAAC,OAAO,OAAO,sBAAsB;IACjC,kBAAkB,CAA4B;IAEtD;QACE,IAAI,CAAC,kBAAkB,GAAG;YACxB,QAAQ,EAAE;gBACR,QAAQ,EAAE;oBACR,MAAM,EAAE,wBAAwB;iBACjC;gBACD,cAAc,EAAE;oBACd,MAAM,EAAE,wBAAwB;iBACjC;gBACD,aAAa,EAAE;oBACb,MAAM,EAAE,gBAAgB;iBACzB;aACF;YACD,eAAe,EAAE;gBACf,eAAe,EAAE;oBACf,MAAM,EAAE,2BAA2B;iBACpC;gBACD,iBAAiB,EAAE;oBACjB,MAAM,EAAE,2BAA2B;iBACpC;aACF;SACF,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAe;QAC1B,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;QACvE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;IACvC,CAAC;IAED;;;;;;;OAOG;IACI,IAAI,CAAC,aAAqB,EAAE,IAAoB;QACrD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,EAAE;YACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,WAAW,CAAC,WAAkD,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,OAAe,EAAE,UAAkB;QACrD,MAAM,YAAY,GAAwC,EAAE,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YACnE,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAClE,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACrD,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YACjD,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,WAAgD,EAAE,OAAe,EAAE,aAAqB;QAC1G,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YAC1D,MAAM,gBAAgB,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC1C,IAAI,OAAO,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"auditConfigFileManager.js","sourceRoot":"","sources":["../../../../src/libs/config/audit-run/auditConfigFileManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,SAAS,CAAC;AAE3B,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACzC,OAAO,EAGL,2BAA2B,EAC3B,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,aAAa,CAAC;AAUrB,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAkB,EAAE;IACjE,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;IACjD,OAAO,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAE,IAAoB,EAAQ,EAAE;IAC7E,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;IACjD,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AAClC,CAAC,CAAC;AAEF,MAAM,CAAC,OAAO,OAAO,sBAAsB;IACjC,kBAAkB,CAA4B;IAEtD;QACE,IAAI,CAAC,kBAAkB,GAAG;YACxB,QAAQ,EAAE;gBACR,QAAQ,EAAE;oBACR,MAAM,EAAE,wBAAwB;iBACjC;gBACD,cAAc,EAAE;oBACd,MAAM,EAAE,wBAAwB;iBACjC;gBACD,aAAa,EAAE;oBACb,MAAM,EAAE,gBAAgB;iBACzB;aACF;YACD,eAAe,EAAE;gBACf,eAAe,EAAE;oBACf,MAAM,EAAE,2BAA2B;iBACpC;gBACD,iBAAiB,EAAE;oBACjB,MAAM,EAAE,2BAA2B;iBACpC;aACF;SACF,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAe;QAC1B,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;QACvE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;IACvC,CAAC;IAED;;;;;;;OAOG;IACI,IAAI,CAAC,aAAqB,EAAE,IAAoB;QACrD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,EAAE;YACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,WAAW,CAAC,WAAkD,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,OAAe,EAAE,UAAkB;QACrD,MAAM,YAAY,GAAwC,EAAE,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YACnE,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAClE,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACrD,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YACjD,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,WAAgD,EAAE,OAAe,EAAE,aAAqB;QAC1G,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YAC1D,MAAM,gBAAgB,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC1C,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,GAAG,gBAAgB,MAAM,CAAC,CAAC;gBACjF,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,cAAc,CAAC,MAA+B;IACrD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACvG,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -32,27 +32,27 @@ declare const PermSetMap: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
|
32
32
|
}, z.z.core.$strip>>;
|
|
33
33
|
export declare const PolicyFileSchema: z.ZodObject<{
|
|
34
34
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
35
|
-
rules: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
35
|
+
rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
36
36
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
37
37
|
config: z.ZodOptional<z.ZodUnknown>;
|
|
38
|
-
}, z.z.core.$strip
|
|
38
|
+
}, z.z.core.$strip>>>;
|
|
39
39
|
}, z.z.core.$strip>;
|
|
40
40
|
export declare const ProfilesPolicyFileSchema: z.ZodObject<{
|
|
41
41
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
42
|
-
rules: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
42
|
+
rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
43
43
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
44
44
|
config: z.ZodOptional<z.ZodUnknown>;
|
|
45
|
-
}, z.z.core.$strip
|
|
45
|
+
}, z.z.core.$strip>>>;
|
|
46
46
|
profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
47
47
|
preset: z.ZodEnum<typeof PermissionRiskLevelPresets>;
|
|
48
48
|
}, z.z.core.$strip>>;
|
|
49
49
|
}, z.z.core.$strip>;
|
|
50
50
|
export declare const PermSetsPolicyFileSchema: z.ZodObject<{
|
|
51
51
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
52
|
-
rules: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
52
|
+
rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
53
53
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
54
54
|
config: z.ZodOptional<z.ZodUnknown>;
|
|
55
|
-
}, z.z.core.$strip
|
|
55
|
+
}, z.z.core.$strip>>>;
|
|
56
56
|
permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
57
57
|
preset: z.ZodEnum<typeof PermissionRiskLevelPresets>;
|
|
58
58
|
}, z.z.core.$strip>>;
|
|
@@ -25,7 +25,7 @@ const PermSetMap = z.record(z.string(), PermSetConfig);
|
|
|
25
25
|
// FILE CONTENT SCHEMATA
|
|
26
26
|
export const PolicyFileSchema = z.object({
|
|
27
27
|
enabled: z.boolean().default(true),
|
|
28
|
-
rules: RuleMapSchema,
|
|
28
|
+
rules: RuleMapSchema.default({}),
|
|
29
29
|
});
|
|
30
30
|
export const ProfilesPolicyFileSchema = PolicyFileSchema.extend({
|
|
31
31
|
profiles: PermSetMap,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/config/audit-run/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,0BAA0B,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEtF,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC;CACxC,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC;CAC3C,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa;
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/config/audit-run/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,0BAA0B,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEtF,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC;CACxC,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC;CAC3C,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AA0CH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,OAAQ,GAAqC,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AACnF,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}
|
|
@@ -8,8 +8,8 @@ type Constructor<T, Args extends any[] = any[]> = new (...args: Args) => T;
|
|
|
8
8
|
* allow users to BYOR ("bring your own rules").
|
|
9
9
|
*/
|
|
10
10
|
export default class RuleRegistry {
|
|
11
|
-
rules: Record<string, Constructor<RowLevelPolicyRule
|
|
12
|
-
constructor(rules: Record<string, Constructor<RowLevelPolicyRule
|
|
11
|
+
rules: Record<string, Constructor<RowLevelPolicyRule<unknown>>>;
|
|
12
|
+
constructor(rules: Record<string, Constructor<RowLevelPolicyRule<unknown>>>);
|
|
13
13
|
/**
|
|
14
14
|
* Returns the display/config names of all registered rules
|
|
15
15
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ruleRegistry.js","sourceRoot":"","sources":["../../../../src/libs/config/registries/ruleRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAM5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAKjG;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,YAAY;IACL;IAA1B,YAA0B,
|
|
1
|
+
{"version":3,"file":"ruleRegistry.js","sourceRoot":"","sources":["../../../../src/libs/config/registries/ruleRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAM5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAKjG;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,YAAY;IACL;IAA1B,YAA0B,KAA+D;QAA/D,UAAK,GAAL,KAAK,CAA0D;IAAG,CAAC;IAE7F;;;;OAIG;IACI,eAAe;QACpB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACI,YAAY,CAAC,QAAiB,EAAE,YAA4B;QACjE,MAAM,YAAY,GAAG,IAAI,KAAK,EAA+B,CAAC;QAC9D,MAAM,YAAY,GAAG,IAAI,KAAK,EAAwB,CAAC;QACvD,MAAM,aAAa,GAAG,IAAI,KAAK,EAAsB,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1D,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/C,YAAY,CAAC,IAAI,CACf,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CACrG,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/B,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC;YACzG,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,mCAAmC,CAAC,EAAE,CAAC,CAAC;YAC5G,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC;IACvD,CAAC;CACF"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { EntityResolveError, PolicyRuleSkipResult } from '../../audit/types.js';
|
|
2
2
|
import { RowLevelPolicyRule } from '../../policies/interfaces/policyRuleInterfaces.js';
|
|
3
3
|
export type RegistryRuleResolveResult = {
|
|
4
|
-
enabledRules: RowLevelPolicyRule
|
|
4
|
+
enabledRules: Array<RowLevelPolicyRule<unknown>>;
|
|
5
5
|
skippedRules: PolicyRuleSkipResult[];
|
|
6
6
|
resolveErrors: EntityResolveError[];
|
|
7
7
|
};
|
|
@@ -1,19 +1,36 @@
|
|
|
1
|
+
import EventEmitter from 'node:events';
|
|
1
2
|
import { Connection } from '@salesforce/core';
|
|
2
3
|
import { AuditResult } from '../audit/types.js';
|
|
3
4
|
import { AuditRunConfig } from '../config/audit-run/schema.js';
|
|
5
|
+
import Policy from './policy.js';
|
|
6
|
+
type PolicyMap = Record<string, Policy>;
|
|
4
7
|
export declare function startAuditRun(directoryPath: string): AuditRun;
|
|
8
|
+
export type EntityResolveEvent = {
|
|
9
|
+
total: number;
|
|
10
|
+
resolved: number;
|
|
11
|
+
policyName: string;
|
|
12
|
+
};
|
|
5
13
|
/**
|
|
6
14
|
* Instance of an audit run that manages high-level operations
|
|
7
15
|
*/
|
|
8
|
-
export default class AuditRun {
|
|
16
|
+
export default class AuditRun extends EventEmitter {
|
|
9
17
|
configs: AuditRunConfig;
|
|
18
|
+
private executablePolicies?;
|
|
10
19
|
constructor(configs: AuditRunConfig);
|
|
11
20
|
/**
|
|
12
|
-
*
|
|
13
|
-
*
|
|
21
|
+
* Loads all policies, resolves entities and caches the results.
|
|
22
|
+
*
|
|
23
|
+
* @param targetOrgConnection
|
|
24
|
+
*/
|
|
25
|
+
resolve(targetOrgConnection: Connection): Promise<PolicyMap>;
|
|
26
|
+
/**
|
|
27
|
+
* Executes an initialised audit run. Resolves policies entities
|
|
28
|
+
* and executes all rules.
|
|
14
29
|
*
|
|
15
30
|
* @param targetOrgConnection
|
|
16
31
|
* @returns
|
|
17
32
|
*/
|
|
18
33
|
execute(targetCon: Connection): Promise<Omit<AuditResult, 'orgId'>>;
|
|
34
|
+
private loadPolicies;
|
|
19
35
|
}
|
|
36
|
+
export {};
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// import fs from 'node:fs';
|
|
2
|
+
import EventEmitter from 'node:events';
|
|
1
3
|
import ProfilePolicy from './profilePolicy.js';
|
|
2
4
|
import PermissionSetPolicy from './permissionSetPolicy.js';
|
|
3
5
|
import ConnectedAppPolicy from './connectedAppPolicy.js';
|
|
@@ -9,27 +11,64 @@ export function startAuditRun(directoryPath) {
|
|
|
9
11
|
/**
|
|
10
12
|
* Instance of an audit run that manages high-level operations
|
|
11
13
|
*/
|
|
12
|
-
export default class AuditRun {
|
|
14
|
+
export default class AuditRun extends EventEmitter {
|
|
13
15
|
configs;
|
|
16
|
+
executablePolicies;
|
|
14
17
|
constructor(configs) {
|
|
18
|
+
super();
|
|
15
19
|
this.configs = configs;
|
|
16
20
|
}
|
|
17
21
|
/**
|
|
18
|
-
*
|
|
19
|
-
*
|
|
22
|
+
* Loads all policies, resolves entities and caches the results.
|
|
23
|
+
*
|
|
24
|
+
* @param targetOrgConnection
|
|
25
|
+
*/
|
|
26
|
+
async resolve(targetOrgConnection) {
|
|
27
|
+
if (this.executablePolicies) {
|
|
28
|
+
return this.executablePolicies;
|
|
29
|
+
}
|
|
30
|
+
this.executablePolicies = this.loadPolicies(this.configs);
|
|
31
|
+
const resolveResultPromises = [];
|
|
32
|
+
Object.values(this.executablePolicies).forEach((executable) => {
|
|
33
|
+
resolveResultPromises.push(executable.resolve({ targetOrgConnection }));
|
|
34
|
+
});
|
|
35
|
+
await Promise.all(resolveResultPromises);
|
|
36
|
+
return this.executablePolicies;
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Executes an initialised audit run. Resolves policies entities
|
|
40
|
+
* and executes all rules.
|
|
20
41
|
*
|
|
21
42
|
* @param targetOrgConnection
|
|
22
43
|
* @returns
|
|
23
44
|
*/
|
|
24
45
|
async execute(targetCon) {
|
|
25
|
-
|
|
26
|
-
const results = await runPolicies(executablePolicies, targetCon);
|
|
46
|
+
this.executablePolicies = await this.resolve(targetCon);
|
|
47
|
+
const results = await runPolicies(this.executablePolicies, targetCon);
|
|
27
48
|
return {
|
|
28
49
|
auditDate: new Date().toISOString(),
|
|
29
50
|
isCompliant: isCompliant(results),
|
|
30
51
|
policies: results,
|
|
31
52
|
};
|
|
32
53
|
}
|
|
54
|
+
loadPolicies(config) {
|
|
55
|
+
const pols = {};
|
|
56
|
+
if (config.policies.Profiles) {
|
|
57
|
+
pols.Profiles = new ProfilePolicy(config.policies.Profiles.content, config);
|
|
58
|
+
}
|
|
59
|
+
if (config.policies.PermissionSets) {
|
|
60
|
+
pols.PermissionSets = new PermissionSetPolicy(config.policies.PermissionSets.content, config);
|
|
61
|
+
}
|
|
62
|
+
if (config.policies.ConnectedApps) {
|
|
63
|
+
pols.ConnectedApps = new ConnectedAppPolicy(config.policies.ConnectedApps.content, config);
|
|
64
|
+
}
|
|
65
|
+
Object.entries(pols).forEach(([policyName, policy]) => {
|
|
66
|
+
policy.addListener('entityresolve', (resolveStats) => {
|
|
67
|
+
this.emit(`entityresolve-${policyName}`, { policyName, ...resolveStats });
|
|
68
|
+
});
|
|
69
|
+
});
|
|
70
|
+
return pols;
|
|
71
|
+
}
|
|
33
72
|
}
|
|
34
73
|
function isCompliant(results) {
|
|
35
74
|
const list = Object.values(results);
|
|
@@ -50,17 +89,4 @@ async function runPolicies(policies, targetOrgConnection) {
|
|
|
50
89
|
});
|
|
51
90
|
return results;
|
|
52
91
|
}
|
|
53
|
-
function resolvePolicies(config) {
|
|
54
|
-
const pols = {};
|
|
55
|
-
if (config.policies.Profiles) {
|
|
56
|
-
pols.Profiles = new ProfilePolicy(config.policies.Profiles.content, config);
|
|
57
|
-
}
|
|
58
|
-
if (config.policies.PermissionSets) {
|
|
59
|
-
pols.PermissionSets = new PermissionSetPolicy(config.policies.PermissionSets.content, config);
|
|
60
|
-
}
|
|
61
|
-
if (config.policies.ConnectedApps) {
|
|
62
|
-
pols.ConnectedApps = new ConnectedAppPolicy(config.policies.ConnectedApps.content, config);
|
|
63
|
-
}
|
|
64
|
-
return pols;
|
|
65
|
-
}
|
|
66
92
|
//# sourceMappingURL=auditRun.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/policies/auditRun.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/policies/auditRun.ts"],"names":[],"mappings":"AAAA,4BAA4B;AAC5B,OAAO,YAAY,MAAM,aAAa,CAAC;AAIvC,OAAO,aAAa,MAAM,oBAAoB,CAAC;AAE/C,OAAO,mBAAmB,MAAM,0BAA0B,CAAC;AAC3D,OAAO,kBAAkB,MAAM,yBAAyB,CAAC;AACzD,OAAO,WAAW,MAAM,iCAAiC,CAAC;AAK1D,MAAM,UAAU,aAAa,CAAC,aAAqB;IACjD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC7C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAQD;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,YAAY;IAGtB;IAFlB,kBAAkB,CAAa;IAEvC,YAA0B,OAAuB;QAC/C,KAAK,EAAE,CAAC;QADgB,YAAO,GAAP,OAAO,CAAgB;IAEjD,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC;QACjC,CAAC;QACD,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,qBAAqB,GAAwC,EAAE,CAAC;QACtE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC5D,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,SAAqB;QACxC,IAAI,CAAC,kBAAkB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QACtE,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC;YACjC,QAAQ,EAAE,OAAO;SAClB,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC7B,IAAI,CAAC,QAAQ,GAAG,IAAI,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC9E,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,cAAc,EAAE,CAAC;YACnC,IAAI,CAAC,cAAc,GAAG,IAAI,mBAAmB,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAChG,CAAC;QACD,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAC;YAClC,IAAI,CAAC,aAAa,GAAG,IAAI,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7F,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE;YACpD,MAAM,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,YAAoD,EAAE,EAAE;gBAC3F,IAAI,CAAC,IAAI,CAAC,iBAAiB,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,SAAS,WAAW,CAAC,OAAmB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAmB,EAAE,mBAA+B;IAC7E,MAAM,YAAY,GAAsC,EAAE,CAAC;IAC3D,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE;QAC3D,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,WAAW,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QACnC,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import ConnectedAppsRuleRegistry from '../config/registries/connectedApps.js';
|
|
2
2
|
import { CONNECTED_APPS_QUERY, OAUTH_TOKEN_QUERY } from '../config/queries.js';
|
|
3
3
|
import MdapiRetriever from '../mdapiRetriever.js';
|
|
4
|
-
import Policy from './policy.js';
|
|
4
|
+
import Policy, { getTotal } from './policy.js';
|
|
5
5
|
export default class ConnectedAppPolicy extends Policy {
|
|
6
6
|
config;
|
|
7
7
|
auditConfig;
|
|
@@ -15,18 +15,21 @@ export default class ConnectedAppPolicy extends Policy {
|
|
|
15
15
|
const successfullyResolved = {};
|
|
16
16
|
const ignoredEntities = {};
|
|
17
17
|
const metadataApi = new MdapiRetriever(context.targetOrgConnection);
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
}
|
|
18
|
+
this.emit('entityresolve', {
|
|
19
|
+
total: 0,
|
|
20
|
+
resolved: 0,
|
|
21
|
+
});
|
|
23
22
|
const installedApps = await context.targetOrgConnection.query(CONNECTED_APPS_QUERY);
|
|
23
|
+
this.emit('entityresolve', {
|
|
24
|
+
total: installedApps.totalSize,
|
|
25
|
+
resolved: 0,
|
|
26
|
+
});
|
|
24
27
|
installedApps.records.forEach((installedApp) => {
|
|
25
28
|
successfullyResolved[installedApp.Name] = {
|
|
26
29
|
name: installedApp.Name,
|
|
27
30
|
origin: 'Installed',
|
|
28
31
|
onlyAdminApprovedUsersAllowed: installedApp.OptionsAllowAdminApprovedUsersOnly,
|
|
29
|
-
overrideByApiSecurityAccess,
|
|
32
|
+
overrideByApiSecurityAccess: false,
|
|
30
33
|
useCount: 0,
|
|
31
34
|
users: [],
|
|
32
35
|
};
|
|
@@ -38,7 +41,7 @@ export default class ConnectedAppPolicy extends Policy {
|
|
|
38
41
|
name: token.AppName,
|
|
39
42
|
origin: 'OauthToken',
|
|
40
43
|
onlyAdminApprovedUsersAllowed: false,
|
|
41
|
-
overrideByApiSecurityAccess,
|
|
44
|
+
overrideByApiSecurityAccess: false,
|
|
42
45
|
useCount: token.UseCount,
|
|
43
46
|
users: [token.User.Username],
|
|
44
47
|
};
|
|
@@ -50,8 +53,26 @@ export default class ConnectedAppPolicy extends Policy {
|
|
|
50
53
|
}
|
|
51
54
|
}
|
|
52
55
|
});
|
|
56
|
+
this.emit('entityresolve', {
|
|
57
|
+
total: Object.keys(successfullyResolved).length,
|
|
58
|
+
resolved: 0,
|
|
59
|
+
});
|
|
60
|
+
let overrideByApiSecurityAccess = false;
|
|
61
|
+
const apiSecurityAccessSetting = await metadataApi.retrieveConnectedAppSetting();
|
|
62
|
+
if (apiSecurityAccessSetting && apiSecurityAccessSetting.enableAdminApprovedAppsOnly) {
|
|
63
|
+
overrideByApiSecurityAccess = true;
|
|
64
|
+
}
|
|
65
|
+
Object.values(successfullyResolved).forEach((conApp) => {
|
|
66
|
+
// eslint-disable-next-line no-param-reassign
|
|
67
|
+
conApp.overrideByApiSecurityAccess = overrideByApiSecurityAccess;
|
|
68
|
+
});
|
|
69
|
+
const result = { resolvedEntities: successfullyResolved, ignoredEntities: Object.values(ignoredEntities) };
|
|
70
|
+
this.emit('entityresolve', {
|
|
71
|
+
total: getTotal(result),
|
|
72
|
+
resolved: getTotal(result),
|
|
73
|
+
});
|
|
53
74
|
// also query from tooling, to get additional information info
|
|
54
|
-
return
|
|
75
|
+
return result;
|
|
55
76
|
}
|
|
56
77
|
}
|
|
57
78
|
//# sourceMappingURL=connectedAppPolicy.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"connectedAppPolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/connectedAppPolicy.ts"],"names":[],"mappings":"AACA,OAAO,yBAAyB,MAAM,uCAAuC,CAAC;AAG9E,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,cAAc,MAAM,sBAAsB,CAAC;AAElD,OAAO,
|
|
1
|
+
{"version":3,"file":"connectedAppPolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/connectedAppPolicy.ts"],"names":[],"mappings":"AACA,OAAO,yBAAyB,MAAM,uCAAuC,CAAC;AAG9E,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAC/E,OAAO,cAAc,MAAM,sBAAsB,CAAC;AAElD,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAYpE,MAAM,CAAC,OAAO,OAAO,kBAAmB,SAAQ,MAAM;IAE3C;IACA;IAFT,YACS,MAA6B,EAC7B,WAA2B,EAClC,WAAyB,IAAI,yBAAyB,EAAE;QAExD,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;IAIpC,CAAC;IAED,kDAAkD;IACxC,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,oBAAoB,GAAyC,EAAE,CAAC;QACtE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,WAAW,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,KAAK,CAAe,oBAAoB,CAAC,CAAC;QAClG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,aAAa,CAAC,SAAS;YAC9B,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;YAC7C,oBAAoB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG;gBACxC,IAAI,EAAE,YAAY,CAAC,IAAI;gBACvB,MAAM,EAAE,WAAW;gBACnB,6BAA6B,EAAE,YAAY,CAAC,kCAAkC;gBAC9E,2BAA2B,EAAE,KAAK;gBAClC,QAAQ,EAAE,CAAC;gBACX,KAAK,EAAE,EAAE;aACV,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,KAAK,CAAa,iBAAiB,CAAC,CAAC;QAC/F,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YACxC,IAAI,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,SAAS,EAAE,CAAC;gBACtD,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG;oBACpC,IAAI,EAAE,KAAK,CAAC,OAAO;oBACnB,MAAM,EAAE,YAAY;oBACpB,6BAA6B,EAAE,KAAK;oBACpC,2BAA2B,EAAE,KAAK;oBAClC,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,KAAK,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;iBAC7B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC;gBAC/D,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC7E,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;YAC/C,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,IAAI,2BAA2B,GAAG,KAAK,CAAC;QACxC,MAAM,wBAAwB,GAAG,MAAM,WAAW,CAAC,2BAA2B,EAAE,CAAC;QACjF,IAAI,wBAAwB,IAAI,wBAAwB,CAAC,2BAA2B,EAAE,CAAC;YACrF,2BAA2B,GAAG,IAAI,CAAC;QACrC,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACrD,6CAA6C;YAC7C,MAAM,CAAC,2BAA2B,GAAG,2BAA2B,CAAC;QACnE,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;YACvB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,8DAA8D;QAC9D,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -6,8 +6,11 @@ import { Optional } from '../../utils.js';
|
|
|
6
6
|
* properties are completed by the policy.
|
|
7
7
|
*/
|
|
8
8
|
export type PartialPolicyRuleResult = Optional<PolicyRuleExecutionResult, 'isCompliant' | 'compliantEntities' | 'violatedEntities'>;
|
|
9
|
-
|
|
10
|
-
|
|
9
|
+
/**
|
|
10
|
+
*
|
|
11
|
+
*/
|
|
12
|
+
export type RowLevelPolicyRule<ResolvedEntityType> = {
|
|
13
|
+
run(context: RuleAuditContext<ResolvedEntityType>): Promise<PartialPolicyRuleResult>;
|
|
11
14
|
};
|
|
12
15
|
export type IPolicy = {
|
|
13
16
|
run(context: AuditContext): Promise<AuditPolicyResult>;
|
|
@@ -18,10 +21,10 @@ export type AuditContext = {
|
|
|
18
21
|
*/
|
|
19
22
|
targetOrgConnection: Connection;
|
|
20
23
|
};
|
|
21
|
-
export type RuleAuditContext = AuditContext & {
|
|
24
|
+
export type RuleAuditContext<T> = AuditContext & {
|
|
22
25
|
/**
|
|
23
26
|
* Resolved entities from the policy. Can be permission sets,
|
|
24
27
|
* profiles, users, connected apps, etc.
|
|
25
28
|
*/
|
|
26
|
-
resolvedEntities: Record<string,
|
|
29
|
+
resolvedEntities: Record<string, T>;
|
|
27
30
|
};
|
|
@@ -11,6 +11,7 @@ export type ResolvedPermissionSet = {
|
|
|
11
11
|
export default class PermissionSetPolicy extends Policy {
|
|
12
12
|
config: PermSetsPolicyFileContent;
|
|
13
13
|
auditContext: AuditRunConfig;
|
|
14
|
+
private totalEntities;
|
|
14
15
|
constructor(config: PermSetsPolicyFileContent, auditContext: AuditRunConfig, registry?: RuleRegistry);
|
|
15
16
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult>;
|
|
16
17
|
}
|
|
@@ -1,19 +1,25 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
2
|
import MdapiRetriever from '../mdapiRetriever.js';
|
|
3
3
|
import PermSetsRuleRegistry from '../config/registries/permissionSets.js';
|
|
4
|
-
import Policy from './policy.js';
|
|
4
|
+
import Policy, { getTotal } from './policy.js';
|
|
5
5
|
import { PermissionRiskLevelPresets } from './types.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
7
7
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
|
|
8
8
|
export default class PermissionSetPolicy extends Policy {
|
|
9
9
|
config;
|
|
10
10
|
auditContext;
|
|
11
|
+
totalEntities;
|
|
11
12
|
constructor(config, auditContext, registry = new PermSetsRuleRegistry()) {
|
|
12
13
|
super(config, auditContext, registry);
|
|
13
14
|
this.config = config;
|
|
14
15
|
this.auditContext = auditContext;
|
|
16
|
+
this.totalEntities = this.config.permissionSets ? Object.keys(this.config.permissionSets).length : 0;
|
|
15
17
|
}
|
|
16
18
|
async resolveEntities(context) {
|
|
19
|
+
this.emit('entityresolve', {
|
|
20
|
+
total: this.totalEntities,
|
|
21
|
+
resolved: 0,
|
|
22
|
+
});
|
|
17
23
|
const successfullyResolved = {};
|
|
18
24
|
const unresolved = {};
|
|
19
25
|
const retriever = new MdapiRetriever(context.targetOrgConnection);
|
|
@@ -35,7 +41,12 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
35
41
|
}
|
|
36
42
|
}
|
|
37
43
|
});
|
|
38
|
-
|
|
44
|
+
const result = { resolvedEntities: successfullyResolved, ignoredEntities: Object.values(unresolved) };
|
|
45
|
+
this.emit('entityresolve', {
|
|
46
|
+
total: this.totalEntities,
|
|
47
|
+
resolved: getTotal(result),
|
|
48
|
+
});
|
|
49
|
+
return result;
|
|
39
50
|
}
|
|
40
51
|
}
|
|
41
52
|
function filterCategorizedPermsets(permSets) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,cAAc,MAAM,sBAAsB,CAAC;AAClD,OAAO,oBAAoB,MAAM,wCAAwC,CAAC;AAK1E,OAAO,
|
|
1
|
+
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,cAAc,MAAM,sBAAsB,CAAC;AAClD,OAAO,oBAAoB,MAAM,wCAAwC,CAAC;AAK1E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AACpE,OAAO,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAOjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAAM;IAG5C;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,YAA4B,EACnC,WAAyB,IAAI,oBAAoB,EAAE;QAEnD,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAJ/B,WAAM,GAAN,MAAM,CAA2B;QACjC,iBAAY,GAAZ,YAAY,CAAgB;QAInC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACvG,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAA0C,EAAE,CAAC;QACvE,MAAM,UAAU,GAAuC,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,sBAAsB,CAC7D,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CACtD,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,eAAe,CAAC,EAAE,EAAE;YAC1E,oBAAoB,CAAC,WAAW,CAAC,GAAG;gBAClC,QAAQ,EAAE,eAAe;gBACzB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,MAAM;gBACtD,IAAI,EAAE,WAAW;aAClB,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YAChE,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;gBAC5C,IAAI,GAAG,CAAC,MAAM,KAAK,0BAA0B,CAAC,OAAO,EAAE,CAAC;oBACtD,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;gBACtG,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,yBAAyB,CAAC,QAA8B;IAC/D,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;QAC9C,IAAI,GAAG,CAAC,MAAM,KAAK,0BAA0B,CAAC,OAAO,EAAE,CAAC;YACtD,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import EventEmitter from 'node:events';
|
|
1
2
|
import { AuditPolicyResult, EntityResolveError } from '../audit/types.js';
|
|
2
3
|
import { AuditRunConfig, BasePolicyFileContent } from '../config/audit-run/schema.js';
|
|
3
4
|
import RuleRegistry from '../config/registries/ruleRegistry.js';
|
|
@@ -7,14 +8,20 @@ export type ResolveEntityResult = {
|
|
|
7
8
|
resolvedEntities: Record<string, unknown>;
|
|
8
9
|
ignoredEntities: EntityResolveError[];
|
|
9
10
|
};
|
|
10
|
-
export default abstract class Policy implements IPolicy {
|
|
11
|
+
export default abstract class Policy extends EventEmitter implements IPolicy {
|
|
11
12
|
config: BasePolicyFileContent;
|
|
12
13
|
auditConfig: AuditRunConfig;
|
|
13
14
|
protected registry: RuleRegistry;
|
|
14
15
|
protected resolvedRules: RegistryRuleResolveResult;
|
|
16
|
+
protected entities?: ResolveEntityResult;
|
|
15
17
|
constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry: RuleRegistry);
|
|
16
18
|
/**
|
|
17
|
-
*
|
|
19
|
+
* Resolves all entities of the policy.
|
|
20
|
+
*/
|
|
21
|
+
resolve(context: AuditContext): Promise<ResolveEntityResult>;
|
|
22
|
+
/**
|
|
23
|
+
* Runs all rules of a policy. If the entities are not yet resolved, they are
|
|
24
|
+
* resolved on the fly before rules are executed.
|
|
18
25
|
*
|
|
19
26
|
* @param context
|
|
20
27
|
* @returns
|
|
@@ -22,3 +29,4 @@ export default abstract class Policy implements IPolicy {
|
|
|
22
29
|
run(context: AuditContext): Promise<AuditPolicyResult>;
|
|
23
30
|
protected abstract resolveEntities(context: AuditContext): Promise<ResolveEntityResult>;
|
|
24
31
|
}
|
|
32
|
+
export declare function getTotal(resolveResult: ResolveEntityResult): number;
|
|
@@ -1,16 +1,29 @@
|
|
|
1
|
-
|
|
1
|
+
import EventEmitter from 'node:events';
|
|
2
|
+
export default class Policy extends EventEmitter {
|
|
2
3
|
config;
|
|
3
4
|
auditConfig;
|
|
4
5
|
registry;
|
|
5
6
|
resolvedRules;
|
|
7
|
+
entities;
|
|
6
8
|
constructor(config, auditConfig, registry) {
|
|
9
|
+
super();
|
|
7
10
|
this.config = config;
|
|
8
11
|
this.auditConfig = auditConfig;
|
|
9
12
|
this.registry = registry;
|
|
10
13
|
this.resolvedRules = registry.resolveRules(config.rules, auditConfig);
|
|
11
14
|
}
|
|
12
15
|
/**
|
|
13
|
-
*
|
|
16
|
+
* Resolves all entities of the policy.
|
|
17
|
+
*/
|
|
18
|
+
async resolve(context) {
|
|
19
|
+
if (!this.entities) {
|
|
20
|
+
this.entities = await this.resolveEntities(context);
|
|
21
|
+
}
|
|
22
|
+
return this.entities;
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Runs all rules of a policy. If the entities are not yet resolved, they are
|
|
26
|
+
* resolved on the fly before rules are executed.
|
|
14
27
|
*
|
|
15
28
|
* @param context
|
|
16
29
|
* @returns
|
|
@@ -26,7 +39,7 @@ export default class Policy {
|
|
|
26
39
|
ignoredEntities: [],
|
|
27
40
|
};
|
|
28
41
|
}
|
|
29
|
-
const resolveResult = await this.
|
|
42
|
+
const resolveResult = await this.resolve(context);
|
|
30
43
|
const ruleResultPromises = Array();
|
|
31
44
|
for (const rule of this.resolvedRules.enabledRules) {
|
|
32
45
|
ruleResultPromises.push(rule.run({ ...context, resolvedEntities: resolveResult.resolvedEntities }));
|
|
@@ -74,4 +87,9 @@ function evalResolvedEntities(ruleResult, entities) {
|
|
|
74
87
|
});
|
|
75
88
|
return { compliantEntities, violatedEntities: Array.from(violatedEntities) };
|
|
76
89
|
}
|
|
90
|
+
export function getTotal(resolveResult) {
|
|
91
|
+
const resolvedCount = resolveResult.resolvedEntities ? Object.keys(resolveResult.resolvedEntities).length : 0;
|
|
92
|
+
const ignoredCount = resolveResult.ignoredEntities ? resolveResult.ignoredEntities.length : 0;
|
|
93
|
+
return resolvedCount + ignoredCount;
|
|
94
|
+
}
|
|
77
95
|
//# sourceMappingURL=policy.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/libs/policies/policy.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/libs/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAWvC,MAAM,CAAC,OAAO,OAAgB,MAAO,SAAQ,YAAY;IAK9C;IACA;IACG;IANF,aAAa,CAA4B;IACzC,QAAQ,CAAuB;IAEzC,YACS,MAA6B,EAC7B,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QAJD,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,GAAG,CAAC,OAAqB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,OAAO,EAAE,KAAK;gBACd,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,EAAE;gBACnB,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,kBAAkB,GAAG,KAAK,EAAoC,CAAC;QACrE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,aAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACtG,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAChG,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG;gBACnC,GAAG,UAAU;gBACb,WAAW,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBAC/C,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI;YACb,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAA6B;IAE7B,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,aAAkC;IACzD,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}
|
|
@@ -11,6 +11,7 @@ export type ResolvedProfile = {
|
|
|
11
11
|
export default class ProfilePolicy extends Policy {
|
|
12
12
|
config: ProfilesPolicyFileContent;
|
|
13
13
|
auditConfig: AuditRunConfig;
|
|
14
|
+
private totalEntities;
|
|
14
15
|
constructor(config: ProfilesPolicyFileContent, auditConfig: AuditRunConfig, registry?: RuleRegistry);
|
|
15
16
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult>;
|
|
16
17
|
}
|
|
@@ -1,19 +1,25 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
2
|
import { isNullish } from '../utils.js';
|
|
3
3
|
import ProfilesRuleRegistry from '../config/registries/profiles.js';
|
|
4
|
-
import Policy from './policy.js';
|
|
4
|
+
import Policy, { getTotal } from './policy.js';
|
|
5
5
|
import { PermissionRiskLevelPresets } from './types.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
7
7
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
|
|
8
8
|
export default class ProfilePolicy extends Policy {
|
|
9
9
|
config;
|
|
10
10
|
auditConfig;
|
|
11
|
+
totalEntities;
|
|
11
12
|
constructor(config, auditConfig, registry = new ProfilesRuleRegistry()) {
|
|
12
13
|
super(config, auditConfig, registry);
|
|
13
14
|
this.config = config;
|
|
14
15
|
this.auditConfig = auditConfig;
|
|
16
|
+
this.totalEntities = this.config.profiles ? Object.keys(this.config.profiles).length : 0;
|
|
15
17
|
}
|
|
16
18
|
async resolveEntities(context) {
|
|
19
|
+
this.emit('entityresolve', {
|
|
20
|
+
total: this.totalEntities,
|
|
21
|
+
resolved: 0,
|
|
22
|
+
});
|
|
17
23
|
const successfullyResolved = {};
|
|
18
24
|
const ignoredEntities = {};
|
|
19
25
|
const profileQueryResults = Array();
|
|
@@ -54,7 +60,12 @@ export default class ProfilePolicy extends Policy {
|
|
|
54
60
|
ignoredEntities[profileName] = { name: profileName, message: messages.getMessage('entity-not-found') };
|
|
55
61
|
}
|
|
56
62
|
});
|
|
57
|
-
|
|
63
|
+
const result = { resolvedEntities: successfullyResolved, ignoredEntities: Object.values(ignoredEntities) };
|
|
64
|
+
this.emit('entityresolve', {
|
|
65
|
+
total: this.totalEntities,
|
|
66
|
+
resolved: getTotal(result),
|
|
67
|
+
});
|
|
68
|
+
return result;
|
|
58
69
|
}
|
|
59
70
|
}
|
|
60
71
|
//# sourceMappingURL=profilePolicy.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/profilePolicy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,oBAAoB,MAAM,kCAAkC,CAAC;AAEpE,OAAO,
|
|
1
|
+
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/profilePolicy.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExC,OAAO,oBAAoB,MAAM,kCAAkC,CAAC;AAEpE,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,OAAO,EAAE,0BAA0B,EAAE,MAAM,YAAY,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAQjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAM;IAGtC;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,WAA2B,EAClC,WAAyB,IAAI,oBAAoB,EAAE;QAEnD,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAA2B;QACjC,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAE/D,MAAM,mBAAmB,GAAG,KAAK,EAAoC,CAAC;QACtE,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YACvE,IAAI,UAAU,CAAC,MAAM,KAAK,0BAA0B,CAAC,OAAO,EAAE,CAAC;gBAC7D,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CACxB,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,KAAK,CACvC,mDAAmD,WAAW,GAAG,CAClE,CACF,CAAC;gBACF,mBAAmB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC/B,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAC5D,YAAY,CAAC,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE;YAC1B,IAAI,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxC,MAAM,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;gBAC7B,IAAI,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC/B,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG;wBAC7B,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;qBAC5D,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG;wBAClC,IAAI,EAAE,MAAM,CAAC,IAAI;wBACjB,MAAM,EAAE,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM;wBAC9C,QAAQ,EAAE,MAAM,CAAC,QAAQ;qBAC1B,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACtD,IAAI,oBAAoB,CAAC,WAAW,CAAC,KAAK,SAAS,IAAI,eAAe,CAAC,WAAW,CAAC,KAAK,SAAS,EAAE,CAAC;gBAClG,eAAe,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzG,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
+
import { ResolvedConnectedApp } from '../connectedAppPolicy.js';
|
|
1
2
|
import { PartialPolicyRuleResult, RuleAuditContext } from '../interfaces/policyRuleInterfaces.js';
|
|
2
3
|
import PolicyRule, { RuleOptions } from './policyRule.js';
|
|
3
|
-
export default class AllUsedAppsUnderManagement extends PolicyRule {
|
|
4
|
+
export default class AllUsedAppsUnderManagement extends PolicyRule<ResolvedConnectedApp> {
|
|
4
5
|
constructor(opts: RuleOptions);
|
|
5
|
-
run(context: RuleAuditContext): Promise<PartialPolicyRuleResult>;
|
|
6
|
+
run(context: RuleAuditContext<ResolvedConnectedApp>): Promise<PartialPolicyRuleResult>;
|
|
6
7
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"allUsedAppsUnderManagement.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/allUsedAppsUnderManagement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,0BAA2B,SAAQ,
|
|
1
|
+
{"version":3,"file":"allUsedAppsUnderManagement.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/allUsedAppsUnderManagement.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,0BAA2B,SAAQ,UAAgC;IACtF,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAA+C;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,GAAG,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;gBAChC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;oBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wCAAwC,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC;iBACzG,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { PartialPolicyRuleResult, RuleAuditContext } from '../interfaces/policyRuleInterfaces.js';
|
|
2
|
+
import { ResolvedProfile } from '../profilePolicy.js';
|
|
2
3
|
import PolicyRule, { RuleOptions } from './policyRule.js';
|
|
3
|
-
export default class EnforceCustomPermsClassificationOnProfiles extends PolicyRule {
|
|
4
|
+
export default class EnforceCustomPermsClassificationOnProfiles extends PolicyRule<ResolvedProfile> {
|
|
4
5
|
constructor(opts: RuleOptions);
|
|
5
|
-
run(context: RuleAuditContext): Promise<PartialPolicyRuleResult>;
|
|
6
|
+
run(context: RuleAuditContext<ResolvedProfile>): Promise<PartialPolicyRuleResult>;
|
|
6
7
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforceCustomPermsClassificationOnProfiles.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/enforceCustomPermsClassificationOnProfiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEzE,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,0CAA2C,SAAQ,
|
|
1
|
+
{"version":3,"file":"enforceCustomPermsClassificationOnProfiles.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/enforceCustomPermsClassificationOnProfiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEzE,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,0CAA2C,SAAQ,UAA2B;IACjG,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAA0C;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,iBAAiB,IAAI,EAAE,CAAC;YAC7D,WAAW,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;gBAC3B,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC7C,MAAM,cAAc,GAAG,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;gBAC/D,IAAI,cAAc,EAAE,CAAC;oBACnB,IAAI,cAAc,CAAC,cAAc,KAAK,eAAe,CAAC,OAAO,EAAE,CAAC;wBAC9D,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;4BACrB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;yBACjE,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,CAAC,yBAAyB,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;wBACrF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;4BACrB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;gCACxE,cAAc,CAAC,cAAc;gCAC7B,OAAO,CAAC,MAAM;6BACf,CAAC;yBACH,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,cAAc,CAAC,cAAc,KAAK,eAAe,CAAC,OAAO,EAAE,CAAC;wBACrE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4BACnB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;yBAC5D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,+CAA+C,CAAC;qBAC9E,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { PartialPolicyRuleResult, RuleAuditContext } from '../interfaces/policyRuleInterfaces.js';
|
|
2
|
+
import { ResolvedPermissionSet } from '../permissionSetPolicy.js';
|
|
2
3
|
import PolicyRule, { RuleOptions } from './policyRule.js';
|
|
3
|
-
export default class EnforceUserPermsClassificationOnPermSets extends PolicyRule {
|
|
4
|
+
export default class EnforceUserPermsClassificationOnPermSets extends PolicyRule<ResolvedPermissionSet> {
|
|
4
5
|
constructor(opts: RuleOptions);
|
|
5
|
-
run(context: RuleAuditContext): Promise<PartialPolicyRuleResult>;
|
|
6
|
+
run(context: RuleAuditContext<ResolvedPermissionSet>): Promise<PartialPolicyRuleResult>;
|
|
6
7
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforceUserPermsClassificationOnPermSets.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/enforceUserPermsClassificationOnPermSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEzE,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,wCAAyC,SAAQ,
|
|
1
|
+
{"version":3,"file":"enforceUserPermsClassificationOnPermSets.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/enforceUserPermsClassificationOnPermSets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEzE,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,wCAAyC,SAAQ,UAAiC;IACrG,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAgD;QACzD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,eAAe,IAAI,EAAE,CAAC;YACzD,SAAS,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC7B,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACjD,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACrE,IAAI,kBAAkB,EAAE,CAAC;oBACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,eAAe,CAAC,OAAO,EAAE,CAAC;wBAClE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;4BACrB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;yBACjE,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;wBACzF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;4BACrB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;gCACxE,kBAAkB,CAAC,cAAc;gCACjC,OAAO,CAAC,MAAM;6BACf,CAAC;yBACH,CAAC,CAAC;oBACL,CAAC;yBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,eAAe,CAAC,OAAO,EAAE,CAAC;wBACzE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4BACnB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;yBAC5D,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU;wBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,sDAAsD,CAAC;qBACrF,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { PartialPolicyRuleResult, RuleAuditContext } from '../interfaces/policyRuleInterfaces.js';
|
|
2
|
+
import { ResolvedProfile } from '../profilePolicy.js';
|
|
2
3
|
import PolicyRule, { RuleOptions } from './policyRule.js';
|
|
3
|
-
export default class EnforceUserPermsClassificationOnProfiles extends PolicyRule {
|
|
4
|
+
export default class EnforceUserPermsClassificationOnProfiles extends PolicyRule<ResolvedProfile> {
|
|
4
5
|
constructor(opts: RuleOptions);
|
|
5
|
-
run(context: RuleAuditContext): Promise<PartialPolicyRuleResult>;
|
|
6
|
+
run(context: RuleAuditContext<ResolvedProfile>): Promise<PartialPolicyRuleResult>;
|
|
6
7
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforceUserPermsClassificationOnProfiles.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/enforceUserPermsClassificationOnProfiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEzE,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,wCAAyC,SAAQ,
|
|
1
|
+
{"version":3,"file":"enforceUserPermsClassificationOnProfiles.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/enforceUserPermsClassificationOnProfiles.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEzE,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAEnH,MAAM,CAAC,OAAO,OAAO,wCAAyC,SAAQ,UAA2B;IAC/F,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAA0C;QACnD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;gBACjD,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;oBACpD,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACjD,MAAM,kBAAkB,GAAG,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACrE,IAAI,kBAAkB,EAAE,CAAC;wBACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,eAAe,CAAC,OAAO,EAAE,CAAC;4BAClE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gCACrB,UAAU;gCACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;6BACjE,CAAC,CAAC;wBACL,CAAC;6BAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;4BACzF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gCACrB,UAAU;gCACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;oCACxE,kBAAkB,CAAC,cAAc;oCACjC,OAAO,CAAC,MAAM;iCACf,CAAC;6BACH,CAAC,CAAC;wBACL,CAAC;6BAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,eAAe,CAAC,OAAO,EAAE,CAAC;4BACzE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gCACnB,UAAU;gCACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;6BAC5D,CAAC,CAAC;wBACL,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;4BACnB,UAAU;4BACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,+CAA+C,CAAC;yBAC9E,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { PartialPolicyRuleResult, RuleAuditContext } from '../interfaces/policyRuleInterfaces.js';
|
|
2
|
+
import { ResolvedConnectedApp } from '../connectedAppPolicy.js';
|
|
2
3
|
import PolicyRule, { RuleOptions } from './policyRule.js';
|
|
3
|
-
export default class NoUserCanSelfAuthorize extends PolicyRule {
|
|
4
|
+
export default class NoUserCanSelfAuthorize extends PolicyRule<ResolvedConnectedApp> {
|
|
4
5
|
constructor(opts: RuleOptions);
|
|
5
|
-
run(context: RuleAuditContext): Promise<PartialPolicyRuleResult>;
|
|
6
|
+
run(context: RuleAuditContext<ResolvedConnectedApp>): Promise<PartialPolicyRuleResult>;
|
|
6
7
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"noUserCanSelfAuthorize.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/noUserCanSelfAuthorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,sBAAuB,SAAQ,
|
|
1
|
+
{"version":3,"file":"noUserCanSelfAuthorize.js","sourceRoot":"","sources":["../../../../src/libs/policies/rules/noUserCanSelfAuthorize.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAEpG,MAAM,CAAC,OAAO,OAAO,sBAAuB,SAAQ,UAAgC;IAClF,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAA+C;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,qBAAqB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvD,MAAM,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YACnD,IAAI,CAAC,GAAG,CAAC,6BAA6B,EAAE,CAAC;gBACvC,IAAI,GAAG,CAAC,2BAA2B,EAAE,CAAC;oBACpC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;wBACnB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yDAAyD,CAAC;qBACxF,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC;wBACtB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,CAAC;qBACpE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -5,12 +5,12 @@ export type RuleOptions = {
|
|
|
5
5
|
ruleDisplayName: string;
|
|
6
6
|
ruleConfig?: unknown;
|
|
7
7
|
};
|
|
8
|
-
export default abstract class PolicyRule implements RowLevelPolicyRule {
|
|
8
|
+
export default abstract class PolicyRule<EntityType> implements RowLevelPolicyRule<EntityType> {
|
|
9
9
|
auditContext: AuditRunConfig;
|
|
10
10
|
ruleDisplayName: string;
|
|
11
11
|
constructor(opts: RuleOptions);
|
|
12
12
|
protected initResult(): PartialPolicyRuleResult;
|
|
13
13
|
protected resolveUserPermission(permName: string): NamedPermissionsClassification | undefined;
|
|
14
14
|
protected resolveCustomPermission(permName: string): NamedPermissionsClassification | undefined;
|
|
15
|
-
abstract run(context: RuleAuditContext): Promise<PartialPolicyRuleResult>;
|
|
15
|
+
abstract run(context: RuleAuditContext<EntityType>): Promise<PartialPolicyRuleResult>;
|
|
16
16
|
}
|
package/lib/libs/utils.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export declare function isEmpty(
|
|
1
|
+
export declare function isEmpty(anything?: unknown): boolean;
|
|
2
2
|
export declare function isNullish(anything: unknown): boolean;
|
|
3
3
|
export type Optional<T, K extends keyof T> = Pick<Partial<T>, K> & Omit<T, K>;
|
package/lib/libs/utils.js
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
|
-
export function isEmpty(
|
|
2
|
-
|
|
1
|
+
export function isEmpty(anything) {
|
|
2
|
+
if (isNullish(anything)) {
|
|
3
|
+
return true;
|
|
4
|
+
}
|
|
5
|
+
if (typeof anything === 'object') {
|
|
6
|
+
return Object.entries(anything).length === 0;
|
|
7
|
+
}
|
|
8
|
+
return false;
|
|
3
9
|
}
|
|
4
10
|
export function isNullish(anything) {
|
|
5
11
|
return !(Boolean(anything) && anything !== null);
|
package/lib/libs/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/libs/utils.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../../src/libs/utils.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,OAAO,CAAC,QAAkB;IACxC,IAAI,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,MAAM,CAAC,OAAO,CAAC,QAAS,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,QAAiB;IACzC,OAAO,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,KAAK,IAAI,CAAC,CAAC;AACnD,CAAC"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
import { MultiStageOutput, MultiStageOutputOptions } from '@oclif/multi-stage-output';
|
|
2
|
+
import AuditRun from '../libs/policies/auditRun.js';
|
|
3
|
+
export declare const LOAD_AUDIT_CONFIG = "Loading audit config";
|
|
4
|
+
export declare const RESOLVE_POLICIES = "Resolving policies";
|
|
5
|
+
export declare const EXECUTE_RULES = "Executing rules";
|
|
6
|
+
export declare const FINALISE = "Formatting results";
|
|
7
|
+
export type AuditRunStageOptions = {
|
|
8
|
+
targetOrg: string;
|
|
9
|
+
directoryRootPath: string;
|
|
10
|
+
jsonEnabled?: boolean;
|
|
11
|
+
};
|
|
12
|
+
/**
|
|
13
|
+
* This type mimics the original "StageBlockInfo" type from
|
|
14
|
+
* MultiStageOutput and allows us to make test asserts.
|
|
15
|
+
*/
|
|
16
|
+
type StageBlockInfo<T> = {
|
|
17
|
+
stage: string;
|
|
18
|
+
type: 'dynamic-key-value' | 'static-key-value' | 'message';
|
|
19
|
+
label?: string;
|
|
20
|
+
get(data: T): string;
|
|
21
|
+
};
|
|
22
|
+
export default class AuditRunMultiStageOutput {
|
|
23
|
+
mso: MultiStageOutput<AuditRunData>;
|
|
24
|
+
stageSpecificBlocks: Array<StageBlockInfo<AuditRunData>>;
|
|
25
|
+
private polStats;
|
|
26
|
+
constructor(opts: MultiStageOutputOptions<AuditRunData>);
|
|
27
|
+
/**
|
|
28
|
+
* In unit tests, we stub the actual UX class to hide output in terminal.
|
|
29
|
+
*
|
|
30
|
+
* @param opts
|
|
31
|
+
* @returns
|
|
32
|
+
*/
|
|
33
|
+
static initUx(opts: MultiStageOutputOptions<AuditRunData>): MultiStageOutput<AuditRunData>;
|
|
34
|
+
/**
|
|
35
|
+
* This pattern allows to stub multi-stage outputs in tests to mute output
|
|
36
|
+
* to stdout during test execution.
|
|
37
|
+
*
|
|
38
|
+
* In your code, create a new instance like this
|
|
39
|
+
* ```
|
|
40
|
+
* const ms = AuditRunMultiStageOutput.create(sobj, flags.json);
|
|
41
|
+
* ```
|
|
42
|
+
*
|
|
43
|
+
* @param opts
|
|
44
|
+
* @param jsonEnabled
|
|
45
|
+
* @returns
|
|
46
|
+
*/
|
|
47
|
+
static create(opts: AuditRunStageOptions): AuditRunMultiStageOutput;
|
|
48
|
+
start(): void;
|
|
49
|
+
startPolicyResolve(runInstance: AuditRun): void;
|
|
50
|
+
startRuleExecution(): void;
|
|
51
|
+
finish(): void;
|
|
52
|
+
private addPolicyStatsListener;
|
|
53
|
+
}
|
|
54
|
+
export type AuditRunData = {
|
|
55
|
+
enabledRulesInPolicy: string[];
|
|
56
|
+
currentStatus: string;
|
|
57
|
+
policies: PolicyStatistics;
|
|
58
|
+
};
|
|
59
|
+
type PolicyStatistics = {
|
|
60
|
+
[policyName: string]: {
|
|
61
|
+
total?: number;
|
|
62
|
+
resolved?: number;
|
|
63
|
+
};
|
|
64
|
+
};
|
|
65
|
+
export {};
|
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
import { MultiStageOutput } from '@oclif/multi-stage-output';
|
|
2
|
+
export const LOAD_AUDIT_CONFIG = 'Loading audit config';
|
|
3
|
+
export const RESOLVE_POLICIES = 'Resolving policies';
|
|
4
|
+
export const EXECUTE_RULES = 'Executing rules';
|
|
5
|
+
export const FINALISE = 'Formatting results';
|
|
6
|
+
export default class AuditRunMultiStageOutput {
|
|
7
|
+
mso;
|
|
8
|
+
stageSpecificBlocks;
|
|
9
|
+
polStats;
|
|
10
|
+
constructor(opts) {
|
|
11
|
+
this.stageSpecificBlocks = opts.stageSpecificBlock;
|
|
12
|
+
this.mso = AuditRunMultiStageOutput.initUx(opts);
|
|
13
|
+
this.polStats = {};
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* In unit tests, we stub the actual UX class to hide output in terminal.
|
|
17
|
+
*
|
|
18
|
+
* @param opts
|
|
19
|
+
* @returns
|
|
20
|
+
*/
|
|
21
|
+
static initUx(opts) {
|
|
22
|
+
return new MultiStageOutput(opts);
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* This pattern allows to stub multi-stage outputs in tests to mute output
|
|
26
|
+
* to stdout during test execution.
|
|
27
|
+
*
|
|
28
|
+
* In your code, create a new instance like this
|
|
29
|
+
* ```
|
|
30
|
+
* const ms = AuditRunMultiStageOutput.create(sobj, flags.json);
|
|
31
|
+
* ```
|
|
32
|
+
*
|
|
33
|
+
* @param opts
|
|
34
|
+
* @param jsonEnabled
|
|
35
|
+
* @returns
|
|
36
|
+
*/
|
|
37
|
+
static create(opts) {
|
|
38
|
+
return new AuditRunMultiStageOutput({
|
|
39
|
+
jsonEnabled: opts.jsonEnabled ?? false,
|
|
40
|
+
stages: [LOAD_AUDIT_CONFIG, RESOLVE_POLICIES, EXECUTE_RULES, FINALISE],
|
|
41
|
+
title: 'Auditing Org',
|
|
42
|
+
preStagesBlock: [
|
|
43
|
+
{
|
|
44
|
+
type: 'message',
|
|
45
|
+
get: () => `Auditing ${opts.targetOrg} with config from ${opts.directoryRootPath}`,
|
|
46
|
+
},
|
|
47
|
+
],
|
|
48
|
+
postStagesBlock: [
|
|
49
|
+
{
|
|
50
|
+
type: 'static-key-value',
|
|
51
|
+
label: 'Status',
|
|
52
|
+
get: (data) => data?.currentStatus,
|
|
53
|
+
},
|
|
54
|
+
],
|
|
55
|
+
stageSpecificBlock: [],
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
start() {
|
|
59
|
+
this.mso.goto(LOAD_AUDIT_CONFIG, { currentStatus: 'Initialising' });
|
|
60
|
+
}
|
|
61
|
+
startPolicyResolve(runInstance) {
|
|
62
|
+
this.mso.goto(RESOLVE_POLICIES, { currentStatus: 'Resolving' });
|
|
63
|
+
Object.entries(runInstance.configs.policies).forEach(([policyName, policy]) => {
|
|
64
|
+
const policyDef = policy;
|
|
65
|
+
this.addPolicyStatsListener(policyName, runInstance);
|
|
66
|
+
this.stageSpecificBlocks.push({
|
|
67
|
+
stage: RESOLVE_POLICIES,
|
|
68
|
+
type: 'dynamic-key-value',
|
|
69
|
+
label: policyName,
|
|
70
|
+
get: (data) => {
|
|
71
|
+
if (data?.policies?.[policyName]) {
|
|
72
|
+
return `${data.policies[policyName].resolved ?? 0}/${data.policies[policyName].total ?? 0}`;
|
|
73
|
+
}
|
|
74
|
+
else {
|
|
75
|
+
return '';
|
|
76
|
+
}
|
|
77
|
+
},
|
|
78
|
+
});
|
|
79
|
+
if (policyDef.content.rules && Object.keys(policyDef.content.rules).length > 0) {
|
|
80
|
+
this.stageSpecificBlocks.push({
|
|
81
|
+
stage: EXECUTE_RULES,
|
|
82
|
+
type: 'message',
|
|
83
|
+
get: () => `Execute ${Object.keys(policyDef.content.rules).length} rule(s) for ${policyName}`,
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
});
|
|
87
|
+
this.mso.updateData({});
|
|
88
|
+
}
|
|
89
|
+
startRuleExecution() {
|
|
90
|
+
this.mso.goto(EXECUTE_RULES, { currentStatus: 'Executing' });
|
|
91
|
+
}
|
|
92
|
+
finish() {
|
|
93
|
+
this.mso.goto(FINALISE, { currentStatus: 'Completed' });
|
|
94
|
+
this.mso.stop('completed');
|
|
95
|
+
}
|
|
96
|
+
addPolicyStatsListener = (policyName, runInstance) => {
|
|
97
|
+
// multi stage output updates its entire internal state, but only "patches"
|
|
98
|
+
// data one level deep (e.g. policies property is replaced entierly)
|
|
99
|
+
// thats why we gather the statistics for each individual policy in a single variable
|
|
100
|
+
// and then update the multi stage data with aggregated data
|
|
101
|
+
runInstance.addListener(`entityresolve-${policyName}`, (data) => {
|
|
102
|
+
if (this.polStats[policyName]) {
|
|
103
|
+
if (data.resolved) {
|
|
104
|
+
this.polStats[policyName].resolved = data.resolved;
|
|
105
|
+
}
|
|
106
|
+
if (data.total) {
|
|
107
|
+
this.polStats[policyName].total = data.total;
|
|
108
|
+
}
|
|
109
|
+
}
|
|
110
|
+
else {
|
|
111
|
+
this.polStats[policyName] = { resolved: data.resolved ?? 0, total: data.total ?? 0 };
|
|
112
|
+
}
|
|
113
|
+
this.mso.updateData({ policies: structuredClone(this.polStats) });
|
|
114
|
+
});
|
|
115
|
+
};
|
|
116
|
+
}
|
|
117
|
+
//# sourceMappingURL=auditRunMultiStage.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auditRunMultiStage.js","sourceRoot":"","sources":["../../src/ux/auditRunMultiStage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAA2B,MAAM,2BAA2B,CAAC;AAItF,MAAM,CAAC,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AACxD,MAAM,CAAC,MAAM,gBAAgB,GAAG,oBAAoB,CAAC;AACrD,MAAM,CAAC,MAAM,aAAa,GAAG,iBAAiB,CAAC;AAC/C,MAAM,CAAC,MAAM,QAAQ,GAAG,oBAAoB,CAAC;AAmB7C,MAAM,CAAC,OAAO,OAAO,wBAAwB;IACpC,GAAG,CAAiC;IACpC,mBAAmB,CAAsC;IACxD,QAAQ,CAAmB;IAEnC,YAAmB,IAA2C;QAC5D,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC,kBAAyD,CAAC;QAC1F,IAAI,CAAC,GAAG,GAAG,wBAAwB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,CAAC,QAAQ,GAAG,EAAE,CAAC;IACrB,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,MAAM,CAAC,IAA2C;QAC9D,OAAO,IAAI,gBAAgB,CAAe,IAAI,CAAC,CAAC;IAClD,CAAC;IAED;;;;;;;;;;;;OAYG;IACI,MAAM,CAAC,MAAM,CAAC,IAA0B;QAC7C,OAAO,IAAI,wBAAwB,CAAC;YAClC,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,KAAK;YACtC,MAAM,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,EAAE,aAAa,EAAE,QAAQ,CAAC;YACtE,KAAK,EAAE,cAAc;YACrB,cAAc,EAAE;gBACd;oBACE,IAAI,EAAE,SAAS;oBACf,GAAG,EAAE,GAAG,EAAE,CAAC,YAAY,IAAI,CAAC,SAAS,qBAAqB,IAAI,CAAC,iBAAiB,EAAE;iBACnF;aACF;YACD,eAAe,EAAE;gBACf;oBACE,IAAI,EAAE,kBAAkB;oBACxB,KAAK,EAAE,QAAQ;oBACf,GAAG,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,aAAa;iBACnC;aACF;YACD,kBAAkB,EAAE,EAAE;SACvB,CAAC,CAAC;IACL,CAAC;IAEM,KAAK;QACV,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,aAAa,EAAE,cAAc,EAAE,CAAC,CAAC;IACtE,CAAC;IAEM,kBAAkB,CAAC,WAAqB;QAC7C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,CAAC;QAChE,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,EAAE;YAC5E,MAAM,SAAS,GAAG,MAA2C,CAAC;YAC9D,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACrD,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;gBAC5B,KAAK,EAAE,gBAAgB;gBACvB,IAAI,EAAE,mBAAmB;gBACzB,KAAK,EAAE,UAAU;gBACjB,GAAG,EAAE,CAAC,IAAkB,EAAU,EAAE;oBAClC,IAAI,IAAI,EAAE,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;wBACjC,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,QAAQ,IAAI,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;oBAC9F,CAAC;yBAAM,CAAC;wBACN,OAAO,EAAE,CAAC;oBACZ,CAAC;gBACH,CAAC;aACF,CAAC,CAAC;YACH,IAAI,SAAS,CAAC,OAAO,CAAC,KAAK,IAAI,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/E,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC;oBAC5B,KAAK,EAAE,aAAa;oBACpB,IAAI,EAAE,SAAS;oBACf,GAAG,EAAE,GAAG,EAAE,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,gBAAgB,UAAU,EAAE;iBAC9F,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;IAEM,kBAAkB;QACvB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,CAAC;IAC/D,CAAC;IAEM,MAAM;QACX,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAC7B,CAAC;IAEO,sBAAsB,GAAG,CAAC,UAAkB,EAAE,WAAqB,EAAQ,EAAE;QACnF,2EAA2E;QAC3E,oEAAoE;QACpE,qFAAqF;QACrF,4DAA4D;QAC5D,WAAW,CAAC,WAAW,CAAC,iBAAiB,UAAU,EAAE,EAAE,CAAC,IAAwB,EAAE,EAAE;YAClF,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAClB,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;gBACrD,CAAC;gBACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;oBACf,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;gBAC/C,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,CAAC,EAAE,CAAC;YACvF,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;CACH"}
|
|
@@ -24,10 +24,6 @@ Loads all classifications and policies from the directory and uses them to audit
|
|
|
24
24
|
|
|
25
25
|
<%= config.bin %> <%= command.id %> -o MyTargetOrg -d configs/prod
|
|
26
26
|
|
|
27
|
-
# success.summary
|
|
28
|
-
|
|
29
|
-
Successfully executed %s policies.
|
|
30
|
-
|
|
31
27
|
# success.all-policies-compliant
|
|
32
28
|
|
|
33
29
|
All policies are compliant.
|
package/oclif.manifest.json
CHANGED
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j-schreiber/sf-cli-security-audit",
|
|
3
3
|
"description": "Salesforce CLI plugin to automate highly configurable security audits",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.4.0",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "https",
|
|
7
7
|
"url": "https://github.com/j-schreiber/js-sf-cli-security-audit"
|