@j-schreiber/sf-cli-security-audit 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -5
- package/lib/commands/org/audit/init.d.ts +3 -1
- package/lib/commands/org/audit/init.js +12 -2
- package/lib/commands/org/audit/init.js.map +1 -1
- package/lib/commands/org/audit/run.d.ts +1 -1
- package/lib/libs/{policies/initialisation → conf-init}/auditConfig.d.ts +9 -1
- package/lib/libs/{policies/initialisation → conf-init}/auditConfig.js +4 -6
- package/lib/libs/conf-init/auditConfig.js.map +1 -0
- package/lib/libs/{policies/initialisation → conf-init}/permissionsClassification.d.ts +4 -4
- package/lib/libs/conf-init/permissionsClassification.js +80 -0
- package/lib/libs/conf-init/permissionsClassification.js.map +1 -0
- package/lib/libs/{policies/initialisation → conf-init}/policyConfigs.d.ts +1 -1
- package/lib/libs/{policies/initialisation → conf-init}/policyConfigs.js +8 -10
- package/lib/libs/conf-init/policyConfigs.js.map +1 -0
- package/lib/libs/conf-init/presets/loose.d.ts +6 -0
- package/lib/libs/conf-init/presets/loose.js +35 -0
- package/lib/libs/conf-init/presets/loose.js.map +1 -0
- package/lib/libs/conf-init/presets/none.d.ts +30 -0
- package/lib/libs/conf-init/presets/none.js +54 -0
- package/lib/libs/conf-init/presets/none.js.map +1 -0
- package/lib/libs/conf-init/presets/strict.d.ts +4 -0
- package/lib/libs/conf-init/presets/strict.js +28 -0
- package/lib/libs/conf-init/presets/strict.js.map +1 -0
- package/lib/libs/conf-init/presets.d.ts +7 -0
- package/lib/libs/conf-init/presets.js +20 -0
- package/lib/libs/conf-init/presets.js.map +1 -0
- package/lib/libs/core/classification-types.d.ts +20 -0
- package/lib/libs/core/classification-types.js +23 -0
- package/lib/libs/core/classification-types.js.map +1 -0
- package/lib/libs/{config/queries.js → core/constants.js} +1 -1
- package/lib/libs/core/constants.js.map +1 -0
- package/lib/libs/{config/audit-run → core/file-mgmt}/auditConfigFileManager.d.ts +19 -0
- package/lib/libs/{config/audit-run → core/file-mgmt}/auditConfigFileManager.js +22 -7
- package/lib/libs/core/file-mgmt/auditConfigFileManager.js.map +1 -0
- package/lib/libs/{config/audit-run → core/file-mgmt}/schema.d.ts +10 -9
- package/lib/libs/{config/audit-run → core/file-mgmt}/schema.js +4 -3
- package/lib/libs/core/file-mgmt/schema.js.map +1 -0
- package/lib/libs/core/mdapi/mdapiRetriever.d.ts +52 -0
- package/lib/libs/core/mdapi/mdapiRetriever.js +116 -0
- package/lib/libs/core/mdapi/mdapiRetriever.js.map +1 -0
- package/lib/libs/core/mdapi/metadataRegistryEntry.d.ts +39 -0
- package/lib/libs/core/mdapi/metadataRegistryEntry.js +31 -0
- package/lib/libs/core/mdapi/metadataRegistryEntry.js.map +1 -0
- package/lib/libs/core/mdapi/namedMetadataToolingQueryable.d.ts +33 -0
- package/lib/libs/core/mdapi/namedMetadataToolingQueryable.js +41 -0
- package/lib/libs/core/mdapi/namedMetadataToolingQueryable.js.map +1 -0
- package/lib/libs/core/mdapi/namedMetadataType.d.ts +20 -0
- package/lib/libs/core/mdapi/namedMetadataType.js +36 -0
- package/lib/libs/core/mdapi/namedMetadataType.js.map +1 -0
- package/lib/libs/core/mdapi/singletonMetadataType.d.ts +21 -0
- package/lib/libs/core/mdapi/singletonMetadataType.js +35 -0
- package/lib/libs/core/mdapi/singletonMetadataType.js.map +1 -0
- package/lib/libs/core/policy-types.d.ts +18 -0
- package/lib/libs/core/policy-types.js +28 -0
- package/lib/libs/core/policy-types.js.map +1 -0
- package/lib/libs/core/registries/connectedApps.d.ts +13 -0
- package/lib/libs/{config → core}/registries/connectedApps.js +2 -2
- package/lib/libs/core/registries/connectedApps.js.map +1 -0
- package/lib/libs/{config → core}/registries/permissionSets.d.ts +6 -0
- package/lib/libs/{config → core}/registries/permissionSets.js +1 -1
- package/lib/libs/core/registries/permissionSets.js.map +1 -0
- package/lib/libs/{config → core}/registries/profiles.d.ts +6 -0
- package/lib/libs/{config → core}/registries/profiles.js +2 -2
- package/lib/libs/core/registries/profiles.js.map +1 -0
- package/lib/libs/{config → core}/registries/ruleRegistry.d.ts +13 -3
- package/lib/libs/core/registries/ruleRegistry.js.map +1 -0
- package/lib/libs/{policies → core/registries}/rules/allUsedAppsUnderManagement.d.ts +2 -2
- package/lib/libs/core/registries/rules/allUsedAppsUnderManagement.js.map +1 -0
- package/lib/libs/{policies → core/registries}/rules/enforceCustomPermsClassificationOnProfiles.d.ts +2 -2
- package/lib/libs/{policies → core/registries}/rules/enforceCustomPermsClassificationOnProfiles.js +4 -3
- package/lib/libs/core/registries/rules/enforceCustomPermsClassificationOnProfiles.js.map +1 -0
- package/lib/libs/{policies → core/registries}/rules/enforceUserPermsClassificationOnPermSets.d.ts +2 -2
- package/lib/libs/{policies → core/registries}/rules/enforceUserPermsClassificationOnPermSets.js +4 -3
- package/lib/libs/core/registries/rules/enforceUserPermsClassificationOnPermSets.js.map +1 -0
- package/lib/libs/{policies → core/registries}/rules/enforceUserPermsClassificationOnProfiles.d.ts +2 -2
- package/lib/libs/{policies → core/registries}/rules/enforceUserPermsClassificationOnProfiles.js +4 -3
- package/lib/libs/core/registries/rules/enforceUserPermsClassificationOnProfiles.js.map +1 -0
- package/lib/libs/{policies → core/registries}/rules/noUserCanSelfAuthorize.d.ts +2 -2
- package/lib/libs/core/registries/rules/noUserCanSelfAuthorize.js.map +1 -0
- package/lib/libs/{policies → core/registries}/rules/policyRule.d.ts +2 -2
- package/lib/libs/core/registries/rules/policyRule.js.map +1 -0
- package/lib/libs/{policies/interfaces/policyRuleInterfaces.d.ts → core/registries/types.d.ts} +7 -2
- package/lib/libs/core/registries/types.js +9 -0
- package/lib/libs/core/registries/types.js.map +1 -0
- package/lib/libs/{audit/types.d.ts → core/result-types.d.ts} +17 -0
- package/lib/libs/core/result-types.js +2 -0
- package/lib/libs/core/result-types.js.map +1 -0
- package/lib/libs/core/utils.js.map +1 -0
- package/lib/libs/policies/auditRun.d.ts +2 -2
- package/lib/libs/policies/auditRun.js +2 -2
- package/lib/libs/policies/auditRun.js.map +1 -1
- package/lib/libs/policies/connectedAppPolicy.d.ts +3 -12
- package/lib/libs/policies/connectedAppPolicy.js +6 -6
- package/lib/libs/policies/connectedAppPolicy.js.map +1 -1
- package/lib/libs/policies/permissionSetPolicy.d.ts +3 -10
- package/lib/libs/policies/permissionSetPolicy.js +17 -16
- package/lib/libs/policies/permissionSetPolicy.js.map +1 -1
- package/lib/libs/policies/policy.d.ts +4 -5
- package/lib/libs/policies/policy.js.map +1 -1
- package/lib/libs/policies/profilePolicy.d.ts +3 -10
- package/lib/libs/policies/profilePolicy.js +24 -31
- package/lib/libs/policies/profilePolicy.js.map +1 -1
- package/messages/org.audit.init.md +12 -0
- package/messages/policyclassifications.md +38 -2
- package/oclif.manifest.json +18 -2
- package/package.json +1 -1
- package/lib/libs/audit/types.js +0 -2
- package/lib/libs/audit/types.js.map +0 -1
- package/lib/libs/config/audit-run/auditConfigFileManager.js.map +0 -1
- package/lib/libs/config/audit-run/schema.js.map +0 -1
- package/lib/libs/config/defaultPolicyClassification.d.ts +0 -2
- package/lib/libs/config/defaultPolicyClassification.js +0 -63
- package/lib/libs/config/defaultPolicyClassification.js.map +0 -1
- package/lib/libs/config/queries.js.map +0 -1
- package/lib/libs/config/registries/connectedApps.d.ts +0 -5
- package/lib/libs/config/registries/connectedApps.js.map +0 -1
- package/lib/libs/config/registries/permissionSets.js.map +0 -1
- package/lib/libs/config/registries/profiles.js.map +0 -1
- package/lib/libs/config/registries/ruleRegistry.js.map +0 -1
- package/lib/libs/config/registries/types.d.ts +0 -7
- package/lib/libs/config/registries/types.js +0 -2
- package/lib/libs/config/registries/types.js.map +0 -1
- package/lib/libs/mdapiRetriever.d.ts +0 -18
- package/lib/libs/mdapiRetriever.js +0 -60
- package/lib/libs/mdapiRetriever.js.map +0 -1
- package/lib/libs/policies/initialisation/auditConfig.js.map +0 -1
- package/lib/libs/policies/initialisation/permissionsClassification.js +0 -71
- package/lib/libs/policies/initialisation/permissionsClassification.js.map +0 -1
- package/lib/libs/policies/initialisation/policyConfigs.js.map +0 -1
- package/lib/libs/policies/interfaces/policyRuleInterfaces.js +0 -2
- package/lib/libs/policies/interfaces/policyRuleInterfaces.js.map +0 -1
- package/lib/libs/policies/rules/allUsedAppsUnderManagement.js.map +0 -1
- package/lib/libs/policies/rules/enforceCustomPermsClassificationOnProfiles.js.map +0 -1
- package/lib/libs/policies/rules/enforceUserPermsClassificationOnPermSets.js.map +0 -1
- package/lib/libs/policies/rules/enforceUserPermsClassificationOnProfiles.js.map +0 -1
- package/lib/libs/policies/rules/noUserCanSelfAuthorize.js.map +0 -1
- package/lib/libs/policies/rules/policyRule.js.map +0 -1
- package/lib/libs/policies/types.d.ts +0 -36
- package/lib/libs/policies/types.js +0 -45
- package/lib/libs/policies/types.js.map +0 -1
- package/lib/libs/utils.js.map +0 -1
- /package/lib/libs/{config/queries.d.ts → core/constants.d.ts} +0 -0
- /package/lib/libs/{config → core}/registries/ruleRegistry.js +0 -0
- /package/lib/libs/{policies → core/registries}/rules/allUsedAppsUnderManagement.js +0 -0
- /package/lib/libs/{policies → core/registries}/rules/noUserCanSelfAuthorize.js +0 -0
- /package/lib/libs/{policies → core/registries}/rules/policyRule.js +0 -0
- /package/lib/libs/{utils.d.ts → core/utils.d.ts} +0 -0
- /package/lib/libs/{utils.js → core/utils.js} +0 -0
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
|
-
import
|
|
3
|
-
import
|
|
2
|
+
import MDAPI from '../core/mdapi/mdapiRetriever.js';
|
|
3
|
+
import { RuleRegistries } from '../core/registries/types.js';
|
|
4
|
+
import { ProfilesRiskPreset } from '../core/policy-types.js';
|
|
4
5
|
import Policy, { getTotal } from './policy.js';
|
|
5
|
-
import { PermissionRiskLevelPresets } from './types.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
7
7
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
|
|
8
8
|
export default class PermissionSetPolicy extends Policy {
|
|
9
9
|
config;
|
|
10
10
|
auditContext;
|
|
11
11
|
totalEntities;
|
|
12
|
-
constructor(config, auditContext, registry =
|
|
12
|
+
constructor(config, auditContext, registry = RuleRegistries.PermissionSets) {
|
|
13
13
|
super(config, auditContext, registry);
|
|
14
14
|
this.config = config;
|
|
15
15
|
this.auditContext = auditContext;
|
|
@@ -22,18 +22,19 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
22
22
|
});
|
|
23
23
|
const successfullyResolved = {};
|
|
24
24
|
const unresolved = {};
|
|
25
|
-
const retriever = new
|
|
26
|
-
const resolvedPermsets = await retriever.
|
|
27
|
-
Object.entries(resolvedPermsets).forEach(([permsetName, resolvedPermset]) => {
|
|
28
|
-
successfullyResolved[permsetName] = {
|
|
29
|
-
metadata: resolvedPermset,
|
|
30
|
-
preset: this.config.permissionSets[permsetName].preset,
|
|
31
|
-
name: permsetName,
|
|
32
|
-
};
|
|
33
|
-
});
|
|
25
|
+
const retriever = new MDAPI(context.targetOrgConnection);
|
|
26
|
+
const resolvedPermsets = await retriever.resolve('PermissionSet', filterCategorizedPermsets(this.config.permissionSets));
|
|
34
27
|
Object.entries(this.config.permissionSets).forEach(([key, val]) => {
|
|
35
|
-
|
|
36
|
-
|
|
28
|
+
const resolved = resolvedPermsets[key];
|
|
29
|
+
if (resolved) {
|
|
30
|
+
successfullyResolved[key] = {
|
|
31
|
+
metadata: resolved,
|
|
32
|
+
preset: this.config.permissionSets[key].preset,
|
|
33
|
+
name: key,
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
else if (successfullyResolved[key] === undefined) {
|
|
37
|
+
if (val.preset === ProfilesRiskPreset.UNKNOWN) {
|
|
37
38
|
unresolved[key] = { name: key, message: messages.getMessage('preset-unknown', ['Permission Set']) };
|
|
38
39
|
}
|
|
39
40
|
else {
|
|
@@ -52,7 +53,7 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
52
53
|
function filterCategorizedPermsets(permSets) {
|
|
53
54
|
const filteredNames = [];
|
|
54
55
|
Object.entries(permSets).forEach(([key, val]) => {
|
|
55
|
-
if (val.preset !==
|
|
56
|
+
if (val.preset !== ProfilesRiskPreset.UNKNOWN) {
|
|
56
57
|
filteredNames.push(key);
|
|
57
58
|
}
|
|
58
59
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,iCAAiC,CAAC;AAEpD,OAAO,EAAgB,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAG7D,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAAM;IAG5C;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,YAA4B,EACnC,QAAQ,GAAG,cAAc,CAAC,cAAc;QAExC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAJ/B,WAAM,GAAN,MAAM,CAA2B;QACjC,iBAAY,GAAZ,YAAY,CAAgB;QAInC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACvG,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAA0C,EAAE,CAAC;QACvE,MAAM,UAAU,GAAuC,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAC9C,eAAe,EACf,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CACtD,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YAChE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,QAAQ,EAAE,CAAC;gBACb,oBAAoB,CAAC,GAAG,CAAC,GAAG;oBAC1B,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM;oBAC9C,IAAI,EAAE,GAAG;iBACV,CAAC;YACJ,CAAC;iBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;gBACnD,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBAC9C,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;gBACtG,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,yBAAyB,CAAC,QAA8B;IAC/D,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;QAC9C,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAC9C,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
|
@@ -1,9 +1,8 @@
|
|
|
1
1
|
import EventEmitter from 'node:events';
|
|
2
|
-
import { AuditPolicyResult, EntityResolveError } from '../
|
|
3
|
-
import { AuditRunConfig, BasePolicyFileContent } from '../
|
|
4
|
-
import RuleRegistry from '../
|
|
5
|
-
import {
|
|
6
|
-
import { AuditContext, IPolicy } from './interfaces/policyRuleInterfaces.js';
|
|
2
|
+
import { AuditPolicyResult, EntityResolveError } from '../core/result-types.js';
|
|
3
|
+
import { AuditRunConfig, BasePolicyFileContent } from '../core/file-mgmt/schema.js';
|
|
4
|
+
import RuleRegistry, { RegistryRuleResolveResult } from '../core/registries/ruleRegistry.js';
|
|
5
|
+
import { AuditContext, IPolicy } from '../core/registries/types.js';
|
|
7
6
|
export type ResolveEntityResult = {
|
|
8
7
|
resolvedEntities: Record<string, unknown>;
|
|
9
8
|
ignoredEntities: EntityResolveError[];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/libs/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../src/libs/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAUvC,MAAM,CAAC,OAAO,OAAgB,MAAO,SAAQ,YAAY;IAK9C;IACA;IACG;IANF,aAAa,CAA4B;IACzC,QAAQ,CAAuB;IAEzC,YACS,MAA6B,EAC7B,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QAJD,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,GAAG,CAAC,OAAqB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,OAAO,EAAE,KAAK;gBACd,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,EAAE;gBACnB,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,kBAAkB,GAAG,KAAK,EAAoC,CAAC;QACrE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,aAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACtG,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAChG,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG;gBACnC,GAAG,UAAU;gBACb,WAAW,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBAC/C,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI;YACb,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAA6B;IAE7B,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,aAAkC;IACzD,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}
|
|
@@ -1,17 +1,10 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
import RuleRegistry from '../config/registries/ruleRegistry.js';
|
|
4
|
-
import { AuditContext } from './interfaces/policyRuleInterfaces.js';
|
|
1
|
+
import { AuditRunConfig, ProfilesPolicyFileContent } from '../core/file-mgmt/schema.js';
|
|
2
|
+
import { AuditContext } from '../core/registries/types.js';
|
|
5
3
|
import Policy, { ResolveEntityResult } from './policy.js';
|
|
6
|
-
export type ResolvedProfile = {
|
|
7
|
-
name: string;
|
|
8
|
-
preset: string;
|
|
9
|
-
metadata: ProfileMetadata;
|
|
10
|
-
};
|
|
11
4
|
export default class ProfilePolicy extends Policy {
|
|
12
5
|
config: ProfilesPolicyFileContent;
|
|
13
6
|
auditConfig: AuditRunConfig;
|
|
14
7
|
private totalEntities;
|
|
15
|
-
constructor(config: ProfilesPolicyFileContent, auditConfig: AuditRunConfig, registry?:
|
|
8
|
+
constructor(config: ProfilesPolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../core/registries/profiles.js").default);
|
|
16
9
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult>;
|
|
17
10
|
}
|
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
|
-
import
|
|
3
|
-
import
|
|
2
|
+
import MDAPI from '../core/mdapi/mdapiRetriever.js';
|
|
3
|
+
import { RuleRegistries } from '../core/registries/types.js';
|
|
4
|
+
import { ProfilesRiskPreset } from '../core/policy-types.js';
|
|
4
5
|
import Policy, { getTotal } from './policy.js';
|
|
5
|
-
import { PermissionRiskLevelPresets } from './types.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
7
7
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
|
|
8
8
|
export default class ProfilePolicy extends Policy {
|
|
9
9
|
config;
|
|
10
10
|
auditConfig;
|
|
11
11
|
totalEntities;
|
|
12
|
-
constructor(config, auditConfig, registry =
|
|
12
|
+
constructor(config, auditConfig, registry = RuleRegistries.Profiles) {
|
|
13
13
|
super(config, auditConfig, registry);
|
|
14
14
|
this.config = config;
|
|
15
15
|
this.auditConfig = auditConfig;
|
|
@@ -22,42 +22,35 @@ export default class ProfilePolicy extends Policy {
|
|
|
22
22
|
});
|
|
23
23
|
const successfullyResolved = {};
|
|
24
24
|
const ignoredEntities = {};
|
|
25
|
-
const profileQueryResults = Array();
|
|
26
25
|
const definitiveProfiles = this.config.profiles ?? {};
|
|
26
|
+
const classifiedProfiles = [];
|
|
27
27
|
Object.entries(definitiveProfiles).forEach(([profileName, profileDef]) => {
|
|
28
|
-
if (profileDef.preset
|
|
29
|
-
const qr = Promise.resolve(context.targetOrgConnection.tooling.query(`SELECT Name,Metadata FROM Profile WHERE Name = '${profileName}'`));
|
|
30
|
-
profileQueryResults.push(qr);
|
|
31
|
-
}
|
|
32
|
-
else {
|
|
28
|
+
if (profileDef.preset === ProfilesRiskPreset.UNKNOWN) {
|
|
33
29
|
ignoredEntities[profileName] = {
|
|
34
30
|
name: profileName,
|
|
35
31
|
message: messages.getMessage('preset-unknown', ['Profile']),
|
|
36
32
|
};
|
|
37
33
|
}
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
queryResults.forEach((qr) => {
|
|
41
|
-
if (qr.records && qr.records.length > 0) {
|
|
42
|
-
const record = qr.records[0];
|
|
43
|
-
if (isNullish(record.Metadata)) {
|
|
44
|
-
ignoredEntities[record.Name] = {
|
|
45
|
-
name: record.Name,
|
|
46
|
-
message: messages.getMessage('profile-invalid-no-metadata'),
|
|
47
|
-
};
|
|
48
|
-
}
|
|
49
|
-
else {
|
|
50
|
-
successfullyResolved[record.Name] = {
|
|
51
|
-
name: record.Name,
|
|
52
|
-
preset: definitiveProfiles[record.Name].preset,
|
|
53
|
-
metadata: record.Metadata,
|
|
54
|
-
};
|
|
55
|
-
}
|
|
34
|
+
else {
|
|
35
|
+
classifiedProfiles.push(profileName);
|
|
56
36
|
}
|
|
57
37
|
});
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
38
|
+
const mdapi = new MDAPI(context.targetOrgConnection);
|
|
39
|
+
const resolvedProfiles = await mdapi.resolve('Profile', classifiedProfiles);
|
|
40
|
+
classifiedProfiles.forEach((profileName) => {
|
|
41
|
+
const resolvedProfile = resolvedProfiles[profileName];
|
|
42
|
+
if (!resolvedProfile) {
|
|
43
|
+
ignoredEntities[profileName] = {
|
|
44
|
+
name: profileName,
|
|
45
|
+
message: messages.getMessage('entity-not-found'),
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
else {
|
|
49
|
+
successfullyResolved[profileName] = {
|
|
50
|
+
name: profileName,
|
|
51
|
+
preset: definitiveProfiles[profileName].preset,
|
|
52
|
+
metadata: resolvedProfile,
|
|
53
|
+
};
|
|
61
54
|
}
|
|
62
55
|
});
|
|
63
56
|
const result = { resolvedEntities: successfullyResolved, ignoredEntities: Object.values(ignoredEntities) };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/profilePolicy.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../src/libs/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,iCAAiC,CAAC;AACpD,OAAO,EAAgB,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAM;IAGtC;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,WAA2B,EAClC,QAAQ,GAAG,cAAc,CAAC,QAAQ;QAElC,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAA2B;QACjC,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QACtD,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YACvE,IAAI,UAAU,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACrD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAC5E,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,oBAAoB,CAAC,WAAW,CAAC,GAAG;oBAClC,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,kBAAkB,CAAC,WAAW,CAAC,CAAC,MAAM;oBAC9C,QAAQ,EAAE,eAAe;iBAC1B,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -14,12 +14,24 @@ Target org to export permissions, profiles, users, etc.
|
|
|
14
14
|
|
|
15
15
|
Directory where the audit config is initialised. If not set, the root directory will be used.
|
|
16
16
|
|
|
17
|
+
# flags.preset.summary
|
|
18
|
+
|
|
19
|
+
Select a preset to initialise permission classifications (risk levels).
|
|
20
|
+
|
|
21
|
+
# flags.preset.description
|
|
22
|
+
|
|
23
|
+
The selected preset is applied before any other default mechanisms (such as template configs). This means, values from a selected template override the preset. Consult the documentation to learn more about the rationale behind the default risk levels. The risk levels interact with the configured preset on profiles and permission sets and essentially control, if a permission is allowed in a certain profile / permission set.
|
|
24
|
+
|
|
17
25
|
# examples
|
|
18
26
|
|
|
19
27
|
- Initialise audit policies at the root directory
|
|
20
28
|
|
|
21
29
|
<%= config.bin %> <%= command.id %> -o MyTargetOrg
|
|
22
30
|
|
|
31
|
+
- Initialise audit config at custom directory with preset
|
|
32
|
+
|
|
33
|
+
<%= config.bin %> <%= command.id %> -o MyTargetOrg -d my_dir -p loose
|
|
34
|
+
|
|
23
35
|
# success.perm-classification-summary
|
|
24
36
|
|
|
25
37
|
Initialised %s permissions at %s.
|
|
@@ -2,9 +2,25 @@
|
|
|
2
2
|
|
|
3
3
|
Allows to modify all parts of the app, including security settings.
|
|
4
4
|
|
|
5
|
-
#
|
|
5
|
+
# ModifyMetadata
|
|
6
6
|
|
|
7
|
-
Allows to
|
|
7
|
+
Allows to modify all parts of the app, including security settings.
|
|
8
|
+
|
|
9
|
+
# Packaging2
|
|
10
|
+
|
|
11
|
+
General permissions for 2nd generation packages.
|
|
12
|
+
|
|
13
|
+
# InstallPackaging
|
|
14
|
+
|
|
15
|
+
Install unlocked and managed packages.
|
|
16
|
+
|
|
17
|
+
# Packaging2PromoteVersion
|
|
18
|
+
|
|
19
|
+
Promote 2nd generation packages for distribution and install on production orgs.
|
|
20
|
+
|
|
21
|
+
# Packaging2Delete
|
|
22
|
+
|
|
23
|
+
Delete versions of 2nd generation packages.
|
|
8
24
|
|
|
9
25
|
# ViewSetup
|
|
10
26
|
|
|
@@ -14,6 +30,10 @@ Allows to browse setup and view sensitive configurations.
|
|
|
14
30
|
|
|
15
31
|
Bypass all sharing, making all sharing architecture obsolete.
|
|
16
32
|
|
|
33
|
+
# ModifyAllData
|
|
34
|
+
|
|
35
|
+
Bypass all sharing and layout permissions.
|
|
36
|
+
|
|
17
37
|
# AuthorApex
|
|
18
38
|
|
|
19
39
|
Apex can perform harmful actions, and deployed Apex runs in system mode.
|
|
@@ -33,3 +53,19 @@ Set up and reset the connected MFA for a user.
|
|
|
33
53
|
# CanApproveUninstalledApps
|
|
34
54
|
|
|
35
55
|
Allows to authorize new connected apps and therefore new integrations.
|
|
56
|
+
|
|
57
|
+
# UseAnyApiClient
|
|
58
|
+
|
|
59
|
+
Bypass all security settings and use deprecated login types.
|
|
60
|
+
|
|
61
|
+
# ViewClientSecret
|
|
62
|
+
|
|
63
|
+
Access and export secrets from connected apps.
|
|
64
|
+
|
|
65
|
+
# ExportReport
|
|
66
|
+
|
|
67
|
+
Reports allow to export classified or sensitive data.
|
|
68
|
+
|
|
69
|
+
# ManageRemoteAccess
|
|
70
|
+
|
|
71
|
+
Manage, create, edit, and delete connected applications.
|
package/oclif.manifest.json
CHANGED
|
@@ -5,7 +5,8 @@
|
|
|
5
5
|
"args": {},
|
|
6
6
|
"description": "Exports permissions (standard and custom), permission sets, profiles, users, etc from the target org. All classifications are initialised with sane defaults that you can customize later.",
|
|
7
7
|
"examples": [
|
|
8
|
-
"Initialise audit policies at the root directory\n<%= config.bin %> <%= command.id %> -o MyTargetOrg"
|
|
8
|
+
"Initialise audit policies at the root directory\n<%= config.bin %> <%= command.id %> -o MyTargetOrg",
|
|
9
|
+
"Initialise audit config at custom directory with preset\n<%= config.bin %> <%= command.id %> -o MyTargetOrg -d my_dir -p loose"
|
|
9
10
|
],
|
|
10
11
|
"flags": {
|
|
11
12
|
"json": {
|
|
@@ -43,6 +44,21 @@
|
|
|
43
44
|
"multiple": false,
|
|
44
45
|
"type": "option"
|
|
45
46
|
},
|
|
47
|
+
"preset": {
|
|
48
|
+
"char": "p",
|
|
49
|
+
"description": "The selected preset is applied before any other default mechanisms (such as template configs). This means, values from a selected template override the preset. Consult the documentation to learn more about the rationale behind the default risk levels. The risk levels interact with the configured preset on profiles and permission sets and essentially control, if a permission is allowed in a certain profile / permission set.",
|
|
50
|
+
"name": "preset",
|
|
51
|
+
"summary": "Select a preset to initialise permission classifications (risk levels).",
|
|
52
|
+
"default": "strict",
|
|
53
|
+
"hasDynamicHelp": false,
|
|
54
|
+
"multiple": false,
|
|
55
|
+
"options": [
|
|
56
|
+
"strict",
|
|
57
|
+
"loose",
|
|
58
|
+
"none"
|
|
59
|
+
],
|
|
60
|
+
"type": "option"
|
|
61
|
+
},
|
|
46
62
|
"api-version": {
|
|
47
63
|
"description": "Override the api version used for api requests made by this command",
|
|
48
64
|
"name": "api-version",
|
|
@@ -157,5 +173,5 @@
|
|
|
157
173
|
]
|
|
158
174
|
}
|
|
159
175
|
},
|
|
160
|
-
"version": "0.
|
|
176
|
+
"version": "0.5.0"
|
|
161
177
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j-schreiber/sf-cli-security-audit",
|
|
3
3
|
"description": "Salesforce CLI plugin to automate highly configurable security audits",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.5.0",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "https",
|
|
7
7
|
"url": "https://github.com/j-schreiber/js-sf-cli-security-audit"
|
package/lib/libs/audit/types.js
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/libs/audit/types.ts"],"names":[],"mappings":""}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"auditConfigFileManager.js","sourceRoot":"","sources":["../../../../src/libs/config/audit-run/auditConfigFileManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,SAAS,CAAC;AAE3B,OAAO,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AACzC,OAAO,EAGL,2BAA2B,EAC3B,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,GACzB,MAAM,aAAa,CAAC;AAUrB,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAkB,EAAE;IACjE,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;IACjD,OAAO,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AACpC,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAE,IAAoB,EAAQ,EAAE;IAC7E,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;IACjD,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AAClC,CAAC,CAAC;AAEF,MAAM,CAAC,OAAO,OAAO,sBAAsB;IACjC,kBAAkB,CAA4B;IAEtD;QACE,IAAI,CAAC,kBAAkB,GAAG;YACxB,QAAQ,EAAE;gBACR,QAAQ,EAAE;oBACR,MAAM,EAAE,wBAAwB;iBACjC;gBACD,cAAc,EAAE;oBACd,MAAM,EAAE,wBAAwB;iBACjC;gBACD,aAAa,EAAE;oBACb,MAAM,EAAE,gBAAgB;iBACzB;aACF;YACD,eAAe,EAAE;gBACf,eAAe,EAAE;oBACf,MAAM,EAAE,2BAA2B;iBACpC;gBACD,iBAAiB,EAAE;oBACjB,MAAM,EAAE,2BAA2B;iBACpC;aACF;SACF,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAe;QAC1B,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC,CAAC;QACvE,OAAO,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;IACvC,CAAC;IAED;;;;;;;OAOG;IACI,IAAI,CAAC,aAAqB,EAAE,IAAoB;QACrD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,WAAW,CAAC,EAAE,EAAE;YACtD,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACrE,IAAI,CAAC,WAAW,CAAC,WAAkD,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,WAAW,CAAC,OAAe,EAAE,UAAkB;QACrD,MAAM,YAAY,GAAwC,EAAE,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YACnE,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAClE,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACrD,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YACjD,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,WAAW,CAAC,WAAgD,EAAE,OAAe,EAAE,aAAqB;QAC1G,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YAC1D,MAAM,gBAAgB,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;YAC1E,MAAM,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC1C,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,GAAG,gBAAgB,MAAM,CAAC,CAAC;gBACjF,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,cAAc,CAAC,MAA+B;IACrD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACvG,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/config/audit-run/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,0BAA0B,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAEtF,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC;CACxC,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAC/B,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC;CAC3C,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AA0CH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,OAAQ,GAAqC,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AACnF,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}
|
|
@@ -1,63 +0,0 @@
|
|
|
1
|
-
import { Messages } from '@salesforce/core';
|
|
2
|
-
import { PolicyRiskLevel } from '../policies/types.js';
|
|
3
|
-
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
4
|
-
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policyclassifications');
|
|
5
|
-
export const DEFAULT_CLASSIFICATIONS = {
|
|
6
|
-
CustomizeApplication: {
|
|
7
|
-
classification: PolicyRiskLevel.CRITICAL,
|
|
8
|
-
reason: messages.getMessage('CustomizeApplication'),
|
|
9
|
-
},
|
|
10
|
-
ModifyMetadata: {
|
|
11
|
-
classification: PolicyRiskLevel.CRITICAL,
|
|
12
|
-
reason: messages.getMessage('CustomizeApplication'),
|
|
13
|
-
},
|
|
14
|
-
ViewSetup: {
|
|
15
|
-
classification: PolicyRiskLevel.HIGH,
|
|
16
|
-
reason: messages.getMessage('ViewSetup'),
|
|
17
|
-
},
|
|
18
|
-
AuthorApex: {
|
|
19
|
-
classification: PolicyRiskLevel.CRITICAL,
|
|
20
|
-
reason: messages.getMessage('AuthorApex'),
|
|
21
|
-
},
|
|
22
|
-
ManageAuthProviders: {
|
|
23
|
-
classification: PolicyRiskLevel.CRITICAL,
|
|
24
|
-
reason: messages.getMessage('ManageAuthProviders'),
|
|
25
|
-
},
|
|
26
|
-
Packaging2: {
|
|
27
|
-
classification: PolicyRiskLevel.CRITICAL,
|
|
28
|
-
reason: messages.getMessage('Packaging'),
|
|
29
|
-
},
|
|
30
|
-
Packaging2Delete: {
|
|
31
|
-
classification: PolicyRiskLevel.CRITICAL,
|
|
32
|
-
reason: messages.getMessage('Packaging'),
|
|
33
|
-
},
|
|
34
|
-
Packaging2PromoteVersion: {
|
|
35
|
-
classification: PolicyRiskLevel.CRITICAL,
|
|
36
|
-
reason: messages.getMessage('Packaging'),
|
|
37
|
-
},
|
|
38
|
-
InstallPackaging: {
|
|
39
|
-
classification: PolicyRiskLevel.CRITICAL,
|
|
40
|
-
reason: messages.getMessage('Packaging'),
|
|
41
|
-
},
|
|
42
|
-
ApiEnabled: {
|
|
43
|
-
classification: PolicyRiskLevel.HIGH,
|
|
44
|
-
reason: messages.getMessage('ApiEnabled'),
|
|
45
|
-
},
|
|
46
|
-
ViewAllData: {
|
|
47
|
-
classification: PolicyRiskLevel.HIGH,
|
|
48
|
-
reason: messages.getMessage('ViewAllData'),
|
|
49
|
-
},
|
|
50
|
-
ModifyAllData: {
|
|
51
|
-
classification: PolicyRiskLevel.HIGH,
|
|
52
|
-
reason: messages.getMessage('ViewAllData'),
|
|
53
|
-
},
|
|
54
|
-
ManageTwoFactor: {
|
|
55
|
-
classification: PolicyRiskLevel.HIGH,
|
|
56
|
-
reason: messages.getMessage('ManageTwoFactor'),
|
|
57
|
-
},
|
|
58
|
-
CanApproveUninstalledApps: {
|
|
59
|
-
classification: PolicyRiskLevel.HIGH,
|
|
60
|
-
reason: messages.getMessage('CanApproveUninstalledApps'),
|
|
61
|
-
},
|
|
62
|
-
};
|
|
63
|
-
//# sourceMappingURL=defaultPolicyClassification.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"defaultPolicyClassification.js","sourceRoot":"","sources":["../../../src/libs/config/defaultPolicyClassification.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGvD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,uBAAuB,CAAC,CAAC;AAEtG,MAAM,CAAC,MAAM,uBAAuB,GAA8C;IAChF,oBAAoB,EAAE;QACpB,cAAc,EAAE,eAAe,CAAC,QAAQ;QACxC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC;KACpD;IACD,cAAc,EAAE;QACd,cAAc,EAAE,eAAe,CAAC,QAAQ;QACxC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC;KACpD;IACD,SAAS,EAAE;QACT,cAAc,EAAE,eAAe,CAAC,IAAI;QACpC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;KACzC;IACD,UAAU,EAAE;QACV,cAAc,EAAE,eAAe,CAAC,QAAQ;QACxC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC;KAC1C;IACD,mBAAmB,EAAE;QACnB,cAAc,EAAE,eAAe,CAAC,QAAQ;QACxC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,qBAAqB,CAAC;KACnD;IACD,UAAU,EAAE;QACV,cAAc,EAAE,eAAe,CAAC,QAAQ;QACxC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;KACzC;IACD,gBAAgB,EAAE;QAChB,cAAc,EAAE,eAAe,CAAC,QAAQ;QACxC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;KACzC;IACD,wBAAwB,EAAE;QACxB,cAAc,EAAE,eAAe,CAAC,QAAQ;QACxC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;KACzC;IACD,gBAAgB,EAAE;QAChB,cAAc,EAAE,eAAe,CAAC,QAAQ;QACxC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC;KACzC;IACD,UAAU,EAAE;QACV,cAAc,EAAE,eAAe,CAAC,IAAI;QACpC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,YAAY,CAAC;KAC1C;IACD,WAAW,EAAE;QACX,cAAc,EAAE,eAAe,CAAC,IAAI;QACpC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC;KAC3C;IACD,aAAa,EAAE;QACb,cAAc,EAAE,eAAe,CAAC,IAAI;QACpC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC;KAC3C;IACD,eAAe,EAAE;QACf,cAAc,EAAE,eAAe,CAAC,IAAI;QACpC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,iBAAiB,CAAC;KAC/C;IACD,yBAAyB,EAAE;QACzB,cAAc,EAAE,eAAe,CAAC,IAAI;QACpC,MAAM,EAAE,QAAQ,CAAC,UAAU,CAAC,2BAA2B,CAAC;KACzD;CACF,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../src/libs/config/queries.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,kBAAkB,GAAG,2DAA2D,CAAC;AAC9F,MAAM,CAAC,MAAM,cAAc,GACzB,gGAAgG,CAAC;AACnG,MAAM,CAAC,MAAM,qBAAqB,GAChC,yHAAyH,CAAC;AAC5H,MAAM,CAAC,MAAM,oBAAoB,GAAG,0EAA0E,CAAC;AAC/G,MAAM,CAAC,MAAM,iBAAiB,GAAG,uDAAuD,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"connectedApps.js","sourceRoot":"","sources":["../../../../src/libs/config/registries/connectedApps.ts"],"names":[],"mappings":"AAAA,OAAO,0BAA0B,MAAM,oDAAoD,CAAC;AAC5F,OAAO,sBAAsB,MAAM,gDAAgD,CAAC;AACpF,OAAO,YAAY,MAAM,mBAAmB,CAAC;AAE7C,MAAM,CAAC,OAAO,OAAO,yBAA0B,SAAQ,YAAY;IACjE;QACE,KAAK,CAAC;YACJ,0BAA0B;YAC1B,sBAAsB;SACvB,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,yBAAyB,EAAE,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSets.js","sourceRoot":"","sources":["../../../../src/libs/config/registries/permissionSets.ts"],"names":[],"mappings":"AAAA,OAAO,wCAAwC,MAAM,kEAAkE,CAAC;AACxH,OAAO,YAAY,MAAM,mBAAmB,CAAC;AAE7C,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,YAAY;IAC5D;QACE,KAAK,CAAC;YACJ,oCAAoC,EAAE,wCAAwC;SAC/E,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,oBAAoB,EAAE,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"profiles.js","sourceRoot":"","sources":["../../../../src/libs/config/registries/profiles.ts"],"names":[],"mappings":"AAAA,OAAO,0CAA0C,MAAM,oEAAoE,CAAC;AAC5H,OAAO,wCAAwC,MAAM,kEAAkE,CAAC;AACxH,OAAO,YAAY,MAAM,mBAAmB,CAAC;AAE7C,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,YAAY;IAC5D;QACE,KAAK,CAAC;YACJ,sCAAsC,EAAE,0CAA0C;YAClF,oCAAoC,EAAE,wCAAwC;SAC/E,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,oBAAoB,EAAE,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"ruleRegistry.js","sourceRoot":"","sources":["../../../../src/libs/config/registries/ruleRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAM5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAKjG;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,YAAY;IACL;IAA1B,YAA0B,KAA+D;QAA/D,UAAK,GAAL,KAAK,CAA0D;IAAG,CAAC;IAE7F;;;;OAIG;IACI,eAAe;QACpB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACI,YAAY,CAAC,QAAiB,EAAE,YAA4B;QACjE,MAAM,YAAY,GAAG,IAAI,KAAK,EAA+B,CAAC;QAC9D,MAAM,YAAY,GAAG,IAAI,KAAK,EAAwB,CAAC;QACvD,MAAM,aAAa,GAAG,IAAI,KAAK,EAAsB,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1D,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/C,YAAY,CAAC,IAAI,CACf,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,MAAM,EAAE,CAAC,CACrG,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/B,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC;YACzG,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,mCAAmC,CAAC,EAAE,CAAC,CAAC;YAC5G,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC;IACvD,CAAC;CACF"}
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
import { EntityResolveError, PolicyRuleSkipResult } from '../../audit/types.js';
|
|
2
|
-
import { RowLevelPolicyRule } from '../../policies/interfaces/policyRuleInterfaces.js';
|
|
3
|
-
export type RegistryRuleResolveResult = {
|
|
4
|
-
enabledRules: Array<RowLevelPolicyRule<unknown>>;
|
|
5
|
-
skippedRules: PolicyRuleSkipResult[];
|
|
6
|
-
resolveErrors: EntityResolveError[];
|
|
7
|
-
};
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/libs/config/registries/types.ts"],"names":[],"mappings":""}
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
import { Connection } from '@salesforce/core';
|
|
2
|
-
import { ConnectedAppSettings, PermissionSet } from '@jsforce/jsforce-node/lib/api/metadata.js';
|
|
3
|
-
export type PermissionSetMetadata = {
|
|
4
|
-
PermissionSet: PermissionSet;
|
|
5
|
-
};
|
|
6
|
-
export type ConnectedAppSettingsFileContent = {
|
|
7
|
-
ConnectedAppSettings: ConnectedAppSettings;
|
|
8
|
-
};
|
|
9
|
-
export default class MdapiRetriever {
|
|
10
|
-
private connection;
|
|
11
|
-
private readonly retrieveOptions;
|
|
12
|
-
constructor(connection: Connection);
|
|
13
|
-
retrievePermissionsets(componentNames: string[]): Promise<Record<string, PermissionSet>>;
|
|
14
|
-
retrieveConnectedAppSetting(): Promise<ConnectedAppSettings | undefined>;
|
|
15
|
-
private retrieve;
|
|
16
|
-
}
|
|
17
|
-
export declare function parseAsPermissionset(filePath: string): PermissionSet;
|
|
18
|
-
export declare function parseAsConnectedAppSetting(filePath: string): ConnectedAppSettings;
|
|
@@ -1,60 +0,0 @@
|
|
|
1
|
-
import { readFileSync } from 'node:fs';
|
|
2
|
-
import { ComponentSet } from '@salesforce/source-deploy-retrieve';
|
|
3
|
-
import { XMLParser } from 'fast-xml-parser';
|
|
4
|
-
const parser = new XMLParser({
|
|
5
|
-
isArray: (jpath) => ['userPermissions', 'fieldPermissions', 'customPermissions', 'classAccesses'].includes(jpath),
|
|
6
|
-
});
|
|
7
|
-
export default class MdapiRetriever {
|
|
8
|
-
connection;
|
|
9
|
-
retrieveOptions;
|
|
10
|
-
constructor(connection) {
|
|
11
|
-
this.connection = connection;
|
|
12
|
-
this.retrieveOptions = {
|
|
13
|
-
usernameOrConnection: this.connection,
|
|
14
|
-
output: '.jsc/retrieves',
|
|
15
|
-
};
|
|
16
|
-
}
|
|
17
|
-
async retrievePermissionsets(componentNames) {
|
|
18
|
-
const components = componentNames.map((cname) => ({ type: 'PermissionSet', fullName: cname }));
|
|
19
|
-
if (components.length === 0) {
|
|
20
|
-
return {};
|
|
21
|
-
}
|
|
22
|
-
const retrieveResult = await this.retrieve(components);
|
|
23
|
-
const result = {};
|
|
24
|
-
retrieveResult.components
|
|
25
|
-
.getSourceComponents()
|
|
26
|
-
.toArray()
|
|
27
|
-
.forEach((sourceComponent) => {
|
|
28
|
-
if (sourceComponent.xml) {
|
|
29
|
-
result[sourceComponent.name] = parseAsPermissionset(sourceComponent.xml);
|
|
30
|
-
}
|
|
31
|
-
});
|
|
32
|
-
return result;
|
|
33
|
-
}
|
|
34
|
-
async retrieveConnectedAppSetting() {
|
|
35
|
-
const cmp = { type: 'Settings', fullName: 'ConnectedApp' };
|
|
36
|
-
const retrieveResult = await this.retrieve([cmp]);
|
|
37
|
-
if (retrieveResult.components.getSourceComponents().toArray().length === 1) {
|
|
38
|
-
const filePath = retrieveResult.components.getSourceComponents().toArray()[0].xml;
|
|
39
|
-
if (filePath) {
|
|
40
|
-
return parseAsConnectedAppSetting(filePath);
|
|
41
|
-
}
|
|
42
|
-
}
|
|
43
|
-
return undefined;
|
|
44
|
-
}
|
|
45
|
-
async retrieve(components) {
|
|
46
|
-
const compSet = new ComponentSet(components);
|
|
47
|
-
const retrieveRequest = await compSet.retrieve(this.retrieveOptions);
|
|
48
|
-
const retrieveResult = await retrieveRequest.pollStatus();
|
|
49
|
-
return retrieveResult;
|
|
50
|
-
}
|
|
51
|
-
}
|
|
52
|
-
export function parseAsPermissionset(filePath) {
|
|
53
|
-
const cmpSrcContent = readFileSync(filePath, 'utf-8');
|
|
54
|
-
return parser.parse(cmpSrcContent).PermissionSet;
|
|
55
|
-
}
|
|
56
|
-
export function parseAsConnectedAppSetting(filePath) {
|
|
57
|
-
const cmpSrcContent = readFileSync(filePath, 'utf-8');
|
|
58
|
-
return parser.parse(cmpSrcContent).ConnectedAppSettings;
|
|
59
|
-
}
|
|
60
|
-
//# sourceMappingURL=mdapiRetriever.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"mdapiRetriever.js","sourceRoot":"","sources":["../../src/libs/mdapiRetriever.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,OAAO,EAAiB,YAAY,EAAsC,MAAM,oCAAoC,CAAC;AACrH,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAG5C,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,OAAO,EAAE,CAAC,KAAK,EAAW,EAAE,CAC1B,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;CAChG,CAAC,CAAC;AAUH,MAAM,CAAC,OAAO,OAAO,cAAc;IAGN;IAFV,eAAe,CAAqB;IAErD,YAA2B,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QAC/C,IAAI,CAAC,eAAe,GAAG;YACrB,oBAAoB,EAAE,IAAI,CAAC,UAAU;YACrC,MAAM,EAAE,gBAAgB;SACzB,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,sBAAsB,CAAC,cAAwB;QAC1D,MAAM,UAAU,GAAG,cAAc,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;QAC/F,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,CAAC;QACZ,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACvD,MAAM,MAAM,GAAkC,EAAE,CAAC;QACjD,cAAc,CAAC,UAAU;aACtB,mBAAmB,EAAE;aACrB,OAAO,EAAE;aACT,OAAO,CAAC,CAAC,eAAe,EAAE,EAAE;YAC3B,IAAI,eAAe,CAAC,GAAG,EAAE,CAAC;gBACxB,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,oBAAoB,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC,CAAC,CAAC;QACL,OAAO,MAAM,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,2BAA2B;QACtC,MAAM,GAAG,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;QAC3D,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAClD,IAAI,cAAc,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC,OAAO,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3E,MAAM,QAAQ,GAAG,cAAc,CAAC,UAAU,CAAC,mBAAmB,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAClF,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,0BAA0B,CAAC,QAAQ,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,UAA2B;QAChD,MAAM,OAAO,GAAG,IAAI,YAAY,CAAC,UAAU,CAAC,CAAC;QAC7C,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACrE,MAAM,cAAc,GAAG,MAAM,eAAe,CAAC,UAAU,EAAE,CAAC;QAC1D,OAAO,cAAc,CAAC;IACxB,CAAC;CACF;AAED,MAAM,UAAU,oBAAoB,CAAC,QAAgB;IACnD,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACtD,OAAQ,MAAM,CAAC,KAAK,CAAC,aAAa,CAA2B,CAAC,aAAa,CAAC;AAC9E,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,QAAgB;IACzD,MAAM,aAAa,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACtD,OAAQ,MAAM,CAAC,KAAK,CAAC,aAAa,CAAqC,CAAC,oBAAoB,CAAC;AAC/F,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../../src/libs/policies/initialisation/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,sBAAsB,MAAM,kDAAkD,CAAC;AACtF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AASzF;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;QACjD,MAAM,IAAI,GAAmB,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,eAAe,GAAG,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC,SAAS,CAAC,EAAE,CAAC;QACzF,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,eAAe,CAAC,iBAAiB,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,CAAC;QAC/D,IAAI,IAAI,EAAE,SAAS,EAAE,CAAC;YACpB,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,IAAI,CAAC,SAAiB;QAClC,MAAM,WAAW,GAAG,IAAI,sBAAsB,EAAE,CAAC;QACjD,OAAO,WAAW,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;CACF"}
|