@j-schreiber/sf-cli-security-audit 0.4.1 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +20 -5
- package/lib/commands/org/audit/init.d.ts +2 -0
- package/lib/commands/org/audit/init.js +10 -0
- package/lib/commands/org/audit/init.js.map +1 -1
- package/lib/libs/conf-init/auditConfig.d.ts +8 -0
- package/lib/libs/conf-init/auditConfig.js +1 -1
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/libs/conf-init/permissionsClassification.d.ts +3 -2
- package/lib/libs/conf-init/permissionsClassification.js +37 -27
- package/lib/libs/conf-init/permissionsClassification.js.map +1 -1
- package/lib/libs/conf-init/presets/loose.d.ts +6 -0
- package/lib/libs/conf-init/presets/loose.js +35 -0
- package/lib/libs/conf-init/presets/loose.js.map +1 -0
- package/lib/libs/conf-init/presets/none.d.ts +30 -0
- package/lib/libs/conf-init/presets/none.js +54 -0
- package/lib/libs/conf-init/presets/none.js.map +1 -0
- package/lib/libs/conf-init/presets/strict.d.ts +4 -0
- package/lib/libs/conf-init/presets/strict.js +28 -0
- package/lib/libs/conf-init/presets/strict.js.map +1 -0
- package/lib/libs/conf-init/presets.d.ts +7 -0
- package/lib/libs/conf-init/presets.js +20 -0
- package/lib/libs/conf-init/presets.js.map +1 -0
- package/lib/libs/core/classification-types.d.ts +1 -1
- package/lib/libs/core/classification-types.js +1 -1
- package/lib/libs/core/classification-types.js.map +1 -1
- package/lib/libs/core/mdapi/mdapiRetriever.d.ts +10 -68
- package/lib/libs/core/mdapi/mdapiRetriever.js +13 -90
- package/lib/libs/core/mdapi/mdapiRetriever.js.map +1 -1
- package/lib/libs/core/mdapi/metadataRegistryEntry.d.ts +39 -0
- package/lib/libs/core/mdapi/metadataRegistryEntry.js +31 -0
- package/lib/libs/core/mdapi/metadataRegistryEntry.js.map +1 -0
- package/lib/libs/core/mdapi/namedMetadataToolingQueryable.d.ts +33 -0
- package/lib/libs/core/mdapi/namedMetadataToolingQueryable.js +41 -0
- package/lib/libs/core/mdapi/namedMetadataToolingQueryable.js.map +1 -0
- package/lib/libs/core/mdapi/namedMetadataType.d.ts +20 -0
- package/lib/libs/core/mdapi/namedMetadataType.js +36 -0
- package/lib/libs/core/mdapi/namedMetadataType.js.map +1 -0
- package/lib/libs/core/mdapi/singletonMetadataType.d.ts +21 -0
- package/lib/libs/core/mdapi/singletonMetadataType.js +35 -0
- package/lib/libs/core/mdapi/singletonMetadataType.js.map +1 -0
- package/lib/libs/policies/profilePolicy.js +21 -28
- package/lib/libs/policies/profilePolicy.js.map +1 -1
- package/messages/org.audit.init.md +12 -0
- package/messages/policyclassifications.md +38 -2
- package/oclif.manifest.json +18 -2
- package/package.json +1 -1
- package/lib/libs/conf-init/defaultPolicyClassification.d.ts +0 -2
- package/lib/libs/conf-init/defaultPolicyClassification.js +0 -63
- package/lib/libs/conf-init/defaultPolicyClassification.js.map +0 -1
package/README.md
CHANGED
|
@@ -38,12 +38,15 @@ Initialises classifications and policies for a security audit.
|
|
|
38
38
|
|
|
39
39
|
```
|
|
40
40
|
USAGE
|
|
41
|
-
$ sf org audit init -o <value> [--json] [--flags-dir <value>] [-d <value>] [--api-version
|
|
41
|
+
$ sf org audit init -o <value> [--json] [--flags-dir <value>] [-d <value>] [-p strict|loose|none] [--api-version
|
|
42
|
+
<value>]
|
|
42
43
|
|
|
43
44
|
FLAGS
|
|
44
45
|
-d, --output-dir=<value> Directory where the audit config is initialised. If not set, the root directory will be
|
|
45
46
|
used.
|
|
46
47
|
-o, --target-org=<value> (required) Target org to export permissions, profiles, users, etc.
|
|
48
|
+
-p, --preset=<option> [default: strict] Select a preset to initialise permission classifications (risk levels).
|
|
49
|
+
<options: strict|loose|none>
|
|
47
50
|
--api-version=<value> Override the api version used for api requests made by this command
|
|
48
51
|
|
|
49
52
|
GLOBAL FLAGS
|
|
@@ -60,9 +63,21 @@ EXAMPLES
|
|
|
60
63
|
Initialise audit policies at the root directory
|
|
61
64
|
|
|
62
65
|
$ sf org audit init -o MyTargetOrg
|
|
66
|
+
|
|
67
|
+
Initialise audit config at custom directory with preset
|
|
68
|
+
|
|
69
|
+
$ sf org audit init -o MyTargetOrg -d my_dir -p loose
|
|
70
|
+
|
|
71
|
+
FLAG DESCRIPTIONS
|
|
72
|
+
-p, --preset=strict|loose|none Select a preset to initialise permission classifications (risk levels).
|
|
73
|
+
|
|
74
|
+
The selected preset is applied before any other default mechanisms (such as template configs). This means, values
|
|
75
|
+
from a selected template override the preset. Consult the documentation to learn more about the rationale behind the
|
|
76
|
+
default risk levels. The risk levels interact with the configured preset on profiles and permission sets and
|
|
77
|
+
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
63
78
|
```
|
|
64
79
|
|
|
65
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.1
|
|
80
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.4.1/src/commands/org/audit/init.ts)_
|
|
66
81
|
|
|
67
82
|
## `sf org audit run`
|
|
68
83
|
|
|
@@ -70,10 +85,10 @@ Audit your org.
|
|
|
70
85
|
|
|
71
86
|
```
|
|
72
87
|
USAGE
|
|
73
|
-
$ sf org audit run -o <value>
|
|
88
|
+
$ sf org audit run -o <value> [--json] [--flags-dir <value>] [-d <value>] [--api-version <value>]
|
|
74
89
|
|
|
75
90
|
FLAGS
|
|
76
|
-
-d, --source-dir=<value>
|
|
91
|
+
-d, --source-dir=<value> Location of the audit config.
|
|
77
92
|
-o, --target-org=<value> (required) The org that is audited.
|
|
78
93
|
--api-version=<value> Override the api version used for api requests made by this command
|
|
79
94
|
|
|
@@ -93,7 +108,7 @@ EXAMPLES
|
|
|
93
108
|
$ sf org audit run -o MyTargetOrg -d configs/prod
|
|
94
109
|
```
|
|
95
110
|
|
|
96
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.1
|
|
111
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.4.1/src/commands/org/audit/run.ts)_
|
|
97
112
|
|
|
98
113
|
<!-- commandsstop -->
|
|
99
114
|
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { SfCommand } from '@salesforce/sf-plugins-core';
|
|
2
2
|
import { AuditRunConfig } from '../../../libs/core/file-mgmt/schema.js';
|
|
3
|
+
import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
|
|
3
4
|
export type OrgAuditInitResult = AuditRunConfig;
|
|
4
5
|
export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
|
|
5
6
|
static readonly summary: string;
|
|
@@ -8,6 +9,7 @@ export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
|
|
|
8
9
|
static readonly flags: {
|
|
9
10
|
'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
|
|
10
11
|
'output-dir': import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
|
|
12
|
+
preset: import("@oclif/core/interfaces").OptionFlag<AuditInitPresets, import("@oclif/core/interfaces").CustomOptions>;
|
|
11
13
|
'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
|
|
12
14
|
};
|
|
13
15
|
run(): Promise<OrgAuditInitResult>;
|
|
@@ -2,8 +2,16 @@ import { SfCommand, Flags } from '@salesforce/sf-plugins-core';
|
|
|
2
2
|
import { Messages } from '@salesforce/core';
|
|
3
3
|
import AuditConfig from '../../../libs/conf-init/auditConfig.js';
|
|
4
4
|
import { isPermissionsConfig, isPolicyConfig, } from '../../../libs/core/file-mgmt/schema.js';
|
|
5
|
+
import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
|
|
5
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
6
7
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.init');
|
|
8
|
+
const presetFlag = Flags.custom({
|
|
9
|
+
char: 'p',
|
|
10
|
+
summary: messages.getMessage('flags.preset.summary'),
|
|
11
|
+
description: messages.getMessage('flags.preset.description'),
|
|
12
|
+
options: Object.values(AuditInitPresets),
|
|
13
|
+
default: AuditInitPresets.strict,
|
|
14
|
+
})();
|
|
7
15
|
export default class OrgAuditInit extends SfCommand {
|
|
8
16
|
static summary = messages.getMessage('summary');
|
|
9
17
|
static description = messages.getMessage('description');
|
|
@@ -20,12 +28,14 @@ export default class OrgAuditInit extends SfCommand {
|
|
|
20
28
|
summary: messages.getMessage('flags.output-dir.summary'),
|
|
21
29
|
default: '',
|
|
22
30
|
}),
|
|
31
|
+
preset: presetFlag,
|
|
23
32
|
'api-version': Flags.orgApiVersion(),
|
|
24
33
|
};
|
|
25
34
|
async run() {
|
|
26
35
|
const { flags } = await this.parse(OrgAuditInit);
|
|
27
36
|
const auditConfig = await AuditConfig.init(flags['target-org'].getConnection(flags['api-version']), {
|
|
28
37
|
targetDir: flags['output-dir'],
|
|
38
|
+
preset: flags.preset,
|
|
29
39
|
});
|
|
30
40
|
this.printResults(auditConfig);
|
|
31
41
|
return auditConfig;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,wCAAwC,CAAC;AACjE,OAAO,EAIL,mBAAmB,EACnB,cAAc,GACf,MAAM,wCAAwC,CAAC;
|
|
1
|
+
{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,wCAAwC,CAAC;AACjE,OAAO,EAIL,mBAAmB,EACnB,cAAc,GACf,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAEtE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAI/F,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAmB;IAChD,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC;IACpD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;IAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;IACxC,OAAO,EAAE,gBAAgB,CAAC,MAAM;CACjC,CAAC,EAAE,CAAC;AAEL,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,SAA6B;IAC9D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,EAAE,UAAU;QAClB,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE;YAClG,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC;YAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;SACrB,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,eAA8C;QACzE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7C,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAC9F,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAgC;QACpD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;YAC/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE;wBAC5C,IAAI;wBACJ,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC;wBAC1C,GAAG,CAAC,QAAQ;qBACb,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC"}
|
|
@@ -1,10 +1,18 @@
|
|
|
1
1
|
import { Connection } from '@salesforce/core';
|
|
2
2
|
import { AuditRunConfig } from '../core/file-mgmt/schema.js';
|
|
3
|
+
import { AuditInitPresets } from './presets.js';
|
|
3
4
|
/**
|
|
4
5
|
* Additional options how the config should be initialised.
|
|
5
6
|
*/
|
|
6
7
|
export type AuditInitOptions = {
|
|
8
|
+
/**
|
|
9
|
+
* When set, config files are created at the target location.
|
|
10
|
+
*/
|
|
7
11
|
targetDir?: string;
|
|
12
|
+
/**
|
|
13
|
+
* An optional preset to initialise classifications and policies.
|
|
14
|
+
*/
|
|
15
|
+
preset?: AuditInitPresets;
|
|
8
16
|
};
|
|
9
17
|
/**
|
|
10
18
|
* Exposes key functionality to load an audit config as static methods. This makes
|
|
@@ -14,7 +14,7 @@ export default class AuditConfig {
|
|
|
14
14
|
*/
|
|
15
15
|
static async init(targetCon, opts) {
|
|
16
16
|
const conf = { classifications: {}, policies: {} };
|
|
17
|
-
conf.classifications.userPermissions = { content: await initUserPermissions(targetCon) };
|
|
17
|
+
conf.classifications.userPermissions = { content: await initUserPermissions(targetCon, opts?.preset) };
|
|
18
18
|
const customPerms = await initCustomPermissions(targetCon);
|
|
19
19
|
if (customPerms) {
|
|
20
20
|
conf.classifications.customPermissions = { content: customPerms };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAiBzF;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,IAAI,GAAmB,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,eAAe,GAAG,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;QACvG,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,eAAe,CAAC,iBAAiB,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,CAAC;QAC/D,IAAI,IAAI,EAAE,SAAS,EAAE,CAAC;YACpB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,IAAI,CAAC,SAAiB;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;CACF"}
|
|
@@ -1,12 +1,13 @@
|
|
|
1
1
|
import { Connection } from '@salesforce/core';
|
|
2
2
|
import { PermissionsConfig } from '../core/file-mgmt/schema.js';
|
|
3
|
+
import { AuditInitPresets } from './presets.js';
|
|
3
4
|
/**
|
|
4
|
-
* Initialises a fresh set of user permissions from target org connection
|
|
5
|
+
* Initialises a fresh set of user permissions from target org connection.
|
|
5
6
|
*
|
|
6
7
|
* @param con
|
|
7
8
|
* @returns
|
|
8
9
|
*/
|
|
9
|
-
export declare function initUserPermissions(con: Connection): Promise<PermissionsConfig>;
|
|
10
|
+
export declare function initUserPermissions(con: Connection, preset?: AuditInitPresets): Promise<PermissionsConfig>;
|
|
10
11
|
/**
|
|
11
12
|
* Initialises a fresh set of custom permissions from the target org
|
|
12
13
|
*
|
|
@@ -1,17 +1,21 @@
|
|
|
1
|
-
import { CUSTOM_PERMS_QUERY } from '../core/constants.js';
|
|
1
|
+
import { CUSTOM_PERMS_QUERY, PROFILES_QUERY } from '../core/constants.js';
|
|
2
|
+
import MDAPI from '../core/mdapi/mdapiRetriever.js';
|
|
2
3
|
import { classificationSorter, PermissionRiskLevel } from '../core/classification-types.js';
|
|
3
|
-
import {
|
|
4
|
+
import { loadPreset } from './presets.js';
|
|
4
5
|
/**
|
|
5
|
-
* Initialises a fresh set of user permissions from target org connection
|
|
6
|
+
* Initialises a fresh set of user permissions from target org connection.
|
|
6
7
|
*
|
|
7
8
|
* @param con
|
|
8
9
|
* @returns
|
|
9
10
|
*/
|
|
10
|
-
export async function initUserPermissions(con) {
|
|
11
|
-
const
|
|
12
|
-
const
|
|
13
|
-
const
|
|
11
|
+
export async function initUserPermissions(con, preset) {
|
|
12
|
+
const describePerms = await parsePermsFromDescribe(con);
|
|
13
|
+
const assignedPerms = await findAssignedPerms(con);
|
|
14
|
+
const allPerms = { ...describePerms, ...assignedPerms };
|
|
15
|
+
const presConfig = loadPreset(preset);
|
|
16
|
+
const perms = presConfig.classifyUserPermissions(Object.values(allPerms));
|
|
14
17
|
perms.sort(classificationSorter);
|
|
18
|
+
const result = { permissions: {} };
|
|
15
19
|
perms.forEach((perm) => (result.permissions[perm.name] = {
|
|
16
20
|
label: sanitiseLabel(perm.label),
|
|
17
21
|
classification: perm.classification,
|
|
@@ -42,27 +46,33 @@ export async function initCustomPermissions(con) {
|
|
|
42
46
|
}));
|
|
43
47
|
return result;
|
|
44
48
|
}
|
|
45
|
-
function
|
|
46
|
-
const
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
};
|
|
57
|
-
}
|
|
58
|
-
else {
|
|
59
|
-
return {
|
|
60
|
-
label: field.label,
|
|
61
|
-
name: policyName,
|
|
62
|
-
classification: PermissionRiskLevel.UNKNOWN,
|
|
63
|
-
};
|
|
64
|
-
}
|
|
49
|
+
async function parsePermsFromDescribe(con) {
|
|
50
|
+
const permSet = await con.describe('PermissionSet');
|
|
51
|
+
const describeAvailablePerms = {};
|
|
52
|
+
permSet.fields
|
|
53
|
+
.filter((field) => field.name.startsWith('Permissions'))
|
|
54
|
+
.forEach((field) => {
|
|
55
|
+
const permName = field.name.replace('Permissions', '');
|
|
56
|
+
describeAvailablePerms[permName] = {
|
|
57
|
+
label: field.label,
|
|
58
|
+
name: permName,
|
|
59
|
+
};
|
|
65
60
|
});
|
|
61
|
+
return describeAvailablePerms;
|
|
62
|
+
}
|
|
63
|
+
async function findAssignedPerms(con) {
|
|
64
|
+
const assignedPerms = {};
|
|
65
|
+
const profiles = await con.query(PROFILES_QUERY);
|
|
66
|
+
if (profiles.records?.length > 0) {
|
|
67
|
+
const mdapi = new MDAPI(con);
|
|
68
|
+
const resolvedProfiles = await mdapi.resolve('Profile', profiles.records.map((p) => p.Profile.Name));
|
|
69
|
+
Object.values(resolvedProfiles).forEach((profile) => {
|
|
70
|
+
profile.userPermissions.forEach((userPerm) => {
|
|
71
|
+
assignedPerms[userPerm.name] = { name: userPerm.name };
|
|
72
|
+
});
|
|
73
|
+
});
|
|
74
|
+
}
|
|
75
|
+
return assignedPerms;
|
|
66
76
|
}
|
|
67
77
|
function sanitiseLabel(rawLabel) {
|
|
68
78
|
return rawLabel?.replace(/[ \t]+$|[\r\n]+/g, '');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,KAAK,MAAM,iCAAiC,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC5F,OAAO,EAAoB,UAAU,EAAE,MAAM,cAAc,CAAC;AAG5D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAe,EAAE,MAAyB;IAClF,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,aAAa,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAChC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAmB,kBAAkB,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,EAAE,CAAC,aAAa;QACtB,KAAK,EAAE,EAAE,CAAC,WAAW;QACrB,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAe;IACnD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,sBAAsB,GAAqC,EAAE,CAAC;IACpE,OAAO,CAAC,MAAM;SACX,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;SACvD,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,sBAAsB,CAAC,QAAQ,CAAC,GAAG;YACjC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC,CAAC,CAAC;IACL,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAe;IAC9C,MAAM,aAAa,GAAqC,EAAE,CAAC;IAC3D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IAChE,IAAI,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAC1C,SAAS,EACT,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAC5C,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC3C,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;YACzD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,OAAO,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AACnD,CAAC"}
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
import { PermissionRiskLevel } from '../../core/classification-types.js';
|
|
2
|
+
import NonePreset from './none.js';
|
|
3
|
+
export default class LoosePreset extends NonePreset {
|
|
4
|
+
constructor() {
|
|
5
|
+
super({
|
|
6
|
+
UseAnyApiClient: PermissionRiskLevel.HIGH,
|
|
7
|
+
CustomizeApplication: PermissionRiskLevel.HIGH,
|
|
8
|
+
ModifyMetadata: PermissionRiskLevel.HIGH,
|
|
9
|
+
AuthorApex: PermissionRiskLevel.HIGH,
|
|
10
|
+
ManageAuthProviders: PermissionRiskLevel.HIGH,
|
|
11
|
+
Packaging2: PermissionRiskLevel.HIGH,
|
|
12
|
+
Packaging2Delete: PermissionRiskLevel.HIGH,
|
|
13
|
+
Packaging2PromoteVersion: PermissionRiskLevel.HIGH,
|
|
14
|
+
InstallPackaging: PermissionRiskLevel.HIGH,
|
|
15
|
+
ViewClientSecret: PermissionRiskLevel.HIGH,
|
|
16
|
+
ManageTwoFactor: PermissionRiskLevel.HIGH,
|
|
17
|
+
ManageRemoteAccess: PermissionRiskLevel.HIGH,
|
|
18
|
+
CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
|
|
19
|
+
ViewSetup: PermissionRiskLevel.MEDIUM,
|
|
20
|
+
ViewAllData: PermissionRiskLevel.MEDIUM,
|
|
21
|
+
ModifyAllData: PermissionRiskLevel.MEDIUM,
|
|
22
|
+
ExportReport: PermissionRiskLevel.MEDIUM,
|
|
23
|
+
EmailMass: PermissionRiskLevel.MEDIUM,
|
|
24
|
+
ApiEnabled: PermissionRiskLevel.LOW,
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
initDefault(permName) {
|
|
28
|
+
const basePerm = super.initDefault(permName);
|
|
29
|
+
if (basePerm.classification === PermissionRiskLevel.UNKNOWN) {
|
|
30
|
+
basePerm.classification = PermissionRiskLevel.LOW;
|
|
31
|
+
}
|
|
32
|
+
return basePerm;
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
//# sourceMappingURL=loose.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"loose.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/loose.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,UAAU;IACjD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,wBAAwB,EAAE,mBAAmB,CAAC,IAAI;YAClD,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,UAAU,EAAE,mBAAmB,CAAC,GAAG;SACpC,CAAC,CAAC;IACL,CAAC;IAEe,WAAW,CAAC,QAAgB;QAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,QAAQ,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;YAC5D,QAAQ,CAAC,cAAc,GAAG,mBAAmB,CAAC,GAAG,CAAC;QACpD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import { NamedPermissionsClassification } from '../../core/file-mgmt/schema.js';
|
|
2
|
+
import { PermissionRiskLevel } from '../../core/classification-types.js';
|
|
3
|
+
import { Optional } from '../../core/utils.js';
|
|
4
|
+
export type UnclassifiedPerm = Optional<NamedPermissionsClassification, 'classification'>;
|
|
5
|
+
export type Preset = {
|
|
6
|
+
classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
|
|
7
|
+
};
|
|
8
|
+
/**
|
|
9
|
+
* A "blank" preset that is extended by all other presets
|
|
10
|
+
* and initialises classification descriptions
|
|
11
|
+
*/
|
|
12
|
+
export default class NonePreset implements Preset {
|
|
13
|
+
protected userPermissions: Record<string, Partial<NamedPermissionsClassification>>;
|
|
14
|
+
constructor(userPerms?: Record<string, PermissionRiskLevel>);
|
|
15
|
+
/**
|
|
16
|
+
* Finalises permissions for all unclassified user perms that are set
|
|
17
|
+
* in this preset.
|
|
18
|
+
*
|
|
19
|
+
* @param perms
|
|
20
|
+
*/
|
|
21
|
+
classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
|
|
22
|
+
/**
|
|
23
|
+
* Initialises a default classification for a given permission name.
|
|
24
|
+
* This merges pre-configured defaults with available descriptions.
|
|
25
|
+
*
|
|
26
|
+
* @param permName
|
|
27
|
+
* @returns
|
|
28
|
+
*/
|
|
29
|
+
initDefault(permName: string): NamedPermissionsClassification;
|
|
30
|
+
}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
import { Messages } from '@salesforce/core';
|
|
2
|
+
import { PermissionRiskLevel } from '../../core/classification-types.js';
|
|
3
|
+
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
4
|
+
const descriptions = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policyclassifications');
|
|
5
|
+
/**
|
|
6
|
+
* A "blank" preset that is extended by all other presets
|
|
7
|
+
* and initialises classification descriptions
|
|
8
|
+
*/
|
|
9
|
+
export default class NonePreset {
|
|
10
|
+
userPermissions;
|
|
11
|
+
constructor(userPerms) {
|
|
12
|
+
this.userPermissions = {};
|
|
13
|
+
if (userPerms) {
|
|
14
|
+
Object.entries(userPerms).forEach(([name, classification]) => {
|
|
15
|
+
if (this.userPermissions[name]) {
|
|
16
|
+
this.userPermissions[name].classification = classification;
|
|
17
|
+
}
|
|
18
|
+
else {
|
|
19
|
+
this.userPermissions[name] = { classification };
|
|
20
|
+
}
|
|
21
|
+
});
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Finalises permissions for all unclassified user perms that are set
|
|
26
|
+
* in this preset.
|
|
27
|
+
*
|
|
28
|
+
* @param perms
|
|
29
|
+
*/
|
|
30
|
+
classifyUserPermissions(rawPerms) {
|
|
31
|
+
return rawPerms.map((perm) => ({
|
|
32
|
+
...this.initDefault(perm.name),
|
|
33
|
+
...perm,
|
|
34
|
+
}));
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Initialises a default classification for a given permission name.
|
|
38
|
+
* This merges pre-configured defaults with available descriptions.
|
|
39
|
+
*
|
|
40
|
+
* @param permName
|
|
41
|
+
* @returns
|
|
42
|
+
*/
|
|
43
|
+
initDefault(permName) {
|
|
44
|
+
const def = this.userPermissions[permName];
|
|
45
|
+
const hasDescription = descriptions.messages.has(permName);
|
|
46
|
+
return {
|
|
47
|
+
...def,
|
|
48
|
+
name: permName,
|
|
49
|
+
classification: def?.classification ?? PermissionRiskLevel.UNKNOWN,
|
|
50
|
+
reason: hasDescription ? descriptions.getMessage(permName) : undefined,
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
//# sourceMappingURL=none.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"none.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/none.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAGzE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,uBAAuB,CAAC,CAAC;AAQ1G;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,UAAU;IACnB,eAAe,CAA0D;IAEnF,YAAmB,SAA+C;QAChE,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC;QAC1B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,EAAE;gBAC3D,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,cAAc,GAAG,cAAc,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,EAAE,CAAC;gBAClD,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,uBAAuB,CAAC,QAA4B;QACzD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC7B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,GAAG,IAAI;SACR,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;;;;;OAMG;IACI,WAAW,CAAC,QAAgB;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3D,OAAO;YACL,GAAG,GAAG;YACN,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,GAAG,EAAE,cAAc,IAAI,mBAAmB,CAAC,OAAO;YAClE,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;SACvE,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { PermissionRiskLevel } from '../../core/classification-types.js';
|
|
2
|
+
import NonePreset from './none.js';
|
|
3
|
+
export default class StrictPreset extends NonePreset {
|
|
4
|
+
constructor() {
|
|
5
|
+
super({
|
|
6
|
+
UseAnyApiClient: PermissionRiskLevel.BLOCKED,
|
|
7
|
+
CustomizeApplication: PermissionRiskLevel.CRITICAL,
|
|
8
|
+
ModifyMetadata: PermissionRiskLevel.CRITICAL,
|
|
9
|
+
AuthorApex: PermissionRiskLevel.CRITICAL,
|
|
10
|
+
ManageAuthProviders: PermissionRiskLevel.CRITICAL,
|
|
11
|
+
Packaging2: PermissionRiskLevel.CRITICAL,
|
|
12
|
+
Packaging2Delete: PermissionRiskLevel.CRITICAL,
|
|
13
|
+
Packaging2PromoteVersion: PermissionRiskLevel.CRITICAL,
|
|
14
|
+
InstallPackaging: PermissionRiskLevel.CRITICAL,
|
|
15
|
+
ViewClientSecret: PermissionRiskLevel.CRITICAL,
|
|
16
|
+
ExportReport: PermissionRiskLevel.HIGH,
|
|
17
|
+
ViewSetup: PermissionRiskLevel.HIGH,
|
|
18
|
+
ApiEnabled: PermissionRiskLevel.HIGH,
|
|
19
|
+
ViewAllData: PermissionRiskLevel.HIGH,
|
|
20
|
+
ModifyAllData: PermissionRiskLevel.HIGH,
|
|
21
|
+
ManageTwoFactor: PermissionRiskLevel.HIGH,
|
|
22
|
+
ManageRemoteAccess: PermissionRiskLevel.HIGH,
|
|
23
|
+
CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
|
|
24
|
+
EmailMass: PermissionRiskLevel.MEDIUM,
|
|
25
|
+
});
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
//# sourceMappingURL=strict.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"strict.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/strict.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,UAAU;IAClD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,OAAO;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,QAAQ;YAClD,cAAc,EAAE,mBAAmB,CAAC,QAAQ;YAC5C,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,wBAAwB,EAAE,mBAAmB,CAAC,QAAQ;YACtD,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,SAAS,EAAE,mBAAmB,CAAC,MAAM;SACtC,CAAC,CAAC;IACL,CAAC;CACF"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
import LoosePreset from './presets/loose.js';
|
|
2
|
+
import NonePreset from './presets/none.js';
|
|
3
|
+
import StrictPreset from './presets/strict.js';
|
|
4
|
+
export var AuditInitPresets;
|
|
5
|
+
(function (AuditInitPresets) {
|
|
6
|
+
AuditInitPresets["strict"] = "strict";
|
|
7
|
+
AuditInitPresets["loose"] = "loose";
|
|
8
|
+
AuditInitPresets["none"] = "none";
|
|
9
|
+
})(AuditInitPresets || (AuditInitPresets = {}));
|
|
10
|
+
export function loadPreset(presetName) {
|
|
11
|
+
switch (presetName) {
|
|
12
|
+
case AuditInitPresets.loose:
|
|
13
|
+
return new LoosePreset();
|
|
14
|
+
case AuditInitPresets.strict:
|
|
15
|
+
return new StrictPreset();
|
|
16
|
+
default:
|
|
17
|
+
return new NonePreset();
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=presets.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"presets.js","sourceRoot":"","sources":["../../../src/libs/conf-init/presets.ts"],"names":[],"mappings":"AAAA,OAAO,WAAW,MAAM,oBAAoB,CAAC;AAC7C,OAAO,UAAsB,MAAM,mBAAmB,CAAC;AACvD,OAAO,YAAY,MAAM,qBAAqB,CAAC;AAE/C,MAAM,CAAN,IAAY,gBAIX;AAJD,WAAY,gBAAgB;IAC1B,qCAAiB,CAAA;IACjB,mCAAe,CAAA;IACf,iCAAa,CAAA;AACf,CAAC,EAJW,gBAAgB,KAAhB,gBAAgB,QAI3B;AAED,MAAM,UAAU,UAAU,CAAC,UAA6B;IACtD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,gBAAgB,CAAC,KAAK;YACzB,OAAO,IAAI,WAAW,EAAE,CAAC;QAC3B,KAAK,gBAAgB,CAAC,MAAM;YAC1B,OAAO,IAAI,YAAY,EAAE,CAAC;QAC5B;YACE,OAAO,IAAI,UAAU,EAAE,CAAC;IAC5B,CAAC;AACH,CAAC"}
|
|
@@ -13,7 +13,7 @@ export declare enum PermissionRiskLevel {
|
|
|
13
13
|
MEDIUM = "Medium",
|
|
14
14
|
/** Regular user permissions, typically needed for day-to-day work */
|
|
15
15
|
LOW = "Low",
|
|
16
|
-
/** Not categorized or unknown permission */
|
|
16
|
+
/** Not categorized or unknown permission. Will be ignored but create a warning */
|
|
17
17
|
UNKNOWN = "Unknown"
|
|
18
18
|
}
|
|
19
19
|
export declare function resolveRiskLevelOrdinalValue(value: string): number;
|
|
@@ -13,7 +13,7 @@ export var PermissionRiskLevel;
|
|
|
13
13
|
PermissionRiskLevel["MEDIUM"] = "Medium";
|
|
14
14
|
/** Regular user permissions, typically needed for day-to-day work */
|
|
15
15
|
PermissionRiskLevel["LOW"] = "Low";
|
|
16
|
-
/** Not categorized or unknown permission */
|
|
16
|
+
/** Not categorized or unknown permission. Will be ignored but create a warning */
|
|
17
17
|
PermissionRiskLevel["UNKNOWN"] = "Unknown";
|
|
18
18
|
})(PermissionRiskLevel || (PermissionRiskLevel = {}));
|
|
19
19
|
export function resolveRiskLevelOrdinalValue(value) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"classification-types.js","sourceRoot":"","sources":["../../../src/libs/core/classification-types.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,
|
|
1
|
+
{"version":3,"file":"classification-types.js","sourceRoot":"","sources":["../../../src/libs/core/classification-types.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED,MAAM,UAAU,4BAA4B,CAAC,KAAa;IACxD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAiC,EAAE,CAAiC,EAAU,EAAE,CACnH,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC"}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
import { PathLike } from 'node:fs';
|
|
2
1
|
import { Connection } from '@salesforce/core';
|
|
3
|
-
import {
|
|
4
|
-
import
|
|
2
|
+
import { ConnectedAppSettings, PermissionSet, Profile as ProfileMetadata } from '@jsforce/jsforce-node/lib/api/metadata.js';
|
|
3
|
+
import NamedMetadata from './namedMetadataType.js';
|
|
4
|
+
import SingletonMetadata from './singletonMetadataType.js';
|
|
5
|
+
import NamedMetadataQueryable from './namedMetadataToolingQueryable.js';
|
|
5
6
|
export default class MDAPI {
|
|
6
7
|
private connection;
|
|
7
8
|
private cache;
|
|
@@ -14,7 +15,7 @@ export default class MDAPI {
|
|
|
14
15
|
* @param componentNames
|
|
15
16
|
* @returns
|
|
16
17
|
*/
|
|
17
|
-
resolve<K extends keyof typeof NamedTypesRegistry>(typeName:
|
|
18
|
+
resolve<K extends keyof typeof NamedTypesRegistry>(typeName: K, componentNames: string[]): Promise<NamedReturnTypes[K]>;
|
|
18
19
|
/**
|
|
19
20
|
* Resolves one of the pre-configured metadata types and returns
|
|
20
21
|
* the entire XML content of source file body.
|
|
@@ -22,75 +23,13 @@ export default class MDAPI {
|
|
|
22
23
|
* @param typeName
|
|
23
24
|
* @returns
|
|
24
25
|
*/
|
|
25
|
-
resolveSingleton<K extends keyof typeof SingletonRegistry>(typeName:
|
|
26
|
+
resolveSingleton<K extends keyof typeof SingletonRegistry>(typeName: K): Promise<SingletonReturnTypes[K]>;
|
|
26
27
|
private cacheResults;
|
|
27
28
|
private fetchCached;
|
|
28
29
|
}
|
|
29
|
-
type MetadataRegistryEntryOpts<Type, Key extends keyof Type> = {
|
|
30
|
-
/**
|
|
31
|
-
* Metadata API name of the type.
|
|
32
|
-
*/
|
|
33
|
-
retrieveType: string;
|
|
34
|
-
/**
|
|
35
|
-
* Metadata API name entity.
|
|
36
|
-
*/
|
|
37
|
-
retrieveName?: string;
|
|
38
|
-
/**
|
|
39
|
-
* Optional XML parser instance. Typically used to fix errors for
|
|
40
|
-
* properties that must be parsed as list.
|
|
41
|
-
*/
|
|
42
|
-
parser?: XMLParser;
|
|
43
|
-
/**
|
|
44
|
-
* Name of the root node in XML file content
|
|
45
|
-
*/
|
|
46
|
-
rootNodeName: Key;
|
|
47
|
-
/**
|
|
48
|
-
* Post processor function that sanitises the XML parse result
|
|
49
|
-
*/
|
|
50
|
-
parsePostProcessor?: (parseResult: Type[Key]) => Type[Key];
|
|
51
|
-
};
|
|
52
|
-
declare abstract class MetadataRegistryEntry<Type, Key extends keyof Type> {
|
|
53
|
-
private opts;
|
|
54
|
-
parser: XMLParser;
|
|
55
|
-
retrieveType: string;
|
|
56
|
-
rootNodeName: Key;
|
|
57
|
-
constructor(opts: MetadataRegistryEntryOpts<Type, Key>);
|
|
58
|
-
parse(fullFilePath: PathLike): Type[Key];
|
|
59
|
-
}
|
|
60
|
-
/**
|
|
61
|
-
* The entry is a type that only has one single instance on the org, such as
|
|
62
|
-
* a Setting. The component is retrieved by its root node name
|
|
63
|
-
* (e.g. ConnectedAppSettings, AccountSettings, etc).
|
|
64
|
-
*/
|
|
65
|
-
declare class SingletonMetadata<Type, Key extends keyof Type> extends MetadataRegistryEntry<Type, Key> {
|
|
66
|
-
retrieveName: string;
|
|
67
|
-
constructor(opts: MetadataRegistryEntryOpts<Type, Key>);
|
|
68
|
-
/**
|
|
69
|
-
* Resolves component names, retrieves the metadata and returns
|
|
70
|
-
* as a strongly typed result.
|
|
71
|
-
*
|
|
72
|
-
* @param con
|
|
73
|
-
* @param componentNames
|
|
74
|
-
* @returns
|
|
75
|
-
*/
|
|
76
|
-
resolve(con: Connection): Promise<Type[Key]>;
|
|
77
|
-
private parseSourceFile;
|
|
78
|
-
}
|
|
79
|
-
declare class NamedMetadata<Type, Key extends keyof Type> extends MetadataRegistryEntry<Type, Key> {
|
|
80
|
-
constructor(opts: MetadataRegistryEntryOpts<Type, Key>);
|
|
81
|
-
/**
|
|
82
|
-
* Resolves component names, retrieves the metadata and returns
|
|
83
|
-
* as a strongly typed result.
|
|
84
|
-
*
|
|
85
|
-
* @param con
|
|
86
|
-
* @param componentNames
|
|
87
|
-
* @returns
|
|
88
|
-
*/
|
|
89
|
-
resolve(con: Connection, componentNames: string[]): Promise<Record<string, Type[Key]>>;
|
|
90
|
-
private parseSourceFiles;
|
|
91
|
-
}
|
|
92
30
|
export declare const NamedTypesRegistry: {
|
|
93
31
|
PermissionSet: NamedMetadata<PermissionSetXml, "PermissionSet">;
|
|
32
|
+
Profile: NamedMetadataQueryable<ProfileXml, "Profile">;
|
|
94
33
|
};
|
|
95
34
|
export declare const SingletonRegistry: {
|
|
96
35
|
ConnectedAppSettings: SingletonMetadata<ConnectedAppSettingsXml, "ConnectedAppSettings">;
|
|
@@ -101,6 +40,9 @@ type NamedReturnTypes = {
|
|
|
101
40
|
type SingletonReturnTypes = {
|
|
102
41
|
[K in keyof typeof SingletonRegistry]: Awaited<ReturnType<(typeof SingletonRegistry)[K]['resolve']>>;
|
|
103
42
|
};
|
|
43
|
+
type ProfileXml = {
|
|
44
|
+
Profile: ProfileMetadata;
|
|
45
|
+
};
|
|
104
46
|
type PermissionSetXml = {
|
|
105
47
|
PermissionSet: PermissionSet;
|
|
106
48
|
};
|