@j-schreiber/sf-cli-security-audit 0.4.1 → 0.6.0

package/README.md

@@ -38,12 +38,15 @@ Initialises classifications and policies for a security audit.
 
 ```
 USAGE
-  $ sf org audit init -o <value> [--json] [--flags-dir <value>] [-d <value>] [--api-version <value>]
+  $ sf org audit init -o <value> [--json] [--flags-dir <value>] [-d <value>] [-p strict|loose|none] [--api-version
+    <value>]
 
 FLAGS
   -d, --output-dir=<value>   Directory where the audit config is initialised. If not set, the root directory will be
                              used.
   -o, --target-org=<value>   (required) Target org to export permissions, profiles, users, etc.
+  -p, --preset=<option>      [default: strict] Select a preset to initialise permission classifications (risk levels).
+                             <options: strict|loose|none>
       --api-version=<value>  Override the api version used for api requests made by this command
 
 GLOBAL FLAGS
@@ -60,9 +63,21 @@ EXAMPLES
   Initialise audit policies at the root directory
 
     $ sf org audit init -o MyTargetOrg
+
+  Initialise audit config at custom directory with preset
+
+    $ sf org audit init -o MyTargetOrg -d my_dir -p loose
+
+FLAG DESCRIPTIONS
+  -p, --preset=strict|loose|none  Select a preset to initialise permission classifications (risk levels).
+
+    The selected preset is applied before any other default mechanisms (such as template configs). This means, values
+    from a selected template override the preset. Consult the documentation to learn more about the rationale behind the
+    default risk levels. The risk levels interact with the configured preset on profiles and permission sets and
+    essentially control, if a permission is allowed in a certain profile / permission set.
 ```
 
-_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.1.0/src/commands/org/audit/init.ts)_
+_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.4.1/src/commands/org/audit/init.ts)_
 
 ## `sf org audit run`
 
@@ -70,10 +85,10 @@ Audit your org.
 
 ```
 USAGE
-  $ sf org audit run -o <value> -d <value> [--json] [--flags-dir <value>] [--api-version <value>]
+  $ sf org audit run -o <value> [--json] [--flags-dir <value>] [-d <value>] [--api-version <value>]
 
 FLAGS
-  -d, --source-dir=<value>   (required) Location of the audit config.
+  -d, --source-dir=<value>   Location of the audit config.
   -o, --target-org=<value>   (required) The org that is audited.
       --api-version=<value>  Override the api version used for api requests made by this command
 
@@ -93,7 +108,7 @@ EXAMPLES
     $ sf org audit run -o MyTargetOrg -d configs/prod
 ```
 
-_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.1.0/src/commands/org/audit/run.ts)_
+_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.4.1/src/commands/org/audit/run.ts)_
 
 <!-- commandsstop -->
 

package/lib/commands/org/audit/init.d.ts

@@ -1,5 +1,6 @@
 import { SfCommand } from '@salesforce/sf-plugins-core';
 import { AuditRunConfig } from '../../../libs/core/file-mgmt/schema.js';
+import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
 export type OrgAuditInitResult = AuditRunConfig;
 export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
     static readonly summary: string;
@@ -8,6 +9,7 @@ export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
     static readonly flags: {
         'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
         'output-dir': import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        preset: import("@oclif/core/interfaces").OptionFlag<AuditInitPresets, import("@oclif/core/interfaces").CustomOptions>;
         'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
     };
     run(): Promise<OrgAuditInitResult>;

package/lib/commands/org/audit/init.js

@@ -2,8 +2,16 @@ import { SfCommand, Flags } from '@salesforce/sf-plugins-core';
 import { Messages } from '@salesforce/core';
 import AuditConfig from '../../../libs/conf-init/auditConfig.js';
 import { isPermissionsConfig, isPolicyConfig, } from '../../../libs/core/file-mgmt/schema.js';
+import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
 Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
 const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.init');
+const presetFlag = Flags.custom({
+    char: 'p',
+    summary: messages.getMessage('flags.preset.summary'),
+    description: messages.getMessage('flags.preset.description'),
+    options: Object.values(AuditInitPresets),
+    default: AuditInitPresets.strict,
+})();
 export default class OrgAuditInit extends SfCommand {
     static summary = messages.getMessage('summary');
     static description = messages.getMessage('description');
@@ -20,12 +28,14 @@ export default class OrgAuditInit extends SfCommand {
             summary: messages.getMessage('flags.output-dir.summary'),
             default: '',
         }),
+        preset: presetFlag,
         'api-version': Flags.orgApiVersion(),
     };
     async run() {
         const { flags } = await this.parse(OrgAuditInit);
         const auditConfig = await AuditConfig.init(flags['target-org'].getConnection(flags['api-version']), {
             targetDir: flags['output-dir'],
+            preset: flags.preset,
         });
         this.printResults(auditConfig);
         return auditConfig;

package/lib/commands/org/audit/init.js.map

@@ -1 +1 @@
-{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,wCAAwC,CAAC;AACjE,OAAO,EAIL,mBAAmB,EACnB,cAAc,GACf,MAAM,wCAAwC,CAAC;AAEhD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAI/F,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,SAA6B;IAC9D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE;YAClG,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC;SAC/B,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,eAA8C;QACzE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7C,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAC9F,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAgC;QACpD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;YAC/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE;wBAC5C,IAAI;wBACJ,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC;wBAC1C,GAAG,CAAC,QAAQ;qBACb,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC"}
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,wCAAwC,CAAC;AACjE,OAAO,EAIL,mBAAmB,EACnB,cAAc,GACf,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAEtE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAI/F,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAmB;IAChD,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC;IACpD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;IAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;IACxC,OAAO,EAAE,gBAAgB,CAAC,MAAM;CACjC,CAAC,EAAE,CAAC;AAEL,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,SAA6B;IAC9D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,EAAE,UAAU;QAClB,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE;YAClG,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC;YAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;SACrB,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,eAA8C;QACzE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7C,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAC9F,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAgC;QACpD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;YAC/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE;wBAC5C,IAAI;wBACJ,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC;wBAC1C,GAAG,CAAC,QAAQ;qBACb,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC"}

package/lib/commands/org/scan/user-perms.d.ts

@@ -0,0 +1,20 @@
+import { SfCommand } from '@salesforce/sf-plugins-core';
+import { QuickScanResult } from '../../../libs/quick-scan/types.js';
+import { EntityScanStatus } from '../../../libs/quick-scan/userPermissionScanner.js';
+export type OrgUserPermScanResult = QuickScanResult;
+export default class OrgUserPermScan extends SfCommand<OrgUserPermScanResult> {
+    static readonly summary: string;
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly flags: {
+        name: import("@oclif/core/interfaces").OptionFlag<string[], import("@oclif/core/interfaces").CustomOptions>;
+        'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
+        'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<OrgUserPermScanResult>;
+    private reportProgress;
+    private print;
+    private printSummary;
+    private printPermissionResults;
+}
+export declare function isEntityStatus(cls: unknown): cls is EntityScanStatus;

package/lib/commands/org/scan/user-perms.js

@@ -0,0 +1,88 @@
+import { SfCommand, Flags } from '@salesforce/sf-plugins-core';
+import { Messages } from '@salesforce/core';
+import UserPermissionScanner from '../../../libs/quick-scan/userPermissionScanner.js';
+import { capitalize } from '../../../libs/core/utils.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.scan.user-perms');
+export default class OrgUserPermScan extends SfCommand {
+    static summary = messages.getMessage('summary');
+    static description = messages.getMessage('description');
+    static examples = messages.getMessages('examples');
+    static flags = {
+        name: Flags.string({
+            summary: messages.getMessage('flags.name.summary'),
+            description: messages.getMessage('flags.name.description'),
+            char: 'n',
+            multiple: true,
+            required: true,
+        }),
+        'target-org': Flags.requiredOrg({
+            summary: messages.getMessage('flags.target-org.summary'),
+            char: 'o',
+            required: true,
+        }),
+        'api-version': Flags.orgApiVersion(),
+    };
+    async run() {
+        const { flags } = await this.parse(OrgUserPermScan);
+        const scanner = new UserPermissionScanner();
+        scanner.on('progress', this.reportProgress);
+        const result = await scanner.quickScan({
+            targetOrg: flags['target-org'].getConnection(flags['api-version']),
+            permissions: flags.name,
+        });
+        this.print(result);
+        return result;
+    }
+    reportProgress = (event) => {
+        if (event.status === 'Pending') {
+            this.spinner.start('Scanning');
+        }
+        const counters = [];
+        Object.entries(event).forEach(([propName, entityStatus]) => {
+            if (isEntityStatus(entityStatus)) {
+                counters.push(`${capitalize(propName)} (${entityStatus.resolved}/${entityStatus.total})`);
+            }
+        });
+        this.spinner.status = counters.join(' | ');
+        if (event.status === 'Completed') {
+            this.spinner.stop();
+            this.logSuccess(messages.getMessage('success.profiles-count', [event.profiles.total]));
+            this.logSuccess(messages.getMessage('success.permissionsets-count', [event.permissionSets.total]));
+            this.log();
+        }
+    };
+    print(result) {
+        this.printSummary(result);
+        Object.entries(result.permissions).forEach(([permName, permResult]) => {
+            this.printPermissionResults(permName, permResult);
+        });
+    }
+    printSummary(result) {
+        const data = [];
+        Object.entries(result.permissions).forEach(([permissionName, permResult]) => {
+            data.push({
+                permissionName,
+                profiles: permResult.profiles.length,
+                permissionSets: permResult.permissionSets.length,
+            });
+        });
+        this.table({ data, title: '=== Summary ===', titleOptions: { bold: true } });
+    }
+    printPermissionResults(permissionName, result) {
+        const data = [];
+        result.profiles.forEach((entityName) => {
+            data.push({ entityName, type: 'Profile' });
+        });
+        result.permissionSets.forEach((entityName) => {
+            data.push({ entityName, type: 'Permission Set' });
+        });
+        if (data.length > 0) {
+            this.table({ data, title: permissionName, titleOptions: { underline: true } });
+        }
+    }
+}
+export function isEntityStatus(cls) {
+    return cls.total !== undefined && cls.resolved !== undefined;
+}
+//# sourceMappingURL=user-perms.js.map

package/lib/commands/org/scan/user-perms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-perms.js","sourceRoot":"","sources":["../../../../src/commands/org/scan/user-perms.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,qBAGN,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAIpG,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,SAAgC;IACpE,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oBAAoB,CAAC;YAClD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;YAC1D,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,qBAAqB,EAAE,CAAC;QAC5C,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC;YACrC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAClE,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,cAAc,GAAG,CAAC,KAAsB,EAAQ,EAAE;QACxD,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QACD,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,EAAE;YACzD,IAAI,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,QAAS,IAAI,YAAY,CAAC,KAAM,GAAG,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACvF,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,8BAA8B,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACnG,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,CAAC;IACH,CAAC,CAAC;IAEM,KAAK,CAAC,MAAuB;QACnC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACpE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,MAAuB;QAC1C,MAAM,IAAI,GAAgF,EAAE,CAAC;QAC7F,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1E,IAAI,CAAC,IAAI,CAAC;gBACR,cAAc;gBACd,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,MAAM;gBACpC,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,MAAM;aACjD,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC/E,CAAC;IAEO,sBAAsB,CAAC,cAAsB,EAAE,MAA4B;QACjF,MAAM,IAAI,GAAgD,EAAE,CAAC;QAC7D,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACrC,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC3C,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;;AAGH,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAwB,CAAC,KAAK,KAAK,SAAS,IAAK,GAAwB,CAAC,QAAQ,KAAK,SAAS,CAAC;AAC3G,CAAC"}

package/lib/libs/conf-init/auditConfig.d.ts

@@ -1,10 +1,18 @@
 import { Connection } from '@salesforce/core';
 import { AuditRunConfig } from '../core/file-mgmt/schema.js';
+import { AuditInitPresets } from './presets.js';
 /**
  * Additional options how the config should be initialised.
  */
 export type AuditInitOptions = {
+    /**
+     * When set, config files are created at the target location.
+     */
     targetDir?: string;
+    /**
+     * An optional preset to initialise classifications and policies.
+     */
+    preset?: AuditInitPresets;
 };
 /**
  * Exposes key functionality to load an audit config as static methods. This makes

package/lib/libs/conf-init/auditConfig.js

@@ -14,7 +14,7 @@ export default class AuditConfig {
      */
     static async init(targetCon, opts) {
         const conf = { classifications: {}, policies: {} };
-        conf.classifications.userPermissions = { content: await initUserPermissions(targetCon) };
+        conf.classifications.userPermissions = { content: await initUserPermissions(targetCon, opts?.preset) };
         const customPerms = await initCustomPermissions(targetCon);
         if (customPerms) {
             conf.classifications.customPermissions = { content: customPerms };
@@ -22,7 +22,8 @@ export default class AuditConfig {
         conf.policies.Profiles = { content: await initProfiles(targetCon) };
         conf.policies.PermissionSets = { content: await initPermissionSets(targetCon) };
         conf.policies.ConnectedApps = { content: initConnectedApps() };
-        if (opts?.targetDir) {
+        // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+        if (opts?.targetDir || opts?.targetDir === '') {
             DefaultFileManager.save(opts.targetDir, conf);
         }
         return conf;

package/lib/libs/conf-init/auditConfig.js.map

@@ -1 +1 @@
-{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AASzF;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,IAAI,GAAmB,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,eAAe,GAAG,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC,SAAS,CAAC,EAAE,CAAC;QACzF,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,eAAe,CAAC,iBAAiB,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,CAAC;QAC/D,IAAI,IAAI,EAAE,SAAS,EAAE,CAAC;YACpB,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,IAAI,CAAC,SAAiB;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;CACF"}
+{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAiBzF;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,IAAI,GAAmB,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,eAAe,GAAG,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;QACvG,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,eAAe,CAAC,iBAAiB,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,CAAC;QAC/D,wEAAwE;QACxE,IAAI,IAAI,EAAE,SAAS,IAAI,IAAI,EAAE,SAAS,KAAK,EAAE,EAAE,CAAC;YAC9C,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,IAAI,CAAC,SAAiB;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;CACF"}

package/lib/libs/conf-init/permissionsClassification.d.ts

@@ -1,12 +1,13 @@
 import { Connection } from '@salesforce/core';
 import { PermissionsConfig } from '../core/file-mgmt/schema.js';
+import { AuditInitPresets } from './presets.js';
 /**
- * Initialises a fresh set of user permissions from target org connection
+ * Initialises a fresh set of user permissions from target org connection.
  *
  * @param con
  * @returns
  */
-export declare function initUserPermissions(con: Connection): Promise<PermissionsConfig>;
+export declare function initUserPermissions(con: Connection, preset?: AuditInitPresets): Promise<PermissionsConfig>;
 /**
  * Initialises a fresh set of custom permissions from the target org
  *

package/lib/libs/conf-init/permissionsClassification.js

@@ -1,17 +1,21 @@
-import { CUSTOM_PERMS_QUERY } from '../core/constants.js';
+import { CUSTOM_PERMS_QUERY, PROFILES_QUERY } from '../core/constants.js';
+import MDAPI from '../core/mdapi/mdapiRetriever.js';
 import { classificationSorter, PermissionRiskLevel } from '../core/classification-types.js';
-import { DEFAULT_CLASSIFICATIONS } from './defaultPolicyClassification.js';
+import { loadPreset } from './presets.js';
 /**
- * Initialises a fresh set of user permissions from target org connection
+ * Initialises a fresh set of user permissions from target org connection.
  *
  * @param con
  * @returns
  */
-export async function initUserPermissions(con) {
-    const permSet = await con.describe('PermissionSet');
-    const result = { permissions: {} };
-    const perms = parsePermissionsFromPermSet(permSet);
+export async function initUserPermissions(con, preset) {
+    const describePerms = await parsePermsFromDescribe(con);
+    const assignedPerms = await findAssignedPerms(con);
+    const allPerms = { ...describePerms, ...assignedPerms };
+    const presConfig = loadPreset(preset);
+    const perms = presConfig.classifyUserPermissions(Object.values(allPerms));
     perms.sort(classificationSorter);
+    const result = { permissions: {} };
     perms.forEach((perm) => (result.permissions[perm.name] = {
         label: sanitiseLabel(perm.label),
         classification: perm.classification,
@@ -42,27 +46,33 @@ export async function initCustomPermissions(con) {
     }));
     return result;
 }
-function parsePermissionsFromPermSet(describe) {
-    const permFields = describe.fields.filter((field) => field.name.startsWith('Permissions'));
-    return permFields.map((field) => {
-        const policyName = field.name.replace('Permissions', '');
-        const defaultDef = DEFAULT_CLASSIFICATIONS[policyName];
-        if (defaultDef) {
-            return {
-                label: field.label,
-                name: policyName,
-                classification: defaultDef.classification,
-                reason: defaultDef.reason,
-            };
-        }
-        else {
-            return {
-                label: field.label,
-                name: policyName,
-                classification: PermissionRiskLevel.UNKNOWN,
-            };
-        }
+async function parsePermsFromDescribe(con) {
+    const permSet = await con.describe('PermissionSet');
+    const describeAvailablePerms = {};
+    permSet.fields
+        .filter((field) => field.name.startsWith('Permissions'))
+        .forEach((field) => {
+        const permName = field.name.replace('Permissions', '');
+        describeAvailablePerms[permName] = {
+            label: field.label,
+            name: permName,
+        };
     });
+    return describeAvailablePerms;
+}
+async function findAssignedPerms(con) {
+    const assignedPerms = {};
+    const profiles = await con.query(PROFILES_QUERY);
+    if (profiles.records?.length > 0) {
+        const mdapi = new MDAPI(con);
+        const resolvedProfiles = await mdapi.resolve('Profile', profiles.records.map((p) => p.Profile.Name));
+        Object.values(resolvedProfiles).forEach((profile) => {
+            profile.userPermissions.forEach((userPerm) => {
+                assignedPerms[userPerm.name] = { name: userPerm.name };
+            });
+        });
+    }
+    return assignedPerms;
 }
 function sanitiseLabel(rawLabel) {
     return rawLabel?.replace(/[ \t]+$|[\r\n]+/g, '');

package/lib/libs/conf-init/permissionsClassification.js.map

@@ -1 +1 @@
-{"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE1D,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC5F,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAE3E;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAe;IACvD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,MAAM,KAAK,GAAG,2BAA2B,CAAC,OAAO,CAAC,CAAC;IACnD,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAChC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAmB,kBAAkB,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,EAAE,CAAC,aAAa;QACtB,KAAK,EAAE,EAAE,CAAC,WAAW;QACrB,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,2BAA2B,CAAC,QAA+B;IAClE,MAAM,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC;IAC3F,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QAC9B,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACzD,MAAM,UAAU,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;QACvD,IAAI,UAAU,EAAE,CAAC;YACf,OAAO;gBACL,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,IAAI,EAAE,UAAU;gBAChB,cAAc,EAAE,UAAU,CAAC,cAAc;gBACzC,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,OAAO;gBACL,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,IAAI,EAAE,UAAU;gBAChB,cAAc,EAAE,mBAAmB,CAAC,OAAO;aAC5C,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,OAAO,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AACnD,CAAC"}
+{"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,KAAK,MAAM,iCAAiC,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC5F,OAAO,EAAoB,UAAU,EAAE,MAAM,cAAc,CAAC;AAG5D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAe,EAAE,MAAyB;IAClF,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,aAAa,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAChC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAmB,kBAAkB,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,EAAE,CAAC,aAAa;QACtB,KAAK,EAAE,EAAE,CAAC,WAAW;QACrB,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAe;IACnD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,sBAAsB,GAAqC,EAAE,CAAC;IACpE,OAAO,CAAC,MAAM;SACX,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;SACvD,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,sBAAsB,CAAC,QAAQ,CAAC,GAAG;YACjC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC,CAAC,CAAC;IACL,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAe;IAC9C,MAAM,aAAa,GAAqC,EAAE,CAAC;IAC3D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IAChE,IAAI,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAC1C,SAAS,EACT,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAC5C,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC3C,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;YACzD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,OAAO,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AACnD,CAAC"}

package/lib/libs/conf-init/presets/loose.d.ts

@@ -0,0 +1,6 @@
+import { NamedPermissionsClassification } from '../../core/file-mgmt/schema.js';
+import NonePreset from './none.js';
+export default class LoosePreset extends NonePreset {
+    constructor();
+    initDefault(permName: string): NamedPermissionsClassification;
+}

package/lib/libs/conf-init/presets/loose.js

@@ -0,0 +1,35 @@
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import NonePreset from './none.js';
+export default class LoosePreset extends NonePreset {
+    constructor() {
+        super({
+            UseAnyApiClient: PermissionRiskLevel.HIGH,
+            CustomizeApplication: PermissionRiskLevel.HIGH,
+            ModifyMetadata: PermissionRiskLevel.HIGH,
+            AuthorApex: PermissionRiskLevel.HIGH,
+            ManageAuthProviders: PermissionRiskLevel.HIGH,
+            Packaging2: PermissionRiskLevel.HIGH,
+            Packaging2Delete: PermissionRiskLevel.HIGH,
+            Packaging2PromoteVersion: PermissionRiskLevel.HIGH,
+            InstallPackaging: PermissionRiskLevel.HIGH,
+            ViewClientSecret: PermissionRiskLevel.HIGH,
+            ManageTwoFactor: PermissionRiskLevel.HIGH,
+            ManageRemoteAccess: PermissionRiskLevel.HIGH,
+            CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
+            ViewSetup: PermissionRiskLevel.MEDIUM,
+            ViewAllData: PermissionRiskLevel.MEDIUM,
+            ModifyAllData: PermissionRiskLevel.MEDIUM,
+            ExportReport: PermissionRiskLevel.MEDIUM,
+            EmailMass: PermissionRiskLevel.MEDIUM,
+            ApiEnabled: PermissionRiskLevel.LOW,
+        });
+    }
+    initDefault(permName) {
+        const basePerm = super.initDefault(permName);
+        if (basePerm.classification === PermissionRiskLevel.UNKNOWN) {
+            basePerm.classification = PermissionRiskLevel.LOW;
+        }
+        return basePerm;
+    }
+}
+//# sourceMappingURL=loose.js.map

package/lib/libs/conf-init/presets/loose.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loose.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/loose.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,UAAU;IACjD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,wBAAwB,EAAE,mBAAmB,CAAC,IAAI;YAClD,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,UAAU,EAAE,mBAAmB,CAAC,GAAG;SACpC,CAAC,CAAC;IACL,CAAC;IAEe,WAAW,CAAC,QAAgB;QAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,QAAQ,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;YAC5D,QAAQ,CAAC,cAAc,GAAG,mBAAmB,CAAC,GAAG,CAAC;QACpD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/lib/libs/conf-init/presets/none.d.ts

@@ -0,0 +1,30 @@
+import { NamedPermissionsClassification } from '../../core/file-mgmt/schema.js';
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import { Optional } from '../../core/utils.js';
+export type UnclassifiedPerm = Optional<NamedPermissionsClassification, 'classification'>;
+export type Preset = {
+    classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
+};
+/**
+ * A "blank" preset that is extended by all other presets
+ * and initialises classification descriptions
+ */
+export default class NonePreset implements Preset {
+    protected userPermissions: Record<string, Partial<NamedPermissionsClassification>>;
+    constructor(userPerms?: Record<string, PermissionRiskLevel>);
+    /**
+     * Finalises permissions for all unclassified user perms that are set
+     * in this preset.
+     *
+     * @param perms
+     */
+    classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
+    /**
+     * Initialises a default classification for a given permission name.
+     * This merges pre-configured defaults with available descriptions.
+     *
+     * @param permName
+     * @returns
+     */
+    initDefault(permName: string): NamedPermissionsClassification;
+}

package/lib/libs/conf-init/presets/none.js

@@ -0,0 +1,54 @@
+import { Messages } from '@salesforce/core';
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const descriptions = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policyclassifications');
+/**
+ * A "blank" preset that is extended by all other presets
+ * and initialises classification descriptions
+ */
+export default class NonePreset {
+    userPermissions;
+    constructor(userPerms) {
+        this.userPermissions = {};
+        if (userPerms) {
+            Object.entries(userPerms).forEach(([name, classification]) => {
+                if (this.userPermissions[name]) {
+                    this.userPermissions[name].classification = classification;
+                }
+                else {
+                    this.userPermissions[name] = { classification };
+                }
+            });
+        }
+    }
+    /**
+     * Finalises permissions for all unclassified user perms that are set
+     * in this preset.
+     *
+     * @param perms
+     */
+    classifyUserPermissions(rawPerms) {
+        return rawPerms.map((perm) => ({
+            ...this.initDefault(perm.name),
+            ...perm,
+        }));
+    }
+    /**
+     * Initialises a default classification for a given permission name.
+     * This merges pre-configured defaults with available descriptions.
+     *
+     * @param permName
+     * @returns
+     */
+    initDefault(permName) {
+        const def = this.userPermissions[permName];
+        const hasDescription = descriptions.messages.has(permName);
+        return {
+            ...def,
+            name: permName,
+            classification: def?.classification ?? PermissionRiskLevel.UNKNOWN,
+            reason: hasDescription ? descriptions.getMessage(permName) : undefined,
+        };
+    }
+}
+//# sourceMappingURL=none.js.map

package/lib/libs/conf-init/presets/none.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"none.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/none.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAGzE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,uBAAuB,CAAC,CAAC;AAQ1G;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,UAAU;IACnB,eAAe,CAA0D;IAEnF,YAAmB,SAA+C;QAChE,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC;QAC1B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,EAAE;gBAC3D,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,cAAc,GAAG,cAAc,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,EAAE,CAAC;gBAClD,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,uBAAuB,CAAC,QAA4B;QACzD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC7B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,GAAG,IAAI;SACR,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;;;;;OAMG;IACI,WAAW,CAAC,QAAgB;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3D,OAAO;YACL,GAAG,GAAG;YACN,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,GAAG,EAAE,cAAc,IAAI,mBAAmB,CAAC,OAAO;YAClE,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;SACvE,CAAC;IACJ,CAAC;CACF"}

package/lib/libs/conf-init/presets/strict.d.ts

@@ -0,0 +1,4 @@
+import NonePreset from './none.js';
+export default class StrictPreset extends NonePreset {
+    constructor();
+}

package/lib/libs/conf-init/presets/strict.js

@@ -0,0 +1,28 @@
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import NonePreset from './none.js';
+export default class StrictPreset extends NonePreset {
+    constructor() {
+        super({
+            UseAnyApiClient: PermissionRiskLevel.BLOCKED,
+            CustomizeApplication: PermissionRiskLevel.CRITICAL,
+            ModifyMetadata: PermissionRiskLevel.CRITICAL,
+            AuthorApex: PermissionRiskLevel.CRITICAL,
+            ManageAuthProviders: PermissionRiskLevel.CRITICAL,
+            Packaging2: PermissionRiskLevel.CRITICAL,
+            Packaging2Delete: PermissionRiskLevel.CRITICAL,
+            Packaging2PromoteVersion: PermissionRiskLevel.CRITICAL,
+            InstallPackaging: PermissionRiskLevel.CRITICAL,
+            ViewClientSecret: PermissionRiskLevel.CRITICAL,
+            ExportReport: PermissionRiskLevel.HIGH,
+            ViewSetup: PermissionRiskLevel.HIGH,
+            ApiEnabled: PermissionRiskLevel.HIGH,
+            ViewAllData: PermissionRiskLevel.HIGH,
+            ModifyAllData: PermissionRiskLevel.HIGH,
+            ManageTwoFactor: PermissionRiskLevel.HIGH,
+            ManageRemoteAccess: PermissionRiskLevel.HIGH,
+            CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
+            EmailMass: PermissionRiskLevel.MEDIUM,
+        });
+    }
+}
+//# sourceMappingURL=strict.js.map

package/lib/libs/conf-init/presets/strict.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strict.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/strict.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,UAAU;IAClD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,OAAO;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,QAAQ;YAClD,cAAc,EAAE,mBAAmB,CAAC,QAAQ;YAC5C,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,wBAAwB,EAAE,mBAAmB,CAAC,QAAQ;YACtD,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,SAAS,EAAE,mBAAmB,CAAC,MAAM;SACtC,CAAC,CAAC;IACL,CAAC;CACF"}

package/lib/libs/conf-init/presets.d.ts

@@ -0,0 +1,7 @@
+import { Preset } from './presets/none.js';
+export declare enum AuditInitPresets {
+    strict = "strict",
+    loose = "loose",
+    none = "none"
+}
+export declare function loadPreset(presetName?: AuditInitPresets): Preset;

package/lib/libs/conf-init/presets.js

@@ -0,0 +1,20 @@
+import LoosePreset from './presets/loose.js';
+import NonePreset from './presets/none.js';
+import StrictPreset from './presets/strict.js';
+export var AuditInitPresets;
+(function (AuditInitPresets) {
+    AuditInitPresets["strict"] = "strict";
+    AuditInitPresets["loose"] = "loose";
+    AuditInitPresets["none"] = "none";
+})(AuditInitPresets || (AuditInitPresets = {}));
+export function loadPreset(presetName) {
+    switch (presetName) {
+        case AuditInitPresets.loose:
+            return new LoosePreset();
+        case AuditInitPresets.strict:
+            return new StrictPreset();
+        default:
+            return new NonePreset();
+    }
+}
+//# sourceMappingURL=presets.js.map

package/lib/libs/conf-init/presets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"presets.js","sourceRoot":"","sources":["../../../src/libs/conf-init/presets.ts"],"names":[],"mappings":"AAAA,OAAO,WAAW,MAAM,oBAAoB,CAAC;AAC7C,OAAO,UAAsB,MAAM,mBAAmB,CAAC;AACvD,OAAO,YAAY,MAAM,qBAAqB,CAAC;AAE/C,MAAM,CAAN,IAAY,gBAIX;AAJD,WAAY,gBAAgB;IAC1B,qCAAiB,CAAA;IACjB,mCAAe,CAAA;IACf,iCAAa,CAAA;AACf,CAAC,EAJW,gBAAgB,KAAhB,gBAAgB,QAI3B;AAED,MAAM,UAAU,UAAU,CAAC,UAA6B;IACtD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,gBAAgB,CAAC,KAAK;YACzB,OAAO,IAAI,WAAW,EAAE,CAAC;QAC3B,KAAK,gBAAgB,CAAC,MAAM;YAC1B,OAAO,IAAI,YAAY,EAAE,CAAC;QAC5B;YACE,OAAO,IAAI,UAAU,EAAE,CAAC;IAC5B,CAAC;AACH,CAAC"}