@j-schreiber/sf-cli-security-audit 0.6.0 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +39 -2
- package/lib/commands/org/audit/init.js +2 -1
- package/lib/commands/org/audit/init.js.map +1 -1
- package/lib/commands/org/audit/run.js +10 -4
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/commands/org/scan/user-perms.js +1 -2
- package/lib/commands/org/scan/user-perms.js.map +1 -1
- package/lib/libs/conf-init/auditConfig.js +5 -4
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/libs/conf-init/policyConfigs.d.ts +7 -1
- package/lib/libs/conf-init/policyConfigs.js +29 -3
- package/lib/libs/conf-init/policyConfigs.js.map +1 -1
- package/lib/libs/conf-init/presets/loose.js +16 -0
- package/lib/libs/conf-init/presets/loose.js.map +1 -1
- package/lib/libs/conf-init/presets/strict.js +17 -0
- package/lib/libs/conf-init/presets/strict.js.map +1 -1
- package/lib/libs/{policies → core}/auditRun.d.ts +4 -4
- package/lib/libs/{policies → core}/auditRun.js +8 -14
- package/lib/libs/core/auditRun.js.map +1 -0
- package/lib/libs/core/constants.d.ts +5 -0
- package/lib/libs/core/constants.js +10 -0
- package/lib/libs/core/constants.js.map +1 -1
- package/lib/libs/core/file-mgmt/auditConfigFileManager.d.ts +4 -2
- package/lib/libs/core/file-mgmt/auditConfigFileManager.js +30 -49
- package/lib/libs/core/file-mgmt/auditConfigFileManager.js.map +1 -1
- package/lib/libs/core/file-mgmt/schema.d.ts +32 -11
- package/lib/libs/core/file-mgmt/schema.js +14 -1
- package/lib/libs/core/file-mgmt/schema.js.map +1 -1
- package/lib/libs/core/policies/connectedAppPolicy.d.ts +10 -0
- package/lib/libs/{policies → core/policies}/connectedAppPolicy.js +4 -4
- package/lib/libs/core/policies/connectedAppPolicy.js.map +1 -0
- package/lib/libs/core/policies/permissionSetPolicy.d.ts +11 -0
- package/lib/libs/{policies → core/policies}/permissionSetPolicy.js +4 -4
- package/lib/libs/core/policies/permissionSetPolicy.js.map +1 -0
- package/lib/libs/{policies → core/policies}/policy.d.ts +11 -11
- package/lib/libs/{policies → core/policies}/policy.js +5 -0
- package/lib/libs/core/policies/policy.js.map +1 -0
- package/lib/libs/core/policies/profilePolicy.d.ts +11 -0
- package/lib/libs/{policies → core/policies}/profilePolicy.js +4 -4
- package/lib/libs/core/policies/profilePolicy.js.map +1 -0
- package/lib/libs/{policies → core/policies}/salesforceStandardTypes.d.ts +14 -0
- package/lib/libs/core/policies/salesforceStandardTypes.js.map +1 -0
- package/lib/libs/core/policies/userPolicy.d.ts +11 -0
- package/lib/libs/core/policies/userPolicy.js +104 -0
- package/lib/libs/core/policies/userPolicy.js.map +1 -0
- package/lib/libs/core/policyRegistry.d.ts +23 -0
- package/lib/libs/core/policyRegistry.js +38 -0
- package/lib/libs/core/policyRegistry.js.map +1 -0
- package/lib/libs/core/registries/ruleRegistry.d.ts +1 -3
- package/lib/libs/core/registries/ruleRegistry.js +1 -1
- package/lib/libs/core/registries/ruleRegistry.js.map +1 -1
- package/lib/libs/core/registries/rules/noInactiveUsers.d.ts +9 -0
- package/lib/libs/core/registries/rules/noInactiveUsers.js +44 -0
- package/lib/libs/core/registries/rules/noInactiveUsers.js.map +1 -0
- package/lib/libs/core/registries/rules/noOtherApexApiLogins.d.ts +7 -0
- package/lib/libs/core/registries/rules/noOtherApexApiLogins.js +24 -0
- package/lib/libs/core/registries/rules/noOtherApexApiLogins.js.map +1 -0
- package/lib/libs/core/registries/rules/policyRule.d.ts +4 -1
- package/lib/libs/core/registries/rules/policyRule.js +2 -0
- package/lib/libs/core/registries/rules/policyRule.js.map +1 -1
- package/lib/libs/core/registries/types.d.ts +2 -0
- package/lib/libs/core/registries/types.js +2 -0
- package/lib/libs/core/registries/types.js.map +1 -1
- package/lib/libs/core/registries/users.d.ts +26 -0
- package/lib/libs/core/registries/users.js +10 -0
- package/lib/libs/core/registries/users.js.map +1 -0
- package/lib/libs/core/result-types.d.ts +2 -1
- package/lib/libs/core/utils.d.ts +7 -0
- package/lib/libs/core/utils.js +12 -0
- package/lib/libs/core/utils.js.map +1 -1
- package/lib/ux/auditRunMultiStage.d.ts +1 -1
- package/lib/ux/auditRunMultiStage.js +22 -19
- package/lib/ux/auditRunMultiStage.js.map +1 -1
- package/messages/org.scan.user-perms.md +2 -6
- package/messages/policies.general.md +4 -0
- package/messages/rules.users.md +11 -0
- package/oclif.manifest.json +79 -79
- package/package.json +1 -1
- package/lib/libs/policies/auditRun.js.map +0 -1
- package/lib/libs/policies/connectedAppPolicy.d.ts +0 -9
- package/lib/libs/policies/connectedAppPolicy.js.map +0 -1
- package/lib/libs/policies/permissionSetPolicy.d.ts +0 -10
- package/lib/libs/policies/permissionSetPolicy.js.map +0 -1
- package/lib/libs/policies/policy.js.map +0 -1
- package/lib/libs/policies/profilePolicy.d.ts +0 -10
- package/lib/libs/policies/profilePolicy.js.map +0 -1
- package/lib/libs/policies/salesforceStandardTypes.js.map +0 -1
- /package/lib/libs/{policies → core/policies}/salesforceStandardTypes.js +0 -0
|
@@ -2,8 +2,8 @@ import path from 'node:path';
|
|
|
2
2
|
import fs from 'node:fs';
|
|
3
3
|
import yaml from 'js-yaml';
|
|
4
4
|
import { Messages } from '@salesforce/core';
|
|
5
|
-
import {
|
|
6
|
-
import {
|
|
5
|
+
import { isEmpty } from '../utils.js';
|
|
6
|
+
import { classificationDefs, policyDefs } from '../policyRegistry.js';
|
|
7
7
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
8
8
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
|
|
9
9
|
/**
|
|
@@ -32,31 +32,8 @@ export default class AuditConfigFileManager {
|
|
|
32
32
|
directoryStructure;
|
|
33
33
|
constructor() {
|
|
34
34
|
this.directoryStructure = {
|
|
35
|
-
policies:
|
|
36
|
-
|
|
37
|
-
schema: ProfilesPolicyFileSchema,
|
|
38
|
-
dependencies: [
|
|
39
|
-
{ path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForProfiles' },
|
|
40
|
-
],
|
|
41
|
-
},
|
|
42
|
-
permissionSets: {
|
|
43
|
-
schema: PermSetsPolicyFileSchema,
|
|
44
|
-
dependencies: [
|
|
45
|
-
{ path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForPermSets' },
|
|
46
|
-
],
|
|
47
|
-
},
|
|
48
|
-
connectedApps: {
|
|
49
|
-
schema: PolicyFileSchema,
|
|
50
|
-
},
|
|
51
|
-
},
|
|
52
|
-
classifications: {
|
|
53
|
-
userPermissions: {
|
|
54
|
-
schema: PermissionsConfigFileSchema,
|
|
55
|
-
},
|
|
56
|
-
customPermissions: {
|
|
57
|
-
schema: PermissionsConfigFileSchema,
|
|
58
|
-
},
|
|
59
|
-
},
|
|
35
|
+
policies: policyDefs,
|
|
36
|
+
classifications: classificationDefs,
|
|
60
37
|
};
|
|
61
38
|
}
|
|
62
39
|
/**
|
|
@@ -68,7 +45,7 @@ export default class AuditConfigFileManager {
|
|
|
68
45
|
*/
|
|
69
46
|
parse(dirPath) {
|
|
70
47
|
const classifications = this.parseSubdir(dirPath, 'classifications');
|
|
71
|
-
const policies =
|
|
48
|
+
const policies = this.parseSubdir(dirPath, 'policies');
|
|
72
49
|
const conf = { classifications, policies };
|
|
73
50
|
assertIsMinimalConfig(conf, dirPath);
|
|
74
51
|
this.validateDependencies(conf);
|
|
@@ -83,15 +60,13 @@ export default class AuditConfigFileManager {
|
|
|
83
60
|
* @returns
|
|
84
61
|
*/
|
|
85
62
|
save(targetDirPath, conf) {
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
this.writeSubdir(configFiles, dirName, targetDirPath);
|
|
89
|
-
});
|
|
63
|
+
this.writeClassifications(conf.classifications, targetDirPath);
|
|
64
|
+
this.writePolicies(conf.policies, targetDirPath);
|
|
90
65
|
}
|
|
91
66
|
parseSubdir(dirPath, subdirName) {
|
|
92
67
|
const parseResults = {};
|
|
93
68
|
Object.entries(this.directoryStructure[subdirName]).forEach(([fileName, fileConfig]) => {
|
|
94
|
-
const filePath = path.join(dirPath, subdirName, `${fileName}.yml`);
|
|
69
|
+
const filePath = path.join(dirPath.toString(), subdirName, `${fileName}.yml`);
|
|
95
70
|
if (fs.existsSync(filePath)) {
|
|
96
71
|
const fileContent = yaml.load(fs.readFileSync(filePath, 'utf-8'));
|
|
97
72
|
const content = fileConfig.schema.parse(fileContent);
|
|
@@ -100,24 +75,35 @@ export default class AuditConfigFileManager {
|
|
|
100
75
|
});
|
|
101
76
|
return parseResults;
|
|
102
77
|
}
|
|
103
|
-
|
|
104
|
-
const
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
78
|
+
writeClassifications(content, targetDirPath) {
|
|
79
|
+
const dirPath = path.join(targetDirPath.toString(), 'classifications');
|
|
80
|
+
fs.mkdirSync(dirPath, { recursive: true });
|
|
81
|
+
const dirConf = this.directoryStructure.classifications;
|
|
82
|
+
Object.entries(content).forEach(([fileKey, confFile]) => {
|
|
83
|
+
const fileDef = dirConf[fileKey];
|
|
84
|
+
if (fileDef && !isEmpty(confFile.content)) {
|
|
85
|
+
// eslint-disable-next-line no-param-reassign
|
|
86
|
+
confFile.filePath = path.join(dirPath, `${fileKey}.yml`);
|
|
87
|
+
fs.writeFileSync(confFile.filePath, yaml.dump(confFile.content));
|
|
88
|
+
}
|
|
89
|
+
});
|
|
90
|
+
}
|
|
91
|
+
writePolicies(content, targetDirPath) {
|
|
92
|
+
const dirPath = path.join(targetDirPath.toString(), 'policies');
|
|
93
|
+
fs.mkdirSync(dirPath, { recursive: true });
|
|
94
|
+
const dirConf = this.directoryStructure.policies;
|
|
95
|
+
Object.entries(content).forEach(([fileKey, confFile]) => {
|
|
96
|
+
const fileDef = dirConf[fileKey];
|
|
111
97
|
if (fileDef && !isEmpty(confFile.content)) {
|
|
112
98
|
// eslint-disable-next-line no-param-reassign
|
|
113
|
-
confFile.filePath = path.join(
|
|
99
|
+
confFile.filePath = path.join(dirPath, `${fileKey}.yml`);
|
|
114
100
|
fs.writeFileSync(confFile.filePath, yaml.dump(confFile.content));
|
|
115
101
|
}
|
|
116
102
|
});
|
|
117
103
|
}
|
|
118
104
|
validateDependencies(conf) {
|
|
119
105
|
Object.keys(conf.policies).forEach((policyName) => {
|
|
120
|
-
const policyDef = this.directoryStructure.policies[
|
|
106
|
+
const policyDef = this.directoryStructure.policies[policyName];
|
|
121
107
|
if (policyDef?.dependencies) {
|
|
122
108
|
policyDef.dependencies.forEach((dependency) => {
|
|
123
109
|
if (!dependencyExists(dependency.path, conf)) {
|
|
@@ -128,11 +114,6 @@ export default class AuditConfigFileManager {
|
|
|
128
114
|
});
|
|
129
115
|
}
|
|
130
116
|
}
|
|
131
|
-
function capitalizeKeys(object) {
|
|
132
|
-
const newObj = {};
|
|
133
|
-
Object.keys(object).forEach((key) => (newObj[capitalize(key)] = object[key]));
|
|
134
|
-
return newObj;
|
|
135
|
-
}
|
|
136
117
|
function dependencyExists(fullPath, rootNode) {
|
|
137
118
|
const dep = traverseDependencyPath(fullPath, rootNode);
|
|
138
119
|
return Boolean(dep);
|
|
@@ -150,7 +131,7 @@ function traverseDependencyPath(remainingPath, rootNode) {
|
|
|
150
131
|
}
|
|
151
132
|
function assertIsMinimalConfig(conf, dirPath) {
|
|
152
133
|
if (Object.keys(conf.policies).length === 0) {
|
|
153
|
-
const formattedDirPath = !dirPath || dirPath.length === 0 ? '<root-dir>' : dirPath;
|
|
134
|
+
const formattedDirPath = !dirPath || dirPath.toString().length === 0 ? '<root-dir>' : dirPath.toString();
|
|
154
135
|
throw messages.createError('NoAuditConfigFound', [formattedDirPath]);
|
|
155
136
|
}
|
|
156
137
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditConfigFileManager.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/auditConfigFileManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,
|
|
1
|
+
{"version":3,"file":"auditConfigFileManager.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/auditConfigFileManager.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAgB,MAAM,SAAS,CAAC;AACvC,OAAO,IAAI,MAAM,SAAS,CAAC;AAC3B,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,kBAAkB,EAAuB,UAAU,EAAe,MAAM,sBAAsB,CAAC;AAGxG,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAkB,EAAE,CAAC,kBAAkB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AAEtG;;;;;GAKG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,OAAe,EAAE,IAAoB,EAAQ,EAAE;IAC7E,kBAAkB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AACzC,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,OAAO,OAAO,sBAAsB;IACjC,kBAAkB,CAAC;IAE3B;QACE,IAAI,CAAC,kBAAkB,GAAG;YACxB,QAAQ,EAAE,UAAU;YACpB,eAAe,EAAE,kBAAkB;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAiB;QAC5B,MAAM,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;QACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,CAAC;QAC3C,qBAAqB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACrC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;;OAOG;IACI,IAAI,CAAC,aAAqB,EAAE,IAAoB;QACrD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;QAC/D,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;IACnD,CAAC;IAEO,WAAW,CACjB,OAAiB,EACjB,UAAgD;QAEhD,MAAM,YAAY,GAAwC,EAAE,CAAC;QAC7D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACrF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,UAAU,EAAE,GAAG,QAAQ,MAAM,CAAC,CAAC;YAC9E,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;gBAClE,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;gBACrD,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;YACjD,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,oBAAoB,CAAC,OAAsC,EAAE,aAAuB;QAC1F,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,iBAAiB,CAAC,CAAC;QACvE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,eAAe,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YACtD,MAAM,OAAO,GAAG,OAAO,CAAC,OAA8B,CAAC,CAAC;YACxD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,OAAO,MAAM,CAAC,CAAC;gBACzD,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,OAA+B,EAAE,aAAuB;QAC5E,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,EAAE,EAAE,UAAU,CAAC,CAAC;QAChE,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC;QACjD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,EAAE;YACtD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAsB,CAAC,CAAC;YAChD,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1C,6CAA6C;gBAC7C,QAAQ,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,OAAO,MAAM,CAAC,CAAC;gBACzD,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,oBAAoB,CAAC,IAAoB;QAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAChD,MAAM,SAAS,GAAG,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,UAAyB,CAAC,CAAC;YAC9E,IAAI,SAAS,EAAE,YAAY,EAAE,CAAC;gBAC5B,SAAS,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;oBAC5C,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;wBAC7C,MAAM,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;oBACnD,CAAC;gBACH,CAAC,CAAC,CAAC;YACL,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,gBAAgB,CAAC,QAAkB,EAAE,QAAiC;IAC7E,MAAM,GAAG,GAAG,sBAAsB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IACvD,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,sBAAsB,CAAC,aAAuB,EAAE,QAAiC;IACxF,IAAI,aAAa,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,sBAAsB,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAA4B,CAAC,CAAC;IAC/G,CAAC;SAAM,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;SAAM,CAAC;QACN,OAAO,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAoB,EAAE,OAAiB;IACpE,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5C,MAAM,gBAAgB,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;QACzG,MAAM,QAAQ,CAAC,WAAW,CAAC,oBAAoB,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACvE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,sBAAsB,EAAE,CAAC"}
|
|
@@ -19,11 +19,11 @@ declare const NamedPermissionsClassificationSchema: z.ZodObject<{
|
|
|
19
19
|
}, z.z.core.$strip>;
|
|
20
20
|
declare const PolicyRuleConfigSchema: z.ZodObject<{
|
|
21
21
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
22
|
-
|
|
22
|
+
options: z.ZodOptional<z.ZodUnknown>;
|
|
23
23
|
}, z.z.core.$strip>;
|
|
24
24
|
declare const RuleMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
25
25
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
26
|
-
|
|
26
|
+
options: z.ZodOptional<z.ZodUnknown>;
|
|
27
27
|
}, z.z.core.$strip>>;
|
|
28
28
|
declare const PermSetConfig: z.ZodObject<{
|
|
29
29
|
preset: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
@@ -31,18 +31,25 @@ declare const PermSetConfig: z.ZodObject<{
|
|
|
31
31
|
declare const PermSetMap: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
32
32
|
preset: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
33
33
|
}, z.z.core.$strip>>;
|
|
34
|
+
export declare const UsersPolicyConfig: z.ZodObject<{
|
|
35
|
+
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof ProfilesRiskPreset>>;
|
|
36
|
+
analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
|
|
37
|
+
}, z.z.core.$strip>;
|
|
38
|
+
export declare const NoInactiveUsersOptionsSchema: z.ZodObject<{
|
|
39
|
+
daysAfterUserIsInactive: z.ZodDefault<z.ZodNumber>;
|
|
40
|
+
}, z.z.core.$strip>;
|
|
34
41
|
export declare const PolicyFileSchema: z.ZodObject<{
|
|
35
42
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
36
43
|
rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
37
44
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
38
|
-
|
|
45
|
+
options: z.ZodOptional<z.ZodUnknown>;
|
|
39
46
|
}, z.z.core.$strip>>>;
|
|
40
47
|
}, z.z.core.$strip>;
|
|
41
48
|
export declare const ProfilesPolicyFileSchema: z.ZodObject<{
|
|
42
49
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
43
50
|
rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
44
51
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
45
|
-
|
|
52
|
+
options: z.ZodOptional<z.ZodUnknown>;
|
|
46
53
|
}, z.z.core.$strip>>>;
|
|
47
54
|
profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
48
55
|
preset: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
@@ -52,7 +59,7 @@ export declare const PermSetsPolicyFileSchema: z.ZodObject<{
|
|
|
52
59
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
53
60
|
rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
54
61
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
55
|
-
|
|
62
|
+
options: z.ZodOptional<z.ZodUnknown>;
|
|
56
63
|
}, z.z.core.$strip>>>;
|
|
57
64
|
permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
58
65
|
preset: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
@@ -65,14 +72,30 @@ export declare const PermissionsConfigFileSchema: z.ZodObject<{
|
|
|
65
72
|
classification: z.ZodEnum<typeof PermissionRiskLevel>;
|
|
66
73
|
}, z.z.core.$strip>>;
|
|
67
74
|
}, z.z.core.$strip>;
|
|
75
|
+
export declare const UsersPolicyFileSchema: z.ZodObject<{
|
|
76
|
+
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
77
|
+
rules: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
78
|
+
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
79
|
+
options: z.ZodOptional<z.ZodUnknown>;
|
|
80
|
+
}, z.z.core.$strip>>>;
|
|
81
|
+
users: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
82
|
+
role: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
83
|
+
}, z.z.core.$strip>>;
|
|
84
|
+
options: z.ZodObject<{
|
|
85
|
+
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof ProfilesRiskPreset>>;
|
|
86
|
+
analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
|
|
87
|
+
}, z.z.core.$strip>;
|
|
88
|
+
}, z.z.core.$strip>;
|
|
68
89
|
export type PermissionsClassification = z.infer<typeof PermissionsClassificationSchema>;
|
|
69
90
|
export type NamedPermissionsClassification = z.infer<typeof NamedPermissionsClassificationSchema>;
|
|
70
91
|
export type PermsClassificationsMap = z.infer<typeof PermsClassificationsMapSchema>;
|
|
71
92
|
export type PermissionsConfig = z.infer<typeof PermissionsConfigFileSchema>;
|
|
93
|
+
export type NoInactiveUsersOptions = z.infer<typeof NoInactiveUsersOptionsSchema>;
|
|
72
94
|
export type PolicyRuleConfig = z.infer<typeof PolicyRuleConfigSchema>;
|
|
73
95
|
export type BasePolicyFileContent = z.infer<typeof PolicyFileSchema>;
|
|
74
96
|
export type ProfilesPolicyFileContent = z.infer<typeof ProfilesPolicyFileSchema>;
|
|
75
97
|
export type PermSetsPolicyFileContent = z.infer<typeof PermSetsPolicyFileSchema>;
|
|
98
|
+
export type UsersPolicyFileContent = z.infer<typeof UsersPolicyFileSchema>;
|
|
76
99
|
export type PermissionSetConfig = z.infer<typeof PermSetConfig>;
|
|
77
100
|
export type PermissionSetLikeMap = z.infer<typeof PermSetMap>;
|
|
78
101
|
export type RuleMap = z.infer<typeof RuleMapSchema>;
|
|
@@ -81,18 +104,16 @@ export type ConfigFile<T> = {
|
|
|
81
104
|
content: T;
|
|
82
105
|
};
|
|
83
106
|
export type AuditRunConfigClassifications = {
|
|
84
|
-
[classificationName: string]: unknown;
|
|
85
107
|
userPermissions?: ConfigFile<PermissionsConfig>;
|
|
86
108
|
customPermissions?: ConfigFile<PermissionsConfig>;
|
|
87
109
|
};
|
|
88
110
|
export type AuditRunConfigPolicies = {
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
111
|
+
profiles?: ConfigFile<ProfilesPolicyFileContent>;
|
|
112
|
+
permissionSets?: ConfigFile<PermSetsPolicyFileContent>;
|
|
113
|
+
connectedApps?: ConfigFile<BasePolicyFileContent>;
|
|
114
|
+
users?: ConfigFile<UsersPolicyFileContent>;
|
|
93
115
|
};
|
|
94
116
|
export type AuditRunConfig = {
|
|
95
|
-
[configType: string]: unknown;
|
|
96
117
|
classifications: AuditRunConfigClassifications;
|
|
97
118
|
policies: AuditRunConfigPolicies;
|
|
98
119
|
};
|
|
@@ -16,13 +16,22 @@ const NamedPermissionsClassificationSchema = PermissionsClassificationSchema.ext
|
|
|
16
16
|
});
|
|
17
17
|
const PolicyRuleConfigSchema = z.object({
|
|
18
18
|
enabled: z.boolean().default(true),
|
|
19
|
-
|
|
19
|
+
options: z.unknown().optional(),
|
|
20
20
|
});
|
|
21
21
|
const RuleMapSchema = z.record(z.string(), PolicyRuleConfigSchema);
|
|
22
22
|
const PermSetConfig = z.object({
|
|
23
23
|
preset: z.enum(ProfilesRiskPreset),
|
|
24
24
|
});
|
|
25
25
|
const PermSetMap = z.record(z.string(), PermSetConfig);
|
|
26
|
+
const UserConfig = z.object({ role: z.enum(ProfilesRiskPreset) });
|
|
27
|
+
const UsersMap = z.record(z.string(), UserConfig);
|
|
28
|
+
export const UsersPolicyConfig = z.object({
|
|
29
|
+
defaultRoleForMissingUsers: z.enum(ProfilesRiskPreset).default(ProfilesRiskPreset.STANDARD_USER),
|
|
30
|
+
analyseLastNDaysOfLoginHistory: z.number().optional(),
|
|
31
|
+
});
|
|
32
|
+
export const NoInactiveUsersOptionsSchema = z.object({
|
|
33
|
+
daysAfterUserIsInactive: z.number().default(90),
|
|
34
|
+
});
|
|
26
35
|
// FILE CONTENT SCHEMATA
|
|
27
36
|
export const PolicyFileSchema = z.object({
|
|
28
37
|
enabled: z.boolean().default(true),
|
|
@@ -37,6 +46,10 @@ export const PermSetsPolicyFileSchema = PolicyFileSchema.extend({
|
|
|
37
46
|
export const PermissionsConfigFileSchema = z.object({
|
|
38
47
|
permissions: z.record(z.string(), PermissionsClassificationSchema),
|
|
39
48
|
});
|
|
49
|
+
export const UsersPolicyFileSchema = PolicyFileSchema.extend({
|
|
50
|
+
users: UsersMap,
|
|
51
|
+
options: UsersPolicyConfig,
|
|
52
|
+
});
|
|
40
53
|
export function isPermissionsConfig(cls) {
|
|
41
54
|
return cls.content?.permissions !== undefined;
|
|
42
55
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACnC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;AAElE,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAElD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,0BAA0B,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChG,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IACnD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAChD,CAAC,CAAC;AAEH,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3D,KAAK,EAAE,QAAQ;IACf,OAAO,EAAE,iBAAiB;CAC3B,CAAC,CAAC;AA+CH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,OAAQ,GAAqC,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AACnF,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
|
|
2
|
+
import { AuditContext } from '../registries/types.js';
|
|
3
|
+
import { ResolvedConnectedApp } from '../registries/connectedApps.js';
|
|
4
|
+
import Policy, { ResolveEntityResult } from './policy.js';
|
|
5
|
+
export default class ConnectedAppPolicy extends Policy<ResolvedConnectedApp> {
|
|
6
|
+
config: BasePolicyFileContent;
|
|
7
|
+
auditConfig: AuditRunConfig;
|
|
8
|
+
constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/connectedApps.js").default);
|
|
9
|
+
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedConnectedApp>>;
|
|
10
|
+
}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
|
-
import { CONNECTED_APPS_QUERY, OAUTH_TOKEN_QUERY } from '../
|
|
2
|
-
import {
|
|
3
|
-
import MDAPI from '../
|
|
1
|
+
import { CONNECTED_APPS_QUERY, OAUTH_TOKEN_QUERY } from '../constants.js';
|
|
2
|
+
import { ConnectedAppsRegistry } from '../registries/connectedApps.js';
|
|
3
|
+
import MDAPI from '../mdapi/mdapiRetriever.js';
|
|
4
4
|
import Policy, { getTotal } from './policy.js';
|
|
5
5
|
export default class ConnectedAppPolicy extends Policy {
|
|
6
6
|
config;
|
|
7
7
|
auditConfig;
|
|
8
|
-
constructor(config, auditConfig, registry =
|
|
8
|
+
constructor(config, auditConfig, registry = ConnectedAppsRegistry) {
|
|
9
9
|
super(config, auditConfig, registry);
|
|
10
10
|
this.config = config;
|
|
11
11
|
this.auditConfig = auditConfig;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"connectedAppPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/connectedAppPolicy.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAE1E,OAAO,EAAE,qBAAqB,EAAwB,MAAM,gCAAgC,CAAC;AAC7F,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAC/C,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAGpE,MAAM,CAAC,OAAO,OAAO,kBAAmB,SAAQ,MAA4B;IAEjE;IACA;IAFT,YACS,MAA6B,EAC7B,WAA2B,EAClC,QAAQ,GAAG,qBAAqB;QAEhC,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;IAIpC,CAAC;IAED,kDAAkD;IACxC,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,oBAAoB,GAAyC,EAAE,CAAC;QACtE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,WAAW,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC3D,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,CAAC;YACR,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,KAAK,CAAe,oBAAoB,CAAC,CAAC;QAClG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,aAAa,CAAC,SAAS;YAC9B,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;YAC7C,oBAAoB,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG;gBACxC,IAAI,EAAE,YAAY,CAAC,IAAI;gBACvB,MAAM,EAAE,WAAW;gBACnB,6BAA6B,EAAE,YAAY,CAAC,kCAAkC;gBAC9E,2BAA2B,EAAE,KAAK;gBAClC,QAAQ,EAAE,CAAC;gBACX,KAAK,EAAE,EAAE;aACV,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,mBAAmB,CAAC,KAAK,CAAa,iBAAiB,CAAC,CAAC;QAC/F,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;YACxC,IAAI,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,SAAS,EAAE,CAAC;gBACtD,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG;oBACpC,IAAI,EAAE,KAAK,CAAC,OAAO;oBACnB,MAAM,EAAE,YAAY;oBACpB,6BAA6B,EAAE,KAAK;oBACpC,2BAA2B,EAAE,KAAK;oBAClC,QAAQ,EAAE,KAAK,CAAC,QAAQ;oBACxB,KAAK,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC;iBAC7B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC;gBAC/D,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;oBAC7E,oBAAoB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,MAAM;YAC/C,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,IAAI,2BAA2B,GAAG,KAAK,CAAC;QACxC,MAAM,wBAAwB,GAAG,MAAM,WAAW,CAAC,gBAAgB,CAAC,sBAAsB,CAAC,CAAC;QAC5F,IAAI,wBAAwB,IAAI,wBAAwB,CAAC,2BAA2B,EAAE,CAAC;YACrF,2BAA2B,GAAG,IAAI,CAAC;QACrC,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,EAAE;YACrD,6CAA6C;YAC7C,MAAM,CAAC,2BAA2B,GAAG,2BAA2B,CAAC;QACnE,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,QAAQ,CAAC,MAAM,CAAC;YACvB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,8DAA8D;QAC9D,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { AuditRunConfig, PermSetsPolicyFileContent } from '../file-mgmt/schema.js';
|
|
2
|
+
import { AuditContext } from '../registries/types.js';
|
|
3
|
+
import { ResolvedPermissionSet } from '../registries/permissionSets.js';
|
|
4
|
+
import Policy, { ResolveEntityResult } from './policy.js';
|
|
5
|
+
export default class PermissionSetPolicy extends Policy<ResolvedPermissionSet> {
|
|
6
|
+
config: PermSetsPolicyFileContent;
|
|
7
|
+
auditContext: AuditRunConfig;
|
|
8
|
+
private totalEntities;
|
|
9
|
+
constructor(config: PermSetsPolicyFileContent, auditContext: AuditRunConfig, registry?: import("../registries/permissionSets.js").default);
|
|
10
|
+
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedPermissionSet>>;
|
|
11
|
+
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
|
-
import MDAPI from '../
|
|
3
|
-
import {
|
|
4
|
-
import {
|
|
2
|
+
import MDAPI from '../mdapi/mdapiRetriever.js';
|
|
3
|
+
import { ProfilesRiskPreset } from '../policy-types.js';
|
|
4
|
+
import { PermissionSetsRegistry } from '../registries/permissionSets.js';
|
|
5
5
|
import Policy, { getTotal } from './policy.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
7
7
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
|
|
@@ -9,7 +9,7 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
9
9
|
config;
|
|
10
10
|
auditContext;
|
|
11
11
|
totalEntities;
|
|
12
|
-
constructor(config, auditContext, registry =
|
|
12
|
+
constructor(config, auditContext, registry = PermissionSetsRegistry) {
|
|
13
13
|
super(config, auditContext, registry);
|
|
14
14
|
this.config = config;
|
|
15
15
|
this.auditContext = auditContext;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAG/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAA6B;IAGnE;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,YAA4B,EACnC,QAAQ,GAAG,sBAAsB;QAEjC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAJ/B,WAAM,GAAN,MAAM,CAA2B;QACjC,iBAAY,GAAZ,YAAY,CAAgB;QAInC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACvG,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAA0C,EAAE,CAAC;QACvE,MAAM,UAAU,GAAuC,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAC9C,eAAe,EACf,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CACtD,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YAChE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,QAAQ,EAAE,CAAC;gBACb,oBAAoB,CAAC,GAAG,CAAC,GAAG;oBAC1B,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM;oBAC9C,IAAI,EAAE,GAAG;iBACV,CAAC;YACJ,CAAC;iBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;gBACnD,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBAC9C,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;gBACtG,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,yBAAyB,CAAC,QAA8B;IAC/D,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;QAC9C,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAC9C,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
|
@@ -1,23 +1,23 @@
|
|
|
1
1
|
import EventEmitter from 'node:events';
|
|
2
|
-
import { AuditPolicyResult, EntityResolveError } from '../
|
|
3
|
-
import { AuditRunConfig, BasePolicyFileContent } from '../
|
|
4
|
-
import RuleRegistry, { RegistryRuleResolveResult } from '../
|
|
5
|
-
import { AuditContext, IPolicy } from '../
|
|
6
|
-
export type ResolveEntityResult = {
|
|
7
|
-
resolvedEntities: Record<string,
|
|
2
|
+
import { AuditPolicyResult, EntityResolveError } from '../result-types.js';
|
|
3
|
+
import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
|
|
4
|
+
import RuleRegistry, { RegistryRuleResolveResult } from '../registries/ruleRegistry.js';
|
|
5
|
+
import { AuditContext, IPolicy } from '../registries/types.js';
|
|
6
|
+
export type ResolveEntityResult<T> = {
|
|
7
|
+
resolvedEntities: Record<string, T>;
|
|
8
8
|
ignoredEntities: EntityResolveError[];
|
|
9
9
|
};
|
|
10
|
-
export default abstract class Policy extends EventEmitter implements IPolicy {
|
|
10
|
+
export default abstract class Policy<T> extends EventEmitter implements IPolicy {
|
|
11
11
|
config: BasePolicyFileContent;
|
|
12
12
|
auditConfig: AuditRunConfig;
|
|
13
13
|
protected registry: RuleRegistry;
|
|
14
14
|
protected resolvedRules: RegistryRuleResolveResult;
|
|
15
|
-
protected entities?: ResolveEntityResult
|
|
15
|
+
protected entities?: ResolveEntityResult<T>;
|
|
16
16
|
constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry: RuleRegistry);
|
|
17
17
|
/**
|
|
18
18
|
* Resolves all entities of the policy.
|
|
19
19
|
*/
|
|
20
|
-
resolve(context: AuditContext): Promise<ResolveEntityResult
|
|
20
|
+
resolve(context: AuditContext): Promise<ResolveEntityResult<T>>;
|
|
21
21
|
/**
|
|
22
22
|
* Runs all rules of a policy. If the entities are not yet resolved, they are
|
|
23
23
|
* resolved on the fly before rules are executed.
|
|
@@ -26,6 +26,6 @@ export default abstract class Policy extends EventEmitter implements IPolicy {
|
|
|
26
26
|
* @returns
|
|
27
27
|
*/
|
|
28
28
|
run(context: AuditContext): Promise<AuditPolicyResult>;
|
|
29
|
-
protected abstract resolveEntities(context: AuditContext): Promise<ResolveEntityResult
|
|
29
|
+
protected abstract resolveEntities(context: AuditContext): Promise<ResolveEntityResult<T>>;
|
|
30
30
|
}
|
|
31
|
-
export declare function getTotal(resolveResult: ResolveEntityResult): number;
|
|
31
|
+
export declare function getTotal(resolveResult: ResolveEntityResult<unknown>): number;
|
|
@@ -16,6 +16,11 @@ export default class Policy extends EventEmitter {
|
|
|
16
16
|
* Resolves all entities of the policy.
|
|
17
17
|
*/
|
|
18
18
|
async resolve(context) {
|
|
19
|
+
// when a policy is disabled, we still want to appear it in audit results
|
|
20
|
+
// as disabled with 0 resolved entities and 0 executed rules
|
|
21
|
+
if (!this.config.enabled) {
|
|
22
|
+
return { resolvedEntities: {}, ignoredEntities: [] };
|
|
23
|
+
}
|
|
19
24
|
if (!this.entities) {
|
|
20
25
|
this.entities = await this.resolveEntities(context);
|
|
21
26
|
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAUvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAKjD;IACA;IACG;IANF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACS,MAA6B,EAC7B,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QAJD,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,GAAG,CAAC,OAAqB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,OAAO,EAAE,KAAK;gBACd,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,EAAE;gBACnB,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,kBAAkB,GAAG,KAAK,EAAoC,CAAC;QACrE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,aAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACtG,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAI,UAAU,EAAE,aAAa,CAAC,CAAC;YACnG,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG;gBACnC,GAAG,UAAU;gBACb,WAAW,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBAC/C,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI;YACb,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAAgC;IAEhC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,aAA2C;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { AuditRunConfig, ProfilesPolicyFileContent } from '../file-mgmt/schema.js';
|
|
2
|
+
import { AuditContext } from '../registries/types.js';
|
|
3
|
+
import { ResolvedProfile } from '../registries/profiles.js';
|
|
4
|
+
import Policy, { ResolveEntityResult } from './policy.js';
|
|
5
|
+
export default class ProfilePolicy extends Policy<ResolvedProfile> {
|
|
6
|
+
config: ProfilesPolicyFileContent;
|
|
7
|
+
auditConfig: AuditRunConfig;
|
|
8
|
+
private totalEntities;
|
|
9
|
+
constructor(config: ProfilesPolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/profiles.js").default);
|
|
10
|
+
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedProfile>>;
|
|
11
|
+
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { Messages } from '@salesforce/core';
|
|
2
|
-
import MDAPI from '../
|
|
3
|
-
import {
|
|
4
|
-
import {
|
|
2
|
+
import MDAPI from '../mdapi/mdapiRetriever.js';
|
|
3
|
+
import { ProfilesRiskPreset } from '../policy-types.js';
|
|
4
|
+
import { ProfilesRegistry } from '../registries/profiles.js';
|
|
5
5
|
import Policy, { getTotal } from './policy.js';
|
|
6
6
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
7
7
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
|
|
@@ -9,7 +9,7 @@ export default class ProfilePolicy extends Policy {
|
|
|
9
9
|
config;
|
|
10
10
|
auditConfig;
|
|
11
11
|
totalEntities;
|
|
12
|
-
constructor(config, auditConfig, registry =
|
|
12
|
+
constructor(config, auditConfig, registry = ProfilesRegistry) {
|
|
13
13
|
super(config, auditConfig, registry);
|
|
14
14
|
this.config = config;
|
|
15
15
|
this.auditConfig = auditConfig;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAuB;IAGvD;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,WAA2B,EAClC,QAAQ,GAAG,gBAAgB;QAE3B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAA2B;QACjC,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QACtD,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YACvE,IAAI,UAAU,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACrD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAC5E,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,oBAAoB,CAAC,WAAW,CAAC,GAAG;oBAClC,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,kBAAkB,CAAC,WAAW,CAAC,CAAC,MAAM;oBAC9C,QAAQ,EAAE,eAAe;iBAC1B,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -18,6 +18,9 @@ export type OauthToken = Record & {
|
|
|
18
18
|
};
|
|
19
19
|
export type User = Record & {
|
|
20
20
|
Username: string;
|
|
21
|
+
LastLoginDate?: string;
|
|
22
|
+
CreatedDate: string;
|
|
23
|
+
Profile: ProfileBasic;
|
|
21
24
|
};
|
|
22
25
|
export type Profile = ProfileBasic & {
|
|
23
26
|
Metadata: JsForceProfile;
|
|
@@ -36,4 +39,15 @@ export type PermissionSet = Record & {
|
|
|
36
39
|
Profile: ProfileBasic;
|
|
37
40
|
NamespacePrefix?: string;
|
|
38
41
|
};
|
|
42
|
+
export type PermissionSetAssignment = Record & {
|
|
43
|
+
AssigneeId: string;
|
|
44
|
+
PermissionSet: Pick<PermissionSet, 'Name'>;
|
|
45
|
+
};
|
|
46
|
+
export type UserLoginsAggregate = Record & {
|
|
47
|
+
LoginType: string;
|
|
48
|
+
Application: string;
|
|
49
|
+
UserId: string;
|
|
50
|
+
LoginCount: number;
|
|
51
|
+
LastLogin: string;
|
|
52
|
+
};
|
|
39
53
|
export {};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"salesforceStandardTypes.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/salesforceStandardTypes.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { AuditRunConfig, UsersPolicyFileContent } from '../file-mgmt/schema.js';
|
|
2
|
+
import { AuditContext } from '../registries/types.js';
|
|
3
|
+
import { ResolvedUser } from '../registries/users.js';
|
|
4
|
+
import Policy, { ResolveEntityResult } from './policy.js';
|
|
5
|
+
export default class UserPolicy extends Policy<ResolvedUser> {
|
|
6
|
+
config: UsersPolicyFileContent;
|
|
7
|
+
auditConfig: AuditRunConfig;
|
|
8
|
+
private totalEntities;
|
|
9
|
+
constructor(config: UsersPolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/users.js").default);
|
|
10
|
+
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedUser>>;
|
|
11
|
+
}
|