npm - @j-schreiber/sf-cli-security-audit - Versions diffs - 0.8.1 → 0.8.3 - Mend

@j-schreiber/sf-cli-security-audit 0.8.1 → 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/lib/commands/org/audit/init.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { SfCommand } from '@salesforce/sf-plugins-core';
+import { AuditRunConfig } from '../../../libs/core/file-mgmt/schema.js';
+import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
+export type OrgAuditInitResult = AuditRunConfig;
+export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
+    static readonly summary: string;
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly flags: {
+        'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
+        'output-dir': import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        preset: import("@oclif/core/interfaces").OptionFlag<AuditInitPresets, import("@oclif/core/interfaces").CustomOptions>;
+        'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<OrgAuditInitResult>;
+    private printResults;
+    private printClassifications;
+    private printPolicies;
+}

package/lib/commands/org/audit/init.js ADDED Viewed

@@ -0,0 +1,72 @@
+import { SfCommand, Flags } from '@salesforce/sf-plugins-core';
+import { Messages } from '@salesforce/core';
+import AuditConfig from '../../../libs/conf-init/auditConfig.js';
+import { isPermissionsConfig, isPolicyConfig, } from '../../../libs/core/file-mgmt/schema.js';
+import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
+import { capitalize } from '../../../libs/core/utils.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.init');
+const presetFlag = Flags.custom({
+    char: 'p',
+    summary: messages.getMessage('flags.preset.summary'),
+    description: messages.getMessage('flags.preset.description'),
+    options: Object.values(AuditInitPresets),
+    default: AuditInitPresets.strict,
+})();
+export default class OrgAuditInit extends SfCommand {
+    static summary = messages.getMessage('summary');
+    static description = messages.getMessage('description');
+    static examples = messages.getMessages('examples');
+    static flags = {
+        'target-org': Flags.requiredOrg({
+            summary: messages.getMessage('flags.target-org.summary'),
+            char: 'o',
+            required: true,
+        }),
+        'output-dir': Flags.directory({
+            required: false,
+            char: 'd',
+            summary: messages.getMessage('flags.output-dir.summary'),
+            default: '',
+        }),
+        preset: presetFlag,
+        'api-version': Flags.orgApiVersion(),
+    };
+    async run() {
+        const { flags } = await this.parse(OrgAuditInit);
+        const auditConfig = await AuditConfig.init(flags['target-org'].getConnection(flags['api-version']), {
+            targetDir: flags['output-dir'],
+            preset: flags.preset,
+        });
+        this.printResults(auditConfig);
+        return auditConfig;
+    }
+    printResults(config) {
+        this.printClassifications(config.classifications);
+        this.printPolicies(config.policies);
+    }
+    printClassifications(classifications) {
+        Object.values(classifications).forEach((def) => {
+            if (isPermissionsConfig(def)) {
+                const perms = def.content.permissions ? Object.entries(def.content.permissions) : [];
+                if (perms.length > 0) {
+                    this.logSuccess(messages.getMessage('success.perm-classification-summary', [perms.length ?? 0, def.filePath]));
+                }
+            }
+        });
+    }
+    printPolicies(policies) {
+        Object.entries(policies).forEach(([name, def]) => {
+            if (isPolicyConfig(def)) {
+                if (def.filePath) {
+                    this.logSuccess(messages.getMessage('success.policy-summary', [
+                        capitalize(name),
+                        Object.keys(def.content.rules).length ?? 0,
+                        def.filePath,
+                    ]));
+                }
+            }
+        });
+    }
+}
+//# sourceMappingURL=init.js.map

package/lib/commands/org/audit/init.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,wCAAwC,CAAC;AACjE,OAAO,EAIL,mBAAmB,EACnB,cAAc,GACf,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAI/F,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAmB;IAChD,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC;IACpD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;IAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;IACxC,OAAO,EAAE,gBAAgB,CAAC,MAAM;CACjC,CAAC,EAAE,CAAC;AAEL,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,SAA6B;IAC9D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,EAAE,UAAU;QAClB,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE;YAClG,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC;YAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;SACrB,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,eAA8C;QACzE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7C,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAC9F,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAgC;QACpD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;YAC/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE;wBAC5C,UAAU,CAAC,IAAI,CAAC;wBAChB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC;wBAC1C,GAAG,CAAC,QAAQ;qBACb,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC"}

package/lib/commands/org/audit/run.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { Interfaces } from '@oclif/core';
+import { SfCommand } from '@salesforce/sf-plugins-core';
+import { AuditResult } from '../../../libs/core/result-types.js';
+export declare const MERGE_CHAR = " \u2022 ";
+export type OrgAuditRunResult = AuditResult & {
+    filePath: string;
+};
+export default class OrgAuditRun extends SfCommand<OrgAuditRunResult> {
+    static readonly summary: string;
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly flags: {
+        'target-org': Interfaces.OptionFlag<import("@salesforce/core").Org, Interfaces.CustomOptions>;
+        'source-dir': Interfaces.OptionFlag<string, Interfaces.CustomOptions>;
+        'api-version': Interfaces.OptionFlag<string | undefined, Interfaces.CustomOptions>;
+    };
+    run(): Promise<OrgAuditRunResult>;
+    private printResults;
+    private printPoliciesSummary;
+    private printExecutedRulesSummary;
+    private printRuleViolations;
+    private writeReport;
+}

package/lib/commands/org/audit/run.js ADDED Viewed

@@ -0,0 +1,124 @@
+import { writeFileSync } from 'node:fs';
+import path from 'node:path';
+import { SfCommand, Flags, StandardColors } from '@salesforce/sf-plugins-core';
+import { Messages } from '@salesforce/core';
+import { startAuditRun } from '../../../libs/core/auditRun.js';
+import AuditRunMultiStageOutput from '../../../ux/auditRunMultiStage.js';
+import { capitalize } from '../../../libs/core/utils.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
+export const MERGE_CHAR = ' \u2022 ';
+export default class OrgAuditRun extends SfCommand {
+    static summary = messages.getMessage('summary');
+    static description = messages.getMessage('description');
+    static examples = messages.getMessages('examples');
+    static flags = {
+        'target-org': Flags.requiredOrg({
+            summary: messages.getMessage('flags.target-org.summary'),
+            char: 'o',
+            required: true,
+        }),
+        'source-dir': Flags.directory({
+            required: false,
+            char: 'd',
+            summary: messages.getMessage('flags.source-dir.summary'),
+            default: '',
+        }),
+        'api-version': Flags.orgApiVersion(),
+    };
+    async run() {
+        const { flags } = await this.parse(OrgAuditRun);
+        const stageOutput = AuditRunMultiStageOutput.create({
+            directoryRootPath: flags['source-dir'],
+            targetOrg: flags['target-org'].getUsername() ?? flags['target-org'].getOrgId(),
+            jsonEnabled: flags.json,
+        });
+        stageOutput.start();
+        const auditRun = startAuditRun(flags['source-dir']);
+        stageOutput.startPolicyResolve(auditRun);
+        await auditRun.resolve(flags['target-org'].getConnection(flags['api-version']));
+        stageOutput.startRuleExecution();
+        const partialResult = await auditRun.execute(flags['target-org'].getConnection(flags['api-version']));
+        const result = { orgId: flags['target-org'].getOrgId(), ...partialResult };
+        stageOutput.finish();
+        this.printResults(result);
+        const filePath = this.writeReport(result, flags);
+        return { ...result, filePath };
+    }
+    printResults(result) {
+        this.printPoliciesSummary(result);
+        for (const [policyName, policyDetails] of Object.entries(result.policies)) {
+            this.printExecutedRulesSummary(policyName, policyDetails);
+            this.printRuleViolations(policyDetails.executedRules);
+        }
+    }
+    printPoliciesSummary(result) {
+        const polSummaries = transposePoliciesToTable(result);
+        if (result.isCompliant) {
+            this.logSuccess(messages.getMessage('success.all-policies-compliant'));
+            this.log('');
+        }
+        else {
+            this.log(StandardColors.error(messages.getMessage('summary-non-compliant')));
+            this.log('');
+        }
+        this.table({ data: polSummaries, title: '=== Summary ===', titleOptions: { bold: true } });
+    }
+    printExecutedRulesSummary(policyName, policyDetails) {
+        if (!policyDetails.enabled) {
+            return;
+        }
+        const rulesSummary = transposeExecutedPolicyRules(policyDetails);
+        if (rulesSummary.length > 0) {
+            this.table({
+                data: rulesSummary,
+                title: `--- Executed Rules for ${capitalize(policyName)} ---`,
+                titleOptions: { underline: true },
+            });
+        }
+    }
+    printRuleViolations(executedRules) {
+        for (const uncompliantRule of Object.values(executedRules).filter((ruleDetails) => !ruleDetails.isCompliant)) {
+            this.table({
+                data: uncompliantRule.violations.map((viol) => ({
+                    ...viol,
+                    identifier: typeof viol.identifier === 'string' ? viol.identifier : viol.identifier.join(MERGE_CHAR),
+                })),
+                title: `Violations for ${uncompliantRule.ruleName}`,
+            });
+        }
+    }
+    writeReport(result, flags) {
+        const fileName = `report_${flags['target-org'].getOrgId()}_${Date.now()}.json`;
+        const fullPath = path.join(flags['source-dir'], fileName);
+        writeFileSync(fullPath, JSON.stringify(result, null, 2));
+        this.info(messages.getMessage('info.report-file-location', [fullPath]));
+        return fullPath;
+    }
+}
+function transposePoliciesToTable(result) {
+    return Object.entries(result.policies)
+        .filter(([, policyDetails]) => policyDetails.enabled)
+        .map(([policyName, policyDetails]) => {
+        const rulesExecuted = policyDetails?.executedRules ? Object.keys(policyDetails.executedRules).length : 0;
+        return {
+            policy: capitalize(policyName),
+            isCompliant: policyDetails.isCompliant,
+            rulesExecuted,
+            auditedEntities: policyDetails.auditedEntities?.length ?? 0,
+            ignoredEntities: policyDetails.ignoredEntities?.length ?? 0,
+        };
+    });
+}
+function transposeExecutedPolicyRules(result) {
+    return Object.entries(result.executedRules).map(([ruleName, ruleDetails]) => ({
+        rule: ruleName,
+        isCompliant: ruleDetails.isCompliant,
+        compliantEntities: ruleDetails.compliantEntities?.length ?? 0,
+        violatedEntities: ruleDetails.violatedEntities?.length ?? 0,
+        violations: ruleDetails.violations.length,
+        warnings: ruleDetails.warnings.length,
+        errors: ruleDetails.errors.length,
+    }));
+}
+//# sourceMappingURL=run.js.map

package/lib/commands/org/audit/run.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QACpD,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAChF,WAAW,CAAC,kBAAkB,EAAE,CAAC;QACjC,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QACtG,MAAM,MAAM,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,aAAa,EAAE,CAAC;QAC3E,WAAW,CAAC,MAAM,EAAE,CAAC;QACrB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB;QACtC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7D,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD;QAClF,KAAK,MAAM,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;oBAC9C,GAAG,IAAI;oBACP,UAAU,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC;iBACrG,CAAC,CAAC;gBACH,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAkBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACnC,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,OAAO;YACL,MAAM,EAAE,UAAU,CAAC,UAAU,CAAC;YAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC"}

package/lib/commands/org/scan/user-perms.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { SfCommand } from '@salesforce/sf-plugins-core';
+import { QuickScanResult } from '../../../libs/quick-scan/types.js';
+import { EntityScanStatus } from '../../../libs/quick-scan/userPermissionScanner.js';
+export type OrgUserPermScanResult = QuickScanResult;
+export default class OrgUserPermScan extends SfCommand<OrgUserPermScanResult> {
+    static readonly summary: string;
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly flags: {
+        name: import("@oclif/core/interfaces").OptionFlag<string[], import("@oclif/core/interfaces").CustomOptions>;
+        'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
+        'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<OrgUserPermScanResult>;
+    private reportProgress;
+    private print;
+    private printSummary;
+    private printPermissionResults;
+}
+export declare function isEntityStatus(cls: unknown): cls is EntityScanStatus;

package/lib/commands/org/scan/user-perms.js ADDED Viewed

@@ -0,0 +1,87 @@
+import { SfCommand, Flags } from '@salesforce/sf-plugins-core';
+import { Messages } from '@salesforce/core';
+import UserPermissionScanner from '../../../libs/quick-scan/userPermissionScanner.js';
+import { capitalize } from '../../../libs/core/utils.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.scan.user-perms');
+export default class OrgUserPermScan extends SfCommand {
+    static summary = messages.getMessage('summary');
+    static description = messages.getMessage('description');
+    static examples = messages.getMessages('examples');
+    static flags = {
+        name: Flags.string({
+            summary: messages.getMessage('flags.name.summary'),
+            description: messages.getMessage('flags.name.description'),
+            char: 'n',
+            multiple: true,
+            required: true,
+        }),
+        'target-org': Flags.requiredOrg({
+            summary: messages.getMessage('flags.target-org.summary'),
+            char: 'o',
+            required: true,
+        }),
+        'api-version': Flags.orgApiVersion(),
+    };
+    async run() {
+        const { flags } = await this.parse(OrgUserPermScan);
+        const scanner = new UserPermissionScanner();
+        scanner.on('progress', this.reportProgress);
+        const result = await scanner.quickScan({
+            targetOrg: flags['target-org'].getConnection(flags['api-version']),
+            permissions: flags.name,
+        });
+        this.print(result);
+        return result;
+    }
+    reportProgress = (event) => {
+        if (event.status === 'Pending') {
+            this.spinner.start('Scanning');
+        }
+        const counters = [];
+        Object.entries(event).forEach(([propName, entityStatus]) => {
+            if (isEntityStatus(entityStatus)) {
+                counters.push(`${capitalize(propName)} (${entityStatus.resolved}/${entityStatus.total})`);
+            }
+        });
+        this.spinner.status = counters.join(' | ');
+        if (event.status === 'Completed') {
+            this.spinner.stop();
+            this.logSuccess(messages.getMessage('success.scanned-entities-count', [event.profiles.total, event.permissionSets.total]));
+            this.log();
+        }
+    };
+    print(result) {
+        this.printSummary(result);
+        Object.entries(result.permissions).forEach(([permName, permResult]) => {
+            this.printPermissionResults(permName, permResult);
+        });
+    }
+    printSummary(result) {
+        const data = [];
+        Object.entries(result.permissions).forEach(([permissionName, permResult]) => {
+            data.push({
+                permissionName,
+                profiles: permResult.profiles.length,
+                permissionSets: permResult.permissionSets.length,
+            });
+        });
+        this.table({ data, title: '=== Summary ===', titleOptions: { bold: true } });
+    }
+    printPermissionResults(permissionName, result) {
+        const data = [];
+        result.profiles.forEach((entityName) => {
+            data.push({ entityName, type: 'Profile' });
+        });
+        result.permissionSets.forEach((entityName) => {
+            data.push({ entityName, type: 'Permission Set' });
+        });
+        if (data.length > 0) {
+            this.table({ data, title: permissionName, titleOptions: { underline: true } });
+        }
+    }
+}
+export function isEntityStatus(cls) {
+    return cls.total !== undefined && cls.resolved !== undefined;
+}
+//# sourceMappingURL=user-perms.js.map

package/lib/commands/org/scan/user-perms.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"user-perms.js","sourceRoot":"","sources":["../../../../src/commands/org/scan/user-perms.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,qBAGN,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAIpG,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,SAAgC;IACpE,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oBAAoB,CAAC;YAClD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;YAC1D,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,qBAAqB,EAAE,CAAC;QAC5C,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC;YACrC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAClE,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,cAAc,GAAG,CAAC,KAAsB,EAAQ,EAAE;QACxD,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QACD,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,EAAE;YACzD,IAAI,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,QAAS,IAAI,YAAY,CAAC,KAAM,GAAG,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,gCAAgC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAC1G,CAAC;YACF,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,CAAC;IACH,CAAC,CAAC;IAEM,KAAK,CAAC,MAAuB;QACnC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACpE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,MAAuB;QAC1C,MAAM,IAAI,GAAgF,EAAE,CAAC;QAC7F,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1E,IAAI,CAAC,IAAI,CAAC;gBACR,cAAc;gBACd,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,MAAM;gBACpC,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,MAAM;aACjD,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC/E,CAAC;IAEO,sBAAsB,CAAC,cAAsB,EAAE,MAA4B;QACjF,MAAM,IAAI,GAAgD,EAAE,CAAC;QAC7D,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACrC,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC3C,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;;AAGH,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAwB,CAAC,KAAK,KAAK,SAAS,IAAK,GAAwB,CAAC,QAAQ,KAAK,SAAS,CAAC;AAC3G,CAAC"}

package/lib/libs/conf-init/auditConfig.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { Connection } from '@salesforce/core';
+import { AuditRunConfig } from '../core/file-mgmt/schema.js';
+import { AuditInitPresets } from './presets.js';
+/**
+ * Additional options how the config should be initialised.
+ */
+export type AuditInitOptions = {
+    /**
+     * When set, config files are created at the target location.
+     */
+    targetDir?: string;
+    /**
+     * An optional preset to initialise classifications and policies.
+     */
+    preset?: AuditInitPresets;
+};
+/**
+ * Exposes key functionality to load an audit config as static methods. This makes
+ * it easy to mock the results during tests.
+ */
+export default class AuditConfig {
+    /**
+     * Initialise a new audit config from target org and writes
+     * files to the destination directory.
+     *
+     * @param con
+     */
+    static init(targetCon: Connection, opts?: AuditInitOptions): Promise<AuditRunConfig>;
+    /**
+     * Loads an existing audit config from a source directory
+     *
+     * @param sourceDir
+     */
+    static load(sourceDir: string): AuditRunConfig;
+}

package/lib/libs/conf-init/auditConfig.js ADDED Viewed

@@ -0,0 +1,41 @@
+import { DefaultFileManager } from '../core/file-mgmt/auditConfigFileManager.js';
+import { initCustomPermissions, initUserPermissions } from './permissionsClassification.js';
+import { initConnectedApps, initPermissionSets, initProfiles, initUsers } from './policyConfigs.js';
+/**
+ * Exposes key functionality to load an audit config as static methods. This makes
+ * it easy to mock the results during tests.
+ */
+export default class AuditConfig {
+    /**
+     * Initialise a new audit config from target org and writes
+     * files to the destination directory.
+     *
+     * @param con
+     */
+    static async init(targetCon, opts) {
+        const conf = { classifications: {}, policies: {} };
+        conf.classifications.userPermissions = { content: await initUserPermissions(targetCon, opts?.preset) };
+        const customPerms = await initCustomPermissions(targetCon);
+        if (customPerms) {
+            conf.classifications.customPermissions = { content: customPerms };
+        }
+        conf.policies.profiles = { content: await initProfiles(targetCon) };
+        conf.policies.permissionSets = { content: await initPermissionSets(targetCon) };
+        conf.policies.users = { content: await initUsers(targetCon) };
+        conf.policies.connectedApps = { content: initConnectedApps() };
+        // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+        if (opts?.targetDir || opts?.targetDir === '') {
+            DefaultFileManager.save(opts.targetDir, conf);
+        }
+        return conf;
+    }
+    /**
+     * Loads an existing audit config from a source directory
+     *
+     * @param sourceDir
+     */
+    static load(sourceDir) {
+        return DefaultFileManager.parse(sourceDir);
+    }
+}
+//# sourceMappingURL=auditConfig.js.map

package/lib/libs/conf-init/auditConfig.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAiBpG;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,IAAI,GAAmB,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,eAAe,GAAG,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;QACvG,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,eAAe,CAAC,iBAAiB,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,IAAI,CAAC,QAAQ,CAAC,KAAK,GAAG,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9D,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,CAAC;QAC/D,wEAAwE;QACxE,IAAI,IAAI,EAAE,SAAS,IAAI,IAAI,EAAE,SAAS,KAAK,EAAE,EAAE,CAAC;YAC9C,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,IAAI,CAAC,SAAiB;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;CACF"}

package/lib/libs/conf-init/permissionsClassification.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { Connection } from '@salesforce/core';
+import { PermissionsConfig } from '../core/file-mgmt/schema.js';
+import { AuditInitPresets } from './presets.js';
+/**
+ * Initialises a fresh set of user permissions from target org connection.
+ *
+ * @param con
+ * @returns
+ */
+export declare function initUserPermissions(con: Connection, preset?: AuditInitPresets): Promise<PermissionsConfig>;
+/**
+ * Initialises a fresh set of custom permissions from the target org
+ *
+ * @param con
+ * @returns
+ */
+export declare function initCustomPermissions(con: Connection): Promise<PermissionsConfig | undefined>;

package/lib/libs/conf-init/permissionsClassification.js ADDED Viewed

@@ -0,0 +1,80 @@
+import { CUSTOM_PERMS_QUERY, PROFILES_QUERY } from '../core/constants.js';
+import MDAPI from '../core/mdapi/mdapiRetriever.js';
+import { classificationSorter, PermissionRiskLevel } from '../core/classification-types.js';
+import { loadPreset } from './presets.js';
+/**
+ * Initialises a fresh set of user permissions from target org connection.
+ *
+ * @param con
+ * @returns
+ */
+export async function initUserPermissions(con, preset) {
+    const describePerms = await parsePermsFromDescribe(con);
+    const assignedPerms = await findAssignedPerms(con);
+    const allPerms = { ...describePerms, ...assignedPerms };
+    const presConfig = loadPreset(preset);
+    const perms = presConfig.classifyUserPermissions(Object.values(allPerms));
+    perms.sort(classificationSorter);
+    const result = { permissions: {} };
+    perms.forEach((perm) => (result.permissions[perm.name] = {
+        label: sanitiseLabel(perm.label),
+        classification: perm.classification,
+        reason: perm.reason,
+    }));
+    return result;
+}
+/**
+ * Initialises a fresh set of custom permissions from the target org
+ *
+ * @param con
+ * @returns
+ */
+export async function initCustomPermissions(con) {
+    const result = { permissions: {} };
+    const customPerms = await con.query(CUSTOM_PERMS_QUERY);
+    if (customPerms.records.length === 0) {
+        return undefined;
+    }
+    const perms = customPerms.records.map((cp) => ({
+        name: cp.DeveloperName,
+        label: cp.MasterLabel,
+        classification: PermissionRiskLevel.UNKNOWN,
+    }));
+    perms.forEach((perm) => (result.permissions[perm.name] = {
+        label: perm.label,
+        classification: perm.classification,
+    }));
+    return result;
+}
+async function parsePermsFromDescribe(con) {
+    const permSet = await con.describe('PermissionSet');
+    const describeAvailablePerms = {};
+    permSet.fields
+        .filter((field) => field.name.startsWith('Permissions'))
+        .forEach((field) => {
+        const permName = field.name.replace('Permissions', '');
+        describeAvailablePerms[permName] = {
+            label: field.label,
+            name: permName,
+        };
+    });
+    return describeAvailablePerms;
+}
+async function findAssignedPerms(con) {
+    const assignedPerms = {};
+    const profiles = await con.query(PROFILES_QUERY);
+    if (profiles.records?.length > 0) {
+        const mdapi = new MDAPI(con);
+        const resolvedProfiles = await mdapi.resolve('Profile', profiles.records.map((p) => p.Profile.Name));
+        Object.values(resolvedProfiles).forEach((profile) => {
+            profile.userPermissions.forEach((userPerm) => {
+                assignedPerms[userPerm.name] = { name: userPerm.name };
+            });
+        });
+    }
+    return assignedPerms;
+}
+function sanitiseLabel(rawLabel) {
+    return rawLabel?.replace(/[ \t]+$|[\r\n]+/g, '');
+}
+//# sourceMappingURL=permissionsClassification.js.map

package/lib/libs/conf-init/permissionsClassification.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,KAAK,MAAM,iCAAiC,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC5F,OAAO,EAAoB,UAAU,EAAE,MAAM,cAAc,CAAC;AAG5D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAe,EAAE,MAAyB;IAClF,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,aAAa,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAChC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAmB,kBAAkB,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,EAAE,CAAC,aAAa;QACtB,KAAK,EAAE,EAAE,CAAC,WAAW;QACrB,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAe;IACnD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,sBAAsB,GAAqC,EAAE,CAAC;IACpE,OAAO,CAAC,MAAM;SACX,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;SACvD,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,sBAAsB,CAAC,QAAQ,CAAC,GAAG;YACjC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC,CAAC,CAAC;IACL,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAe;IAC9C,MAAM,aAAa,GAAqC,EAAE,CAAC;IAC3D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IAChE,IAAI,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAC1C,SAAS,EACT,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAC5C,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC3C,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;YACzD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,OAAO,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AACnD,CAAC"}

package/lib/libs/conf-init/policyConfigs.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { Connection } from '@salesforce/core';
+import { BasePolicyFileContent, PermSetsPolicyFileContent, ProfilesPolicyFileContent, UsersPolicyFileContent } from '../core/file-mgmt/schema.js';
+/**
+ * Initialises a new profiles policy with the local org's
+ * profiles and all default rules enabled.
+ *
+ * @param targetOrgCon
+ * @param targetDir
+ * @returns
+ */
+export declare function initProfiles(targetOrgCon: Connection): Promise<ProfilesPolicyFileContent>;
+/**
+ * Initialises a new permission sets policy with the local org's custom
+ * permissions and all default rules enabled.
+ *
+ * @param targetOrgCon
+ * @returns
+ */
+export declare function initPermissionSets(targetOrgCon: Connection): Promise<PermSetsPolicyFileContent>;
+/**
+ * Initialises a new connected apps policy with default rules enabled.
+ *
+ * @returns
+ */
+export declare function initConnectedApps(): BasePolicyFileContent;
+/**
+ * Initialises a users policy with all users flagged as standard user
+ *
+ * @param targetOrgCon
+ */
+export declare function initUsers(targetOrgCon: Connection): Promise<UsersPolicyFileContent>;