npm - @j-schreiber/sf-cli-security-audit - Versions diffs - 0.8.1 → 0.8.3 - Mend

@j-schreiber/sf-cli-security-audit 0.8.1 → 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/lib/libs/conf-init/policyConfigs.js ADDED Viewed

@@ -0,0 +1,91 @@
+import { ACTIVE_USERS_QUERY, PERMISSION_SETS_QUERY, PROFILES_QUERY } from '../core/constants.js';
+import { UsersPolicyConfig, } from '../core/file-mgmt/schema.js';
+import { RuleRegistries } from '../core/registries/types.js';
+import { ProfilesRiskPreset } from '../core/policy-types.js';
+/**
+ * Initialises a new profiles policy with the local org's
+ * profiles and all default rules enabled.
+ *
+ * @param targetOrgCon
+ * @param targetDir
+ * @returns
+ */
+export async function initProfiles(targetOrgCon) {
+    const profiles = await targetOrgCon.query(PROFILES_QUERY);
+    const content = { enabled: true, rules: {}, profiles: {} };
+    profiles.records.forEach((permsetRecord) => {
+        content.profiles[permsetRecord.Profile.Name] = { preset: ProfilesRiskPreset.UNKNOWN };
+    });
+    RuleRegistries.Profiles.registeredRules().forEach((ruleName) => {
+        content.rules[ruleName] = {
+            enabled: true,
+        };
+    });
+    return content;
+}
+/**
+ * Initialises a new permission sets policy with the local org's custom
+ * permissions and all default rules enabled.
+ *
+ * @param targetOrgCon
+ * @returns
+ */
+export async function initPermissionSets(targetOrgCon) {
+    const permSets = await targetOrgCon.query(PERMISSION_SETS_QUERY);
+    const content = {
+        enabled: true,
+        rules: {},
+        permissionSets: {},
+    };
+    permSets.records
+        .filter((permsetRecord) => permsetRecord.IsCustom)
+        .forEach((permsetRecord) => {
+        content.permissionSets[permsetRecord.Name] = { preset: ProfilesRiskPreset.UNKNOWN };
+    });
+    RuleRegistries.PermissionSets.registeredRules().forEach((ruleName) => {
+        content.rules[ruleName] = {
+            enabled: true,
+        };
+    });
+    return content;
+}
+/**
+ * Initialises a new connected apps policy with default rules enabled.
+ *
+ * @returns
+ */
+export function initConnectedApps() {
+    const content = { enabled: true, rules: {} };
+    RuleRegistries.ConnectedApps.registeredRules().forEach((ruleName) => {
+        content.rules[ruleName] = {
+            enabled: true,
+        };
+    });
+    return content;
+}
+/**
+ * Initialises a users policy with all users flagged as standard user
+ *
+ * @param targetOrgCon
+ */
+export async function initUsers(targetOrgCon) {
+    const users = await targetOrgCon.query(ACTIVE_USERS_QUERY);
+    const content = {
+        enabled: true,
+        options: UsersPolicyConfig.parse({}),
+        rules: {},
+        users: {},
+    };
+    // dont parse all configs with default of 30 - but initialise a new config likle this
+    content.options.analyseLastNDaysOfLoginHistory = 30;
+    users.records.forEach((userRecord) => {
+        content.users[userRecord.Username] = { role: ProfilesRiskPreset.STANDARD_USER };
+    });
+    RuleRegistries.Users.registeredRules().forEach((ruleName) => {
+        content.rules[ruleName] = {
+            enabled: true,
+        };
+    });
+    return content;
+}
+//# sourceMappingURL=policyConfigs.js.map

package/lib/libs/conf-init/policyConfigs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policyConfigs.js","sourceRoot":"","sources":["../../../src/libs/conf-init/policyConfigs.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEjG,OAAO,EAIL,iBAAiB,GAElB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,YAAwB;IACzD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IACzE,MAAM,OAAO,GAA8B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACtF,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACxF,CAAC,CAAC,CAAC;IACH,cAAc,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC7D,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,qBAAqB,CAAC,CAAC;IAChF,MAAM,OAAO,GAA8B;QACzC,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,EAAE;QACT,cAAc,EAAE,EAAE;KACnB,CAAC;IACF,QAAQ,CAAC,OAAO;SACb,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;SACjD,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzB,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACtF,CAAC,CAAC,CAAC;IACL,cAAc,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QACnE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,OAAO,GAA0B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACpE,cAAc,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAClE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,YAAwB;IACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,KAAK,CAAO,kBAAkB,CAAC,CAAC;IACjE,MAAM,OAAO,GAA2B;QACtC,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QACpC,KAAK,EAAE,EAAE;QACT,KAAK,EAAE,EAAE;KACV,CAAC;IACF,qFAAqF;IACrF,OAAO,CAAC,OAAO,CAAC,8BAA8B,GAAG,EAAE,CAAC;IACpD,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;QACnC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAClF,CAAC,CAAC,CAAC;IACH,cAAc,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC1D,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/lib/libs/conf-init/presets/loose.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { NamedPermissionsClassification } from '../../core/file-mgmt/schema.js';
+import NonePreset from './none.js';
+export default class LoosePreset extends NonePreset {
+    constructor();
+    initDefault(permName: string): NamedPermissionsClassification;
+}

package/lib/libs/conf-init/presets/loose.js ADDED Viewed

@@ -0,0 +1,85 @@
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import NonePreset from './none.js';
+export default class LoosePreset extends NonePreset {
+    constructor() {
+        super({
+            UseAnyApiClient: PermissionRiskLevel.HIGH,
+            BypassMFAForUiLogins: PermissionRiskLevel.HIGH,
+            ExternalClientAppAdmin: PermissionRiskLevel.HIGH,
+            ManageSandboxes: PermissionRiskLevel.HIGH,
+            ManageDevSandboxes: PermissionRiskLevel.HIGH,
+            CustomizeApplication: PermissionRiskLevel.HIGH,
+            ModifyMetadata: PermissionRiskLevel.HIGH,
+            AuthorApex: PermissionRiskLevel.HIGH,
+            DebugApex: PermissionRiskLevel.HIGH,
+            ManageAuthProviders: PermissionRiskLevel.HIGH,
+            Packaging2: PermissionRiskLevel.HIGH,
+            Packaging2Delete: PermissionRiskLevel.HIGH,
+            Packaging2PromoteVersion: PermissionRiskLevel.HIGH,
+            InstallPackaging: PermissionRiskLevel.HIGH,
+            ViewClientSecret: PermissionRiskLevel.HIGH,
+            ManageTwoFactor: PermissionRiskLevel.HIGH,
+            ManageRemoteAccess: PermissionRiskLevel.HIGH,
+            CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
+            AssignPermissionSets: PermissionRiskLevel.HIGH,
+            ManageIpAddresses: PermissionRiskLevel.HIGH,
+            ManageSharing: PermissionRiskLevel.HIGH,
+            ManageInternalUsers: PermissionRiskLevel.HIGH,
+            ManagePasswordPolicies: PermissionRiskLevel.HIGH,
+            ManageLoginAccessPolicies: PermissionRiskLevel.HIGH,
+            ManageCustomPermissions: PermissionRiskLevel.HIGH,
+            ManageCertificates: PermissionRiskLevel.HIGH,
+            ManageUsers: PermissionRiskLevel.HIGH,
+            ViewAllForecasts: PermissionRiskLevel.HIGH,
+            ResetPasswords: PermissionRiskLevel.HIGH,
+            CanInsertFeedSystemFields: PermissionRiskLevel.HIGH,
+            ManageHealthCheck: PermissionRiskLevel.HIGH,
+            ManageSubscriptions: PermissionRiskLevel.HIGH,
+            ViewAllProfiles: PermissionRiskLevel.HIGH,
+            ManageExternalConnections: PermissionRiskLevel.HIGH,
+            ManageNamedCredentials: PermissionRiskLevel.HIGH,
+            CodeBuilderUser: PermissionRiskLevel.HIGH,
+            MonitorLoginHistory: PermissionRiskLevel.HIGH,
+            ManagePackageLicenses: PermissionRiskLevel.HIGH,
+            ViewHealthCheck: PermissionRiskLevel.MEDIUM,
+            FreezeUsers: PermissionRiskLevel.MEDIUM,
+            ManageRoles: PermissionRiskLevel.MEDIUM,
+            ViewSetup: PermissionRiskLevel.MEDIUM,
+            ViewAllData: PermissionRiskLevel.MEDIUM,
+            ModifyAllData: PermissionRiskLevel.MEDIUM,
+            ExportReport: PermissionRiskLevel.MEDIUM,
+            EmailMass: PermissionRiskLevel.MEDIUM,
+            AccessContentBuilder: PermissionRiskLevel.MEDIUM,
+            DataExport: PermissionRiskLevel.MEDIUM,
+            NewReportBuilder: PermissionRiskLevel.MEDIUM,
+            ImportLeads: PermissionRiskLevel.MEDIUM,
+            EditBrandTemplates: PermissionRiskLevel.MEDIUM,
+            DeleteActivatedContract: PermissionRiskLevel.MEDIUM,
+            OverrideForecasts: PermissionRiskLevel.MEDIUM,
+            ManageNetworks: PermissionRiskLevel.MEDIUM,
+            ViewAllUsers: PermissionRiskLevel.MEDIUM,
+            ViewRoles: PermissionRiskLevel.MEDIUM,
+            ModerateNetworkUsers: PermissionRiskLevel.MEDIUM,
+            ApiEnabled: PermissionRiskLevel.LOW,
+            LightningExperienceUser: PermissionRiskLevel.LOW,
+            RunReports: PermissionRiskLevel.LOW,
+            ScheduleReports: PermissionRiskLevel.LOW,
+            ActivateContract: PermissionRiskLevel.LOW,
+            ActivateOrder: PermissionRiskLevel.LOW,
+            ViewEncryptedData: PermissionRiskLevel.LOW,
+            PasswordNeverExpires: PermissionRiskLevel.LOW,
+            ActivitiesAccess: PermissionRiskLevel.LOW,
+            ForceTwoFactor: PermissionRiskLevel.LOW,
+            ManageQuotas: PermissionRiskLevel.LOW,
+            ApproveContract: PermissionRiskLevel.LOW,
+        });
+    }
+    initDefault(permName) {
+        const basePerm = super.initDefault(permName);
+        if (basePerm.classification === PermissionRiskLevel.UNKNOWN) {
+            basePerm.classification = PermissionRiskLevel.LOW;
+        }
+        return basePerm;
+    }
+}
+//# sourceMappingURL=loose.js.map

package/lib/libs/conf-init/presets/loose.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"loose.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/loose.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,UAAU;IACjD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,wBAAwB,EAAE,mBAAmB,CAAC,IAAI;YAClD,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,uBAAuB,EAAE,mBAAmB,CAAC,IAAI;YACjD,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,qBAAqB,EAAE,mBAAmB,CAAC,IAAI;YAC/C,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,MAAM;YAChD,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,gBAAgB,EAAE,mBAAmB,CAAC,MAAM;YAC5C,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,kBAAkB,EAAE,mBAAmB,CAAC,MAAM;YAC9C,uBAAuB,EAAE,mBAAmB,CAAC,MAAM;YACnD,iBAAiB,EAAE,mBAAmB,CAAC,MAAM;YAC7C,cAAc,EAAE,mBAAmB,CAAC,MAAM;YAC1C,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,MAAM;YAChD,UAAU,EAAE,mBAAmB,CAAC,GAAG;YACnC,uBAAuB,EAAE,mBAAmB,CAAC,GAAG;YAChD,UAAU,EAAE,mBAAmB,CAAC,GAAG;YACnC,eAAe,EAAE,mBAAmB,CAAC,GAAG;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,aAAa,EAAE,mBAAmB,CAAC,GAAG;YACtC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG;YAC1C,oBAAoB,EAAE,mBAAmB,CAAC,GAAG;YAC7C,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,cAAc,EAAE,mBAAmB,CAAC,GAAG;YACvC,YAAY,EAAE,mBAAmB,CAAC,GAAG;YACrC,eAAe,EAAE,mBAAmB,CAAC,GAAG;SACzC,CAAC,CAAC;IACL,CAAC;IAEe,WAAW,CAAC,QAAgB;QAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,QAAQ,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;YAC5D,QAAQ,CAAC,cAAc,GAAG,mBAAmB,CAAC,GAAG,CAAC;QACpD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/lib/libs/conf-init/presets/none.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import { NamedPermissionsClassification } from '../../core/file-mgmt/schema.js';
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import { Optional } from '../../core/utils.js';
+export type UnclassifiedPerm = Optional<NamedPermissionsClassification, 'classification'>;
+export type Preset = {
+    classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
+};
+/**
+ * A "blank" preset that is extended by all other presets
+ * and initialises classification descriptions
+ */
+export default class NonePreset implements Preset {
+    protected userPermissions: Record<string, Partial<NamedPermissionsClassification>>;
+    constructor(userPerms?: Record<string, PermissionRiskLevel>);
+    /**
+     * Finalises permissions for all unclassified user perms that are set
+     * in this preset.
+     *
+     * @param perms
+     */
+    classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
+    /**
+     * Initialises a default classification for a given permission name.
+     * This merges pre-configured defaults with available descriptions.
+     *
+     * @param permName
+     * @returns
+     */
+    initDefault(permName: string): NamedPermissionsClassification;
+}

package/lib/libs/conf-init/presets/none.js ADDED Viewed

@@ -0,0 +1,54 @@
+import { Messages } from '@salesforce/core';
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const descriptions = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policyclassifications');
+/**
+ * A "blank" preset that is extended by all other presets
+ * and initialises classification descriptions
+ */
+export default class NonePreset {
+    userPermissions;
+    constructor(userPerms) {
+        this.userPermissions = {};
+        if (userPerms) {
+            Object.entries(userPerms).forEach(([name, classification]) => {
+                if (this.userPermissions[name]) {
+                    this.userPermissions[name].classification = classification;
+                }
+                else {
+                    this.userPermissions[name] = { classification };
+                }
+            });
+        }
+    }
+    /**
+     * Finalises permissions for all unclassified user perms that are set
+     * in this preset.
+     *
+     * @param perms
+     */
+    classifyUserPermissions(rawPerms) {
+        return rawPerms.map((perm) => ({
+            ...this.initDefault(perm.name),
+            ...perm,
+        }));
+    }
+    /**
+     * Initialises a default classification for a given permission name.
+     * This merges pre-configured defaults with available descriptions.
+     *
+     * @param permName
+     * @returns
+     */
+    initDefault(permName) {
+        const def = this.userPermissions[permName];
+        const hasDescription = descriptions.messages.has(permName);
+        return {
+            ...def,
+            name: permName,
+            classification: def?.classification ?? PermissionRiskLevel.UNKNOWN,
+            reason: hasDescription ? descriptions.getMessage(permName) : undefined,
+        };
+    }
+}
+//# sourceMappingURL=none.js.map

package/lib/libs/conf-init/presets/none.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"none.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/none.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAGzE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,uBAAuB,CAAC,CAAC;AAQ1G;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,UAAU;IACnB,eAAe,CAA0D;IAEnF,YAAmB,SAA+C;QAChE,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC;QAC1B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,EAAE;gBAC3D,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,cAAc,GAAG,cAAc,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,EAAE,CAAC;gBAClD,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,uBAAuB,CAAC,QAA4B;QACzD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC7B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,GAAG,IAAI;SACR,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;;;;;OAMG;IACI,WAAW,CAAC,QAAgB;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3D,OAAO;YACL,GAAG,GAAG;YACN,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,GAAG,EAAE,cAAc,IAAI,mBAAmB,CAAC,OAAO;YAClE,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;SACvE,CAAC;IACJ,CAAC;CACF"}

package/lib/libs/conf-init/presets/strict.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import NonePreset from './none.js';
+export default class StrictPreset extends NonePreset {
+    constructor();
+}

package/lib/libs/conf-init/presets/strict.js ADDED Viewed

@@ -0,0 +1,79 @@
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import NonePreset from './none.js';
+export default class StrictPreset extends NonePreset {
+    constructor() {
+        super({
+            UseAnyApiClient: PermissionRiskLevel.BLOCKED,
+            BypassMFAForUiLogins: PermissionRiskLevel.BLOCKED,
+            ManageNamedCredentials: PermissionRiskLevel.CRITICAL,
+            ImportCustomObjects: PermissionRiskLevel.CRITICAL,
+            ManageSandboxes: PermissionRiskLevel.CRITICAL,
+            ManageDevSandboxes: PermissionRiskLevel.CRITICAL,
+            CustomizeApplication: PermissionRiskLevel.CRITICAL,
+            ModifyMetadata: PermissionRiskLevel.CRITICAL,
+            AuthorApex: PermissionRiskLevel.CRITICAL,
+            DebugApex: PermissionRiskLevel.CRITICAL,
+            ManageAuthProviders: PermissionRiskLevel.CRITICAL,
+            Packaging2: PermissionRiskLevel.CRITICAL,
+            Packaging2Delete: PermissionRiskLevel.CRITICAL,
+            Packaging2PromoteVersion: PermissionRiskLevel.CRITICAL,
+            InstallPackaging: PermissionRiskLevel.CRITICAL,
+            ViewClientSecret: PermissionRiskLevel.CRITICAL,
+            ExternalClientAppAdmin: PermissionRiskLevel.CRITICAL,
+            CanInsertFeedSystemFields: PermissionRiskLevel.CRITICAL,
+            ManageExternalConnections: PermissionRiskLevel.CRITICAL,
+            CodeBuilderUser: PermissionRiskLevel.CRITICAL,
+            ManageCertificates: PermissionRiskLevel.HIGH,
+            ExportReport: PermissionRiskLevel.HIGH,
+            ViewSetup: PermissionRiskLevel.HIGH,
+            ApiEnabled: PermissionRiskLevel.HIGH,
+            ViewAllData: PermissionRiskLevel.HIGH,
+            ModifyAllData: PermissionRiskLevel.HIGH,
+            ManageTwoFactor: PermissionRiskLevel.HIGH,
+            ManageRemoteAccess: PermissionRiskLevel.HIGH,
+            CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
+            AssignPermissionSets: PermissionRiskLevel.HIGH,
+            ManageRoles: PermissionRiskLevel.HIGH,
+            ManageIpAddresses: PermissionRiskLevel.HIGH,
+            ManageSharing: PermissionRiskLevel.HIGH,
+            ManageInternalUsers: PermissionRiskLevel.HIGH,
+            ManagePasswordPolicies: PermissionRiskLevel.HIGH,
+            ManageLoginAccessPolicies: PermissionRiskLevel.HIGH,
+            ManageCustomPermissions: PermissionRiskLevel.HIGH,
+            FreezeUsers: PermissionRiskLevel.HIGH,
+            AccessContentBuilder: PermissionRiskLevel.HIGH,
+            NewReportBuilder: PermissionRiskLevel.HIGH,
+            ImportLeads: PermissionRiskLevel.HIGH,
+            ViewEncryptedData: PermissionRiskLevel.HIGH,
+            EditBrandTemplates: PermissionRiskLevel.HIGH,
+            OverrideForecasts: PermissionRiskLevel.HIGH,
+            ViewAllForecasts: PermissionRiskLevel.HIGH,
+            ResetPasswords: PermissionRiskLevel.HIGH,
+            ManageNetworks: PermissionRiskLevel.HIGH,
+            ViewAllUsers: PermissionRiskLevel.HIGH,
+            ModerateNetworkUsers: PermissionRiskLevel.HIGH,
+            ViewHealthCheck: PermissionRiskLevel.HIGH,
+            ManageHealthCheck: PermissionRiskLevel.HIGH,
+            ManageSubscriptions: PermissionRiskLevel.HIGH,
+            ViewRoles: PermissionRiskLevel.HIGH,
+            ViewAllProfiles: PermissionRiskLevel.HIGH,
+            MonitorLoginHistory: PermissionRiskLevel.HIGH,
+            ManagePackageLicenses: PermissionRiskLevel.HIGH,
+            ScheduleReports: PermissionRiskLevel.MEDIUM,
+            EmailMass: PermissionRiskLevel.MEDIUM,
+            DataExport: PermissionRiskLevel.MEDIUM,
+            RunReports: PermissionRiskLevel.MEDIUM,
+            ApproveContract: PermissionRiskLevel.MEDIUM,
+            ActivateContract: PermissionRiskLevel.MEDIUM,
+            ActivateOrder: PermissionRiskLevel.MEDIUM,
+            DeleteActivatedContract: PermissionRiskLevel.MEDIUM,
+            ManageQuotas: PermissionRiskLevel.MEDIUM,
+            ManageUsers: PermissionRiskLevel.HIGH,
+            LightningExperienceUser: PermissionRiskLevel.LOW,
+            PasswordNeverExpires: PermissionRiskLevel.LOW,
+            ActivitiesAccess: PermissionRiskLevel.LOW,
+            ForceTwoFactor: PermissionRiskLevel.LOW,
+        });
+    }
+}
+//# sourceMappingURL=strict.js.map

package/lib/libs/conf-init/presets/strict.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"strict.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/strict.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,UAAU;IAClD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,OAAO;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,OAAO;YACjD,sBAAsB,EAAE,mBAAmB,CAAC,QAAQ;YACpD,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,eAAe,EAAE,mBAAmB,CAAC,QAAQ;YAC7C,kBAAkB,EAAE,mBAAmB,CAAC,QAAQ;YAChD,oBAAoB,EAAE,mBAAmB,CAAC,QAAQ;YAClD,cAAc,EAAE,mBAAmB,CAAC,QAAQ;YAC5C,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,SAAS,EAAE,mBAAmB,CAAC,QAAQ;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,wBAAwB,EAAE,mBAAmB,CAAC,QAAQ;YACtD,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,sBAAsB,EAAE,mBAAmB,CAAC,QAAQ;YACpD,yBAAyB,EAAE,mBAAmB,CAAC,QAAQ;YACvD,yBAAyB,EAAE,mBAAmB,CAAC,QAAQ;YACvD,eAAe,EAAE,mBAAmB,CAAC,QAAQ;YAC7C,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,uBAAuB,EAAE,mBAAmB,CAAC,IAAI;YACjD,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,qBAAqB,EAAE,mBAAmB,CAAC,IAAI;YAC/C,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,gBAAgB,EAAE,mBAAmB,CAAC,MAAM;YAC5C,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,uBAAuB,EAAE,mBAAmB,CAAC,MAAM;YACnD,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,uBAAuB,EAAE,mBAAmB,CAAC,GAAG;YAChD,oBAAoB,EAAE,mBAAmB,CAAC,GAAG;YAC7C,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,cAAc,EAAE,mBAAmB,CAAC,GAAG;SACxC,CAAC,CAAC;IACL,CAAC;CACF"}

package/lib/libs/conf-init/presets.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { Preset } from './presets/none.js';
+export declare enum AuditInitPresets {
+    strict = "strict",
+    loose = "loose",
+    none = "none"
+}
+export declare function loadPreset(presetName?: AuditInitPresets): Preset;

package/lib/libs/conf-init/presets.js ADDED Viewed

@@ -0,0 +1,20 @@
+import LoosePreset from './presets/loose.js';
+import NonePreset from './presets/none.js';
+import StrictPreset from './presets/strict.js';
+export var AuditInitPresets;
+(function (AuditInitPresets) {
+    AuditInitPresets["strict"] = "strict";
+    AuditInitPresets["loose"] = "loose";
+    AuditInitPresets["none"] = "none";
+})(AuditInitPresets || (AuditInitPresets = {}));
+export function loadPreset(presetName) {
+    switch (presetName) {
+        case AuditInitPresets.loose:
+            return new LoosePreset();
+        case AuditInitPresets.strict:
+            return new StrictPreset();
+        default:
+            return new NonePreset();
+    }
+}
+//# sourceMappingURL=presets.js.map

package/lib/libs/conf-init/presets.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"presets.js","sourceRoot":"","sources":["../../../src/libs/conf-init/presets.ts"],"names":[],"mappings":"AAAA,OAAO,WAAW,MAAM,oBAAoB,CAAC;AAC7C,OAAO,UAAsB,MAAM,mBAAmB,CAAC;AACvD,OAAO,YAAY,MAAM,qBAAqB,CAAC;AAE/C,MAAM,CAAN,IAAY,gBAIX;AAJD,WAAY,gBAAgB;IAC1B,qCAAiB,CAAA;IACjB,mCAAe,CAAA;IACf,iCAAa,CAAA;AACf,CAAC,EAJW,gBAAgB,KAAhB,gBAAgB,QAI3B;AAED,MAAM,UAAU,UAAU,CAAC,UAA6B;IACtD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,gBAAgB,CAAC,KAAK;YACzB,OAAO,IAAI,WAAW,EAAE,CAAC;QAC3B,KAAK,gBAAgB,CAAC,MAAM;YAC1B,OAAO,IAAI,YAAY,EAAE,CAAC;QAC5B;YACE,OAAO,IAAI,UAAU,EAAE,CAAC;IAC5B,CAAC;AACH,CAAC"}

package/lib/libs/core/auditRun.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import EventEmitter from 'node:events';
+import { Connection } from '@salesforce/core';
+import { AuditResult } from './result-types.js';
+import { AuditRunConfig } from './file-mgmt/schema.js';
+import Policy from './policies/policy.js';
+type PolicyMap = Record<string, Policy<unknown>>;
+export declare function startAuditRun(directoryPath: string): AuditRun;
+export type EntityResolveEvent = {
+    total: number;
+    resolved: number;
+    policyName: string;
+};
+/**
+ * Instance of an audit run that manages high-level operations
+ */
+export default class AuditRun extends EventEmitter {
+    configs: AuditRunConfig;
+    private executablePolicies?;
+    constructor(configs: AuditRunConfig);
+    /**
+     * Loads all policies, resolves entities and caches the results.
+     *
+     * @param targetOrgConnection
+     */
+    resolve(targetOrgConnection: Connection): Promise<PolicyMap>;
+    /**
+     * Executes an initialised audit run. Resolves policies entities
+     * and executes all rules.
+     *
+     * @param targetOrgConnection
+     * @returns
+     */
+    execute(targetCon: Connection): Promise<Omit<AuditResult, 'orgId'>>;
+    private loadPolicies;
+}
+export {};

package/lib/libs/core/auditRun.js ADDED Viewed

@@ -0,0 +1,86 @@
+// import fs from 'node:fs';
+import EventEmitter from 'node:events';
+import { loadAuditConfig } from './file-mgmt/auditConfigFileManager.js';
+import { policyDefs } from './policyRegistry.js';
+export function startAuditRun(directoryPath) {
+    const conf = loadAuditConfig(directoryPath);
+    return new AuditRun(conf);
+}
+/**
+ * Instance of an audit run that manages high-level operations
+ */
+export default class AuditRun extends EventEmitter {
+    configs;
+    executablePolicies;
+    constructor(configs) {
+        super();
+        this.configs = configs;
+    }
+    /**
+     * Loads all policies, resolves entities and caches the results.
+     *
+     * @param targetOrgConnection
+     */
+    async resolve(targetOrgConnection) {
+        if (this.executablePolicies) {
+            return this.executablePolicies;
+        }
+        this.executablePolicies = this.loadPolicies(this.configs);
+        const resolveResultPromises = [];
+        Object.values(this.executablePolicies).forEach((executable) => {
+            resolveResultPromises.push(executable.resolve({ targetOrgConnection }));
+        });
+        await Promise.all(resolveResultPromises);
+        return this.executablePolicies;
+    }
+    /**
+     * Executes an initialised audit run. Resolves policies entities
+     * and executes all rules.
+     *
+     * @param targetOrgConnection
+     * @returns
+     */
+    async execute(targetCon) {
+        this.executablePolicies = await this.resolve(targetCon);
+        const results = await runPolicies(this.executablePolicies, targetCon);
+        return {
+            auditDate: new Date().toISOString(),
+            isCompliant: isCompliant(results),
+            policies: results,
+        };
+    }
+    loadPolicies(config) {
+        const pols = {};
+        Object.entries(config.policies).forEach(([policyName, policyConfig]) => {
+            const policy = new policyDefs[policyName].handler(policyConfig.content, config);
+            policy.addListener('entityresolve', (resolveStats) => {
+                this.emit(`entityresolve-${policyName}`, { policyName, ...resolveStats });
+            });
+            pols[policyName] = policy;
+        });
+        return pols;
+    }
+}
+function isCompliant(results) {
+    const list = Object.values(results);
+    if (list.length === 0) {
+        return true;
+    }
+    return list.reduce((prevVal, currentVal) => prevVal && currentVal.isCompliant, list[0].isCompliant);
+}
+async function runPolicies(policies, targetOrgConnection) {
+    const resultsArray = [];
+    const policiesList = [];
+    Object.entries(policies).forEach(([policyKey, executable]) => {
+        policiesList.push(policyKey);
+        resultsArray.push(executable.run({ targetOrgConnection }));
+    });
+    const arrayResult = await Promise.all(resultsArray);
+    const results = {};
+    arrayResult.forEach((policyResult) => {
+        const policyKey = policiesList[arrayResult.indexOf(policyResult)];
+        results[policyKey] = policyResult;
+    });
+    return results;
+}
+//# sourceMappingURL=auditRun.js.map

package/lib/libs/core/auditRun.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/core/auditRun.ts"],"names":[],"mappings":"AAAA,4BAA4B;AAC5B,OAAO,YAAY,MAAM,aAAa,CAAC;AAIvC,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,UAAU,EAAe,MAAM,qBAAqB,CAAC;AAM9D,MAAM,UAAU,aAAa,CAAC,aAAqB;IACjD,MAAM,IAAI,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;IAC5C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAQD;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,YAAY;IAGtB;IAFlB,kBAAkB,CAAa;IAEvC,YAA0B,OAAuB;QAC/C,KAAK,EAAE,CAAC;QADgB,YAAO,GAAP,OAAO,CAAgB;IAEjD,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC;QACjC,CAAC;QACD,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,qBAAqB,GAAiD,EAAE,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC5D,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,SAAqB;QACxC,IAAI,CAAC,kBAAkB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QACtE,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC;YACjC,QAAQ,EAAE,OAAO;SAClB,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,EAAE;YACrE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,UAAyB,CAAC,CAAC,OAAO,CAC7D,YAAoC,CAAC,OAAO,EAC7C,MAAM,CACP,CAAC;YACF,MAAM,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,YAAoD,EAAE,EAAE;gBAC3F,IAAI,CAAC,IAAI,CAAC,iBAAiB,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,SAAS,WAAW,CAAC,OAAmB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAmB,EAAE,mBAA+B;IAC7E,MAAM,YAAY,GAAsC,EAAE,CAAC;IAC3D,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE;QAC3D,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,WAAW,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QACnC,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/lib/libs/core/classification-types.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { NamedPermissionsClassification } from './file-mgmt/schema.js';
+/**
+ * Enum to classify user and custom permissions.
+ */
+export declare enum PermissionRiskLevel {
+    /** Blacklisted permissions that are considered too critical and not allowed */
+    BLOCKED = "Blocked",
+    /** Developer permissions, allow to modify the application */
+    CRITICAL = "Critical",
+    /** Admin permissions, allow to manage users and change permissions */
+    HIGH = "High",
+    /** Elevated business permissions for privileged users */
+    MEDIUM = "Medium",
+    /** Regular user permissions, typically needed for day-to-day work */
+    LOW = "Low",
+    /** Not categorized or unknown permission. Will be ignored but create a warning */
+    UNKNOWN = "Unknown"
+}
+export declare function resolveRiskLevelOrdinalValue(value: string): number;
+export declare const classificationSorter: (a: NamedPermissionsClassification, b: NamedPermissionsClassification) => number;

package/lib/libs/core/classification-types.js ADDED Viewed

@@ -0,0 +1,23 @@
+/**
+ * Enum to classify user and custom permissions.
+ */
+export var PermissionRiskLevel;
+(function (PermissionRiskLevel) {
+    /** Blacklisted permissions that are considered too critical and not allowed */
+    PermissionRiskLevel["BLOCKED"] = "Blocked";
+    /** Developer permissions, allow to modify the application */
+    PermissionRiskLevel["CRITICAL"] = "Critical";
+    /** Admin permissions, allow to manage users and change permissions */
+    PermissionRiskLevel["HIGH"] = "High";
+    /** Elevated business permissions for privileged users */
+    PermissionRiskLevel["MEDIUM"] = "Medium";
+    /** Regular user permissions, typically needed for day-to-day work */
+    PermissionRiskLevel["LOW"] = "Low";
+    /** Not categorized or unknown permission. Will be ignored but create a warning */
+    PermissionRiskLevel["UNKNOWN"] = "Unknown";
+})(PermissionRiskLevel || (PermissionRiskLevel = {}));
+export function resolveRiskLevelOrdinalValue(value) {
+    return Object.keys(PermissionRiskLevel).indexOf(value.toUpperCase());
+}
+export const classificationSorter = (a, b) => resolveRiskLevelOrdinalValue(a.classification) - resolveRiskLevelOrdinalValue(b.classification);
+//# sourceMappingURL=classification-types.js.map

package/lib/libs/core/classification-types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"classification-types.js","sourceRoot":"","sources":["../../../src/libs/core/classification-types.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED,MAAM,UAAU,4BAA4B,CAAC,KAAa;IACxD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAiC,EAAE,CAAiC,EAAU,EAAE,CACnH,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC"}

package/lib/libs/core/constants.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+export declare const CUSTOM_PERMS_QUERY = "SELECT Id,MasterLabel,DeveloperName FROM CustomPermission";
+export declare const PROFILES_QUERY = "SELECT Profile.Name,Profile.UserType,IsCustom FROM PermissionSet WHERE IsOwnedByProfile = TRUE";
+export declare const PERMISSION_SETS_QUERY = "SELECT Name,Label,IsCustom,NamespacePrefix FROM PermissionSet WHERE IsOwnedByProfile = FALSE AND NamespacePrefix = NULL";
+export declare const CONNECTED_APPS_QUERY = "SELECT Name,OptionsAllowAdminApprovedUsersOnly FROM ConnectedApplication";
+export declare const OAUTH_TOKEN_QUERY = "SELECT User.Username,UseCount,AppName FROM OauthToken";
+export declare const ACTIVE_USERS_QUERY = "SELECT Id,Username,UserType FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
+export declare const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
+export declare const buildPermsetAssignmentsQuery: (userIds: string[]) => string;
+export declare const buildLoginHistoryQuery: (daysToAnalayse?: number) => string;
+export declare const RETRIEVE_CACHE: string;

package/lib/libs/core/constants.js ADDED Viewed

@@ -0,0 +1,20 @@
+import path from 'node:path';
+// QUERIES
+export const CUSTOM_PERMS_QUERY = 'SELECT Id,MasterLabel,DeveloperName FROM CustomPermission';
+export const PROFILES_QUERY = 'SELECT Profile.Name,Profile.UserType,IsCustom FROM PermissionSet WHERE IsOwnedByProfile = TRUE';
+export const PERMISSION_SETS_QUERY = 'SELECT Name,Label,IsCustom,NamespacePrefix FROM PermissionSet WHERE IsOwnedByProfile = FALSE AND NamespacePrefix = NULL';
+export const CONNECTED_APPS_QUERY = 'SELECT Name,OptionsAllowAdminApprovedUsersOnly FROM ConnectedApplication';
+export const OAUTH_TOKEN_QUERY = 'SELECT User.Username,UseCount,AppName FROM OauthToken';
+export const ACTIVE_USERS_QUERY = "SELECT Id,Username,UserType FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
+export const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
+// DYNAMIC QUERIES
+export const buildPermsetAssignmentsQuery = (userIds) => `${USERS_PERMSET_ASSIGNMENTS_QUERY} AND AssigneeId IN (${userIds.map((userId) => `'${userId}'`).join(',')})`;
+export const buildLoginHistoryQuery = (daysToAnalayse) => daysToAnalayse
+    ? `${USERS_LOGIN_HISTORY_QUERY} WHERE LoginTime >= LAST_N_DAYS:${daysToAnalayse} GROUP BY LoginType,Application,UserId`
+    : `${USERS_LOGIN_HISTORY_QUERY} GROUP BY LoginType,Application,UserId`;
+// PATHS
+export const RETRIEVE_CACHE = path.join('.jsc', 'retrieves');
+// BASE QUERIES
+const USERS_LOGIN_HISTORY_QUERY = 'SELECT LoginType,Application,UserId,COUNT(Id)LoginCount,MAX(LoginTime)LastLogin FROM LoginHistory';
+const USERS_PERMSET_ASSIGNMENTS_QUERY = 'SELECT AssigneeId,PermissionSet.Name FROM PermissionSetAssignment WHERE PermissionSet.IsOwnedByProfile = FALSE AND PermissionSet.NamespacePrefix = NULL';
+//# sourceMappingURL=constants.js.map

package/lib/libs/core/constants.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/libs/core/constants.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,UAAU;AACV,MAAM,CAAC,MAAM,kBAAkB,GAAG,2DAA2D,CAAC;AAC9F,MAAM,CAAC,MAAM,cAAc,GACzB,gGAAgG,CAAC;AACnG,MAAM,CAAC,MAAM,qBAAqB,GAChC,yHAAyH,CAAC;AAC5H,MAAM,CAAC,MAAM,oBAAoB,GAAG,0EAA0E,CAAC;AAC/G,MAAM,CAAC,MAAM,iBAAiB,GAAG,uDAAuD,CAAC;AACzF,MAAM,CAAC,MAAM,kBAAkB,GAC7B,qGAAqG,CAAC;AACxG,MAAM,CAAC,MAAM,0BAA0B,GACrC,mIAAmI,CAAC;AAEtI,kBAAkB;AAClB,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,OAAiB,EAAU,EAAE,CACxE,GAAG,+BAA+B,uBAAuB,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAE/G,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,cAAuB,EAAU,EAAE,CACxE,cAAc;IACZ,CAAC,CAAC,GAAG,yBAAyB,mCAAmC,cAAc,wCAAwC;IACvH,CAAC,CAAC,GAAG,yBAAyB,wCAAwC,CAAC;AAE3E,QAAQ;AACR,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAE7D,eAAe;AACf,MAAM,yBAAyB,GAC7B,mGAAmG,CAAC;AACtG,MAAM,+BAA+B,GACnC,yJAAyJ,CAAC"}