npm - @j-schreiber/sf-cli-security-audit - Versions diffs - 0.8.1 → 0.8.3 - Mend

@j-schreiber/sf-cli-security-audit 0.8.1 → 0.8.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/lib/libs/core/policies/permissionSetPolicy.js ADDED Viewed

@@ -0,0 +1,62 @@
+import { Messages } from '@salesforce/core';
+import MDAPI from '../mdapi/mdapiRetriever.js';
+import { ProfilesRiskPreset } from '../policy-types.js';
+import { PermissionSetsRegistry } from '../registries/permissionSets.js';
+import Policy, { getTotal } from './policy.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
+export default class PermissionSetPolicy extends Policy {
+    config;
+    auditContext;
+    totalEntities;
+    constructor(config, auditContext, registry = PermissionSetsRegistry) {
+        super(config, auditContext, registry);
+        this.config = config;
+        this.auditContext = auditContext;
+        this.totalEntities = this.config.permissionSets ? Object.keys(this.config.permissionSets).length : 0;
+    }
+    async resolveEntities(context) {
+        this.emit('entityresolve', {
+            total: this.totalEntities,
+            resolved: 0,
+        });
+        const successfullyResolved = {};
+        const unresolved = {};
+        const retriever = new MDAPI(context.targetOrgConnection);
+        const resolvedPermsets = await retriever.resolve('PermissionSet', filterCategorizedPermsets(this.config.permissionSets));
+        Object.entries(this.config.permissionSets).forEach(([key, val]) => {
+            const resolved = resolvedPermsets[key];
+            if (resolved) {
+                successfullyResolved[key] = {
+                    metadata: resolved,
+                    preset: this.config.permissionSets[key].preset,
+                    name: key,
+                };
+            }
+            else if (successfullyResolved[key] === undefined) {
+                if (val.preset === ProfilesRiskPreset.UNKNOWN) {
+                    unresolved[key] = { name: key, message: messages.getMessage('preset-unknown', ['Permission Set']) };
+                }
+                else {
+                    unresolved[key] = { name: key, message: messages.getMessage('entity-not-found') };
+                }
+            }
+        });
+        const result = { resolvedEntities: successfullyResolved, ignoredEntities: Object.values(unresolved) };
+        this.emit('entityresolve', {
+            total: this.totalEntities,
+            resolved: getTotal(result),
+        });
+        return result;
+    }
+}
+function filterCategorizedPermsets(permSets) {
+    const filteredNames = [];
+    Object.entries(permSets).forEach(([key, val]) => {
+        if (val.preset !== ProfilesRiskPreset.UNKNOWN) {
+            filteredNames.push(key);
+        }
+    });
+    return filteredNames;
+}
+//# sourceMappingURL=permissionSetPolicy.js.map

package/lib/libs/core/policies/permissionSetPolicy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAG/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAA6B;IAGnE;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,YAA4B,EACnC,QAAQ,GAAG,sBAAsB;QAEjC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAJ/B,WAAM,GAAN,MAAM,CAA2B;QACjC,iBAAY,GAAZ,YAAY,CAAgB;QAInC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACvG,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAA0C,EAAE,CAAC;QACvE,MAAM,UAAU,GAAuC,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAC9C,eAAe,EACf,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CACtD,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YAChE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,QAAQ,EAAE,CAAC;gBACb,oBAAoB,CAAC,GAAG,CAAC,GAAG;oBAC1B,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,MAAM;oBAC9C,IAAI,EAAE,GAAG;iBACV,CAAC;YACJ,CAAC;iBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;gBACnD,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBAC9C,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;gBACtG,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,yBAAyB,CAAC,QAA8B;IAC/D,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;QAC9C,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAC9C,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC;AACvB,CAAC"}

package/lib/libs/core/policies/policy.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import EventEmitter from 'node:events';
+import { AuditPolicyResult, EntityResolveError } from '../result-types.js';
+import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
+import RuleRegistry, { RegistryRuleResolveResult } from '../registries/ruleRegistry.js';
+import { AuditContext, IPolicy } from '../registries/types.js';
+export type ResolveEntityResult<T> = {
+    resolvedEntities: Record<string, T>;
+    ignoredEntities: EntityResolveError[];
+};
+export default abstract class Policy<T> extends EventEmitter implements IPolicy {
+    config: BasePolicyFileContent;
+    auditConfig: AuditRunConfig;
+    protected registry: RuleRegistry;
+    protected resolvedRules: RegistryRuleResolveResult;
+    protected entities?: ResolveEntityResult<T>;
+    constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry: RuleRegistry);
+    /**
+     * Resolves all entities of the policy.
+     */
+    resolve(context: AuditContext): Promise<ResolveEntityResult<T>>;
+    /**
+     * Runs all rules of a policy. If the entities are not yet resolved, they are
+     * resolved on the fly before rules are executed.
+     *
+     * @param context
+     * @returns
+     */
+    run(context: AuditContext): Promise<AuditPolicyResult>;
+    protected abstract resolveEntities(context: AuditContext): Promise<ResolveEntityResult<T>>;
+}
+export declare function getTotal(resolveResult: ResolveEntityResult<unknown>): number;

package/lib/libs/core/policies/policy.js ADDED Viewed

@@ -0,0 +1,100 @@
+import EventEmitter from 'node:events';
+export default class Policy extends EventEmitter {
+    config;
+    auditConfig;
+    registry;
+    resolvedRules;
+    entities;
+    constructor(config, auditConfig, registry) {
+        super();
+        this.config = config;
+        this.auditConfig = auditConfig;
+        this.registry = registry;
+        this.resolvedRules = registry.resolveRules(config.rules, auditConfig);
+    }
+    /**
+     * Resolves all entities of the policy.
+     */
+    async resolve(context) {
+        // when a policy is disabled, we still want to appear it in audit results
+        // as disabled with 0 resolved entities and 0 executed rules
+        if (!this.config.enabled) {
+            return { resolvedEntities: {}, ignoredEntities: [] };
+        }
+        if (!this.entities) {
+            this.entities = await this.resolveEntities(context);
+        }
+        return this.entities;
+    }
+    /**
+     * Runs all rules of a policy. If the entities are not yet resolved, they are
+     * resolved on the fly before rules are executed.
+     *
+     * @param context
+     * @returns
+     */
+    async run(context) {
+        if (!this.config.enabled) {
+            return {
+                isCompliant: true,
+                enabled: false,
+                executedRules: {},
+                skippedRules: [],
+                auditedEntities: [],
+                ignoredEntities: [],
+            };
+        }
+        const resolveResult = await this.resolve(context);
+        const ruleResultPromises = new Array();
+        for (const rule of this.resolvedRules.enabledRules) {
+            ruleResultPromises.push(rule.run({ ...context, resolvedEntities: resolveResult.resolvedEntities }));
+        }
+        const ruleResults = await Promise.all(ruleResultPromises);
+        const executedRules = {};
+        for (const ruleResult of ruleResults) {
+            const { compliantEntities, violatedEntities } = evalResolvedEntities(ruleResult, resolveResult);
+            executedRules[ruleResult.ruleName] = {
+                ...ruleResult,
+                isCompliant: ruleResult.violations.length === 0,
+                compliantEntities,
+                violatedEntities,
+            };
+        }
+        return {
+            isCompliant: isCompliant(executedRules),
+            enabled: true,
+            executedRules,
+            skippedRules: this.resolvedRules.skippedRules,
+            auditedEntities: Object.keys(resolveResult.resolvedEntities),
+            ignoredEntities: resolveResult.ignoredEntities,
+        };
+    }
+}
+function isCompliant(ruleResults) {
+    const list = Object.values(ruleResults);
+    if (list.length === 0) {
+        return true;
+    }
+    return list.reduce((prevVal, currentVal) => prevVal && currentVal.isCompliant, list[0].isCompliant);
+}
+function evalResolvedEntities(ruleResult, entities) {
+    const compliantEntities = [];
+    const violatedEntities = new Set();
+    ruleResult.violations.forEach((vio) => {
+        if (vio.identifier.length > 0) {
+            violatedEntities.add(vio.identifier[0]);
+        }
+    });
+    Object.keys(entities.resolvedEntities).forEach((entityIdentifier) => {
+        if (!violatedEntities.has(entityIdentifier)) {
+            compliantEntities.push(entityIdentifier);
+        }
+    });
+    return { compliantEntities, violatedEntities: Array.from(violatedEntities) };
+}
+export function getTotal(resolveResult) {
+    const resolvedCount = resolveResult.resolvedEntities ? Object.keys(resolveResult.resolvedEntities).length : 0;
+    const ignoredCount = resolveResult.ignoredEntities ? resolveResult.ignoredEntities.length : 0;
+    return resolvedCount + ignoredCount;
+}
+//# sourceMappingURL=policy.js.map

package/lib/libs/core/policies/policy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAUvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAKjD;IACA;IACG;IANF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACS,MAA6B,EAC7B,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QAJD,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,GAAG,CAAC,OAAqB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,OAAO,EAAE,KAAK;gBACd,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,EAAE;gBACnB,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAoC,CAAC;QACzE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,aAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACtG,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAI,UAAU,EAAE,aAAa,CAAC,CAAC;YACnG,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG;gBACnC,GAAG,UAAU;gBACb,WAAW,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBAC/C,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI;YACb,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAAgC;IAEhC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,aAA2C;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}

package/lib/libs/core/policies/profilePolicy.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { AuditRunConfig, ProfilesPolicyFileContent } from '../file-mgmt/schema.js';
+import { AuditContext } from '../registries/types.js';
+import { ResolvedProfile } from '../registries/profiles.js';
+import Policy, { ResolveEntityResult } from './policy.js';
+export default class ProfilePolicy extends Policy<ResolvedProfile> {
+    config: ProfilesPolicyFileContent;
+    auditConfig: AuditRunConfig;
+    private totalEntities;
+    constructor(config: ProfilesPolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/profiles.js").default);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedProfile>>;
+}

package/lib/libs/core/policies/profilePolicy.js ADDED Viewed

@@ -0,0 +1,64 @@
+import { Messages } from '@salesforce/core';
+import MDAPI from '../mdapi/mdapiRetriever.js';
+import { ProfilesRiskPreset } from '../policy-types.js';
+import { ProfilesRegistry } from '../registries/profiles.js';
+import Policy, { getTotal } from './policy.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
+export default class ProfilePolicy extends Policy {
+    config;
+    auditConfig;
+    totalEntities;
+    constructor(config, auditConfig, registry = ProfilesRegistry) {
+        super(config, auditConfig, registry);
+        this.config = config;
+        this.auditConfig = auditConfig;
+        this.totalEntities = this.config.profiles ? Object.keys(this.config.profiles).length : 0;
+    }
+    async resolveEntities(context) {
+        this.emit('entityresolve', {
+            total: this.totalEntities,
+            resolved: 0,
+        });
+        const successfullyResolved = {};
+        const ignoredEntities = {};
+        const definitiveProfiles = this.config.profiles ?? {};
+        const classifiedProfiles = [];
+        Object.entries(definitiveProfiles).forEach(([profileName, profileDef]) => {
+            if (profileDef.preset === ProfilesRiskPreset.UNKNOWN) {
+                ignoredEntities[profileName] = {
+                    name: profileName,
+                    message: messages.getMessage('preset-unknown', ['Profile']),
+                };
+            }
+            else {
+                classifiedProfiles.push(profileName);
+            }
+        });
+        const mdapi = new MDAPI(context.targetOrgConnection);
+        const resolvedProfiles = await mdapi.resolve('Profile', classifiedProfiles);
+        classifiedProfiles.forEach((profileName) => {
+            const resolvedProfile = resolvedProfiles[profileName];
+            if (!resolvedProfile) {
+                ignoredEntities[profileName] = {
+                    name: profileName,
+                    message: messages.getMessage('entity-not-found'),
+                };
+            }
+            else {
+                successfullyResolved[profileName] = {
+                    name: profileName,
+                    preset: definitiveProfiles[profileName].preset,
+                    metadata: resolvedProfile,
+                };
+            }
+        });
+        const result = { resolvedEntities: successfullyResolved, ignoredEntities: Object.values(ignoredEntities) };
+        this.emit('entityresolve', {
+            total: this.totalEntities,
+            resolved: getTotal(result),
+        });
+        return result;
+    }
+}
+//# sourceMappingURL=profilePolicy.js.map

package/lib/libs/core/policies/profilePolicy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAuB;IAGvD;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAAiC,EACjC,WAA2B,EAClC,QAAQ,GAAG,gBAAgB;QAE3B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAA2B;QACjC,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3F,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;QACtD,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YACvE,IAAI,UAAU,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACrD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAC5E,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,CAAC,eAAe,EAAE,CAAC;gBACrB,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,oBAAoB,CAAC,WAAW,CAAC,GAAG;oBAClC,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,kBAAkB,CAAC,WAAW,CAAC,CAAC,MAAM;oBAC9C,QAAQ,EAAE,eAAe;iBAC1B,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/lib/libs/core/policies/salesforceStandardTypes.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+import { Record } from '@jsforce/jsforce-node';
+import { Profile as JsForceProfile } from '@jsforce/jsforce-node/lib/api/metadata.js';
+export type CustomPermission = Record & {
+    Id: string;
+    MasterLabel: string;
+    DeveloperName: string;
+};
+export type ConnectedApp = Record & {
+    Id: string;
+    Name: string;
+    OptionsAllowAdminApprovedUsersOnly: boolean;
+};
+export type OauthToken = Record & {
+    Id: string;
+    User: Pick<User, 'Username'>;
+    AppName: string;
+    UseCount: number;
+};
+export type User = Record & {
+    Username: string;
+    LastLoginDate?: string;
+    CreatedDate: string;
+    Profile: ProfileBasic;
+};
+export type Profile = ProfileBasic & {
+    Metadata: JsForceProfile;
+};
+type ProfileBasic = Record & {
+    Id: string;
+    Name: string;
+    UserType: string;
+};
+export type PermissionSet = Record & {
+    Id: string;
+    IsOwnedByProfile: boolean;
+    IsCustom: boolean;
+    Name: string;
+    Label: string;
+    Profile: ProfileBasic;
+    NamespacePrefix?: string;
+};
+export type PermissionSetGroup = Record & {
+    DeveloperName: string;
+};
+export type PermissionSetAssignment = Record & {
+    AssigneeId: string;
+    PermissionSet: Pick<PermissionSet, 'Name'>;
+    PermissionSetGroupId?: string;
+    PermissionSetGroup?: PermissionSetGroup;
+};
+export type UserLoginsAggregate = Record & {
+    LoginType: string;
+    Application: string;
+    UserId: string;
+    LoginCount: number;
+    LastLogin: string;
+};
+export {};

package/lib/libs/core/policies/salesforceStandardTypes.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=salesforceStandardTypes.js.map

package/lib/libs/core/policies/salesforceStandardTypes.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"salesforceStandardTypes.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/salesforceStandardTypes.ts"],"names":[],"mappings":""}

package/lib/libs/core/policies/userPolicy.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { AuditRunConfig, UsersPolicyFileContent } from '../file-mgmt/schema.js';
+import { AuditContext } from '../registries/types.js';
+import { ResolvedUser } from '../registries/users.js';
+import Policy, { ResolveEntityResult } from './policy.js';
+export default class UserPolicy extends Policy<ResolvedUser> {
+    config: UsersPolicyFileContent;
+    auditConfig: AuditRunConfig;
+    private totalEntities;
+    constructor(config: UsersPolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/users.js").default);
+    protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedUser>>;
+}

package/lib/libs/core/policies/userPolicy.js ADDED Viewed

@@ -0,0 +1,60 @@
+import { Messages } from '@salesforce/core';
+import { UsersRegistry } from '../registries/users.js';
+import { ProfilesRiskPreset } from '../policy-types.js';
+import UsersRepository from '../mdapi/usersRepository.js';
+import Policy, { getTotal } from './policy.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
+export default class UserPolicy extends Policy {
+    config;
+    auditConfig;
+    totalEntities;
+    constructor(config, auditConfig, registry = UsersRegistry) {
+        super(config, auditConfig, registry);
+        this.config = config;
+        this.auditConfig = auditConfig;
+        this.totalEntities = this.config.users ? Object.keys(this.config.users).length : 0;
+    }
+    async resolveEntities(context) {
+        this.emit('entityresolve', {
+            total: this.totalEntities,
+            resolved: 0,
+        });
+        const usersRepo = new UsersRepository(context.targetOrgConnection);
+        const resolvedEntities = {};
+        const ignoredEntities = {};
+        for (const [userName, userDef] of Object.entries(this.config.users)) {
+            if (userDef.role === ProfilesRiskPreset.UNKNOWN) {
+                ignoredEntities[userName] = {
+                    name: userName,
+                    message: messages.getMessage('user-with-role-unknown'),
+                };
+            }
+        }
+        // fetch all users from org and merge with configured users
+        const allUsersOnOrg = await usersRepo.resolveAllUsers({
+            withLoginHistory: true,
+            loginHistoryDaysToAnalyse: this.config.options.analyseLastNDaysOfLoginHistory,
+        });
+        this.totalEntities = allUsersOnOrg.size;
+        this.emit('entityresolve', {
+            total: this.totalEntities,
+            resolved: 0,
+        });
+        for (const user of allUsersOnOrg.values()) {
+            if (ignoredEntities[user.username] === undefined) {
+                resolvedEntities[user.username] = {
+                    ...user,
+                    role: this.config.users[user.username]?.role ?? this.config.options.defaultRoleForMissingUsers,
+                };
+            }
+        }
+        const result = { resolvedEntities, ignoredEntities: Object.values(ignoredEntities) };
+        this.emit('entityresolve', {
+            total: this.totalEntities,
+            resolved: getTotal(result),
+        });
+        return result;
+    }
+}
+//# sourceMappingURL=userPolicy.js.map

package/lib/libs/core/policies/userPolicy.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"userPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/userPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAgB,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,eAAe,MAAM,6BAA6B,CAAC;AAC1D,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,MAAoB;IAGjD;IACA;IAHD,aAAa,CAAS;IAC9B,YACS,MAA8B,EAC9B,WAA2B,EAClC,QAAQ,GAAG,aAAa;QAExB,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAwB;QAC9B,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACnE,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACpE,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBAChD,eAAe,CAAC,QAAQ,CAAC,GAAG;oBAC1B,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;iBACvD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,2DAA2D;QAC3D,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC;YACpD,gBAAgB,EAAE,IAAI;YACtB,yBAAyB,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8BAA8B;SAC9E,CAAC,CAAC;QACH,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,IAAI,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,SAAS,EAAE,CAAC;gBACjD,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAChC,GAAG,IAAI;oBACP,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B;iBAC/F,CAAC;YACJ,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}

package/lib/libs/core/policy-types.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Presets can be assigned to profiles and permission sets.
+ * A preset allows permissions up to a fixed risk level.
+ */
+export declare enum ProfilesRiskPreset {
+    /** Allows up to "Critical" permissions */
+    DEVELOPER = "Developer",
+    /** Allows up to "High" permissions */
+    ADMIN = "Admin",
+    /** Allows up to "Medium" permissions */
+    POWER_USER = "Power User",
+    /** Allows only "Low" permissions */
+    STANDARD_USER = "Standard User",
+    /** Disables the profile for audit */
+    UNKNOWN = "Unknown"
+}
+export declare function resolvePresetOrdinalValue(value: string): number;
+export declare function permissionAllowedInPreset(permClassification: string, preset: string): boolean;

package/lib/libs/core/policy-types.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { PermissionRiskLevel, resolveRiskLevelOrdinalValue } from './classification-types.js';
+/**
+ * Presets can be assigned to profiles and permission sets.
+ * A preset allows permissions up to a fixed risk level.
+ */
+export var ProfilesRiskPreset;
+(function (ProfilesRiskPreset) {
+    /** Allows up to "Critical" permissions */
+    ProfilesRiskPreset["DEVELOPER"] = "Developer";
+    /** Allows up to "High" permissions */
+    ProfilesRiskPreset["ADMIN"] = "Admin";
+    /** Allows up to "Medium" permissions */
+    ProfilesRiskPreset["POWER_USER"] = "Power User";
+    /** Allows only "Low" permissions */
+    ProfilesRiskPreset["STANDARD_USER"] = "Standard User";
+    /** Disables the profile for audit */
+    ProfilesRiskPreset["UNKNOWN"] = "Unknown";
+})(ProfilesRiskPreset || (ProfilesRiskPreset = {}));
+export function resolvePresetOrdinalValue(value) {
+    return Object.keys(ProfilesRiskPreset).indexOf(value.toUpperCase().replace(' ', '_'));
+}
+export function permissionAllowedInPreset(permClassification, preset) {
+    // this works, as long as we are mindful when adding new risk levels and presets
+    const invertedPermValue = Object.keys(PermissionRiskLevel).length - resolveRiskLevelOrdinalValue(permClassification);
+    const invertedPresetValue = Object.keys(ProfilesRiskPreset).length - resolvePresetOrdinalValue(preset);
+    return invertedPresetValue >= invertedPermValue;
+}
+//# sourceMappingURL=policy-types.js.map

package/lib/libs/core/policy-types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policy-types.js","sourceRoot":"","sources":["../../../src/libs/core/policy-types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,MAAM,2BAA2B,CAAC;AAE9F;;;GAGG;AACH,MAAM,CAAN,IAAY,kBAWX;AAXD,WAAY,kBAAkB;IAC5B,0CAA0C;IAC1C,6CAAuB,CAAA;IACvB,sCAAsC;IACtC,qCAAe,CAAA;IACf,wCAAwC;IACxC,+CAAyB,CAAA;IACzB,oCAAoC;IACpC,qDAA+B,CAAA;IAC/B,qCAAqC;IACrC,yCAAmB,CAAA;AACrB,CAAC,EAXW,kBAAkB,KAAlB,kBAAkB,QAW7B;AAED,MAAM,UAAU,yBAAyB,CAAC,KAAa;IACrD,OAAO,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AACxF,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,kBAA0B,EAAE,MAAc;IAClF,gFAAgF;IAChF,MAAM,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,MAAM,GAAG,4BAA4B,CAAC,kBAAkB,CAAC,CAAC;IACrH,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACvG,OAAO,mBAAmB,IAAI,iBAAiB,CAAC;AAClD,CAAC"}

package/lib/libs/core/policyRegistry.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import z from 'zod';
+import { AuditRunConfigClassifications, AuditRunConfigPolicies } from './file-mgmt/schema.js';
+import { Constructor } from './registries/types.js';
+import Policy from './policies/policy.js';
+export declare const classificationDefs: ClassificationRegistry;
+export type PolicyNames = keyof AuditRunConfigPolicies;
+export type ClassificationNames = keyof AuditRunConfigClassifications;
+export type PolicyRegistry = Record<PolicyNames, PolicyRegistryEntry>;
+export declare const policyDefs: PolicyRegistry;
+type PolicyRegistryEntry = ConfigFileDefinition & {
+    dependencies?: ConfigFileDependency[];
+    handler: Constructor<Policy<unknown>>;
+};
+type ConfigFileDefinition = {
+    fileName?: string;
+    schema: z.ZodObject;
+};
+type ConfigFileDependency = {
+    errorName: string;
+    path: string[];
+};
+type ClassificationRegistry = Record<keyof AuditRunConfigClassifications, ConfigFileDefinition>;
+export {};

package/lib/libs/core/policyRegistry.js ADDED Viewed

@@ -0,0 +1,38 @@
+import { PermissionsConfigFileSchema, PermSetsPolicyFileSchema, PolicyFileSchema, ProfilesPolicyFileSchema, UsersPolicyFileSchema, } from './file-mgmt/schema.js';
+import ConnectedAppPolicy from './policies/connectedAppPolicy.js';
+import PermissionSetPolicy from './policies/permissionSetPolicy.js';
+import ProfilePolicy from './policies/profilePolicy.js';
+import UserPolicy from './policies/userPolicy.js';
+export const classificationDefs = {
+    userPermissions: {
+        schema: PermissionsConfigFileSchema,
+    },
+    customPermissions: {
+        schema: PermissionsConfigFileSchema,
+    },
+};
+export const policyDefs = {
+    profiles: {
+        handler: ProfilePolicy,
+        schema: ProfilesPolicyFileSchema,
+        dependencies: [
+            { path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForProfiles' },
+        ],
+    },
+    permissionSets: {
+        handler: PermissionSetPolicy,
+        schema: PermSetsPolicyFileSchema,
+        dependencies: [
+            { path: ['classifications', 'userPermissions'], errorName: 'UserPermClassificationRequiredForPermSets' },
+        ],
+    },
+    connectedApps: {
+        handler: ConnectedAppPolicy,
+        schema: PolicyFileSchema,
+    },
+    users: {
+        handler: UserPolicy,
+        schema: UsersPolicyFileSchema,
+    },
+};
+//# sourceMappingURL=policyRegistry.js.map

package/lib/libs/core/policyRegistry.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"policyRegistry.js","sourceRoot":"","sources":["../../../src/libs/core/policyRegistry.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,2BAA2B,EAC3B,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,kBAAkB,MAAM,kCAAkC,CAAC;AAClE,OAAO,mBAAmB,MAAM,mCAAmC,CAAC;AAEpE,OAAO,aAAa,MAAM,6BAA6B,CAAC;AACxD,OAAO,UAAU,MAAM,0BAA0B,CAAC;AAElD,MAAM,CAAC,MAAM,kBAAkB,GAA2B;IACxD,eAAe,EAAE;QACf,MAAM,EAAE,2BAA2B;KACpC;IACD,iBAAiB,EAAE;QACjB,MAAM,EAAE,2BAA2B;KACpC;CACF,CAAC;AAOF,MAAM,CAAC,MAAM,UAAU,GAAmB;IACxC,QAAQ,EAAE;QACR,OAAO,EAAE,aAAa;QACtB,MAAM,EAAE,wBAAwB;QAChC,YAAY,EAAE;YACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;SACzG;KACF;IACD,cAAc,EAAE;QACd,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,wBAAwB;QAChC,YAAY,EAAE;YACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;SACzG;KACF;IACD,aAAa,EAAE;QACb,OAAO,EAAE,kBAAkB;QAC3B,MAAM,EAAE,gBAAgB;KACzB;IACD,KAAK,EAAE;QACL,OAAO,EAAE,UAAU;QACnB,MAAM,EAAE,qBAAqB;KAC9B;CACF,CAAC"}

package/lib/libs/core/registries/connectedApps.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import RuleRegistry from './ruleRegistry.js';
+export type ResolvedConnectedApp = {
+    name: string;
+    origin: 'Installed' | 'OauthToken' | 'Owned';
+    onlyAdminApprovedUsersAllowed: boolean;
+    overrideByApiSecurityAccess: boolean;
+    useCount: number;
+    users: string[];
+};
+export default class ConnectedAppsRuleRegistry extends RuleRegistry {
+    constructor();
+}
+export declare const ConnectedAppsRegistry: ConnectedAppsRuleRegistry;

package/lib/libs/core/registries/connectedApps.js ADDED Viewed

@@ -0,0 +1,13 @@
+import AllUsedAppsUnderManagement from './rules/allUsedAppsUnderManagement.js';
+import NoUserCanSelfAuthorize from './rules/noUserCanSelfAuthorize.js';
+import RuleRegistry from './ruleRegistry.js';
+export default class ConnectedAppsRuleRegistry extends RuleRegistry {
+    constructor() {
+        super({
+            AllUsedAppsUnderManagement,
+            NoUserCanSelfAuthorize,
+        });
+    }
+}
+export const ConnectedAppsRegistry = new ConnectedAppsRuleRegistry();
+//# sourceMappingURL=connectedApps.js.map

package/lib/libs/core/registries/connectedApps.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"connectedApps.js","sourceRoot":"","sources":["../../../../src/libs/core/registries/connectedApps.ts"],"names":[],"mappings":"AAAA,OAAO,0BAA0B,MAAM,uCAAuC,CAAC;AAC/E,OAAO,sBAAsB,MAAM,mCAAmC,CAAC;AACvE,OAAO,YAAY,MAAM,mBAAmB,CAAC;AAU7C,MAAM,CAAC,OAAO,OAAO,yBAA0B,SAAQ,YAAY;IACjE;QACE,KAAK,CAAC;YACJ,0BAA0B;YAC1B,sBAAsB;SACvB,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,yBAAyB,EAAE,CAAC"}

package/lib/libs/core/registries/helpers/permissionsScanning.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { Profile } from '@jsforce/jsforce-node/lib/api/metadata.js';
+import { AuditRunConfig, NamedPermissionsClassification } from '../../file-mgmt/schema.js';
+import { ClassificationNames } from '../../policyRegistry.js';
+import { PolicyRuleViolation, RuleComponentMessage } from '../../result-types.js';
+export type ResolvedProfileLike = {
+    name: string;
+    preset: string;
+    metadata: PartialProfileLike;
+};
+export type ScanResult = {
+    violations: PolicyRuleViolation[];
+    warnings: RuleComponentMessage[];
+};
+export type PartialProfileLike = Pick<Profile, 'userPermissions' | 'customPermissions'>;
+type PermissionsListKey = keyof PartialProfileLike;
+/**
+ * Scan userPermissions and customPermissions of a profile or permission set and
+ * get a unified scan result with violations (risk level not allowed) and warnings
+ * (risk level not classified)
+ *
+ * @param profileLike
+ * @param auditRun
+ * @param rootIdentifier Optional root identifier for messages to prepend.
+ * @returns
+ */
+export declare function scanProfileLike(profileLike: ResolvedProfileLike, auditRun: AuditRunConfig, rootIdentifier?: string[]): ScanResult;
+export declare function scanPermissions(profile: ResolvedProfileLike, permissionListName: PermissionsListKey, auditRun: AuditRunConfig, rootIdentifier?: string[]): ScanResult;
+export declare function resolvePerm(permName: string, auditRun: AuditRunConfig, type: ClassificationNames): NamedPermissionsClassification | undefined;
+export {};