@j-schreiber/sf-cli-security-audit 0.8.2 → 0.8.4

package/README.md

@@ -79,7 +79,7 @@ FLAG DESCRIPTIONS
     essentially control, if a permission is allowed in a certain profile / permission set.
 ```
 
-_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.7.1/src/commands/org/audit/init.ts)_
+_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.8.4/src/commands/org/audit/init.ts)_
 
 ## `sf org audit run`
 
@@ -110,7 +110,7 @@ EXAMPLES
     $ sf org audit run -o MyTargetOrg -d configs/prod
 ```
 
-_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.7.1/src/commands/org/audit/run.ts)_
+_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.8.4/src/commands/org/audit/run.ts)_
 
 ## `sf org scan user-perms`
 
@@ -149,7 +149,7 @@ FLAG DESCRIPTIONS
     retun 0 results).
 ```
 
-_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.7.1/src/commands/org/scan/user-perms.ts)_
+_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.8.4/src/commands/org/scan/user-perms.ts)_
 
 <!-- commandsstop -->
 

package/lib/commands/org/audit/init.d.ts

@@ -0,0 +1,19 @@
+import { SfCommand } from '@salesforce/sf-plugins-core';
+import { AuditRunConfig } from '../../../libs/core/file-mgmt/schema.js';
+import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
+export type OrgAuditInitResult = AuditRunConfig;
+export default class OrgAuditInit extends SfCommand<OrgAuditInitResult> {
+    static readonly summary: string;
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly flags: {
+        'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
+        'output-dir': import("@oclif/core/interfaces").OptionFlag<string, import("@oclif/core/interfaces").CustomOptions>;
+        preset: import("@oclif/core/interfaces").OptionFlag<AuditInitPresets, import("@oclif/core/interfaces").CustomOptions>;
+        'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<OrgAuditInitResult>;
+    private printResults;
+    private printClassifications;
+    private printPolicies;
+}

package/lib/commands/org/audit/init.js

@@ -0,0 +1,72 @@
+import { SfCommand, Flags } from '@salesforce/sf-plugins-core';
+import { Messages } from '@salesforce/core';
+import AuditConfig from '../../../libs/conf-init/auditConfig.js';
+import { isPermissionsConfig, isPolicyConfig, } from '../../../libs/core/file-mgmt/schema.js';
+import { AuditInitPresets } from '../../../libs/conf-init/presets.js';
+import { capitalize } from '../../../libs/core/utils.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.init');
+const presetFlag = Flags.custom({
+    char: 'p',
+    summary: messages.getMessage('flags.preset.summary'),
+    description: messages.getMessage('flags.preset.description'),
+    options: Object.values(AuditInitPresets),
+    default: AuditInitPresets.strict,
+})();
+export default class OrgAuditInit extends SfCommand {
+    static summary = messages.getMessage('summary');
+    static description = messages.getMessage('description');
+    static examples = messages.getMessages('examples');
+    static flags = {
+        'target-org': Flags.requiredOrg({
+            summary: messages.getMessage('flags.target-org.summary'),
+            char: 'o',
+            required: true,
+        }),
+        'output-dir': Flags.directory({
+            required: false,
+            char: 'd',
+            summary: messages.getMessage('flags.output-dir.summary'),
+            default: '',
+        }),
+        preset: presetFlag,
+        'api-version': Flags.orgApiVersion(),
+    };
+    async run() {
+        const { flags } = await this.parse(OrgAuditInit);
+        const auditConfig = await AuditConfig.init(flags['target-org'].getConnection(flags['api-version']), {
+            targetDir: flags['output-dir'],
+            preset: flags.preset,
+        });
+        this.printResults(auditConfig);
+        return auditConfig;
+    }
+    printResults(config) {
+        this.printClassifications(config.classifications);
+        this.printPolicies(config.policies);
+    }
+    printClassifications(classifications) {
+        Object.values(classifications).forEach((def) => {
+            if (isPermissionsConfig(def)) {
+                const perms = def.content.permissions ? Object.entries(def.content.permissions) : [];
+                if (perms.length > 0) {
+                    this.logSuccess(messages.getMessage('success.perm-classification-summary', [perms.length ?? 0, def.filePath]));
+                }
+            }
+        });
+    }
+    printPolicies(policies) {
+        Object.entries(policies).forEach(([name, def]) => {
+            if (isPolicyConfig(def)) {
+                if (def.filePath) {
+                    this.logSuccess(messages.getMessage('success.policy-summary', [
+                        capitalize(name),
+                        Object.keys(def.content.rules).length ?? 0,
+                        def.filePath,
+                    ]));
+                }
+            }
+        });
+    }
+}
+//# sourceMappingURL=init.js.map

package/lib/commands/org/audit/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/init.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,WAAW,MAAM,wCAAwC,CAAC;AACjE,OAAO,EAIL,mBAAmB,EACnB,cAAc,GACf,MAAM,wCAAwC,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AACtE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAI/F,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAmB;IAChD,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,sBAAsB,CAAC;IACpD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;IAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC;IACxC,OAAO,EAAE,gBAAgB,CAAC,MAAM;CACjC,CAAC,EAAE,CAAC;AAEL,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,SAA6B;IAC9D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,MAAM,EAAE,UAAU;QAClB,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACjD,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,EAAE;YAClG,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC;YAC9B,MAAM,EAAE,KAAK,CAAC,MAAM;SACrB,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC/B,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC;IAEO,oBAAoB,CAAC,eAA8C;QACzE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7C,IAAI,mBAAmB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrF,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACrB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,CAC9F,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,aAAa,CAAC,QAAgC;QACpD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,EAAE;YAC/C,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC;gBACxB,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;oBACjB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,wBAAwB,EAAE;wBAC5C,UAAU,CAAC,IAAI,CAAC;wBAChB,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM,IAAI,CAAC;wBAC1C,GAAG,CAAC,QAAQ;qBACb,CAAC,CACH,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC"}

package/lib/commands/org/audit/run.d.ts

@@ -0,0 +1,23 @@
+import { Interfaces } from '@oclif/core';
+import { SfCommand } from '@salesforce/sf-plugins-core';
+import { AuditResult } from '../../../libs/core/result-types.js';
+export declare const MERGE_CHAR = " \u2022 ";
+export type OrgAuditRunResult = AuditResult & {
+    filePath: string;
+};
+export default class OrgAuditRun extends SfCommand<OrgAuditRunResult> {
+    static readonly summary: string;
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly flags: {
+        'target-org': Interfaces.OptionFlag<import("@salesforce/core").Org, Interfaces.CustomOptions>;
+        'source-dir': Interfaces.OptionFlag<string, Interfaces.CustomOptions>;
+        'api-version': Interfaces.OptionFlag<string | undefined, Interfaces.CustomOptions>;
+    };
+    run(): Promise<OrgAuditRunResult>;
+    private printResults;
+    private printPoliciesSummary;
+    private printExecutedRulesSummary;
+    private printRuleViolations;
+    private writeReport;
+}

package/lib/commands/org/audit/run.js

@@ -0,0 +1,124 @@
+import { writeFileSync } from 'node:fs';
+import path from 'node:path';
+import { SfCommand, Flags, StandardColors } from '@salesforce/sf-plugins-core';
+import { Messages } from '@salesforce/core';
+import { startAuditRun } from '../../../libs/core/auditRun.js';
+import AuditRunMultiStageOutput from '../../../ux/auditRunMultiStage.js';
+import { capitalize } from '../../../libs/core/utils.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.audit.run');
+export const MERGE_CHAR = ' \u2022 ';
+export default class OrgAuditRun extends SfCommand {
+    static summary = messages.getMessage('summary');
+    static description = messages.getMessage('description');
+    static examples = messages.getMessages('examples');
+    static flags = {
+        'target-org': Flags.requiredOrg({
+            summary: messages.getMessage('flags.target-org.summary'),
+            char: 'o',
+            required: true,
+        }),
+        'source-dir': Flags.directory({
+            required: false,
+            char: 'd',
+            summary: messages.getMessage('flags.source-dir.summary'),
+            default: '',
+        }),
+        'api-version': Flags.orgApiVersion(),
+    };
+    async run() {
+        const { flags } = await this.parse(OrgAuditRun);
+        const stageOutput = AuditRunMultiStageOutput.create({
+            directoryRootPath: flags['source-dir'],
+            targetOrg: flags['target-org'].getUsername() ?? flags['target-org'].getOrgId(),
+            jsonEnabled: flags.json,
+        });
+        stageOutput.start();
+        const auditRun = startAuditRun(flags['source-dir']);
+        stageOutput.startPolicyResolve(auditRun);
+        await auditRun.resolve(flags['target-org'].getConnection(flags['api-version']));
+        stageOutput.startRuleExecution();
+        const partialResult = await auditRun.execute(flags['target-org'].getConnection(flags['api-version']));
+        const result = { orgId: flags['target-org'].getOrgId(), ...partialResult };
+        stageOutput.finish();
+        this.printResults(result);
+        const filePath = this.writeReport(result, flags);
+        return { ...result, filePath };
+    }
+    printResults(result) {
+        this.printPoliciesSummary(result);
+        for (const [policyName, policyDetails] of Object.entries(result.policies)) {
+            this.printExecutedRulesSummary(policyName, policyDetails);
+            this.printRuleViolations(policyDetails.executedRules);
+        }
+    }
+    printPoliciesSummary(result) {
+        const polSummaries = transposePoliciesToTable(result);
+        if (result.isCompliant) {
+            this.logSuccess(messages.getMessage('success.all-policies-compliant'));
+            this.log('');
+        }
+        else {
+            this.log(StandardColors.error(messages.getMessage('summary-non-compliant')));
+            this.log('');
+        }
+        this.table({ data: polSummaries, title: '=== Summary ===', titleOptions: { bold: true } });
+    }
+    printExecutedRulesSummary(policyName, policyDetails) {
+        if (!policyDetails.enabled) {
+            return;
+        }
+        const rulesSummary = transposeExecutedPolicyRules(policyDetails);
+        if (rulesSummary.length > 0) {
+            this.table({
+                data: rulesSummary,
+                title: `--- Executed Rules for ${capitalize(policyName)} ---`,
+                titleOptions: { underline: true },
+            });
+        }
+    }
+    printRuleViolations(executedRules) {
+        for (const uncompliantRule of Object.values(executedRules).filter((ruleDetails) => !ruleDetails.isCompliant)) {
+            this.table({
+                data: uncompliantRule.violations.map((viol) => ({
+                    ...viol,
+                    identifier: typeof viol.identifier === 'string' ? viol.identifier : viol.identifier.join(MERGE_CHAR),
+                })),
+                title: `Violations for ${uncompliantRule.ruleName}`,
+            });
+        }
+    }
+    writeReport(result, flags) {
+        const fileName = `report_${flags['target-org'].getOrgId()}_${Date.now()}.json`;
+        const fullPath = path.join(flags['source-dir'], fileName);
+        writeFileSync(fullPath, JSON.stringify(result, null, 2));
+        this.info(messages.getMessage('info.report-file-location', [fullPath]));
+        return fullPath;
+    }
+}
+function transposePoliciesToTable(result) {
+    return Object.entries(result.policies)
+        .filter(([, policyDetails]) => policyDetails.enabled)
+        .map(([policyName, policyDetails]) => {
+        const rulesExecuted = policyDetails?.executedRules ? Object.keys(policyDetails.executedRules).length : 0;
+        return {
+            policy: capitalize(policyName),
+            isCompliant: policyDetails.isCompliant,
+            rulesExecuted,
+            auditedEntities: policyDetails.auditedEntities?.length ?? 0,
+            ignoredEntities: policyDetails.ignoredEntities?.length ?? 0,
+        };
+    });
+}
+function transposeExecutedPolicyRules(result) {
+    return Object.entries(result.executedRules).map(([ruleName, ruleDetails]) => ({
+        rule: ruleName,
+        isCompliant: ruleDetails.isCompliant,
+        compliantEntities: ruleDetails.compliantEntities?.length ?? 0,
+        violatedEntities: ruleDetails.violatedEntities?.length ?? 0,
+        violations: ruleDetails.violations.length,
+        warnings: ruleDetails.warnings.length,
+        errors: ruleDetails.errors.length,
+    }));
+}
+//# sourceMappingURL=run.js.map

package/lib/commands/org/audit/run.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QACpD,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAChF,WAAW,CAAC,kBAAkB,EAAE,CAAC;QACjC,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QACtG,MAAM,MAAM,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,aAAa,EAAE,CAAC;QAC3E,WAAW,CAAC,MAAM,EAAE,CAAC;QACrB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB;QACtC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7D,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD;QAClF,KAAK,MAAM,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;oBAC9C,GAAG,IAAI;oBACP,UAAU,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC;iBACrG,CAAC,CAAC;gBACH,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAkBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACnC,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,OAAO;YACL,MAAM,EAAE,UAAU,CAAC,UAAU,CAAC;YAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC"}

package/lib/commands/org/scan/user-perms.d.ts

@@ -0,0 +1,20 @@
+import { SfCommand } from '@salesforce/sf-plugins-core';
+import { QuickScanResult } from '../../../libs/quick-scan/types.js';
+import { EntityScanStatus } from '../../../libs/quick-scan/userPermissionScanner.js';
+export type OrgUserPermScanResult = QuickScanResult;
+export default class OrgUserPermScan extends SfCommand<OrgUserPermScanResult> {
+    static readonly summary: string;
+    static readonly description: string;
+    static readonly examples: string[];
+    static readonly flags: {
+        name: import("@oclif/core/interfaces").OptionFlag<string[], import("@oclif/core/interfaces").CustomOptions>;
+        'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
+        'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
+    };
+    run(): Promise<OrgUserPermScanResult>;
+    private reportProgress;
+    private print;
+    private printSummary;
+    private printPermissionResults;
+}
+export declare function isEntityStatus(cls: unknown): cls is EntityScanStatus;

package/lib/commands/org/scan/user-perms.js

@@ -0,0 +1,87 @@
+import { SfCommand, Flags } from '@salesforce/sf-plugins-core';
+import { Messages } from '@salesforce/core';
+import UserPermissionScanner from '../../../libs/quick-scan/userPermissionScanner.js';
+import { capitalize } from '../../../libs/core/utils.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'org.scan.user-perms');
+export default class OrgUserPermScan extends SfCommand {
+    static summary = messages.getMessage('summary');
+    static description = messages.getMessage('description');
+    static examples = messages.getMessages('examples');
+    static flags = {
+        name: Flags.string({
+            summary: messages.getMessage('flags.name.summary'),
+            description: messages.getMessage('flags.name.description'),
+            char: 'n',
+            multiple: true,
+            required: true,
+        }),
+        'target-org': Flags.requiredOrg({
+            summary: messages.getMessage('flags.target-org.summary'),
+            char: 'o',
+            required: true,
+        }),
+        'api-version': Flags.orgApiVersion(),
+    };
+    async run() {
+        const { flags } = await this.parse(OrgUserPermScan);
+        const scanner = new UserPermissionScanner();
+        scanner.on('progress', this.reportProgress);
+        const result = await scanner.quickScan({
+            targetOrg: flags['target-org'].getConnection(flags['api-version']),
+            permissions: flags.name,
+        });
+        this.print(result);
+        return result;
+    }
+    reportProgress = (event) => {
+        if (event.status === 'Pending') {
+            this.spinner.start('Scanning');
+        }
+        const counters = [];
+        Object.entries(event).forEach(([propName, entityStatus]) => {
+            if (isEntityStatus(entityStatus)) {
+                counters.push(`${capitalize(propName)} (${entityStatus.resolved}/${entityStatus.total})`);
+            }
+        });
+        this.spinner.status = counters.join(' | ');
+        if (event.status === 'Completed') {
+            this.spinner.stop();
+            this.logSuccess(messages.getMessage('success.scanned-entities-count', [event.profiles.total, event.permissionSets.total]));
+            this.log();
+        }
+    };
+    print(result) {
+        this.printSummary(result);
+        Object.entries(result.permissions).forEach(([permName, permResult]) => {
+            this.printPermissionResults(permName, permResult);
+        });
+    }
+    printSummary(result) {
+        const data = [];
+        Object.entries(result.permissions).forEach(([permissionName, permResult]) => {
+            data.push({
+                permissionName,
+                profiles: permResult.profiles.length,
+                permissionSets: permResult.permissionSets.length,
+            });
+        });
+        this.table({ data, title: '=== Summary ===', titleOptions: { bold: true } });
+    }
+    printPermissionResults(permissionName, result) {
+        const data = [];
+        result.profiles.forEach((entityName) => {
+            data.push({ entityName, type: 'Profile' });
+        });
+        result.permissionSets.forEach((entityName) => {
+            data.push({ entityName, type: 'Permission Set' });
+        });
+        if (data.length > 0) {
+            this.table({ data, title: permissionName, titleOptions: { underline: true } });
+        }
+    }
+}
+export function isEntityStatus(cls) {
+    return cls.total !== undefined && cls.resolved !== undefined;
+}
+//# sourceMappingURL=user-perms.js.map

package/lib/commands/org/scan/user-perms.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"user-perms.js","sourceRoot":"","sources":["../../../../src/commands/org/scan/user-perms.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,qBAGN,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAIpG,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,SAAgC;IACpE,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oBAAoB,CAAC;YAClD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;YAC1D,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,qBAAqB,EAAE,CAAC;QAC5C,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC;YACrC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAClE,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,cAAc,GAAG,CAAC,KAAsB,EAAQ,EAAE;QACxD,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QACD,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,EAAE;YACzD,IAAI,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,QAAS,IAAI,YAAY,CAAC,KAAM,GAAG,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,gCAAgC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAC1G,CAAC;YACF,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,CAAC;IACH,CAAC,CAAC;IAEM,KAAK,CAAC,MAAuB;QACnC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACpE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,MAAuB;QAC1C,MAAM,IAAI,GAAgF,EAAE,CAAC;QAC7F,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1E,IAAI,CAAC,IAAI,CAAC;gBACR,cAAc;gBACd,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,MAAM;gBACpC,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,MAAM;aACjD,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC/E,CAAC;IAEO,sBAAsB,CAAC,cAAsB,EAAE,MAA4B;QACjF,MAAM,IAAI,GAAgD,EAAE,CAAC;QAC7D,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACrC,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC3C,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;;AAGH,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAwB,CAAC,KAAK,KAAK,SAAS,IAAK,GAAwB,CAAC,QAAQ,KAAK,SAAS,CAAC;AAC3G,CAAC"}

package/lib/libs/conf-init/auditConfig.d.ts

@@ -0,0 +1,35 @@
+import { Connection } from '@salesforce/core';
+import { AuditRunConfig } from '../core/file-mgmt/schema.js';
+import { AuditInitPresets } from './presets.js';
+/**
+ * Additional options how the config should be initialised.
+ */
+export type AuditInitOptions = {
+    /**
+     * When set, config files are created at the target location.
+     */
+    targetDir?: string;
+    /**
+     * An optional preset to initialise classifications and policies.
+     */
+    preset?: AuditInitPresets;
+};
+/**
+ * Exposes key functionality to load an audit config as static methods. This makes
+ * it easy to mock the results during tests.
+ */
+export default class AuditConfig {
+    /**
+     * Initialise a new audit config from target org and writes
+     * files to the destination directory.
+     *
+     * @param con
+     */
+    static init(targetCon: Connection, opts?: AuditInitOptions): Promise<AuditRunConfig>;
+    /**
+     * Loads an existing audit config from a source directory
+     *
+     * @param sourceDir
+     */
+    static load(sourceDir: string): AuditRunConfig;
+}

package/lib/libs/conf-init/auditConfig.js

@@ -0,0 +1,41 @@
+import { DefaultFileManager } from '../core/file-mgmt/auditConfigFileManager.js';
+import { initCustomPermissions, initUserPermissions } from './permissionsClassification.js';
+import { initConnectedApps, initPermissionSets, initProfiles, initUsers } from './policyConfigs.js';
+/**
+ * Exposes key functionality to load an audit config as static methods. This makes
+ * it easy to mock the results during tests.
+ */
+export default class AuditConfig {
+    /**
+     * Initialise a new audit config from target org and writes
+     * files to the destination directory.
+     *
+     * @param con
+     */
+    static async init(targetCon, opts) {
+        const conf = { classifications: {}, policies: {} };
+        conf.classifications.userPermissions = { content: await initUserPermissions(targetCon, opts?.preset) };
+        const customPerms = await initCustomPermissions(targetCon);
+        if (customPerms) {
+            conf.classifications.customPermissions = { content: customPerms };
+        }
+        conf.policies.profiles = { content: await initProfiles(targetCon) };
+        conf.policies.permissionSets = { content: await initPermissionSets(targetCon) };
+        conf.policies.users = { content: await initUsers(targetCon) };
+        conf.policies.connectedApps = { content: initConnectedApps() };
+        // eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
+        if (opts?.targetDir || opts?.targetDir === '') {
+            DefaultFileManager.save(opts.targetDir, conf);
+        }
+        return conf;
+    }
+    /**
+     * Loads an existing audit config from a source directory
+     *
+     * @param sourceDir
+     */
+    static load(sourceDir) {
+        return DefaultFileManager.parse(sourceDir);
+    }
+}
+//# sourceMappingURL=auditConfig.js.map

package/lib/libs/conf-init/auditConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAiBpG;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,IAAI,GAAmB,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,eAAe,GAAG,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;QACvG,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,eAAe,CAAC,iBAAiB,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,IAAI,CAAC,QAAQ,CAAC,KAAK,GAAG,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9D,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,CAAC;QAC/D,wEAAwE;QACxE,IAAI,IAAI,EAAE,SAAS,IAAI,IAAI,EAAE,SAAS,KAAK,EAAE,EAAE,CAAC;YAC9C,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,IAAI,CAAC,SAAiB;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;CACF"}

package/lib/libs/conf-init/permissionsClassification.d.ts

@@ -0,0 +1,17 @@
+import { Connection } from '@salesforce/core';
+import { PermissionsConfig } from '../core/file-mgmt/schema.js';
+import { AuditInitPresets } from './presets.js';
+/**
+ * Initialises a fresh set of user permissions from target org connection.
+ *
+ * @param con
+ * @returns
+ */
+export declare function initUserPermissions(con: Connection, preset?: AuditInitPresets): Promise<PermissionsConfig>;
+/**
+ * Initialises a fresh set of custom permissions from the target org
+ *
+ * @param con
+ * @returns
+ */
+export declare function initCustomPermissions(con: Connection): Promise<PermissionsConfig | undefined>;

package/lib/libs/conf-init/permissionsClassification.js

@@ -0,0 +1,80 @@
+import { CUSTOM_PERMS_QUERY, PROFILES_QUERY } from '../core/constants.js';
+import MDAPI from '../core/mdapi/mdapiRetriever.js';
+import { classificationSorter, PermissionRiskLevel } from '../core/classification-types.js';
+import { loadPreset } from './presets.js';
+/**
+ * Initialises a fresh set of user permissions from target org connection.
+ *
+ * @param con
+ * @returns
+ */
+export async function initUserPermissions(con, preset) {
+    const describePerms = await parsePermsFromDescribe(con);
+    const assignedPerms = await findAssignedPerms(con);
+    const allPerms = { ...describePerms, ...assignedPerms };
+    const presConfig = loadPreset(preset);
+    const perms = presConfig.classifyUserPermissions(Object.values(allPerms));
+    perms.sort(classificationSorter);
+    const result = { permissions: {} };
+    perms.forEach((perm) => (result.permissions[perm.name] = {
+        label: sanitiseLabel(perm.label),
+        classification: perm.classification,
+        reason: perm.reason,
+    }));
+    return result;
+}
+/**
+ * Initialises a fresh set of custom permissions from the target org
+ *
+ * @param con
+ * @returns
+ */
+export async function initCustomPermissions(con) {
+    const result = { permissions: {} };
+    const customPerms = await con.query(CUSTOM_PERMS_QUERY);
+    if (customPerms.records.length === 0) {
+        return undefined;
+    }
+    const perms = customPerms.records.map((cp) => ({
+        name: cp.DeveloperName,
+        label: cp.MasterLabel,
+        classification: PermissionRiskLevel.UNKNOWN,
+    }));
+    perms.forEach((perm) => (result.permissions[perm.name] = {
+        label: perm.label,
+        classification: perm.classification,
+    }));
+    return result;
+}
+async function parsePermsFromDescribe(con) {
+    const permSet = await con.describe('PermissionSet');
+    const describeAvailablePerms = {};
+    permSet.fields
+        .filter((field) => field.name.startsWith('Permissions'))
+        .forEach((field) => {
+        const permName = field.name.replace('Permissions', '');
+        describeAvailablePerms[permName] = {
+            label: field.label,
+            name: permName,
+        };
+    });
+    return describeAvailablePerms;
+}
+async function findAssignedPerms(con) {
+    const assignedPerms = {};
+    const profiles = await con.query(PROFILES_QUERY);
+    if (profiles.records?.length > 0) {
+        const mdapi = new MDAPI(con);
+        const resolvedProfiles = await mdapi.resolve('Profile', profiles.records.map((p) => p.Profile.Name));
+        Object.values(resolvedProfiles).forEach((profile) => {
+            profile.userPermissions.forEach((userPerm) => {
+                assignedPerms[userPerm.name] = { name: userPerm.name };
+            });
+        });
+    }
+    return assignedPerms;
+}
+function sanitiseLabel(rawLabel) {
+    return rawLabel?.replace(/[ \t]+$|[\r\n]+/g, '');
+}
+//# sourceMappingURL=permissionsClassification.js.map

package/lib/libs/conf-init/permissionsClassification.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissionsClassification.js","sourceRoot":"","sources":["../../../src/libs/conf-init/permissionsClassification.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC1E,OAAO,KAAK,MAAM,iCAAiC,CAAC;AAEpD,OAAO,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,iCAAiC,CAAC;AAC5F,OAAO,EAAoB,UAAU,EAAE,MAAM,cAAc,CAAC;AAG5D;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAe,EAAE,MAAyB;IAClF,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,EAAE,GAAG,aAAa,EAAE,GAAG,aAAa,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1E,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;QAChC,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAe;IACzD,MAAM,MAAM,GAAsB,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IACtD,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAmB,kBAAkB,CAAC,CAAC;IAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACrC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,EAAE,EAAE,CAAC,aAAa;QACtB,KAAK,EAAE,EAAE,CAAC,WAAW;QACrB,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAe;IACnD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,sBAAsB,GAAqC,EAAE,CAAC;IACpE,OAAO,CAAC,MAAM;SACX,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;SACvD,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,sBAAsB,CAAC,QAAQ,CAAC,GAAG;YACjC,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,IAAI,EAAE,QAAQ;SACf,CAAC;IACJ,CAAC,CAAC,CAAC;IACL,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,GAAe;IAC9C,MAAM,aAAa,GAAqC,EAAE,CAAC;IAC3D,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IAChE,IAAI,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAC1C,SAAS,EACT,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAC5C,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAClD,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBAC3C,aAAa,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;YACzD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,OAAO,QAAQ,EAAE,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AACnD,CAAC"}

package/lib/libs/conf-init/policyConfigs.d.ts

@@ -0,0 +1,31 @@
+import { Connection } from '@salesforce/core';
+import { BasePolicyFileContent, PermSetsPolicyFileContent, ProfilesPolicyFileContent, UsersPolicyFileContent } from '../core/file-mgmt/schema.js';
+/**
+ * Initialises a new profiles policy with the local org's
+ * profiles and all default rules enabled.
+ *
+ * @param targetOrgCon
+ * @param targetDir
+ * @returns
+ */
+export declare function initProfiles(targetOrgCon: Connection): Promise<ProfilesPolicyFileContent>;
+/**
+ * Initialises a new permission sets policy with the local org's custom
+ * permissions and all default rules enabled.
+ *
+ * @param targetOrgCon
+ * @returns
+ */
+export declare function initPermissionSets(targetOrgCon: Connection): Promise<PermSetsPolicyFileContent>;
+/**
+ * Initialises a new connected apps policy with default rules enabled.
+ *
+ * @returns
+ */
+export declare function initConnectedApps(): BasePolicyFileContent;
+/**
+ * Initialises a users policy with all users flagged as standard user
+ *
+ * @param targetOrgCon
+ */
+export declare function initUsers(targetOrgCon: Connection): Promise<UsersPolicyFileContent>;