@j-schreiber/sf-cli-security-audit 0.8.2 → 0.8.4

package/lib/libs/conf-init/policyConfigs.js

@@ -0,0 +1,91 @@
+import { ACTIVE_USERS_QUERY, PERMISSION_SETS_QUERY, PROFILES_QUERY } from '../core/constants.js';
+import { UsersPolicyConfig, } from '../core/file-mgmt/schema.js';
+import { RuleRegistries } from '../core/registries/types.js';
+import { ProfilesRiskPreset } from '../core/policy-types.js';
+/**
+ * Initialises a new profiles policy with the local org's
+ * profiles and all default rules enabled.
+ *
+ * @param targetOrgCon
+ * @param targetDir
+ * @returns
+ */
+export async function initProfiles(targetOrgCon) {
+    const profiles = await targetOrgCon.query(PROFILES_QUERY);
+    const content = { enabled: true, rules: {}, profiles: {} };
+    profiles.records.forEach((permsetRecord) => {
+        content.profiles[permsetRecord.Profile.Name] = { preset: ProfilesRiskPreset.UNKNOWN };
+    });
+    RuleRegistries.Profiles.registeredRules().forEach((ruleName) => {
+        content.rules[ruleName] = {
+            enabled: true,
+        };
+    });
+    return content;
+}
+/**
+ * Initialises a new permission sets policy with the local org's custom
+ * permissions and all default rules enabled.
+ *
+ * @param targetOrgCon
+ * @returns
+ */
+export async function initPermissionSets(targetOrgCon) {
+    const permSets = await targetOrgCon.query(PERMISSION_SETS_QUERY);
+    const content = {
+        enabled: true,
+        rules: {},
+        permissionSets: {},
+    };
+    permSets.records
+        .filter((permsetRecord) => permsetRecord.IsCustom)
+        .forEach((permsetRecord) => {
+        content.permissionSets[permsetRecord.Name] = { preset: ProfilesRiskPreset.UNKNOWN };
+    });
+    RuleRegistries.PermissionSets.registeredRules().forEach((ruleName) => {
+        content.rules[ruleName] = {
+            enabled: true,
+        };
+    });
+    return content;
+}
+/**
+ * Initialises a new connected apps policy with default rules enabled.
+ *
+ * @returns
+ */
+export function initConnectedApps() {
+    const content = { enabled: true, rules: {} };
+    RuleRegistries.ConnectedApps.registeredRules().forEach((ruleName) => {
+        content.rules[ruleName] = {
+            enabled: true,
+        };
+    });
+    return content;
+}
+/**
+ * Initialises a users policy with all users flagged as standard user
+ *
+ * @param targetOrgCon
+ */
+export async function initUsers(targetOrgCon) {
+    const users = await targetOrgCon.query(ACTIVE_USERS_QUERY);
+    const content = {
+        enabled: true,
+        options: UsersPolicyConfig.parse({}),
+        rules: {},
+        users: {},
+    };
+    // dont parse all configs with default of 30 - but initialise a new config likle this
+    content.options.analyseLastNDaysOfLoginHistory = 30;
+    users.records.forEach((userRecord) => {
+        content.users[userRecord.Username] = { role: ProfilesRiskPreset.STANDARD_USER };
+    });
+    RuleRegistries.Users.registeredRules().forEach((ruleName) => {
+        content.rules[ruleName] = {
+            enabled: true,
+        };
+    });
+    return content;
+}
+//# sourceMappingURL=policyConfigs.js.map

package/lib/libs/conf-init/policyConfigs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyConfigs.js","sourceRoot":"","sources":["../../../src/libs/conf-init/policyConfigs.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEjG,OAAO,EAIL,iBAAiB,GAElB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,YAAwB;IACzD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IACzE,MAAM,OAAO,GAA8B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACtF,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACxF,CAAC,CAAC,CAAC;IACH,cAAc,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC7D,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,qBAAqB,CAAC,CAAC;IAChF,MAAM,OAAO,GAA8B;QACzC,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,EAAE;QACT,cAAc,EAAE,EAAE;KACnB,CAAC;IACF,QAAQ,CAAC,OAAO;SACb,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;SACjD,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzB,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACtF,CAAC,CAAC,CAAC;IACL,cAAc,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QACnE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,OAAO,GAA0B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACpE,cAAc,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAClE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,YAAwB;IACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,KAAK,CAAO,kBAAkB,CAAC,CAAC;IACjE,MAAM,OAAO,GAA2B;QACtC,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QACpC,KAAK,EAAE,EAAE;QACT,KAAK,EAAE,EAAE;KACV,CAAC;IACF,qFAAqF;IACrF,OAAO,CAAC,OAAO,CAAC,8BAA8B,GAAG,EAAE,CAAC;IACpD,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;QACnC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAClF,CAAC,CAAC,CAAC;IACH,cAAc,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC1D,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/lib/libs/conf-init/presets/loose.d.ts

@@ -0,0 +1,6 @@
+import { NamedPermissionsClassification } from '../../core/file-mgmt/schema.js';
+import NonePreset from './none.js';
+export default class LoosePreset extends NonePreset {
+    constructor();
+    initDefault(permName: string): NamedPermissionsClassification;
+}

package/lib/libs/conf-init/presets/loose.js

@@ -0,0 +1,85 @@
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import NonePreset from './none.js';
+export default class LoosePreset extends NonePreset {
+    constructor() {
+        super({
+            UseAnyApiClient: PermissionRiskLevel.HIGH,
+            BypassMFAForUiLogins: PermissionRiskLevel.HIGH,
+            ExternalClientAppAdmin: PermissionRiskLevel.HIGH,
+            ManageSandboxes: PermissionRiskLevel.HIGH,
+            ManageDevSandboxes: PermissionRiskLevel.HIGH,
+            CustomizeApplication: PermissionRiskLevel.HIGH,
+            ModifyMetadata: PermissionRiskLevel.HIGH,
+            AuthorApex: PermissionRiskLevel.HIGH,
+            DebugApex: PermissionRiskLevel.HIGH,
+            ManageAuthProviders: PermissionRiskLevel.HIGH,
+            Packaging2: PermissionRiskLevel.HIGH,
+            Packaging2Delete: PermissionRiskLevel.HIGH,
+            Packaging2PromoteVersion: PermissionRiskLevel.HIGH,
+            InstallPackaging: PermissionRiskLevel.HIGH,
+            ViewClientSecret: PermissionRiskLevel.HIGH,
+            ManageTwoFactor: PermissionRiskLevel.HIGH,
+            ManageRemoteAccess: PermissionRiskLevel.HIGH,
+            CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
+            AssignPermissionSets: PermissionRiskLevel.HIGH,
+            ManageIpAddresses: PermissionRiskLevel.HIGH,
+            ManageSharing: PermissionRiskLevel.HIGH,
+            ManageInternalUsers: PermissionRiskLevel.HIGH,
+            ManagePasswordPolicies: PermissionRiskLevel.HIGH,
+            ManageLoginAccessPolicies: PermissionRiskLevel.HIGH,
+            ManageCustomPermissions: PermissionRiskLevel.HIGH,
+            ManageCertificates: PermissionRiskLevel.HIGH,
+            ManageUsers: PermissionRiskLevel.HIGH,
+            ViewAllForecasts: PermissionRiskLevel.HIGH,
+            ResetPasswords: PermissionRiskLevel.HIGH,
+            CanInsertFeedSystemFields: PermissionRiskLevel.HIGH,
+            ManageHealthCheck: PermissionRiskLevel.HIGH,
+            ManageSubscriptions: PermissionRiskLevel.HIGH,
+            ViewAllProfiles: PermissionRiskLevel.HIGH,
+            ManageExternalConnections: PermissionRiskLevel.HIGH,
+            ManageNamedCredentials: PermissionRiskLevel.HIGH,
+            CodeBuilderUser: PermissionRiskLevel.HIGH,
+            MonitorLoginHistory: PermissionRiskLevel.HIGH,
+            ManagePackageLicenses: PermissionRiskLevel.HIGH,
+            ViewHealthCheck: PermissionRiskLevel.MEDIUM,
+            FreezeUsers: PermissionRiskLevel.MEDIUM,
+            ManageRoles: PermissionRiskLevel.MEDIUM,
+            ViewSetup: PermissionRiskLevel.MEDIUM,
+            ViewAllData: PermissionRiskLevel.MEDIUM,
+            ModifyAllData: PermissionRiskLevel.MEDIUM,
+            ExportReport: PermissionRiskLevel.MEDIUM,
+            EmailMass: PermissionRiskLevel.MEDIUM,
+            AccessContentBuilder: PermissionRiskLevel.MEDIUM,
+            DataExport: PermissionRiskLevel.MEDIUM,
+            NewReportBuilder: PermissionRiskLevel.MEDIUM,
+            ImportLeads: PermissionRiskLevel.MEDIUM,
+            EditBrandTemplates: PermissionRiskLevel.MEDIUM,
+            DeleteActivatedContract: PermissionRiskLevel.MEDIUM,
+            OverrideForecasts: PermissionRiskLevel.MEDIUM,
+            ManageNetworks: PermissionRiskLevel.MEDIUM,
+            ViewAllUsers: PermissionRiskLevel.MEDIUM,
+            ViewRoles: PermissionRiskLevel.MEDIUM,
+            ModerateNetworkUsers: PermissionRiskLevel.MEDIUM,
+            ApiEnabled: PermissionRiskLevel.LOW,
+            LightningExperienceUser: PermissionRiskLevel.LOW,
+            RunReports: PermissionRiskLevel.LOW,
+            ScheduleReports: PermissionRiskLevel.LOW,
+            ActivateContract: PermissionRiskLevel.LOW,
+            ActivateOrder: PermissionRiskLevel.LOW,
+            ViewEncryptedData: PermissionRiskLevel.LOW,
+            PasswordNeverExpires: PermissionRiskLevel.LOW,
+            ActivitiesAccess: PermissionRiskLevel.LOW,
+            ForceTwoFactor: PermissionRiskLevel.LOW,
+            ManageQuotas: PermissionRiskLevel.LOW,
+            ApproveContract: PermissionRiskLevel.LOW,
+        });
+    }
+    initDefault(permName) {
+        const basePerm = super.initDefault(permName);
+        if (basePerm.classification === PermissionRiskLevel.UNKNOWN) {
+            basePerm.classification = PermissionRiskLevel.LOW;
+        }
+        return basePerm;
+    }
+}
+//# sourceMappingURL=loose.js.map

package/lib/libs/conf-init/presets/loose.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"loose.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/loose.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAEzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,UAAU;IACjD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,wBAAwB,EAAE,mBAAmB,CAAC,IAAI;YAClD,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,uBAAuB,EAAE,mBAAmB,CAAC,IAAI;YACjD,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,qBAAqB,EAAE,mBAAmB,CAAC,IAAI;YAC/C,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,MAAM;YAChD,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,gBAAgB,EAAE,mBAAmB,CAAC,MAAM;YAC5C,WAAW,EAAE,mBAAmB,CAAC,MAAM;YACvC,kBAAkB,EAAE,mBAAmB,CAAC,MAAM;YAC9C,uBAAuB,EAAE,mBAAmB,CAAC,MAAM;YACnD,iBAAiB,EAAE,mBAAmB,CAAC,MAAM;YAC7C,cAAc,EAAE,mBAAmB,CAAC,MAAM;YAC1C,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,MAAM;YAChD,UAAU,EAAE,mBAAmB,CAAC,GAAG;YACnC,uBAAuB,EAAE,mBAAmB,CAAC,GAAG;YAChD,UAAU,EAAE,mBAAmB,CAAC,GAAG;YACnC,eAAe,EAAE,mBAAmB,CAAC,GAAG;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,aAAa,EAAE,mBAAmB,CAAC,GAAG;YACtC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG;YAC1C,oBAAoB,EAAE,mBAAmB,CAAC,GAAG;YAC7C,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,cAAc,EAAE,mBAAmB,CAAC,GAAG;YACvC,YAAY,EAAE,mBAAmB,CAAC,GAAG;YACrC,eAAe,EAAE,mBAAmB,CAAC,GAAG;SACzC,CAAC,CAAC;IACL,CAAC;IAEe,WAAW,CAAC,QAAgB;QAC1C,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,QAAQ,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;YAC5D,QAAQ,CAAC,cAAc,GAAG,mBAAmB,CAAC,GAAG,CAAC;QACpD,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF"}

package/lib/libs/conf-init/presets/none.d.ts

@@ -0,0 +1,30 @@
+import { NamedPermissionsClassification } from '../../core/file-mgmt/schema.js';
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import { Optional } from '../../core/utils.js';
+export type UnclassifiedPerm = Optional<NamedPermissionsClassification, 'classification'>;
+export type Preset = {
+    classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
+};
+/**
+ * A "blank" preset that is extended by all other presets
+ * and initialises classification descriptions
+ */
+export default class NonePreset implements Preset {
+    protected userPermissions: Record<string, Partial<NamedPermissionsClassification>>;
+    constructor(userPerms?: Record<string, PermissionRiskLevel>);
+    /**
+     * Finalises permissions for all unclassified user perms that are set
+     * in this preset.
+     *
+     * @param perms
+     */
+    classifyUserPermissions(rawPerms: UnclassifiedPerm[]): NamedPermissionsClassification[];
+    /**
+     * Initialises a default classification for a given permission name.
+     * This merges pre-configured defaults with available descriptions.
+     *
+     * @param permName
+     * @returns
+     */
+    initDefault(permName: string): NamedPermissionsClassification;
+}

package/lib/libs/conf-init/presets/none.js

@@ -0,0 +1,54 @@
+import { Messages } from '@salesforce/core';
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
+const descriptions = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policyclassifications');
+/**
+ * A "blank" preset that is extended by all other presets
+ * and initialises classification descriptions
+ */
+export default class NonePreset {
+    userPermissions;
+    constructor(userPerms) {
+        this.userPermissions = {};
+        if (userPerms) {
+            Object.entries(userPerms).forEach(([name, classification]) => {
+                if (this.userPermissions[name]) {
+                    this.userPermissions[name].classification = classification;
+                }
+                else {
+                    this.userPermissions[name] = { classification };
+                }
+            });
+        }
+    }
+    /**
+     * Finalises permissions for all unclassified user perms that are set
+     * in this preset.
+     *
+     * @param perms
+     */
+    classifyUserPermissions(rawPerms) {
+        return rawPerms.map((perm) => ({
+            ...this.initDefault(perm.name),
+            ...perm,
+        }));
+    }
+    /**
+     * Initialises a default classification for a given permission name.
+     * This merges pre-configured defaults with available descriptions.
+     *
+     * @param permName
+     * @returns
+     */
+    initDefault(permName) {
+        const def = this.userPermissions[permName];
+        const hasDescription = descriptions.messages.has(permName);
+        return {
+            ...def,
+            name: permName,
+            classification: def?.classification ?? PermissionRiskLevel.UNKNOWN,
+            reason: hasDescription ? descriptions.getMessage(permName) : undefined,
+        };
+    }
+}
+//# sourceMappingURL=none.js.map

package/lib/libs/conf-init/presets/none.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"none.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/none.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAGzE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,uBAAuB,CAAC,CAAC;AAQ1G;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,UAAU;IACnB,eAAe,CAA0D;IAEnF,YAAmB,SAA+C;QAChE,IAAI,CAAC,eAAe,GAAG,EAAE,CAAC;QAC1B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,cAAc,CAAC,EAAE,EAAE;gBAC3D,IAAI,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC/B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,cAAc,GAAG,cAAc,CAAC;gBAC7D,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,EAAE,CAAC;gBAClD,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,uBAAuB,CAAC,QAA4B;QACzD,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAC7B,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC;YAC9B,GAAG,IAAI;SACR,CAAC,CAAC,CAAC;IACN,CAAC;IAED;;;;;;OAMG;IACI,WAAW,CAAC,QAAgB;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,cAAc,GAAG,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3D,OAAO;YACL,GAAG,GAAG;YACN,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,GAAG,EAAE,cAAc,IAAI,mBAAmB,CAAC,OAAO;YAClE,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,SAAS;SACvE,CAAC;IACJ,CAAC;CACF"}

package/lib/libs/conf-init/presets/strict.d.ts

@@ -0,0 +1,4 @@
+import NonePreset from './none.js';
+export default class StrictPreset extends NonePreset {
+    constructor();
+}

package/lib/libs/conf-init/presets/strict.js

@@ -0,0 +1,79 @@
+import { PermissionRiskLevel } from '../../core/classification-types.js';
+import NonePreset from './none.js';
+export default class StrictPreset extends NonePreset {
+    constructor() {
+        super({
+            UseAnyApiClient: PermissionRiskLevel.BLOCKED,
+            BypassMFAForUiLogins: PermissionRiskLevel.BLOCKED,
+            ManageNamedCredentials: PermissionRiskLevel.CRITICAL,
+            ImportCustomObjects: PermissionRiskLevel.CRITICAL,
+            ManageSandboxes: PermissionRiskLevel.CRITICAL,
+            ManageDevSandboxes: PermissionRiskLevel.CRITICAL,
+            CustomizeApplication: PermissionRiskLevel.CRITICAL,
+            ModifyMetadata: PermissionRiskLevel.CRITICAL,
+            AuthorApex: PermissionRiskLevel.CRITICAL,
+            DebugApex: PermissionRiskLevel.CRITICAL,
+            ManageAuthProviders: PermissionRiskLevel.CRITICAL,
+            Packaging2: PermissionRiskLevel.CRITICAL,
+            Packaging2Delete: PermissionRiskLevel.CRITICAL,
+            Packaging2PromoteVersion: PermissionRiskLevel.CRITICAL,
+            InstallPackaging: PermissionRiskLevel.CRITICAL,
+            ViewClientSecret: PermissionRiskLevel.CRITICAL,
+            ExternalClientAppAdmin: PermissionRiskLevel.CRITICAL,
+            CanInsertFeedSystemFields: PermissionRiskLevel.CRITICAL,
+            ManageExternalConnections: PermissionRiskLevel.CRITICAL,
+            CodeBuilderUser: PermissionRiskLevel.CRITICAL,
+            ManageCertificates: PermissionRiskLevel.HIGH,
+            ExportReport: PermissionRiskLevel.HIGH,
+            ViewSetup: PermissionRiskLevel.HIGH,
+            ApiEnabled: PermissionRiskLevel.HIGH,
+            ViewAllData: PermissionRiskLevel.HIGH,
+            ModifyAllData: PermissionRiskLevel.HIGH,
+            ManageTwoFactor: PermissionRiskLevel.HIGH,
+            ManageRemoteAccess: PermissionRiskLevel.HIGH,
+            CanApproveUninstalledApps: PermissionRiskLevel.HIGH,
+            AssignPermissionSets: PermissionRiskLevel.HIGH,
+            ManageRoles: PermissionRiskLevel.HIGH,
+            ManageIpAddresses: PermissionRiskLevel.HIGH,
+            ManageSharing: PermissionRiskLevel.HIGH,
+            ManageInternalUsers: PermissionRiskLevel.HIGH,
+            ManagePasswordPolicies: PermissionRiskLevel.HIGH,
+            ManageLoginAccessPolicies: PermissionRiskLevel.HIGH,
+            ManageCustomPermissions: PermissionRiskLevel.HIGH,
+            FreezeUsers: PermissionRiskLevel.HIGH,
+            AccessContentBuilder: PermissionRiskLevel.HIGH,
+            NewReportBuilder: PermissionRiskLevel.HIGH,
+            ImportLeads: PermissionRiskLevel.HIGH,
+            ViewEncryptedData: PermissionRiskLevel.HIGH,
+            EditBrandTemplates: PermissionRiskLevel.HIGH,
+            OverrideForecasts: PermissionRiskLevel.HIGH,
+            ViewAllForecasts: PermissionRiskLevel.HIGH,
+            ResetPasswords: PermissionRiskLevel.HIGH,
+            ManageNetworks: PermissionRiskLevel.HIGH,
+            ViewAllUsers: PermissionRiskLevel.HIGH,
+            ModerateNetworkUsers: PermissionRiskLevel.HIGH,
+            ViewHealthCheck: PermissionRiskLevel.HIGH,
+            ManageHealthCheck: PermissionRiskLevel.HIGH,
+            ManageSubscriptions: PermissionRiskLevel.HIGH,
+            ViewRoles: PermissionRiskLevel.HIGH,
+            ViewAllProfiles: PermissionRiskLevel.HIGH,
+            MonitorLoginHistory: PermissionRiskLevel.HIGH,
+            ManagePackageLicenses: PermissionRiskLevel.HIGH,
+            ScheduleReports: PermissionRiskLevel.MEDIUM,
+            EmailMass: PermissionRiskLevel.MEDIUM,
+            DataExport: PermissionRiskLevel.MEDIUM,
+            RunReports: PermissionRiskLevel.MEDIUM,
+            ApproveContract: PermissionRiskLevel.MEDIUM,
+            ActivateContract: PermissionRiskLevel.MEDIUM,
+            ActivateOrder: PermissionRiskLevel.MEDIUM,
+            DeleteActivatedContract: PermissionRiskLevel.MEDIUM,
+            ManageQuotas: PermissionRiskLevel.MEDIUM,
+            ManageUsers: PermissionRiskLevel.HIGH,
+            LightningExperienceUser: PermissionRiskLevel.LOW,
+            PasswordNeverExpires: PermissionRiskLevel.LOW,
+            ActivitiesAccess: PermissionRiskLevel.LOW,
+            ForceTwoFactor: PermissionRiskLevel.LOW,
+        });
+    }
+}
+//# sourceMappingURL=strict.js.map

package/lib/libs/conf-init/presets/strict.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strict.js","sourceRoot":"","sources":["../../../../src/libs/conf-init/presets/strict.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AACzE,OAAO,UAAU,MAAM,WAAW,CAAC;AAEnC,MAAM,CAAC,OAAO,OAAO,YAAa,SAAQ,UAAU;IAClD;QACE,KAAK,CAAC;YACJ,eAAe,EAAE,mBAAmB,CAAC,OAAO;YAC5C,oBAAoB,EAAE,mBAAmB,CAAC,OAAO;YACjD,sBAAsB,EAAE,mBAAmB,CAAC,QAAQ;YACpD,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,eAAe,EAAE,mBAAmB,CAAC,QAAQ;YAC7C,kBAAkB,EAAE,mBAAmB,CAAC,QAAQ;YAChD,oBAAoB,EAAE,mBAAmB,CAAC,QAAQ;YAClD,cAAc,EAAE,mBAAmB,CAAC,QAAQ;YAC5C,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,SAAS,EAAE,mBAAmB,CAAC,QAAQ;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,QAAQ;YACjD,UAAU,EAAE,mBAAmB,CAAC,QAAQ;YACxC,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,wBAAwB,EAAE,mBAAmB,CAAC,QAAQ;YACtD,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,QAAQ;YAC9C,sBAAsB,EAAE,mBAAmB,CAAC,QAAQ;YACpD,yBAAyB,EAAE,mBAAmB,CAAC,QAAQ;YACvD,yBAAyB,EAAE,mBAAmB,CAAC,QAAQ;YACvD,eAAe,EAAE,mBAAmB,CAAC,QAAQ;YAC7C,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,UAAU,EAAE,mBAAmB,CAAC,IAAI;YACpC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,aAAa,EAAE,mBAAmB,CAAC,IAAI;YACvC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,sBAAsB,EAAE,mBAAmB,CAAC,IAAI;YAChD,yBAAyB,EAAE,mBAAmB,CAAC,IAAI;YACnD,uBAAuB,EAAE,mBAAmB,CAAC,IAAI;YACjD,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,kBAAkB,EAAE,mBAAmB,CAAC,IAAI;YAC5C,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,gBAAgB,EAAE,mBAAmB,CAAC,IAAI;YAC1C,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,cAAc,EAAE,mBAAmB,CAAC,IAAI;YACxC,YAAY,EAAE,mBAAmB,CAAC,IAAI;YACtC,oBAAoB,EAAE,mBAAmB,CAAC,IAAI;YAC9C,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,iBAAiB,EAAE,mBAAmB,CAAC,IAAI;YAC3C,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,SAAS,EAAE,mBAAmB,CAAC,IAAI;YACnC,eAAe,EAAE,mBAAmB,CAAC,IAAI;YACzC,mBAAmB,EAAE,mBAAmB,CAAC,IAAI;YAC7C,qBAAqB,EAAE,mBAAmB,CAAC,IAAI;YAC/C,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,SAAS,EAAE,mBAAmB,CAAC,MAAM;YACrC,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,UAAU,EAAE,mBAAmB,CAAC,MAAM;YACtC,eAAe,EAAE,mBAAmB,CAAC,MAAM;YAC3C,gBAAgB,EAAE,mBAAmB,CAAC,MAAM;YAC5C,aAAa,EAAE,mBAAmB,CAAC,MAAM;YACzC,uBAAuB,EAAE,mBAAmB,CAAC,MAAM;YACnD,YAAY,EAAE,mBAAmB,CAAC,MAAM;YACxC,WAAW,EAAE,mBAAmB,CAAC,IAAI;YACrC,uBAAuB,EAAE,mBAAmB,CAAC,GAAG;YAChD,oBAAoB,EAAE,mBAAmB,CAAC,GAAG;YAC7C,gBAAgB,EAAE,mBAAmB,CAAC,GAAG;YACzC,cAAc,EAAE,mBAAmB,CAAC,GAAG;SACxC,CAAC,CAAC;IACL,CAAC;CACF"}

package/lib/libs/conf-init/presets.d.ts

@@ -0,0 +1,7 @@
+import { Preset } from './presets/none.js';
+export declare enum AuditInitPresets {
+    strict = "strict",
+    loose = "loose",
+    none = "none"
+}
+export declare function loadPreset(presetName?: AuditInitPresets): Preset;

package/lib/libs/conf-init/presets.js

@@ -0,0 +1,20 @@
+import LoosePreset from './presets/loose.js';
+import NonePreset from './presets/none.js';
+import StrictPreset from './presets/strict.js';
+export var AuditInitPresets;
+(function (AuditInitPresets) {
+    AuditInitPresets["strict"] = "strict";
+    AuditInitPresets["loose"] = "loose";
+    AuditInitPresets["none"] = "none";
+})(AuditInitPresets || (AuditInitPresets = {}));
+export function loadPreset(presetName) {
+    switch (presetName) {
+        case AuditInitPresets.loose:
+            return new LoosePreset();
+        case AuditInitPresets.strict:
+            return new StrictPreset();
+        default:
+            return new NonePreset();
+    }
+}
+//# sourceMappingURL=presets.js.map

package/lib/libs/conf-init/presets.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"presets.js","sourceRoot":"","sources":["../../../src/libs/conf-init/presets.ts"],"names":[],"mappings":"AAAA,OAAO,WAAW,MAAM,oBAAoB,CAAC;AAC7C,OAAO,UAAsB,MAAM,mBAAmB,CAAC;AACvD,OAAO,YAAY,MAAM,qBAAqB,CAAC;AAE/C,MAAM,CAAN,IAAY,gBAIX;AAJD,WAAY,gBAAgB;IAC1B,qCAAiB,CAAA;IACjB,mCAAe,CAAA;IACf,iCAAa,CAAA;AACf,CAAC,EAJW,gBAAgB,KAAhB,gBAAgB,QAI3B;AAED,MAAM,UAAU,UAAU,CAAC,UAA6B;IACtD,QAAQ,UAAU,EAAE,CAAC;QACnB,KAAK,gBAAgB,CAAC,KAAK;YACzB,OAAO,IAAI,WAAW,EAAE,CAAC;QAC3B,KAAK,gBAAgB,CAAC,MAAM;YAC1B,OAAO,IAAI,YAAY,EAAE,CAAC;QAC5B;YACE,OAAO,IAAI,UAAU,EAAE,CAAC;IAC5B,CAAC;AACH,CAAC"}

package/lib/libs/core/auditRun.d.ts

@@ -0,0 +1,36 @@
+import EventEmitter from 'node:events';
+import { Connection } from '@salesforce/core';
+import { AuditResult } from './result-types.js';
+import { AuditRunConfig } from './file-mgmt/schema.js';
+import Policy from './policies/policy.js';
+type PolicyMap = Record<string, Policy<unknown>>;
+export declare function startAuditRun(directoryPath: string): AuditRun;
+export type EntityResolveEvent = {
+    total: number;
+    resolved: number;
+    policyName: string;
+};
+/**
+ * Instance of an audit run that manages high-level operations
+ */
+export default class AuditRun extends EventEmitter {
+    configs: AuditRunConfig;
+    private executablePolicies?;
+    constructor(configs: AuditRunConfig);
+    /**
+     * Loads all policies, resolves entities and caches the results.
+     *
+     * @param targetOrgConnection
+     */
+    resolve(targetOrgConnection: Connection): Promise<PolicyMap>;
+    /**
+     * Executes an initialised audit run. Resolves policies entities
+     * and executes all rules.
+     *
+     * @param targetOrgConnection
+     * @returns
+     */
+    execute(targetCon: Connection): Promise<Omit<AuditResult, 'orgId'>>;
+    private loadPolicies;
+}
+export {};

package/lib/libs/core/auditRun.js

@@ -0,0 +1,86 @@
+// import fs from 'node:fs';
+import EventEmitter from 'node:events';
+import { loadAuditConfig } from './file-mgmt/auditConfigFileManager.js';
+import { policyDefs } from './policyRegistry.js';
+export function startAuditRun(directoryPath) {
+    const conf = loadAuditConfig(directoryPath);
+    return new AuditRun(conf);
+}
+/**
+ * Instance of an audit run that manages high-level operations
+ */
+export default class AuditRun extends EventEmitter {
+    configs;
+    executablePolicies;
+    constructor(configs) {
+        super();
+        this.configs = configs;
+    }
+    /**
+     * Loads all policies, resolves entities and caches the results.
+     *
+     * @param targetOrgConnection
+     */
+    async resolve(targetOrgConnection) {
+        if (this.executablePolicies) {
+            return this.executablePolicies;
+        }
+        this.executablePolicies = this.loadPolicies(this.configs);
+        const resolveResultPromises = [];
+        Object.values(this.executablePolicies).forEach((executable) => {
+            resolveResultPromises.push(executable.resolve({ targetOrgConnection }));
+        });
+        await Promise.all(resolveResultPromises);
+        return this.executablePolicies;
+    }
+    /**
+     * Executes an initialised audit run. Resolves policies entities
+     * and executes all rules.
+     *
+     * @param targetOrgConnection
+     * @returns
+     */
+    async execute(targetCon) {
+        this.executablePolicies = await this.resolve(targetCon);
+        const results = await runPolicies(this.executablePolicies, targetCon);
+        return {
+            auditDate: new Date().toISOString(),
+            isCompliant: isCompliant(results),
+            policies: results,
+        };
+    }
+    loadPolicies(config) {
+        const pols = {};
+        Object.entries(config.policies).forEach(([policyName, policyConfig]) => {
+            const policy = new policyDefs[policyName].handler(policyConfig.content, config);
+            policy.addListener('entityresolve', (resolveStats) => {
+                this.emit(`entityresolve-${policyName}`, { policyName, ...resolveStats });
+            });
+            pols[policyName] = policy;
+        });
+        return pols;
+    }
+}
+function isCompliant(results) {
+    const list = Object.values(results);
+    if (list.length === 0) {
+        return true;
+    }
+    return list.reduce((prevVal, currentVal) => prevVal && currentVal.isCompliant, list[0].isCompliant);
+}
+async function runPolicies(policies, targetOrgConnection) {
+    const resultsArray = [];
+    const policiesList = [];
+    Object.entries(policies).forEach(([policyKey, executable]) => {
+        policiesList.push(policyKey);
+        resultsArray.push(executable.run({ targetOrgConnection }));
+    });
+    const arrayResult = await Promise.all(resultsArray);
+    const results = {};
+    arrayResult.forEach((policyResult) => {
+        const policyKey = policiesList[arrayResult.indexOf(policyResult)];
+        results[policyKey] = policyResult;
+    });
+    return results;
+}
+//# sourceMappingURL=auditRun.js.map

package/lib/libs/core/auditRun.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/core/auditRun.ts"],"names":[],"mappings":"AAAA,4BAA4B;AAC5B,OAAO,YAAY,MAAM,aAAa,CAAC;AAIvC,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,UAAU,EAAe,MAAM,qBAAqB,CAAC;AAM9D,MAAM,UAAU,aAAa,CAAC,aAAqB;IACjD,MAAM,IAAI,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;IAC5C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAQD;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,YAAY;IAGtB;IAFlB,kBAAkB,CAAa;IAEvC,YAA0B,OAAuB;QAC/C,KAAK,EAAE,CAAC;QADgB,YAAO,GAAP,OAAO,CAAgB;IAEjD,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC;QACjC,CAAC;QACD,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,qBAAqB,GAAiD,EAAE,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC5D,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,SAAqB;QACxC,IAAI,CAAC,kBAAkB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QACtE,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC;YACjC,QAAQ,EAAE,OAAO;SAClB,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,EAAE;YACrE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,UAAyB,CAAC,CAAC,OAAO,CAC7D,YAAoC,CAAC,OAAO,EAC7C,MAAM,CACP,CAAC;YACF,MAAM,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,YAAoD,EAAE,EAAE;gBAC3F,IAAI,CAAC,IAAI,CAAC,iBAAiB,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,SAAS,WAAW,CAAC,OAAmB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAmB,EAAE,mBAA+B;IAC7E,MAAM,YAAY,GAAsC,EAAE,CAAC;IAC3D,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE;QAC3D,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,WAAW,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QACnC,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/lib/libs/core/classification-types.d.ts

@@ -0,0 +1,20 @@
+import { NamedPermissionsClassification } from './file-mgmt/schema.js';
+/**
+ * Enum to classify user and custom permissions.
+ */
+export declare enum PermissionRiskLevel {
+    /** Blacklisted permissions that are considered too critical and not allowed */
+    BLOCKED = "Blocked",
+    /** Developer permissions, allow to modify the application */
+    CRITICAL = "Critical",
+    /** Admin permissions, allow to manage users and change permissions */
+    HIGH = "High",
+    /** Elevated business permissions for privileged users */
+    MEDIUM = "Medium",
+    /** Regular user permissions, typically needed for day-to-day work */
+    LOW = "Low",
+    /** Not categorized or unknown permission. Will be ignored but create a warning */
+    UNKNOWN = "Unknown"
+}
+export declare function resolveRiskLevelOrdinalValue(value: string): number;
+export declare const classificationSorter: (a: NamedPermissionsClassification, b: NamedPermissionsClassification) => number;

package/lib/libs/core/classification-types.js

@@ -0,0 +1,23 @@
+/**
+ * Enum to classify user and custom permissions.
+ */
+export var PermissionRiskLevel;
+(function (PermissionRiskLevel) {
+    /** Blacklisted permissions that are considered too critical and not allowed */
+    PermissionRiskLevel["BLOCKED"] = "Blocked";
+    /** Developer permissions, allow to modify the application */
+    PermissionRiskLevel["CRITICAL"] = "Critical";
+    /** Admin permissions, allow to manage users and change permissions */
+    PermissionRiskLevel["HIGH"] = "High";
+    /** Elevated business permissions for privileged users */
+    PermissionRiskLevel["MEDIUM"] = "Medium";
+    /** Regular user permissions, typically needed for day-to-day work */
+    PermissionRiskLevel["LOW"] = "Low";
+    /** Not categorized or unknown permission. Will be ignored but create a warning */
+    PermissionRiskLevel["UNKNOWN"] = "Unknown";
+})(PermissionRiskLevel || (PermissionRiskLevel = {}));
+export function resolveRiskLevelOrdinalValue(value) {
+    return Object.keys(PermissionRiskLevel).indexOf(value.toUpperCase());
+}
+export const classificationSorter = (a, b) => resolveRiskLevelOrdinalValue(a.classification) - resolveRiskLevelOrdinalValue(b.classification);
+//# sourceMappingURL=classification-types.js.map

package/lib/libs/core/classification-types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"classification-types.js","sourceRoot":"","sources":["../../../src/libs/core/classification-types.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED,MAAM,UAAU,4BAA4B,CAAC,KAAa;IACxD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAiC,EAAE,CAAiC,EAAU,EAAE,CACnH,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC"}

package/lib/libs/core/constants.d.ts

@@ -0,0 +1,10 @@
+export declare const CUSTOM_PERMS_QUERY = "SELECT Id,MasterLabel,DeveloperName FROM CustomPermission";
+export declare const PROFILES_QUERY = "SELECT Profile.Name,Profile.UserType,IsCustom FROM PermissionSet WHERE IsOwnedByProfile = TRUE";
+export declare const PERMISSION_SETS_QUERY = "SELECT Name,Label,IsCustom,NamespacePrefix FROM PermissionSet WHERE IsOwnedByProfile = FALSE AND NamespacePrefix = NULL";
+export declare const CONNECTED_APPS_QUERY = "SELECT Name,OptionsAllowAdminApprovedUsersOnly FROM ConnectedApplication";
+export declare const OAUTH_TOKEN_QUERY = "SELECT User.Username,UseCount,AppName FROM OauthToken";
+export declare const ACTIVE_USERS_QUERY = "SELECT Id,Username,UserType FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
+export declare const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
+export declare const buildPermsetAssignmentsQuery: (userIds: string[]) => string;
+export declare const buildLoginHistoryQuery: (daysToAnalayse?: number) => string;
+export declare const RETRIEVE_CACHE: string;

package/lib/libs/core/constants.js

@@ -0,0 +1,20 @@
+import path from 'node:path';
+// QUERIES
+export const CUSTOM_PERMS_QUERY = 'SELECT Id,MasterLabel,DeveloperName FROM CustomPermission';
+export const PROFILES_QUERY = 'SELECT Profile.Name,Profile.UserType,IsCustom FROM PermissionSet WHERE IsOwnedByProfile = TRUE';
+export const PERMISSION_SETS_QUERY = 'SELECT Name,Label,IsCustom,NamespacePrefix FROM PermissionSet WHERE IsOwnedByProfile = FALSE AND NamespacePrefix = NULL';
+export const CONNECTED_APPS_QUERY = 'SELECT Name,OptionsAllowAdminApprovedUsersOnly FROM ConnectedApplication';
+export const OAUTH_TOKEN_QUERY = 'SELECT User.Username,UseCount,AppName FROM OauthToken';
+export const ACTIVE_USERS_QUERY = "SELECT Id,Username,UserType FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
+export const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
+// DYNAMIC QUERIES
+export const buildPermsetAssignmentsQuery = (userIds) => `${USERS_PERMSET_ASSIGNMENTS_QUERY} AND AssigneeId IN (${userIds.map((userId) => `'${userId}'`).join(',')})`;
+export const buildLoginHistoryQuery = (daysToAnalayse) => daysToAnalayse
+    ? `${USERS_LOGIN_HISTORY_QUERY} WHERE LoginTime >= LAST_N_DAYS:${daysToAnalayse} GROUP BY LoginType,Application,UserId`
+    : `${USERS_LOGIN_HISTORY_QUERY} GROUP BY LoginType,Application,UserId`;
+// PATHS
+export const RETRIEVE_CACHE = path.join('.jsc', 'retrieves');
+// BASE QUERIES
+const USERS_LOGIN_HISTORY_QUERY = 'SELECT LoginType,Application,UserId,COUNT(Id)LoginCount,MAX(LoginTime)LastLogin FROM LoginHistory';
+const USERS_PERMSET_ASSIGNMENTS_QUERY = 'SELECT AssigneeId,PermissionSet.Name FROM PermissionSetAssignment WHERE PermissionSet.IsOwnedByProfile = FALSE AND PermissionSet.NamespacePrefix = NULL';
+//# sourceMappingURL=constants.js.map

package/lib/libs/core/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/libs/core/constants.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,UAAU;AACV,MAAM,CAAC,MAAM,kBAAkB,GAAG,2DAA2D,CAAC;AAC9F,MAAM,CAAC,MAAM,cAAc,GACzB,gGAAgG,CAAC;AACnG,MAAM,CAAC,MAAM,qBAAqB,GAChC,yHAAyH,CAAC;AAC5H,MAAM,CAAC,MAAM,oBAAoB,GAAG,0EAA0E,CAAC;AAC/G,MAAM,CAAC,MAAM,iBAAiB,GAAG,uDAAuD,CAAC;AACzF,MAAM,CAAC,MAAM,kBAAkB,GAC7B,qGAAqG,CAAC;AACxG,MAAM,CAAC,MAAM,0BAA0B,GACrC,mIAAmI,CAAC;AAEtI,kBAAkB;AAClB,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,OAAiB,EAAU,EAAE,CACxE,GAAG,+BAA+B,uBAAuB,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAE/G,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,cAAuB,EAAU,EAAE,CACxE,cAAc;IACZ,CAAC,CAAC,GAAG,yBAAyB,mCAAmC,cAAc,wCAAwC;IACvH,CAAC,CAAC,GAAG,yBAAyB,wCAAwC,CAAC;AAE3E,QAAQ;AACR,MAAM,CAAC,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAE7D,eAAe;AACf,MAAM,yBAAyB,GAC7B,mGAAmG,CAAC;AACtG,MAAM,+BAA+B,GACnC,yJAAyJ,CAAC"}