@j-schreiber/sf-cli-security-audit 0.8.4 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/lib/commands/org/audit/run.js +1 -1
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/libs/conf-init/auditConfig.js +2 -1
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/libs/conf-init/policyConfigs.d.ts +6 -0
- package/lib/libs/conf-init/policyConfigs.js +14 -0
- package/lib/libs/conf-init/policyConfigs.js.map +1 -1
- package/lib/libs/core/auditRun.d.ts +2 -0
- package/lib/libs/core/auditRun.js +6 -1
- package/lib/libs/core/auditRun.js.map +1 -1
- package/lib/libs/core/file-mgmt/schema.d.ts +1 -0
- package/lib/libs/core/file-mgmt/schema.js.map +1 -1
- package/lib/libs/core/mdapi/anySettingsMetadata.d.ts +25 -0
- package/lib/libs/core/mdapi/anySettingsMetadata.js +59 -0
- package/lib/libs/core/mdapi/anySettingsMetadata.js.map +1 -0
- package/lib/libs/core/policies/policy.d.ts +2 -1
- package/lib/libs/core/policies/policy.js +9 -4
- package/lib/libs/core/policies/policy.js.map +1 -1
- package/lib/libs/core/policies/settingsPolicy.d.ts +11 -0
- package/lib/libs/core/policies/settingsPolicy.js +81 -0
- package/lib/libs/core/policies/settingsPolicy.js.map +1 -0
- package/lib/libs/core/policyRegistry.js +5 -0
- package/lib/libs/core/policyRegistry.js.map +1 -1
- package/lib/libs/core/registries/rules/enforceSettings.d.ts +13 -0
- package/lib/libs/core/registries/rules/enforceSettings.js +57 -0
- package/lib/libs/core/registries/rules/enforceSettings.js.map +1 -0
- package/lib/libs/core/registries/settings.d.ts +8 -0
- package/lib/libs/core/registries/settings.js +51 -0
- package/lib/libs/core/registries/settings.js.map +1 -0
- package/lib/libs/core/registries/types.d.ts +1 -0
- package/lib/libs/core/registries/types.js +2 -0
- package/lib/libs/core/registries/types.js.map +1 -1
- package/lib/ux/auditRunMultiStage.d.ts +1 -1
- package/lib/ux/auditRunMultiStage.js +12 -9
- package/lib/ux/auditRunMultiStage.js.map +1 -1
- package/messages/policies.general.md +12 -0
- package/messages/rules.settings.md +7 -0
- package/oclif.lock +1407 -1802
- package/oclif.manifest.json +1 -1
- package/package.json +20 -18
package/README.md
CHANGED
|
@@ -79,7 +79,7 @@ FLAG DESCRIPTIONS
|
|
|
79
79
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
80
80
|
```
|
|
81
81
|
|
|
82
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
82
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.9.1/src/commands/org/audit/init.ts)_
|
|
83
83
|
|
|
84
84
|
## `sf org audit run`
|
|
85
85
|
|
|
@@ -110,7 +110,7 @@ EXAMPLES
|
|
|
110
110
|
$ sf org audit run -o MyTargetOrg -d configs/prod
|
|
111
111
|
```
|
|
112
112
|
|
|
113
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
113
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.9.1/src/commands/org/audit/run.ts)_
|
|
114
114
|
|
|
115
115
|
## `sf org scan user-perms`
|
|
116
116
|
|
|
@@ -149,7 +149,7 @@ FLAG DESCRIPTIONS
|
|
|
149
149
|
retun 0 results).
|
|
150
150
|
```
|
|
151
151
|
|
|
152
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
152
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.9.1/src/commands/org/scan/user-perms.ts)_
|
|
153
153
|
|
|
154
154
|
<!-- commandsstop -->
|
|
155
155
|
|
|
@@ -37,7 +37,7 @@ export default class OrgAuditRun extends SfCommand {
|
|
|
37
37
|
const auditRun = startAuditRun(flags['source-dir']);
|
|
38
38
|
stageOutput.startPolicyResolve(auditRun);
|
|
39
39
|
await auditRun.resolve(flags['target-org'].getConnection(flags['api-version']));
|
|
40
|
-
stageOutput.startRuleExecution();
|
|
40
|
+
stageOutput.startRuleExecution(auditRun);
|
|
41
41
|
const partialResult = await auditRun.execute(flags['target-org'].getConnection(flags['api-version']));
|
|
42
42
|
const result = { orgId: flags['target-org'].getOrgId(), ...partialResult };
|
|
43
43
|
stageOutput.finish();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QACpD,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAChF,WAAW,CAAC,kBAAkB,
|
|
1
|
+
{"version":3,"file":"run.js","sourceRoot":"","sources":["../../../../src/commands/org/audit/run.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC/E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,aAAa,EAAE,MAAM,gCAAgC,CAAC;AAC/D,OAAO,wBAAwB,MAAM,mCAAmC,CAAC;AACzE,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAC;AAEzD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,CAAC,MAAM,UAAU,GAAG,UAAU,CAAC;AAQrC,MAAM,CAAC,OAAO,OAAO,WAAY,SAAQ,SAA4B;IAC5D,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,SAAS,CAAC;YAC5B,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,OAAO,EAAE,EAAE;SACZ,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;KACrC,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAChD,MAAM,WAAW,GAAG,wBAAwB,CAAC,MAAM,CAAC;YAClD,iBAAiB,EAAE,KAAK,CAAC,YAAY,CAAC;YACtC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE;YAC9E,WAAW,EAAE,KAAK,CAAC,IAAI;SACxB,CAAC,CAAC;QACH,WAAW,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,aAAa,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QACpD,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QAChF,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACzC,MAAM,aAAa,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QACtG,MAAM,MAAM,GAAG,EAAE,KAAK,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,aAAa,EAAE,CAAC;QAC3E,WAAW,CAAC,MAAM,EAAE,CAAC;QACrB,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,CAAC;IACjC,CAAC;IAEO,YAAY,CAAC,MAAmB;QACtC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClC,KAAK,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,yBAAyB,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YAC1D,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,oBAAoB,CAAC,MAAmB;QAC9C,MAAM,YAAY,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC;QACtD,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC,CAAC,CAAC;YACvE,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC;YAC7E,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;IAC7F,CAAC;IAEO,yBAAyB,CAAC,UAAkB,EAAE,aAAgC;QACpF,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,CAAC;YAC3B,OAAO;QACT,CAAC;QACD,MAAM,YAAY,GAAG,4BAA4B,CAAC,aAAa,CAAC,CAAC;QACjE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,YAAY;gBAClB,KAAK,EAAE,0BAA0B,UAAU,CAAC,UAAU,CAAC,MAAM;gBAC7D,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE;aAClC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,mBAAmB,CAAC,aAAwD;QAClF,KAAK,MAAM,eAAe,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7G,IAAI,CAAC,KAAK,CAAC;gBACT,IAAI,EAAE,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;oBAC9C,GAAG,IAAI;oBACP,UAAU,EAAE,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,CAAC;iBACrG,CAAC,CAAC;gBACH,KAAK,EAAE,kBAAkB,eAAe,CAAC,QAAQ,EAAE;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,MAAmB,EAAE,KAAuB;QAC9D,MAAM,QAAQ,GAAG,UAAU,KAAK,CAAC,YAAY,CAAC,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC1D,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,2BAA2B,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACxE,OAAO,QAAQ,CAAC;IAClB,CAAC;;AAkBH,SAAS,wBAAwB,CAAC,MAAmB;IACnD,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC;SACnC,MAAM,CAAC,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC;SACpD,GAAG,CAAC,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,EAAE;QACnC,MAAM,aAAa,GAAG,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QACzG,OAAO;YACL,MAAM,EAAE,UAAU,CAAC,UAAU,CAAC;YAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,aAAa;YACb,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;YAC3D,eAAe,EAAE,aAAa,CAAC,eAAe,EAAE,MAAM,IAAI,CAAC;SAC5D,CAAC;IACJ,CAAC,CAAC,CAAC;AACP,CAAC;AAED,SAAS,4BAA4B,CAAC,MAAyB;IAC7D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,WAAW,CAAC,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,EAAE,QAAQ;QACd,WAAW,EAAE,WAAW,CAAC,WAAW;QACpC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,EAAE,MAAM,IAAI,CAAC;QAC7D,gBAAgB,EAAE,WAAW,CAAC,gBAAgB,EAAE,MAAM,IAAI,CAAC;QAC3D,UAAU,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;QACzC,QAAQ,EAAE,WAAW,CAAC,QAAQ,CAAC,MAAM;QACrC,MAAM,EAAE,WAAW,CAAC,MAAM,CAAC,MAAM;KAClC,CAAC,CAAC,CAAC;AACN,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { DefaultFileManager } from '../core/file-mgmt/auditConfigFileManager.js';
|
|
2
2
|
import { initCustomPermissions, initUserPermissions } from './permissionsClassification.js';
|
|
3
|
-
import { initConnectedApps, initPermissionSets, initProfiles, initUsers } from './policyConfigs.js';
|
|
3
|
+
import { initConnectedApps, initPermissionSets, initProfiles, initSettings, initUsers } from './policyConfigs.js';
|
|
4
4
|
/**
|
|
5
5
|
* Exposes key functionality to load an audit config as static methods. This makes
|
|
6
6
|
* it easy to mock the results during tests.
|
|
@@ -23,6 +23,7 @@ export default class AuditConfig {
|
|
|
23
23
|
conf.policies.permissionSets = { content: await initPermissionSets(targetCon) };
|
|
24
24
|
conf.policies.users = { content: await initUsers(targetCon) };
|
|
25
25
|
conf.policies.connectedApps = { content: initConnectedApps() };
|
|
26
|
+
conf.policies.settings = { content: initSettings() };
|
|
26
27
|
// eslint-disable-next-line @typescript-eslint/prefer-nullish-coalescing
|
|
27
28
|
if (opts?.targetDir || opts?.targetDir === '') {
|
|
28
29
|
DefaultFileManager.save(opts.targetDir, conf);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"auditConfig.js","sourceRoot":"","sources":["../../../src/libs/conf-init/auditConfig.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,kBAAkB,EAAE,MAAM,6CAA6C,CAAC;AACjF,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,gCAAgC,CAAC;AAC5F,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,YAAY,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAiBlH;;;GAGG;AACH,MAAM,CAAC,OAAO,OAAO,WAAW;IAC9B;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,SAAqB,EAAE,IAAuB;QACrE,MAAM,IAAI,GAAmB,EAAE,eAAe,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACnE,IAAI,CAAC,eAAe,CAAC,eAAe,GAAG,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC;QACvG,MAAM,WAAW,GAAG,MAAM,qBAAqB,CAAC,SAAS,CAAC,CAAC;QAC3D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,eAAe,CAAC,iBAAiB,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;QACpE,CAAC;QACD,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,cAAc,GAAG,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,IAAI,CAAC,QAAQ,CAAC,KAAK,GAAG,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;QAC9D,IAAI,CAAC,QAAQ,CAAC,aAAa,GAAG,EAAE,OAAO,EAAE,iBAAiB,EAAE,EAAE,CAAC;QAC/D,IAAI,CAAC,QAAQ,CAAC,QAAQ,GAAG,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,CAAC;QACrD,wEAAwE;QACxE,IAAI,IAAI,EAAE,SAAS,IAAI,IAAI,EAAE,SAAS,KAAK,EAAE,EAAE,CAAC;YAC9C,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACI,MAAM,CAAC,IAAI,CAAC,SAAiB;QAClC,OAAO,kBAAkB,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;CACF"}
|
|
@@ -23,6 +23,12 @@ export declare function initPermissionSets(targetOrgCon: Connection): Promise<Pe
|
|
|
23
23
|
* @returns
|
|
24
24
|
*/
|
|
25
25
|
export declare function initConnectedApps(): BasePolicyFileContent;
|
|
26
|
+
/**
|
|
27
|
+
* Initialises a new settings policy with default rules enabled.
|
|
28
|
+
*
|
|
29
|
+
* @returns
|
|
30
|
+
*/
|
|
31
|
+
export declare function initSettings(): BasePolicyFileContent;
|
|
26
32
|
/**
|
|
27
33
|
* Initialises a users policy with all users flagged as standard user
|
|
28
34
|
*
|
|
@@ -63,6 +63,20 @@ export function initConnectedApps() {
|
|
|
63
63
|
});
|
|
64
64
|
return content;
|
|
65
65
|
}
|
|
66
|
+
/**
|
|
67
|
+
* Initialises a new settings policy with default rules enabled.
|
|
68
|
+
*
|
|
69
|
+
* @returns
|
|
70
|
+
*/
|
|
71
|
+
export function initSettings() {
|
|
72
|
+
const content = { enabled: true, rules: {} };
|
|
73
|
+
['Security', 'UserInterface', 'UserManagement', 'ConnectedApp'].forEach((settingName) => {
|
|
74
|
+
content.rules[`Enforce${settingName}Settings`] = {
|
|
75
|
+
enabled: true,
|
|
76
|
+
};
|
|
77
|
+
});
|
|
78
|
+
return content;
|
|
79
|
+
}
|
|
66
80
|
/**
|
|
67
81
|
* Initialises a users policy with all users flagged as standard user
|
|
68
82
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policyConfigs.js","sourceRoot":"","sources":["../../../src/libs/conf-init/policyConfigs.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEjG,OAAO,EAIL,iBAAiB,GAElB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,YAAwB;IACzD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IACzE,MAAM,OAAO,GAA8B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACtF,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACxF,CAAC,CAAC,CAAC;IACH,cAAc,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC7D,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,qBAAqB,CAAC,CAAC;IAChF,MAAM,OAAO,GAA8B;QACzC,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,EAAE;QACT,cAAc,EAAE,EAAE;KACnB,CAAC;IACF,QAAQ,CAAC,OAAO;SACb,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;SACjD,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzB,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACtF,CAAC,CAAC,CAAC;IACL,cAAc,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QACnE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,OAAO,GAA0B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACpE,cAAc,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAClE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,YAAwB;IACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,KAAK,CAAO,kBAAkB,CAAC,CAAC;IACjE,MAAM,OAAO,GAA2B;QACtC,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QACpC,KAAK,EAAE,EAAE;QACT,KAAK,EAAE,EAAE;KACV,CAAC;IACF,qFAAqF;IACrF,OAAO,CAAC,OAAO,CAAC,8BAA8B,GAAG,EAAE,CAAC;IACpD,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;QACnC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAClF,CAAC,CAAC,CAAC;IACH,cAAc,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC1D,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
1
|
+
{"version":3,"file":"policyConfigs.js","sourceRoot":"","sources":["../../../src/libs/conf-init/policyConfigs.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEjG,OAAO,EAIL,iBAAiB,GAElB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,YAAwB;IACzD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,cAAc,CAAC,CAAC;IACzE,MAAM,OAAO,GAA8B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACtF,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACxF,CAAC,CAAC,CAAC;IACH,cAAc,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC7D,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IAC/D,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,KAAK,CAAgB,qBAAqB,CAAC,CAAC;IAChF,MAAM,OAAO,GAA8B;QACzC,OAAO,EAAE,IAAI;QACb,KAAK,EAAE,EAAE;QACT,cAAc,EAAE,EAAE;KACnB,CAAC;IACF,QAAQ,CAAC,OAAO;SACb,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC;SACjD,OAAO,CAAC,CAAC,aAAa,EAAE,EAAE;QACzB,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACtF,CAAC,CAAC,CAAC;IACL,cAAc,CAAC,cAAc,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QACnE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,OAAO,GAA0B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACpE,cAAc,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAClE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,OAAO,GAA0B,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;IACpE,CAAC,UAAU,EAAE,eAAe,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;QACtF,OAAO,CAAC,KAAK,CAAC,UAAU,WAAW,UAAU,CAAC,GAAG;YAC/C,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,YAAwB;IACtD,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,KAAK,CAAO,kBAAkB,CAAC,CAAC;IACjE,MAAM,OAAO,GAA2B;QACtC,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QACpC,KAAK,EAAE,EAAE;QACT,KAAK,EAAE,EAAE;KACV,CAAC;IACF,qFAAqF;IACrF,OAAO,CAAC,OAAO,CAAC,8BAA8B,GAAG,EAAE,CAAC;IACpD,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;QACnC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAClF,CAAC,CAAC,CAAC;IACH,cAAc,CAAC,KAAK,CAAC,eAAe,EAAE,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;QAC1D,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG;YACxB,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -2,6 +2,7 @@ import EventEmitter from 'node:events';
|
|
|
2
2
|
import { Connection } from '@salesforce/core';
|
|
3
3
|
import { AuditResult } from './result-types.js';
|
|
4
4
|
import { AuditRunConfig } from './file-mgmt/schema.js';
|
|
5
|
+
import { PolicyNames } from './policyRegistry.js';
|
|
5
6
|
import Policy from './policies/policy.js';
|
|
6
7
|
type PolicyMap = Record<string, Policy<unknown>>;
|
|
7
8
|
export declare function startAuditRun(directoryPath: string): AuditRun;
|
|
@@ -17,6 +18,7 @@ export default class AuditRun extends EventEmitter {
|
|
|
17
18
|
configs: AuditRunConfig;
|
|
18
19
|
private executablePolicies?;
|
|
19
20
|
constructor(configs: AuditRunConfig);
|
|
21
|
+
getExecutableRulesCount(policyName: PolicyNames): number;
|
|
20
22
|
/**
|
|
21
23
|
* Loads all policies, resolves entities and caches the results.
|
|
22
24
|
*
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
// import fs from 'node:fs';
|
|
2
1
|
import EventEmitter from 'node:events';
|
|
3
2
|
import { loadAuditConfig } from './file-mgmt/auditConfigFileManager.js';
|
|
4
3
|
import { policyDefs } from './policyRegistry.js';
|
|
@@ -16,6 +15,12 @@ export default class AuditRun extends EventEmitter {
|
|
|
16
15
|
super();
|
|
17
16
|
this.configs = configs;
|
|
18
17
|
}
|
|
18
|
+
getExecutableRulesCount(policyName) {
|
|
19
|
+
if (this.executablePolicies?.[policyName] !== undefined) {
|
|
20
|
+
return this.executablePolicies[policyName].getExecutableRules().length;
|
|
21
|
+
}
|
|
22
|
+
return 0;
|
|
23
|
+
}
|
|
19
24
|
/**
|
|
20
25
|
* Loads all policies, resolves entities and caches the results.
|
|
21
26
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/core/auditRun.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/core/auditRun.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAIvC,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,UAAU,EAAe,MAAM,qBAAqB,CAAC;AAM9D,MAAM,UAAU,aAAa,CAAC,aAAqB;IACjD,MAAM,IAAI,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;IAC5C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAQD;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,YAAY;IAGtB;IAFlB,kBAAkB,CAAa;IAEvC,YAA0B,OAAuB;QAC/C,KAAK,EAAE,CAAC;QADgB,YAAO,GAAP,OAAO,CAAgB;IAEjD,CAAC;IAEM,uBAAuB,CAAC,UAAuB;QACpD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,kBAAkB,EAAE,CAAC,MAAM,CAAC;QACzE,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC;QACjC,CAAC;QACD,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,qBAAqB,GAAiD,EAAE,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC5D,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,SAAqB;QACxC,IAAI,CAAC,kBAAkB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QACtE,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC;YACjC,QAAQ,EAAE,OAAO;SAClB,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,EAAE;YACrE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,UAAyB,CAAC,CAAC,OAAO,CAC7D,YAAoC,CAAC,OAAO,EAC7C,MAAM,CACP,CAAC;YACF,MAAM,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,YAAoD,EAAE,EAAE;gBAC3F,IAAI,CAAC,IAAI,CAAC,iBAAiB,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,SAAS,WAAW,CAAC,OAAmB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAmB,EAAE,mBAA+B;IAC7E,MAAM,YAAY,GAAsC,EAAE,CAAC;IAC3D,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE;QAC3D,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,WAAW,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QACnC,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -112,6 +112,7 @@ export type AuditRunConfigPolicies = {
|
|
|
112
112
|
profiles?: ConfigFile<ProfilesPolicyFileContent>;
|
|
113
113
|
permissionSets?: ConfigFile<PermSetsPolicyFileContent>;
|
|
114
114
|
connectedApps?: ConfigFile<BasePolicyFileContent>;
|
|
115
|
+
settings?: ConfigFile<BasePolicyFileContent>;
|
|
115
116
|
users?: ConfigFile<UsersPolicyFileContent>;
|
|
116
117
|
};
|
|
117
118
|
export type AuditRunConfig = {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACnC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;AAElE,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAElD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,YAAY,CAAC;IAC9C,0BAA0B,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChG,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,YAAY,CAAC;IACzD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAChD,CAAC,CAAC;AAEH,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3D,KAAK,EAAE,QAAQ;IACf,OAAO,EAAE,iBAAiB;CAC3B,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC,CAAC;AAE5F,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACnC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;AAElE,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAElD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,YAAY,CAAC;IAC9C,0BAA0B,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChG,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,YAAY,CAAC;IACzD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAChD,CAAC,CAAC;AAEH,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3D,KAAK,EAAE,QAAQ;IACf,OAAO,EAAE,iBAAiB;CAC3B,CAAC,CAAC;AAgDH,MAAM,UAAU,mBAAmB,CAAC,GAAY;IAC9C,OAAQ,GAAqC,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AACnF,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { Connection } from '@salesforce/core';
|
|
2
|
+
export type SalesforceSetting = {
|
|
3
|
+
[settingsKey: string]: unknown;
|
|
4
|
+
};
|
|
5
|
+
/**
|
|
6
|
+
* A generic loosely-typed retriever for settings metadata
|
|
7
|
+
*/
|
|
8
|
+
export default class AnySettingsMetadata {
|
|
9
|
+
private con;
|
|
10
|
+
private parser;
|
|
11
|
+
private retrieveType;
|
|
12
|
+
constructor(con: Connection);
|
|
13
|
+
/**
|
|
14
|
+
* Retrieves a list of Salesforce settings by name. Returns a map of
|
|
15
|
+
* the settings, organized by their name and a generic losely typed
|
|
16
|
+
* content
|
|
17
|
+
*
|
|
18
|
+
* @param con
|
|
19
|
+
* @param settingNames
|
|
20
|
+
* @returns
|
|
21
|
+
*/
|
|
22
|
+
resolve(settingNames: string[]): Promise<Map<string, SalesforceSetting>>;
|
|
23
|
+
private parseSettingsContent;
|
|
24
|
+
private parseSourceFile;
|
|
25
|
+
}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { readFileSync } from 'node:fs';
|
|
2
|
+
import { ComponentSet } from '@salesforce/source-deploy-retrieve';
|
|
3
|
+
import { XMLParser } from 'fast-xml-parser';
|
|
4
|
+
import { cleanRetrieveDir, retrieve } from './metadataRegistryEntry.js';
|
|
5
|
+
/**
|
|
6
|
+
* A generic loosely-typed retriever for settings metadata
|
|
7
|
+
*/
|
|
8
|
+
export default class AnySettingsMetadata {
|
|
9
|
+
con;
|
|
10
|
+
parser;
|
|
11
|
+
retrieveType;
|
|
12
|
+
constructor(con) {
|
|
13
|
+
this.con = con;
|
|
14
|
+
this.parser = new XMLParser();
|
|
15
|
+
this.retrieveType = 'Settings';
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Retrieves a list of Salesforce settings by name. Returns a map of
|
|
19
|
+
* the settings, organized by their name and a generic losely typed
|
|
20
|
+
* content
|
|
21
|
+
*
|
|
22
|
+
* @param con
|
|
23
|
+
* @param settingNames
|
|
24
|
+
* @returns
|
|
25
|
+
*/
|
|
26
|
+
async resolve(settingNames) {
|
|
27
|
+
const cmpSet = new ComponentSet();
|
|
28
|
+
if (settingNames.length === 0) {
|
|
29
|
+
return new Map();
|
|
30
|
+
}
|
|
31
|
+
for (const settingName of settingNames) {
|
|
32
|
+
cmpSet.add({ type: this.retrieveType, fullName: settingName });
|
|
33
|
+
}
|
|
34
|
+
const retrieveResult = await retrieve(cmpSet, this.con);
|
|
35
|
+
const result = this.parseSettingsContent(settingNames, retrieveResult.components);
|
|
36
|
+
cleanRetrieveDir(retrieveResult.getFileResponses());
|
|
37
|
+
return result;
|
|
38
|
+
}
|
|
39
|
+
parseSettingsContent(settingNames, components) {
|
|
40
|
+
const result = new Map();
|
|
41
|
+
for (const settingName of settingNames) {
|
|
42
|
+
const cmps = components.getSourceComponents({ type: this.retrieveType, fullName: settingName }).toArray();
|
|
43
|
+
const settingsContent = this.parseSourceFile(cmps, `${settingName}Settings`);
|
|
44
|
+
if (settingsContent) {
|
|
45
|
+
result.set(settingName, settingsContent);
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
return result;
|
|
49
|
+
}
|
|
50
|
+
parseSourceFile(cmps, rootNodeName) {
|
|
51
|
+
if (cmps.length > 0 && cmps[0].xml) {
|
|
52
|
+
const fileContent = readFileSync(cmps[0].xml, 'utf-8');
|
|
53
|
+
const rawFileContent = this.parser.parse(fileContent);
|
|
54
|
+
return rawFileContent[rootNodeName];
|
|
55
|
+
}
|
|
56
|
+
return null;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
//# sourceMappingURL=anySettingsMetadata.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"anySettingsMetadata.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/anySettingsMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,OAAO,EAAE,YAAY,EAAmB,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AAMxE;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,mBAAmB;IAIX;IAHnB,MAAM,CAAC;IACP,YAAY,CAAC;IAErB,YAA2B,GAAe;QAAf,QAAG,GAAH,GAAG,CAAY;QACxC,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC;IACjC,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,OAAO,CAAC,YAAsB;QACzC,MAAM,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,GAAG,EAAE,CAAC;QACnB,CAAC;QACD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,YAAY,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;QAClF,gBAAgB,CAAC,cAAc,CAAC,gBAAgB,EAAE,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,oBAAoB,CAAC,YAAsB,EAAE,UAAwB;QAC3E,MAAM,MAAM,GAAG,IAAI,GAAG,EAA6B,CAAC;QACpD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,UAAU,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;YAC1G,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,GAAG,WAAW,UAAU,CAAC,CAAC;YAC7E,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,eAAe,CAAC,IAAuB,EAAE,YAAoB;QACnE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACvD,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAA4B,CAAC;YACjF,OAAO,cAAc,CAAC,YAAY,CAA4B,CAAC;QACjE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|
|
@@ -2,7 +2,7 @@ import EventEmitter from 'node:events';
|
|
|
2
2
|
import { AuditPolicyResult, EntityResolveError } from '../result-types.js';
|
|
3
3
|
import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
|
|
4
4
|
import RuleRegistry, { RegistryRuleResolveResult } from '../registries/ruleRegistry.js';
|
|
5
|
-
import { AuditContext, IPolicy } from '../registries/types.js';
|
|
5
|
+
import { AuditContext, IPolicy, RowLevelPolicyRule } from '../registries/types.js';
|
|
6
6
|
export type ResolveEntityResult<T> = {
|
|
7
7
|
resolvedEntities: Record<string, T>;
|
|
8
8
|
ignoredEntities: EntityResolveError[];
|
|
@@ -14,6 +14,7 @@ export default abstract class Policy<T> extends EventEmitter implements IPolicy
|
|
|
14
14
|
protected resolvedRules: RegistryRuleResolveResult;
|
|
15
15
|
protected entities?: ResolveEntityResult<T>;
|
|
16
16
|
constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry: RuleRegistry);
|
|
17
|
+
getExecutableRules(): Array<RowLevelPolicyRule<T>>;
|
|
17
18
|
/**
|
|
18
19
|
* Resolves all entities of the policy.
|
|
19
20
|
*/
|
|
@@ -12,6 +12,9 @@ export default class Policy extends EventEmitter {
|
|
|
12
12
|
this.registry = registry;
|
|
13
13
|
this.resolvedRules = registry.resolveRules(config.rules, auditConfig);
|
|
14
14
|
}
|
|
15
|
+
getExecutableRules() {
|
|
16
|
+
return this.resolvedRules.enabledRules;
|
|
17
|
+
}
|
|
15
18
|
/**
|
|
16
19
|
* Resolves all entities of the policy.
|
|
17
20
|
*/
|
|
@@ -21,9 +24,7 @@ export default class Policy extends EventEmitter {
|
|
|
21
24
|
if (!this.config.enabled) {
|
|
22
25
|
return { resolvedEntities: {}, ignoredEntities: [] };
|
|
23
26
|
}
|
|
24
|
-
|
|
25
|
-
this.entities = await this.resolveEntities(context);
|
|
26
|
-
}
|
|
27
|
+
this.entities ??= await this.resolveEntities(context);
|
|
27
28
|
return this.entities;
|
|
28
29
|
}
|
|
29
30
|
/**
|
|
@@ -52,6 +53,7 @@ export default class Policy extends EventEmitter {
|
|
|
52
53
|
const ruleResults = await Promise.all(ruleResultPromises);
|
|
53
54
|
const executedRules = {};
|
|
54
55
|
for (const ruleResult of ruleResults) {
|
|
56
|
+
// only fill compliant & violated entities, if they have not been set already
|
|
55
57
|
const { compliantEntities, violatedEntities } = evalResolvedEntities(ruleResult, resolveResult);
|
|
56
58
|
executedRules[ruleResult.ruleName] = {
|
|
57
59
|
...ruleResult,
|
|
@@ -90,7 +92,10 @@ function evalResolvedEntities(ruleResult, entities) {
|
|
|
90
92
|
compliantEntities.push(entityIdentifier);
|
|
91
93
|
}
|
|
92
94
|
});
|
|
93
|
-
return {
|
|
95
|
+
return {
|
|
96
|
+
compliantEntities: ruleResult.compliantEntities ?? compliantEntities,
|
|
97
|
+
violatedEntities: ruleResult.violatedEntities ?? Array.from(violatedEntities),
|
|
98
|
+
};
|
|
94
99
|
}
|
|
95
100
|
export function getTotal(resolveResult) {
|
|
96
101
|
const resolvedCount = resolveResult.resolvedEntities ? Object.keys(resolveResult.resolvedEntities).length : 0;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAUvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAKjD;IACA;IACG;IANF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACS,MAA6B,EAC7B,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QAJD,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAUvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAKjD;IACA;IACG;IANF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACS,MAA6B,EAC7B,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QAJD,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;IACzC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,GAAG,CAAC,OAAqB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,OAAO,EAAE,KAAK;gBACd,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,EAAE;gBACnB,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAoC,CAAC;QACzE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,aAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACtG,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,6EAA6E;YAC7E,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAI,UAAU,EAAE,aAAa,CAAC,CAAC;YACnG,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG;gBACnC,GAAG,UAAU;gBACb,WAAW,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBAC/C,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI;YACb,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAAgC;IAEhC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO;QACL,iBAAiB,EAAE,UAAU,CAAC,iBAAiB,IAAI,iBAAiB;QACpE,gBAAgB,EAAE,UAAU,CAAC,gBAAgB,IAAI,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;KAC9E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,aAA2C;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
|
|
2
|
+
import { SalesforceSetting } from '../mdapi/anySettingsMetadata.js';
|
|
3
|
+
import { AuditContext } from '../registries/types.js';
|
|
4
|
+
import Policy, { ResolveEntityResult } from './policy.js';
|
|
5
|
+
export default class SettingsPolicy extends Policy<SalesforceSetting> {
|
|
6
|
+
config: BasePolicyFileContent;
|
|
7
|
+
auditConfig: AuditRunConfig;
|
|
8
|
+
constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/settings.js").default);
|
|
9
|
+
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<SalesforceSetting>>;
|
|
10
|
+
private removeInvalidSettingsFromResolvedRules;
|
|
11
|
+
}
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
import { Messages } from '@salesforce/core';
|
|
2
|
+
import { findSettingsName, SettingsRegistry } from '../registries/settings.js';
|
|
3
|
+
import AnySettingsMetadata from '../mdapi/anySettingsMetadata.js';
|
|
4
|
+
import Policy from './policy.js';
|
|
5
|
+
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
6
|
+
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'policies.general');
|
|
7
|
+
export default class SettingsPolicy extends Policy {
|
|
8
|
+
config;
|
|
9
|
+
auditConfig;
|
|
10
|
+
constructor(config, auditConfig, registry = SettingsRegistry) {
|
|
11
|
+
super(config, auditConfig, registry);
|
|
12
|
+
this.config = config;
|
|
13
|
+
this.auditConfig = auditConfig;
|
|
14
|
+
}
|
|
15
|
+
async resolveEntities(context) {
|
|
16
|
+
const numberOfRules = Object.keys(this.config.rules).length;
|
|
17
|
+
this.emit('entityresolve', {
|
|
18
|
+
total: numberOfRules,
|
|
19
|
+
resolved: 0,
|
|
20
|
+
});
|
|
21
|
+
const settingNames = extractSettingNames(this.config.rules);
|
|
22
|
+
const settingsRetriever = new AnySettingsMetadata(context.targetOrgConnection);
|
|
23
|
+
const actuallyResolvedSettings = await settingsRetriever.resolve(settingNames);
|
|
24
|
+
this.removeInvalidSettingsFromResolvedRules(actuallyResolvedSettings);
|
|
25
|
+
this.emit('entityresolve', {
|
|
26
|
+
total: numberOfRules,
|
|
27
|
+
resolved: actuallyResolvedSettings.size,
|
|
28
|
+
});
|
|
29
|
+
return {
|
|
30
|
+
resolvedEntities: convertToRecord(actuallyResolvedSettings),
|
|
31
|
+
ignoredEntities: findIgnoredEntities(actuallyResolvedSettings, this.config.rules),
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
removeInvalidSettingsFromResolvedRules(validSettings) {
|
|
35
|
+
this.resolvedRules.enabledRules.forEach((rule, index) => {
|
|
36
|
+
if (isEnforceSettingsRule(rule)) {
|
|
37
|
+
if (!validSettings.has(rule.settingName)) {
|
|
38
|
+
this.resolvedRules.enabledRules.splice(index, 1);
|
|
39
|
+
this.resolvedRules.skippedRules.push({
|
|
40
|
+
name: rule.ruleDisplayName,
|
|
41
|
+
skipReason: messages.getMessage('skip-reason.failed-to-resolve-setting', [rule.settingName]),
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
});
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
function isEnforceSettingsRule(cls) {
|
|
49
|
+
return cls.ruleDisplayName !== undefined;
|
|
50
|
+
}
|
|
51
|
+
function convertToRecord(settingsMap) {
|
|
52
|
+
const result = {};
|
|
53
|
+
for (const [settingsName, settingsValue] of settingsMap.entries()) {
|
|
54
|
+
result[settingsName] = settingsValue;
|
|
55
|
+
}
|
|
56
|
+
return result;
|
|
57
|
+
}
|
|
58
|
+
function findIgnoredEntities(settingsMap, rules) {
|
|
59
|
+
const result = new Array();
|
|
60
|
+
for (const ruleName of Object.keys(rules)) {
|
|
61
|
+
const maybeName = findSettingsName(ruleName);
|
|
62
|
+
if (!maybeName) {
|
|
63
|
+
continue;
|
|
64
|
+
}
|
|
65
|
+
if (!settingsMap.has(maybeName) || !settingsMap.get(maybeName)) {
|
|
66
|
+
result.push({ name: maybeName, message: messages.getMessage('resolve-error.failed-to-resolve-setting') });
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
return result;
|
|
70
|
+
}
|
|
71
|
+
function extractSettingNames(rules) {
|
|
72
|
+
const names = [];
|
|
73
|
+
for (const ruleName of Object.keys(rules)) {
|
|
74
|
+
const maybeName = findSettingsName(ruleName);
|
|
75
|
+
if (maybeName) {
|
|
76
|
+
names.push(maybeName);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
return names;
|
|
80
|
+
}
|
|
81
|
+
//# sourceMappingURL=settingsPolicy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"settingsPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/settingsPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC/E,OAAO,mBAA0C,MAAM,iCAAiC,CAAC;AAIzF,OAAO,MAA+B,MAAM,aAAa,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAyB;IAE1D;IACA;IAFT,YACS,MAA6B,EAC7B,WAA2B,EAClC,QAAQ,GAAG,gBAAgB;QAE3B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;IAIpC,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QAC5D,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,aAAa;YACpB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5D,MAAM,iBAAiB,GAAG,IAAI,mBAAmB,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC/E,MAAM,wBAAwB,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC/E,IAAI,CAAC,sCAAsC,CAAC,wBAAwB,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,aAAa;YACpB,QAAQ,EAAE,wBAAwB,CAAC,IAAI;SACxC,CAAC,CAAC;QACH,OAAO;YACL,gBAAgB,EAAE,eAAe,CAAC,wBAAwB,CAAC;YAC3D,eAAe,EAAE,mBAAmB,CAAC,wBAAwB,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;SAClF,CAAC;IACJ,CAAC;IAEO,sCAAsC,CAAC,aAA6C;QAC1F,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YACtD,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;oBACzC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;oBACjD,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC;wBACnC,IAAI,EAAE,IAAI,CAAC,eAAe;wBAC1B,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,uCAAuC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;qBAC7F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,qBAAqB,CAAC,GAAY;IACzC,OAAQ,GAAuB,CAAC,eAAe,KAAK,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,eAAe,CAAC,WAA2C;IAClE,MAAM,MAAM,GAAsC,EAAE,CAAC;IACrD,KAAK,MAAM,CAAC,YAAY,EAAE,aAAa,CAAC,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;QAClE,MAAM,CAAC,YAAY,CAAC,GAAG,aAAa,CAAC;IACvC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAAC,WAA2C,EAAE,KAAc;IACtF,MAAM,MAAM,GAAG,IAAI,KAAK,EAAsB,CAAC;IAC/C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/D,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yCAAyC,CAAC,EAAE,CAAC,CAAC;QAC5G,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,KAAK,GAAG,EAAE,CAAC;IACjB,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,SAAS,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -3,6 +3,7 @@ import ConnectedAppPolicy from './policies/connectedAppPolicy.js';
|
|
|
3
3
|
import PermissionSetPolicy from './policies/permissionSetPolicy.js';
|
|
4
4
|
import ProfilePolicy from './policies/profilePolicy.js';
|
|
5
5
|
import UserPolicy from './policies/userPolicy.js';
|
|
6
|
+
import SettingsPolicy from './policies/settingsPolicy.js';
|
|
6
7
|
export const classificationDefs = {
|
|
7
8
|
userPermissions: {
|
|
8
9
|
schema: PermissionsConfigFileSchema,
|
|
@@ -34,5 +35,9 @@ export const policyDefs = {
|
|
|
34
35
|
handler: UserPolicy,
|
|
35
36
|
schema: UsersPolicyFileSchema,
|
|
36
37
|
},
|
|
38
|
+
settings: {
|
|
39
|
+
handler: SettingsPolicy,
|
|
40
|
+
schema: PolicyFileSchema,
|
|
41
|
+
},
|
|
37
42
|
};
|
|
38
43
|
//# sourceMappingURL=policyRegistry.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policyRegistry.js","sourceRoot":"","sources":["../../../src/libs/core/policyRegistry.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,2BAA2B,EAC3B,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,kBAAkB,MAAM,kCAAkC,CAAC;AAClE,OAAO,mBAAmB,MAAM,mCAAmC,CAAC;AAEpE,OAAO,aAAa,MAAM,6BAA6B,CAAC;AACxD,OAAO,UAAU,MAAM,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"policyRegistry.js","sourceRoot":"","sources":["../../../src/libs/core/policyRegistry.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,2BAA2B,EAC3B,wBAAwB,EACxB,gBAAgB,EAChB,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,kBAAkB,MAAM,kCAAkC,CAAC;AAClE,OAAO,mBAAmB,MAAM,mCAAmC,CAAC;AAEpE,OAAO,aAAa,MAAM,6BAA6B,CAAC;AACxD,OAAO,UAAU,MAAM,0BAA0B,CAAC;AAClD,OAAO,cAAc,MAAM,8BAA8B,CAAC;AAE1D,MAAM,CAAC,MAAM,kBAAkB,GAA2B;IACxD,eAAe,EAAE;QACf,MAAM,EAAE,2BAA2B;KACpC;IACD,iBAAiB,EAAE;QACjB,MAAM,EAAE,2BAA2B;KACpC;CACF,CAAC;AAOF,MAAM,CAAC,MAAM,UAAU,GAAmB;IACxC,QAAQ,EAAE;QACR,OAAO,EAAE,aAAa;QACtB,MAAM,EAAE,wBAAwB;QAChC,YAAY,EAAE;YACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;SACzG;KACF;IACD,cAAc,EAAE;QACd,OAAO,EAAE,mBAAmB;QAC5B,MAAM,EAAE,wBAAwB;QAChC,YAAY,EAAE;YACZ,EAAE,IAAI,EAAE,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,EAAE,SAAS,EAAE,2CAA2C,EAAE;SACzG;KACF;IACD,aAAa,EAAE;QACb,OAAO,EAAE,kBAAkB;QAC3B,MAAM,EAAE,gBAAgB;KACzB;IACD,KAAK,EAAE;QACL,OAAO,EAAE,UAAU;QACnB,MAAM,EAAE,qBAAqB;KAC9B;IACD,QAAQ,EAAE;QACR,OAAO,EAAE,cAAc;QACvB,MAAM,EAAE,gBAAgB;KACzB;CACF,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { SalesforceSetting } from '../../mdapi/anySettingsMetadata.js';
|
|
2
|
+
import { PartialPolicyRuleResult, RuleAuditContext } from '../types.js';
|
|
3
|
+
import PolicyRule, { ConfigurableRuleOptions } from './policyRule.js';
|
|
4
|
+
type EnforceSettingsOpts = ConfigurableRuleOptions<Record<string, unknown>> & {
|
|
5
|
+
settingName: string;
|
|
6
|
+
};
|
|
7
|
+
export default class EnforceSettings extends PolicyRule<unknown> {
|
|
8
|
+
private readonly ruleOptions;
|
|
9
|
+
settingName: string;
|
|
10
|
+
constructor(ruleOptions: EnforceSettingsOpts);
|
|
11
|
+
run(context: RuleAuditContext<SalesforceSetting>): Promise<PartialPolicyRuleResult>;
|
|
12
|
+
}
|
|
13
|
+
export {};
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
import { Messages } from '@salesforce/core';
|
|
2
|
+
import PolicyRule from './policyRule.js';
|
|
3
|
+
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
4
|
+
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.settings');
|
|
5
|
+
export default class EnforceSettings extends PolicyRule {
|
|
6
|
+
ruleOptions;
|
|
7
|
+
settingName;
|
|
8
|
+
constructor(ruleOptions) {
|
|
9
|
+
super(ruleOptions);
|
|
10
|
+
this.ruleOptions = ruleOptions;
|
|
11
|
+
this.settingName = this.ruleOptions.settingName;
|
|
12
|
+
}
|
|
13
|
+
run(context) {
|
|
14
|
+
const result = this.initResult();
|
|
15
|
+
const settingContent = context.resolvedEntities[this.ruleOptions.settingName];
|
|
16
|
+
const rootIdentifier = `${this.ruleOptions.settingName}Settings`;
|
|
17
|
+
checkSettings(this.ruleOptions.ruleConfig, result, [rootIdentifier], settingContent);
|
|
18
|
+
if (result.violations.length === 0) {
|
|
19
|
+
result.compliantEntities = [rootIdentifier];
|
|
20
|
+
result.violatedEntities = [];
|
|
21
|
+
}
|
|
22
|
+
else {
|
|
23
|
+
result.compliantEntities = [];
|
|
24
|
+
result.violatedEntities = [`${this.ruleOptions.settingName}Settings`];
|
|
25
|
+
}
|
|
26
|
+
return Promise.resolve(result);
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
function checkSettings(expectedValues, resultSoFar, pathSoFar, actualValues) {
|
|
30
|
+
for (const [settingsKey, expectedValue] of Object.entries(expectedValues)) {
|
|
31
|
+
const settingsPath = [...pathSoFar, settingsKey];
|
|
32
|
+
if (!actualValues || actualValues[settingsKey] === undefined) {
|
|
33
|
+
resultSoFar.warnings.push({
|
|
34
|
+
identifier: settingsPath,
|
|
35
|
+
message: messages.getMessage('warnings.property-does-not-exist'),
|
|
36
|
+
});
|
|
37
|
+
continue;
|
|
38
|
+
}
|
|
39
|
+
if (typeof expectedValue === 'object' && actualValues) {
|
|
40
|
+
checkSettings(expectedValue, resultSoFar, settingsPath, actualValues[settingsKey]);
|
|
41
|
+
}
|
|
42
|
+
else if (typeof expectedValue === 'string' ||
|
|
43
|
+
typeof expectedValue === 'boolean' ||
|
|
44
|
+
typeof expectedValue === 'number') {
|
|
45
|
+
if (expectedValue !== actualValues[settingsKey]) {
|
|
46
|
+
resultSoFar.violations.push({
|
|
47
|
+
identifier: settingsPath,
|
|
48
|
+
message: messages.getMessage('violations.expected-value-does-not-match', [
|
|
49
|
+
expectedValue,
|
|
50
|
+
String(actualValues[settingsKey]),
|
|
51
|
+
]),
|
|
52
|
+
});
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
//# sourceMappingURL=enforceSettings.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enforceSettings.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforceSettings.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAAuC,MAAM,iBAAiB,CAAC;AAEtE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,gBAAgB,CAAC,CAAC;AAM/F,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,UAAmB;IAG1B;IAF7B,WAAW,CAAC;IAEnB,YAAoC,WAAgC;QAClE,KAAK,CAAC,WAAW,CAAC,CAAC;QADe,gBAAW,GAAX,WAAW,CAAqB;QAElE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC;IAClD,CAAC;IAEM,GAAG,CAAC,OAA4C;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,cAAc,GAAG,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC9E,MAAM,cAAc,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,UAAU,CAAC;QACjE,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC,cAAc,CAAC,EAAE,cAAc,CAAC,CAAC;QACrF,IAAI,MAAM,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnC,MAAM,CAAC,iBAAiB,GAAG,CAAC,cAAc,CAAC,CAAC;YAC5C,MAAM,CAAC,gBAAgB,GAAG,EAAE,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,iBAAiB,GAAG,EAAE,CAAC;YAC9B,MAAM,CAAC,gBAAgB,GAAG,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,UAAU,CAAC,CAAC;QACxE,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF;AAED,SAAS,aAAa,CACpB,cAAiC,EACjC,WAAoC,EACpC,SAAmB,EACnB,YAAgC;IAEhC,KAAK,MAAM,CAAC,WAAW,EAAE,aAAa,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC1E,MAAM,YAAY,GAAG,CAAC,GAAG,SAAS,EAAE,WAAW,CAAC,CAAC;QACjD,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,WAAW,CAAC,KAAK,SAAS,EAAE,CAAC;YAC7D,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACxB,UAAU,EAAE,YAAY;gBACxB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;aACjE,CAAC,CAAC;YACH,SAAS;QACX,CAAC;QACD,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,YAAY,EAAE,CAAC;YACtD,aAAa,CACX,aAAkC,EAClC,WAAW,EACX,YAAY,EACZ,YAAY,CAAC,WAAW,CAAsB,CAC/C,CAAC;QACJ,CAAC;aAAM,IACL,OAAO,aAAa,KAAK,QAAQ;YACjC,OAAO,aAAa,KAAK,SAAS;YAClC,OAAO,aAAa,KAAK,QAAQ,EACjC,CAAC;YACD,IAAI,aAAa,KAAK,YAAY,CAAC,WAAW,CAAC,EAAE,CAAC;gBAChD,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC;oBAC1B,UAAU,EAAE,YAAY;oBACxB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0CAA0C,EAAE;wBACvE,aAAa;wBACb,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;qBAClC,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { AuditRunConfig, RuleMap } from '../file-mgmt/schema.js';
|
|
2
|
+
import RuleRegistry, { RegistryRuleResolveResult } from './ruleRegistry.js';
|
|
3
|
+
export default class SettingsRuleRegistry extends RuleRegistry {
|
|
4
|
+
constructor();
|
|
5
|
+
resolveRules(ruleObjs: RuleMap, auditContext: AuditRunConfig): RegistryRuleResolveResult;
|
|
6
|
+
}
|
|
7
|
+
export declare function findSettingsName(ruleName: string): string | null;
|
|
8
|
+
export declare const SettingsRegistry: SettingsRuleRegistry;
|