@j-schreiber/sf-cli-security-audit 0.9.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -6
- package/lib/commands/org/audit/init.js +7 -6
- package/lib/commands/org/audit/init.js.map +1 -1
- package/lib/commands/org/audit/run.js +1 -1
- package/lib/commands/org/audit/run.js.map +1 -1
- package/lib/libs/conf-init/auditConfig.js +9 -6
- package/lib/libs/conf-init/auditConfig.js.map +1 -1
- package/lib/libs/conf-init/permissionsClassification.d.ts +23 -3
- package/lib/libs/conf-init/permissionsClassification.js +48 -2
- package/lib/libs/conf-init/permissionsClassification.js.map +1 -1
- package/lib/libs/conf-init/policyConfigs.d.ts +9 -25
- package/lib/libs/conf-init/policyConfigs.js +16 -74
- package/lib/libs/conf-init/policyConfigs.js.map +1 -1
- package/lib/libs/conf-init/presets/loose.d.ts +2 -2
- package/lib/libs/conf-init/presets/loose.js +2 -0
- package/lib/libs/conf-init/presets/loose.js.map +1 -1
- package/lib/libs/conf-init/presets/none.d.ts +6 -6
- package/lib/libs/conf-init/presets/none.js.map +1 -1
- package/lib/libs/conf-init/presets/strict.js +2 -0
- package/lib/libs/conf-init/presets/strict.js.map +1 -1
- package/lib/libs/core/auditRun.d.ts +2 -0
- package/lib/libs/core/auditRun.js +6 -1
- package/lib/libs/core/auditRun.js.map +1 -1
- package/lib/libs/core/classification-types.d.ts +2 -2
- package/lib/libs/core/classification-types.js.map +1 -1
- package/lib/libs/core/file-mgmt/schema.d.ts +51 -19
- package/lib/libs/core/file-mgmt/schema.js +16 -4
- package/lib/libs/core/file-mgmt/schema.js.map +1 -1
- package/lib/libs/core/mdapi/anySettingsMetadata.js +3 -0
- package/lib/libs/core/mdapi/anySettingsMetadata.js.map +1 -1
- package/lib/libs/core/policies/permissionSetPolicy.d.ts +5 -4
- package/lib/libs/core/policies/permissionSetPolicy.js +7 -5
- package/lib/libs/core/policies/permissionSetPolicy.js.map +1 -1
- package/lib/libs/core/policies/policy.d.ts +2 -1
- package/lib/libs/core/policies/policy.js +4 -3
- package/lib/libs/core/policies/policy.js.map +1 -1
- package/lib/libs/core/policies/profilePolicy.d.ts +5 -4
- package/lib/libs/core/policies/profilePolicy.js +10 -9
- package/lib/libs/core/policies/profilePolicy.js.map +1 -1
- package/lib/libs/core/policies/settingsPolicy.d.ts +1 -0
- package/lib/libs/core/policies/settingsPolicy.js +18 -3
- package/lib/libs/core/policies/settingsPolicy.js.map +1 -1
- package/lib/libs/core/policies/userPolicy.d.ts +1 -0
- package/lib/libs/core/policies/userPolicy.js +5 -3
- package/lib/libs/core/policies/userPolicy.js.map +1 -1
- package/lib/libs/core/policyRegistry.js +14 -5
- package/lib/libs/core/policyRegistry.js.map +1 -1
- package/lib/libs/core/registries/helpers/permissionsScanning.d.ts +1 -3
- package/lib/libs/core/registries/helpers/permissionsScanning.js +1 -1
- package/lib/libs/core/registries/helpers/permissionsScanning.js.map +1 -1
- package/lib/libs/core/registries/ruleRegistry.js +1 -1
- package/lib/libs/core/registries/ruleRegistry.js.map +1 -1
- package/lib/libs/core/registries/rules/enforcePermissionPresets.js +2 -2
- package/lib/libs/core/registries/rules/enforcePermissionPresets.js.map +1 -1
- package/lib/libs/core/registries/rules/enforceSettings.d.ts +2 -1
- package/lib/libs/core/registries/rules/enforceSettings.js +2 -0
- package/lib/libs/core/registries/rules/enforceSettings.js.map +1 -1
- package/lib/libs/core/registries/types.d.ts +5 -5
- package/lib/libs/core/registries/types.js +5 -5
- package/lib/ux/auditRunMultiStage.d.ts +1 -1
- package/lib/ux/auditRunMultiStage.js +12 -9
- package/lib/ux/auditRunMultiStage.js.map +1 -1
- package/messages/org.audit.init.md +2 -2
- package/messages/org.audit.run.md +4 -0
- package/messages/policies.general.md +4 -0
- package/oclif.lock +1407 -1802
- package/oclif.manifest.json +1 -1
- package/package.json +22 -20
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
// import fs from 'node:fs';
|
|
2
1
|
import EventEmitter from 'node:events';
|
|
3
2
|
import { loadAuditConfig } from './file-mgmt/auditConfigFileManager.js';
|
|
4
3
|
import { policyDefs } from './policyRegistry.js';
|
|
@@ -16,6 +15,12 @@ export default class AuditRun extends EventEmitter {
|
|
|
16
15
|
super();
|
|
17
16
|
this.configs = configs;
|
|
18
17
|
}
|
|
18
|
+
getExecutableRulesCount(policyName) {
|
|
19
|
+
if (this.executablePolicies?.[policyName] !== undefined) {
|
|
20
|
+
return this.executablePolicies[policyName].getExecutableRules().length;
|
|
21
|
+
}
|
|
22
|
+
return 0;
|
|
23
|
+
}
|
|
19
24
|
/**
|
|
20
25
|
* Loads all policies, resolves entities and caches the results.
|
|
21
26
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/core/auditRun.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"auditRun.js","sourceRoot":"","sources":["../../../src/libs/core/auditRun.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAIvC,OAAO,EAAE,eAAe,EAAE,MAAM,uCAAuC,CAAC;AACxE,OAAO,EAAE,UAAU,EAAe,MAAM,qBAAqB,CAAC;AAM9D,MAAM,UAAU,aAAa,CAAC,aAAqB;IACjD,MAAM,IAAI,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;IAC5C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC5B,CAAC;AAQD;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,QAAS,SAAQ,YAAY;IAGtB;IAFlB,kBAAkB,CAAa;IAEvC,YAA0B,OAAuB;QAC/C,KAAK,EAAE,CAAC;QADgB,YAAO,GAAP,OAAO,CAAgB;IAEjD,CAAC;IAEM,uBAAuB,CAAC,UAAuB;QACpD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC,UAAU,CAAC,KAAK,SAAS,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,kBAAkB,EAAE,CAAC,MAAM,CAAC;QACzE,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,OAAO,CAAC,mBAA+B;QAClD,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC,kBAAkB,CAAC;QACjC,CAAC;QACD,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAC1D,MAAM,qBAAqB,GAAiD,EAAE,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC5D,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;QAC1E,CAAC,CAAC,CAAC;QACH,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACzC,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,SAAqB;QACxC,IAAI,CAAC,kBAAkB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACxD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,CAAC,kBAAkB,EAAE,SAAS,CAAC,CAAC;QACtE,OAAO;YACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,WAAW,EAAE,WAAW,CAAC,OAAO,CAAC;YACjC,QAAQ,EAAE,OAAO;SAClB,CAAC;IACJ,CAAC;IAEO,YAAY,CAAC,MAAsB;QACzC,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE,EAAE;YACrE,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,UAAyB,CAAC,CAAC,OAAO,CAC7D,YAAoC,CAAC,OAAO,EAC7C,MAAM,CACP,CAAC;YACF,MAAM,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,YAAoD,EAAE,EAAE;gBAC3F,IAAI,CAAC,IAAI,CAAC,iBAAiB,UAAU,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,CAAC,CAAC;YAC5E,CAAC,CAAC,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,SAAS,WAAW,CAAC,OAAmB;IACtC,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,QAAmB,EAAE,mBAA+B;IAC7E,MAAM,YAAY,GAAsC,EAAE,CAAC;IAC3D,MAAM,YAAY,GAAa,EAAE,CAAC;IAClC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE;QAC3D,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC7B,YAAY,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,OAAO,GAAe,EAAE,CAAC;IAC/B,WAAW,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;QACnC,MAAM,SAAS,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC;QAClE,OAAO,CAAC,SAAS,CAAC,GAAG,YAAY,CAAC;IACpC,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { NamedPermissionClassification } from './file-mgmt/schema.js';
|
|
2
2
|
/**
|
|
3
3
|
* Enum to classify user and custom permissions.
|
|
4
4
|
*/
|
|
@@ -17,4 +17,4 @@ export declare enum PermissionRiskLevel {
|
|
|
17
17
|
UNKNOWN = "Unknown"
|
|
18
18
|
}
|
|
19
19
|
export declare function resolveRiskLevelOrdinalValue(value: string): number;
|
|
20
|
-
export declare const classificationSorter: (a:
|
|
20
|
+
export declare const classificationSorter: (a: NamedPermissionClassification, b: NamedPermissionClassification) => number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"classification-types.js","sourceRoot":"","sources":["../../../src/libs/core/classification-types.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED,MAAM,UAAU,4BAA4B,CAAC,KAAa;IACxD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"classification-types.js","sourceRoot":"","sources":["../../../src/libs/core/classification-types.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED,MAAM,UAAU,4BAA4B,CAAC,KAAa;IACxD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAgC,EAAE,CAAgC,EAAU,EAAE,CACjH,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC"}
|
|
@@ -7,11 +7,6 @@ declare const PermissionsClassificationSchema: z.ZodObject<{
|
|
|
7
7
|
reason: z.ZodOptional<z.ZodString>;
|
|
8
8
|
classification: z.ZodEnum<typeof PermissionRiskLevel>;
|
|
9
9
|
}, z.z.core.$strip>;
|
|
10
|
-
declare const PermsClassificationsMapSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
11
|
-
label: z.ZodOptional<z.ZodString>;
|
|
12
|
-
reason: z.ZodOptional<z.ZodString>;
|
|
13
|
-
classification: z.ZodEnum<typeof PermissionRiskLevel>;
|
|
14
|
-
}, z.z.core.$strip>>;
|
|
15
10
|
declare const NamedPermissionsClassificationSchema: z.ZodObject<{
|
|
16
11
|
label: z.ZodOptional<z.ZodString>;
|
|
17
12
|
reason: z.ZodOptional<z.ZodString>;
|
|
@@ -32,6 +27,12 @@ declare const PermSetConfig: z.ZodObject<{
|
|
|
32
27
|
declare const PermSetMap: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
33
28
|
preset: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
34
29
|
}, z.z.core.$strip>>;
|
|
30
|
+
declare const ProfilesMap: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
31
|
+
preset: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
32
|
+
}, z.z.core.$strip>>;
|
|
33
|
+
declare const UserConfig: z.ZodObject<{
|
|
34
|
+
role: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
35
|
+
}, z.z.core.$strip>;
|
|
35
36
|
export declare const UsersPolicyConfig: z.ZodObject<{
|
|
36
37
|
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof ProfilesRiskPreset>>;
|
|
37
38
|
analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
|
|
@@ -66,7 +67,7 @@ export declare const PermSetsPolicyFileSchema: z.ZodObject<{
|
|
|
66
67
|
preset: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
67
68
|
}, z.z.core.$strip>>;
|
|
68
69
|
}, z.z.core.$strip>;
|
|
69
|
-
export declare const
|
|
70
|
+
export declare const PermissionsClassificationFileSchema: z.ZodObject<{
|
|
70
71
|
permissions: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
71
72
|
label: z.ZodOptional<z.ZodString>;
|
|
72
73
|
reason: z.ZodOptional<z.ZodString>;
|
|
@@ -79,38 +80,69 @@ export declare const UsersPolicyFileSchema: z.ZodObject<{
|
|
|
79
80
|
enabled: z.ZodDefault<z.ZodBoolean>;
|
|
80
81
|
options: z.ZodOptional<z.ZodUnknown>;
|
|
81
82
|
}, z.z.core.$strip>>>;
|
|
82
|
-
users: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
83
|
-
role: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
84
|
-
}, z.z.core.$strip>>;
|
|
85
83
|
options: z.ZodObject<{
|
|
86
84
|
defaultRoleForMissingUsers: z.ZodDefault<z.ZodEnum<typeof ProfilesRiskPreset>>;
|
|
87
85
|
analyseLastNDaysOfLoginHistory: z.ZodOptional<z.ZodNumber>;
|
|
88
86
|
}, z.z.core.$strict>;
|
|
89
87
|
}, z.z.core.$strip>;
|
|
90
|
-
export
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
88
|
+
export declare const ProfilesClassificationContentSchema: z.ZodObject<{
|
|
89
|
+
profiles: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
90
|
+
preset: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
91
|
+
}, z.z.core.$strip>>;
|
|
92
|
+
}, z.z.core.$strip>;
|
|
93
|
+
export declare const PermissionSetsClassificationContentSchema: z.ZodObject<{
|
|
94
|
+
permissionSets: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
95
|
+
preset: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
96
|
+
}, z.z.core.$strip>>;
|
|
97
|
+
}, z.z.core.$strip>;
|
|
98
|
+
export declare const UsersClassificationContentSchema: z.ZodObject<{
|
|
99
|
+
users: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
100
|
+
role: z.ZodEnum<typeof ProfilesRiskPreset>;
|
|
101
|
+
}, z.z.core.$strip>>;
|
|
102
|
+
}, z.z.core.$strip>;
|
|
103
|
+
export type PermissionClassification = z.infer<typeof PermissionsClassificationSchema>;
|
|
104
|
+
export type NamedPermissionClassification = z.infer<typeof NamedPermissionsClassificationSchema>;
|
|
94
105
|
export type NoInactiveUsersOptions = z.infer<typeof NoInactiveUsersOptionsSchema>;
|
|
95
106
|
export type PolicyRuleConfig = z.infer<typeof PolicyRuleConfigSchema>;
|
|
96
107
|
export type BasePolicyFileContent = z.infer<typeof PolicyFileSchema>;
|
|
97
108
|
export type ProfilesPolicyFileContent = z.infer<typeof ProfilesPolicyFileSchema>;
|
|
98
109
|
export type PermSetsPolicyFileContent = z.infer<typeof PermSetsPolicyFileSchema>;
|
|
99
110
|
export type UsersPolicyFileContent = z.infer<typeof UsersPolicyFileSchema>;
|
|
111
|
+
export type PermissionsClassificationContent = z.infer<typeof PermissionsClassificationFileSchema>;
|
|
112
|
+
export type ProfilesClassificationContent = z.infer<typeof ProfilesClassificationContentSchema>;
|
|
113
|
+
export type PermissionSetsClassificationContent = z.infer<typeof PermissionSetsClassificationContentSchema>;
|
|
114
|
+
export type UsersClassificationContent = z.infer<typeof UsersClassificationContentSchema>;
|
|
100
115
|
export type PermissionSetConfig = z.infer<typeof PermSetConfig>;
|
|
101
|
-
export type PermissionSetLikeMap = z.infer<typeof PermSetMap>;
|
|
102
116
|
export type RuleMap = z.infer<typeof RuleMapSchema>;
|
|
117
|
+
export type ProfilesMap = z.infer<typeof ProfilesMap>;
|
|
118
|
+
export type PermissionSetsMap = z.infer<typeof PermSetMap>;
|
|
119
|
+
export type UserConfig = z.infer<typeof UserConfig>;
|
|
103
120
|
export type ConfigFile<T> = {
|
|
104
121
|
filePath?: string;
|
|
105
122
|
content: T;
|
|
106
123
|
};
|
|
124
|
+
type ClassificationsFile = {
|
|
125
|
+
[key: string]: Record<string, unknown>;
|
|
126
|
+
};
|
|
107
127
|
export type AuditRunConfigClassifications = {
|
|
108
|
-
userPermissions?: ConfigFile<
|
|
109
|
-
customPermissions?: ConfigFile<
|
|
128
|
+
userPermissions?: ConfigFile<PermissionsClassificationContent>;
|
|
129
|
+
customPermissions?: ConfigFile<PermissionsClassificationContent>;
|
|
130
|
+
profiles?: ConfigFile<ProfilesClassificationContent>;
|
|
131
|
+
permissionSets?: ConfigFile<PermissionSetsClassificationContent>;
|
|
132
|
+
users?: ConfigFile<UsersClassificationContent>;
|
|
133
|
+
};
|
|
134
|
+
type ExtractRecordFromConfigFile<C> = C extends ConfigFile<infer T> ? T[keyof T] : never;
|
|
135
|
+
/**
|
|
136
|
+
* Utility type to extract the actual mapped entities from audit run classifications
|
|
137
|
+
*/
|
|
138
|
+
export type ExtractedClassifications = {
|
|
139
|
+
[K in keyof AuditRunConfigClassifications]: ExtractRecordFromConfigFile<AuditRunConfigClassifications[K]>;
|
|
110
140
|
};
|
|
141
|
+
export declare function extractEntities<C extends ConfigFile<ClassificationsFile>>(config: C): ExtractRecordFromConfigFile<C>;
|
|
142
|
+
export type Classifications = keyof AuditRunConfigClassifications;
|
|
111
143
|
export type AuditRunConfigPolicies = {
|
|
112
|
-
profiles?: ConfigFile<
|
|
113
|
-
permissionSets?: ConfigFile<
|
|
144
|
+
profiles?: ConfigFile<BasePolicyFileContent>;
|
|
145
|
+
permissionSets?: ConfigFile<BasePolicyFileContent>;
|
|
114
146
|
connectedApps?: ConfigFile<BasePolicyFileContent>;
|
|
115
147
|
settings?: ConfigFile<BasePolicyFileContent>;
|
|
116
148
|
users?: ConfigFile<UsersPolicyFileContent>;
|
|
@@ -119,6 +151,6 @@ export type AuditRunConfig = {
|
|
|
119
151
|
classifications: AuditRunConfigClassifications;
|
|
120
152
|
policies: AuditRunConfigPolicies;
|
|
121
153
|
};
|
|
122
|
-
export declare function
|
|
154
|
+
export declare function isPermissionsClassification(cls: unknown): cls is ConfigFile<PermissionsClassificationContent>;
|
|
123
155
|
export declare function isPolicyConfig(cls: unknown): cls is ConfigFile<BasePolicyFileContent>;
|
|
124
156
|
export {};
|
|
@@ -19,7 +19,6 @@ const PermissionsClassificationSchema = z.object({
|
|
|
19
19
|
/** Risk assessment of the permissions */
|
|
20
20
|
classification: z.enum(PermissionRiskLevel),
|
|
21
21
|
});
|
|
22
|
-
const PermsClassificationsMapSchema = z.record(z.string(), PermissionsClassificationSchema);
|
|
23
22
|
const NamedPermissionsClassificationSchema = PermissionsClassificationSchema.extend({
|
|
24
23
|
/** Developer name of the permission, used in metadata */
|
|
25
24
|
name: z.string(),
|
|
@@ -33,6 +32,7 @@ const PermSetConfig = z.object({
|
|
|
33
32
|
preset: z.enum(ProfilesRiskPreset),
|
|
34
33
|
});
|
|
35
34
|
const PermSetMap = z.record(z.string(), PermSetConfig);
|
|
35
|
+
const ProfilesMap = z.record(z.string(), PermSetConfig);
|
|
36
36
|
const UserConfig = z.object({ role: z.enum(ProfilesRiskPreset) });
|
|
37
37
|
const UsersMap = z.record(z.string(), UserConfig);
|
|
38
38
|
export const UsersPolicyConfig = z.strictObject({
|
|
@@ -53,14 +53,26 @@ export const ProfilesPolicyFileSchema = PolicyFileSchema.extend({
|
|
|
53
53
|
export const PermSetsPolicyFileSchema = PolicyFileSchema.extend({
|
|
54
54
|
permissionSets: PermSetMap,
|
|
55
55
|
});
|
|
56
|
-
export const
|
|
56
|
+
export const PermissionsClassificationFileSchema = z.object({
|
|
57
57
|
permissions: z.record(z.string(), PermissionsClassificationSchema),
|
|
58
58
|
});
|
|
59
59
|
export const UsersPolicyFileSchema = PolicyFileSchema.extend({
|
|
60
|
-
users: UsersMap,
|
|
61
60
|
options: UsersPolicyConfig,
|
|
62
61
|
});
|
|
63
|
-
export
|
|
62
|
+
export const ProfilesClassificationContentSchema = z.object({
|
|
63
|
+
profiles: ProfilesMap,
|
|
64
|
+
});
|
|
65
|
+
export const PermissionSetsClassificationContentSchema = z.object({
|
|
66
|
+
permissionSets: PermSetMap,
|
|
67
|
+
});
|
|
68
|
+
export const UsersClassificationContentSchema = z.object({
|
|
69
|
+
users: UsersMap,
|
|
70
|
+
});
|
|
71
|
+
export function extractEntities(config) {
|
|
72
|
+
const value = Object.values(config.content)[0];
|
|
73
|
+
return value;
|
|
74
|
+
}
|
|
75
|
+
export function isPermissionsClassification(cls) {
|
|
64
76
|
return cls.content?.permissions !== undefined;
|
|
65
77
|
}
|
|
66
78
|
export function isPolicyConfig(cls) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../src/libs/core/file-mgmt/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AACpB,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,eAAe,CAAC,CAAC;AAE9F,MAAM,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAsB,EAAE,QAAwB;IAC/F,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QAChD,MAAM,cAAc,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;QAClF,OAAO,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,OAAO,QAAQ,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC/G,CAAC,CAAC,CAAC;IACH,MAAM,QAAQ,CAAC,WAAW,CAAC,+BAA+B,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7F,CAAC;AAED,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/C,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,oCAAoC,GAAG,+BAA+B,CAAC,MAAM,CAAC;IAClF,yDAAyD;IACzD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC;CACnC,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEvD,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAExD,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC,CAAC;AAElE,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAElD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,YAAY,CAAC;IAC9C,0BAA0B,EAAE,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChG,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,YAAY,CAAC;IACzD,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAChD,CAAC,CAAC;AAEH,wBAAwB;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;CACjC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,QAAQ,EAAE,UAAU;CACrB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC9D,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1D,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,+BAA+B,CAAC;CACnE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC3D,OAAO,EAAE,iBAAiB;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1D,QAAQ,EAAE,WAAW;CACtB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yCAAyC,GAAG,CAAC,CAAC,MAAM,CAAC;IAChE,cAAc,EAAE,UAAU;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC;IACvD,KAAK,EAAE,QAAQ;CAChB,CAAC,CAAC;AAyDH,MAAM,UAAU,eAAe,CAA4C,MAAS;IAClF,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,OAAO,KAAuC,CAAC;AACjD,CAAC;AAiBD,MAAM,UAAU,2BAA2B,CAAC,GAAY;IACtD,OAAQ,GAAoD,CAAC,OAAO,EAAE,WAAW,KAAK,SAAS,CAAC;AAClG,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAyC,CAAC,OAAO,EAAE,KAAK,KAAK,SAAS,CAAC;AACjF,CAAC"}
|
|
@@ -25,6 +25,9 @@ export default class AnySettingsMetadata {
|
|
|
25
25
|
*/
|
|
26
26
|
async resolve(settingNames) {
|
|
27
27
|
const cmpSet = new ComponentSet();
|
|
28
|
+
if (settingNames.length === 0) {
|
|
29
|
+
return new Map();
|
|
30
|
+
}
|
|
28
31
|
for (const settingName of settingNames) {
|
|
29
32
|
cmpSet.add({ type: this.retrieveType, fullName: settingName });
|
|
30
33
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"anySettingsMetadata.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/anySettingsMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,OAAO,EAAE,YAAY,EAAmB,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AAMxE;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,mBAAmB;IAIX;IAHnB,MAAM,CAAC;IACP,YAAY,CAAC;IAErB,YAA2B,GAAe;QAAf,QAAG,GAAH,GAAG,CAAY;QACxC,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC;IACjC,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,OAAO,CAAC,YAAsB;QACzC,MAAM,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAClC,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,YAAY,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;QAClF,gBAAgB,CAAC,cAAc,CAAC,gBAAgB,EAAE,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,oBAAoB,CAAC,YAAsB,EAAE,UAAwB;QAC3E,MAAM,MAAM,GAAG,IAAI,GAAG,EAA6B,CAAC;QACpD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,UAAU,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;YAC1G,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,GAAG,WAAW,UAAU,CAAC,CAAC;YAC7E,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,eAAe,CAAC,IAAuB,EAAE,YAAoB;QACnE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACvD,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAA4B,CAAC;YACjF,OAAO,cAAc,CAAC,YAAY,CAA4B,CAAC;QACjE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|
|
1
|
+
{"version":3,"file":"anySettingsMetadata.js","sourceRoot":"","sources":["../../../../src/libs/core/mdapi/anySettingsMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,OAAO,EAAE,YAAY,EAAmB,MAAM,oCAAoC,CAAC;AACnF,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,MAAM,4BAA4B,CAAC;AAMxE;;GAEG;AACH,MAAM,CAAC,OAAO,OAAO,mBAAmB;IAIX;IAHnB,MAAM,CAAC;IACP,YAAY,CAAC;IAErB,YAA2B,GAAe;QAAf,QAAG,GAAH,GAAG,CAAY;QACxC,IAAI,CAAC,MAAM,GAAG,IAAI,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC;IACjC,CAAC;IAED;;;;;;;;OAQG;IACI,KAAK,CAAC,OAAO,CAAC,YAAsB;QACzC,MAAM,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAClC,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,GAAG,EAAE,CAAC;QACnB,CAAC;QACD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,cAAc,GAAG,MAAM,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;QACxD,MAAM,MAAM,GAAG,IAAI,CAAC,oBAAoB,CAAC,YAAY,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;QAClF,gBAAgB,CAAC,cAAc,CAAC,gBAAgB,EAAE,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,oBAAoB,CAAC,YAAsB,EAAE,UAAwB;QAC3E,MAAM,MAAM,GAAG,IAAI,GAAG,EAA6B,CAAC;QACpD,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,UAAU,CAAC,mBAAmB,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;YAC1G,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,GAAG,WAAW,UAAU,CAAC,CAAC;YAC7E,IAAI,eAAe,EAAE,CAAC;gBACpB,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,eAAe,CAAC,IAAuB,EAAE,YAAoB;QACnE,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;YACnC,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACvD,MAAM,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAA4B,CAAC;YACjF,OAAO,cAAc,CAAC,YAAY,CAA4B,CAAC;QACjE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
|
|
@@ -1,11 +1,12 @@
|
|
|
1
|
-
import { AuditRunConfig,
|
|
1
|
+
import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
|
|
2
2
|
import { AuditContext } from '../registries/types.js';
|
|
3
3
|
import { ResolvedPermissionSet } from '../registries/permissionSets.js';
|
|
4
4
|
import Policy, { ResolveEntityResult } from './policy.js';
|
|
5
5
|
export default class PermissionSetPolicy extends Policy<ResolvedPermissionSet> {
|
|
6
|
-
config:
|
|
6
|
+
config: BasePolicyFileContent;
|
|
7
7
|
auditContext: AuditRunConfig;
|
|
8
|
-
private totalEntities;
|
|
9
|
-
|
|
8
|
+
private readonly totalEntities;
|
|
9
|
+
private readonly classifications;
|
|
10
|
+
constructor(config: BasePolicyFileContent, auditContext: AuditRunConfig, registry?: import("../registries/permissionSets.js").default);
|
|
10
11
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedPermissionSet>>;
|
|
11
12
|
}
|
|
@@ -9,11 +9,13 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
9
9
|
config;
|
|
10
10
|
auditContext;
|
|
11
11
|
totalEntities;
|
|
12
|
+
classifications;
|
|
12
13
|
constructor(config, auditContext, registry = PermissionSetsRegistry) {
|
|
13
14
|
super(config, auditContext, registry);
|
|
14
15
|
this.config = config;
|
|
15
16
|
this.auditContext = auditContext;
|
|
16
|
-
this.
|
|
17
|
+
this.classifications = this.auditConfig.classifications.permissionSets?.content ?? { permissionSets: {} };
|
|
18
|
+
this.totalEntities = Object.keys(this.classifications.permissionSets).length;
|
|
17
19
|
}
|
|
18
20
|
async resolveEntities(context) {
|
|
19
21
|
this.emit('entityresolve', {
|
|
@@ -23,13 +25,13 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
23
25
|
const successfullyResolved = {};
|
|
24
26
|
const unresolved = {};
|
|
25
27
|
const retriever = new MDAPI(context.targetOrgConnection);
|
|
26
|
-
const resolvedPermsets = await retriever.resolve('PermissionSet', filterCategorizedPermsets(this.
|
|
27
|
-
Object.entries(this.
|
|
28
|
+
const resolvedPermsets = await retriever.resolve('PermissionSet', filterCategorizedPermsets(this.classifications));
|
|
29
|
+
Object.entries(this.classifications.permissionSets).forEach(([key, val]) => {
|
|
28
30
|
const resolved = resolvedPermsets[key];
|
|
29
31
|
if (resolved) {
|
|
30
32
|
successfullyResolved[key] = {
|
|
31
33
|
metadata: resolved,
|
|
32
|
-
preset:
|
|
34
|
+
preset: val.preset,
|
|
33
35
|
name: key,
|
|
34
36
|
};
|
|
35
37
|
}
|
|
@@ -52,7 +54,7 @@ export default class PermissionSetPolicy extends Policy {
|
|
|
52
54
|
}
|
|
53
55
|
function filterCategorizedPermsets(permSets) {
|
|
54
56
|
const filteredNames = [];
|
|
55
|
-
Object.entries(permSets).forEach(([key, val]) => {
|
|
57
|
+
Object.entries(permSets.permissionSets).forEach(([key, val]) => {
|
|
56
58
|
if (val.preset !== ProfilesRiskPreset.UNKNOWN) {
|
|
57
59
|
filteredNames.push(key);
|
|
58
60
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAG/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAA6B;
|
|
1
|
+
{"version":3,"file":"permissionSetPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/permissionSetPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAG/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAExD,OAAO,EAAE,sBAAsB,EAAyB,MAAM,iCAAiC,CAAC;AAChG,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,mBAAoB,SAAQ,MAA6B;IAKnE;IACA;IALQ,aAAa,CAAS;IACtB,eAAe,CAAsC;IAEtE,YACS,MAA6B,EAC7B,YAA4B,EACnC,QAAQ,GAAG,sBAAsB;QAEjC,KAAK,CAAC,MAAM,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;QAJ/B,WAAM,GAAN,MAAM,CAAuB;QAC7B,iBAAY,GAAZ,YAAY,CAAgB;QAInC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,cAAc,EAAE,OAAO,IAAI,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;QAC1G,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,MAAM,CAAC;IAC/E,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAA0C,EAAE,CAAC;QACvE,MAAM,UAAU,GAAuC,EAAE,CAAC;QAC1D,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACzD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,yBAAyB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;QACnH,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;YACzE,MAAM,QAAQ,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;YACvC,IAAI,QAAQ,EAAE,CAAC;gBACb,oBAAoB,CAAC,GAAG,CAAC,GAAG;oBAC1B,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,IAAI,EAAE,GAAG;iBACV,CAAC;YACJ,CAAC;iBAAM,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,SAAS,EAAE,CAAC;gBACnD,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;oBAC9C,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,gBAAgB,CAAC,CAAC,EAAE,CAAC;gBACtG,CAAC;qBAAM,CAAC;oBACN,UAAU,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACpF,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;QACtG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,yBAAyB,CAAC,QAA6C;IAC9E,MAAM,aAAa,GAAa,EAAE,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE;QAC7D,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAC9C,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,aAAa,CAAC;AACvB,CAAC"}
|
|
@@ -2,7 +2,7 @@ import EventEmitter from 'node:events';
|
|
|
2
2
|
import { AuditPolicyResult, EntityResolveError } from '../result-types.js';
|
|
3
3
|
import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
|
|
4
4
|
import RuleRegistry, { RegistryRuleResolveResult } from '../registries/ruleRegistry.js';
|
|
5
|
-
import { AuditContext, IPolicy } from '../registries/types.js';
|
|
5
|
+
import { AuditContext, IPolicy, RowLevelPolicyRule } from '../registries/types.js';
|
|
6
6
|
export type ResolveEntityResult<T> = {
|
|
7
7
|
resolvedEntities: Record<string, T>;
|
|
8
8
|
ignoredEntities: EntityResolveError[];
|
|
@@ -14,6 +14,7 @@ export default abstract class Policy<T> extends EventEmitter implements IPolicy
|
|
|
14
14
|
protected resolvedRules: RegistryRuleResolveResult;
|
|
15
15
|
protected entities?: ResolveEntityResult<T>;
|
|
16
16
|
constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry: RuleRegistry);
|
|
17
|
+
getExecutableRules(): Array<RowLevelPolicyRule<T>>;
|
|
17
18
|
/**
|
|
18
19
|
* Resolves all entities of the policy.
|
|
19
20
|
*/
|
|
@@ -12,6 +12,9 @@ export default class Policy extends EventEmitter {
|
|
|
12
12
|
this.registry = registry;
|
|
13
13
|
this.resolvedRules = registry.resolveRules(config.rules, auditConfig);
|
|
14
14
|
}
|
|
15
|
+
getExecutableRules() {
|
|
16
|
+
return this.resolvedRules.enabledRules;
|
|
17
|
+
}
|
|
15
18
|
/**
|
|
16
19
|
* Resolves all entities of the policy.
|
|
17
20
|
*/
|
|
@@ -21,9 +24,7 @@ export default class Policy extends EventEmitter {
|
|
|
21
24
|
if (!this.config.enabled) {
|
|
22
25
|
return { resolvedEntities: {}, ignoredEntities: [] };
|
|
23
26
|
}
|
|
24
|
-
|
|
25
|
-
this.entities = await this.resolveEntities(context);
|
|
26
|
-
}
|
|
27
|
+
this.entities ??= await this.resolveEntities(context);
|
|
27
28
|
return this.entities;
|
|
28
29
|
}
|
|
29
30
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAUvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAKjD;IACA;IACG;IANF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACS,MAA6B,EAC7B,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QAJD,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/policy.ts"],"names":[],"mappings":"AAAA,OAAO,YAAY,MAAM,aAAa,CAAC;AAUvC,MAAM,CAAC,OAAO,OAAgB,MAAU,SAAQ,YAAY;IAKjD;IACA;IACG;IANF,aAAa,CAA4B;IACzC,QAAQ,CAA0B;IAE5C,YACS,MAA6B,EAC7B,WAA2B,EACxB,QAAsB;QAEhC,KAAK,EAAE,CAAC;QAJD,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QACxB,aAAQ,GAAR,QAAQ,CAAc;QAGhC,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB;QACvB,OAAO,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;IACzC,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,OAAqB;QACxC,yEAAyE;QACzE,4DAA4D;QAC5D,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,QAAQ,KAAK,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,GAAG,CAAC,OAAqB;QACpC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,OAAO,EAAE,KAAK;gBACd,aAAa,EAAE,EAAE;gBACjB,YAAY,EAAE,EAAE;gBAChB,eAAe,EAAE,EAAE;gBACnB,eAAe,EAAE,EAAE;aACpB,CAAC;QACJ,CAAC;QACD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAoC,CAAC;QACzE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,aAAa,CAAC,YAAY,EAAE,CAAC;YACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,OAAO,EAAE,gBAAgB,EAAE,aAAa,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC;QACtG,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC1D,MAAM,aAAa,GAA8C,EAAE,CAAC;QACpE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,6EAA6E;YAC7E,MAAM,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,GAAG,oBAAoB,CAAI,UAAU,EAAE,aAAa,CAAC,CAAC;YACnG,aAAa,CAAC,UAAU,CAAC,QAAQ,CAAC,GAAG;gBACnC,GAAG,UAAU;gBACb,WAAW,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;gBAC/C,iBAAiB;gBACjB,gBAAgB;aACjB,CAAC;QACJ,CAAC;QACD,OAAO;YACL,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC;YACvC,OAAO,EAAE,IAAI;YACb,aAAa;YACb,YAAY,EAAE,IAAI,CAAC,aAAa,CAAC,YAAY;YAC7C,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC;YAC5D,eAAe,EAAE,aAAa,CAAC,eAAe;SAC/C,CAAC;IACJ,CAAC;CAGF;AAED,SAAS,WAAW,CAAC,WAAsD;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IACxC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC;AACtG,CAAC;AAED,SAAS,oBAAoB,CAC3B,UAAmC,EACnC,QAAgC;IAEhC,MAAM,iBAAiB,GAAa,EAAE,CAAC;IACvC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,UAAU,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9B,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,EAAE;QAClE,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5C,iBAAiB,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO;QACL,iBAAiB,EAAE,UAAU,CAAC,iBAAiB,IAAI,iBAAiB;QACpE,gBAAgB,EAAE,UAAU,CAAC,gBAAgB,IAAI,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;KAC9E,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,aAA2C;IAClE,MAAM,aAAa,GAAG,aAAa,CAAC,gBAAgB,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9G,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC,aAAa,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9F,OAAO,aAAa,GAAG,YAAY,CAAC;AACtC,CAAC"}
|
|
@@ -1,11 +1,12 @@
|
|
|
1
|
-
import { AuditRunConfig,
|
|
1
|
+
import { AuditRunConfig, BasePolicyFileContent } from '../file-mgmt/schema.js';
|
|
2
2
|
import { AuditContext } from '../registries/types.js';
|
|
3
3
|
import { ResolvedProfile } from '../registries/profiles.js';
|
|
4
4
|
import Policy, { ResolveEntityResult } from './policy.js';
|
|
5
5
|
export default class ProfilePolicy extends Policy<ResolvedProfile> {
|
|
6
|
-
config:
|
|
6
|
+
config: BasePolicyFileContent;
|
|
7
7
|
auditConfig: AuditRunConfig;
|
|
8
|
-
private totalEntities;
|
|
9
|
-
|
|
8
|
+
private readonly totalEntities;
|
|
9
|
+
private readonly classifications;
|
|
10
|
+
constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/profiles.js").default);
|
|
10
11
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedProfile>>;
|
|
11
12
|
}
|
|
@@ -9,11 +9,13 @@ export default class ProfilePolicy extends Policy {
|
|
|
9
9
|
config;
|
|
10
10
|
auditConfig;
|
|
11
11
|
totalEntities;
|
|
12
|
+
classifications;
|
|
12
13
|
constructor(config, auditConfig, registry = ProfilesRegistry) {
|
|
13
14
|
super(config, auditConfig, registry);
|
|
14
15
|
this.config = config;
|
|
15
16
|
this.auditConfig = auditConfig;
|
|
16
|
-
this.
|
|
17
|
+
this.classifications = this.auditConfig.classifications.profiles?.content ?? { profiles: {} };
|
|
18
|
+
this.totalEntities = Object.keys(this.classifications.profiles).length;
|
|
17
19
|
}
|
|
18
20
|
async resolveEntities(context) {
|
|
19
21
|
this.emit('entityresolve', {
|
|
@@ -22,9 +24,8 @@ export default class ProfilePolicy extends Policy {
|
|
|
22
24
|
});
|
|
23
25
|
const successfullyResolved = {};
|
|
24
26
|
const ignoredEntities = {};
|
|
25
|
-
const definitiveProfiles = this.config.profiles ?? {};
|
|
26
27
|
const classifiedProfiles = [];
|
|
27
|
-
Object.entries(
|
|
28
|
+
Object.entries(this.classifications.profiles).forEach(([profileName, profileDef]) => {
|
|
28
29
|
if (profileDef.preset === ProfilesRiskPreset.UNKNOWN) {
|
|
29
30
|
ignoredEntities[profileName] = {
|
|
30
31
|
name: profileName,
|
|
@@ -39,17 +40,17 @@ export default class ProfilePolicy extends Policy {
|
|
|
39
40
|
const resolvedProfiles = await mdapi.resolve('Profile', classifiedProfiles);
|
|
40
41
|
classifiedProfiles.forEach((profileName) => {
|
|
41
42
|
const resolvedProfile = resolvedProfiles[profileName];
|
|
42
|
-
if (
|
|
43
|
-
|
|
43
|
+
if (resolvedProfile) {
|
|
44
|
+
successfullyResolved[profileName] = {
|
|
44
45
|
name: profileName,
|
|
45
|
-
|
|
46
|
+
preset: this.classifications.profiles[profileName].preset,
|
|
47
|
+
metadata: resolvedProfile,
|
|
46
48
|
};
|
|
47
49
|
}
|
|
48
50
|
else {
|
|
49
|
-
|
|
51
|
+
ignoredEntities[profileName] = {
|
|
50
52
|
name: profileName,
|
|
51
|
-
|
|
52
|
-
metadata: resolvedProfile,
|
|
53
|
+
message: messages.getMessage('entity-not-found'),
|
|
53
54
|
};
|
|
54
55
|
}
|
|
55
56
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAuB;
|
|
1
|
+
{"version":3,"file":"profilePolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/profilePolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,KAAK,MAAM,4BAA4B,CAAC;AAE/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAmB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,MAAuB;IAKvD;IACA;IALQ,aAAa,CAAS;IACtB,eAAe,CAAgC;IAEhE,YACS,MAA6B,EAC7B,WAA2B,EAClC,QAAQ,GAAG,gBAAgB;QAE3B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC9F,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC;IACzE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,oBAAoB,GAAoC,EAAE,CAAC;QACjE,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,MAAM,kBAAkB,GAAa,EAAE,CAAC;QACxC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,UAAU,CAAC,EAAE,EAAE;YAClF,IAAI,UAAU,CAAC,MAAM,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBACrD,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gBAAgB,EAAE,CAAC,SAAS,CAAC,CAAC;iBAC5D,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,kBAAkB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACvC,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAC;QAC5E,kBAAkB,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,EAAE;YACzC,MAAM,eAAe,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;YACtD,IAAI,eAAe,EAAE,CAAC;gBACpB,oBAAoB,CAAC,WAAW,CAAC,GAAG;oBAClC,IAAI,EAAE,WAAW;oBACjB,MAAM,EAAE,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,MAAM;oBACzD,QAAQ,EAAE,eAAe;iBAC1B,CAAC;YACJ,CAAC;iBAAM,CAAC;gBACN,eAAe,CAAC,WAAW,CAAC,GAAG;oBAC7B,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kBAAkB,CAAC;iBACjD,CAAC;YACJ,CAAC;QACH,CAAC,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QAC3G,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|
|
@@ -7,4 +7,5 @@ export default class SettingsPolicy extends Policy<SalesforceSetting> {
|
|
|
7
7
|
auditConfig: AuditRunConfig;
|
|
8
8
|
constructor(config: BasePolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/settings.js").default);
|
|
9
9
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<SalesforceSetting>>;
|
|
10
|
+
private removeInvalidSettingsFromResolvedRules;
|
|
10
11
|
}
|
|
@@ -21,16 +21,33 @@ export default class SettingsPolicy extends Policy {
|
|
|
21
21
|
const settingNames = extractSettingNames(this.config.rules);
|
|
22
22
|
const settingsRetriever = new AnySettingsMetadata(context.targetOrgConnection);
|
|
23
23
|
const actuallyResolvedSettings = await settingsRetriever.resolve(settingNames);
|
|
24
|
+
this.removeInvalidSettingsFromResolvedRules(actuallyResolvedSettings);
|
|
24
25
|
this.emit('entityresolve', {
|
|
25
26
|
total: numberOfRules,
|
|
26
27
|
resolved: actuallyResolvedSettings.size,
|
|
27
28
|
});
|
|
28
|
-
return
|
|
29
|
+
return {
|
|
29
30
|
resolvedEntities: convertToRecord(actuallyResolvedSettings),
|
|
30
31
|
ignoredEntities: findIgnoredEntities(actuallyResolvedSettings, this.config.rules),
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
removeInvalidSettingsFromResolvedRules(validSettings) {
|
|
35
|
+
this.resolvedRules.enabledRules.forEach((rule, index) => {
|
|
36
|
+
if (isEnforceSettingsRule(rule)) {
|
|
37
|
+
if (!validSettings.has(rule.settingName)) {
|
|
38
|
+
this.resolvedRules.enabledRules.splice(index, 1);
|
|
39
|
+
this.resolvedRules.skippedRules.push({
|
|
40
|
+
name: rule.ruleDisplayName,
|
|
41
|
+
skipReason: messages.getMessage('skip-reason.failed-to-resolve-setting', [rule.settingName]),
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
}
|
|
31
45
|
});
|
|
32
46
|
}
|
|
33
47
|
}
|
|
48
|
+
function isEnforceSettingsRule(cls) {
|
|
49
|
+
return cls.ruleDisplayName !== undefined;
|
|
50
|
+
}
|
|
34
51
|
function convertToRecord(settingsMap) {
|
|
35
52
|
const result = {};
|
|
36
53
|
for (const [settingsName, settingsValue] of settingsMap.entries()) {
|
|
@@ -43,12 +60,10 @@ function findIgnoredEntities(settingsMap, rules) {
|
|
|
43
60
|
for (const ruleName of Object.keys(rules)) {
|
|
44
61
|
const maybeName = findSettingsName(ruleName);
|
|
45
62
|
if (!maybeName) {
|
|
46
|
-
// result.push({ name: ruleName, message: messages.getMessage('resolve-error.no-valid-settings-rule') });
|
|
47
63
|
continue;
|
|
48
64
|
}
|
|
49
65
|
if (!settingsMap.has(maybeName) || !settingsMap.get(maybeName)) {
|
|
50
66
|
result.push({ name: maybeName, message: messages.getMessage('resolve-error.failed-to-resolve-setting') });
|
|
51
|
-
continue;
|
|
52
67
|
}
|
|
53
68
|
}
|
|
54
69
|
return result;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"settingsPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/settingsPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC/E,OAAO,mBAA0C,MAAM,iCAAiC,CAAC;
|
|
1
|
+
{"version":3,"file":"settingsPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/settingsPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC/E,OAAO,mBAA0C,MAAM,iCAAiC,CAAC;AAIzF,OAAO,MAA+B,MAAM,aAAa,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,MAAyB;IAE1D;IACA;IAFT,YACS,MAA6B,EAC7B,WAA2B,EAClC,QAAQ,GAAG,gBAAgB;QAE3B,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAuB;QAC7B,gBAAW,GAAX,WAAW,CAAgB;IAIpC,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QAC5D,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,aAAa;YACpB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5D,MAAM,iBAAiB,GAAG,IAAI,mBAAmB,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAC/E,MAAM,wBAAwB,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC/E,IAAI,CAAC,sCAAsC,CAAC,wBAAwB,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,aAAa;YACpB,QAAQ,EAAE,wBAAwB,CAAC,IAAI;SACxC,CAAC,CAAC;QACH,OAAO;YACL,gBAAgB,EAAE,eAAe,CAAC,wBAAwB,CAAC;YAC3D,eAAe,EAAE,mBAAmB,CAAC,wBAAwB,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;SAClF,CAAC;IACJ,CAAC;IAEO,sCAAsC,CAAC,aAA6C;QAC1F,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;YACtD,IAAI,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;oBACzC,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;oBACjD,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC;wBACnC,IAAI,EAAE,IAAI,CAAC,eAAe;wBAC1B,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,uCAAuC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;qBAC7F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAED,SAAS,qBAAqB,CAAC,GAAY;IACzC,OAAQ,GAAuB,CAAC,eAAe,KAAK,SAAS,CAAC;AAChE,CAAC;AAED,SAAS,eAAe,CAAC,WAA2C;IAClE,MAAM,MAAM,GAAsC,EAAE,CAAC;IACrD,KAAK,MAAM,CAAC,YAAY,EAAE,aAAa,CAAC,IAAI,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;QAClE,MAAM,CAAC,YAAY,CAAC,GAAG,aAAa,CAAC;IACvC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAAC,WAA2C,EAAE,KAAc;IACtF,MAAM,MAAM,GAAG,IAAI,KAAK,EAAsB,CAAC;IAC/C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,SAAS;QACX,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/D,MAAM,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yCAAyC,CAAC,EAAE,CAAC,CAAC;QAC5G,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,mBAAmB,CAAC,KAAc;IACzC,MAAM,KAAK,GAAG,EAAE,CAAC;IACjB,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1C,MAAM,SAAS,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC7C,IAAI,SAAS,EAAE,CAAC;YACd,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}
|
|
@@ -6,6 +6,7 @@ export default class UserPolicy extends Policy<ResolvedUser> {
|
|
|
6
6
|
config: UsersPolicyFileContent;
|
|
7
7
|
auditConfig: AuditRunConfig;
|
|
8
8
|
private totalEntities;
|
|
9
|
+
private readonly classifications;
|
|
9
10
|
constructor(config: UsersPolicyFileContent, auditConfig: AuditRunConfig, registry?: import("../registries/users.js").default);
|
|
10
11
|
protected resolveEntities(context: AuditContext): Promise<ResolveEntityResult<ResolvedUser>>;
|
|
11
12
|
}
|
|
@@ -9,11 +9,13 @@ export default class UserPolicy extends Policy {
|
|
|
9
9
|
config;
|
|
10
10
|
auditConfig;
|
|
11
11
|
totalEntities;
|
|
12
|
+
classifications;
|
|
12
13
|
constructor(config, auditConfig, registry = UsersRegistry) {
|
|
13
14
|
super(config, auditConfig, registry);
|
|
14
15
|
this.config = config;
|
|
15
16
|
this.auditConfig = auditConfig;
|
|
16
|
-
this.
|
|
17
|
+
this.classifications = this.auditConfig.classifications.users?.content ?? { users: {} };
|
|
18
|
+
this.totalEntities = Object.keys(this.classifications.users).length;
|
|
17
19
|
}
|
|
18
20
|
async resolveEntities(context) {
|
|
19
21
|
this.emit('entityresolve', {
|
|
@@ -23,7 +25,7 @@ export default class UserPolicy extends Policy {
|
|
|
23
25
|
const usersRepo = new UsersRepository(context.targetOrgConnection);
|
|
24
26
|
const resolvedEntities = {};
|
|
25
27
|
const ignoredEntities = {};
|
|
26
|
-
for (const [userName, userDef] of Object.entries(this.
|
|
28
|
+
for (const [userName, userDef] of Object.entries(this.classifications.users)) {
|
|
27
29
|
if (userDef.role === ProfilesRiskPreset.UNKNOWN) {
|
|
28
30
|
ignoredEntities[userName] = {
|
|
29
31
|
name: userName,
|
|
@@ -45,7 +47,7 @@ export default class UserPolicy extends Policy {
|
|
|
45
47
|
if (ignoredEntities[user.username] === undefined) {
|
|
46
48
|
resolvedEntities[user.username] = {
|
|
47
49
|
...user,
|
|
48
|
-
role: this.
|
|
50
|
+
role: this.classifications.users[user.username]?.role ?? this.config.options.defaultRoleForMissingUsers,
|
|
49
51
|
};
|
|
50
52
|
}
|
|
51
53
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"userPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/userPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAgB,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,eAAe,MAAM,6BAA6B,CAAC;AAC1D,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,MAAoB;
|
|
1
|
+
{"version":3,"file":"userPolicy.js","sourceRoot":"","sources":["../../../../src/libs/core/policies/userPolicy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAgB,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACrE,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,eAAe,MAAM,6BAA6B,CAAC;AAC1D,OAAO,MAAM,EAAE,EAAE,QAAQ,EAAuB,MAAM,aAAa,CAAC;AAEpE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAEjG,MAAM,CAAC,OAAO,OAAO,UAAW,SAAQ,MAAoB;IAKjD;IACA;IALD,aAAa,CAAS;IACb,eAAe,CAA6B;IAE7D,YACS,MAA8B,EAC9B,WAA2B,EAClC,QAAQ,GAAG,aAAa;QAExB,KAAK,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAC;QAJ9B,WAAM,GAAN,MAAM,CAAwB;QAC9B,gBAAW,GAAX,WAAW,CAAgB;QAIlC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QACxF,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;IACtE,CAAC;IAES,KAAK,CAAC,eAAe,CAAC,OAAqB;QACnD,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QACnE,MAAM,gBAAgB,GAAiC,EAAE,CAAC;QAC1D,MAAM,eAAe,GAAuC,EAAE,CAAC;QAC/D,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;YAC7E,IAAI,OAAO,CAAC,IAAI,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;gBAChD,eAAe,CAAC,QAAQ,CAAC,GAAG;oBAC1B,IAAI,EAAE,QAAQ;oBACd,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;iBACvD,CAAC;YACJ,CAAC;QACH,CAAC;QACD,2DAA2D;QAC3D,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,eAAe,CAAC;YACpD,gBAAgB,EAAE,IAAI;YACtB,yBAAyB,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,8BAA8B;SAC9E,CAAC,CAAC;QACH,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC,IAAI,CAAC;QACxC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,CAAC;SACZ,CAAC,CAAC;QACH,KAAK,MAAM,IAAI,IAAI,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,IAAI,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,SAAS,EAAE,CAAC;gBACjD,gBAAgB,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG;oBAChC,GAAG,IAAI;oBACP,IAAI,EAAE,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,0BAA0B;iBACxG,CAAC;YACJ,CAAC;QACH,CAAC;QACD,MAAM,MAAM,GAAG,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC;QACrF,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE;YACzB,KAAK,EAAE,IAAI,CAAC,aAAa;YACzB,QAAQ,EAAE,QAAQ,CAAC,MAAM,CAAC;SAC3B,CAAC,CAAC;QACH,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
|