@j-schreiber/sf-cli-security-audit 0.9.1 → 0.10.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/README.md +6 -6
  2. package/lib/commands/org/audit/init.js +7 -6
  3. package/lib/commands/org/audit/init.js.map +1 -1
  4. package/lib/libs/conf-init/auditConfig.js +9 -6
  5. package/lib/libs/conf-init/auditConfig.js.map +1 -1
  6. package/lib/libs/conf-init/permissionsClassification.d.ts +23 -3
  7. package/lib/libs/conf-init/permissionsClassification.js +48 -2
  8. package/lib/libs/conf-init/permissionsClassification.js.map +1 -1
  9. package/lib/libs/conf-init/policyConfigs.d.ts +9 -25
  10. package/lib/libs/conf-init/policyConfigs.js +17 -75
  11. package/lib/libs/conf-init/policyConfigs.js.map +1 -1
  12. package/lib/libs/conf-init/presets/loose.d.ts +2 -2
  13. package/lib/libs/conf-init/presets/loose.js +2 -0
  14. package/lib/libs/conf-init/presets/loose.js.map +1 -1
  15. package/lib/libs/conf-init/presets/none.d.ts +6 -6
  16. package/lib/libs/conf-init/presets/none.js.map +1 -1
  17. package/lib/libs/conf-init/presets/strict.js +2 -0
  18. package/lib/libs/conf-init/presets/strict.js.map +1 -1
  19. package/lib/libs/core/classification-types.d.ts +2 -2
  20. package/lib/libs/core/classification-types.js.map +1 -1
  21. package/lib/libs/core/file-mgmt/schema.d.ts +58 -26
  22. package/lib/libs/core/file-mgmt/schema.js +20 -8
  23. package/lib/libs/core/file-mgmt/schema.js.map +1 -1
  24. package/lib/libs/core/policies/permissionSetPolicy.d.ts +5 -4
  25. package/lib/libs/core/policies/permissionSetPolicy.js +10 -8
  26. package/lib/libs/core/policies/permissionSetPolicy.js.map +1 -1
  27. package/lib/libs/core/policies/profilePolicy.d.ts +5 -4
  28. package/lib/libs/core/policies/profilePolicy.js +12 -11
  29. package/lib/libs/core/policies/profilePolicy.js.map +1 -1
  30. package/lib/libs/core/policies/userPolicy.d.ts +1 -0
  31. package/lib/libs/core/policies/userPolicy.js +7 -5
  32. package/lib/libs/core/policies/userPolicy.js.map +1 -1
  33. package/lib/libs/core/policy-types.d.ts +3 -3
  34. package/lib/libs/core/policy-types.js +12 -12
  35. package/lib/libs/core/policyRegistry.js +14 -5
  36. package/lib/libs/core/policyRegistry.js.map +1 -1
  37. package/lib/libs/core/registries/helpers/permissionsScanning.d.ts +2 -4
  38. package/lib/libs/core/registries/helpers/permissionsScanning.js +3 -3
  39. package/lib/libs/core/registries/helpers/permissionsScanning.js.map +1 -1
  40. package/lib/libs/core/registries/permissionSets.d.ts +1 -1
  41. package/lib/libs/core/registries/profiles.d.ts +1 -1
  42. package/lib/libs/core/registries/ruleRegistry.js +1 -1
  43. package/lib/libs/core/registries/ruleRegistry.js.map +1 -1
  44. package/lib/libs/core/registries/rules/enforcePermissionPresets.js +6 -6
  45. package/lib/libs/core/registries/rules/enforcePermissionPresets.js.map +1 -1
  46. package/lib/libs/core/registries/rules/enforcePermissionsOnUser.js +2 -2
  47. package/lib/libs/core/registries/rules/enforcePermissionsOnUser.js.map +1 -1
  48. package/lib/libs/core/registries/rules/noOtherApexApiLogins.js +1 -1
  49. package/lib/libs/core/registries/rules/noOtherApexApiLogins.js.map +1 -1
  50. package/lib/libs/core/registries/types.d.ts +5 -5
  51. package/lib/libs/core/registries/types.js +5 -5
  52. package/lib/libs/core/registries/users.d.ts +2 -2
  53. package/messages/org.audit.init.md +2 -2
  54. package/messages/org.audit.run.md +4 -0
  55. package/oclif.manifest.json +1 -1
  56. package/package.json +3 -3
package/lib/libs/core/registries/helpers/permissionsScanning.js CHANGED
@@ -35,12 +35,12 @@ export function scanPermissions(profile, permissionListName, auditRun, rootIdent
35
35
  message: messages.getMessage('violations.permission-is-blocked'),
36
36
  });
37
37
  }
38
- else if (!permissionAllowedInPreset(permClassification.classification, profile.preset)) {
38
+ else if (!permissionAllowedInPreset(permClassification.classification, profile.role)) {
39
39
  result.violations.push({
40
40
  identifier,
41
41
  message: messages.getMessage('violations.classification-preset-mismatch', [
42
42
  permClassification.classification,
43
- profile.preset,
43
+ profile.role,
44
44
  ]),
45
45
  });
46
46
  }
@@ -60,7 +60,7 @@ export function scanPermissions(profile, permissionListName, auditRun, rootIdent
60
60
  }
61
61
  return result;
62
62
  }
63
- export function resolvePerm(permName, auditRun, type) {
63
+ function resolvePerm(permName, auditRun, type) {
64
64
  return nameClassification(permName, auditRun.classifications[type]?.content.permissions[permName]);
65
65
  }
66
66
  function nameClassification(permName, perm) {
package/lib/libs/core/registries/helpers/permissionsScanning.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"permissionsScanning.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/helpers/permissionsScanning.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAK5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAElE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAiBnH;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAgC,EAChC,QAAwB,EACxB,cAAyB;IAEzB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC1B,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,eAAe,GAAG,eAAe,CAAC,WAAW,EAAE,iBAAiB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IAClG,MAAM,iBAAiB,GAAG,eAAe,CAAC,WAAW,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IACtG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACjE,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,OAA4B,EAC5B,kBAAsC,EACtC,QAAwB,EACxB,cAAyB;IAEzB,MAAM,MAAM,GAAe,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5D,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,cAAc,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7G,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QAChF,IAAI,kBAAkB,EAAE,CAAC;YACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;iBACjE,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;gBACzF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;wBACxE,kBAAkB,CAAC,cAAc;wBACjC,OAAO,CAAC,MAAM;qBACf,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACnB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACnB,UAAU;gBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;aACnE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,QAAgB,EAChB,QAAwB,EACxB,IAAyB;IAEzB,OAAO,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;AACrG,CAAC;AAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAAgC;IAEhC,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC"}
1
+ {"version":3,"file":"permissionsScanning.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/helpers/permissionsScanning.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAI5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACpE,OAAO,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAElE,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAiBnH;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAC7B,WAAgC,EAChC,QAAwB,EACxB,cAAyB;IAEzB,IAAI,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC;QAC1B,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IAC1C,CAAC;IACD,MAAM,eAAe,GAAG,eAAe,CAAC,WAAW,EAAE,iBAAiB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IAClG,MAAM,iBAAiB,GAAG,eAAe,CAAC,WAAW,EAAE,mBAAmB,EAAE,QAAQ,EAAE,cAAc,CAAC,CAAC;IACtG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACjE,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC7D,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,MAAM,UAAU,eAAe,CAC7B,OAA4B,EAC5B,kBAAsC,EACtC,QAAwB,EACxB,cAAyB;IAEzB,MAAM,MAAM,GAAe,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5D,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACxD,MAAM,UAAU,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,cAAc,EAAE,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7G,MAAM,kBAAkB,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,kBAAkB,CAAC,CAAC;QAChF,IAAI,kBAAkB,EAAE,CAAC;YACvB,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBACtE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC;iBACjE,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,CAAC,yBAAyB,CAAC,kBAAkB,CAAC,cAAc,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;oBACrB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE;wBACxE,kBAAkB,CAAC,cAAc;wBACjC,OAAO,CAAC,IAAI;qBACb,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;iBAAM,IAAI,kBAAkB,CAAC,cAAc,KAAK,mBAAmB,CAAC,OAAO,EAAE,CAAC;gBAC7E,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;oBACnB,UAAU;oBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;iBAC5D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC;gBACnB,UAAU;gBACV,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;aACnE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAClB,QAAgB,EAChB,QAAwB,EACxB,IAAwB;IAExB,OAAO,kBAAkB,CAAC,QAAQ,EAAE,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC;AACrG,CAAC;AAED,SAAS,kBAAkB,CACzB,QAAgB,EAChB,IAA+B;IAE/B,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACxD,CAAC"}
package/lib/libs/core/registries/permissionSets.d.ts CHANGED
@@ -2,7 +2,7 @@ import { PermissionSet } from '@jsforce/jsforce-node/lib/api/metadata.js';
2
2
  import RuleRegistry from './ruleRegistry.js';
3
3
  export type ResolvedPermissionSet = {
4
4
  name: string;
5
- preset: string;
5
+ role: string;
6
6
  metadata: PermissionSet;
7
7
  };
8
8
  export default class PermSetsRuleRegistry extends RuleRegistry {
package/lib/libs/core/registries/profiles.d.ts CHANGED
@@ -2,7 +2,7 @@ import { Profile as ProfileMetadata } from '@jsforce/jsforce-node/lib/api/metada
2
2
  import RuleRegistry from './ruleRegistry.js';
3
3
  export type ResolvedProfile = {
4
4
  name: string;
5
- preset: string;
5
+ role: string;
6
6
  metadata: ProfileMetadata;
7
7
  };
8
8
  export default class ProfilesRuleRegistry extends RuleRegistry {
package/lib/libs/core/registries/ruleRegistry.js CHANGED
@@ -35,7 +35,7 @@ export default class RuleRegistry {
35
35
  if (this.rules[ruleName] && ruleConfig.enabled) {
36
36
  enabledRules.push(new this.rules[ruleName]({ auditContext, ruleDisplayName: ruleName, ruleConfig: ruleConfig.options }));
37
37
  }
38
- else if (!ruleConfig.enabled) {
38
+ else if (ruleConfig.enabled === false) {
39
39
  skippedRules.push({ name: ruleName, skipReason: messages.getMessage('skip-reason.rule-not-enabled') });
40
40
  }
41
41
  else {
package/lib/libs/core/registries/ruleRegistry.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"ruleRegistry.js","sourceRoot":"","sources":["../../../../src/libs/core/registries/ruleRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAK5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAajG;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,YAAY;IACL;IAA1B,YAA0B,KAA+D;QAA/D,UAAK,GAAL,KAAK,CAA0D;IAAG,CAAC;IAE7F;;;;OAIG;IACI,eAAe;QACpB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACI,YAAY,CAAC,QAAiB,EAAE,YAA4B;QACjE,MAAM,YAAY,GAAG,IAAI,KAAK,EAA+B,CAAC;QAC9D,MAAM,YAAY,GAAG,IAAI,KAAK,EAAwB,CAAC;QACvD,MAAM,aAAa,GAAG,IAAI,KAAK,EAAsB,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1D,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/C,YAAY,CAAC,IAAI,CACf,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CACtG,CAAC;YACJ,CAAC;iBAAM,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/B,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC;YACzG,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,mCAAmC,CAAC,EAAE,CAAC,CAAC;YAC5G,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC;IACvD,CAAC;CACF"}
1
+ {"version":3,"file":"ruleRegistry.js","sourceRoot":"","sources":["../../../../src/libs/core/registries/ruleRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAK5C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,kBAAkB,CAAC,CAAC;AAajG;;;;GAIG;AACH,MAAM,CAAC,OAAO,OAAO,YAAY;IACL;IAA1B,YAA0B,KAA+D;QAA/D,UAAK,GAAL,KAAK,CAA0D;IAAG,CAAC;IAE7F;;;;OAIG;IACI,eAAe;QACpB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjC,CAAC;IAED;;;;;;;OAOG;IACI,YAAY,CAAC,QAAiB,EAAE,YAA4B;QACjE,MAAM,YAAY,GAAG,IAAI,KAAK,EAA+B,CAAC;QAC9D,MAAM,YAAY,GAAG,IAAI,KAAK,EAAwB,CAAC;QACvD,MAAM,aAAa,GAAG,IAAI,KAAK,EAAsB,CAAC;QACtD,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1D,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;gBAC/C,YAAY,CAAC,IAAI,CACf,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,EAAE,eAAe,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CACtG,CAAC;YACJ,CAAC;iBAAM,IAAI,UAAU,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;gBACxC,YAAY,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,QAAQ,CAAC,UAAU,CAAC,8BAA8B,CAAC,EAAE,CAAC,CAAC;YACzG,CAAC;iBAAM,CAAC;gBACN,aAAa,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,mCAAmC,CAAC,EAAE,CAAC,CAAC;YAC5G,CAAC;QACH,CAAC,CAAC,CAAC;QACH,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC;IACvD,CAAC;CACF"}
package/lib/libs/core/registries/rules/enforcePermissionPresets.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { Messages } from '@salesforce/core';
2
2
  import UsersRepository from '../../mdapi/usersRepository.js';
3
- import { ProfilesRiskPreset, resolvePresetOrdinalValue } from '../../policy-types.js';
3
+ import { UserPrivilegeLevel, resolvePresetOrdinalValue } from '../../policy-types.js';
4
4
  import { capitalize } from '../../utils.js';
5
5
  import PolicyRule from './policyRule.js';
6
6
  Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
@@ -16,13 +16,13 @@ export default class EnforcePermissionPresets extends PolicyRule {
16
16
  // options "with/without metadata - only identifiers"
17
17
  const userPerms = await userRepo.resolveUserPermissions(Object.values(users), { withMetadata: false });
18
18
  for (const user of Object.values(users)) {
19
- const profilePreset = this.auditContext.policies.profiles?.content.profiles[user.profileName];
20
- auditPermissionsEntity(result, user, 'profile', user.profileName, profilePreset?.preset);
19
+ const profilePreset = this.auditContext.classifications.profiles?.content.profiles[user.profileName];
20
+ auditPermissionsEntity(result, user, 'profile', user.profileName, profilePreset?.role);
21
21
  const permsets = userPerms.get(user.userId);
22
22
  if (permsets) {
23
23
  for (const assignment of permsets.assignedPermissionsets) {
24
- const permsetPreset = this.auditContext.policies.permissionSets?.content.permissionSets[assignment.permissionSetIdentifier];
25
- auditPermissionsEntity(result, user, 'permission set', assignment.permissionSetIdentifier, permsetPreset?.preset);
24
+ const permsetPreset = this.auditContext.classifications.permissionSets?.content.permissionSets[assignment.permissionSetIdentifier];
25
+ auditPermissionsEntity(result, user, 'permission set', assignment.permissionSetIdentifier, permsetPreset?.role);
26
26
  }
27
27
  }
28
28
  }
@@ -31,7 +31,7 @@ export default class EnforcePermissionPresets extends PolicyRule {
31
31
  }
32
32
  function auditPermissionsEntity(result, user, entityType, entityIdentifier, entityPreset) {
33
33
  if (entityPreset) {
34
- if (entityPreset === ProfilesRiskPreset.UNKNOWN) {
34
+ if (entityPreset === UserPrivilegeLevel.UNKNOWN) {
35
35
  result.violations.push({
36
36
  identifier: [user.username, entityIdentifier],
37
37
  message: messages.getMessage('violations.entity-unknown-but-used', [capitalize(entityType)]),
package/lib/libs/core/registries/rules/enforcePermissionPresets.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"enforcePermissionPresets.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforcePermissionPresets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,eAAe,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAEtF,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,wBAAyB,SAAQ,UAAwB;IAC5E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAuC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,qDAAqD;QACrD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;QACvG,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC9F,sBAAsB,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;YACzF,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,sBAAsB,EAAE,CAAC;oBACzD,MAAM,aAAa,GACjB,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC;oBACxG,sBAAsB,CACpB,MAAM,EACN,IAAI,EACJ,gBAAgB,EAChB,UAAU,CAAC,uBAAuB,EAClC,aAAa,EAAE,MAAM,CACtB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AACD,SAAS,sBAAsB,CAC7B,MAA+B,EAC/B,IAAkB,EAClB,UAAkB,EAClB,gBAAwB,EACxB,YAAiC;IAEjC,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,YAAY,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC;gBAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;aAC7F,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,yBAAyB,CAAC,YAAY,CAAC,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1F,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC;gBAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6CAA6C,EAAE;oBAC1E,IAAI,CAAC,IAAI;oBACT,UAAU;oBACV,YAAY;iBACb,CAAC;aACH,CAAC,CAAC;QACL,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;YACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC;YAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;SAChH,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
1
+ {"version":3,"file":"enforcePermissionPresets.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforcePermissionPresets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,eAAe,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAC;AAEtF,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,wBAAyB,SAAQ,UAAwB;IAC5E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAuC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,qDAAqD;QACrD,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,CAAC;QACvG,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,aAAa,GAAG,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACrG,sBAAsB,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,IAAI,CAAC,CAAC;YACvF,MAAM,QAAQ,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,KAAK,MAAM,UAAU,IAAI,QAAQ,CAAC,sBAAsB,EAAE,CAAC;oBACzD,MAAM,aAAa,GACjB,IAAI,CAAC,YAAY,CAAC,eAAe,CAAC,cAAc,EAAE,OAAO,CAAC,cAAc,CACtE,UAAU,CAAC,uBAAuB,CACnC,CAAC;oBACJ,sBAAsB,CACpB,MAAM,EACN,IAAI,EACJ,gBAAgB,EAChB,UAAU,CAAC,uBAAuB,EAClC,aAAa,EAAE,IAAI,CACpB,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAED,SAAS,sBAAsB,CAC7B,MAA+B,EAC/B,IAAkB,EAClB,UAAkB,EAClB,gBAAwB,EACxB,YAAiC;IAEjC,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,YAAY,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;YAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC;gBAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;aAC7F,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,yBAAyB,CAAC,YAAY,CAAC,GAAG,yBAAyB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1F,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;gBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC;gBAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,6CAA6C,EAAE;oBAC1E,IAAI,CAAC,IAAI;oBACT,UAAU;oBACV,YAAY;iBACb,CAAC;aACH,CAAC,CAAC;QACL,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;YACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC;YAC7C,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,2CAA2C,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;SAChH,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}
package/lib/libs/core/registries/rules/enforcePermissionsOnUser.js CHANGED
@@ -19,7 +19,7 @@ export default class EnforcePermissionsOnUser extends PolicyRule {
19
19
  result.violations.push(...permsetResult.violations);
20
20
  result.warnings.push(...permsetResult.warnings);
21
21
  if (resolvedPerms.profileMetadata) {
22
- const profileResult = scanProfileLike({ preset: user.role, metadata: resolvedPerms.profileMetadata, name: user.profileName }, this.auditContext, [user.username]);
22
+ const profileResult = scanProfileLike({ role: user.role, metadata: resolvedPerms.profileMetadata, name: user.profileName }, this.auditContext, [user.username]);
23
23
  result.violations.push(...profileResult.violations);
24
24
  result.warnings.push(...profileResult.warnings);
25
25
  }
@@ -32,7 +32,7 @@ export default class EnforcePermissionsOnUser extends PolicyRule {
32
32
  if (!assignedPermSet.metadata) {
33
33
  continue;
34
34
  }
35
- const permsetScan = scanProfileLike({ preset: user.role, metadata: assignedPermSet.metadata, name: assignedPermSet.permissionSetIdentifier }, this.auditContext, [user.username]);
35
+ const permsetScan = scanProfileLike({ role: user.role, metadata: assignedPermSet.metadata, name: assignedPermSet.permissionSetIdentifier }, this.auditContext, [user.username]);
36
36
  result.violations.push(...permsetScan.violations);
37
37
  result.warnings.push(...permsetScan.warnings);
38
38
  }
package/lib/libs/core/registries/rules/enforcePermissionsOnUser.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"enforcePermissionsOnUser.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforcePermissionsOnUser.ts"],"names":[],"mappings":"AAAA,OAAO,eAA4C,MAAM,gCAAgC,CAAC;AAC1F,OAAO,EAAE,eAAe,EAAc,MAAM,mCAAmC,CAAC;AAGhF,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,CAAC,OAAO,OAAO,wBAAyB,SAAQ,UAAwB;IAC5E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAuC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACtG,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,SAAS;YACX,CAAC;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,0BAA0B,CAAC,IAAI,EAAE,aAAa,CAAC,sBAAsB,CAAC,CAAC;YAClG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;YACpD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YAChD,IAAI,aAAa,CAAC,eAAe,EAAE,CAAC;gBAClC,MAAM,aAAa,GAAG,eAAe,CACnC,EAAE,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,CAAC,eAAe,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,EACtF,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAChB,CAAC;gBACF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;gBACpD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,0BAA0B,CAAC,IAAkB,EAAE,iBAA4C;QACjG,MAAM,MAAM,GAAe,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC5D,KAAK,MAAM,eAAe,IAAI,iBAAiB,EAAE,CAAC;YAChD,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;gBAC9B,SAAS;YACX,CAAC;YACD,MAAM,WAAW,GAAG,eAAe,CACjC,EAAE,MAAM,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE,eAAe,CAAC,uBAAuB,EAAE,EACxG,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAChB,CAAC;YACF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
1
+ {"version":3,"file":"enforcePermissionsOnUser.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/enforcePermissionsOnUser.ts"],"names":[],"mappings":"AAAA,OAAO,eAA4C,MAAM,gCAAgC,CAAC;AAC1F,OAAO,EAAE,eAAe,EAAc,MAAM,mCAAmC,CAAC;AAGhF,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,CAAC,OAAO,OAAO,wBAAyB,SAAQ,UAAwB;IAC5E,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAuC;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAC;QAClE,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,sBAAsB,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACtG,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,aAAa,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjD,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,SAAS;YACX,CAAC;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,0BAA0B,CAAC,IAAI,EAAE,aAAa,CAAC,sBAAsB,CAAC,CAAC;YAClG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;YACpD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YAChD,IAAI,aAAa,CAAC,eAAe,EAAE,CAAC;gBAClC,MAAM,aAAa,GAAG,eAAe,CACnC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,aAAa,CAAC,eAAe,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,EACpF,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAChB,CAAC;gBACF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;gBACpD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;YAClD,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,0BAA0B,CAAC,IAAkB,EAAE,iBAA4C;QACjG,MAAM,MAAM,GAAe,EAAE,UAAU,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QAC5D,KAAK,MAAM,eAAe,IAAI,iBAAiB,EAAE,CAAC;YAChD,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,CAAC;gBAC9B,SAAS;YACX,CAAC;YACD,MAAM,WAAW,GAAG,eAAe,CACjC,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,eAAe,CAAC,QAAQ,EAAE,IAAI,EAAE,eAAe,CAAC,uBAAuB,EAAE,EACtG,IAAI,CAAC,YAAY,EACjB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAChB,CAAC;YACF,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC;YAClD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF"}
package/lib/libs/core/registries/rules/noOtherApexApiLogins.js CHANGED
@@ -15,7 +15,7 @@ export default class NoOtherApexApiLogins extends PolicyRule {
15
15
  for (const loginSummary of user.logins) {
16
16
  if (loginSummary.loginType === 'Other Apex API') {
17
17
  result.violations.push({
18
- identifier: [user.username],
18
+ identifier: [user.username, new Date(loginSummary.lastLogin).toISOString()],
19
19
  message: messages.getMessage('violations.no-other-apex-api-logins', [loginSummary.loginCount]),
20
20
  });
21
21
  }
package/lib/libs/core/registries/rules/noOtherApexApiLogins.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"noOtherApexApiLogins.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noOtherApexApiLogins.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,UAAwB;IACxE,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,IAAI,YAAY,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;oBAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;wBAC3B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;qBAC/F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
1
+ {"version":3,"file":"noOtherApexApiLogins.js","sourceRoot":"","sources":["../../../../../src/libs/core/registries/rules/noOtherApexApiLogins.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAG5C,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,aAAa,CAAC,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,oBAAqB,SAAQ,UAAwB;IACxE,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC3D,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,KAAK,MAAM,YAAY,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,IAAI,YAAY,CAAC,SAAS,KAAK,gBAAgB,EAAE,CAAC;oBAChD,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;wBACrB,UAAU,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,IAAI,IAAI,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;wBAC3E,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,qCAAqC,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC;qBAC/F,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
package/lib/libs/core/registries/types.d.ts CHANGED
@@ -2,11 +2,11 @@ import { Connection } from '@salesforce/core';
2
2
  import { AuditPolicyResult, PolicyRuleExecutionResult } from '../result-types.js';
3
3
  import { Optional } from '../utils.js';
4
4
  export declare const RuleRegistries: {
5
- ConnectedApps: import("./connectedApps.js").default;
6
- Profiles: import("./profiles.js").default;
7
- PermissionSets: import("./permissionSets.js").default;
8
- Users: import("./users.js").default;
9
- Settings: import("./settings.js").default;
5
+ connectedApps: import("./connectedApps.js").default;
6
+ profiles: import("./profiles.js").default;
7
+ permissionSets: import("./permissionSets.js").default;
8
+ users: import("./users.js").default;
9
+ settings: import("./settings.js").default;
10
10
  };
11
11
  export type Constructor<T, Args extends any[] = any[]> = new (...args: Args) => T;
12
12
  /**
package/lib/libs/core/registries/types.js CHANGED
@@ -4,10 +4,10 @@ import { ProfilesRegistry } from './profiles.js';
4
4
  import { UsersRegistry } from './users.js';
5
5
  import { SettingsRegistry } from './settings.js';
6
6
  export const RuleRegistries = {
7
- ConnectedApps: ConnectedAppsRegistry,
8
- Profiles: ProfilesRegistry,
9
- PermissionSets: PermissionSetsRegistry,
10
- Users: UsersRegistry,
11
- Settings: SettingsRegistry,
7
+ connectedApps: ConnectedAppsRegistry,
8
+ profiles: ProfilesRegistry,
9
+ permissionSets: PermissionSetsRegistry,
10
+ users: UsersRegistry,
11
+ settings: SettingsRegistry,
12
12
  };
13
13
  //# sourceMappingURL=types.js.map
package/lib/libs/core/registries/users.d.ts CHANGED
@@ -1,8 +1,8 @@
1
1
  import { User } from '../mdapi/usersRepository.js';
2
- import { ProfilesRiskPreset } from '../policy-types.js';
2
+ import { UserPrivilegeLevel } from '../policy-types.js';
3
3
  import RuleRegistry from './ruleRegistry.js';
4
4
  export type ResolvedUser = User & {
5
- role: ProfilesRiskPreset;
5
+ role: UserPrivilegeLevel;
6
6
  };
7
7
  export default class UsersRuleRegistry extends RuleRegistry {
8
8
  constructor();
package/messages/org.audit.init.md CHANGED
@@ -32,9 +32,9 @@ The selected preset is applied before any other default mechanisms (such as temp
32
32
 
33
33
  <%= config.bin %> <%= command.id %> -o MyTargetOrg -d my_dir -p loose
34
34
 
35
- # success.perm-classification-summary
35
+ # success.classification-summary
36
36
 
37
- Initialised %s permissions at %s.
37
+ Initialised %s %s at %s.
38
38
 
39
39
  # success.policy-summary
40
40
 
package/messages/org.audit.run.md CHANGED
@@ -48,6 +48,10 @@ The "Profiles" policy requires at least userPermissions to be initialised, but n
48
48
 
49
49
  The "Permission Sets" policy requires at least userPermissions to be initialised, but none were found at the target directory.
50
50
 
51
+ # ProfileClassificationRequiredForProfiles
52
+
53
+ The "Profiles" policy requires a corresponding classification to be initialised.
54
+
51
55
  # error.InvalidConfigFileSchema
52
56
 
53
57
  Failed to parse %s: %s.
package/oclif.manifest.json CHANGED
@@ -251,5 +251,5 @@
251
251
  ]
252
252
  }
253
253
  },
254
- "version": "0.9.1"
254
+ "version": "0.10.1"
255
255
  }
package/package.json CHANGED
@@ -1,10 +1,10 @@
1
1
  {
2
2
  "name": "@j-schreiber/sf-cli-security-audit",
3
3
  "description": "Salesforce CLI plugin to automate highly configurable security audits",
4
- "version": "0.9.1",
4
+ "version": "0.10.1",
5
5
  "repository": {
6
- "type": "https",
7
- "url": "https://github.com/j-schreiber/js-sf-cli-security-audit"
6
+ "type": "git",
7
+ "url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"
8
8
  },
9
9
  "homepage": "https://securityauditengine.org",
10
10
  "dependencies": {