@rawdash/connector-drata 0.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +142 -0
- package/dist/index.d.ts +569 -0
- package/dist/index.js +653 -0
- package/dist/index.js.map +1 -0
- package/package.json +43 -0
package/dist/index.js
ADDED
|
@@ -0,0 +1,653 @@
|
|
|
1
|
+
// ../../connector-shared/dist/index.js
|
|
2
|
+
var HTTP_CLIENT_VERSION = "0.0.0";
|
|
3
|
+
var DEFAULT_USER_AGENT = `rawdash-connector/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
|
|
4
|
+
function connectorUserAgent(connectorId) {
|
|
5
|
+
return `rawdash-connector-${connectorId}/${HTTP_CLIENT_VERSION} (+https://rawdash.dev)`;
|
|
6
|
+
}
|
|
7
|
+
function parseEpoch(value, unit) {
|
|
8
|
+
if (value === null || value === void 0) {
|
|
9
|
+
return null;
|
|
10
|
+
}
|
|
11
|
+
if (unit === "iso") {
|
|
12
|
+
if (typeof value !== "string") {
|
|
13
|
+
return null;
|
|
14
|
+
}
|
|
15
|
+
const ms = new Date(value).getTime();
|
|
16
|
+
return Number.isFinite(ms) ? ms : null;
|
|
17
|
+
}
|
|
18
|
+
if (typeof value === "string" && value.trim() === "") {
|
|
19
|
+
return null;
|
|
20
|
+
}
|
|
21
|
+
const n = typeof value === "number" ? value : Number(value);
|
|
22
|
+
if (!Number.isFinite(n)) {
|
|
23
|
+
return null;
|
|
24
|
+
}
|
|
25
|
+
const result = unit === "s" ? n * 1e3 : n;
|
|
26
|
+
return Number.isFinite(result) ? result : null;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
// src/drata.ts
|
|
30
|
+
import {
|
|
31
|
+
BaseConnector,
|
|
32
|
+
defineConfigFields,
|
|
33
|
+
defineConnectorDoc,
|
|
34
|
+
defineResources,
|
|
35
|
+
makeChunkedCursorGuard,
|
|
36
|
+
paginateChunked,
|
|
37
|
+
schemasFromResources,
|
|
38
|
+
selectActivePhases
|
|
39
|
+
} from "@rawdash/core";
|
|
40
|
+
import { z } from "zod";
|
|
41
|
+
var configFields = defineConfigFields(
|
|
42
|
+
z.object({
|
|
43
|
+
apiKey: z.object({ $secret: z.string().min(1) }).meta({
|
|
44
|
+
label: "Drata API key",
|
|
45
|
+
description: "Drata Public API key. Generated under Settings -> Integrations -> Public API. Treated as a bearer token. Stored as a secret.",
|
|
46
|
+
placeholder: "DRATA_API_KEY",
|
|
47
|
+
secret: true
|
|
48
|
+
}),
|
|
49
|
+
baseUrl: z.string().trim().url().optional().refine((u) => u === void 0 || !u.endsWith("/"), {
|
|
50
|
+
message: "baseUrl must not end with a trailing slash."
|
|
51
|
+
}).meta({
|
|
52
|
+
label: "Base URL",
|
|
53
|
+
description: 'Override the Drata Public API base URL. Defaults to "https://public-api.drata.com". Useful for sandbox / region-specific tenants.',
|
|
54
|
+
placeholder: "https://public-api.drata.com"
|
|
55
|
+
}),
|
|
56
|
+
resources: z.array(z.enum(["controls", "tests", "personnel", "findings"])).nonempty().optional().meta({
|
|
57
|
+
label: "Resources",
|
|
58
|
+
description: "Which Drata resources to sync. Omit to sync all of them. The API key only needs read access to the resources listed here."
|
|
59
|
+
}),
|
|
60
|
+
findingsLookbackDays: z.number().int().positive().optional().meta({
|
|
61
|
+
label: "Findings lookback (days)",
|
|
62
|
+
description: "How many days of test findings to refresh on each full sync. Defaults to 90. Incremental syncs use the run watermark and ignore this field.",
|
|
63
|
+
placeholder: "90"
|
|
64
|
+
})
|
|
65
|
+
})
|
|
66
|
+
);
|
|
67
|
+
var doc = defineConnectorDoc({
|
|
68
|
+
displayName: "Drata",
|
|
69
|
+
category: "security",
|
|
70
|
+
brandColor: "#6D2BFF",
|
|
71
|
+
tagline: "Sync controls, tests, personnel, and test findings from Drata for audit-ready %, failing-test count, training-completion, and open-finding compliance dashboards.",
|
|
72
|
+
vendor: {
|
|
73
|
+
name: "Drata",
|
|
74
|
+
domain: "drata.com",
|
|
75
|
+
apiDocs: "https://developers.drata.com/",
|
|
76
|
+
website: "https://drata.com"
|
|
77
|
+
},
|
|
78
|
+
auth: {
|
|
79
|
+
summary: "Bearer-token auth with a Drata Public API key. Read access to the resources you sync is sufficient.",
|
|
80
|
+
setup: [
|
|
81
|
+
"Sign in to Drata as an admin and open Settings -> Integrations -> Public API.",
|
|
82
|
+
"Create a new API key; grant it read access to the resources you intend to sync (controls, tests, personnel, findings).",
|
|
83
|
+
"Copy the generated key. Drata only shows the key once.",
|
|
84
|
+
'Store the key as a rawdash secret and reference it from the connector config as `apiKey: secret("DRATA_API_KEY")`.'
|
|
85
|
+
]
|
|
86
|
+
},
|
|
87
|
+
rateLimit: "Drata enforces a per-tenant quota and responds with 429 + Retry-After when exceeded; the shared HTTP client honors Retry-After when scheduling the next request.",
|
|
88
|
+
limitations: [
|
|
89
|
+
"Only controls, tests, personnel, and test findings are synced. Frameworks, risks, vendors, audits, and document-evidence resources are out of scope.",
|
|
90
|
+
"Controls, tests, and personnel are full-snapshot resources: every sync re-reads the whole list and rewrites the entity scope on the first page. Tenants with very large catalogs (10k+ controls/tests) should run the connector less often.",
|
|
91
|
+
"Test findings before the configured lookback window (default 90 days) are not refreshed; they remain whatever the most recent sync that did see them wrote."
|
|
92
|
+
]
|
|
93
|
+
});
|
|
94
|
+
var drataCredentials = {
|
|
95
|
+
apiKey: {
|
|
96
|
+
description: "Drata Public API key",
|
|
97
|
+
auth: "required"
|
|
98
|
+
}
|
|
99
|
+
};
|
|
100
|
+
var PHASE_ORDER = ["controls", "tests", "personnel", "findings"];
|
|
101
|
+
var isDrataSyncCursor = makeChunkedCursorGuard(PHASE_ORDER);
|
|
102
|
+
var CONTROL_ENTITY = "drata_control";
|
|
103
|
+
var TEST_ENTITY = "drata_test";
|
|
104
|
+
var PERSONNEL_ENTITY = "drata_personnel";
|
|
105
|
+
var FINDING_EVENT = "drata_test_finding";
|
|
106
|
+
var DEFAULT_BASE_URL = "https://public-api.drata.com";
|
|
107
|
+
var PAGE_SIZE = 100;
|
|
108
|
+
var DEFAULT_FINDINGS_LOOKBACK_DAYS = 90;
|
|
109
|
+
var CONTROL_STATUSES = [
|
|
110
|
+
"PASSING",
|
|
111
|
+
"FAILING",
|
|
112
|
+
"NEEDS_ATTENTION",
|
|
113
|
+
"DEACTIVATED"
|
|
114
|
+
];
|
|
115
|
+
var TEST_STATUSES = [
|
|
116
|
+
"OK",
|
|
117
|
+
"NEEDS_ATTENTION",
|
|
118
|
+
"DEACTIVATED",
|
|
119
|
+
"IN_PROGRESS"
|
|
120
|
+
];
|
|
121
|
+
var FINDING_SEVERITIES = ["LOW", "MEDIUM", "HIGH", "CRITICAL"];
|
|
122
|
+
var idString = z.string().min(1);
|
|
123
|
+
var paginationSchema = z.object({
|
|
124
|
+
nextCursor: z.string().nullish(),
|
|
125
|
+
hasMore: z.boolean().nullish()
|
|
126
|
+
}).nullish();
|
|
127
|
+
var frameworkRefSchema = z.object({
|
|
128
|
+
name: z.string().nullish(),
|
|
129
|
+
matchingId: z.string().nullish()
|
|
130
|
+
});
|
|
131
|
+
var controlSchema = z.object({
|
|
132
|
+
id: idString,
|
|
133
|
+
name: z.string().nullish(),
|
|
134
|
+
description: z.string().nullish(),
|
|
135
|
+
status: z.string().nullish(),
|
|
136
|
+
frameworks: z.array(frameworkRefSchema).nullish(),
|
|
137
|
+
lastEvaluatedAt: z.string().nullish(),
|
|
138
|
+
updatedAt: z.string().nullish(),
|
|
139
|
+
createdAt: z.string().nullish()
|
|
140
|
+
});
|
|
141
|
+
var controlsResponseSchema = z.object({
|
|
142
|
+
data: z.array(controlSchema),
|
|
143
|
+
pagination: paginationSchema
|
|
144
|
+
});
|
|
145
|
+
var testSchema = z.object({
|
|
146
|
+
id: idString,
|
|
147
|
+
name: z.string().nullish(),
|
|
148
|
+
description: z.string().nullish(),
|
|
149
|
+
status: z.string().nullish(),
|
|
150
|
+
controlIds: z.array(z.string()).nullish(),
|
|
151
|
+
controls: z.array(z.object({ id: z.string() })).nullish(),
|
|
152
|
+
evidenceCount: z.number().nullish(),
|
|
153
|
+
lastTestedAt: z.string().nullish(),
|
|
154
|
+
updatedAt: z.string().nullish(),
|
|
155
|
+
createdAt: z.string().nullish()
|
|
156
|
+
});
|
|
157
|
+
var testsResponseSchema = z.object({
|
|
158
|
+
data: z.array(testSchema),
|
|
159
|
+
pagination: paginationSchema
|
|
160
|
+
});
|
|
161
|
+
var personnelSchema = z.object({
|
|
162
|
+
id: idString,
|
|
163
|
+
email: z.string().nullish(),
|
|
164
|
+
firstName: z.string().nullish(),
|
|
165
|
+
lastName: z.string().nullish(),
|
|
166
|
+
role: z.string().nullish(),
|
|
167
|
+
employmentStatus: z.string().nullish(),
|
|
168
|
+
startDate: z.string().nullish(),
|
|
169
|
+
trainingStatus: z.string().nullish(),
|
|
170
|
+
trainingCompletedAt: z.string().nullish(),
|
|
171
|
+
updatedAt: z.string().nullish(),
|
|
172
|
+
createdAt: z.string().nullish()
|
|
173
|
+
});
|
|
174
|
+
var personnelResponseSchema = z.object({
|
|
175
|
+
data: z.array(personnelSchema),
|
|
176
|
+
pagination: paginationSchema
|
|
177
|
+
});
|
|
178
|
+
var findingSchema = z.object({
|
|
179
|
+
id: idString,
|
|
180
|
+
testId: z.string().nullish(),
|
|
181
|
+
controlId: z.string().nullish(),
|
|
182
|
+
severity: z.string().nullish(),
|
|
183
|
+
status: z.string().nullish(),
|
|
184
|
+
createdAt: z.string(),
|
|
185
|
+
resolvedAt: z.string().nullish(),
|
|
186
|
+
description: z.string().nullish(),
|
|
187
|
+
resourceId: z.string().nullish()
|
|
188
|
+
});
|
|
189
|
+
var findingsResponseSchema = z.object({
|
|
190
|
+
data: z.array(findingSchema),
|
|
191
|
+
pagination: paginationSchema
|
|
192
|
+
});
|
|
193
|
+
var drataResources = defineResources({
|
|
194
|
+
[CONTROL_ENTITY]: {
|
|
195
|
+
shape: "entity",
|
|
196
|
+
filterable: [
|
|
197
|
+
{
|
|
198
|
+
field: "status",
|
|
199
|
+
ops: ["eq"],
|
|
200
|
+
values: ["PASSING", "FAILING", "NEEDS_ATTENTION", "DEACTIVATED"]
|
|
201
|
+
},
|
|
202
|
+
{ field: "framework", ops: ["eq"] }
|
|
203
|
+
],
|
|
204
|
+
description: "Drata controls keyed by id. Each control belongs to one or more frameworks (SOC 2, HIPAA, ISO 27001, etc.) and has a roll-up status of PASSING, FAILING, or NEEDS_ATTENTION.",
|
|
205
|
+
endpoint: "GET /v1/controls",
|
|
206
|
+
notes: "Cursor pagination via cursor / limit. Controls are a full-snapshot resource: a full sync rewrites the scope on first page.",
|
|
207
|
+
fields: [
|
|
208
|
+
{ name: "name", description: "Human-readable control name." },
|
|
209
|
+
{
|
|
210
|
+
name: "status",
|
|
211
|
+
description: "Roll-up status (PASSING, FAILING, NEEDS_ATTENTION, or DEACTIVATED)."
|
|
212
|
+
},
|
|
213
|
+
{
|
|
214
|
+
name: "framework",
|
|
215
|
+
description: 'Name of the first framework the control is mapped to (e.g. "SOC 2"). Use the framework dimension for distributions when a control maps to several frameworks.'
|
|
216
|
+
},
|
|
217
|
+
{
|
|
218
|
+
name: "frameworks",
|
|
219
|
+
description: "Comma-separated list of every framework the control is mapped to."
|
|
220
|
+
},
|
|
221
|
+
{
|
|
222
|
+
name: "lastEvaluated",
|
|
223
|
+
description: "When Drata last evaluated the control (Unix ms)."
|
|
224
|
+
}
|
|
225
|
+
],
|
|
226
|
+
responses: {
|
|
227
|
+
controls: controlsResponseSchema
|
|
228
|
+
}
|
|
229
|
+
},
|
|
230
|
+
[TEST_ENTITY]: {
|
|
231
|
+
shape: "entity",
|
|
232
|
+
filterable: [
|
|
233
|
+
{
|
|
234
|
+
field: "status",
|
|
235
|
+
ops: ["eq"],
|
|
236
|
+
values: ["OK", "NEEDS_ATTENTION", "DEACTIVATED", "IN_PROGRESS"]
|
|
237
|
+
}
|
|
238
|
+
],
|
|
239
|
+
description: "Drata tests keyed by id. A test is the smallest unit of evaluation in Drata and may be mapped to multiple controls.",
|
|
240
|
+
endpoint: "GET /v1/tests",
|
|
241
|
+
notes: "Cursor pagination via cursor / limit. Tests are a full-snapshot resource.",
|
|
242
|
+
fields: [
|
|
243
|
+
{ name: "name", description: "Human-readable test name." },
|
|
244
|
+
{
|
|
245
|
+
name: "status",
|
|
246
|
+
description: "Test status (OK, NEEDS_ATTENTION, DEACTIVATED, or IN_PROGRESS)."
|
|
247
|
+
},
|
|
248
|
+
{
|
|
249
|
+
name: "controlId",
|
|
250
|
+
description: "First control id the test is mapped to (a test may be mapped to several controls)."
|
|
251
|
+
},
|
|
252
|
+
{
|
|
253
|
+
name: "controlCount",
|
|
254
|
+
description: "Number of controls the test is mapped to."
|
|
255
|
+
},
|
|
256
|
+
{
|
|
257
|
+
name: "evidenceCount",
|
|
258
|
+
description: "Number of distinct evidence rows backing the test (counter maintained by Drata)."
|
|
259
|
+
},
|
|
260
|
+
{
|
|
261
|
+
name: "lastTested",
|
|
262
|
+
description: "When Drata last ran the test (Unix ms)."
|
|
263
|
+
}
|
|
264
|
+
],
|
|
265
|
+
responses: { tests: testsResponseSchema }
|
|
266
|
+
},
|
|
267
|
+
[PERSONNEL_ENTITY]: {
|
|
268
|
+
shape: "entity",
|
|
269
|
+
filterable: [
|
|
270
|
+
{
|
|
271
|
+
field: "employmentStatus",
|
|
272
|
+
ops: ["eq"]
|
|
273
|
+
},
|
|
274
|
+
{
|
|
275
|
+
field: "trainingStatus",
|
|
276
|
+
ops: ["eq"]
|
|
277
|
+
}
|
|
278
|
+
],
|
|
279
|
+
description: "Drata personnel records keyed by id. Surfaces employment status, role, training completion, and training-completed timestamp for compliance-training dashboards.",
|
|
280
|
+
endpoint: "GET /v1/personnel",
|
|
281
|
+
notes: "Cursor pagination via cursor / limit. Personnel is a full-snapshot resource.",
|
|
282
|
+
fields: [
|
|
283
|
+
{ name: "email", description: "Work email address." },
|
|
284
|
+
{ name: "name", description: 'Full name ("firstName lastName").' },
|
|
285
|
+
{ name: "role", description: "Reported role / job title." },
|
|
286
|
+
{
|
|
287
|
+
name: "employmentStatus",
|
|
288
|
+
description: "Reported employment status (e.g. ACTIVE, ONBOARDING, OFFBOARDED)."
|
|
289
|
+
},
|
|
290
|
+
{
|
|
291
|
+
name: "trainingStatus",
|
|
292
|
+
description: "Reported security-training status (e.g. COMPLETED, IN_PROGRESS, NOT_STARTED, OVERDUE)."
|
|
293
|
+
},
|
|
294
|
+
{
|
|
295
|
+
name: "trainingCompleted",
|
|
296
|
+
description: "When the most recent training was marked completed (Unix ms)."
|
|
297
|
+
},
|
|
298
|
+
{
|
|
299
|
+
name: "startDate",
|
|
300
|
+
description: "Reported employment start date (Unix ms)."
|
|
301
|
+
}
|
|
302
|
+
],
|
|
303
|
+
responses: { personnel: personnelResponseSchema }
|
|
304
|
+
},
|
|
305
|
+
[FINDING_EVENT]: {
|
|
306
|
+
shape: "event",
|
|
307
|
+
filterable: [
|
|
308
|
+
{
|
|
309
|
+
field: "severity",
|
|
310
|
+
ops: ["eq"],
|
|
311
|
+
values: ["LOW", "MEDIUM", "HIGH", "CRITICAL"]
|
|
312
|
+
},
|
|
313
|
+
{
|
|
314
|
+
field: "status",
|
|
315
|
+
ops: ["eq"],
|
|
316
|
+
values: ["OPEN", "RESOLVED", "DEFERRED", "WONT_FIX"]
|
|
317
|
+
}
|
|
318
|
+
],
|
|
319
|
+
description: "Test findings (one event per finding row), with severity, the test it came from, and resolved-at when applicable. Useful for open-finding counts and MTTR-to-resolution timeseries.",
|
|
320
|
+
endpoint: "GET /v1/findings",
|
|
321
|
+
notes: "Cursor pagination via cursor / limit. Full syncs walk back findingsLookbackDays days; incremental syncs use the sync `since` watermark.",
|
|
322
|
+
fields: [
|
|
323
|
+
{ name: "findingId", description: "Drata finding id." },
|
|
324
|
+
{
|
|
325
|
+
name: "severity",
|
|
326
|
+
description: "Finding severity (LOW, MEDIUM, HIGH, CRITICAL)."
|
|
327
|
+
},
|
|
328
|
+
{
|
|
329
|
+
name: "status",
|
|
330
|
+
description: "Finding status (OPEN, RESOLVED, DEFERRED, WONT_FIX)."
|
|
331
|
+
},
|
|
332
|
+
{
|
|
333
|
+
name: "testId",
|
|
334
|
+
description: "Id of the test that produced the finding."
|
|
335
|
+
},
|
|
336
|
+
{
|
|
337
|
+
name: "controlId",
|
|
338
|
+
description: "First control id the finding is mapped to (via its test)."
|
|
339
|
+
},
|
|
340
|
+
{
|
|
341
|
+
name: "resolvedAt",
|
|
342
|
+
description: "Resolution timestamp (Unix ms) when resolved."
|
|
343
|
+
}
|
|
344
|
+
],
|
|
345
|
+
responses: { findings: findingsResponseSchema }
|
|
346
|
+
}
|
|
347
|
+
});
|
|
348
|
+
var id = "drata";
|
|
349
|
+
function isControlStatus(value) {
|
|
350
|
+
return CONTROL_STATUSES.includes(value);
|
|
351
|
+
}
|
|
352
|
+
function isTestStatus(value) {
|
|
353
|
+
return TEST_STATUSES.includes(value);
|
|
354
|
+
}
|
|
355
|
+
function isFindingSeverity(value) {
|
|
356
|
+
return FINDING_SEVERITIES.includes(value);
|
|
357
|
+
}
|
|
358
|
+
function normalizeFrameworks(control) {
|
|
359
|
+
const frameworks = control.frameworks ?? [];
|
|
360
|
+
const names = [];
|
|
361
|
+
for (const f of frameworks) {
|
|
362
|
+
if (typeof f.name === "string" && f.name.length > 0) {
|
|
363
|
+
names.push(f.name);
|
|
364
|
+
}
|
|
365
|
+
}
|
|
366
|
+
if (names.length === 0) {
|
|
367
|
+
return { primary: null, list: "" };
|
|
368
|
+
}
|
|
369
|
+
return { primary: names[0], list: names.join(",") };
|
|
370
|
+
}
|
|
371
|
+
function controlIdsForTest(test) {
|
|
372
|
+
if (Array.isArray(test.controlIds) && test.controlIds.length > 0) {
|
|
373
|
+
return test.controlIds.filter((s) => typeof s === "string" && s.length > 0);
|
|
374
|
+
}
|
|
375
|
+
if (Array.isArray(test.controls) && test.controls.length > 0) {
|
|
376
|
+
return test.controls.map((c) => c.id).filter((s) => typeof s === "string" && s.length > 0);
|
|
377
|
+
}
|
|
378
|
+
return [];
|
|
379
|
+
}
|
|
380
|
+
function personnelFullName(p) {
|
|
381
|
+
const parts = [p.firstName, p.lastName].filter((s) => typeof s === "string" && s.length > 0).map((s) => s.trim()).filter((s) => s.length > 0);
|
|
382
|
+
if (parts.length === 0) {
|
|
383
|
+
return null;
|
|
384
|
+
}
|
|
385
|
+
return parts.join(" ");
|
|
386
|
+
}
|
|
387
|
+
var DrataConnector = class _DrataConnector extends BaseConnector {
|
|
388
|
+
static id = id;
|
|
389
|
+
static resources = drataResources;
|
|
390
|
+
static schemas = schemasFromResources(drataResources);
|
|
391
|
+
static create(input, ctx) {
|
|
392
|
+
const parsed = configFields.parse(input);
|
|
393
|
+
return new _DrataConnector(
|
|
394
|
+
{
|
|
395
|
+
baseUrl: parsed.baseUrl,
|
|
396
|
+
resources: parsed.resources,
|
|
397
|
+
findingsLookbackDays: parsed.findingsLookbackDays
|
|
398
|
+
},
|
|
399
|
+
{
|
|
400
|
+
apiKey: parsed.apiKey
|
|
401
|
+
},
|
|
402
|
+
ctx
|
|
403
|
+
);
|
|
404
|
+
}
|
|
405
|
+
id = id;
|
|
406
|
+
credentials = drataCredentials;
|
|
407
|
+
baseUrl() {
|
|
408
|
+
return this.settings.baseUrl ?? DEFAULT_BASE_URL;
|
|
409
|
+
}
|
|
410
|
+
async apiGet(url, resource, signal) {
|
|
411
|
+
return this.get(url, {
|
|
412
|
+
resource,
|
|
413
|
+
headers: {
|
|
414
|
+
Authorization: `Bearer ${this.creds.apiKey}`,
|
|
415
|
+
Accept: "application/json",
|
|
416
|
+
"User-Agent": connectorUserAgent("drata")
|
|
417
|
+
},
|
|
418
|
+
signal
|
|
419
|
+
});
|
|
420
|
+
}
|
|
421
|
+
buildListUrl(path, cursor, extra) {
|
|
422
|
+
const u = new URL(`${this.baseUrl()}${path}`);
|
|
423
|
+
u.searchParams.set("limit", String(PAGE_SIZE));
|
|
424
|
+
if (cursor) {
|
|
425
|
+
u.searchParams.set("cursor", cursor);
|
|
426
|
+
}
|
|
427
|
+
if (extra) {
|
|
428
|
+
for (const [k, v] of Object.entries(extra)) {
|
|
429
|
+
u.searchParams.set(k, v);
|
|
430
|
+
}
|
|
431
|
+
}
|
|
432
|
+
return u.toString();
|
|
433
|
+
}
|
|
434
|
+
nextCursor(pagination) {
|
|
435
|
+
if (!pagination) {
|
|
436
|
+
return null;
|
|
437
|
+
}
|
|
438
|
+
if (pagination.hasMore === false) {
|
|
439
|
+
return null;
|
|
440
|
+
}
|
|
441
|
+
return pagination.nextCursor ?? null;
|
|
442
|
+
}
|
|
443
|
+
async fetchControlsPage(cursor, signal) {
|
|
444
|
+
const url = this.buildListUrl("/v1/controls", cursor);
|
|
445
|
+
const res = await this.apiGet(url, "controls", signal);
|
|
446
|
+
return {
|
|
447
|
+
items: res.body.data,
|
|
448
|
+
next: this.nextCursor(res.body.pagination)
|
|
449
|
+
};
|
|
450
|
+
}
|
|
451
|
+
async fetchTestsPage(cursor, signal) {
|
|
452
|
+
const url = this.buildListUrl("/v1/tests", cursor);
|
|
453
|
+
const res = await this.apiGet(url, "tests", signal);
|
|
454
|
+
return {
|
|
455
|
+
items: res.body.data,
|
|
456
|
+
next: this.nextCursor(res.body.pagination)
|
|
457
|
+
};
|
|
458
|
+
}
|
|
459
|
+
async fetchPersonnelPage(cursor, signal) {
|
|
460
|
+
const url = this.buildListUrl("/v1/personnel", cursor);
|
|
461
|
+
const res = await this.apiGet(url, "personnel", signal);
|
|
462
|
+
return {
|
|
463
|
+
items: res.body.data,
|
|
464
|
+
next: this.nextCursor(res.body.pagination)
|
|
465
|
+
};
|
|
466
|
+
}
|
|
467
|
+
findingsSinceIso(options) {
|
|
468
|
+
if (options.since) {
|
|
469
|
+
return options.since;
|
|
470
|
+
}
|
|
471
|
+
const lookback = this.settings.findingsLookbackDays ?? DEFAULT_FINDINGS_LOOKBACK_DAYS;
|
|
472
|
+
const since = new Date(Date.now() - lookback * 24 * 60 * 60 * 1e3);
|
|
473
|
+
return since.toISOString();
|
|
474
|
+
}
|
|
475
|
+
async fetchFindingsPage(cursor, options, signal) {
|
|
476
|
+
const url = this.buildListUrl("/v1/findings", cursor, {
|
|
477
|
+
createdAfter: this.findingsSinceIso(options)
|
|
478
|
+
});
|
|
479
|
+
const res = await this.apiGet(url, "findings", signal);
|
|
480
|
+
return {
|
|
481
|
+
items: res.body.data,
|
|
482
|
+
next: this.nextCursor(res.body.pagination)
|
|
483
|
+
};
|
|
484
|
+
}
|
|
485
|
+
async writeControls(storage, items) {
|
|
486
|
+
for (const c of items) {
|
|
487
|
+
const { primary, list } = normalizeFrameworks(c);
|
|
488
|
+
const status = typeof c.status === "string" && isControlStatus(c.status) ? c.status : c.status ?? null;
|
|
489
|
+
const updatedMs = parseEpoch(c.updatedAt ?? null, "iso") ?? parseEpoch(c.lastEvaluatedAt ?? null, "iso") ?? parseEpoch(c.createdAt ?? null, "iso") ?? 0;
|
|
490
|
+
await storage.entity({
|
|
491
|
+
type: CONTROL_ENTITY,
|
|
492
|
+
id: c.id,
|
|
493
|
+
attributes: {
|
|
494
|
+
name: c.name ?? null,
|
|
495
|
+
status,
|
|
496
|
+
framework: primary,
|
|
497
|
+
frameworks: list,
|
|
498
|
+
lastEvaluated: parseEpoch(c.lastEvaluatedAt ?? null, "iso")
|
|
499
|
+
},
|
|
500
|
+
updated_at: updatedMs
|
|
501
|
+
});
|
|
502
|
+
}
|
|
503
|
+
}
|
|
504
|
+
async writeTests(storage, items) {
|
|
505
|
+
for (const t of items) {
|
|
506
|
+
const controlIds = controlIdsForTest(t);
|
|
507
|
+
const status = typeof t.status === "string" && isTestStatus(t.status) ? t.status : t.status ?? null;
|
|
508
|
+
const updatedMs = parseEpoch(t.updatedAt ?? null, "iso") ?? parseEpoch(t.lastTestedAt ?? null, "iso") ?? parseEpoch(t.createdAt ?? null, "iso") ?? 0;
|
|
509
|
+
await storage.entity({
|
|
510
|
+
type: TEST_ENTITY,
|
|
511
|
+
id: t.id,
|
|
512
|
+
attributes: {
|
|
513
|
+
name: t.name ?? null,
|
|
514
|
+
status,
|
|
515
|
+
controlId: controlIds[0] ?? null,
|
|
516
|
+
controlCount: controlIds.length,
|
|
517
|
+
evidenceCount: t.evidenceCount ?? null,
|
|
518
|
+
lastTested: parseEpoch(t.lastTestedAt ?? null, "iso")
|
|
519
|
+
},
|
|
520
|
+
updated_at: updatedMs
|
|
521
|
+
});
|
|
522
|
+
}
|
|
523
|
+
}
|
|
524
|
+
async writePersonnel(storage, items) {
|
|
525
|
+
for (const p of items) {
|
|
526
|
+
const updatedMs = parseEpoch(p.updatedAt ?? null, "iso") ?? parseEpoch(p.trainingCompletedAt ?? null, "iso") ?? parseEpoch(p.createdAt ?? null, "iso") ?? 0;
|
|
527
|
+
await storage.entity({
|
|
528
|
+
type: PERSONNEL_ENTITY,
|
|
529
|
+
id: p.id,
|
|
530
|
+
attributes: {
|
|
531
|
+
email: p.email ?? null,
|
|
532
|
+
name: personnelFullName(p),
|
|
533
|
+
role: p.role ?? null,
|
|
534
|
+
employmentStatus: p.employmentStatus ?? null,
|
|
535
|
+
trainingStatus: p.trainingStatus ?? null,
|
|
536
|
+
trainingCompleted: parseEpoch(p.trainingCompletedAt ?? null, "iso"),
|
|
537
|
+
startDate: parseEpoch(p.startDate ?? null, "iso")
|
|
538
|
+
},
|
|
539
|
+
updated_at: updatedMs
|
|
540
|
+
});
|
|
541
|
+
}
|
|
542
|
+
}
|
|
543
|
+
async writeFindings(storage, items, sinceMs) {
|
|
544
|
+
for (const f of items) {
|
|
545
|
+
const ts = parseEpoch(f.createdAt, "iso");
|
|
546
|
+
if (ts === null) {
|
|
547
|
+
continue;
|
|
548
|
+
}
|
|
549
|
+
if (sinceMs !== null && ts < sinceMs) {
|
|
550
|
+
continue;
|
|
551
|
+
}
|
|
552
|
+
const severity = typeof f.severity === "string" && isFindingSeverity(f.severity) ? f.severity : f.severity ?? null;
|
|
553
|
+
const resolvedMs = parseEpoch(f.resolvedAt ?? null, "iso");
|
|
554
|
+
await storage.event({
|
|
555
|
+
name: FINDING_EVENT,
|
|
556
|
+
start_ts: ts,
|
|
557
|
+
end_ts: resolvedMs,
|
|
558
|
+
attributes: {
|
|
559
|
+
findingId: f.id,
|
|
560
|
+
severity,
|
|
561
|
+
status: f.status ?? null,
|
|
562
|
+
testId: f.testId ?? null,
|
|
563
|
+
controlId: f.controlId ?? null,
|
|
564
|
+
resolvedAt: resolvedMs
|
|
565
|
+
}
|
|
566
|
+
});
|
|
567
|
+
}
|
|
568
|
+
}
|
|
569
|
+
async writePhase(storage, phase, items, sinceMs) {
|
|
570
|
+
switch (phase) {
|
|
571
|
+
case "controls":
|
|
572
|
+
return this.writeControls(storage, items);
|
|
573
|
+
case "tests":
|
|
574
|
+
return this.writeTests(storage, items);
|
|
575
|
+
case "personnel":
|
|
576
|
+
return this.writePersonnel(storage, items);
|
|
577
|
+
case "findings":
|
|
578
|
+
return this.writeFindings(storage, items, sinceMs);
|
|
579
|
+
}
|
|
580
|
+
}
|
|
581
|
+
async clearScopeOnFirstPage(storage, phase, isFull) {
|
|
582
|
+
switch (phase) {
|
|
583
|
+
case "controls":
|
|
584
|
+
await storage.entities([], { types: [CONTROL_ENTITY] });
|
|
585
|
+
return;
|
|
586
|
+
case "tests":
|
|
587
|
+
await storage.entities([], { types: [TEST_ENTITY] });
|
|
588
|
+
return;
|
|
589
|
+
case "personnel":
|
|
590
|
+
await storage.entities([], { types: [PERSONNEL_ENTITY] });
|
|
591
|
+
return;
|
|
592
|
+
case "findings":
|
|
593
|
+
if (isFull) {
|
|
594
|
+
await storage.events([], { names: [FINDING_EVENT] });
|
|
595
|
+
}
|
|
596
|
+
return;
|
|
597
|
+
}
|
|
598
|
+
}
|
|
599
|
+
resolveCursor(cursor) {
|
|
600
|
+
return isDrataSyncCursor(cursor) ? cursor : void 0;
|
|
601
|
+
}
|
|
602
|
+
async sync(options, storage, signal) {
|
|
603
|
+
const cursor = this.resolveCursor(options.cursor);
|
|
604
|
+
const isFull = options.mode === "full";
|
|
605
|
+
const phases = selectActivePhases(
|
|
606
|
+
(r) => r,
|
|
607
|
+
PHASE_ORDER,
|
|
608
|
+
this.settings.resources
|
|
609
|
+
);
|
|
610
|
+
const sinceMs = options.since ? Date.parse(options.since) : null;
|
|
611
|
+
return paginateChunked({
|
|
612
|
+
phases,
|
|
613
|
+
cursor,
|
|
614
|
+
signal,
|
|
615
|
+
logger: this.logger,
|
|
616
|
+
fetchPage: async (phase, page, sig) => {
|
|
617
|
+
switch (phase) {
|
|
618
|
+
case "controls":
|
|
619
|
+
return this.fetchControlsPage(page, sig);
|
|
620
|
+
case "tests":
|
|
621
|
+
return this.fetchTestsPage(page, sig);
|
|
622
|
+
case "personnel":
|
|
623
|
+
return this.fetchPersonnelPage(page, sig);
|
|
624
|
+
case "findings":
|
|
625
|
+
return this.fetchFindingsPage(page, options, sig);
|
|
626
|
+
}
|
|
627
|
+
},
|
|
628
|
+
writeBatch: async (phase, items, page) => {
|
|
629
|
+
if (page === null) {
|
|
630
|
+
await this.clearScopeOnFirstPage(storage, phase, isFull);
|
|
631
|
+
}
|
|
632
|
+
await this.writePhase(
|
|
633
|
+
storage,
|
|
634
|
+
phase,
|
|
635
|
+
items,
|
|
636
|
+
phase === "findings" ? sinceMs : null
|
|
637
|
+
);
|
|
638
|
+
}
|
|
639
|
+
});
|
|
640
|
+
}
|
|
641
|
+
};
|
|
642
|
+
|
|
643
|
+
// src/index.ts
|
|
644
|
+
var index_default = DrataConnector;
|
|
645
|
+
export {
|
|
646
|
+
DrataConnector,
|
|
647
|
+
configFields,
|
|
648
|
+
index_default as default,
|
|
649
|
+
doc,
|
|
650
|
+
id,
|
|
651
|
+
drataResources as resources
|
|
652
|
+
};
|
|
653
|
+
//# sourceMappingURL=index.js.map
|