salesforce
diff --git a/‎.editorconfig
+1-1 b/‎.editorconfig
+1-1
diff --git a/‎.env.development
+2 b/‎.env.development
+2
diff --git a/‎.env.production
+2 b/‎.env.production
+2
diff --git a/‎.github/workflows/nodejs-test.yml
+26 b/‎.github/workflows/nodejs-test.yml
+26
diff --git a/‎.gitignore
+31-1 b/‎.gitignore
+31-1
diff --git a/‎MANIFEST.in
+3 b/‎MANIFEST.in
+3
diff --git a/‎README.md
+23-25 b/‎README.md
+23-25
diff --git a/‎babel.config.js
+5 b/‎babel.config.js
+5
diff --git a/‎cloudsplaining/command/scan.py
+10-10 b/‎cloudsplaining/command/scan.py
+10-10
diff --git a/‎cloudsplaining/output/__init__.py
-4 b/‎cloudsplaining/output/__init__.py
-4
diff --git a/‎cloudsplaining/output/dist/index.bundle.js
+2 b/‎cloudsplaining/output/dist/index.bundle.js
+2
diff --git a/‎cloudsplaining/output/dist/index.html
+6 b/‎cloudsplaining/output/dist/index.html
+6
@@ -36,7 +36,7 @@ indent_size = 2
 
 # Web Files
 [*.{htm,html,js,jsm,ts,tsx,css,sass,scss,less,svg,vue}]
-indent_size = 2
+indent_size = 4
 end_of_line = lf
 
 # Bash Files
 
@@ -0,0 +1,2 @@
+VUE_APP_TITLE=Cloudsplaining (development)
+NODE_ENV=development
@@ -0,0 +1,2 @@
+VUE_APP_TITLE=Cloudsplaining
+NODE_ENV=production
@@ -0,0 +1,26 @@
+# .github/workflows/nodejs-test.yml
+
+name: Node.js CI
+
+on: [push, pull_request]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [12.x, 14.x]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node-version }}
+    - run: npm install
+    - run: npm run build --if-present
+    - run: npm test
+      env:
+        CI: true
@@ -9,8 +9,10 @@ default-iam-report.csv
 private/default-iam-results.json
 default-results-summary.csv
 iam-new-principal-policy-mapping-example.json
+iam-findings-example.json
 private/*
 current.json
+TODO.md
 
 venv
 Pipfile.lock
@@ -28,6 +30,34 @@ fake.html
 ## ReadTheDocs
 site/
 
+.DS_Store
+node_modules
+venv/*
+
+private.html
+
+*.js.map
+
+# local env files
+.env.local
+.env.*.local
+
+# Log files
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# Editor directories and files
+.idea
+.vscode
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+
+
 ##### HashiCorp #####
 #### Terraform
 #  Local .terraform directories
@@ -116,7 +146,7 @@ __pycache__/
 .Python
 build/
 develop-eggs/
-dist/
+/dist/
 downloads/
 eggs/
 .eggs/
 
@@ -1,3 +1,6 @@
 recursive-include cloudsplaining/shared *.yml
 recursive-include cloudsplaining/output *.html
+recursive-include cloudsplaining/output *.js
+recursive-include cloudsplaining/output *.vue
+recursive-include cloudsplaining/output *.png
 recursive-include cloudsplaining/output *.md
@@ -94,6 +94,29 @@ pip3 install --user cloudsplaining
 
 * Now you should be able to execute `cloudsplaining` from command line by running `cloudsplaining --help`.
 
+### Scanning a single IAM policy
+
+You can also scan a single policy file to identify risks instead of an entire account.
+
+```bash
+cloudsplaining scan-policy-file --input-file examples/policies/explicit-actions.json
+```
+
+The output will include a finding description and a list of the IAM actions that do not leverage resource constraints.
+
+The output will resemble the following:
+
+```console
+Issue found: Data Exfiltration
+Actions: s3:GetObject
+
+Issue found: Resource Exposure
+Actions: ecr:DeleteRepositoryPolicy, ecr:SetRepositoryPolicy, s3:BypassGovernanceRetention, s3:DeleteAccessPointPolicy, s3:DeleteBucketPolicy, s3:ObjectOwnerOverrideToBucketOwner, s3:PutAccessPointPolicy, s3:PutAccountPublicAccessBlock, s3:PutBucketAcl, s3:PutBucketPolicy, s3:PutBucketPublicAccessBlock, s3:PutObjectAcl, s3:PutObjectVersionAcl
+
+Issue found: Unrestricted Infrastructure Modification
+Actions: ecr:BatchDeleteImage, ecr:CompleteLayerUpload, ecr:CreateRepository, ecr:DeleteLifecyclePolicy, ecr:DeleteRepository, ecr:DeleteRepositoryPolicy, ecr:InitiateLayerUpload, ecr:PutImage, ecr:PutImageScanningConfiguration, ecr:PutImageTagMutability, ecr:PutLifecyclePolicy, ecr:SetRepositoryPolicy, ecr:StartImageScan, ecr:StartLifecyclePolicyPreview, ecr:TagResource, ecr:UntagResource, ecr:UploadLayerPart, s3:AbortMultipartUpload, s3:BypassGovernanceRetention, s3:CreateAccessPoint, s3:CreateBucket, s3:DeleteAccessPoint, s3:DeleteAccessPointPolicy, s3:DeleteBucket, s3:DeleteBucketPolicy, s3:DeleteBucketWebsite, s3:DeleteObject, s3:DeleteObjectTagging, s3:DeleteObjectVersion, s3:DeleteObjectVersionTagging, s3:GetObject, s3:ObjectOwnerOverrideToBucketOwner, s3:PutAccelerateConfiguration, s3:PutAccessPointPolicy, s3:PutAnalyticsConfiguration, s3:PutBucketAcl, s3:PutBucketCORS, s3:PutBucketLogging, s3:PutBucketNotification, s3:PutBucketObjectLockConfiguration, s3:PutBucketPolicy, s3:PutBucketPublicAccessBlock, s3:PutBucketRequestPayment, s3:PutBucketTagging, s3:PutBucketVersioning, s3:PutBucketWebsite, s3:PutEncryptionConfiguration, s3:PutInventoryConfiguration, s3:PutLifecycleConfiguration, s3:PutMetricsConfiguration, s3:PutObject, s3:PutObjectAcl, s3:PutObjectLegalHold, s3:PutObjectRetention, s3:PutObjectTagging, s3:PutObjectVersionAcl, s3:PutObjectVersionTagging, s3:PutReplicationConfiguration, s3:ReplicateDelete, s3:ReplicateObject, s3:ReplicateTags, s3:RestoreObject, s3:UpdateJobPriority, s3:UpdateJobStatus
+
+```
 
 ### Scanning an entire AWS Account
 
@@ -242,31 +265,6 @@ cloudsplaining scan --exclusions-file exclusions.yml --input-file examples/files
 ```
 
 
-### Scanning a single policy
-
-You can also scan a single policy file to identify risks instead of an entire account.
-
-```bash
-cloudsplaining scan-policy-file --input-file examples/policies/explicit-actions.json
-```
-
-The output will include a finding description and a list of the IAM actions that do not leverage resource constraints.
-
-The output will resemble the following:
-
-```console
-Issue found: Data Exfiltration
-Actions: s3:GetObject
-
-Issue found: Resource Exposure
-Actions: ecr:DeleteRepositoryPolicy, ecr:SetRepositoryPolicy, s3:BypassGovernanceRetention, s3:DeleteAccessPointPolicy, s3:DeleteBucketPolicy, s3:ObjectOwnerOverrideToBucketOwner, s3:PutAccessPointPolicy, s3:PutAccountPublicAccessBlock, s3:PutBucketAcl, s3:PutBucketPolicy, s3:PutBucketPublicAccessBlock, s3:PutObjectAcl, s3:PutObjectVersionAcl
-
-Issue found: Unrestricted Infrastructure Modification
-Actions: ecr:BatchDeleteImage, ecr:CompleteLayerUpload, ecr:CreateRepository, ecr:DeleteLifecyclePolicy, ecr:DeleteRepository, ecr:DeleteRepositoryPolicy, ecr:InitiateLayerUpload, ecr:PutImage, ecr:PutImageScanningConfiguration, ecr:PutImageTagMutability, ecr:PutLifecyclePolicy, ecr:SetRepositoryPolicy, ecr:StartImageScan, ecr:StartLifecyclePolicyPreview, ecr:TagResource, ecr:UntagResource, ecr:UploadLayerPart, s3:AbortMultipartUpload, s3:BypassGovernanceRetention, s3:CreateAccessPoint, s3:CreateBucket, s3:DeleteAccessPoint, s3:DeleteAccessPointPolicy, s3:DeleteBucket, s3:DeleteBucketPolicy, s3:DeleteBucketWebsite, s3:DeleteObject, s3:DeleteObjectTagging, s3:DeleteObjectVersion, s3:DeleteObjectVersionTagging, s3:GetObject, s3:ObjectOwnerOverrideToBucketOwner, s3:PutAccelerateConfiguration, s3:PutAccessPointPolicy, s3:PutAnalyticsConfiguration, s3:PutBucketAcl, s3:PutBucketCORS, s3:PutBucketLogging, s3:PutBucketNotification, s3:PutBucketObjectLockConfiguration, s3:PutBucketPolicy, s3:PutBucketPublicAccessBlock, s3:PutBucketRequestPayment, s3:PutBucketTagging, s3:PutBucketVersioning, s3:PutBucketWebsite, s3:PutEncryptionConfiguration, s3:PutInventoryConfiguration, s3:PutLifecycleConfiguration, s3:PutMetricsConfiguration, s3:PutObject, s3:PutObjectAcl, s3:PutObjectLegalHold, s3:PutObjectRetention, s3:PutObjectTagging, s3:PutObjectVersionAcl, s3:PutObjectVersionTagging, s3:PutReplicationConfiguration, s3:ReplicateDelete, s3:ReplicateObject, s3:ReplicateTags, s3:RestoreObject, s3:UpdateJobPriority, s3:UpdateJobStatus
-
-```
-
-
 ## Cheatsheet
 
 ```bash
 
@@ -0,0 +1,5 @@
+module.exports = {
+  presets: [
+    '@vue/cli-plugin-babel/preset'
+  ]
+}
@@ -148,19 +148,20 @@ def scan_account_authorization_details(
         "resource constraints..."
     )
     check_authorization_details_schema(account_authorization_details_cfg)
-    authorization_details = AuthorizationDetails(account_authorization_details_cfg)
-    results = authorization_details.results(exclusions)
+    authorization_details = AuthorizationDetails(account_authorization_details_cfg, exclusions)
+    results = authorization_details.results
+
     # Lazy method to get an account ID
     account_id = None
     for role in results.get("roles"):
         if "arn:aws:iam::aws:" not in results["roles"][role]["arn"]:
             account_id = get_account_from_arn(results["roles"][role]["arn"])
             break
+
     html_report = HTMLReport(
         account_id=account_id,
         account_name=account_name,
         results=results,
-        exclusions_cfg=exclusions,
     )
     rendered_report = html_report.get_html_report()
 
@@ -169,14 +170,13 @@ def scan_account_authorization_details(
         if output_directory is None:
             output_directory = os.getcwd()
 
-        new_data = authorization_details.results(exclusions)
-        new_raw_data_file = os.path.join(output_directory, f"iam-new-principal-policy-mapping-{account_name}.json")
-        new_raw_data_filepath = write_results_data_file(new_data, new_raw_data_file)
-        print(f"Raw data file saved: {str(new_raw_data_filepath)}")
+        results_data_file = os.path.join(output_directory, f"iam-results-{account_name}.json")
+        results_data_filepath = write_results_data_file(authorization_details.results, results_data_file)
+        print(f"Results data saved: {str(results_data_filepath)}")
 
-        raw_data_file = os.path.join(output_directory, f"iam-results-{account_name}.json")
-        raw_data_filepath = write_results_data_file(results, raw_data_file)
-        print(f"Raw data file saved: {str(raw_data_filepath)}")
+        findings_data_file = os.path.join(output_directory, f"iam-findings-{account_name}.json")
+        findings_data_filepath = write_results_data_file(results, findings_data_file)
+        print(f"Findings data file saved: {str(findings_data_filepath)}")
 
     return rendered_report
 
 
@@ -1,4 +0,0 @@
-# pylint: disable=missing-module-docstring
-import logging
-
-logger = logging.getLogger(__name__)
@@ -0,0 +1,6 @@
+<!doctype html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Cloudsplaining report</title><link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css" integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous"><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-vue/2.16.0/bootstrap-vue.min.css" crossorigin="anonymous"/><script src="https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.12/vue.min.js" crossorigin="anonymous"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-vue/2.16.0/bootstrap-vue.min.js" crossorigin="anonymous"></script><script src="https://code.jquery.com/jquery-3.3.1.min.js"></script><script>var isLocalExample = true;
+        var account_id;
+        var account_name;
+        var report_generated_time;
+        var cloudsplaining_version;
+        var iam_data;</script></head><body><div id="app"></div><script src="js/chunk-vendors.js"></script><script src="index.bundle.js"></script></body><script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js" integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6" crossorigin="anonymous"></script></html>
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+VUE_APP_TITLE=Cloudsplaining (development)`
	`2`	`+NODE_ENV=development`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+VUE_APP_TITLE=Cloudsplaining`
	`2`	`+NODE_ENV=production`