feat: add comprehensive attack strategy system with technique prioritization#231
Merged
Conversation
**Added:** - Added comprehensive tests for `build_attack_chain`, including single-step, multi-step, cycle guard, missing ID, and domain admin chain scenarios in `operation.rs` - Added tests for formatting attack chains, covering empty, single-step, and multi-step cases **Changed:** - Expanded Kerberos hash extraction tests in `kerberos.rs` to cover multiple TGS entries, empty input, no-match cases, valid AS-REP extraction, and mixed TGS/AS-REP outputs - Updated existing Kerberos test function names for clarity and improved test organization **Removed:** - Removed redundant and less comprehensive Kerberos extraction tests, consolidating coverage into new and enhanced tests in `kerberos.rs`
…dules **Added:** - Added tests for grade boundary values, pass condition logic, investigation status, summary output, and dataset statistics in evaluation results - Added tests for delegation extraction handling of unknown types, short lines, missing headers, and separator-only input - Added tests for host extraction with blank lines, duplicate IPs, missing domain fields, and mixed-format lines - Added tests for secretsdump parsing covering all-empty hashes, malformed RIDs, uppercase hashes, whitespace handling, and krbtgt detection by RID - Added tests for share extraction with no access, write-only, status marker skipping, and ignoring non-SMB lines - Added test for parsing constrained delegation type with lowercase input in types module
…and token usage modules **Added:** - Added tests for EvaluationResult and DatasetEvaluationResult summary, value, and scoring logic, including edge cases and field coverage - ares-core/src/eval/results.rs - Added tests for Kerberos hash extraction, including whitespace and status line handling - ares-core/src/parsing/kerberos.rs - Added tests for NTLM hash extraction, krbtgt detection, hash normalization, and line wrapping - ares-core/src/parsing/ntlm.rs - Added tests for MITRE technique display and static map loading - ares-core/src/reports/mitre.rs - Added tests for model cost lookup, operation usage estimation, model field parsing, and key generation - ares-core/src/token_usage.rs
…d cost modules **Added:** - Unit tests for GapAnalysisReport markdown output, covering headers, IDs, gaps, recommendations, grouping, techniques, and summary - Unit tests for technique and vulnerability mapping logic, including requirement checks and default behaviors - Unit tests for EvaluationGroundTruth filtering and ExpectedTechnique matching logic - Unit tests for cost estimation logic, including known/unknown models, zero tokens, and mixed scenarios
…token usage modules **Added:** - Unit tests for the detection configuration, template lookup, MITRE mappings, and config structure in `detection/mod.rs` - Extensive serde roundtrip and default value tests for Host, Credential, Hash, Share, User, Target, and TrustInfo structs in `models/core.rs` - Unit tests for serialization, deserialization, and error handling for `TaskStatusRecord` in `models/task.rs` - Test for UUID v4 validity in `models/util.rs` - Unit tests for Redis key constants, key suffixes, and blue team key handling in `state/keys.rs` - Tests for blue token usage keys, cost estimation, model field parsing, and serialization in `token_usage.rs`
… and patterns **Added:** - Unit tests for `AlertCluster` covering alert addition, extraction logic, similarity scoring, and summary generation - Unit tests for `AlertCorrelator` verifying alert assignment, cluster retrieval, context, and reset behavior - Unit tests for `LateralGraph` validating connection handling, host investigation state, user collection, and summary - Unit tests for `LateralPatterns` regex matching and detection logic
…report modules **Added:** - Added comprehensive unit tests for `generate_executive_summary` and `RedTeamReportGenerator` in `ares-core/src/reports/redteam.rs` covering various summary scenarios and edge cases - Added default value and argument validation tests for configuration structs in `ares-llm/src/agent_loop/config.rs` - Added unit tests for context token estimation, message trimming, tool output truncation, and tool call detection logic in `ares-llm/src/agent_loop/context.rs` - Added tests for hashing determinism, edge cases, and input variations in `ares-llm/src/agent_loop/retry.rs` - Added unit tests for argument parsing utility functions in `ares-tools/src/args.rs` including required/optional string, integer, and boolean extraction with error handling - Added tests for credential string generation and argument formatting functions in `ares-tools/src/credentials.rs`, covering all supported input combinations and edge cases
**Added:** - Implemented unit tests for detection gap analysis functions, including coverage for IOC and technique gap descriptions, summary generation, and recommendations - `ares-core/src/eval/gap_analysis/analysis.rs` - Added extensive unit tests for scoring logic, covering IOC detection, technique coverage, pyramid elevation, evidence quality, timeline accuracy, matching functions, and overall scoring - `ares-core/src/eval/scorers/scoring.rs`
…erage **Added:** - Added public test-only wrapper for `calculate_technique_coverage` to facilitate unit testing in `engine.rs` - Introduced extensive tests for key matching, recommendation, gap reasons, match quality, and correlation scenarios in `tests.rs` - Added new module with unit tests for activity and detection keys, match quality, and `CorrelationReport::to_value` in `types.rs`
**Added:** - Added unit tests for `looks_like_hostname` and `LateralMovementAnalyzer` methods, covering hostname validation, graph creation, host extraction, attack path, and pivot suggestions in `analyzer.rs` - Added comprehensive unit tests for `generate_report_markdown` in `report.rs`, including metrics, assessment levels, section presence, recommendations, and edge cases
**Changed:** - Renamed test functions across multiple modules to concise, descriptive names that reflect their behavior rather than using the `test_` prefix, improving test discoverability and consistency with Rust idioms - Removed redundant or explanatory comments within test bodies that restated obvious behavior or implementation details, resulting in cleaner and more maintainable test code - Grouped assertions and related checks in some tests to reduce repetition and streamline code, especially where multiple `Default` checks were previously split into separate tests - Ensured all test functions use lowercase with underscores as per Rust conventions for improved readability
**Changed:** - Renamed all test functions to remove the "test_" prefix for consistency and brevity across the codebase - Updated function calls and references accordingly in test modules - Improved code readability by standardizing test function naming conventions
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #231 +/- ##
==========================================
+ Coverage 56.69% 58.91% +2.21%
==========================================
Files 382 383 +1
Lines 65001 67884 +2883
==========================================
+ Hits 36850 39991 +3141
+ Misses 28151 27893 -258 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…rror handling **Added:** - Add test to verify that templates_for_connection_type returns entries for "smb" connection type **Changed:** - Simplify error handling in find_template tests by replacing unwrap_or_else with expect for clearer intent and improved readability
**Changed:**
- Removed decorative separator comments (lines of dashes or similar) from test modules in multiple files to improve readability and reduce noise
- Replaced multi-line unwrap/assert chains in tests with explicit expect messages for clarity in ares-core/src/token_usage.rs, ares-core/src/correlation/alert/correlator.rs, ares-cli/src/orchestrator/automation/shadow_credentials.rs, and ares-cli/src/orchestrator/automation/unconstrained.rs
**Removed:**
- Removed comment blocks delineating test case groups in test modules across the following files:
- ares-cli/src/ops/loot/format/display.rs
- ares-cli/src/orchestrator/automation/adcs_exploitation.rs
- ares-cli/src/orchestrator/automation/gmsa.rs
- ares-cli/src/orchestrator/automation/laps.rs
- ares-cli/src/orchestrator/automation/s4u.rs
- ares-cli/src/orchestrator/automation/shadow_credentials.rs
- ares-cli/src/orchestrator/automation/unconstrained.rs
- ares-cli/src/orchestrator/deferred.rs
- ares-core/src/persistent_store/store.rs
- ares-tools/src/credentials.rs
**Removed:** - Removed commented section banners delineating test areas in test files to improve readability and reduce noise in `ares-cli/src/dedup/tests.rs`, `ares-cli/src/orchestrator/result_processing/tests.rs`, and `ares-tools/src/privesc/delegation.rs`
**Changed:** - Renamed all test functions to remove the `test_` prefix, making test names idiomatic and concise across all modules and files - Ensured all test function names now use the pattern `fn <descriptive_name>()` for improved readability and consistency
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
Added:
Strategystruct with YAML, JSON, and env var resolution for technique weights, excludes, includes, and continue_after_da logic (ares-cli/src/orchestrator/strategy.rs)ares-llm/templates/redteam/agents/system_instructions.md.tera,ares-llm/src/prompt/templates.rs)ares-cli/src/orchestrator/automation/adcs_exploitation.rs)ares-cli/src/orchestrator/automation/shadow_credentials.rs)ares-cli/src/orchestrator/automation/rbcd.rs)ares-cli/src/orchestrator/automation/gpo.rs)ares-cli/src/orchestrator/automation/laps.rs)ares-cli/src/orchestrator/automation/mssql_exploitation.rs)ares-cli/src/orchestrator/automation/credential_reuse.rs)docs/strategy.mdand detailed GOAD attack surface checklist (docs/goad-checklist.md)Changed:
is_technique_allowedand useseffective_priorityfrom the active strategy in all dispatches (ares-cli/src/orchestrator/automation/,ares-cli/src/orchestrator/exploitation.rs).take()limits)ares-cli/src/orchestrator/config.rs)ares-cli/src/orchestrator/llm_runner.rs)ares-llm/src/prompt/templates.rs)ares-cli/src/orchestrator/automation/mod.rs,ares-cli/src/orchestrator/automation_spawner.rs)Removed:
ares-rust-*template directories fromwarpgate-templates(superseded by new unified agent templates).taskfiles/ec2/Taskfile.yaml,README.md, etc.)