Skip to content

feat: enforce operation scope for tool invocations and improve credential attribution#272

Merged
l50 merged 2 commits into
mainfrom
fix/scope-enforcement-and-secretsdump-attribution
May 10, 2026
Merged

feat: enforce operation scope for tool invocations and improve credential attribution#272
l50 merged 2 commits into
mainfrom
fix/scope-enforcement-and-secretsdump-attribution

Conversation

@l50
Copy link
Copy Markdown
Contributor

@l50 l50 commented May 10, 2026

Key Changes:

  • Enforced operation scope on all single-IP tool invocations to prevent out-of-scope attacks
  • Added robust parsing and normalization for FQDNs and SAM/NTDS credential dumps
  • Improved attribution logic for secretsdump/nxc output to prevent domain pollution
  • Introduced new ares_tools::scope module with comprehensive tests

Added:

  • Operation scope enforcement system (ares_tools::scope) that restricts tool invocations to explicitly authorized IPs; includes OperationScope struct, scope initialization, and validation logic
  • Automatic operation scope initialization in both orchestrator and worker startup, rejecting unauthorized single-IP tool executions before any subprocess runs
  • Comprehensive unit tests for the new scope system, including environment variable parsing and edge cases
  • FQDN normalization function in the Nmap parser to collapse adjacent duplicate labels, preventing malformed hostnames from polluting recon output
  • Extensive tests for deduplication of FQDN labels and correct hostname extraction in Nmap parsing
  • Additional secretsdump/nxc output parsing tests for local SAM markers, computer name prefix stripping, and machine account domain attribution

Changed:

  • Tool dispatch logic now validates operation scope on every call, rejecting out-of-scope single-IP targets before execution
  • Nmap output parser now normalizes FQDNs by collapsing duplicated leading labels, improving the accuracy of host attribution
  • Secretsdump parser now recognizes both impacket and nxc/netexec SAM section markers, strips local computer name prefixes in the SAM section, and defaults to local SAM attribution for unmarked sections except for known domain-only accounts
  • Enhanced secretsdump credential attribution to avoid leaking local-only users into the operator's AD domain scope, with safer defaults and more precise handling of machine accounts and krbtgt

Removed:

  • Prior behavior that allowed single-IP tool invocations against any target, regardless of operation scope
  • Legacy logic in secretsdump parser that attributed unmarked accounts to the AD domain by default, which risked domain pollution from local-only users

@l50
feat: enforce operation scope for single-IP tool invocations and impr…
7e60ac2 
…ove SAM/domain parsing

**Added:**

- Enforced operation scope for single-IP tool calls by installing `ares_tools::scope` in orchestrator and worker entrypoints
- Introduced `ares-tools::scope` module to restrict tool calls to authorized IPs, with environment-driven configuration and validation logic
- Added `scope::validate_in_scope` check to tool dispatch to reject out-of-scope targets before execution
- Implemented deduplication of adjacent labels in FQDNs during nmap parsing to clean up self-named workgroup hostnames
- Added comprehensive tests for operation scope logic, FQDN deduplication, and secrets parsing behaviors

**Changed:**

- Updated nmap output parser to collapse duplicate first labels in FQDNs, preventing malformed hostnames from propagating
- Improved secretsdump parser to recognize both impacket and nxc/netexec SAM section markers, ensuring correct attribution of local users
- Refined logic for distinguishing between local SAM and domain accounts in secretsdump parser:
  - Default to local SAM for unmarked sections unless the user is a machine account or krbtgt
  - In local SAM sections, always strip computer name prefix from usernames, preventing accidental domain attribution
  - Provided additional tests for edge cases involving SAM, domain, and machine account handling

**Removed:**

- Eliminated silent inheritance of `target_domain` for unmarked custom user rows in secretsdump parser to prevent local users from being attributed to AD scope
@codecov
Copy link
Copy Markdown

codecov Bot commented May 10, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 96.10390% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.06%. Comparing base (adee1a1) to head (1156c3b).

Files with missing lines Patch % Lines
ares-cli/src/orchestrator/mod.rs 0.00% 6 Missing ⚠️
ares-cli/src/worker/tool_executor.rs 0.00% 5 Missing ⚠️
ares-tools/src/parsers/secrets.rs 98.21% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #272      +/-   ##
==========================================
+ Coverage   75.99%   76.06%   +0.06%     
==========================================
  Files         386      387       +1     
  Lines       84059    84347     +288     
==========================================
+ Hits        63881    64157     +276     
- Misses      20178    20190      +12
Files with missing lines Coverage Δ
ares-tools/src/lib.rs 98.67% <100.00%> (+<0.01%) ⬆️
ares-tools/src/parsers/nmap.rs 99.73% <100.00%> (+0.02%) ⬆️
ares-tools/src/scope.rs 100.00% <100.00%> (ø)
ares-tools/src/parsers/secrets.rs 98.52% <98.21%> (-0.14%) ⬇️
ares-cli/src/worker/tool_executor.rs 73.61% <0.00%> (-0.69%) ⬇️
ares-cli/src/orchestrator/mod.rs 0.00% <0.00%> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@l50
refactor: improve operation scope install and validation interfaces
1156c3b 
**Added:**

- Add `OperationScope::from_raw` for direct payload parsing without environment access
- Add `install_from_env` to atomically read and install operation scope from environment, returning the installed scope for logging and testability
- Add `validate_against` for pure validation against arbitrary scopes, decoupling from global state for testability
- Expand tests to cover `from_raw`, `install_from_env`, and validation edge cases with more granular checks

**Changed:**

- Update orchestrator and worker startup to use the new scope install/parse helpers, improving clarity and testability
- Refactor `validate_in_scope` to delegate to `validate_against` for better separation of concerns
- Refactor existing scope parsing logic to use `from_raw` and streamline environment handling
- Improve test coverage and structure for scope parsing and validation

**Removed:**

- Remove redundant call to `init_scope` in worker tool executor, now handled by `install_from_env`
@l50 l50 merged commit 2cb9af0 into main May 10, 2026
11 checks passed
@l50 l50 deleted the fix/scope-enforcement-and-secretsdump-attribution branch May 10, 2026 03:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@l50