feat: add automatic SID history enumeration and vulnerability detection#280
Merged
Conversation
**Added:** - Implement automated SID history enumeration via LDAP for users carrying foreign-domain SIDs in `sid_history_enum` - Add `auto_sid_history_enum` to the automation task spawner for periodic execution - Introduce deduplication set `DEDUP_SID_HISTORY` to prevent redundant SID history probes - Provide comprehensive unit tests for SID history enumeration logic, including parsing, deduplication, and work item collection **Changed:** - Update public re-exports and module inclusions to integrate `sid_history_enum` automation - Extend deduplication set lists and tests to include `DEDUP_SID_HISTORY`
l50
changed the title
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## feat/more-attack-cov #280 +/- ##
=======================================================
Coverage ? 76.33%
=======================================================
Files ? 433
Lines ? 113475
Branches ? 0
=======================================================
Hits ? 86625
Misses ? 26850
Partials ? 0
🚀 New features to boost your workflow:
|
**Changed:** - Refactored chaining of vectors in domain validation to remove redundant into_iter calls, improving code clarity and consistency in tool_dispatcher/domain_validator.rs
…dreadgoad-sid-history
…enum **Added:** - Added `build_sid_history_payload` function to construct LDAP search payloads for SID history enumeration, enabling unit testing of cross-domain logic - Added `build_sid_history_vuln` function to create `VulnerabilityInfo` objects for discovered principals, allowing format and field validation in isolation - Introduced targeted unit tests for `collect_sid_history_work` same-forest fallback, quarantine, credential filtering, payload field logic, and vulnerability info construction **Changed:** - Refactored `auto_sid_history_enum` to use the new `build_sid_history_payload` and `build_sid_history_vuln` helpers, reducing inline logic and improving testability - Replaced duplicated inline payload and vulnerability construction logic with calls to the new helper functions for clarity and maintainability
l50
pushed a commit
to l50/ares
that referenced
this pull request
May 18, 2026
…de#196) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [softprops/action-gh-release](https://redirect.github.com/softprops/action-gh-release) | action | major | `v2.2.2` → `v3.0.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>softprops/action-gh-release (softprops/action-gh-release)</summary> ### [`v3.0.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v3.0.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.6.2...v3.0.0) `3.0.0` is a major release that moves the action runtime from Node 20 to Node 24. Use `v3` on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on `v2.6.2`. #### What's Changed ##### Other Changes 🔄 - Move the action runtime and bundle target to Node 24 - Update `@types/node` to the Node 24 line and allow future Dependabot updates - Keep the floating major tag on `v3`; `v2` remains pinned to the latest `2.x` release ### [`v2.6.2`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.6.2) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.6.1...v2.6.2) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Other Changes 🔄 - chore(deps): bump picomatch from 4.0.3 to 4.0.4 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​775](https://redirect.github.com/softprops/action-gh-release/pull/775) - chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​777](https://redirect.github.com/softprops/action-gh-release/pull/777) - chore(deps): bump vite from 8.0.0 to 8.0.5 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​781](https://redirect.github.com/softprops/action-gh-release/pull/781) **Full Changelog**: <softprops/action-gh-release@v2...v2.6.2> ### [`v2.6.1`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.6.1) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.6.0...v2.6.1) `2.6.1` is a patch release focused on restoring linked discussion thread creation when `discussion_category_name` is set. It fixes `#764`, where the draft-first publish flow stopped carrying the discussion category through the final publish step. If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible. #### What's Changed ##### Bug fixes 🐛 - fix: preserve discussion category on publish by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​765](https://redirect.github.com/softprops/action-gh-release/pull/765) ### [`v2.6.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.6.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.5.3...v2.6.0) `2.6.0` is a minor release centered on `previous_tag` support for `generate_release_notes`, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a `working_directory` docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published. If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible. #### What's Changed ##### Exciting New Features 🎉 - feat: support previous\_tag for generate\_release\_notes by [@​pocesar](https://redirect.github.com/pocesar) in [#​372](https://redirect.github.com/softprops/action-gh-release/pull/372) ##### Bug fixes 🐛 - fix: recover concurrent asset metadata 404s by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​760](https://redirect.github.com/softprops/action-gh-release/pull/760) ##### Other Changes 🔄 - docs: clarify reused draft release behavior by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​759](https://redirect.github.com/softprops/action-gh-release/pull/759) - docs: clarify working\_directory input by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​761](https://redirect.github.com/softprops/action-gh-release/pull/761) - ci: verify dist bundle freshness by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​762](https://redirect.github.com/softprops/action-gh-release/pull/762) - fix: clarify immutable prerelease uploads by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​763](https://redirect.github.com/softprops/action-gh-release/pull/763) ### [`v2.5.3`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.5.3) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.5.2...v2.5.3) <!-- Release notes generated using configuration in .github/release.yml at master --> `2.5.3` is a patch release focused on the remaining path-handling and release-selection bugs uncovered after `2.5.2`. It fixes `#639`, `#571`, `dreadnode#280`, `#614`, `dreadnode#311`, `#403`, and `#368`. It also adds documentation clarifications for `#541`, `#645`, `#542`, `#393`, and `#411`, where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug. If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible. #### What's Changed ##### Bug fixes 🐛 - fix: prefer token input over GITHUB\_TOKEN by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​751](https://redirect.github.com/softprops/action-gh-release/pull/751) - fix: clean up duplicate drafts after canonicalization by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​753](https://redirect.github.com/softprops/action-gh-release/pull/753) - fix: support Windows-style file globs by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​754](https://redirect.github.com/softprops/action-gh-release/pull/754) - fix: normalize refs-tag inputs by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​755](https://redirect.github.com/softprops/action-gh-release/pull/755) - fix: expand tilde file paths by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​756](https://redirect.github.com/softprops/action-gh-release/pull/756) ##### Other Changes 🔄 - docs: clarify token precedence by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​752](https://redirect.github.com/softprops/action-gh-release/pull/752) - docs: clarify GitHub release limits by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​758](https://redirect.github.com/softprops/action-gh-release/pull/758) - documentation clarifications for empty-token handling, `preserve_order`, and special-character asset filename behavior **Full Changelog**: <softprops/action-gh-release@v2...v2.5.3> ### [`v2.5.2`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.5.2) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.5.1...v2.5.2) <!-- Release notes generated using configuration in .github/release.yml at master --> `2.5.2` is a patch release focused on the remaining release-creation and prerelease regressions in the `2.5.x` bug-fix cycle. It fixes `#705`, fixes `#708`, fixes `#740`, fixes `#741`, and fixes `#722`. Regression testing covers the shared-tag race, prerelease event behavior, dotfile asset labels, same-filename concurrent uploads, and blocked-tag cleanup behavior. If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible. #### What's Changed ##### Bug fixes 🐛 - fix: canonicalize releases after concurrent create by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​746](https://redirect.github.com/softprops/action-gh-release/pull/746) - fix: preserve prereleased events for prereleases by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​748](https://redirect.github.com/softprops/action-gh-release/pull/748) - fix: restore dotfile asset labels by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​749](https://redirect.github.com/softprops/action-gh-release/pull/749) - fix: handle upload already\_exists races across workflows by [@​api2062](https://redirect.github.com/api2062) in [#​745](https://redirect.github.com/softprops/action-gh-release/pull/745) - fix: clean up orphan drafts when tag creation is blocked by [@​chenrui333](https://redirect.github.com/chenrui333) in [#​750](https://redirect.github.com/softprops/action-gh-release/pull/750) #### New Contributors - [@​api2062](https://redirect.github.com/api2062) made their first contribution in [#​745](https://redirect.github.com/softprops/action-gh-release/pull/745) **Full Changelog**: <softprops/action-gh-release@v2...v2.5.2> ### [`v2.5.1`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.5.1) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.5.0...v2.5.1) <!-- Release notes generated using configuration in .github/release.yml at master --> `2.5.1` is a patch release focused on regressions introduced in `2.5.0` and on release lookup reliability. It fixes `#713`, addresses `#703`, and fixes `#724`. Regression testing shows that current `master` no longer reproduces the finalize-race behavior reported in `#704` and `#709`. #### What's Changed ##### Bug fixes 🐛 - fix: fetch correct asset URL after finalization; test; some refactoring by [@​pzhlkj6612](https://redirect.github.com/pzhlkj6612) in [#​738](https://redirect.github.com/softprops/action-gh-release/pull/738) - fix: release marked as 'latest' despite make\_latest: false by [@​Boshen](https://redirect.github.com/Boshen) in [#​715](https://redirect.github.com/softprops/action-gh-release/pull/715) - fix: use getReleaseByTag API instead of iterating all releases by [@​kim-em](https://redirect.github.com/kim-em) in [#​725](https://redirect.github.com/softprops/action-gh-release/pull/725) ##### Other Changes 🔄 - dependency updates, including the ESM/runtime compatibility refresh in [#​731](https://redirect.github.com/softprops/action-gh-release/pull/731) #### New Contributors - [@​autarch](https://redirect.github.com/autarch) made their first contribution in [#​716](https://redirect.github.com/softprops/action-gh-release/pull/716) - [@​pzhlkj6612](https://redirect.github.com/pzhlkj6612) made their first contribution in [#​738](https://redirect.github.com/softprops/action-gh-release/pull/738) - [@​Boshen](https://redirect.github.com/Boshen) made their first contribution in [#​715](https://redirect.github.com/softprops/action-gh-release/pull/715) - [@​kim-em](https://redirect.github.com/kim-em) made their first contribution in [#​725](https://redirect.github.com/softprops/action-gh-release/pull/725) **Full Changelog**: <softprops/action-gh-release@v2...v2.5.1> ### [`v2.5.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.5.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.4.2...v2.5.0) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Exciting New Features 🎉 - feat: mark release as draft until all artifacts are uploaded by [@​dumbmoron](https://redirect.github.com/dumbmoron) in [#​692](https://redirect.github.com/softprops/action-gh-release/pull/692) ##### Other Changes 🔄 - chore(deps): bump the npm group across 1 directory with 5 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​697](https://redirect.github.com/softprops/action-gh-release/pull/697) - chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 in the github-actions group by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​689](https://redirect.github.com/softprops/action-gh-release/pull/689) #### New Contributors - [@​dumbmoron](https://redirect.github.com/dumbmoron) made their first contribution in [#​692](https://redirect.github.com/softprops/action-gh-release/pull/692) **Full Changelog**: <softprops/action-gh-release@v2.4.2...v2.5.0> ### [`v2.4.2`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.4.2) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.4.1...v2.4.2) #### What's Changed ##### Exciting New Features 🎉 - feat: Ensure generated release notes cannot be over 125000 characters by [@​BeryJu](https://redirect.github.com/BeryJu) in [#​684](https://redirect.github.com/softprops/action-gh-release/pull/684) ##### Other Changes 🔄 - dependency updates #### New Contributors - [@​BeryJu](https://redirect.github.com/BeryJu) made their first contribution in [#​684](https://redirect.github.com/softprops/action-gh-release/pull/684) **Full Changelog**: <softprops/action-gh-release@v2.4.1...v2.4.2> ### [`v2.4.1`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.4.1) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.4.0...v2.4.1) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Other Changes 🔄 - fix(util): support brace expansion globs containing commas in parseInputFiles by [@​Copilot](https://redirect.github.com/Copilot) in [#​672](https://redirect.github.com/softprops/action-gh-release/pull/672) - fix: gracefully fallback to body when body\_path cannot be read by [@​Copilot](https://redirect.github.com/Copilot) in [#​671](https://redirect.github.com/softprops/action-gh-release/pull/671) **Full Changelog**: <softprops/action-gh-release@v2...v2.4.1> ### [`v2.4.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.3.4...v2.4.0) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Exciting New Features 🎉 - feat(action): respect working\_directory for files globs by [@​stephenway](https://redirect.github.com/stephenway) in [#​667](https://redirect.github.com/softprops/action-gh-release/pull/667) ##### Other Changes 🔄 - chore(deps): bump the npm group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​668](https://redirect.github.com/softprops/action-gh-release/pull/668) **Full Changelog**: <softprops/action-gh-release@v2.3.4...v2.4.0> ### [`v2.3.4`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.3.4) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.3.3...v2.3.4) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Bug fixes 🐛 - fix(action): handle 422 already\_exists race condition by [@​stephenway](https://redirect.github.com/stephenway) in [#​665](https://redirect.github.com/softprops/action-gh-release/pull/665) ##### Other Changes 🔄 - chore(deps): bump actions/setup-node from 4.4.0 to 5.0.0 in the github-actions group by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​656](https://redirect.github.com/softprops/action-gh-release/pull/656) - chore(deps): bump [@​types/node](https://redirect.github.com/types/node) from 20.19.11 to 20.19.13 in the npm group by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​655](https://redirect.github.com/softprops/action-gh-release/pull/655) - chore(deps): bump vite from 7.0.0 to 7.1.5 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​657](https://redirect.github.com/softprops/action-gh-release/pull/657) - chore(deps): bump the npm group across 1 directory with 2 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​662](https://redirect.github.com/softprops/action-gh-release/pull/662) - chore(deps): bump the npm group with 3 updates by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​666](https://redirect.github.com/softprops/action-gh-release/pull/666) **Full Changelog**: <softprops/action-gh-release@v2...v2.3.4> ### [`v2.3.3`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.3.3) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.3.2...v2.3.3) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Exciting New Features 🎉 - feat: add input option `overwrite_files` by [@​asfernandes](https://redirect.github.com/asfernandes) in [#​343](https://redirect.github.com/softprops/action-gh-release/pull/343) ##### Other Changes 🔄 - dependency updates #### New Contributors - [@​asfernandes](https://redirect.github.com/asfernandes) made their first contribution in [#​343](https://redirect.github.com/softprops/action-gh-release/pull/343) **Full Changelog**: <softprops/action-gh-release@v2...v2.3.3> ### [`v2.3.2`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.3.2) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.3.1...v2.3.2) - fix: revert fs `readableWebStream` change ### [`v2.3.1`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.3.1) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.3.0...v2.3.1) <!-- Release notes generated using configuration in .github/release.yml at master --> #### What's Changed ##### Bug fixes 🐛 - fix: fix file closing issue by [@​WailGree](https://redirect.github.com/WailGree) in [#​629](https://redirect.github.com/softprops/action-gh-release/pull/629) #### New Contributors - [@​WailGree](https://redirect.github.com/WailGree) made their first contribution in [#​629](https://redirect.github.com/softprops/action-gh-release/pull/629) **Full Changelog**: <softprops/action-gh-release@v2.3.0...v2.3.1> ### [`v2.3.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.3.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.2.2...v2.3.0) <!-- Release notes generated using configuration in .github/release.yml at master --> - Migrate from jest to vitest - Replace `mime` with `mime-types` - Bump to use node 24 - Dependency updates **Full Changelog**: <softprops/action-gh-release@v2.2.2...v2.3.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMjMuMyIsInVwZGF0ZWRJblZlciI6IjQzLjEyMy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: dreadnode-renovate-bot[bot] <184170622+dreadnode-renovate-bot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
Added:
auto_sid_history_enum) to orchestrator automationsid_history_enum.rsimplementing periodic LDAP probing for(sIDHistory=*)and vulnerability emission when foreign SIDs are detectedDEDUP_SID_HISTORYand associated handling to prevent repeated enumeration of the same domain/DCChanged:
auto_sid_history_enumin the automation task spawner to enable scheduled execution