Skip to content

refactor: extract gMSA exploit token emission logic into standalone helper#292

Merged
l50 merged 1 commit into
feat/more-attack-covfrom
feat/dreadgoad-gmsa-emit-helper
May 13, 2026
Merged

refactor: extract gMSA exploit token emission logic into standalone helper#292
l50 merged 1 commit into
feat/more-attack-covfrom
feat/dreadgoad-gmsa-emit-helper

Conversation

@l50
Copy link
Copy Markdown
Contributor

@l50 l50 commented May 13, 2026

Key Changes:

  • Refactored gMSA exploit token side-effect logic into a dedicated async helper function
  • Improved code clarity and testability by removing inline gMSA logic from hash-publish flow
  • Added comprehensive unit tests for gMSA exploit token emission behavior

Added:

  • Dedicated emit_gmsa_exploit_token_if_gmsa async helper to emit exploit tokens for gMSA accounts incidentally captured via secretsdump or DCSync
  • Unit tests covering edge cases (gMSA, regular machine accounts, regular users, case normalization) for the new helper

Changed:

  • Hash-publish flow in extract_discoveries now delegates gMSA side-effect to the new helper function, improving modularity and separation of concerns

Removed:

  • Inline gMSA exploit token emission logic from the hash-publish branch in result processing, reducing code duplication and complexity

@l50
refactor: extract gMSA exploit token emission to reusable async helper
6c7e3b8 
**Added:**

- Introduced `emit_gmsa_exploit_token_if_gmsa` async helper to encapsulate gMSA exploit token side-effect logic and ensure consistent credit emission for gMSA hashes captured via secretsdump
- Added comprehensive tests for `emit_gmsa_exploit_token_if_gmsa`, covering gMSA, machine accounts, regular users, and case normalization

**Changed:**

- Replaced inline gMSA exploit token emission logic in `extract_discoveries` with a call to the new `emit_gmsa_exploit_token_if_gmsa` helper for improved code reuse and clarity
@codecov
Copy link
Copy Markdown

codecov Bot commented May 13, 2026

Codecov Report

❌ Patch coverage is 93.75000% with 3 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (feat/more-attack-cov@47a06dd). Learn more about missing BASE report.

Files with missing lines Patch % Lines
ares-cli/src/orchestrator/result_processing/mod.rs 82.35% 3 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@                   Coverage Diff                   @@
##             feat/more-attack-cov     #292   +/-   ##
=======================================================
  Coverage                        ?   76.21%           
=======================================================
  Files                           ?      433           
  Lines                           ?   114093           
  Branches                        ?        0           
=======================================================
  Hits                            ?    86954           
  Misses                          ?    27139           
  Partials                        ?        0
Files with missing lines Coverage Δ
...es-cli/src/orchestrator/result_processing/tests.rs 100.00% <100.00%> (ø)
ares-cli/src/orchestrator/result_processing/mod.rs 21.34% <82.35%> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@l50 l50 merged commit 03d3915 into feat/more-attack-cov May 13, 2026
11 checks passed
@l50 l50 deleted the feat/dreadgoad-gmsa-emit-helper branch May 13, 2026 02:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@l50