Skip to content

Cstruct changes#81

Merged
yunzheng merged 2 commits intomainfrom
cstruct-changes
Jun 23, 2025
Merged

Cstruct changes#81
yunzheng merged 2 commits intomainfrom
cstruct-changes

Conversation

@twiggler
Copy link
Copy Markdown
Contributor

@twiggler twiggler commented Jun 23, 2025

Make cobaltstrike compatible with changes to the struct API.

Note: After cstruct is released, update the dependency

@twiggler twiggler requested a review from yunzheng June 23, 2025 09:40
yunzheng
yunzheng reviewed Jun 23, 2025
View reviewed changes
Comment thread dissect/cobaltstrike/beacon.py

def beacon_gate_options_string(bgo: BeaconGateOptions) -> list[str]:
"""Return the enabled BeaconGate WinAPI's as a list of strings"""
options = {k for k, v in bgo._values.items() if v}
Copy link
Copy Markdown
Member

@yunzheng yunzheng Jun 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does cstruct provide a better or a public api for accessing the values? If not, that might be a nice contract/feature to add so it doesn't break in a future cstruct update :)

Copy link
Copy Markdown
Contributor Author

@twiggler twiggler Jun 23, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah so although __values__ has a lot of underscores, that is mostly to avoid collisions with user defined fields; it is considered part of the public interface.

Alternative would be to loop over the field names and get the attributes, I think this is slightly cleaner.

@codecov
Copy link
Copy Markdown

codecov bot commented Jun 23, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 76.40%. Comparing base (ef91243) to head (fa832ae).
Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
dissect/cobaltstrike/pcap.py 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main      #81   +/-   ##
=======================================
  Coverage   76.40%   76.40%           
=======================================
  Files          12       12           
  Lines        2729     2729           
=======================================
  Hits         2085     2085           
  Misses        644      644
Flag Coverage Δ
unittests 76.40% <50.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@yunzheng
Copy link
Copy Markdown
Member

yunzheng commented Jun 23, 2025

Make cobaltstrike compatible with changes to the struct API.

Note: After cstruct is released, update the dependency

In which version of cstruct did this API change?

@twiggler
Copy link
Copy Markdown
Contributor Author

twiggler commented Jun 23, 2025

Make cobaltstrike compatible with changes to the struct API.
Note: After cstruct is released, update the dependency

In which version of cstruct did this API change?

The change will be part of 4.6 https://github.com/fox-it/dissect.cstruct/blob/main/CHANGELOG.md

yunzheng
yunzheng approved these changes Jun 23, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@yunzheng yunzheng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@yunzheng yunzheng merged commit 1e0a45e into main Jun 23, 2025
22 of 24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yunzheng yunzheng yunzheng approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@twiggler @yunzheng