Skip to content

Adding ObjectId to CompStatus #179

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mykeelium merged 5 commits into from
Oct 23, 2025
Merged

Adding ObjectId to CompStatus #179

mykeelium merged 5 commits into from
Oct 23, 2025

Conversation

@mykeelium
Copy link
Contributor

@mykeelium mykeelium commented Oct 2, 2025
edited by coderabbitai bot
Loading

Description

Adding ObjectId to CompStatus

Motivation and Context

Resolves: BED-6568

How Has This Been Tested?

This has been tested by creating a build of SharpHound with the updated library, and using running a collection.

Screenshots (if appropriate):

Types of changes

  • Chore (a change that does not modify the application functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Documentation updates are needed, and have been made accordingly.
  • I have added and/or updated tests to cover my changes.
  • All new and existing tests passed.
  • My changes include a database migration.

Summary by CodeRabbit

  • New Features

    • Status CSV now includes an ObjectID column, adding the SID/object identifier to each entry.
    • ObjectID is populated for resolved hosts and stealth target mappings, and propagated across session, workstation, registry, LDAP, domain controller, and Enterprise CA status entries.
    • Network and directory scan workflows now capture domain/object context for richer status data.

  • Style

    • CSV header updated from "ComputerName,Task,Status" to "ComputerName,Task,Status,ObjectID".

@mykeelium mykeelium self-assigned this Oct 2, 2025
@mykeelium mykeelium added the enhancement New feature or request label Oct 2, 2025
@coderabbitai
Copy link

coderabbitai bot commented Oct 2, 2025
edited
Loading

Walkthrough

Propagates an ObjectId into status reporting: producers set CSVComputerStatus.ObjectId when resolving SIDs/object IDs; runtime processors pass ObjectId (and DomainSid) into scans and status writes; CSV writer adds an ObjectID column; two Scan method signatures updated.

Changes

Cohort / File(s) Summary
Producers
src/Producers/ComputerFileProducer.cs, src/Producers/StealthProducer.cs		 Populate CSVComputerStatus.ObjectId when a host/stealth target resolves to a SID; emit status with the new field without changing control flow.
Runtime processors
src/Runtime/ObjectProcessors.cs		 Add ObjectId to status CSV entries across NetSessionEnum, NetWkstaUserEnum, RegistrySessions, EnterpriseCA, etc.; pass DomainSid into SmbProcessor.Scan(apiName, domainSid) and ObjectId into DCLdapProcessor.Scan(displayName, objectId); propagate ObjectId through LDAP/DC and CA flows.
Writers
src/Writers/CompStatusWriter.cs		 CSV header changed from "ComputerName,Task,Status" to "ComputerName,Task,Status,ObjectID".
Project
Sharphound.csproj		 Bumped SharpHoundCommon and SharpHoundRPC PackageReference versions from 4.3.2 to 4.5.0.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Operator
  participant Producer as Producer (ComputerFile/Stealth)
  participant Processor as ObjectProcessors
  participant Smb as SmbProcessor
  participant LDAP as DCLdapProcessor
  participant Writer as CompStatusWriter

  Operator->>Producer: start resolution
  Producer->>Processor: report resolved target { SID, ObjectId }
  note right of Producer #D3E4CD: Producer sets CSVComputerStatus.ObjectId

  Processor->>Smb: Scan(apiName, domainSid)
  Smb-->>Processor: SMB results
  Processor->>LDAP: Scan(displayName, objectId)
  LDAP-->>Processor: LDAP results

  Processor->>Writer: Write CSVComputerStatus { ComputerName, Task, Status, ObjectId }
  Writer-->>Operator: CSV row including ObjectID
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

Suggested labels

bug

Suggested reviewers

  • ktstrader
  • definitelynotagoblin

Poem

I hopped through code with audit cheer,
Tagged each host so traces clear.
SID in paw, ObjectId bright,
CSVs now sing in line and light.
A rabbit’s hop—one tidy write. 🐇📋

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Title Check ✅ Passed The pull request title "Adding ObjectId to CompStatus" is directly aligned with the primary change in the changeset. The modifications across multiple files (CSVComputerStatus, CompStatusWriter, various processors and producers) consistently focus on adding an ObjectId field to the CompStatus output. The title is concise, clear, and specific enough for a developer reviewing commit history to understand that this changeset introduces an ObjectId field to CompStatus records.
Description Check ✅ Passed The pull request description follows the required template structure with all major sections present and populated. The Description section briefly states the change, the Motivation and Context section references issue BED-6568, and the How Has This Been Tested section describes the testing approach (building SharpHound with updated library and running a collection). The Types of changes and Checklist sections are completed with appropriate selections. While the Description and Testing sections could be more detailed, the description is substantially complete with all required template sections addressed and the key information provided.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch mcuomo/BED-6568

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@mykeelium mykeelium added the blocked by SHC PR A SharpHoundCommon PR must be merged in first before this PR label Oct 2, 2025
@mykeelium mykeelium marked this pull request as ready for review October 4, 2025 01:44
coderabbitai[bot]
coderabbitai bot reviewed Oct 23, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/Writers/CompStatusWriter.cs (1)

22-23: Remove duplicate assignment.

The assignment _channel = channel; appears twice consecutively, which is redundant.

Apply this diff to remove the duplicate:

         _context = context;
         _channel = channel;
-        _channel = channel;
         if (!_context.Flags.DumpComputerStatus) NoOp = true;
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 66ea1a8 and 66e4883.

📒 Files selected for processing (3)
  • Sharphound.csproj (1 hunks)
  • src/Runtime/ObjectProcessors.cs (7 hunks)
  • src/Writers/CompStatusWriter.cs (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • src/Runtime/ObjectProcessors.cs
🔇 Additional comments (1)
src/Writers/CompStatusWriter.cs (1)

63-63: Verify CSV serialization by testing the actual output.

The header has been updated to include ObjectID, and the codebase consistently populates the ObjectId property when creating CSVComputerStatus instances. However, the ToCsv() method is defined in the external SharpHoundCommon NuGet package (v4.5.0), which cannot be inspected in this codebase.

To confirm the change is correct, manually run the tool with DumpComputerStatus flag enabled and verify that:

  1. The CSV output contains all four columns: ComputerName, Task, Status, ObjectID
  2. The columns appear in this order
  3. ObjectID values are populated correctly

@mykeelium mykeelium merged commit f2613e8 into 2.X Oct 23, 2025
2 checks passed
@mykeelium mykeelium deleted the mcuomo/BED-6568 branch October 23, 2025 18:27
@github-actions github-actions bot locked and limited conversation to collaborators Oct 23, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@definitelynotagoblin definitelynotagoblin definitelynotagoblin approved these changes

Assignees

@mykeelium mykeelium

Labels

blocked by SHC PR A SharpHoundCommon PR must be merged in first before this PR enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mykeelium @definitelynotagoblin