Type checker, reg parsing improvements, UI improvements#101
Merged
leechristensen merged 11 commits intomainfrom Feb 5, 2026
Merged
Type checker, reg parsing improvements, UI improvements#101leechristensen merged 11 commits intomainfrom
leechristensen merged 11 commits intomainfrom
Conversation
Collaborator
leechristensen
commented
Feb 5, 2026
leechristensen
commented
- Pyright Type Checking (core theme)
- Added pyrightconfig.json (basic mode, Python 3.13) to every lib and project
- Added pyright>=1.1 as a dev dependency to all pyproject.toml files, with uv.lock updates
- Updated tools/lint.sh to deactivate active venvs and verify pyright availability
- Fixed hundreds of type errors across the codebase:
- Globals initialized as None without Optional type annotations
- StorageMinio return types (str not uuid.UUID)
- None-safety assertions added for asyncpg_pool, tracking_service, workflow_client, file_queue, etc.
- Explicit type annotations on dict literals, function parameters, and return types
- Pyright-ignore annotations for third-party libraries (Dapr, gRPC, pypykatz, regipy, etc.)
- Added py.typed marker files to common and nemesis_dpapi
- Registry Hive Analyzer Enhancements
- Extract machine SID from SAM domain V value with binary SID decoding
- Extract per-user metadata (ACB flags, timestamps, full name, comments)
- Compute password expiration from domain max password age policy
- Detect empty LM/NT hashes via well-known constants
- Parse DCC cached domain credentials into structured entries
- Structured secret_type field for LSA secrets
- Detailed markdown/plain-text formatters for SAM accounts and LSA secrets
- Multiple bug fixes (attribute names, pypykatz API usage, regipy None handling)
- Bug Fixes
- office2john.py format string fix
- Container analyzer 7z iteration (sz.files list instead of .items())
- file_linking rules engine: avoid double match call
- logger.exception calls: remove exception object as first arg
- document_conversion lifespan: use stack.callback() for sync shutdown
- NoseyParkerOutput missing workflow_id field
- Remove unused guid parameter from DPAPI manager interfaces
- CVE-2026-24486: upgrade python-multipart to 0.0.22
- Frontend: Lazy File Loading & Viewer Improvements
- Backend range requests: added offset/length query params to the download endpoint
- Lazy tab loading: hex, transform, ZIP, SQLite, and image tabs only fetch data when activated
- Truncation dropdown: replaces old banner alert for files > 10MB, with spinner overlay
- Tab render refactor: replaced ~150-line ternary chain with explicit per-tab render functions
- Fixed transform tabs stuck on "Loading content..." (stale WebSocket subscription)
- Fixed hex tab deferred loading
- Yara Rules UI Improvements
- Compact table rows, X button + Esc key to close editor
- Disable Save when unchanged, disable Create when name already exists
- Default source for new rules
- New Tests
- test_registry_hive.py: tests for SAM, SECURITY, and SYSTEM hive analysis with binary fixtures
- test_container.py: tests for container analyzer
- CLI tests: test_cobaltstrike_client.py, test_config.py, test_monitor.py, test_nemesis_client.py, test_outflankc2_client.py, test_submit.py, test_sync.py
- test_download_range.py: web_api range request tests
- Misc
- Updated .gitignore
- Quieted console logs
- Added .claude/commands/address-dependabot.md and .claude/skills/addressing-dependabot.md
- Added missing runtime dependencies to file_enrichment_modules (pypykatz, pyarrow, msoffcrypto-tool, oletools, regipy, pillow)
added 11 commits
February 4, 2026 12:55
…pendabot #683)
Registry Hive Analyzer Enhancements: - Extract machine SID from SAM domain V value with binary SID decoding - Extract per-user metadata via regipy (ACB flags, timestamps, full name, comment via USER_ACCOUNT_V) - Compute password expiration from domain max password age policy - Detect empty LM/NT hashes via well-known constants - Parse DCC cached domain credentials into structured entries - Store DPAPI system machine_key/user_key as separate fields - Add structured secret_type field to LSA secrets (dcc, dpapi_system, hex_blob, generic) - Add detailed markdown and plain-text formatters for SAM accounts and LSA secrets, replacing _get_lsa_secret_output_string - Fix SYSTEM hive attribute names: computer_name -> machinename, current_control_set -> currentcontrol - Switch SAM user iteration from sam.users to sam.secrets (pypykatz API) - Add FILETIME-to-UTC and regipy value-to-bytes helpers New Tests: - Add test_registry_hive.py with SAM, SECURITY, and SYSTEM hive fixtures - Add test_container.py for container analyzer - Add SAM/SECURITY/SYSTEM binary test fixtures Pyright Setup: - Add pyrightconfig.json (basic mode, Python 3.13) to all libs and projects - Add pyright>=1.1 as dev dependency to all pyproject.toml files - Update all uv.lock files accordingly - Update lint.sh to deactivate active venvs and verify pyright availability Type Annotation Fixes: - Fix globals initialized as None without Optional type across file_enrichment, document_conversion, and agents global_vars - Fix StorageMinio return types: upload/upload_file/upload_uploadfile return str, not uuid.UUID - Fix MockStorageMinio to match updated StorageMinio return types - Add explicit type annotations to dict literals in chromekey.py, pdf/analyzer.py, registry_hive/analyzer.py, and publish_findings.py - Fix kubeconfig current_context parameter to accept str | None - Fix container_contents allowed_extensions: set = None -> set | None = None - Fix file subscription file_queue: asyncio.Queue = None -> asyncio.Queue | None = None - Fix web_api upload_file to wrap object_id in uuid.UUID() for response None-safety Assertions: - Add assert statements for asyncpg_pool, tracking_service, workflow_client, workflow_manager, file_linking_engine, file_queue, gotenberg_url, and process.stdout across all activity, subscription, route, and workflow files in file_enrichment and document_conversion - Add assertions for asyncpg_pool in all chromium processors - Add assertions for File.from_metadata timestamp/expiration fields - Add assertion for alerting GQL client session type Pyright Ignore Annotations: - Suppress third-party type issues in Dapr workflow/activity APIs, gRPC subscription imports, ccache/lnk/office_doc attribute access, and nemesis_dpapi FlagMixin operators - Add file-level suppression for office2john.py, pdf2john.py, pe/analyzer.py, and test harness files Bug Fixes: - Fix office2john.py format string: bare % filename -> % (filename, stream) - Fix container analyzer 7z iteration: iterate sz.files list instead of calling .items() - Fix file_linking rules_engine: store match result to avoid double call - Fix logger.exception calls: remove exception object as first arg in storage.py, cookies.py, enrichments.py, housekeeping/main.py - Fix document_conversion lifespan: use stack.callback() for sync shutdown - Fix NoseyParkerOutput fallback: add missing workflow_id field - Fix regipy hive_type: handle None return from RegistryHive.hive_type DPAPI Manager: - Remove unused guid parameter from get_system_credentials across DpapiManager, NullDpapiManager, and DpapiManagerProtocol Added Missing Dependencies (file_enrichment_modules): - pypykatz>=0.6.11, pyarrow>=19.0.1, msoffcrypto-tool>=5.4.2, oletools>=0.60.2, regipy>=5.2.0, pillow>=11.3.0
Add offset/length query params to the download endpoint so the frontend can request partial file content. FileViewer now fetches data on demand — hex, transform (Strings, etc.), ZIP, SQLite, and image tabs only load when activated. Text-based content is capped at 10 MB previews.
- Prevent stale WS subscription from overwriting fetched content - Show retry button when transform content fails to load - Reset fetch guard on non-OK HTTP responses
- Add truncation dropdown to MonacoContentViewer for files > 10MB, replacing the old banner alert and hex "Load Hex View" button - Add spinner overlay on Monaco editor while loading full content - Wire truncation support to transform tabs (monaco/json types), enrichment tabs, and text tabs - Change hex tab to auto-load first 10MB preview with dropdown for full file instead of requiring manual load - Default word wrap to off - Remove "File is too large" warning message - Refactor ~150-line ternary chain into explicit per-tab render functions (renderPreviewTab, renderZipTab, renderSqliteTab, renderTextTab, renderHexTab, renderTabContent) with shared helpers (renderFullFileContent, getTextContent)
- Compact table rows with tighter padding - Add X button and Esc key to close editor dialog - Disable Save button when rule content is unchanged - Disable Create button with inline warning when rule name already exists - Default source to "Created manually by <user>" for new rules - Update source placeholder to "e.g. /yara_rules/custom.yara"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.