Sync master to 0.74 release #4327
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Just a tiny change to enable retrieving of Extended Attributes (xattr).
This upgrades gorilla/csrf to address CVE-2025-24358
After clarifications from the maintainers of the KapeFile fixed interpretation of fields.
Also detect Wow64 as an architecture specifically when running on windows.
The plugin will automatically try each URL in sequence until receiving a 200 status and no error. This allows us to implemented rebust fallback URLs.
Fixed bug in mock plugin where it was impossible to provide different mocks for separate calls. This was required for this test because http_client() is used to call the server first, then the forbidden url next so we need to have different mocks for first call and second call. --------- Co-authored-by: FabFaeb <fabfaeb@gmail.com>
Include comments in .in.yaml files to make it easier to view if the golden tests break.
This might help relieve some of the DNS queries on busy networks. Technically this should not be needed on modern OSs as they should provide caching DNS at the OS level. See golang/go#24796 (comment)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Added more tests to check internal links.
Previously there was a time based cache but we dont expect a lot of users so we can reasonable keep the user list in memory permanenetly. This helps to address potential problems in casing when saving user accounts with different cases. The new code deliberately catches these potential casing clashes and ignores user accounts and acls for users who differ only in case. This might help resolve #4271
@jlockwood-r7 updated this artifact to parse additional useful data from the XML file and to accept a username parameter. It's been thoroughly tested in the R7 MDR SOC, so we recommend updating the existing artifact instead of creating a second version.
This PR updates the SAML authenticator to match the (more recently updated) OIDC authenticator. Previously, the SAML authenticator only added roles to the `root` org, and only assigned roles during user creation. Now it will add roles every login and to all orgs.
fix the username extraction apppath is always empty for some reason, havent looked into why --------- Co-authored-by: Mike Cohen <mike@velocidex.com>
1. Creation of packages is now delegated to VQL plugins. 2. RPM and Deb packages are now created from a spec. 3. Added testing to the produced packages 4. Added artifacts to prepare deb and rpm packages
This PR adds a argument `MaxFileSize` to `Generic.Collectors.File`, which allows you to only collect files with a certain max file size. This allows us for example to only collect small executables, preventing from collecting a lot of big data. --------- Co-authored-by: Mike Cohen <mike@velocidex.com>
Also fixed sorting for booleans
Due to OLE fragmentation we need to take care to split the client config while packing into the MSI. Fixes: #4304
Added update for this issue: #4302 (not sure which service you would prefer but this is whaty I used)
Also cache and reuse the transport. Reusing transports is safe and encouraged to share connections between goroutines.
There was a typo in artefact description - missing h in physical
Previously the FetchBinary artifact that enables using external tools, used only the first URL available from the Client.server_urls. This broke tools when several URLs were used for failover. This changle allows the server to specify all URLs as possible URLs to download tools from making it work in failover situations. Also: - Config generate wizard did not properly ask dyndns questions. - Fixed notebook upload GUI --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io>
…4318) This fixes artifacts that defined column types - there were ignored in notebooks. The `Format Column` GUI now also honors the column types and shows them as preconfigured. Also: Automatically create an upload preview column for shell artifacts with large output. This makes it better to view in the GUI and possible to handle a lot of output
Also: * Fixed yaml serialization bugs * Added template() VQL function to allow more complex template interpolations. * New Deaddisk artifact correctly adds registry mappings for user hives.
This PR revises the way the offline collector writes the logs: 1. Using the logging() plugin, the logs are written to file in during the execution of the collections from VQL. 2. By controlling the name and location of the log file from VQL we are able to better control where the log file is written and also we can delete it if required. 3. Force the copy() plugin to abort when the query ends. --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io>
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.