From 42f393dd8838ed7e2ff3767ab8938e67322c58c8 Mon Sep 17 00:00:00 2001
From: Rohan Vazarkar <rvazarkar@users.noreply.github.com>
Date: Wed, 10 Jan 2024 12:52:28 -0500
Subject: [PATCH] fix: failure to close operations leads to connection
 exhaustion (BED-4041) (#305)

---
 packages/go/analysis/ad/adcs.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/packages/go/analysis/ad/adcs.go b/packages/go/analysis/ad/adcs.go
index d3ab2909f7..bf972ccb32 100644
--- a/packages/go/analysis/ad/adcs.go
+++ b/packages/go/analysis/ad/adcs.go
@@ -382,16 +382,22 @@ func PostADCS(ctx context.Context, db graph.Database, groupExpansions impact.Pat
 		operation := analysis.NewPostRelationshipOperation(ctx, db, "ADCS Post Processing")
 
 		if enterpriseCertAuthorities, err := FetchNodesByKind(ctx, db, ad.EnterpriseCA); err != nil {
+			operation.Done()
 			return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed fetching enterpriseCA nodes: %w", err)
 		} else if rootCertAuthorities, err := FetchNodesByKind(ctx, db, ad.RootCA); err != nil {
+			operation.Done()
 			return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed fetching rootCA nodes: %w", err)
 		} else if certTemplates, err := FetchNodesByKind(ctx, db, ad.CertTemplate); err != nil {
+			operation.Done()
 			return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed fetching cert template nodes: %w", err)
 		} else if domains, err := FetchNodesByKind(ctx, db, ad.Domain); err != nil {
+			operation.Done()
 			return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed fetching domain nodes: %w", err)
 		} else if step1Stats, err := postADCSPreProcessStep1(ctx, db, enterpriseCertAuthorities, rootCertAuthorities); err != nil {
+			operation.Done()
 			return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed adcs pre-processing step 1: %w", err)
 		} else if step2Stats, err := postADCSPreProcessStep2(ctx, db, certTemplates); err != nil {
+			operation.Done()
 			return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed adcs pre-processing step 2: %w", err)
 		} else {
 			operation.Stats.Merge(step1Stats)
@@ -433,10 +439,13 @@ func postADCSPreProcessStep1(ctx context.Context, db graph.Database, enterpriseC
 	operation := analysis.NewPostRelationshipOperation(ctx, db, "ADCS Post Processing Step 1")
 
 	if err := PostTrustedForNTAuth(ctx, db, operation); err != nil {
+		operation.Done()
 		return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed post processing for %s: %w", ad.TrustedForNTAuth.String(), err)
 	} else if err := PostIssuedSignedBy(ctx, db, operation, enterpriseCertAuthorities, rootCertAuthorities); err != nil {
+		operation.Done()
 		return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed post processing for %s: %w", ad.IssuedSignedBy.String(), err)
 	} else if err := PostEnterpriseCAFor(ctx, db, operation, enterpriseCertAuthorities); err != nil {
+		operation.Done()
 		return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed post processing for %s: %w", ad.EnterpriseCAFor.String(), err)
 	} else {
 		return &operation.Stats, operation.Done()
@@ -447,6 +456,7 @@ func postADCSPreProcessStep2(ctx context.Context, db graph.Database, certTemplat
 	operation := analysis.NewPostRelationshipOperation(ctx, db, "ADCS Post Processing Step 2")
 
 	if err := PostEnrollOnBehalfOf(certTemplates, operation); err != nil {
+		operation.Done()
 		return &analysis.AtomicPostProcessingStats{}, fmt.Errorf("failed post processing for %s: %w", ad.EnrollOnBehalfOf.String(), err)
 	} else {
 		return &operation.Stats, operation.Done()