Merge branch 'main' into anemeth/cursor-jump-fix

.github/workflows/run-tests.yml

@@ -43,7 +43,7 @@ jobs:
     - name: Install Go
       uses: actions/setup-go@v4
       with:
-        go-version: '^1.20.0'
+        go-version: '^1.21.0'
 
     - name: Install Python
       uses: actions/setup-python@v4

DEVREADME.md

@@ -9,7 +9,7 @@ More detailed information regarding [contributing](https://github.com/SpecterOps
 
 -   [Just](https://github.com/casey/just)
 -   [Python 3.10](https://www.python.org/downloads/)
--   [Go 1.20](https://go.dev/dl/)
+-   [Go 1.21](https://go.dev/dl/)
 -   [Node 18](https://nodejs.dev/en/download/)
 -   [Yarn 3.6](https://yarnpkg.com/getting-started/install)
 -   [Docker Desktop](https://www.docker.com/products/docker-desktop/) (or Docker/Docker Compose compatible runtime)

cmd/api/src/analysis/ad/adcs_integration_test.go

@@ -22,6 +22,7 @@ package ad_test
 import (
 	"context"
 	"github.com/specterops/bloodhound/analysis"
+	"github.com/specterops/bloodhound/graphschema"
 
 	ad2 "github.com/specterops/bloodhound/analysis/ad"
 
@@ -39,11 +40,12 @@ import (
 )
 
 func TestADCSESC1(t *testing.T) {
-	testContext := integration.NewGraphTestContext(t)
+	testContext := integration.NewGraphTestContext(t, graphschema.DefaultGraphSchema())
 
-	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) {
+	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) error {
 		harness.ADCSESC1Harness.Setup(testContext)
-	}, func(harness integration.HarnessDetails, db graph.Database) error {
+		return nil
+	}, func(harness integration.HarnessDetails, db graph.Database) {
 		operation := analysis.NewPostRelationshipOperation(context.Background(), db, "ADCS Post Process Test - ESC1")
 
 		groupExpansions, err := ad2.ExpandAllRDPLocalGroups(context.Background(), db)
@@ -106,17 +108,16 @@ func TestADCSESC1(t *testing.T) {
 			}
 			return nil
 		})
-		return nil
 	})
-
 }
 
 func TestGoldenCert(t *testing.T) {
-	testContext := integration.NewGraphTestContext(t)
+	testContext := integration.NewGraphTestContext(t, graphschema.DefaultGraphSchema())
 
-	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) {
+	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) error {
 		harness.ADCSGoldenCertHarness.Setup(testContext)
-	}, func(harness integration.HarnessDetails, db graph.Database) error {
+		return nil
+	}, func(harness integration.HarnessDetails, db graph.Database) {
 		operation := analysis.NewPostRelationshipOperation(context.Background(), db, "ADCS Post Process Test - Golden Cert")
 
 		domains, err := ad2.FetchNodesByKind(context.Background(), db, ad.Domain)
@@ -170,16 +171,17 @@ func TestGoldenCert(t *testing.T) {
 			}
 			return nil
 		})
-		return nil
 	})
 
 }
 
 func TestCanAbuseUPNCertMapping(t *testing.T) {
-	testContext := integration.NewGraphTestContext(t)
-	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) {
+	testContext := integration.NewGraphTestContext(t, graphschema.DefaultGraphSchema())
+
+	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) error {
 		harness.WeakCertBindingAndUPNCertMappingHarness.Setup(testContext)
-	}, func(harness integration.HarnessDetails, db graph.Database) error {
+		return nil
+	}, func(harness integration.HarnessDetails, db graph.Database) {
 		operation := analysis.NewPostRelationshipOperation(context.Background(), db, "ADCS Post Process Test - CanAbuseUPNCertMapping")
 
 		if enterpriseCertAuthorities, err := ad2.FetchNodesByKind(context.Background(), db, ad.EnterpriseCA); err != nil {
@@ -188,6 +190,7 @@ func TestCanAbuseUPNCertMapping(t *testing.T) {
 			t.Logf("failed post processing for %s: %v", ad.CanAbuseUPNCertMapping.String(), err)
 		}
 
+		// TODO: We're throwing away the collected errors from the operation and should assert on them
 		operation.Done()
 
 		db.ReadTransaction(context.Background(), func(tx graph.Transaction) error {
@@ -214,15 +217,15 @@ func TestCanAbuseUPNCertMapping(t *testing.T) {
 			}
 			return nil
 		})
-		return nil
 	})
 }
 
 func TestCanAbuseWeakCertBinding(t *testing.T) {
-	testContext := integration.NewGraphTestContext(t)
-	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) {
+	testContext := integration.NewGraphTestContext(t, graphschema.DefaultGraphSchema())
+	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) error {
 		harness.WeakCertBindingAndUPNCertMappingHarness.Setup(testContext)
-	}, func(harness integration.HarnessDetails, db graph.Database) error {
+		return nil
+	}, func(harness integration.HarnessDetails, db graph.Database) {
 		operation := analysis.NewPostRelationshipOperation(context.Background(), db, "ADCS Post Process Test - CanAbuseWeakCertBinding")
 
 		if enterpriseCertAuthorities, err := ad2.FetchNodesByKind(context.Background(), db, ad.EnterpriseCA); err != nil {
@@ -231,6 +234,7 @@ func TestCanAbuseWeakCertBinding(t *testing.T) {
 			t.Logf("failed post processing for %s: %v", ad.CanAbuseWeakCertBinding.String(), err)
 		}
 
+		// TODO: We're throwing away the collected errors from the operation and should assert on them
 		operation.Done()
 
 		db.ReadTransaction(context.Background(), func(tx graph.Transaction) error {
@@ -255,17 +259,18 @@ func TestCanAbuseWeakCertBinding(t *testing.T) {
 				assert.False(t, results.Contains(harness.WeakCertBindingAndUPNCertMappingHarness.Domain2))
 				assert.False(t, results.Contains(harness.WeakCertBindingAndUPNCertMappingHarness.Domain3))
 			}
+
 			return nil
 		})
-		return nil
 	})
 }
 
 func TestIssuedSignedBy(t *testing.T) {
-	testContext := integration.NewGraphTestContext(t)
-	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) {
+	testContext := integration.NewGraphTestContext(t, graphschema.DefaultGraphSchema())
+	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) error {
 		harness.IssuedSignedByHarness.Setup(testContext)
-	}, func(harness integration.HarnessDetails, db graph.Database) error {
+		return nil
+	}, func(harness integration.HarnessDetails, db graph.Database) {
 		operation := analysis.NewPostRelationshipOperation(context.Background(), db, "ADCS Post Process Test - IssuedSignedBy")
 
 		if rootCertAuthorities, err := ad2.FetchNodesByKind(context.Background(), db, ad.RootCA); err != nil {
@@ -322,20 +327,21 @@ func TestIssuedSignedBy(t *testing.T) {
 				assert.False(t, results2.Contains(harness.IssuedSignedByHarness.EnterpriseCA3))
 				assert.False(t, results3.Contains(harness.IssuedSignedByHarness.EnterpriseCA3))
 			}
+
 			return nil
 		})
-		return nil
 	})
 }
 
 func TestTrustedForNTAuth(t *testing.T) {
-	testContext := integration.NewGraphTestContext(t)
+	testContext := integration.NewGraphTestContext(t, graphschema.DefaultGraphSchema())
 
 	testContext.DatabaseTestWithSetup(
-		func(harness *integration.HarnessDetails) {
+		func(harness *integration.HarnessDetails) error {
 			harness.TrustedForNTAuthHarness.Setup(testContext)
+			return nil
 		},
-		func(harness integration.HarnessDetails, db graph.Database) error {
+		func(harness integration.HarnessDetails, db graph.Database) {
 			// post `TrustedForNTAuth` edges
 			operation := analysis.NewPostRelationshipOperation(context.Background(), db, "ADCS Post Process Test - TrustedForNTAuth")
 
@@ -364,16 +370,15 @@ func TestTrustedForNTAuth(t *testing.T) {
 				}
 				return nil
 			})
-
-			return nil
 		})
 }
 
 func TestEnrollOnBehalfOf(t *testing.T) {
-	testContext := integration.NewGraphTestContext(t)
-	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) {
+	testContext := integration.NewGraphTestContext(t, graphschema.DefaultGraphSchema())
+	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) error {
 		harness.EnrollOnBehalfOfHarnessOne.Setup(testContext)
-	}, func(harness integration.HarnessDetails, db graph.Database) error {
+		return nil
+	}, func(harness integration.HarnessDetails, db graph.Database) {
 		certTemplates, err := ad2.FetchNodesByKind(context.Background(), db, ad.CertTemplate)
 		v1Templates := make([]*graph.Node, 0)
 		v2Templates := make([]*graph.Node, 0)
@@ -386,7 +391,9 @@ func TestEnrollOnBehalfOf(t *testing.T) {
 				v2Templates = append(v2Templates, template)
 			}
 		}
+
 		require.Nil(t, err)
+
 		db.ReadTransaction(context.Background(), func(tx graph.Transaction) error {
 			results, err := ad2.EnrollOnBehalfOfVersionOne(tx, v1Templates, certTemplates)
 			require.Nil(t, err)
@@ -413,16 +420,16 @@ func TestEnrollOnBehalfOf(t *testing.T) {
 
 			return nil
 		})
-
-		return nil
 	})
 
-	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) {
+	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) error {
 		harness.EnrollOnBehalfOfHarnessTwo.Setup(testContext)
-	}, func(harness integration.HarnessDetails, db graph.Database) error {
+		return nil
+	}, func(harness integration.HarnessDetails, db graph.Database) {
 		certTemplates, err := ad2.FetchNodesByKind(context.Background(), db, ad.CertTemplate)
 		v1Templates := make([]*graph.Node, 0)
 		v2Templates := make([]*graph.Node, 0)
+
 		for _, template := range certTemplates {
 			if version, err := template.Properties.Get(ad.SchemaVersion.String()).Float64(); err != nil {
 				continue
@@ -432,7 +439,9 @@ func TestEnrollOnBehalfOf(t *testing.T) {
 				v2Templates = append(v2Templates, template)
 			}
 		}
+
 		require.Nil(t, err)
+
 		db.ReadTransaction(context.Background(), func(tx graph.Transaction) error {
 			results, err := ad2.EnrollOnBehalfOfVersionTwo(tx, v2Templates, certTemplates)
 			require.Nil(t, err)
@@ -446,16 +455,15 @@ func TestEnrollOnBehalfOf(t *testing.T) {
 
 			return nil
 		})
-
-		return nil
 	})
 }
 
 func TestADCSESC3(t *testing.T) {
-	testContext := integration.NewGraphTestContext(t)
-	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) {
+	testContext := integration.NewGraphTestContext(t, graphschema.DefaultGraphSchema())
+	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) error {
 		harness.ESC3Harness1.Setup(testContext)
-	}, func(harness integration.HarnessDetails, db graph.Database) error {
+		return nil
+	}, func(harness integration.HarnessDetails, db graph.Database) {
 		operation := analysis.NewPostRelationshipOperation(context.Background(), db, "ADCS Post Process Test - ESC3")
 
 		groupExpansions, err := ad2.ExpandAllRDPLocalGroups(context.Background(), db)
@@ -506,12 +514,12 @@ func TestADCSESC3(t *testing.T) {
 			}
 			return nil
 		})
-		return nil
 	})
 
-	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) {
+	testContext.DatabaseTestWithSetup(func(harness *integration.HarnessDetails) error {
 		harness.ESC3Harness2.Setup(testContext)
-	}, func(harness integration.HarnessDetails, db graph.Database) error {
+		return nil
+	}, func(harness integration.HarnessDetails, db graph.Database) {
 		operation := analysis.NewPostRelationshipOperation(context.Background(), db, "ADCS Post Process Test - ESC3")
 
 		groupExpansions, err := ad2.ExpandAllRDPLocalGroups(context.Background(), db)
@@ -570,6 +578,5 @@ func TestADCSESC3(t *testing.T) {
 			}
 			return nil
 		})
-		return nil
 	})
 }