Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Web Graph Unable to Handle Duplicate Relationships #971

Closed
Sq00ky opened this issue Nov 21, 2024 · 1 comment
Closed

Bug: Web Graph Unable to Handle Duplicate Relationships #971

Sq00ky opened this issue Nov 21, 2024 · 1 comment
Labels
bug Something isn't working wontfix This will not be worked on

Comments

@Sq00ky
Copy link

Sq00ky commented Nov 21, 2024
edited
Loading

Describe the bug
The BloodHound Web UI is unable to gracefully handle/display duplicate relationships to the same nodes. See the attached Neo4j screenshot below.

To Reproduce
Easy steps to reproduce the behavior:

  1. Pick a node, let's say a User Account (JEFF) and a Computer (WK1)
  2. Use Neo4j to manually establish multiple relationships (ex. HasSession) from Jeff to WK1 two times over:
  3. Execute the following neo4j query twice: MATCH (u:User {name: "[email protected]"}) MATCH (c:Computer {name: "WK1.DOMAIN.COM"}) CREATE (c)-[:HasSession]->(u)
  4. Navigate to the node in BloodHound, click the node, scroll down to the "Sessions" tab and expand the window
  5. Observe the error seen in the screenshot below

Expected behavior
The application should be able to gracefully handle multiple relationships originating from the same name to the same destination node. The application should not try to render the duplicate relationship and should skip the relationship, allowing the application to draw the graph.

Screenshots
image
image

Additional context
This finding was discovered through creating a "data connector" between Crowdstrike Falcon to automatically ingest new session data every 24 hours using the advanced event search API and direct interaction with Neo4j. In this particular case, we manually uploaded session data and then ran the connector and noticed the application was not able to gracefully render the graph. This (generally speaking) shouldn't be able to occur in the wild, though I think is worth the report because it does cause the graph & application to become unusable without reloading the page.
@Sq00ky Sq00ky added bug Something isn't working triage This issue requires triaging labels Nov 21, 2024
@StephenHinck StephenHinck added wontfix This will not be worked on and removed triage This issue requires triaging labels Nov 21, 2024
@StephenHinck
Copy link
Collaborator

The graph design of BloodHound expects no duplicate edges between nodes. Unfortunately, this is not something we can enforce within Neo4J, so bypassing the app can result in unexpected behaviors. We would suggest modifying the integration to either update the existing HasSession edge, such as updating the lastseen date, or add an additional property to indicate the desired information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StephenHinck @Sq00ky