Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BED-3828: Audit bare channel writes #61

Merged
merged 9 commits into from
Nov 8, 2023
Merged

BED-3828: Audit bare channel writes #61

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ae8dc62
chore: clean up some cancellation logic in pipeline functions
computator Oct 27, 2023
5c3e8d1
chore: add Send() and Recv() channel functions to pipeline
computator Oct 27, 2023
578e5e4
chore: update client to use pipeline.Send()
computator Oct 27, 2023
2bd3062
chore: update cmd to use pipeline.Send()
computator Oct 28, 2023
8b0505f
last few changes to use pipeline.Send()
irshadaj Oct 30, 2023
9e92fed
pipeline.Send() without interface conversions and removing deprecated…
irshadaj Nov 2, 2023
3b1b68b
fix: broken types by adding a new SendAny function
superlinkx Nov 6, 2023
de2394d
chore: update all remaining instances of interface{} to any
superlinkx Nov 6, 2023
e433482
chore: revert to last known good commit
superlinkx Nov 7, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 22 additions & 7 deletions client/app_role_assignments.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"github.com/bloodhoundad/azurehound/v2/client/rest"
"github.com/bloodhoundad/azurehound/v2/constants"
"github.com/bloodhoundad/azurehound/v2/models/azure"
"github.com/bloodhoundad/azurehound/v2/pipeline"
)

func (s *azureClient) GetAzureADAppRoleAssignments(ctx context.Context, servicePrincipalId string, filter, search, orderBy, expand string, selectCols []string, top int32, count bool) (azure.AppRoleAssignmentList, error) {
Expand Down Expand Up @@ -64,34 +65,48 @@ func (s *azureClient) ListAzureADAppRoleAssignments(ctx context.Context, service

if list, err := s.GetAzureADAppRoleAssignments(ctx, servicePrincipal, filter, search, orderBy, expand, selectCols, 999, false); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
} else {
for _, u := range list.Value {
out <- azure.AppRoleAssignmentResult{Ok: u}
if ok := pipeline.Send(ctx.Done(), out, azure.AppRoleAssignmentResult{Ok: u}); !ok {
return
}
}

nextLink = list.NextLink
for nextLink != "" {
var list azure.AppRoleAssignmentList
if url, err := url.Parse(nextLink); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if req, err := rest.NewRequest(ctx, "GET", url, nil, nil, nil); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if res, err := s.msgraph.Send(req); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if err := rest.Decode(res.Body, &list); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else {
for _, u := range list.Value {
out <- azure.AppRoleAssignmentResult{Ok: u}
if ok := pipeline.Send(ctx.Done(), out, azure.AppRoleAssignmentResult{Ok: u}); !ok {
return
}
}
nextLink = list.NextLink
}
Expand Down
85 changes: 64 additions & 21 deletions client/apps.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ import (
"github.com/bloodhoundad/azurehound/v2/constants"
"github.com/bloodhoundad/azurehound/v2/enums"
"github.com/bloodhoundad/azurehound/v2/models/azure"
"github.com/bloodhoundad/azurehound/v2/pipeline"
)

func (s *azureClient) GetAzureADApp(ctx context.Context, objectId string, selectCols []string) (*azure.Application, error) {
Expand Down Expand Up @@ -113,34 +114,48 @@ func (s *azureClient) ListAzureADApps(ctx context.Context, filter, search, order

if list, err := s.GetAzureADApps(ctx, filter, search, orderBy, expand, selectCols, 999, false); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
} else {
for _, u := range list.Value {
out <- azure.ApplicationResult{Ok: u}
if ok := pipeline.Send(ctx.Done(), out, azure.ApplicationResult{Ok: u}); !ok {
return
}
}

nextLink = list.NextLink
for nextLink != "" {
var list azure.ApplicationList
if url, err := url.Parse(nextLink); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
return
} else if req, err := rest.NewRequest(ctx, "GET", url, nil, nil, nil); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
return
} else if res, err := s.msgraph.Send(req); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
return
} else if err := rest.Decode(res.Body, &list); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
return
} else {
for _, u := range list.Value {
out <- azure.ApplicationResult{Ok: u}
if ok := pipeline.Send(ctx.Done(), out, azure.ApplicationResult{Ok: u}); !ok {
return
}
}
nextLink = list.NextLink
}
Expand All @@ -163,12 +178,16 @@ func (s *azureClient) ListAzureADAppOwners(ctx context.Context, objectId string,

if list, err := s.GetAzureADAppOwners(ctx, objectId, filter, search, orderBy, selectCols, 999, false); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
} else {
for _, u := range list.Value {
out <- azure.AppOwnerResult{
if ok := pipeline.Send(ctx.Done(), out, azure.AppOwnerResult{
AppId: objectId,
Ok: u,
}); !ok {
return
}
}

Expand All @@ -177,25 +196,35 @@ func (s *azureClient) ListAzureADAppOwners(ctx context.Context, objectId string,
var list azure.DirectoryObjectList
if url, err := url.Parse(nextLink); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
return
} else if req, err := rest.NewRequest(ctx, "GET", url, nil, nil, nil); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
return
} else if res, err := s.msgraph.Send(req); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
return
} else if err := rest.Decode(res.Body, &list); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
return
} else {
for _, u := range list.Value {
out <- azure.AppOwnerResult{
if ok := pipeline.Send(ctx.Done(), out, azure.AppOwnerResult{
AppId: objectId,
Ok: u,
}); !ok {
return
}
}
nextLink = list.NextLink
Expand All @@ -221,13 +250,17 @@ func (s *azureClient) ListAzureADAppMemberObjects(ctx context.Context, objectId
)
if list, err := s.GetAzureADAppMemberObjects(ctx, objectId, securityEnabledOnly); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
} else {
for _, u := range list.Value {
out <- azure.MemberObjectResult{
if ok := pipeline.Send(ctx.Done(), out, azure.MemberObjectResult{
ParentId: objectId,
ParentType: string(enums.EntityApplication),
Ok: u,
}); !ok {
return
}
}

Expand All @@ -236,26 +269,36 @@ func (s *azureClient) ListAzureADAppMemberObjects(ctx context.Context, objectId
var list azure.MemberObjectList
if url, err := url.Parse(nextLink); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if req, err := rest.NewRequest(ctx, "GET", url, nil, nil, nil); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if res, err := s.msgraph.Send(req); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if err := rest.Decode(res.Body, &list); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else {
for _, u := range list.Value {
out <- azure.MemberObjectResult{
if ok := pipeline.Send(ctx.Done(), out, azure.MemberObjectResult{
ParentId: objectId,
ParentType: string(enums.EntityApplication),
Ok: u,
}); !ok {
return
}
}
nextLink = list.NextLink
Expand Down
29 changes: 22 additions & 7 deletions client/automation_accounts.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"github.com/bloodhoundad/azurehound/v2/client/query"
"github.com/bloodhoundad/azurehound/v2/client/rest"
"github.com/bloodhoundad/azurehound/v2/models/azure"
"github.com/bloodhoundad/azurehound/v2/pipeline"
)

func (s *azureClient) GetAzureAutomationAccount(ctx context.Context, subscriptionId, groupName, aaName, expand string) (*azure.AutomationAccount, error) {
Expand Down Expand Up @@ -75,36 +76,50 @@ func (s *azureClient) ListAzureAutomationAccounts(ctx context.Context, subscript

if result, err := s.GetAzureAutomationAccounts(ctx, subscriptionId); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
} else {
for _, u := range result.Value {
out <- azure.AutomationAccountResult{SubscriptionId: subscriptionId, Ok: u}
if ok := pipeline.Send(ctx.Done(), out, azure.AutomationAccountResult{SubscriptionId: subscriptionId, Ok: u}); !ok {
return
}
}

nextLink = result.NextLink
for nextLink != "" {
var list azure.AutomationAccountList
if url, err := url.Parse(nextLink); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if req, err := rest.NewRequest(ctx, "GET", url, nil, nil, nil); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if res, err := s.resourceManager.Send(req); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if err := rest.Decode(res.Body, &list); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else {
for _, u := range list.Value {
out <- azure.AutomationAccountResult{
if ok := pipeline.Send(ctx.Done(), out, azure.AutomationAccountResult{
SubscriptionId: "/subscriptions/" + subscriptionId,
Ok: u,
}); !ok {
return
}
}
nextLink = list.NextLink
Expand Down
2 changes: 1 addition & 1 deletion client/client.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ func NewClient(config config.Config) (AzureClient, error) {
}
}

func initClientViaRM(msgraph, resourceManager rest.RestClient, tid interface{}) (AzureClient, error) {
func initClientViaRM(msgraph, resourceManager rest.RestClient, tid any) (AzureClient, error) {
client := &azureClient{
msgraph: msgraph,
resourceManager: resourceManager,
Expand Down
29 changes: 22 additions & 7 deletions client/container_registries.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"github.com/bloodhoundad/azurehound/v2/client/query"
"github.com/bloodhoundad/azurehound/v2/client/rest"
"github.com/bloodhoundad/azurehound/v2/models/azure"
"github.com/bloodhoundad/azurehound/v2/pipeline"
)

func (s *azureClient) GetAzureContainerRegistry(ctx context.Context, subscriptionId, groupName, crName, expand string) (*azure.ContainerRegistry, error) {
Expand Down Expand Up @@ -75,36 +76,50 @@ func (s *azureClient) ListAzureContainerRegistries(ctx context.Context, subscrip

if result, err := s.GetAzureContainerRegistries(ctx, subscriptionId); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
} else {
for _, u := range result.Value {
out <- azure.ContainerRegistryResult{SubscriptionId: subscriptionId, Ok: u}
if ok := pipeline.Send(ctx.Done(), out, azure.ContainerRegistryResult{SubscriptionId: subscriptionId, Ok: u}); !ok {
return
}
}

nextLink = result.NextLink
for nextLink != "" {
var list azure.ContainerRegistryList
if url, err := url.Parse(nextLink); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if req, err := rest.NewRequest(ctx, "GET", url, nil, nil, nil); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if res, err := s.resourceManager.Send(req); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else if err := rest.Decode(res.Body, &list); err != nil {
errResult.Error = err
out <- errResult
if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
return
}
nextLink = ""
} else {
for _, u := range list.Value {
out <- azure.ContainerRegistryResult{
if ok := pipeline.Send(ctx.Done(), out, azure.ContainerRegistryResult{
SubscriptionId: "/subscriptions/" + subscriptionId,
Ok: u,
}); !ok {
return
}
}
nextLink = list.NextLink
Expand Down
Loading
Loading