From ccfb06be8134a2a76105c44a4ea6fdfa49ad9357 Mon Sep 17 00:00:00 2001 From: Basile Date: Tue, 1 Apr 2025 14:49:58 +0200 Subject: [PATCH 01/11] Added Microsoft Office 365 groups to bloodhound --- cmd/api/src/analysis/azure/queries.go | 4 + .../api/bloodhoundgraph/bloodhoundgraph.go | 6 + cmd/api/src/api/v2/azure.go | 4 + .../src/daemons/datapipe/azure_convertors.go | 20 + cmd/api/src/database/dataquality.go | 2 + .../database/migration/migrations/schema.sql | 3 + cmd/api/src/migrations/manifest.go | 2 +- cmd/api/src/model/azurequality.go | 1 + cmd/ui/src/ducks/entityinfo/types.ts | 5 + cmd/ui/src/ducks/graph/graphutils.ts | 1 + cmd/ui/src/ducks/graph/types.ts | 1 + packages/cue/bh/azure/azure.cue | 7 + packages/go/analysis/azure/azure.go | 1 + packages/go/analysis/azure/group365.go | 146 ++ packages/go/analysis/azure/model.go | 10 + packages/go/ein/azure.go | 69 + packages/go/ein/incoming_models.go | 5 + packages/go/graphschema/azure/azure.go | 3 +- packages/go/schemagen/go.sum | 21 + .../bh-shared-ui/src/graphSchema.ts | 2177 ++++++++--------- .../bh-shared-ui/src/utils/content.ts | 109 + .../bh-shared-ui/src/utils/icons.ts | 5 + .../src/views/DataQuality/TenantInfo.tsx | 1 + 23 files changed, 1461 insertions(+), 1142 deletions(-) create mode 100644 packages/go/analysis/azure/group365.go diff --git a/cmd/api/src/analysis/azure/queries.go b/cmd/api/src/analysis/azure/queries.go index 9be76367a6..b3aa3971db 100644 --- a/cmd/api/src/analysis/azure/queries.go +++ b/cmd/api/src/analysis/azure/queries.go @@ -99,6 +99,10 @@ func GraphStats(ctx context.Context, db graph.Database) (model.AzureDataQualityS stat.Groups = int(count) aggregation.Groups += int(count) + case azure.Group365: + stat.Groups365 = int(count) + aggregation.Groups365 += int(count) + case azure.App: stat.Apps = int(count) aggregation.Apps += int(count) diff --git a/cmd/api/src/api/bloodhoundgraph/bloodhoundgraph.go b/cmd/api/src/api/bloodhoundgraph/bloodhoundgraph.go index 7b379adae8..9f3e82392c 100644 --- a/cmd/api/src/api/bloodhoundgraph/bloodhoundgraph.go +++ b/cmd/api/src/api/bloodhoundgraph/bloodhoundgraph.go @@ -150,6 +150,10 @@ func (s *BloodHoundGraphNode) SetIcon(nType string) { s.FontIcon = &BloodHoundGraphFontIcon{ Text: "fa-users", } + case "AZGroup3650": + s.FontIcon = &BloodHoundGraphFontIcon{ + Text: "fa-users", + } case "AZKeyVault": s.FontIcon = &BloodHoundGraphFontIcon{ Text: "fa-lock", @@ -319,6 +323,8 @@ func (s *BloodHoundGraphNode) SetBackground(nType string) { s.BloodHoundGraphItem.Color = "#17E625" case "Group": s.BloodHoundGraphItem.Color = "#DBE617" + case "AZGroup365": + s.BloodHoundGraphItem.Color = "#34D2EB" case "Computer": s.BloodHoundGraphItem.Color = "#E67873" case "Container": diff --git a/cmd/api/src/api/v2/azure.go b/cmd/api/src/api/v2/azure.go index 74f3ec6d37..a6e02cd4b3 100644 --- a/cmd/api/src/api/v2/azure.go +++ b/cmd/api/src/api/v2/azure.go @@ -45,6 +45,7 @@ const ( entityTypeBase = "az-base" entityTypeUsers = "users" entityTypeGroups = "groups" + entityTypeGroups365 = "groups365" entityTypeTenants = "tenants" entityTypeManagementGroups = "management-groups" entityTypeSubscriptions = "subscriptions" @@ -339,6 +340,9 @@ func GetAZEntityInformation(ctx context.Context, db graph.Database, entityType, case entityTypeGroups: return azure.GroupEntityDetails(db, objectID, hydrateCounts) + case entityTypeGroups365: + return azure.Group365EntityDetails(db, objectID, hydrateCounts) + case entityTypeTenants: return azure.TenantEntityDetails(db, objectID, hydrateCounts) diff --git a/cmd/api/src/daemons/datapipe/azure_convertors.go b/cmd/api/src/daemons/datapipe/azure_convertors.go index 0149c6083b..5c98c460b8 100644 --- a/cmd/api/src/daemons/datapipe/azure_convertors.go +++ b/cmd/api/src/daemons/datapipe/azure_convertors.go @@ -55,6 +55,8 @@ func getKindConverter(kind enums.Kind) func(json.RawMessage, *ConvertedAzureData return convertAzureFunctionAppRoleAssignment case enums.KindAZGroup: return convertAzureGroup + case enums.KindAZGroup365: + return convertAzureGroup365 case enums.KindAZGroupMember: return convertAzureGroupMember case enums.KindAZGroupOwner: @@ -282,6 +284,24 @@ func convertAzureGroup(raw json.RawMessage, converted *ConvertedAzureData) { } } +func convertAzureGroup365(raw json.RawMessage, converted *ConvertedAzureData) { + + var data models.Group365 + + if err := json.Unmarshal(raw, &data); err != nil { + + slog.Error(fmt.Sprintf(SerialError, "azure group365", err)) + + } else { + + converted.NodeProps = append(converted.NodeProps, ein.ConvertAzureGroup365ToNode(data)) + + converted.RelProps = append(converted.RelProps, ein.ConvertAzureGroup365ToRel(data)) + + } + +} + func convertAzureGroupMember(raw json.RawMessage, converted *ConvertedAzureData) { var ( data models.GroupMembers diff --git a/cmd/api/src/database/dataquality.go b/cmd/api/src/database/dataquality.go index d51c1f7bd0..1512d3e816 100644 --- a/cmd/api/src/database/dataquality.go +++ b/cmd/api/src/database/dataquality.go @@ -77,6 +77,7 @@ WITH aggregated_quality_stats AS ( DATE_TRUNC('day', created_at) AS created_date, MAX(users) AS max_users, MAX(groups) AS max_groups, + MAX(groups365) AS max_groups365, MAX(computers) AS max_computers, MAX(ous) AS max_ous, MAX(containers) AS max_containers, @@ -101,6 +102,7 @@ SELECT created_date AS created_at, SUM(max_users) AS users, SUM(max_groups) AS groups, + SUM(max_groups365) AS groups365, SUM(max_computers) AS computers, SUM(max_ous) AS ous, SUM(max_containers) AS containers, diff --git a/cmd/api/src/database/migration/migrations/schema.sql b/cmd/api/src/database/migration/migrations/schema.sql index 77aa351f22..c882222580 100644 --- a/cmd/api/src/database/migration/migrations/schema.sql +++ b/cmd/api/src/database/migration/migrations/schema.sql @@ -195,6 +195,7 @@ CREATE TABLE IF NOT EXISTS azure_data_quality_aggregations ( tenants bigint, users bigint, groups bigint, + groups365 bigint, apps bigint, service_principals bigint, devices bigint, @@ -223,6 +224,7 @@ CREATE TABLE IF NOT EXISTS azure_data_quality_stats ( tenant_id text, users bigint, groups bigint, + groups365 bigint, apps bigint, service_principals bigint, devices bigint, @@ -254,6 +256,7 @@ CREATE TABLE IF NOT EXISTS domain_collection_results ( message text, user_count bigint, group_count bigint, + group365_count bigint, computer_count bigint, gpo_count bigint, ou_count bigint, diff --git a/cmd/api/src/migrations/manifest.go b/cmd/api/src/migrations/manifest.go index 46605c7f49..88bde1e0ca 100644 --- a/cmd/api/src/migrations/manifest.go +++ b/cmd/api/src/migrations/manifest.go @@ -155,7 +155,7 @@ func Version_508_Migration(ctx context.Context, db graph.Database) error { return query.And( query.Kind(query.Start(), azure.Entity), // Not all of these node types are being changed, but there's no harm in adding them to the migration - query.KindIn(query.End(), azure.ManagementGroup, azure.ResourceGroup, azure.Subscription, azure.KeyVault, azure.AutomationAccount, azure.ContainerRegistry, azure.LogicApp, azure.VMScaleSet, azure.WebApp, azure.FunctionApp, azure.ManagedCluster, azure.VM), + query.KindIn(query.End(), azure.ManagementGroup, azure.ResourceGroup, azure.Subscription, azure.KeyVault, azure.AutomationAccount, azure.ContainerRegistry, azure.LogicApp, azure.VMScaleSet, azure.WebApp, azure.FunctionApp, azure.ManagedCluster, azure.VM, azure.Group365), query.Kind(query.Relationship(), azure.Owns), ) }).Fetch(func(cursor graph.Cursor[*graph.Relationship]) error { diff --git a/cmd/api/src/model/azurequality.go b/cmd/api/src/model/azurequality.go index d24d309379..0ac134eb15 100644 --- a/cmd/api/src/model/azurequality.go +++ b/cmd/api/src/model/azurequality.go @@ -20,6 +20,7 @@ type AzureStatKinds struct { Relationships int `json:"relationships"` Users int `json:"users"` Groups int `json:"groups"` + Groups365 int `json:"groups365"` Apps int `json:"apps"` ServicePrincipals int `json:"service_principals"` Devices int `json:"devices"` diff --git a/cmd/ui/src/ducks/entityinfo/types.ts b/cmd/ui/src/ducks/entityinfo/types.ts index 72eb4ad651..5312334a7e 100644 --- a/cmd/ui/src/ducks/entityinfo/types.ts +++ b/cmd/ui/src/ducks/entityinfo/types.ts @@ -305,6 +305,11 @@ export interface AZGroupInfo extends AZEntityInfo { roles: number; } +export interface AZGroup365Info extends AZEntityInfo { + props: BasicInfo; + inbound_object_control: number; +} + export interface AZKeyVaultInfo extends AZEntityInfo { props: BasicInfo; Readers: { diff --git a/cmd/ui/src/ducks/graph/graphutils.ts b/cmd/ui/src/ducks/graph/graphutils.ts index 1227107075..c65dc41033 100644 --- a/cmd/ui/src/ducks/graph/graphutils.ts +++ b/cmd/ui/src/ducks/graph/graphutils.ts @@ -209,6 +209,7 @@ const ICONS: { [id in GraphNodeTypes]: string } = { [GraphNodeTypes.AZDevice]: 'fa-desktop', [GraphNodeTypes.AZFunctionApp]: 'fa-bolt', [GraphNodeTypes.AZGroup]: 'fa-users', + [GraphNodeTypes.AZGroup365]: 'fa-users', [GraphNodeTypes.AZKeyVault]: 'fa-lock', [GraphNodeTypes.AZManagementGroup]: 'fa-cube', [GraphNodeTypes.AZResourceGroup]: 'fa-cube', diff --git a/cmd/ui/src/ducks/graph/types.ts b/cmd/ui/src/ducks/graph/types.ts index 3ee5002d3b..b233eedde4 100644 --- a/cmd/ui/src/ducks/graph/types.ts +++ b/cmd/ui/src/ducks/graph/types.ts @@ -22,6 +22,7 @@ export enum GraphNodeTypes { AZDevice = 'AZDevice', AZFunctionApp = 'AZFunctionApp', AZGroup = 'AZGroup', + AZGroup365 = 'AZGroup365', AZKeyVault = 'AZKeyVault', AZManagementGroup = 'AZManagementGroup', AZResourceGroup = 'AZResourceGroup', diff --git a/packages/cue/bh/azure/azure.cue b/packages/cue/bh/azure/azure.cue index f4d82c412b..71a12d55ef 100644 --- a/packages/cue/bh/azure/azure.cue +++ b/packages/cue/bh/azure/azure.cue @@ -332,6 +332,12 @@ Group: types.#Kind & { representation: "AZGroup" } +Group365: types.#Kind & { + symbol: "Group365" + schema: "azure" + representation: "AZGroup365" +} + KeyVault: types.#Kind & { symbol: "KeyVault" schema: "azure" @@ -418,6 +424,7 @@ NodeKinds: [ Device, FunctionApp, Group, + Group365, KeyVault, ManagementGroup, ResourceGroup, diff --git a/packages/go/analysis/azure/azure.go b/packages/go/analysis/azure/azure.go index 35881ed687..13a0d9c8de 100644 --- a/packages/go/analysis/azure/azure.go +++ b/packages/go/analysis/azure/azure.go @@ -34,6 +34,7 @@ func GetDescendentKinds(kind graph.Kind) []graph.Kind { return []graph.Kind{ azure.User, azure.Group, + azure.Group365, azure.ManagementGroup, azure.Subscription, azure.ResourceGroup, diff --git a/packages/go/analysis/azure/group365.go b/packages/go/analysis/azure/group365.go new file mode 100644 index 0000000000..65d4591590 --- /dev/null +++ b/packages/go/analysis/azure/group365.go @@ -0,0 +1,146 @@ +// Copyright 2023 Specter Ops, Inc. + +// + +// Licensed under the Apache License, Version 2.0 + +// you may not use this file except in compliance with the License. + +// You may obtain a copy of the License at + +// + +// http://www.apache.org/licenses/LICENSE-2.0 + +// + +// Unless required by applicable law or agreed to in writing, software + +// distributed under the License is distributed on an "AS IS" BASIS, + +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + +// See the License for the specific language governing permissions and + +// limitations under the License. + +// + +// SPDX-License-Identifier: Apache-2.0 + +package azure + +import ( + "context" + + "github.com/specterops/bloodhound/dawgs/graph" +) + +func NewGroup365EntityDetails(node *graph.Node) Group365Details { + + return Group365Details{ + + Node: FromGraphNode(node), + } + +} + +func Group365EntityDetails(db graph.Database, objectID string, hydrateCounts bool) (Group365Details, error) { + + var details Group365Details + + return details, db.ReadTransaction(context.Background(), func(tx graph.Transaction) error { + + if node, err := FetchEntityByObjectID(tx, objectID); err != nil { + + return err + + } else { + + details = NewGroup365EntityDetails(node) + + if hydrateCounts { + + details, err = PopulateGroup365EntityDetailsCounts(tx, node, details) + + } + + return err + + } + + }) + +} + +func PopulateGroup365EntityDetailsCounts(tx graph.Transaction, node *graph.Node, details Group365Details) (Group365Details, error) { + + /* if roles, err := FetchEntityRoles(tx, node, 0, 0); err != nil { + + + return details, err + + + } else { + + + details.Roles = roles.Len() + + + } */ + + /* if groupMembers, err := FetchGroupMemberPaths(tx, node); err != nil { + + + return details, err + + + } else { + + + details.Group365Members = groupMembers.Len() + + + } */ + + /* if groupMembership, err := FetchEntityGroupMembershipPaths(tx, node); err != nil { + + + return details, err + + + } else { + + + details.Group365Membership = groupMembership.Len() + + + } */ + + if inboundObjectControl, err := FetchInboundEntityObjectControllers(tx, node, 0, 0); err != nil { + + return details, err + + } else { + + details.InboundObjectControl = inboundObjectControl.Len() + + } + + /* if outboundObjectControl, err := FetchOutboundEntityObjectControl(tx, node, 0, 0); err != nil { + + + return details, err + + + } else { + + + details.OutboundObjectControl = outboundObjectControl.Len() + + + } */ + + return details, nil + +} diff --git a/packages/go/analysis/azure/model.go b/packages/go/analysis/azure/model.go index 5a18517dce..624adb276c 100644 --- a/packages/go/analysis/azure/model.go +++ b/packages/go/analysis/azure/model.go @@ -116,6 +116,16 @@ type GroupDetails struct { InboundObjectControl int `json:"inbound_object_control"` } +type Group365Details struct { + Node + + //Roles int `json:"roles"` + //GroupMembers int `json:"group_members"` + //GroupMembership int `json:"group_membership"` + //OutboundObjectControl int `json:"outbound_object_control"` + InboundObjectControl int `json:"inbound_object_control"` +} + type TenantDetails struct { Node diff --git a/packages/go/ein/azure.go b/packages/go/ein/azure.go index 18250274bc..528ad8f2e7 100644 --- a/packages/go/ein/azure.go +++ b/packages/go/ein/azure.go @@ -393,6 +393,75 @@ func ConvertAzureFunctionAppRoleAssignmentToRels(data models.AzureRoleAssignment return relationships } +func ConvertAzureGroup365ToNode(data models.Group365) IngestibleNode { + + return IngestibleNode{ + + ObjectID: strings.ToUpper(data.Id), + + PropertyMap: map[string]any{ + + common.Name.String(): strings.ToUpper(fmt.Sprintf("%s@%s", data.DisplayName, data.TenantName)), + + /* common.WhenCreated.String(): ParseISO8601(data.CreatedDateTime), + + + common.Description.String(): data.Description, + + + common.DisplayName.String(): data.DisplayName, + + + azure.IsAssignableToRole.String(): data.IsAssignableToRole, + + + azure.OnPremID.String(): data.OnPremisesSecurityIdentifier, + + + azure.OnPremSyncEnabled.String(): data.OnPremisesSyncEnabled, + + + azure.SecurityEnabled.String(): data.SecurityEnabled, + + + azure.SecurityIdentifier.String(): data.SecurityIdentifier, */ + + azure.TenantID.String(): strings.ToUpper(data.TenantId), + }, + + Label: azure.Group365, + } + +} + +func ConvertAzureGroup365ToRel(data models.Group365) IngestibleRelationship { + + return NewIngestibleRelationship( + + IngestibleSource{ + + Source: strings.ToUpper(data.TenantId), + + SourceType: azure.Tenant, + }, + + IngestibleTarget{ + + TargetType: azure.Group365, + + Target: strings.ToUpper(data.Id), + }, + + IngestibleRel{ + + RelProps: map[string]any{}, + + RelType: azure.Contains, + }, + ) + +} + func ConvertAzureGroupToNode(data models.Group) IngestibleNode { return IngestibleNode{ ObjectID: strings.ToUpper(data.Id), diff --git a/packages/go/ein/incoming_models.go b/packages/go/ein/incoming_models.go index 2fa883504f..7ad8668caa 100644 --- a/packages/go/ein/incoming_models.go +++ b/packages/go/ein/incoming_models.go @@ -210,6 +210,11 @@ type Group struct { Members []TypedPrincipal } +type Group365 struct { + IngestBase + Members []TypedPrincipal +} + type User struct { IngestBase AllowedToDelegate []TypedPrincipal diff --git a/packages/go/graphschema/azure/azure.go b/packages/go/graphschema/azure/azure.go index c0e8651a4b..3409980905 100644 --- a/packages/go/graphschema/azure/azure.go +++ b/packages/go/graphschema/azure/azure.go @@ -32,6 +32,7 @@ var ( Device = graph.StringKind("AZDevice") FunctionApp = graph.StringKind("AZFunctionApp") Group = graph.StringKind("AZGroup") + Group365 = graph.StringKind("AZGroup365") KeyVault = graph.StringKind("AZKeyVault") ManagementGroup = graph.StringKind("AZManagementGroup") ResourceGroup = graph.StringKind("AZResourceGroup") @@ -371,5 +372,5 @@ func PathfindingRelationships() []graph.Kind { return []graph.Kind{AvereContributor, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser, Contains} } func NodeKinds() []graph.Kind { - return []graph.Kind{Entity, VMScaleSet, App, Role, Device, FunctionApp, Group, KeyVault, ManagementGroup, ResourceGroup, ServicePrincipal, Subscription, Tenant, User, VM, ManagedCluster, ContainerRegistry, WebApp, LogicApp, AutomationAccount} + return []graph.Kind{Entity, VMScaleSet, App, Role, Device, FunctionApp, Group, Group365, KeyVault, ManagementGroup, ResourceGroup, ServicePrincipal, Subscription, Tenant, User, VM, ManagedCluster, ContainerRegistry, WebApp, LogicApp, AutomationAccount} } diff --git a/packages/go/schemagen/go.sum b/packages/go/schemagen/go.sum index 76b7e82947..bf503cb08f 100644 --- a/packages/go/schemagen/go.sum +++ b/packages/go/schemagen/go.sum @@ -1,14 +1,21 @@ cuelabs.dev/go/oci/ociregistry v0.0.0-20240906074133-82eb438dd565 h1:R5wwEcbEZSBmeyg91MJZTxfd7WpBo2jPof3AYjRbxwY= +cuelabs.dev/go/oci/ociregistry v0.0.0-20240906074133-82eb438dd565/go.mod h1:5A4xfTzHTXfeVJBU6RAUf+QrlfTCW+017q/QiW+sMLg= cuelang.org/go v0.11.1 h1:pV+49MX1mmvDm8Qh3Za3M786cty8VKPWzQ1Ho4gZRP0= +cuelang.org/go v0.11.1/go.mod h1:PBY6XvPUswPPJ2inpvUozP9mebDVTXaeehQikhZPBz0= github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg= +github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc= github.com/dave/jennifer v1.6.1 h1:T4T/67t6RAA5AIV6+NP8Uk/BIsXgDoqEowgycdQQLuk= github.com/dave/jennifer v1.6.1/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3RmGZc= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/proto v1.13.2 h1:z/etSFO3uyXeuEsVPzfl56WNgzcvIr42aQazXaQmFZY= +github.com/emicklei/proto v1.13.2/go.mod h1:rn1FgRS/FANiZdD2djyH7TMA9jdRDcYQ9IEN9yvjX0A= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= +github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -23,19 +30,33 @@ github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= +github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= +github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= +github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/protocolbuffers/txtpbfmt v0.0.0-20240823084532-8e6b51fa9bef h1:ej+64jiny5VETZTqcc1GFVAPEtaSk6U1D0kKC2MS5Yc= +github.com/protocolbuffers/txtpbfmt v0.0.0-20240823084532-8e6b51fa9bef/go.mod h1:jgxiZysxFPM+iWKwQwPR+y+Jvo54ARd4EisXxKYpB5c= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index 7f72d67ab1..da665fc99f 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -15,1168 +15,1065 @@ // SPDX-License-Identifier: Apache-2.0 export enum ActiveDirectoryNodeKind { - Entity = 'Base', - User = 'User', - Computer = 'Computer', - Group = 'Group', - GPO = 'GPO', - OU = 'OU', - Container = 'Container', - Domain = 'Domain', - LocalGroup = 'ADLocalGroup', - LocalUser = 'ADLocalUser', - AIACA = 'AIACA', - RootCA = 'RootCA', - EnterpriseCA = 'EnterpriseCA', - NTAuthStore = 'NTAuthStore', - CertTemplate = 'CertTemplate', - IssuancePolicy = 'IssuancePolicy', +Entity = 'Base', +User = 'User', +Computer = 'Computer', +Group = 'Group', +Group365 = 'Group365', +GPO = 'GPO', +OU = 'OU', +Container = 'Container', +Domain = 'Domain', +LocalGroup = 'ADLocalGroup', +LocalUser = 'ADLocalUser', +AIACA = 'AIACA', +RootCA = 'RootCA', +EnterpriseCA = 'EnterpriseCA', +NTAuthStore = 'NTAuthStore', +CertTemplate = 'CertTemplate', +IssuancePolicy = 'IssuancePolicy', +} +export function ActiveDirectoryNodeKindToDisplay (value : ActiveDirectoryNodeKind): string | undefined { +switch (value) { +case ActiveDirectoryNodeKind.Entity: +return 'Entity' +case ActiveDirectoryNodeKind.User: +return 'User' +case ActiveDirectoryNodeKind.Computer: +return 'Computer' +case ActiveDirectoryNodeKind.Group: +return 'Group' +case ActiveDirectoryNodeKind.Group365: +return 'Group365' +case ActiveDirectoryNodeKind.GPO: +return 'GPO' +case ActiveDirectoryNodeKind.OU: +return 'OU' +case ActiveDirectoryNodeKind.Container: +return 'Container' +case ActiveDirectoryNodeKind.Domain: +return 'Domain' +case ActiveDirectoryNodeKind.LocalGroup: +return 'LocalGroup' +case ActiveDirectoryNodeKind.LocalUser: +return 'LocalUser' +case ActiveDirectoryNodeKind.AIACA: +return 'AIACA' +case ActiveDirectoryNodeKind.RootCA: +return 'RootCA' +case ActiveDirectoryNodeKind.EnterpriseCA: +return 'EnterpriseCA' +case ActiveDirectoryNodeKind.NTAuthStore: +return 'NTAuthStore' +case ActiveDirectoryNodeKind.CertTemplate: +return 'CertTemplate' +case ActiveDirectoryNodeKind.IssuancePolicy: +return 'IssuancePolicy' +default: +return undefined } -export function ActiveDirectoryNodeKindToDisplay(value: ActiveDirectoryNodeKind): string | undefined { - switch (value) { - case ActiveDirectoryNodeKind.Entity: - return 'Entity'; - case ActiveDirectoryNodeKind.User: - return 'User'; - case ActiveDirectoryNodeKind.Computer: - return 'Computer'; - case ActiveDirectoryNodeKind.Group: - return 'Group'; - case ActiveDirectoryNodeKind.GPO: - return 'GPO'; - case ActiveDirectoryNodeKind.OU: - return 'OU'; - case ActiveDirectoryNodeKind.Container: - return 'Container'; - case ActiveDirectoryNodeKind.Domain: - return 'Domain'; - case ActiveDirectoryNodeKind.LocalGroup: - return 'LocalGroup'; - case ActiveDirectoryNodeKind.LocalUser: - return 'LocalUser'; - case ActiveDirectoryNodeKind.AIACA: - return 'AIACA'; - case ActiveDirectoryNodeKind.RootCA: - return 'RootCA'; - case ActiveDirectoryNodeKind.EnterpriseCA: - return 'EnterpriseCA'; - case ActiveDirectoryNodeKind.NTAuthStore: - return 'NTAuthStore'; - case ActiveDirectoryNodeKind.CertTemplate: - return 'CertTemplate'; - case ActiveDirectoryNodeKind.IssuancePolicy: - return 'IssuancePolicy'; - default: - return undefined; - } } export enum ActiveDirectoryRelationshipKind { - Owns = 'Owns', - GenericAll = 'GenericAll', - GenericWrite = 'GenericWrite', - WriteOwner = 'WriteOwner', - WriteDACL = 'WriteDacl', - MemberOf = 'MemberOf', - ForceChangePassword = 'ForceChangePassword', - AllExtendedRights = 'AllExtendedRights', - AddMember = 'AddMember', - HasSession = 'HasSession', - Contains = 'Contains', - GPLink = 'GPLink', - AllowedToDelegate = 'AllowedToDelegate', - CoerceToTGT = 'CoerceToTGT', - GetChanges = 'GetChanges', - GetChangesAll = 'GetChangesAll', - GetChangesInFilteredSet = 'GetChangesInFilteredSet', - TrustedBy = 'TrustedBy', - AllowedToAct = 'AllowedToAct', - AdminTo = 'AdminTo', - CanPSRemote = 'CanPSRemote', - CanRDP = 'CanRDP', - ExecuteDCOM = 'ExecuteDCOM', - HasSIDHistory = 'HasSIDHistory', - AddSelf = 'AddSelf', - DCSync = 'DCSync', - ReadLAPSPassword = 'ReadLAPSPassword', - ReadGMSAPassword = 'ReadGMSAPassword', - DumpSMSAPassword = 'DumpSMSAPassword', - SQLAdmin = 'SQLAdmin', - AddAllowedToAct = 'AddAllowedToAct', - WriteSPN = 'WriteSPN', - AddKeyCredentialLink = 'AddKeyCredentialLink', - LocalToComputer = 'LocalToComputer', - MemberOfLocalGroup = 'MemberOfLocalGroup', - RemoteInteractiveLogonRight = 'RemoteInteractiveLogonRight', - SyncLAPSPassword = 'SyncLAPSPassword', - WriteAccountRestrictions = 'WriteAccountRestrictions', - WriteGPLink = 'WriteGPLink', - RootCAFor = 'RootCAFor', - DCFor = 'DCFor', - PublishedTo = 'PublishedTo', - ManageCertificates = 'ManageCertificates', - ManageCA = 'ManageCA', - DelegatedEnrollmentAgent = 'DelegatedEnrollmentAgent', - Enroll = 'Enroll', - HostsCAService = 'HostsCAService', - WritePKIEnrollmentFlag = 'WritePKIEnrollmentFlag', - WritePKINameFlag = 'WritePKINameFlag', - NTAuthStoreFor = 'NTAuthStoreFor', - TrustedForNTAuth = 'TrustedForNTAuth', - EnterpriseCAFor = 'EnterpriseCAFor', - IssuedSignedBy = 'IssuedSignedBy', - GoldenCert = 'GoldenCert', - EnrollOnBehalfOf = 'EnrollOnBehalfOf', - OIDGroupLink = 'OIDGroupLink', - ExtendedByPolicy = 'ExtendedByPolicy', - ADCSESC1 = 'ADCSESC1', - ADCSESC3 = 'ADCSESC3', - ADCSESC4 = 'ADCSESC4', - ADCSESC6a = 'ADCSESC6a', - ADCSESC6b = 'ADCSESC6b', - ADCSESC9a = 'ADCSESC9a', - ADCSESC9b = 'ADCSESC9b', - ADCSESC10a = 'ADCSESC10a', - ADCSESC10b = 'ADCSESC10b', - ADCSESC13 = 'ADCSESC13', - SyncedToEntraUser = 'SyncedToEntraUser', - CoerceAndRelayNTLMToSMB = 'CoerceAndRelayNTLMToSMB', - CoerceAndRelayNTLMToADCS = 'CoerceAndRelayNTLMToADCS', - WriteOwnerLimitedRights = 'WriteOwnerLimitedRights', - WriteOwnerRaw = 'WriteOwnerRaw', - OwnsLimitedRights = 'OwnsLimitedRights', - OwnsRaw = 'OwnsRaw', - CoerceAndRelayNTLMToLDAP = 'CoerceAndRelayNTLMToLDAP', - CoerceAndRelayNTLMToLDAPS = 'CoerceAndRelayNTLMToLDAPS', +Owns = 'Owns', +GenericAll = 'GenericAll', +GenericWrite = 'GenericWrite', +WriteOwner = 'WriteOwner', +WriteDACL = 'WriteDacl', +MemberOf = 'MemberOf', +ForceChangePassword = 'ForceChangePassword', +AllExtendedRights = 'AllExtendedRights', +AddMember = 'AddMember', +HasSession = 'HasSession', +Contains = 'Contains', +GPLink = 'GPLink', +AllowedToDelegate = 'AllowedToDelegate', +CoerceToTGT = 'CoerceToTGT', +GetChanges = 'GetChanges', +GetChangesAll = 'GetChangesAll', +GetChangesInFilteredSet = 'GetChangesInFilteredSet', +TrustedBy = 'TrustedBy', +AllowedToAct = 'AllowedToAct', +AdminTo = 'AdminTo', +CanPSRemote = 'CanPSRemote', +CanRDP = 'CanRDP', +ExecuteDCOM = 'ExecuteDCOM', +HasSIDHistory = 'HasSIDHistory', +AddSelf = 'AddSelf', +DCSync = 'DCSync', +ReadLAPSPassword = 'ReadLAPSPassword', +ReadGMSAPassword = 'ReadGMSAPassword', +DumpSMSAPassword = 'DumpSMSAPassword', +SQLAdmin = 'SQLAdmin', +AddAllowedToAct = 'AddAllowedToAct', +WriteSPN = 'WriteSPN', +AddKeyCredentialLink = 'AddKeyCredentialLink', +LocalToComputer = 'LocalToComputer', +MemberOfLocalGroup = 'MemberOfLocalGroup', +RemoteInteractiveLogonRight = 'RemoteInteractiveLogonRight', +SyncLAPSPassword = 'SyncLAPSPassword', +WriteAccountRestrictions = 'WriteAccountRestrictions', +WriteGPLink = 'WriteGPLink', +RootCAFor = 'RootCAFor', +DCFor = 'DCFor', +PublishedTo = 'PublishedTo', +ManageCertificates = 'ManageCertificates', +ManageCA = 'ManageCA', +DelegatedEnrollmentAgent = 'DelegatedEnrollmentAgent', +Enroll = 'Enroll', +HostsCAService = 'HostsCAService', +WritePKIEnrollmentFlag = 'WritePKIEnrollmentFlag', +WritePKINameFlag = 'WritePKINameFlag', +NTAuthStoreFor = 'NTAuthStoreFor', +TrustedForNTAuth = 'TrustedForNTAuth', +EnterpriseCAFor = 'EnterpriseCAFor', +IssuedSignedBy = 'IssuedSignedBy', +GoldenCert = 'GoldenCert', +EnrollOnBehalfOf = 'EnrollOnBehalfOf', +OIDGroupLink = 'OIDGroupLink', +ExtendedByPolicy = 'ExtendedByPolicy', +ADCSESC1 = 'ADCSESC1', +ADCSESC3 = 'ADCSESC3', +ADCSESC4 = 'ADCSESC4', +ADCSESC6a = 'ADCSESC6a', +ADCSESC6b = 'ADCSESC6b', +ADCSESC9a = 'ADCSESC9a', +ADCSESC9b = 'ADCSESC9b', +ADCSESC10a = 'ADCSESC10a', +ADCSESC10b = 'ADCSESC10b', +ADCSESC13 = 'ADCSESC13', +SyncedToEntraUser = 'SyncedToEntraUser', +CoerceAndRelayNTLMToSMB = 'CoerceAndRelayNTLMToSMB', +CoerceAndRelayNTLMToADCS = 'CoerceAndRelayNTLMToADCS', +WriteOwnerLimitedRights = 'WriteOwnerLimitedRights', +WriteOwnerRaw = 'WriteOwnerRaw', +OwnsLimitedRights = 'OwnsLimitedRights', +OwnsRaw = 'OwnsRaw', +CoerceAndRelayNTLMToLDAP = 'CoerceAndRelayNTLMToLDAP', +CoerceAndRelayNTLMToLDAPS = 'CoerceAndRelayNTLMToLDAPS', +} +export function ActiveDirectoryRelationshipKindToDisplay (value : ActiveDirectoryRelationshipKind): string | undefined { +switch (value) { +case ActiveDirectoryRelationshipKind.Owns: +return 'Owns' +case ActiveDirectoryRelationshipKind.GenericAll: +return 'GenericAll' +case ActiveDirectoryRelationshipKind.GenericWrite: +return 'GenericWrite' +case ActiveDirectoryRelationshipKind.WriteOwner: +return 'WriteOwner' +case ActiveDirectoryRelationshipKind.WriteDACL: +return 'WriteDACL' +case ActiveDirectoryRelationshipKind.MemberOf: +return 'MemberOf' +case ActiveDirectoryRelationshipKind.ForceChangePassword: +return 'ForceChangePassword' +case ActiveDirectoryRelationshipKind.AllExtendedRights: +return 'AllExtendedRights' +case ActiveDirectoryRelationshipKind.AddMember: +return 'AddMember' +case ActiveDirectoryRelationshipKind.HasSession: +return 'HasSession' +case ActiveDirectoryRelationshipKind.Contains: +return 'Contains' +case ActiveDirectoryRelationshipKind.GPLink: +return 'GPLink' +case ActiveDirectoryRelationshipKind.AllowedToDelegate: +return 'AllowedToDelegate' +case ActiveDirectoryRelationshipKind.CoerceToTGT: +return 'CoerceToTGT' +case ActiveDirectoryRelationshipKind.GetChanges: +return 'GetChanges' +case ActiveDirectoryRelationshipKind.GetChangesAll: +return 'GetChangesAll' +case ActiveDirectoryRelationshipKind.GetChangesInFilteredSet: +return 'GetChangesInFilteredSet' +case ActiveDirectoryRelationshipKind.TrustedBy: +return 'TrustedBy' +case ActiveDirectoryRelationshipKind.AllowedToAct: +return 'AllowedToAct' +case ActiveDirectoryRelationshipKind.AdminTo: +return 'AdminTo' +case ActiveDirectoryRelationshipKind.CanPSRemote: +return 'CanPSRemote' +case ActiveDirectoryRelationshipKind.CanRDP: +return 'CanRDP' +case ActiveDirectoryRelationshipKind.ExecuteDCOM: +return 'ExecuteDCOM' +case ActiveDirectoryRelationshipKind.HasSIDHistory: +return 'HasSIDHistory' +case ActiveDirectoryRelationshipKind.AddSelf: +return 'AddSelf' +case ActiveDirectoryRelationshipKind.DCSync: +return 'DCSync' +case ActiveDirectoryRelationshipKind.ReadLAPSPassword: +return 'ReadLAPSPassword' +case ActiveDirectoryRelationshipKind.ReadGMSAPassword: +return 'ReadGMSAPassword' +case ActiveDirectoryRelationshipKind.DumpSMSAPassword: +return 'DumpSMSAPassword' +case ActiveDirectoryRelationshipKind.SQLAdmin: +return 'SQLAdmin' +case ActiveDirectoryRelationshipKind.AddAllowedToAct: +return 'AddAllowedToAct' +case ActiveDirectoryRelationshipKind.WriteSPN: +return 'WriteSPN' +case ActiveDirectoryRelationshipKind.AddKeyCredentialLink: +return 'AddKeyCredentialLink' +case ActiveDirectoryRelationshipKind.LocalToComputer: +return 'LocalToComputer' +case ActiveDirectoryRelationshipKind.MemberOfLocalGroup: +return 'MemberOfLocalGroup' +case ActiveDirectoryRelationshipKind.RemoteInteractiveLogonRight: +return 'RemoteInteractiveLogonRight' +case ActiveDirectoryRelationshipKind.SyncLAPSPassword: +return 'SyncLAPSPassword' +case ActiveDirectoryRelationshipKind.WriteAccountRestrictions: +return 'WriteAccountRestrictions' +case ActiveDirectoryRelationshipKind.WriteGPLink: +return 'WriteGPLink' +case ActiveDirectoryRelationshipKind.RootCAFor: +return 'RootCAFor' +case ActiveDirectoryRelationshipKind.DCFor: +return 'DCFor' +case ActiveDirectoryRelationshipKind.PublishedTo: +return 'PublishedTo' +case ActiveDirectoryRelationshipKind.ManageCertificates: +return 'ManageCertificates' +case ActiveDirectoryRelationshipKind.ManageCA: +return 'ManageCA' +case ActiveDirectoryRelationshipKind.DelegatedEnrollmentAgent: +return 'DelegatedEnrollmentAgent' +case ActiveDirectoryRelationshipKind.Enroll: +return 'Enroll' +case ActiveDirectoryRelationshipKind.HostsCAService: +return 'HostsCAService' +case ActiveDirectoryRelationshipKind.WritePKIEnrollmentFlag: +return 'WritePKIEnrollmentFlag' +case ActiveDirectoryRelationshipKind.WritePKINameFlag: +return 'WritePKINameFlag' +case ActiveDirectoryRelationshipKind.NTAuthStoreFor: +return 'NTAuthStoreFor' +case ActiveDirectoryRelationshipKind.TrustedForNTAuth: +return 'TrustedForNTAuth' +case ActiveDirectoryRelationshipKind.EnterpriseCAFor: +return 'EnterpriseCAFor' +case ActiveDirectoryRelationshipKind.IssuedSignedBy: +return 'IssuedSignedBy' +case ActiveDirectoryRelationshipKind.GoldenCert: +return 'GoldenCert' +case ActiveDirectoryRelationshipKind.EnrollOnBehalfOf: +return 'EnrollOnBehalfOf' +case ActiveDirectoryRelationshipKind.OIDGroupLink: +return 'OIDGroupLink' +case ActiveDirectoryRelationshipKind.ExtendedByPolicy: +return 'ExtendedByPolicy' +case ActiveDirectoryRelationshipKind.ADCSESC1: +return 'ADCSESC1' +case ActiveDirectoryRelationshipKind.ADCSESC3: +return 'ADCSESC3' +case ActiveDirectoryRelationshipKind.ADCSESC4: +return 'ADCSESC4' +case ActiveDirectoryRelationshipKind.ADCSESC6a: +return 'ADCSESC6a' +case ActiveDirectoryRelationshipKind.ADCSESC6b: +return 'ADCSESC6b' +case ActiveDirectoryRelationshipKind.ADCSESC9a: +return 'ADCSESC9a' +case ActiveDirectoryRelationshipKind.ADCSESC9b: +return 'ADCSESC9b' +case ActiveDirectoryRelationshipKind.ADCSESC10a: +return 'ADCSESC10a' +case ActiveDirectoryRelationshipKind.ADCSESC10b: +return 'ADCSESC10b' +case ActiveDirectoryRelationshipKind.ADCSESC13: +return 'ADCSESC13' +case ActiveDirectoryRelationshipKind.SyncedToEntraUser: +return 'SyncedToEntraUser' +case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB: +return 'CoerceAndRelayNTLMToSMB' +case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS: +return 'CoerceAndRelayNTLMToADCS' +case ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights: +return 'WriteOwnerLimitedRights' +case ActiveDirectoryRelationshipKind.WriteOwnerRaw: +return 'WriteOwnerRaw' +case ActiveDirectoryRelationshipKind.OwnsLimitedRights: +return 'OwnsLimitedRights' +case ActiveDirectoryRelationshipKind.OwnsRaw: +return 'OwnsRaw' +case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP: +return 'CoerceAndRelayNTLMToLDAP' +case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS: +return 'CoerceAndRelayNTLMToLDAPS' +default: +return undefined } -export function ActiveDirectoryRelationshipKindToDisplay(value: ActiveDirectoryRelationshipKind): string | undefined { - switch (value) { - case ActiveDirectoryRelationshipKind.Owns: - return 'Owns'; - case ActiveDirectoryRelationshipKind.GenericAll: - return 'GenericAll'; - case ActiveDirectoryRelationshipKind.GenericWrite: - return 'GenericWrite'; - case ActiveDirectoryRelationshipKind.WriteOwner: - return 'WriteOwner'; - case ActiveDirectoryRelationshipKind.WriteDACL: - return 'WriteDACL'; - case ActiveDirectoryRelationshipKind.MemberOf: - return 'MemberOf'; - case ActiveDirectoryRelationshipKind.ForceChangePassword: - return 'ForceChangePassword'; - case ActiveDirectoryRelationshipKind.AllExtendedRights: - return 'AllExtendedRights'; - case ActiveDirectoryRelationshipKind.AddMember: - return 'AddMember'; - case ActiveDirectoryRelationshipKind.HasSession: - return 'HasSession'; - case ActiveDirectoryRelationshipKind.Contains: - return 'Contains'; - case ActiveDirectoryRelationshipKind.GPLink: - return 'GPLink'; - case ActiveDirectoryRelationshipKind.AllowedToDelegate: - return 'AllowedToDelegate'; - case ActiveDirectoryRelationshipKind.CoerceToTGT: - return 'CoerceToTGT'; - case ActiveDirectoryRelationshipKind.GetChanges: - return 'GetChanges'; - case ActiveDirectoryRelationshipKind.GetChangesAll: - return 'GetChangesAll'; - case ActiveDirectoryRelationshipKind.GetChangesInFilteredSet: - return 'GetChangesInFilteredSet'; - case ActiveDirectoryRelationshipKind.TrustedBy: - return 'TrustedBy'; - case ActiveDirectoryRelationshipKind.AllowedToAct: - return 'AllowedToAct'; - case ActiveDirectoryRelationshipKind.AdminTo: - return 'AdminTo'; - case ActiveDirectoryRelationshipKind.CanPSRemote: - return 'CanPSRemote'; - case ActiveDirectoryRelationshipKind.CanRDP: - return 'CanRDP'; - case ActiveDirectoryRelationshipKind.ExecuteDCOM: - return 'ExecuteDCOM'; - case ActiveDirectoryRelationshipKind.HasSIDHistory: - return 'HasSIDHistory'; - case ActiveDirectoryRelationshipKind.AddSelf: - return 'AddSelf'; - case ActiveDirectoryRelationshipKind.DCSync: - return 'DCSync'; - case ActiveDirectoryRelationshipKind.ReadLAPSPassword: - return 'ReadLAPSPassword'; - case ActiveDirectoryRelationshipKind.ReadGMSAPassword: - return 'ReadGMSAPassword'; - case ActiveDirectoryRelationshipKind.DumpSMSAPassword: - return 'DumpSMSAPassword'; - case ActiveDirectoryRelationshipKind.SQLAdmin: - return 'SQLAdmin'; - case ActiveDirectoryRelationshipKind.AddAllowedToAct: - return 'AddAllowedToAct'; - case ActiveDirectoryRelationshipKind.WriteSPN: - return 'WriteSPN'; - case ActiveDirectoryRelationshipKind.AddKeyCredentialLink: - return 'AddKeyCredentialLink'; - case ActiveDirectoryRelationshipKind.LocalToComputer: - return 'LocalToComputer'; - case ActiveDirectoryRelationshipKind.MemberOfLocalGroup: - return 'MemberOfLocalGroup'; - case ActiveDirectoryRelationshipKind.RemoteInteractiveLogonRight: - return 'RemoteInteractiveLogonRight'; - case ActiveDirectoryRelationshipKind.SyncLAPSPassword: - return 'SyncLAPSPassword'; - case ActiveDirectoryRelationshipKind.WriteAccountRestrictions: - return 'WriteAccountRestrictions'; - case ActiveDirectoryRelationshipKind.WriteGPLink: - return 'WriteGPLink'; - case ActiveDirectoryRelationshipKind.RootCAFor: - return 'RootCAFor'; - case ActiveDirectoryRelationshipKind.DCFor: - return 'DCFor'; - case ActiveDirectoryRelationshipKind.PublishedTo: - return 'PublishedTo'; - case ActiveDirectoryRelationshipKind.ManageCertificates: - return 'ManageCertificates'; - case ActiveDirectoryRelationshipKind.ManageCA: - return 'ManageCA'; - case ActiveDirectoryRelationshipKind.DelegatedEnrollmentAgent: - return 'DelegatedEnrollmentAgent'; - case ActiveDirectoryRelationshipKind.Enroll: - return 'Enroll'; - case ActiveDirectoryRelationshipKind.HostsCAService: - return 'HostsCAService'; - case ActiveDirectoryRelationshipKind.WritePKIEnrollmentFlag: - return 'WritePKIEnrollmentFlag'; - case ActiveDirectoryRelationshipKind.WritePKINameFlag: - return 'WritePKINameFlag'; - case ActiveDirectoryRelationshipKind.NTAuthStoreFor: - return 'NTAuthStoreFor'; - case ActiveDirectoryRelationshipKind.TrustedForNTAuth: - return 'TrustedForNTAuth'; - case ActiveDirectoryRelationshipKind.EnterpriseCAFor: - return 'EnterpriseCAFor'; - case ActiveDirectoryRelationshipKind.IssuedSignedBy: - return 'IssuedSignedBy'; - case ActiveDirectoryRelationshipKind.GoldenCert: - return 'GoldenCert'; - case ActiveDirectoryRelationshipKind.EnrollOnBehalfOf: - return 'EnrollOnBehalfOf'; - case ActiveDirectoryRelationshipKind.OIDGroupLink: - return 'OIDGroupLink'; - case ActiveDirectoryRelationshipKind.ExtendedByPolicy: - return 'ExtendedByPolicy'; - case ActiveDirectoryRelationshipKind.ADCSESC1: - return 'ADCSESC1'; - case ActiveDirectoryRelationshipKind.ADCSESC3: - return 'ADCSESC3'; - case ActiveDirectoryRelationshipKind.ADCSESC4: - return 'ADCSESC4'; - case ActiveDirectoryRelationshipKind.ADCSESC6a: - return 'ADCSESC6a'; - case ActiveDirectoryRelationshipKind.ADCSESC6b: - return 'ADCSESC6b'; - case ActiveDirectoryRelationshipKind.ADCSESC9a: - return 'ADCSESC9a'; - case ActiveDirectoryRelationshipKind.ADCSESC9b: - return 'ADCSESC9b'; - case ActiveDirectoryRelationshipKind.ADCSESC10a: - return 'ADCSESC10a'; - case ActiveDirectoryRelationshipKind.ADCSESC10b: - return 'ADCSESC10b'; - case ActiveDirectoryRelationshipKind.ADCSESC13: - return 'ADCSESC13'; - case ActiveDirectoryRelationshipKind.SyncedToEntraUser: - return 'SyncedToEntraUser'; - case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB: - return 'CoerceAndRelayNTLMToSMB'; - case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS: - return 'CoerceAndRelayNTLMToADCS'; - case ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights: - return 'WriteOwnerLimitedRights'; - case ActiveDirectoryRelationshipKind.WriteOwnerRaw: - return 'WriteOwnerRaw'; - case ActiveDirectoryRelationshipKind.OwnsLimitedRights: - return 'OwnsLimitedRights'; - case ActiveDirectoryRelationshipKind.OwnsRaw: - return 'OwnsRaw'; - case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP: - return 'CoerceAndRelayNTLMToLDAP'; - case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS: - return 'CoerceAndRelayNTLMToLDAPS'; - default: - return undefined; - } } -export type ActiveDirectoryKind = ActiveDirectoryNodeKind | ActiveDirectoryRelationshipKind; -export const EdgeCompositionRelationships = [ - 'GoldenCert', - 'ADCSESC1', - 'ADCSESC3', - 'ADCSESC4', - 'ADCSESC6a', - 'ADCSESC6b', - 'ADCSESC9a', - 'ADCSESC9b', - 'ADCSESC10a', - 'ADCSESC10b', - 'ADCSESC13', - 'CoerceAndRelayNTLMToSMB', - 'CoerceAndRelayNTLMToADCS', - 'CoerceAndRelayNTLMToLDAP', - 'CoerceAndRelayNTLMToLDAPS', -]; +export type ActiveDirectoryKind = ActiveDirectoryNodeKind|ActiveDirectoryRelationshipKind +export const EdgeCompositionRelationships = ['GoldenCert','ADCSESC1','ADCSESC3','ADCSESC4','ADCSESC6a','ADCSESC6b','ADCSESC9a','ADCSESC9b','ADCSESC10a','ADCSESC10b','ADCSESC13','CoerceAndRelayNTLMToSMB','CoerceAndRelayNTLMToADCS','CoerceAndRelayNTLMToLDAP','CoerceAndRelayNTLMToLDAPS'] export enum ActiveDirectoryKindProperties { - AdminCount = 'admincount', - CASecurityCollected = 'casecuritycollected', - CAName = 'caname', - CertChain = 'certchain', - CertName = 'certname', - CertThumbprint = 'certthumbprint', - CertThumbprints = 'certthumbprints', - HasEnrollmentAgentRestrictions = 'hasenrollmentagentrestrictions', - EnrollmentAgentRestrictionsCollected = 'enrollmentagentrestrictionscollected', - IsUserSpecifiesSanEnabled = 'isuserspecifiessanenabled', - IsUserSpecifiesSanEnabledCollected = 'isuserspecifiessanenabledcollected', - RoleSeparationEnabled = 'roleseparationenabled', - RoleSeparationEnabledCollected = 'roleseparationenabledcollected', - HasBasicConstraints = 'hasbasicconstraints', - BasicConstraintPathLength = 'basicconstraintpathlength', - UnresolvedPublishedTemplates = 'unresolvedpublishedtemplates', - DNSHostname = 'dnshostname', - CrossCertificatePair = 'crosscertificatepair', - DistinguishedName = 'distinguishedname', - DomainFQDN = 'domain', - DomainSID = 'domainsid', - Sensitive = 'sensitive', - BlocksInheritance = 'blocksinheritance', - IsACL = 'isacl', - IsACLProtected = 'isaclprotected', - IsDeleted = 'isdeleted', - Enforced = 'enforced', - Department = 'department', - HasCrossCertificatePair = 'hascrosscertificatepair', - HasSPN = 'hasspn', - UnconstrainedDelegation = 'unconstraineddelegation', - LastLogon = 'lastlogon', - LastLogonTimestamp = 'lastlogontimestamp', - IsPrimaryGroup = 'isprimarygroup', - HasLAPS = 'haslaps', - DontRequirePreAuth = 'dontreqpreauth', - LogonType = 'logontype', - HasURA = 'hasura', - PasswordNeverExpires = 'pwdneverexpires', - PasswordNotRequired = 'passwordnotreqd', - FunctionalLevel = 'functionallevel', - TrustType = 'trusttype', - SidFiltering = 'sidfiltering', - TrustedToAuth = 'trustedtoauth', - SamAccountName = 'samaccountname', - CertificateMappingMethodsRaw = 'certificatemappingmethodsraw', - CertificateMappingMethods = 'certificatemappingmethods', - StrongCertificateBindingEnforcementRaw = 'strongcertificatebindingenforcementraw', - StrongCertificateBindingEnforcement = 'strongcertificatebindingenforcement', - EKUs = 'ekus', - SubjectAltRequireUPN = 'subjectaltrequireupn', - SubjectAltRequireDNS = 'subjectaltrequiredns', - SubjectAltRequireDomainDNS = 'subjectaltrequiredomaindns', - SubjectAltRequireEmail = 'subjectaltrequireemail', - SubjectAltRequireSPN = 'subjectaltrequirespn', - SubjectRequireEmail = 'subjectrequireemail', - AuthorizedSignatures = 'authorizedsignatures', - ApplicationPolicies = 'applicationpolicies', - IssuancePolicies = 'issuancepolicies', - SchemaVersion = 'schemaversion', - RequiresManagerApproval = 'requiresmanagerapproval', - AuthenticationEnabled = 'authenticationenabled', - SchannelAuthenticationEnabled = 'schannelauthenticationenabled', - EnrolleeSuppliesSubject = 'enrolleesuppliessubject', - CertificateApplicationPolicy = 'certificateapplicationpolicy', - CertificateNameFlag = 'certificatenameflag', - EffectiveEKUs = 'effectiveekus', - EnrollmentFlag = 'enrollmentflag', - Flags = 'flags', - NoSecurityExtension = 'nosecurityextension', - RenewalPeriod = 'renewalperiod', - ValidityPeriod = 'validityperiod', - OID = 'oid', - HomeDirectory = 'homedirectory', - CertificatePolicy = 'certificatepolicy', - CertTemplateOID = 'certtemplateoid', - GroupLinkID = 'grouplinkid', - ObjectGUID = 'objectguid', - ExpirePasswordsOnSmartCardOnlyAccounts = 'expirepasswordsonsmartcardonlyaccounts', - MachineAccountQuota = 'machineaccountquota', - SupportedKerberosEncryptionTypes = 'supportedencryptiontypes', - TGTDelegationEnabled = 'tgtdelegationenabled', - PasswordStoredUsingReversibleEncryption = 'encryptedtextpwdallowed', - SmartcardRequired = 'smartcardrequired', - UseDESKeyOnly = 'usedeskeyonly', - LogonScriptEnabled = 'logonscriptenabled', - LockedOut = 'lockedout', - UserCannotChangePassword = 'passwordcantchange', - PasswordExpired = 'passwordexpired', - DSHeuristics = 'dsheuristics', - UserAccountControl = 'useraccountcontrol', - TrustAttributes = 'trustattributes', - MinPwdLength = 'minpwdlength', - PwdProperties = 'pwdproperties', - PwdHistoryLength = 'pwdhistorylength', - LockoutThreshold = 'lockoutthreshold', - MinPwdAge = 'minpwdage', - MaxPwdAge = 'maxpwdage', - LockoutDuration = 'lockoutduration', - LockoutObservationWindow = 'lockoutobservationwindow', - OwnerSid = 'ownersid', - SMBSigning = 'smbsigning', - WebClientRunning = 'webclientrunning', - RestrictOutboundNTLM = 'restrictoutboundntlm', - GMSA = 'gmsa', - MSA = 'msa', - DoesAnyAceGrantOwnerRights = 'doesanyacegrantownerrights', - DoesAnyInheritedAceGrantOwnerRights = 'doesanyinheritedacegrantownerrights', - ADCSWebEnrollmentHTTP = 'adcswebenrollmenthttp', - ADCSWebEnrollmentHTTPS = 'adcswebenrollmenthttps', - ADCSWebEnrollmentHTTPSEPA = 'adcswebenrollmenthttpsepa', - LDAPSigning = 'ldapsigning', - LDAPAvailable = 'ldapavailable', - LDAPSAvailable = 'ldapsavailable', - LDAPSEPA = 'ldapsepa', - IsDC = 'isdc', - HTTPEnrollmentEndpoints = 'httpenrollmentendpoints', - HTTPSEnrollmentEndpoints = 'httpsenrollmentendpoints', - HasVulnerableEndpoint = 'hasvulnerableendpoint', +AdminCount = 'admincount', +CASecurityCollected = 'casecuritycollected', +CAName = 'caname', +CertChain = 'certchain', +CertName = 'certname', +CertThumbprint = 'certthumbprint', +CertThumbprints = 'certthumbprints', +HasEnrollmentAgentRestrictions = 'hasenrollmentagentrestrictions', +EnrollmentAgentRestrictionsCollected = 'enrollmentagentrestrictionscollected', +IsUserSpecifiesSanEnabled = 'isuserspecifiessanenabled', +IsUserSpecifiesSanEnabledCollected = 'isuserspecifiessanenabledcollected', +RoleSeparationEnabled = 'roleseparationenabled', +RoleSeparationEnabledCollected = 'roleseparationenabledcollected', +HasBasicConstraints = 'hasbasicconstraints', +BasicConstraintPathLength = 'basicconstraintpathlength', +UnresolvedPublishedTemplates = 'unresolvedpublishedtemplates', +DNSHostname = 'dnshostname', +CrossCertificatePair = 'crosscertificatepair', +DistinguishedName = 'distinguishedname', +DomainFQDN = 'domain', +DomainSID = 'domainsid', +Sensitive = 'sensitive', +BlocksInheritance = 'blocksinheritance', +IsACL = 'isacl', +IsACLProtected = 'isaclprotected', +IsDeleted = 'isdeleted', +Enforced = 'enforced', +Department = 'department', +HasCrossCertificatePair = 'hascrosscertificatepair', +HasSPN = 'hasspn', +UnconstrainedDelegation = 'unconstraineddelegation', +LastLogon = 'lastlogon', +LastLogonTimestamp = 'lastlogontimestamp', +IsPrimaryGroup = 'isprimarygroup', +HasLAPS = 'haslaps', +DontRequirePreAuth = 'dontreqpreauth', +LogonType = 'logontype', +HasURA = 'hasura', +PasswordNeverExpires = 'pwdneverexpires', +PasswordNotRequired = 'passwordnotreqd', +FunctionalLevel = 'functionallevel', +TrustType = 'trusttype', +SidFiltering = 'sidfiltering', +TrustedToAuth = 'trustedtoauth', +SamAccountName = 'samaccountname', +CertificateMappingMethodsRaw = 'certificatemappingmethodsraw', +CertificateMappingMethods = 'certificatemappingmethods', +StrongCertificateBindingEnforcementRaw = 'strongcertificatebindingenforcementraw', +StrongCertificateBindingEnforcement = 'strongcertificatebindingenforcement', +EKUs = 'ekus', +SubjectAltRequireUPN = 'subjectaltrequireupn', +SubjectAltRequireDNS = 'subjectaltrequiredns', +SubjectAltRequireDomainDNS = 'subjectaltrequiredomaindns', +SubjectAltRequireEmail = 'subjectaltrequireemail', +SubjectAltRequireSPN = 'subjectaltrequirespn', +SubjectRequireEmail = 'subjectrequireemail', +AuthorizedSignatures = 'authorizedsignatures', +ApplicationPolicies = 'applicationpolicies', +IssuancePolicies = 'issuancepolicies', +SchemaVersion = 'schemaversion', +RequiresManagerApproval = 'requiresmanagerapproval', +AuthenticationEnabled = 'authenticationenabled', +SchannelAuthenticationEnabled = 'schannelauthenticationenabled', +EnrolleeSuppliesSubject = 'enrolleesuppliessubject', +CertificateApplicationPolicy = 'certificateapplicationpolicy', +CertificateNameFlag = 'certificatenameflag', +EffectiveEKUs = 'effectiveekus', +EnrollmentFlag = 'enrollmentflag', +Flags = 'flags', +NoSecurityExtension = 'nosecurityextension', +RenewalPeriod = 'renewalperiod', +ValidityPeriod = 'validityperiod', +OID = 'oid', +HomeDirectory = 'homedirectory', +CertificatePolicy = 'certificatepolicy', +CertTemplateOID = 'certtemplateoid', +GroupLinkID = 'grouplinkid', +ObjectGUID = 'objectguid', +ExpirePasswordsOnSmartCardOnlyAccounts = 'expirepasswordsonsmartcardonlyaccounts', +MachineAccountQuota = 'machineaccountquota', +SupportedKerberosEncryptionTypes = 'supportedencryptiontypes', +TGTDelegationEnabled = 'tgtdelegationenabled', +PasswordStoredUsingReversibleEncryption = 'encryptedtextpwdallowed', +SmartcardRequired = 'smartcardrequired', +UseDESKeyOnly = 'usedeskeyonly', +LogonScriptEnabled = 'logonscriptenabled', +LockedOut = 'lockedout', +UserCannotChangePassword = 'passwordcantchange', +PasswordExpired = 'passwordexpired', +DSHeuristics = 'dsheuristics', +UserAccountControl = 'useraccountcontrol', +TrustAttributes = 'trustattributes', +MinPwdLength = 'minpwdlength', +PwdProperties = 'pwdproperties', +PwdHistoryLength = 'pwdhistorylength', +LockoutThreshold = 'lockoutthreshold', +MinPwdAge = 'minpwdage', +MaxPwdAge = 'maxpwdage', +LockoutDuration = 'lockoutduration', +LockoutObservationWindow = 'lockoutobservationwindow', +OwnerSid = 'ownersid', +SMBSigning = 'smbsigning', +WebClientRunning = 'webclientrunning', +RestrictOutboundNTLM = 'restrictoutboundntlm', +GMSA = 'gmsa', +MSA = 'msa', +DoesAnyAceGrantOwnerRights = 'doesanyacegrantownerrights', +DoesAnyInheritedAceGrantOwnerRights = 'doesanyinheritedacegrantownerrights', +ADCSWebEnrollmentHTTP = 'adcswebenrollmenthttp', +ADCSWebEnrollmentHTTPS = 'adcswebenrollmenthttps', +ADCSWebEnrollmentHTTPSEPA = 'adcswebenrollmenthttpsepa', +LDAPSigning = 'ldapsigning', +LDAPAvailable = 'ldapavailable', +LDAPSAvailable = 'ldapsavailable', +LDAPSEPA = 'ldapsepa', +IsDC = 'isdc', +HTTPEnrollmentEndpoints = 'httpenrollmentendpoints', +HTTPSEnrollmentEndpoints = 'httpsenrollmentendpoints', +HasVulnerableEndpoint = 'hasvulnerableendpoint', } -export function ActiveDirectoryKindPropertiesToDisplay(value: ActiveDirectoryKindProperties): string | undefined { - switch (value) { - case ActiveDirectoryKindProperties.AdminCount: - return 'Admin Count'; - case ActiveDirectoryKindProperties.CASecurityCollected: - return 'CA Security Collected'; - case ActiveDirectoryKindProperties.CAName: - return 'CA Name'; - case ActiveDirectoryKindProperties.CertChain: - return 'Certificate Chain'; - case ActiveDirectoryKindProperties.CertName: - return 'Certificate Name'; - case ActiveDirectoryKindProperties.CertThumbprint: - return 'Certificate Thumbprint'; - case ActiveDirectoryKindProperties.CertThumbprints: - return 'Certificate Thumbprints'; - case ActiveDirectoryKindProperties.HasEnrollmentAgentRestrictions: - return 'Has Enrollment Agent Restrictions'; - case ActiveDirectoryKindProperties.EnrollmentAgentRestrictionsCollected: - return 'Enrollment Agent Restrictions Collected'; - case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabled: - return 'Is User Specifies San Enabled'; - case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabledCollected: - return 'Is User Specifies San Enabled Collected'; - case ActiveDirectoryKindProperties.RoleSeparationEnabled: - return 'Role Separation Enabled'; - case ActiveDirectoryKindProperties.RoleSeparationEnabledCollected: - return 'Role Separation Enabled Collected'; - case ActiveDirectoryKindProperties.HasBasicConstraints: - return 'Has Basic Constraints'; - case ActiveDirectoryKindProperties.BasicConstraintPathLength: - return 'Basic Constraint Path Length'; - case ActiveDirectoryKindProperties.UnresolvedPublishedTemplates: - return 'Unresolved Published Certificate Templates'; - case ActiveDirectoryKindProperties.DNSHostname: - return 'DNS Hostname'; - case ActiveDirectoryKindProperties.CrossCertificatePair: - return 'Cross Certificate Pair'; - case ActiveDirectoryKindProperties.DistinguishedName: - return 'Distinguished Name'; - case ActiveDirectoryKindProperties.DomainFQDN: - return 'Domain FQDN'; - case ActiveDirectoryKindProperties.DomainSID: - return 'Domain SID'; - case ActiveDirectoryKindProperties.Sensitive: - return 'Marked Sensitive'; - case ActiveDirectoryKindProperties.BlocksInheritance: - return 'Blocks GPO Inheritance'; - case ActiveDirectoryKindProperties.IsACL: - return 'Is ACL'; - case ActiveDirectoryKindProperties.IsACLProtected: - return 'ACL Inheritance Denied'; - case ActiveDirectoryKindProperties.IsDeleted: - return 'Is Deleted'; - case ActiveDirectoryKindProperties.Enforced: - return 'Enforced'; - case ActiveDirectoryKindProperties.Department: - return 'Department'; - case ActiveDirectoryKindProperties.HasCrossCertificatePair: - return 'Has Cross Certificate Pair'; - case ActiveDirectoryKindProperties.HasSPN: - return 'Has SPN'; - case ActiveDirectoryKindProperties.UnconstrainedDelegation: - return 'Allows Unconstrained Delegation'; - case ActiveDirectoryKindProperties.LastLogon: - return 'Last Logon'; - case ActiveDirectoryKindProperties.LastLogonTimestamp: - return 'Last Logon (Replicated)'; - case ActiveDirectoryKindProperties.IsPrimaryGroup: - return 'Is Primary Group'; - case ActiveDirectoryKindProperties.HasLAPS: - return 'LAPS Enabled'; - case ActiveDirectoryKindProperties.DontRequirePreAuth: - return 'Do Not Require Pre-Authentication'; - case ActiveDirectoryKindProperties.LogonType: - return 'Logon Type'; - case ActiveDirectoryKindProperties.HasURA: - return 'Has User Rights Assignment Collection'; - case ActiveDirectoryKindProperties.PasswordNeverExpires: - return 'Password Never Expires'; - case ActiveDirectoryKindProperties.PasswordNotRequired: - return 'Password Not Required'; - case ActiveDirectoryKindProperties.FunctionalLevel: - return 'Functional Level'; - case ActiveDirectoryKindProperties.TrustType: - return 'Trust Type'; - case ActiveDirectoryKindProperties.SidFiltering: - return 'SID Filtering Enabled'; - case ActiveDirectoryKindProperties.TrustedToAuth: - return 'Trusted For Constrained Delegation'; - case ActiveDirectoryKindProperties.SamAccountName: - return 'SAM Account Name'; - case ActiveDirectoryKindProperties.CertificateMappingMethodsRaw: - return 'Certificate Mapping Methods (Raw)'; - case ActiveDirectoryKindProperties.CertificateMappingMethods: - return 'Certificate Mapping Methods'; - case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcementRaw: - return 'Strong Certificate Binding Enforcement (Raw)'; - case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcement: - return 'Strong Certificate Binding Enforcement'; - case ActiveDirectoryKindProperties.EKUs: - return 'Enhanced Key Usage'; - case ActiveDirectoryKindProperties.SubjectAltRequireUPN: - return 'Subject Alternative Name Require UPN'; - case ActiveDirectoryKindProperties.SubjectAltRequireDNS: - return 'Subject Alternative Name Require DNS'; - case ActiveDirectoryKindProperties.SubjectAltRequireDomainDNS: - return 'Subject Alternative Name Require Domain DNS'; - case ActiveDirectoryKindProperties.SubjectAltRequireEmail: - return 'Subject Alternative Name Require Email'; - case ActiveDirectoryKindProperties.SubjectAltRequireSPN: - return 'Subject Alternative Name Require SPN'; - case ActiveDirectoryKindProperties.SubjectRequireEmail: - return 'Subject Require Email'; - case ActiveDirectoryKindProperties.AuthorizedSignatures: - return 'Authorized Signatures Required'; - case ActiveDirectoryKindProperties.ApplicationPolicies: - return 'Application Policies Required'; - case ActiveDirectoryKindProperties.IssuancePolicies: - return 'Issuance Policies Required'; - case ActiveDirectoryKindProperties.SchemaVersion: - return 'Schema Version'; - case ActiveDirectoryKindProperties.RequiresManagerApproval: - return 'Requires Manager Approval'; - case ActiveDirectoryKindProperties.AuthenticationEnabled: - return 'Authentication Enabled'; - case ActiveDirectoryKindProperties.SchannelAuthenticationEnabled: - return 'Schannel Authentication Enabled'; - case ActiveDirectoryKindProperties.EnrolleeSuppliesSubject: - return 'Enrollee Supplies Subject'; - case ActiveDirectoryKindProperties.CertificateApplicationPolicy: - return 'Application Policy Extensions'; - case ActiveDirectoryKindProperties.CertificateNameFlag: - return 'Certificate Name Flags'; - case ActiveDirectoryKindProperties.EffectiveEKUs: - return 'Effective EKUs'; - case ActiveDirectoryKindProperties.EnrollmentFlag: - return 'Enrollment Flags'; - case ActiveDirectoryKindProperties.Flags: - return 'Flags'; - case ActiveDirectoryKindProperties.NoSecurityExtension: - return 'No Security Extension'; - case ActiveDirectoryKindProperties.RenewalPeriod: - return 'Renewal Period'; - case ActiveDirectoryKindProperties.ValidityPeriod: - return 'Validity Period'; - case ActiveDirectoryKindProperties.OID: - return 'OID'; - case ActiveDirectoryKindProperties.HomeDirectory: - return 'Home Directory'; - case ActiveDirectoryKindProperties.CertificatePolicy: - return 'Issuance Policy Extensions'; - case ActiveDirectoryKindProperties.CertTemplateOID: - return 'Certificate Template OID'; - case ActiveDirectoryKindProperties.GroupLinkID: - return 'Group Link ID'; - case ActiveDirectoryKindProperties.ObjectGUID: - return 'Object GUID'; - case ActiveDirectoryKindProperties.ExpirePasswordsOnSmartCardOnlyAccounts: - return 'Expire Passwords on Smart Card only Accounts'; - case ActiveDirectoryKindProperties.MachineAccountQuota: - return 'Machine Account Quota'; - case ActiveDirectoryKindProperties.SupportedKerberosEncryptionTypes: - return 'Supported Kerberos Encryption Types'; - case ActiveDirectoryKindProperties.TGTDelegationEnabled: - return 'TGT Delegation Enabled'; - case ActiveDirectoryKindProperties.PasswordStoredUsingReversibleEncryption: - return 'Password Stored Using Reversible Encryption'; - case ActiveDirectoryKindProperties.SmartcardRequired: - return 'Smartcard Required'; - case ActiveDirectoryKindProperties.UseDESKeyOnly: - return 'Use DES Key Only'; - case ActiveDirectoryKindProperties.LogonScriptEnabled: - return 'Logon Script Enabled'; - case ActiveDirectoryKindProperties.LockedOut: - return 'Locked Out'; - case ActiveDirectoryKindProperties.UserCannotChangePassword: - return 'User Cannot Change Password'; - case ActiveDirectoryKindProperties.PasswordExpired: - return 'Password Expired'; - case ActiveDirectoryKindProperties.DSHeuristics: - return 'DSHeuristics'; - case ActiveDirectoryKindProperties.UserAccountControl: - return 'User Account Control'; - case ActiveDirectoryKindProperties.TrustAttributes: - return 'Trust Attributes'; - case ActiveDirectoryKindProperties.MinPwdLength: - return 'Minimum password length'; - case ActiveDirectoryKindProperties.PwdProperties: - return 'Password Properties'; - case ActiveDirectoryKindProperties.PwdHistoryLength: - return 'Password History Length'; - case ActiveDirectoryKindProperties.LockoutThreshold: - return 'Lockout Threshold'; - case ActiveDirectoryKindProperties.MinPwdAge: - return 'Minimum Password Age'; - case ActiveDirectoryKindProperties.MaxPwdAge: - return 'Maximum Password Age'; - case ActiveDirectoryKindProperties.LockoutDuration: - return 'Lockout Duration'; - case ActiveDirectoryKindProperties.LockoutObservationWindow: - return 'Lockout Observation Window'; - case ActiveDirectoryKindProperties.OwnerSid: - return 'Owner SID'; - case ActiveDirectoryKindProperties.SMBSigning: - return 'SMB Signing'; - case ActiveDirectoryKindProperties.WebClientRunning: - return 'WebClient Running'; - case ActiveDirectoryKindProperties.RestrictOutboundNTLM: - return 'Restrict Outbound NTLM'; - case ActiveDirectoryKindProperties.GMSA: - return 'GMSA'; - case ActiveDirectoryKindProperties.MSA: - return 'MSA'; - case ActiveDirectoryKindProperties.DoesAnyAceGrantOwnerRights: - return 'Does Any ACE Grant Owner Rights'; - case ActiveDirectoryKindProperties.DoesAnyInheritedAceGrantOwnerRights: - return 'Does Any Inherited ACE Grant Owner Rights'; - case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTP: - return 'ADCS Web Enrollment HTTP'; - case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPS: - return 'ADCS Web Enrollment HTTPS'; - case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPSEPA: - return 'ADCS Web Enrollment HTTPS EPA'; - case ActiveDirectoryKindProperties.LDAPSigning: - return 'LDAP Signing'; - case ActiveDirectoryKindProperties.LDAPAvailable: - return 'LDAP Available'; - case ActiveDirectoryKindProperties.LDAPSAvailable: - return 'LDAPS Available'; - case ActiveDirectoryKindProperties.LDAPSEPA: - return 'LDAPS EPA'; - case ActiveDirectoryKindProperties.IsDC: - return 'Is Domain Controller'; - case ActiveDirectoryKindProperties.HTTPEnrollmentEndpoints: - return 'HTTP Enrollment Endpoints'; - case ActiveDirectoryKindProperties.HTTPSEnrollmentEndpoints: - return 'HTTPS Enrollment Endpoints'; - case ActiveDirectoryKindProperties.HasVulnerableEndpoint: - return 'Has Vulnerable Endpoint'; - default: - return undefined; - } +export function ActiveDirectoryKindPropertiesToDisplay (value : ActiveDirectoryKindProperties): string | undefined { +switch (value) { +case ActiveDirectoryKindProperties.AdminCount: +return 'Admin Count' +case ActiveDirectoryKindProperties.CASecurityCollected: +return 'CA Security Collected' +case ActiveDirectoryKindProperties.CAName: +return 'CA Name' +case ActiveDirectoryKindProperties.CertChain: +return 'Certificate Chain' +case ActiveDirectoryKindProperties.CertName: +return 'Certificate Name' +case ActiveDirectoryKindProperties.CertThumbprint: +return 'Certificate Thumbprint' +case ActiveDirectoryKindProperties.CertThumbprints: +return 'Certificate Thumbprints' +case ActiveDirectoryKindProperties.HasEnrollmentAgentRestrictions: +return 'Has Enrollment Agent Restrictions' +case ActiveDirectoryKindProperties.EnrollmentAgentRestrictionsCollected: +return 'Enrollment Agent Restrictions Collected' +case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabled: +return 'Is User Specifies San Enabled' +case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabledCollected: +return 'Is User Specifies San Enabled Collected' +case ActiveDirectoryKindProperties.RoleSeparationEnabled: +return 'Role Separation Enabled' +case ActiveDirectoryKindProperties.RoleSeparationEnabledCollected: +return 'Role Separation Enabled Collected' +case ActiveDirectoryKindProperties.HasBasicConstraints: +return 'Has Basic Constraints' +case ActiveDirectoryKindProperties.BasicConstraintPathLength: +return 'Basic Constraint Path Length' +case ActiveDirectoryKindProperties.UnresolvedPublishedTemplates: +return 'Unresolved Published Certificate Templates' +case ActiveDirectoryKindProperties.DNSHostname: +return 'DNS Hostname' +case ActiveDirectoryKindProperties.CrossCertificatePair: +return 'Cross Certificate Pair' +case ActiveDirectoryKindProperties.DistinguishedName: +return 'Distinguished Name' +case ActiveDirectoryKindProperties.DomainFQDN: +return 'Domain FQDN' +case ActiveDirectoryKindProperties.DomainSID: +return 'Domain SID' +case ActiveDirectoryKindProperties.Sensitive: +return 'Marked Sensitive' +case ActiveDirectoryKindProperties.BlocksInheritance: +return 'Blocks GPO Inheritance' +case ActiveDirectoryKindProperties.IsACL: +return 'Is ACL' +case ActiveDirectoryKindProperties.IsACLProtected: +return 'ACL Inheritance Denied' +case ActiveDirectoryKindProperties.IsDeleted: +return 'Is Deleted' +case ActiveDirectoryKindProperties.Enforced: +return 'Enforced' +case ActiveDirectoryKindProperties.Department: +return 'Department' +case ActiveDirectoryKindProperties.HasCrossCertificatePair: +return 'Has Cross Certificate Pair' +case ActiveDirectoryKindProperties.HasSPN: +return 'Has SPN' +case ActiveDirectoryKindProperties.UnconstrainedDelegation: +return 'Allows Unconstrained Delegation' +case ActiveDirectoryKindProperties.LastLogon: +return 'Last Logon' +case ActiveDirectoryKindProperties.LastLogonTimestamp: +return 'Last Logon (Replicated)' +case ActiveDirectoryKindProperties.IsPrimaryGroup: +return 'Is Primary Group' +case ActiveDirectoryKindProperties.HasLAPS: +return 'LAPS Enabled' +case ActiveDirectoryKindProperties.DontRequirePreAuth: +return 'Do Not Require Pre-Authentication' +case ActiveDirectoryKindProperties.LogonType: +return 'Logon Type' +case ActiveDirectoryKindProperties.HasURA: +return 'Has User Rights Assignment Collection' +case ActiveDirectoryKindProperties.PasswordNeverExpires: +return 'Password Never Expires' +case ActiveDirectoryKindProperties.PasswordNotRequired: +return 'Password Not Required' +case ActiveDirectoryKindProperties.FunctionalLevel: +return 'Functional Level' +case ActiveDirectoryKindProperties.TrustType: +return 'Trust Type' +case ActiveDirectoryKindProperties.SidFiltering: +return 'SID Filtering Enabled' +case ActiveDirectoryKindProperties.TrustedToAuth: +return 'Trusted For Constrained Delegation' +case ActiveDirectoryKindProperties.SamAccountName: +return 'SAM Account Name' +case ActiveDirectoryKindProperties.CertificateMappingMethodsRaw: +return 'Certificate Mapping Methods (Raw)' +case ActiveDirectoryKindProperties.CertificateMappingMethods: +return 'Certificate Mapping Methods' +case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcementRaw: +return 'Strong Certificate Binding Enforcement (Raw)' +case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcement: +return 'Strong Certificate Binding Enforcement' +case ActiveDirectoryKindProperties.EKUs: +return 'Enhanced Key Usage' +case ActiveDirectoryKindProperties.SubjectAltRequireUPN: +return 'Subject Alternative Name Require UPN' +case ActiveDirectoryKindProperties.SubjectAltRequireDNS: +return 'Subject Alternative Name Require DNS' +case ActiveDirectoryKindProperties.SubjectAltRequireDomainDNS: +return 'Subject Alternative Name Require Domain DNS' +case ActiveDirectoryKindProperties.SubjectAltRequireEmail: +return 'Subject Alternative Name Require Email' +case ActiveDirectoryKindProperties.SubjectAltRequireSPN: +return 'Subject Alternative Name Require SPN' +case ActiveDirectoryKindProperties.SubjectRequireEmail: +return 'Subject Require Email' +case ActiveDirectoryKindProperties.AuthorizedSignatures: +return 'Authorized Signatures Required' +case ActiveDirectoryKindProperties.ApplicationPolicies: +return 'Application Policies Required' +case ActiveDirectoryKindProperties.IssuancePolicies: +return 'Issuance Policies Required' +case ActiveDirectoryKindProperties.SchemaVersion: +return 'Schema Version' +case ActiveDirectoryKindProperties.RequiresManagerApproval: +return 'Requires Manager Approval' +case ActiveDirectoryKindProperties.AuthenticationEnabled: +return 'Authentication Enabled' +case ActiveDirectoryKindProperties.SchannelAuthenticationEnabled: +return 'Schannel Authentication Enabled' +case ActiveDirectoryKindProperties.EnrolleeSuppliesSubject: +return 'Enrollee Supplies Subject' +case ActiveDirectoryKindProperties.CertificateApplicationPolicy: +return 'Application Policy Extensions' +case ActiveDirectoryKindProperties.CertificateNameFlag: +return 'Certificate Name Flags' +case ActiveDirectoryKindProperties.EffectiveEKUs: +return 'Effective EKUs' +case ActiveDirectoryKindProperties.EnrollmentFlag: +return 'Enrollment Flags' +case ActiveDirectoryKindProperties.Flags: +return 'Flags' +case ActiveDirectoryKindProperties.NoSecurityExtension: +return 'No Security Extension' +case ActiveDirectoryKindProperties.RenewalPeriod: +return 'Renewal Period' +case ActiveDirectoryKindProperties.ValidityPeriod: +return 'Validity Period' +case ActiveDirectoryKindProperties.OID: +return 'OID' +case ActiveDirectoryKindProperties.HomeDirectory: +return 'Home Directory' +case ActiveDirectoryKindProperties.CertificatePolicy: +return 'Issuance Policy Extensions' +case ActiveDirectoryKindProperties.CertTemplateOID: +return 'Certificate Template OID' +case ActiveDirectoryKindProperties.GroupLinkID: +return 'Group Link ID' +case ActiveDirectoryKindProperties.ObjectGUID: +return 'Object GUID' +case ActiveDirectoryKindProperties.ExpirePasswordsOnSmartCardOnlyAccounts: +return 'Expire Passwords on Smart Card only Accounts' +case ActiveDirectoryKindProperties.MachineAccountQuota: +return 'Machine Account Quota' +case ActiveDirectoryKindProperties.SupportedKerberosEncryptionTypes: +return 'Supported Kerberos Encryption Types' +case ActiveDirectoryKindProperties.TGTDelegationEnabled: +return 'TGT Delegation Enabled' +case ActiveDirectoryKindProperties.PasswordStoredUsingReversibleEncryption: +return 'Password Stored Using Reversible Encryption' +case ActiveDirectoryKindProperties.SmartcardRequired: +return 'Smartcard Required' +case ActiveDirectoryKindProperties.UseDESKeyOnly: +return 'Use DES Key Only' +case ActiveDirectoryKindProperties.LogonScriptEnabled: +return 'Logon Script Enabled' +case ActiveDirectoryKindProperties.LockedOut: +return 'Locked Out' +case ActiveDirectoryKindProperties.UserCannotChangePassword: +return 'User Cannot Change Password' +case ActiveDirectoryKindProperties.PasswordExpired: +return 'Password Expired' +case ActiveDirectoryKindProperties.DSHeuristics: +return 'DSHeuristics' +case ActiveDirectoryKindProperties.UserAccountControl: +return 'User Account Control' +case ActiveDirectoryKindProperties.TrustAttributes: +return 'Trust Attributes' +case ActiveDirectoryKindProperties.MinPwdLength: +return 'Minimum password length' +case ActiveDirectoryKindProperties.PwdProperties: +return 'Password Properties' +case ActiveDirectoryKindProperties.PwdHistoryLength: +return 'Password History Length' +case ActiveDirectoryKindProperties.LockoutThreshold: +return 'Lockout Threshold' +case ActiveDirectoryKindProperties.MinPwdAge: +return 'Minimum Password Age' +case ActiveDirectoryKindProperties.MaxPwdAge: +return 'Maximum Password Age' +case ActiveDirectoryKindProperties.LockoutDuration: +return 'Lockout Duration' +case ActiveDirectoryKindProperties.LockoutObservationWindow: +return 'Lockout Observation Window' +case ActiveDirectoryKindProperties.OwnerSid: +return 'Owner SID' +case ActiveDirectoryKindProperties.SMBSigning: +return 'SMB Signing' +case ActiveDirectoryKindProperties.WebClientRunning: +return 'WebClient Running' +case ActiveDirectoryKindProperties.RestrictOutboundNTLM: +return 'Restrict Outbound NTLM' +case ActiveDirectoryKindProperties.GMSA: +return 'GMSA' +case ActiveDirectoryKindProperties.MSA: +return 'MSA' +case ActiveDirectoryKindProperties.DoesAnyAceGrantOwnerRights: +return 'Does Any ACE Grant Owner Rights' +case ActiveDirectoryKindProperties.DoesAnyInheritedAceGrantOwnerRights: +return 'Does Any Inherited ACE Grant Owner Rights' +case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTP: +return 'ADCS Web Enrollment HTTP' +case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPS: +return 'ADCS Web Enrollment HTTPS' +case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPSEPA: +return 'ADCS Web Enrollment HTTPS EPA' +case ActiveDirectoryKindProperties.LDAPSigning: +return 'LDAP Signing' +case ActiveDirectoryKindProperties.LDAPAvailable: +return 'LDAP Available' +case ActiveDirectoryKindProperties.LDAPSAvailable: +return 'LDAPS Available' +case ActiveDirectoryKindProperties.LDAPSEPA: +return 'LDAPS EPA' +case ActiveDirectoryKindProperties.IsDC: +return 'Is Domain Controller' +case ActiveDirectoryKindProperties.HTTPEnrollmentEndpoints: +return 'HTTP Enrollment Endpoints' +case ActiveDirectoryKindProperties.HTTPSEnrollmentEndpoints: +return 'HTTPS Enrollment Endpoints' +case ActiveDirectoryKindProperties.HasVulnerableEndpoint: +return 'Has Vulnerable Endpoint' +default: +return undefined } -export function ActiveDirectoryPathfindingEdges(): ActiveDirectoryRelationshipKind[] { - return [ - ActiveDirectoryRelationshipKind.Owns, - ActiveDirectoryRelationshipKind.GenericAll, - ActiveDirectoryRelationshipKind.GenericWrite, - ActiveDirectoryRelationshipKind.WriteOwner, - ActiveDirectoryRelationshipKind.WriteDACL, - ActiveDirectoryRelationshipKind.MemberOf, - ActiveDirectoryRelationshipKind.ForceChangePassword, - ActiveDirectoryRelationshipKind.AllExtendedRights, - ActiveDirectoryRelationshipKind.AddMember, - ActiveDirectoryRelationshipKind.HasSession, - ActiveDirectoryRelationshipKind.GPLink, - ActiveDirectoryRelationshipKind.AllowedToDelegate, - ActiveDirectoryRelationshipKind.CoerceToTGT, - ActiveDirectoryRelationshipKind.AllowedToAct, - ActiveDirectoryRelationshipKind.AdminTo, - ActiveDirectoryRelationshipKind.CanPSRemote, - ActiveDirectoryRelationshipKind.CanRDP, - ActiveDirectoryRelationshipKind.ExecuteDCOM, - ActiveDirectoryRelationshipKind.HasSIDHistory, - ActiveDirectoryRelationshipKind.AddSelf, - ActiveDirectoryRelationshipKind.DCSync, - ActiveDirectoryRelationshipKind.ReadLAPSPassword, - ActiveDirectoryRelationshipKind.ReadGMSAPassword, - ActiveDirectoryRelationshipKind.DumpSMSAPassword, - ActiveDirectoryRelationshipKind.SQLAdmin, - ActiveDirectoryRelationshipKind.AddAllowedToAct, - ActiveDirectoryRelationshipKind.WriteSPN, - ActiveDirectoryRelationshipKind.AddKeyCredentialLink, - ActiveDirectoryRelationshipKind.SyncLAPSPassword, - ActiveDirectoryRelationshipKind.WriteAccountRestrictions, - ActiveDirectoryRelationshipKind.WriteGPLink, - ActiveDirectoryRelationshipKind.GoldenCert, - ActiveDirectoryRelationshipKind.ADCSESC1, - ActiveDirectoryRelationshipKind.ADCSESC3, - ActiveDirectoryRelationshipKind.ADCSESC4, - ActiveDirectoryRelationshipKind.ADCSESC6a, - ActiveDirectoryRelationshipKind.ADCSESC6b, - ActiveDirectoryRelationshipKind.ADCSESC9a, - ActiveDirectoryRelationshipKind.ADCSESC9b, - ActiveDirectoryRelationshipKind.ADCSESC10a, - ActiveDirectoryRelationshipKind.ADCSESC10b, - ActiveDirectoryRelationshipKind.ADCSESC13, - ActiveDirectoryRelationshipKind.SyncedToEntraUser, - ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB, - ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS, - ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights, - ActiveDirectoryRelationshipKind.OwnsLimitedRights, - ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP, - ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS, - ActiveDirectoryRelationshipKind.Contains, - ActiveDirectoryRelationshipKind.DCFor, - ActiveDirectoryRelationshipKind.TrustedBy, - ]; +} +export function ActiveDirectoryPathfindingEdges (): ActiveDirectoryRelationshipKind[] { +return [ActiveDirectoryRelationshipKind.Owns,ActiveDirectoryRelationshipKind.GenericAll,ActiveDirectoryRelationshipKind.GenericWrite,ActiveDirectoryRelationshipKind.WriteOwner,ActiveDirectoryRelationshipKind.WriteDACL,ActiveDirectoryRelationshipKind.MemberOf,ActiveDirectoryRelationshipKind.ForceChangePassword,ActiveDirectoryRelationshipKind.AllExtendedRights,ActiveDirectoryRelationshipKind.AddMember,ActiveDirectoryRelationshipKind.HasSession,ActiveDirectoryRelationshipKind.GPLink,ActiveDirectoryRelationshipKind.AllowedToDelegate,ActiveDirectoryRelationshipKind.CoerceToTGT,ActiveDirectoryRelationshipKind.AllowedToAct,ActiveDirectoryRelationshipKind.AdminTo,ActiveDirectoryRelationshipKind.CanPSRemote,ActiveDirectoryRelationshipKind.CanRDP,ActiveDirectoryRelationshipKind.ExecuteDCOM,ActiveDirectoryRelationshipKind.HasSIDHistory,ActiveDirectoryRelationshipKind.AddSelf,ActiveDirectoryRelationshipKind.DCSync,ActiveDirectoryRelationshipKind.ReadLAPSPassword,ActiveDirectoryRelationshipKind.ReadGMSAPassword,ActiveDirectoryRelationshipKind.DumpSMSAPassword,ActiveDirectoryRelationshipKind.SQLAdmin,ActiveDirectoryRelationshipKind.AddAllowedToAct,ActiveDirectoryRelationshipKind.WriteSPN,ActiveDirectoryRelationshipKind.AddKeyCredentialLink,ActiveDirectoryRelationshipKind.SyncLAPSPassword,ActiveDirectoryRelationshipKind.WriteAccountRestrictions,ActiveDirectoryRelationshipKind.WriteGPLink,ActiveDirectoryRelationshipKind.GoldenCert,ActiveDirectoryRelationshipKind.ADCSESC1,ActiveDirectoryRelationshipKind.ADCSESC3,ActiveDirectoryRelationshipKind.ADCSESC4,ActiveDirectoryRelationshipKind.ADCSESC6a,ActiveDirectoryRelationshipKind.ADCSESC6b,ActiveDirectoryRelationshipKind.ADCSESC9a,ActiveDirectoryRelationshipKind.ADCSESC9b,ActiveDirectoryRelationshipKind.ADCSESC10a,ActiveDirectoryRelationshipKind.ADCSESC10b,ActiveDirectoryRelationshipKind.ADCSESC13,ActiveDirectoryRelationshipKind.SyncedToEntraUser,ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB,ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS,ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights,ActiveDirectoryRelationshipKind.OwnsLimitedRights,ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP,ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS,ActiveDirectoryRelationshipKind.Contains,ActiveDirectoryRelationshipKind.DCFor,ActiveDirectoryRelationshipKind.TrustedBy] } export enum AzureNodeKind { - Entity = 'AZBase', - VMScaleSet = 'AZVMScaleSet', - App = 'AZApp', - Role = 'AZRole', - Device = 'AZDevice', - FunctionApp = 'AZFunctionApp', - Group = 'AZGroup', - KeyVault = 'AZKeyVault', - ManagementGroup = 'AZManagementGroup', - ResourceGroup = 'AZResourceGroup', - ServicePrincipal = 'AZServicePrincipal', - Subscription = 'AZSubscription', - Tenant = 'AZTenant', - User = 'AZUser', - VM = 'AZVM', - ManagedCluster = 'AZManagedCluster', - ContainerRegistry = 'AZContainerRegistry', - WebApp = 'AZWebApp', - LogicApp = 'AZLogicApp', - AutomationAccount = 'AZAutomationAccount', +Entity = 'AZBase', +VMScaleSet = 'AZVMScaleSet', +App = 'AZApp', +Role = 'AZRole', +Device = 'AZDevice', +FunctionApp = 'AZFunctionApp', +Group = 'AZGroup', +Group365 = 'AZGroup365', +KeyVault = 'AZKeyVault', +ManagementGroup = 'AZManagementGroup', +ResourceGroup = 'AZResourceGroup', +ServicePrincipal = 'AZServicePrincipal', +Subscription = 'AZSubscription', +Tenant = 'AZTenant', +User = 'AZUser', +VM = 'AZVM', +ManagedCluster = 'AZManagedCluster', +ContainerRegistry = 'AZContainerRegistry', +WebApp = 'AZWebApp', +LogicApp = 'AZLogicApp', +AutomationAccount = 'AZAutomationAccount', +} +export function AzureNodeKindToDisplay (value : AzureNodeKind): string | undefined { +switch (value) { +case AzureNodeKind.Entity: +return 'Entity' +case AzureNodeKind.VMScaleSet: +return 'VMScaleSet' +case AzureNodeKind.App: +return 'App' +case AzureNodeKind.Role: +return 'Role' +case AzureNodeKind.Device: +return 'Device' +case AzureNodeKind.FunctionApp: +return 'FunctionApp' +case AzureNodeKind.Group: +return 'Group' +case AzureNodeKind.Group365: +return 'Group365' +case AzureNodeKind.KeyVault: +return 'KeyVault' +case AzureNodeKind.ManagementGroup: +return 'ManagementGroup' +case AzureNodeKind.ResourceGroup: +return 'ResourceGroup' +case AzureNodeKind.ServicePrincipal: +return 'ServicePrincipal' +case AzureNodeKind.Subscription: +return 'Subscription' +case AzureNodeKind.Tenant: +return 'Tenant' +case AzureNodeKind.User: +return 'User' +case AzureNodeKind.VM: +return 'VM' +case AzureNodeKind.ManagedCluster: +return 'ManagedCluster' +case AzureNodeKind.ContainerRegistry: +return 'ContainerRegistry' +case AzureNodeKind.WebApp: +return 'WebApp' +case AzureNodeKind.LogicApp: +return 'LogicApp' +case AzureNodeKind.AutomationAccount: +return 'AutomationAccount' +default: +return undefined } -export function AzureNodeKindToDisplay(value: AzureNodeKind): string | undefined { - switch (value) { - case AzureNodeKind.Entity: - return 'Entity'; - case AzureNodeKind.VMScaleSet: - return 'VMScaleSet'; - case AzureNodeKind.App: - return 'App'; - case AzureNodeKind.Role: - return 'Role'; - case AzureNodeKind.Device: - return 'Device'; - case AzureNodeKind.FunctionApp: - return 'FunctionApp'; - case AzureNodeKind.Group: - return 'Group'; - case AzureNodeKind.KeyVault: - return 'KeyVault'; - case AzureNodeKind.ManagementGroup: - return 'ManagementGroup'; - case AzureNodeKind.ResourceGroup: - return 'ResourceGroup'; - case AzureNodeKind.ServicePrincipal: - return 'ServicePrincipal'; - case AzureNodeKind.Subscription: - return 'Subscription'; - case AzureNodeKind.Tenant: - return 'Tenant'; - case AzureNodeKind.User: - return 'User'; - case AzureNodeKind.VM: - return 'VM'; - case AzureNodeKind.ManagedCluster: - return 'ManagedCluster'; - case AzureNodeKind.ContainerRegistry: - return 'ContainerRegistry'; - case AzureNodeKind.WebApp: - return 'WebApp'; - case AzureNodeKind.LogicApp: - return 'LogicApp'; - case AzureNodeKind.AutomationAccount: - return 'AutomationAccount'; - default: - return undefined; - } } export enum AzureRelationshipKind { - AvereContributor = 'AZAvereContributor', - Contains = 'AZContains', - Contributor = 'AZContributor', - GetCertificates = 'AZGetCertificates', - GetKeys = 'AZGetKeys', - GetSecrets = 'AZGetSecrets', - HasRole = 'AZHasRole', - MemberOf = 'AZMemberOf', - Owner = 'AZOwner', - RunsAs = 'AZRunsAs', - VMContributor = 'AZVMContributor', - AutomationContributor = 'AZAutomationContributor', - KeyVaultContributor = 'AZKeyVaultContributor', - VMAdminLogin = 'AZVMAdminLogin', - AddMembers = 'AZAddMembers', - AddSecret = 'AZAddSecret', - ExecuteCommand = 'AZExecuteCommand', - GlobalAdmin = 'AZGlobalAdmin', - PrivilegedAuthAdmin = 'AZPrivilegedAuthAdmin', - Grant = 'AZGrant', - GrantSelf = 'AZGrantSelf', - PrivilegedRoleAdmin = 'AZPrivilegedRoleAdmin', - ResetPassword = 'AZResetPassword', - UserAccessAdministrator = 'AZUserAccessAdministrator', - Owns = 'AZOwns', - ScopedTo = 'AZScopedTo', - CloudAppAdmin = 'AZCloudAppAdmin', - AppAdmin = 'AZAppAdmin', - AddOwner = 'AZAddOwner', - ManagedIdentity = 'AZManagedIdentity', - ApplicationReadWriteAll = 'AZMGApplication_ReadWrite_All', - AppRoleAssignmentReadWriteAll = 'AZMGAppRoleAssignment_ReadWrite_All', - DirectoryReadWriteAll = 'AZMGDirectory_ReadWrite_All', - GroupReadWriteAll = 'AZMGGroup_ReadWrite_All', - GroupMemberReadWriteAll = 'AZMGGroupMember_ReadWrite_All', - RoleManagementReadWriteDirectory = 'AZMGRoleManagement_ReadWrite_Directory', - ServicePrincipalEndpointReadWriteAll = 'AZMGServicePrincipalEndpoint_ReadWrite_All', - AKSContributor = 'AZAKSContributor', - NodeResourceGroup = 'AZNodeResourceGroup', - WebsiteContributor = 'AZWebsiteContributor', - LogicAppContributor = 'AZLogicAppContributor', - AZMGAddMember = 'AZMGAddMember', - AZMGAddOwner = 'AZMGAddOwner', - AZMGAddSecret = 'AZMGAddSecret', - AZMGGrantAppRoles = 'AZMGGrantAppRoles', - AZMGGrantRole = 'AZMGGrantRole', - SyncedToADUser = 'SyncedToADUser', +AvereContributor = 'AZAvereContributor', +Contains = 'AZContains', +Contributor = 'AZContributor', +GetCertificates = 'AZGetCertificates', +GetKeys = 'AZGetKeys', +GetSecrets = 'AZGetSecrets', +HasRole = 'AZHasRole', +MemberOf = 'AZMemberOf', +Owner = 'AZOwner', +RunsAs = 'AZRunsAs', +VMContributor = 'AZVMContributor', +AutomationContributor = 'AZAutomationContributor', +KeyVaultContributor = 'AZKeyVaultContributor', +VMAdminLogin = 'AZVMAdminLogin', +AddMembers = 'AZAddMembers', +AddSecret = 'AZAddSecret', +ExecuteCommand = 'AZExecuteCommand', +GlobalAdmin = 'AZGlobalAdmin', +PrivilegedAuthAdmin = 'AZPrivilegedAuthAdmin', +Grant = 'AZGrant', +GrantSelf = 'AZGrantSelf', +PrivilegedRoleAdmin = 'AZPrivilegedRoleAdmin', +ResetPassword = 'AZResetPassword', +UserAccessAdministrator = 'AZUserAccessAdministrator', +Owns = 'AZOwns', +ScopedTo = 'AZScopedTo', +CloudAppAdmin = 'AZCloudAppAdmin', +AppAdmin = 'AZAppAdmin', +AddOwner = 'AZAddOwner', +ManagedIdentity = 'AZManagedIdentity', +ApplicationReadWriteAll = 'AZMGApplication_ReadWrite_All', +AppRoleAssignmentReadWriteAll = 'AZMGAppRoleAssignment_ReadWrite_All', +DirectoryReadWriteAll = 'AZMGDirectory_ReadWrite_All', +GroupReadWriteAll = 'AZMGGroup_ReadWrite_All', +GroupMemberReadWriteAll = 'AZMGGroupMember_ReadWrite_All', +RoleManagementReadWriteDirectory = 'AZMGRoleManagement_ReadWrite_Directory', +ServicePrincipalEndpointReadWriteAll = 'AZMGServicePrincipalEndpoint_ReadWrite_All', +AKSContributor = 'AZAKSContributor', +NodeResourceGroup = 'AZNodeResourceGroup', +WebsiteContributor = 'AZWebsiteContributor', +LogicAppContributor = 'AZLogicAppContributor', +AZMGAddMember = 'AZMGAddMember', +AZMGAddOwner = 'AZMGAddOwner', +AZMGAddSecret = 'AZMGAddSecret', +AZMGGrantAppRoles = 'AZMGGrantAppRoles', +AZMGGrantRole = 'AZMGGrantRole', +SyncedToADUser = 'SyncedToADUser', } -export function AzureRelationshipKindToDisplay(value: AzureRelationshipKind): string | undefined { - switch (value) { - case AzureRelationshipKind.AvereContributor: - return 'AvereContributor'; - case AzureRelationshipKind.Contains: - return 'Contains'; - case AzureRelationshipKind.Contributor: - return 'Contributor'; - case AzureRelationshipKind.GetCertificates: - return 'GetCertificates'; - case AzureRelationshipKind.GetKeys: - return 'GetKeys'; - case AzureRelationshipKind.GetSecrets: - return 'GetSecrets'; - case AzureRelationshipKind.HasRole: - return 'HasRole'; - case AzureRelationshipKind.MemberOf: - return 'MemberOf'; - case AzureRelationshipKind.Owner: - return 'Owner'; - case AzureRelationshipKind.RunsAs: - return 'RunsAs'; - case AzureRelationshipKind.VMContributor: - return 'VMContributor'; - case AzureRelationshipKind.AutomationContributor: - return 'AutomationContributor'; - case AzureRelationshipKind.KeyVaultContributor: - return 'KeyVaultContributor'; - case AzureRelationshipKind.VMAdminLogin: - return 'VMAdminLogin'; - case AzureRelationshipKind.AddMembers: - return 'AddMembers'; - case AzureRelationshipKind.AddSecret: - return 'AddSecret'; - case AzureRelationshipKind.ExecuteCommand: - return 'ExecuteCommand'; - case AzureRelationshipKind.GlobalAdmin: - return 'GlobalAdmin'; - case AzureRelationshipKind.PrivilegedAuthAdmin: - return 'PrivilegedAuthAdmin'; - case AzureRelationshipKind.Grant: - return 'Grant'; - case AzureRelationshipKind.GrantSelf: - return 'GrantSelf'; - case AzureRelationshipKind.PrivilegedRoleAdmin: - return 'PrivilegedRoleAdmin'; - case AzureRelationshipKind.ResetPassword: - return 'ResetPassword'; - case AzureRelationshipKind.UserAccessAdministrator: - return 'UserAccessAdministrator'; - case AzureRelationshipKind.Owns: - return 'Owns'; - case AzureRelationshipKind.ScopedTo: - return 'ScopedTo'; - case AzureRelationshipKind.CloudAppAdmin: - return 'CloudAppAdmin'; - case AzureRelationshipKind.AppAdmin: - return 'AppAdmin'; - case AzureRelationshipKind.AddOwner: - return 'AddOwner'; - case AzureRelationshipKind.ManagedIdentity: - return 'ManagedIdentity'; - case AzureRelationshipKind.ApplicationReadWriteAll: - return 'ApplicationReadWriteAll'; - case AzureRelationshipKind.AppRoleAssignmentReadWriteAll: - return 'AppRoleAssignmentReadWriteAll'; - case AzureRelationshipKind.DirectoryReadWriteAll: - return 'DirectoryReadWriteAll'; - case AzureRelationshipKind.GroupReadWriteAll: - return 'GroupReadWriteAll'; - case AzureRelationshipKind.GroupMemberReadWriteAll: - return 'GroupMemberReadWriteAll'; - case AzureRelationshipKind.RoleManagementReadWriteDirectory: - return 'RoleManagementReadWriteDirectory'; - case AzureRelationshipKind.ServicePrincipalEndpointReadWriteAll: - return 'ServicePrincipalEndpointReadWriteAll'; - case AzureRelationshipKind.AKSContributor: - return 'AKSContributor'; - case AzureRelationshipKind.NodeResourceGroup: - return 'NodeResourceGroup'; - case AzureRelationshipKind.WebsiteContributor: - return 'WebsiteContributor'; - case AzureRelationshipKind.LogicAppContributor: - return 'LogicAppContributor'; - case AzureRelationshipKind.AZMGAddMember: - return 'AZMGAddMember'; - case AzureRelationshipKind.AZMGAddOwner: - return 'AZMGAddOwner'; - case AzureRelationshipKind.AZMGAddSecret: - return 'AZMGAddSecret'; - case AzureRelationshipKind.AZMGGrantAppRoles: - return 'AZMGGrantAppRoles'; - case AzureRelationshipKind.AZMGGrantRole: - return 'AZMGGrantRole'; - case AzureRelationshipKind.SyncedToADUser: - return 'SyncedToADUser'; - default: - return undefined; - } +export function AzureRelationshipKindToDisplay (value : AzureRelationshipKind): string | undefined { +switch (value) { +case AzureRelationshipKind.AvereContributor: +return 'AvereContributor' +case AzureRelationshipKind.Contains: +return 'Contains' +case AzureRelationshipKind.Contributor: +return 'Contributor' +case AzureRelationshipKind.GetCertificates: +return 'GetCertificates' +case AzureRelationshipKind.GetKeys: +return 'GetKeys' +case AzureRelationshipKind.GetSecrets: +return 'GetSecrets' +case AzureRelationshipKind.HasRole: +return 'HasRole' +case AzureRelationshipKind.MemberOf: +return 'MemberOf' +case AzureRelationshipKind.Owner: +return 'Owner' +case AzureRelationshipKind.RunsAs: +return 'RunsAs' +case AzureRelationshipKind.VMContributor: +return 'VMContributor' +case AzureRelationshipKind.AutomationContributor: +return 'AutomationContributor' +case AzureRelationshipKind.KeyVaultContributor: +return 'KeyVaultContributor' +case AzureRelationshipKind.VMAdminLogin: +return 'VMAdminLogin' +case AzureRelationshipKind.AddMembers: +return 'AddMembers' +case AzureRelationshipKind.AddSecret: +return 'AddSecret' +case AzureRelationshipKind.ExecuteCommand: +return 'ExecuteCommand' +case AzureRelationshipKind.GlobalAdmin: +return 'GlobalAdmin' +case AzureRelationshipKind.PrivilegedAuthAdmin: +return 'PrivilegedAuthAdmin' +case AzureRelationshipKind.Grant: +return 'Grant' +case AzureRelationshipKind.GrantSelf: +return 'GrantSelf' +case AzureRelationshipKind.PrivilegedRoleAdmin: +return 'PrivilegedRoleAdmin' +case AzureRelationshipKind.ResetPassword: +return 'ResetPassword' +case AzureRelationshipKind.UserAccessAdministrator: +return 'UserAccessAdministrator' +case AzureRelationshipKind.Owns: +return 'Owns' +case AzureRelationshipKind.ScopedTo: +return 'ScopedTo' +case AzureRelationshipKind.CloudAppAdmin: +return 'CloudAppAdmin' +case AzureRelationshipKind.AppAdmin: +return 'AppAdmin' +case AzureRelationshipKind.AddOwner: +return 'AddOwner' +case AzureRelationshipKind.ManagedIdentity: +return 'ManagedIdentity' +case AzureRelationshipKind.ApplicationReadWriteAll: +return 'ApplicationReadWriteAll' +case AzureRelationshipKind.AppRoleAssignmentReadWriteAll: +return 'AppRoleAssignmentReadWriteAll' +case AzureRelationshipKind.DirectoryReadWriteAll: +return 'DirectoryReadWriteAll' +case AzureRelationshipKind.GroupReadWriteAll: +return 'GroupReadWriteAll' +case AzureRelationshipKind.GroupMemberReadWriteAll: +return 'GroupMemberReadWriteAll' +case AzureRelationshipKind.RoleManagementReadWriteDirectory: +return 'RoleManagementReadWriteDirectory' +case AzureRelationshipKind.ServicePrincipalEndpointReadWriteAll: +return 'ServicePrincipalEndpointReadWriteAll' +case AzureRelationshipKind.AKSContributor: +return 'AKSContributor' +case AzureRelationshipKind.NodeResourceGroup: +return 'NodeResourceGroup' +case AzureRelationshipKind.WebsiteContributor: +return 'WebsiteContributor' +case AzureRelationshipKind.LogicAppContributor: +return 'LogicAppContributor' +case AzureRelationshipKind.AZMGAddMember: +return 'AZMGAddMember' +case AzureRelationshipKind.AZMGAddOwner: +return 'AZMGAddOwner' +case AzureRelationshipKind.AZMGAddSecret: +return 'AZMGAddSecret' +case AzureRelationshipKind.AZMGGrantAppRoles: +return 'AZMGGrantAppRoles' +case AzureRelationshipKind.AZMGGrantRole: +return 'AZMGGrantRole' +case AzureRelationshipKind.SyncedToADUser: +return 'SyncedToADUser' +default: +return undefined } -export type AzureKind = AzureNodeKind | AzureRelationshipKind; +} +export type AzureKind = AzureNodeKind|AzureRelationshipKind export enum AzureKindProperties { - AppOwnerOrganizationID = 'appownerorganizationid', - AppDescription = 'appdescription', - AppDisplayName = 'appdisplayname', - ServicePrincipalType = 'serviceprincipaltype', - UserType = 'usertype', - TenantID = 'tenantid', - ServicePrincipalID = 'service_principal_id', - ServicePrincipalNames = 'service_principal_names', - OperatingSystemVersion = 'operatingsystemversion', - TrustType = 'trustype', - IsBuiltIn = 'isbuiltin', - AppID = 'appid', - AppRoleID = 'approleid', - DeviceID = 'deviceid', - NodeResourceGroupID = 'noderesourcegroupid', - OnPremID = 'onpremid', - OnPremSyncEnabled = 'onpremsyncenabled', - SecurityEnabled = 'securityenabled', - SecurityIdentifier = 'securityidentifier', - EnableRBACAuthorization = 'enablerbacauthorization', - Scope = 'scope', - Offer = 'offer', - MFAEnabled = 'mfaenabled', - License = 'license', - Licenses = 'licenses', - LoginURL = 'loginurl', - MFAEnforced = 'mfaenforced', - UserPrincipalName = 'userprincipalname', - IsAssignableToRole = 'isassignabletorole', - PublisherDomain = 'publisherdomain', - SignInAudience = 'signinaudience', - RoleTemplateID = 'templateid', +AppOwnerOrganizationID = 'appownerorganizationid', +AppDescription = 'appdescription', +AppDisplayName = 'appdisplayname', +ServicePrincipalType = 'serviceprincipaltype', +UserType = 'usertype', +TenantID = 'tenantid', +ServicePrincipalID = 'service_principal_id', +ServicePrincipalNames = 'service_principal_names', +OperatingSystemVersion = 'operatingsystemversion', +TrustType = 'trustype', +IsBuiltIn = 'isbuiltin', +AppID = 'appid', +AppRoleID = 'approleid', +DeviceID = 'deviceid', +NodeResourceGroupID = 'noderesourcegroupid', +OnPremID = 'onpremid', +OnPremSyncEnabled = 'onpremsyncenabled', +SecurityEnabled = 'securityenabled', +SecurityIdentifier = 'securityidentifier', +EnableRBACAuthorization = 'enablerbacauthorization', +Scope = 'scope', +Offer = 'offer', +MFAEnabled = 'mfaenabled', +License = 'license', +Licenses = 'licenses', +LoginURL = 'loginurl', +MFAEnforced = 'mfaenforced', +UserPrincipalName = 'userprincipalname', +IsAssignableToRole = 'isassignabletorole', +PublisherDomain = 'publisherdomain', +SignInAudience = 'signinaudience', +RoleTemplateID = 'templateid', +} +export function AzureKindPropertiesToDisplay (value : AzureKindProperties): string | undefined { +switch (value) { +case AzureKindProperties.AppOwnerOrganizationID: +return 'App Owner Organization ID' +case AzureKindProperties.AppDescription: +return 'App Description' +case AzureKindProperties.AppDisplayName: +return 'App Display Name' +case AzureKindProperties.ServicePrincipalType: +return 'Service Principal Type' +case AzureKindProperties.UserType: +return 'User Type' +case AzureKindProperties.TenantID: +return 'Tenant ID' +case AzureKindProperties.ServicePrincipalID: +return 'Service Principal ID' +case AzureKindProperties.ServicePrincipalNames: +return 'Service Principal Names' +case AzureKindProperties.OperatingSystemVersion: +return 'Operating System Version' +case AzureKindProperties.TrustType: +return 'Trust Type' +case AzureKindProperties.IsBuiltIn: +return 'Is Built In' +case AzureKindProperties.AppID: +return 'App ID' +case AzureKindProperties.AppRoleID: +return 'App Role ID' +case AzureKindProperties.DeviceID: +return 'Device ID' +case AzureKindProperties.NodeResourceGroupID: +return 'Node Resource Group ID' +case AzureKindProperties.OnPremID: +return 'On Prem ID' +case AzureKindProperties.OnPremSyncEnabled: +return 'On Prem Sync Enabled' +case AzureKindProperties.SecurityEnabled: +return 'Security Enabled' +case AzureKindProperties.SecurityIdentifier: +return 'Security Identifier' +case AzureKindProperties.EnableRBACAuthorization: +return 'RBAC Authorization Enabled' +case AzureKindProperties.Scope: +return 'Scope' +case AzureKindProperties.Offer: +return 'Offer' +case AzureKindProperties.MFAEnabled: +return 'MFA Enabled' +case AzureKindProperties.License: +return 'License' +case AzureKindProperties.Licenses: +return 'Licenses' +case AzureKindProperties.LoginURL: +return 'Login URL' +case AzureKindProperties.MFAEnforced: +return 'MFA Enforced' +case AzureKindProperties.UserPrincipalName: +return 'User Principal Name' +case AzureKindProperties.IsAssignableToRole: +return 'Is Role Assignable' +case AzureKindProperties.PublisherDomain: +return 'Publisher Domain' +case AzureKindProperties.SignInAudience: +return 'Sign In Audience' +case AzureKindProperties.RoleTemplateID: +return 'Role Template ID' +default: +return undefined } -export function AzureKindPropertiesToDisplay(value: AzureKindProperties): string | undefined { - switch (value) { - case AzureKindProperties.AppOwnerOrganizationID: - return 'App Owner Organization ID'; - case AzureKindProperties.AppDescription: - return 'App Description'; - case AzureKindProperties.AppDisplayName: - return 'App Display Name'; - case AzureKindProperties.ServicePrincipalType: - return 'Service Principal Type'; - case AzureKindProperties.UserType: - return 'User Type'; - case AzureKindProperties.TenantID: - return 'Tenant ID'; - case AzureKindProperties.ServicePrincipalID: - return 'Service Principal ID'; - case AzureKindProperties.ServicePrincipalNames: - return 'Service Principal Names'; - case AzureKindProperties.OperatingSystemVersion: - return 'Operating System Version'; - case AzureKindProperties.TrustType: - return 'Trust Type'; - case AzureKindProperties.IsBuiltIn: - return 'Is Built In'; - case AzureKindProperties.AppID: - return 'App ID'; - case AzureKindProperties.AppRoleID: - return 'App Role ID'; - case AzureKindProperties.DeviceID: - return 'Device ID'; - case AzureKindProperties.NodeResourceGroupID: - return 'Node Resource Group ID'; - case AzureKindProperties.OnPremID: - return 'On Prem ID'; - case AzureKindProperties.OnPremSyncEnabled: - return 'On Prem Sync Enabled'; - case AzureKindProperties.SecurityEnabled: - return 'Security Enabled'; - case AzureKindProperties.SecurityIdentifier: - return 'Security Identifier'; - case AzureKindProperties.EnableRBACAuthorization: - return 'RBAC Authorization Enabled'; - case AzureKindProperties.Scope: - return 'Scope'; - case AzureKindProperties.Offer: - return 'Offer'; - case AzureKindProperties.MFAEnabled: - return 'MFA Enabled'; - case AzureKindProperties.License: - return 'License'; - case AzureKindProperties.Licenses: - return 'Licenses'; - case AzureKindProperties.LoginURL: - return 'Login URL'; - case AzureKindProperties.MFAEnforced: - return 'MFA Enforced'; - case AzureKindProperties.UserPrincipalName: - return 'User Principal Name'; - case AzureKindProperties.IsAssignableToRole: - return 'Is Role Assignable'; - case AzureKindProperties.PublisherDomain: - return 'Publisher Domain'; - case AzureKindProperties.SignInAudience: - return 'Sign In Audience'; - case AzureKindProperties.RoleTemplateID: - return 'Role Template ID'; - default: - return undefined; - } } -export function AzurePathfindingEdges(): AzureRelationshipKind[] { - return [ - AzureRelationshipKind.AvereContributor, - AzureRelationshipKind.Contributor, - AzureRelationshipKind.GetCertificates, - AzureRelationshipKind.GetKeys, - AzureRelationshipKind.GetSecrets, - AzureRelationshipKind.HasRole, - AzureRelationshipKind.MemberOf, - AzureRelationshipKind.Owner, - AzureRelationshipKind.RunsAs, - AzureRelationshipKind.VMContributor, - AzureRelationshipKind.AutomationContributor, - AzureRelationshipKind.KeyVaultContributor, - AzureRelationshipKind.VMAdminLogin, - AzureRelationshipKind.AddMembers, - AzureRelationshipKind.AddSecret, - AzureRelationshipKind.ExecuteCommand, - AzureRelationshipKind.GlobalAdmin, - AzureRelationshipKind.PrivilegedAuthAdmin, - AzureRelationshipKind.Grant, - AzureRelationshipKind.GrantSelf, - AzureRelationshipKind.PrivilegedRoleAdmin, - AzureRelationshipKind.ResetPassword, - AzureRelationshipKind.UserAccessAdministrator, - AzureRelationshipKind.Owns, - AzureRelationshipKind.CloudAppAdmin, - AzureRelationshipKind.AppAdmin, - AzureRelationshipKind.AddOwner, - AzureRelationshipKind.ManagedIdentity, - AzureRelationshipKind.AKSContributor, - AzureRelationshipKind.NodeResourceGroup, - AzureRelationshipKind.WebsiteContributor, - AzureRelationshipKind.LogicAppContributor, - AzureRelationshipKind.AZMGAddMember, - AzureRelationshipKind.AZMGAddOwner, - AzureRelationshipKind.AZMGAddSecret, - AzureRelationshipKind.AZMGGrantAppRoles, - AzureRelationshipKind.AZMGGrantRole, - AzureRelationshipKind.SyncedToADUser, - AzureRelationshipKind.Contains, - ]; +export function AzurePathfindingEdges (): AzureRelationshipKind[] { +return [AzureRelationshipKind.AvereContributor,AzureRelationshipKind.Contributor,AzureRelationshipKind.GetCertificates,AzureRelationshipKind.GetKeys,AzureRelationshipKind.GetSecrets,AzureRelationshipKind.HasRole,AzureRelationshipKind.MemberOf,AzureRelationshipKind.Owner,AzureRelationshipKind.RunsAs,AzureRelationshipKind.VMContributor,AzureRelationshipKind.AutomationContributor,AzureRelationshipKind.KeyVaultContributor,AzureRelationshipKind.VMAdminLogin,AzureRelationshipKind.AddMembers,AzureRelationshipKind.AddSecret,AzureRelationshipKind.ExecuteCommand,AzureRelationshipKind.GlobalAdmin,AzureRelationshipKind.PrivilegedAuthAdmin,AzureRelationshipKind.Grant,AzureRelationshipKind.GrantSelf,AzureRelationshipKind.PrivilegedRoleAdmin,AzureRelationshipKind.ResetPassword,AzureRelationshipKind.UserAccessAdministrator,AzureRelationshipKind.Owns,AzureRelationshipKind.CloudAppAdmin,AzureRelationshipKind.AppAdmin,AzureRelationshipKind.AddOwner,AzureRelationshipKind.ManagedIdentity,AzureRelationshipKind.AKSContributor,AzureRelationshipKind.NodeResourceGroup,AzureRelationshipKind.WebsiteContributor,AzureRelationshipKind.LogicAppContributor,AzureRelationshipKind.AZMGAddMember,AzureRelationshipKind.AZMGAddOwner,AzureRelationshipKind.AZMGAddSecret,AzureRelationshipKind.AZMGGrantAppRoles,AzureRelationshipKind.AZMGGrantRole,AzureRelationshipKind.SyncedToADUser,AzureRelationshipKind.Contains] } export enum CommonNodeKind { - MigrationData = 'MigrationData', +MigrationData = 'MigrationData', +} +export function CommonNodeKindToDisplay (value : CommonNodeKind): string | undefined { +switch (value) { +case CommonNodeKind.MigrationData: +return 'MigrationData' +default: +return undefined } -export function CommonNodeKindToDisplay(value: CommonNodeKind): string | undefined { - switch (value) { - case CommonNodeKind.MigrationData: - return 'MigrationData'; - default: - return undefined; - } } export enum CommonKindProperties { - ObjectID = 'objectid', - Name = 'name', - DisplayName = 'displayname', - Description = 'description', - OwnerObjectID = 'owner_objectid', - Collected = 'collected', - OperatingSystem = 'operatingsystem', - SystemTags = 'system_tags', - UserTags = 'user_tags', - LastSeen = 'lastseen', - WhenCreated = 'whencreated', - Enabled = 'enabled', - PasswordLastSet = 'pwdlastset', - Title = 'title', - Email = 'email', - IsInherited = 'isinherited', - CompositionID = 'compositionid', +ObjectID = 'objectid', +Name = 'name', +DisplayName = 'displayname', +Description = 'description', +OwnerObjectID = 'owner_objectid', +Collected = 'collected', +OperatingSystem = 'operatingsystem', +SystemTags = 'system_tags', +UserTags = 'user_tags', +LastSeen = 'lastseen', +WhenCreated = 'whencreated', +Enabled = 'enabled', +PasswordLastSet = 'pwdlastset', +Title = 'title', +Email = 'email', +IsInherited = 'isinherited', +CompositionID = 'compositionid', +} +export function CommonKindPropertiesToDisplay (value : CommonKindProperties): string | undefined { +switch (value) { +case CommonKindProperties.ObjectID: +return 'Object ID' +case CommonKindProperties.Name: +return 'Name' +case CommonKindProperties.DisplayName: +return 'Display Name' +case CommonKindProperties.Description: +return 'Description' +case CommonKindProperties.OwnerObjectID: +return 'Owner Object ID' +case CommonKindProperties.Collected: +return 'Collected' +case CommonKindProperties.OperatingSystem: +return 'Operating System' +case CommonKindProperties.SystemTags: +return 'Node System Tags' +case CommonKindProperties.UserTags: +return 'Node User Tags' +case CommonKindProperties.LastSeen: +return 'Last Collected by BloodHound' +case CommonKindProperties.WhenCreated: +return 'Created' +case CommonKindProperties.Enabled: +return 'Enabled' +case CommonKindProperties.PasswordLastSet: +return 'Password Last Set' +case CommonKindProperties.Title: +return 'Title' +case CommonKindProperties.Email: +return 'Email' +case CommonKindProperties.IsInherited: +return 'Is Inherited' +case CommonKindProperties.CompositionID: +return 'Composition ID' +default: +return undefined } -export function CommonKindPropertiesToDisplay(value: CommonKindProperties): string | undefined { - switch (value) { - case CommonKindProperties.ObjectID: - return 'Object ID'; - case CommonKindProperties.Name: - return 'Name'; - case CommonKindProperties.DisplayName: - return 'Display Name'; - case CommonKindProperties.Description: - return 'Description'; - case CommonKindProperties.OwnerObjectID: - return 'Owner Object ID'; - case CommonKindProperties.Collected: - return 'Collected'; - case CommonKindProperties.OperatingSystem: - return 'Operating System'; - case CommonKindProperties.SystemTags: - return 'Node System Tags'; - case CommonKindProperties.UserTags: - return 'Node User Tags'; - case CommonKindProperties.LastSeen: - return 'Last Collected by BloodHound'; - case CommonKindProperties.WhenCreated: - return 'Created'; - case CommonKindProperties.Enabled: - return 'Enabled'; - case CommonKindProperties.PasswordLastSet: - return 'Password Last Set'; - case CommonKindProperties.Title: - return 'Title'; - case CommonKindProperties.Email: - return 'Email'; - case CommonKindProperties.IsInherited: - return 'Is Inherited'; - case CommonKindProperties.CompositionID: - return 'Composition ID'; - default: - return undefined; - } } diff --git a/packages/javascript/bh-shared-ui/src/utils/content.ts b/packages/javascript/bh-shared-ui/src/utils/content.ts index 693883054a..f185f6b2cf 100644 --- a/packages/javascript/bh-shared-ui/src/utils/content.ts +++ b/packages/javascript/bh-shared-ui/src/utils/content.ts @@ -59,6 +59,8 @@ export const entityInformationEndpoints: Record apiClient.getAZEntityInfoV2('groups', id, undefined, false, undefined, undefined, undefined, options), + [AzureNodeKind.Group365]: (id: string, options?: RequestOptions) => + apiClient.getAZEntityInfoV2('groups365', id, undefined, false, undefined, undefined, undefined, options), [AzureNodeKind.KeyVault]: (id: string, options?: RequestOptions) => apiClient.getAZEntityInfoV2('key-vaults', id, undefined, false, undefined, undefined, undefined, options), [AzureNodeKind.ManagementGroup]: (id: string, options?: RequestOptions) => @@ -226,6 +228,86 @@ export const allSections: Partial EntityInfo label: 'Outbound Object Control', queryType: 'azgroup-outbound_object_control', }, + ], + [AzureNodeKind.Group365]: (id: string) => [ + + + + { + + + id, + + + label: 'Members', + + + queryType: 'azgroup365-members', + + + }, + + + { + + + id, + + + label: 'Member Of', + + + queryType: 'azgroup365-member_of', + + + }, + + + { + + + id, + + + label: 'Roles', + + + queryType: 'azgroup365-roles', + + + }, + + + { + + + id, + + + label: 'Inbound Object Control', + + + queryType: 'azgroup365-inbound_object_control', + + + }, + + + { + + + id, + + + label: 'Outbound Object Control', + + + queryType: 'azgroup365-outbound_object_control', + + + }, + + ], [AzureNodeKind.KeyVault]: (id: string) => [ { @@ -1102,6 +1184,33 @@ export const entityRelationshipEndpoints = { signal: controller.signal, }) .then((res) => res.data), + 'azgroup365-members': ({ id, counts, skip, limit, type }) => + apiClient + .getAZEntityInfoV2('groups', id, 'group-members', counts, skip, limit, type, { signal: controller.signal }) + .then((res) => res.data), + 'azgroup365-member_of': ({ id, counts, skip, limit, type }) => + apiClient + .getAZEntityInfoV2('groups', id, 'group-membership', counts, skip, limit, type, { + signal: controller.signal, + }) + .then((res) => res.data), + 'azgroup365-roles': ({ id, counts, skip, limit, type }) => + apiClient + .getAZEntityInfoV2('groups', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) + .then((res) => res.data), + + 'azgroup365-inbound_object_control': ({ id, counts, skip, limit, type }) => + apiClient + .getAZEntityInfoV2('groups', id, 'inbound-control', counts, skip, limit, type, { + signal: controller.signal, + }) + .then((res) => res.data), + 'azgroup365-outbound_object_control': ({ id, counts, skip, limit, type }) => + apiClient + .getAZEntityInfoV2('groups', id, 'outbound-control', counts, skip, limit, type, { + signal: controller.signal, + }) + .then((res) => res.data), 'azkeyvault-key_readers': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('key-vaults', id, 'key-readers', counts, skip, limit, type, { diff --git a/packages/javascript/bh-shared-ui/src/utils/icons.ts b/packages/javascript/bh-shared-ui/src/utils/icons.ts index 546a80d399..4b3653a413 100644 --- a/packages/javascript/bh-shared-ui/src/utils/icons.ts +++ b/packages/javascript/bh-shared-ui/src/utils/icons.ts @@ -151,6 +151,11 @@ export const NODE_ICON: IconDictionary = { color: '#F57C9B', }, + [AzureNodeKind.Group365]: { + icon: faUsers, + color: '#34D2EB', + }, + [AzureNodeKind.Tenant]: { icon: faCloud, color: '#54F2F2', diff --git a/packages/javascript/bh-shared-ui/src/views/DataQuality/TenantInfo.tsx b/packages/javascript/bh-shared-ui/src/views/DataQuality/TenantInfo.tsx index e1a3fa6d5e..ced463aef5 100644 --- a/packages/javascript/bh-shared-ui/src/views/DataQuality/TenantInfo.tsx +++ b/packages/javascript/bh-shared-ui/src/views/DataQuality/TenantInfo.tsx @@ -39,6 +39,7 @@ const useStyles = makeStyles((theme) => ({ export const TenantMap = { users: { displayText: 'Users', kind: AzureNodeKind.User }, groups: { displayText: 'Groups', kind: AzureNodeKind.Group }, + groups365: { displayText: 'Microsoft 365', kind: AzureNodeKind.Group365 }, apps: { displayText: 'Apps', kind: AzureNodeKind.App }, service_principals: { displayText: 'Service Principals', From 8b7f590d6ab83e00262edf834611a2a0b2cd3056 Mon Sep 17 00:00:00 2001 From: Basile Date: Wed, 2 Apr 2025 11:45:34 +0200 Subject: [PATCH 02/11] Added O365GroupMemberOf relationship --- .../api/bloodhoundgraph/bloodhoundgraph.go | 2 +- .../src/daemons/datapipe/azure_convertors.go | 14 + packages/cue/bh/azure/azure.cue | 8 + packages/go/analysis/azure/azure.go | 1 + packages/go/analysis/azure/filters.go | 6 +- packages/go/analysis/azure/queries.go | 4 +- packages/go/ein/azure.go | 147 +++++---- packages/go/graphschema/azure/azure.go | 21 +- packages/go/graphschema/common/common.go | 20 +- packages/go/graphschema/graph.go | 16 - .../AZGroup365MemberOf/AZGroup365MemberOf.tsx | 28 ++ .../HelpTexts/AZGroup365MemberOf/Abuse.tsx | 27 ++ .../HelpTexts/AZGroup365MemberOf/General.tsx | 41 +++ .../HelpTexts/AZGroup365MemberOf/Opsec.tsx | 23 ++ .../AZGroup365MemberOf/References.tsx | 37 +++ .../src/components/HelpTexts/index.tsx | 2 + .../bh-shared-ui/src/graphSchema.ts | 25 +- .../bh-shared-ui/src/utils/content.ts | 302 +++++++++--------- 18 files changed, 438 insertions(+), 286 deletions(-) create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/AZGroup365MemberOf.tsx create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Opsec.tsx create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/References.tsx diff --git a/cmd/api/src/api/bloodhoundgraph/bloodhoundgraph.go b/cmd/api/src/api/bloodhoundgraph/bloodhoundgraph.go index 9f3e82392c..6e8e14edd7 100644 --- a/cmd/api/src/api/bloodhoundgraph/bloodhoundgraph.go +++ b/cmd/api/src/api/bloodhoundgraph/bloodhoundgraph.go @@ -150,7 +150,7 @@ func (s *BloodHoundGraphNode) SetIcon(nType string) { s.FontIcon = &BloodHoundGraphFontIcon{ Text: "fa-users", } - case "AZGroup3650": + case "AZGroup365": s.FontIcon = &BloodHoundGraphFontIcon{ Text: "fa-users", } diff --git a/cmd/api/src/daemons/datapipe/azure_convertors.go b/cmd/api/src/daemons/datapipe/azure_convertors.go index 5c98c460b8..a656e0c40e 100644 --- a/cmd/api/src/daemons/datapipe/azure_convertors.go +++ b/cmd/api/src/daemons/datapipe/azure_convertors.go @@ -59,6 +59,8 @@ func getKindConverter(kind enums.Kind) func(json.RawMessage, *ConvertedAzureData return convertAzureGroup365 case enums.KindAZGroupMember: return convertAzureGroupMember + case enums.KindAZGroup365Member: + return convertAzureGroup365Member case enums.KindAZGroupOwner: return convertAzureGroupOwner case enums.KindAZKeyVault: @@ -314,6 +316,18 @@ func convertAzureGroupMember(raw json.RawMessage, converted *ConvertedAzureData) } } +func convertAzureGroup365Member(raw json.RawMessage, converted *ConvertedAzureData) { + var ( + data models.Group365Members + ) + + if err := json.Unmarshal(raw, &data); err != nil { + slog.Error(fmt.Sprintf(SerialError, "azure Microsoft 365 group members", err)) + } else { + converted.RelProps = append(converted.RelProps, ein.ConvertAzureGroup365MembersToRels(data)...) + } +} + func convertAzureGroupOwner(raw json.RawMessage, converted *ConvertedAzureData) { var ( data models.GroupOwners diff --git a/packages/cue/bh/azure/azure.cue b/packages/cue/bh/azure/azure.cue index 71a12d55ef..4a3624268e 100644 --- a/packages/cue/bh/azure/azure.cue +++ b/packages/cue/bh/azure/azure.cue @@ -602,6 +602,12 @@ Owns: types.#Kind & { representation: "AZOwns" } +O365MemberOf: types.#Kind & { + symbol: "O365MemberOf" + schema: "azure" + representation: "AZGroup365Member" +} + ScopedTo: types.#Kind & { symbol: "ScopedTo" schema: "azure" @@ -743,6 +749,7 @@ RelationshipKinds: [ GetSecrets, HasRole, MemberOf, + O365MemberOf, Owner, RunsAs, VMContributor, @@ -851,6 +858,7 @@ InboundOutboundRelationshipKinds: [ GetSecrets, HasRole, MemberOf, + O365MemberOf, Owner, RunsAs, VMContributor, diff --git a/packages/go/analysis/azure/azure.go b/packages/go/analysis/azure/azure.go index 13a0d9c8de..e2948c714b 100644 --- a/packages/go/analysis/azure/azure.go +++ b/packages/go/analysis/azure/azure.go @@ -102,6 +102,7 @@ func GetDescendentKinds(kind graph.Kind) []graph.Kind { func AzureNonDescentKinds() graph.Kinds { return []graph.Kind{ azure.MemberOf, + azure.O365MemberOf, azure.HasRole, azure.RunsAs, } diff --git a/packages/go/analysis/azure/filters.go b/packages/go/analysis/azure/filters.go index 9007d901ad..9cb3d01384 100644 --- a/packages/go/analysis/azure/filters.go +++ b/packages/go/analysis/azure/filters.go @@ -27,7 +27,7 @@ import ( ) func FilterEntityActiveAssignments() graph.Criteria { - return query.KindIn(query.Relationship(), azure.HasRole, azure.MemberOf) + return query.KindIn(query.Relationship(), azure.HasRole, azure.MemberOf, azure.O365MemberOf) } func FilterEntityPIMAssignments() graph.Criteria { @@ -63,12 +63,12 @@ func FilterAbusableAppRoleAssignmentRelationships() graph.Criteria { } func FilterGroupMembership() graph.Criteria { - return query.Kind(query.Relationship(), azure.MemberOf) + return query.Kind(query.Relationship(), azure.MemberOf, azure.O365MemberOf) } func FilterGroupMembers() graph.Criteria { return query.And( - query.Kind(query.Relationship(), azure.MemberOf), + query.Kind(query.Relationship(), azure.MemberOf, azure.O365MemberOf), query.Kind(query.Start(), azure.Entity), ) } diff --git a/packages/go/analysis/azure/queries.go b/packages/go/analysis/azure/queries.go index 9f53dae5c2..97ac62d8f6 100644 --- a/packages/go/analysis/azure/queries.go +++ b/packages/go/analysis/azure/queries.go @@ -288,7 +288,7 @@ func InboundControlDescentFilter(_ *ops.TraversalContext, segment *graph.PathSeg if segment.Depth() == 1 { return true } else { - return segment.Edge.Kind.Is(azure.MemberOf, azure.Contains) + return segment.Edge.Kind.Is(azure.MemberOf, azure.O365MemberOf, azure.Contains) } } @@ -320,7 +320,7 @@ func OutboundControlDescentFilter(_ *ops.TraversalContext, segment *graph.PathSe } func OutboundControlPathFilter(_ *ops.TraversalContext, segment *graph.PathSegment) bool { - return !segment.Edge.Kind.Is(azure.MemberOf, azure.Contains) + return !segment.Edge.Kind.Is(azure.MemberOf, azure.O365MemberOf, azure.Contains) } func FetchOutboundEntityObjectControlPaths(tx graph.Transaction, root *graph.Node) (graph.PathSet, error) { diff --git a/packages/go/ein/azure.go b/packages/go/ein/azure.go index 528ad8f2e7..1d698ca889 100644 --- a/packages/go/ein/azure.go +++ b/packages/go/ein/azure.go @@ -393,6 +393,92 @@ func ConvertAzureFunctionAppRoleAssignmentToRels(data models.AzureRoleAssignment return relationships } +func ConvertAzureGroupToNode(data models.Group) IngestibleNode { + return IngestibleNode{ + ObjectID: strings.ToUpper(data.Id), + PropertyMap: map[string]any{ + common.Name.String(): strings.ToUpper(fmt.Sprintf("%s@%s", data.DisplayName, data.TenantName)), + common.WhenCreated.String(): ParseISO8601(data.CreatedDateTime), + common.Description.String(): data.Description, + common.DisplayName.String(): data.DisplayName, + azure.IsAssignableToRole.String(): data.IsAssignableToRole, + azure.OnPremID.String(): data.OnPremisesSecurityIdentifier, + azure.OnPremSyncEnabled.String(): data.OnPremisesSyncEnabled, + azure.SecurityEnabled.String(): data.SecurityEnabled, + azure.SecurityIdentifier.String(): data.SecurityIdentifier, + azure.TenantID.String(): strings.ToUpper(data.TenantId), + }, + Label: azure.Group, + } +} + +func ConvertAzureGroupToOnPremisesNode(data models.Group) IngestibleNode { + if data.OnPremisesSecurityIdentifier != "" { + return IngestibleNode{ + ObjectID: strings.ToUpper(data.OnPremisesSecurityIdentifier), + PropertyMap: map[string]any{}, + Label: ad.Group, + } + } + + return IngestibleNode{ + ObjectID: "", + PropertyMap: nil, + Label: nil, + } +} + +func ConvertAzureGroupToRel(data models.Group) IngestibleRelationship { + return NewIngestibleRelationship( + IngestibleSource{ + Source: strings.ToUpper(data.TenantId), + SourceType: azure.Tenant, + }, + IngestibleTarget{ + TargetType: azure.Group, + Target: strings.ToUpper(data.Id), + }, + IngestibleRel{ + RelProps: map[string]any{}, + RelType: azure.Contains, + }, + ) +} + +func ConvertAzureGroupMembersToRels(data models.GroupMembers) []IngestibleRelationship { + relationships := make([]IngestibleRelationship, 0) + + for _, raw := range data.Members { + var ( + member azure2.DirectoryObject + ) + if err := json.Unmarshal(raw.Member, &member); err != nil { + slog.Error(fmt.Sprintf(SerialError, "azure group member", err)) + } else if memberType, err := ExtractTypeFromDirectoryObject(member); errors.Is(err, ErrInvalidType) { + slog.Warn(fmt.Sprintf(ExtractError, err)) + } else if err != nil { + slog.Error(fmt.Sprintf(ExtractError, err)) + } else { + relationships = append(relationships, NewIngestibleRelationship( + IngestibleSource{ + Source: strings.ToUpper(member.Id), + SourceType: memberType, + }, + IngestibleTarget{ + TargetType: azure.Group, + Target: strings.ToUpper(data.GroupId), + }, + IngestibleRel{ + RelProps: map[string]any{}, + RelType: azure.MemberOf, + }, + )) + } + } + + return relationships +} + func ConvertAzureGroup365ToNode(data models.Group365) IngestibleNode { return IngestibleNode{ @@ -462,59 +548,7 @@ func ConvertAzureGroup365ToRel(data models.Group365) IngestibleRelationship { } -func ConvertAzureGroupToNode(data models.Group) IngestibleNode { - return IngestibleNode{ - ObjectID: strings.ToUpper(data.Id), - PropertyMap: map[string]any{ - common.Name.String(): strings.ToUpper(fmt.Sprintf("%s@%s", data.DisplayName, data.TenantName)), - common.WhenCreated.String(): ParseISO8601(data.CreatedDateTime), - common.Description.String(): data.Description, - common.DisplayName.String(): data.DisplayName, - azure.IsAssignableToRole.String(): data.IsAssignableToRole, - azure.OnPremID.String(): data.OnPremisesSecurityIdentifier, - azure.OnPremSyncEnabled.String(): data.OnPremisesSyncEnabled, - azure.SecurityEnabled.String(): data.SecurityEnabled, - azure.SecurityIdentifier.String(): data.SecurityIdentifier, - azure.TenantID.String(): strings.ToUpper(data.TenantId), - }, - Label: azure.Group, - } -} - -func ConvertAzureGroupToOnPremisesNode(data models.Group) IngestibleNode { - if data.OnPremisesSecurityIdentifier != "" { - return IngestibleNode{ - ObjectID: strings.ToUpper(data.OnPremisesSecurityIdentifier), - PropertyMap: map[string]any{}, - Label: ad.Group, - } - } - - return IngestibleNode{ - ObjectID: "", - PropertyMap: nil, - Label: nil, - } -} - -func ConvertAzureGroupToRel(data models.Group) IngestibleRelationship { - return NewIngestibleRelationship( - IngestibleSource{ - Source: strings.ToUpper(data.TenantId), - SourceType: azure.Tenant, - }, - IngestibleTarget{ - TargetType: azure.Group, - Target: strings.ToUpper(data.Id), - }, - IngestibleRel{ - RelProps: map[string]any{}, - RelType: azure.Contains, - }, - ) -} - -func ConvertAzureGroupMembersToRels(data models.GroupMembers) []IngestibleRelationship { +func ConvertAzureGroup365MembersToRels(data models.Group365Members) []IngestibleRelationship { relationships := make([]IngestibleRelationship, 0) for _, raw := range data.Members { @@ -522,7 +556,7 @@ func ConvertAzureGroupMembersToRels(data models.GroupMembers) []IngestibleRelati member azure2.DirectoryObject ) if err := json.Unmarshal(raw.Member, &member); err != nil { - slog.Error(fmt.Sprintf(SerialError, "azure group member", err)) + slog.Error(fmt.Sprintf(SerialError, "azure Microsoft 365 group member", err)) } else if memberType, err := ExtractTypeFromDirectoryObject(member); errors.Is(err, ErrInvalidType) { slog.Warn(fmt.Sprintf(ExtractError, err)) } else if err != nil { @@ -534,17 +568,16 @@ func ConvertAzureGroupMembersToRels(data models.GroupMembers) []IngestibleRelati SourceType: memberType, }, IngestibleTarget{ - TargetType: azure.Group, + TargetType: azure.Group365, Target: strings.ToUpper(data.GroupId), }, IngestibleRel{ RelProps: map[string]any{}, - RelType: azure.MemberOf, + RelType: azure.O365MemberOf, }, )) } } - return relationships } diff --git a/packages/go/graphschema/azure/azure.go b/packages/go/graphschema/azure/azure.go index 3409980905..da236ef235 100644 --- a/packages/go/graphschema/azure/azure.go +++ b/packages/go/graphschema/azure/azure.go @@ -1,19 +1,3 @@ -// Copyright 2025 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 - // Code generated by Cuelang code gen. DO NOT EDIT! // Cuelang source: github.com/specterops/bloodhound/-/tree/main/packages/cue/schemas/ @@ -54,6 +38,7 @@ var ( GetSecrets = graph.StringKind("AZGetSecrets") HasRole = graph.StringKind("AZHasRole") MemberOf = graph.StringKind("AZMemberOf") + O365MemberOf = graph.StringKind("AZGroup365Member") Owner = graph.StringKind("AZOwner") RunsAs = graph.StringKind("AZRunsAs") VMContributor = graph.StringKind("AZVMContributor") @@ -354,7 +339,7 @@ func (s Property) Is(others ...graph.Kind) bool { return false } func Relationships() []graph.Kind { - return []graph.Kind{AvereContributor, Contains, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, ScopedTo, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, ApplicationReadWriteAll, AppRoleAssignmentReadWriteAll, DirectoryReadWriteAll, GroupReadWriteAll, GroupMemberReadWriteAll, RoleManagementReadWriteDirectory, ServicePrincipalEndpointReadWriteAll, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser} + return []graph.Kind{AvereContributor, Contains, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, O365MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, ScopedTo, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, ApplicationReadWriteAll, AppRoleAssignmentReadWriteAll, DirectoryReadWriteAll, GroupReadWriteAll, GroupMemberReadWriteAll, RoleManagementReadWriteDirectory, ServicePrincipalEndpointReadWriteAll, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser} } func AppRoleTransitRelationshipKinds() []graph.Kind { return []graph.Kind{AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole} @@ -369,7 +354,7 @@ func ExecutionPrivileges() []graph.Kind { return []graph.Kind{VMAdminLogin, VMContributor, AvereContributor, WebsiteContributor, Contributor, ExecuteCommand} } func PathfindingRelationships() []graph.Kind { - return []graph.Kind{AvereContributor, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser, Contains} + return []graph.Kind{AvereContributor, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, O365MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser, Contains} } func NodeKinds() []graph.Kind { return []graph.Kind{Entity, VMScaleSet, App, Role, Device, FunctionApp, Group, Group365, KeyVault, ManagementGroup, ResourceGroup, ServicePrincipal, Subscription, Tenant, User, VM, ManagedCluster, ContainerRegistry, WebApp, LogicApp, AutomationAccount} diff --git a/packages/go/graphschema/common/common.go b/packages/go/graphschema/common/common.go index ba25b3e19f..99c199daf3 100644 --- a/packages/go/graphschema/common/common.go +++ b/packages/go/graphschema/common/common.go @@ -1,19 +1,3 @@ -// Copyright 2025 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 - // Code generated by Cuelang code gen. DO NOT EDIT! // Cuelang source: github.com/specterops/bloodhound/-/tree/main/packages/cue/schemas/ @@ -40,10 +24,10 @@ func NodeKinds() []graph.Kind { return []graph.Kind{MigrationData} } func InboundRelationshipKinds() []graph.Kind { - return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} + return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.O365MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} } func OutboundRelationshipKinds() []graph.Kind { - return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, ad.DCFor, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} + return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, ad.DCFor, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.O365MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} } type Property string diff --git a/packages/go/graphschema/graph.go b/packages/go/graphschema/graph.go index f606615cfa..c0cb953181 100644 --- a/packages/go/graphschema/graph.go +++ b/packages/go/graphschema/graph.go @@ -1,19 +1,3 @@ -// Copyright 2025 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 - // Code generated by Cuelang code gen. DO NOT EDIT! // Cuelang source: github.com/specterops/bloodhound/-/tree/main/packages/cue/schemas/ diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/AZGroup365MemberOf.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/AZGroup365MemberOf.tsx new file mode 100644 index 0000000000..95c2a310b5 --- /dev/null +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/AZGroup365MemberOf.tsx @@ -0,0 +1,28 @@ +// Copyright 2023 Specter Ops, Inc. +// +// Licensed under the Apache License, Version 2.0 +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +import Abuse from './Abuse'; +import General from './General'; +import Opsec from './Opsec'; +import References from './References'; + +const AZGroup365MemberOf = { + general: General, + abuse: Abuse, + opsec: Opsec, + references: References, +}; +export default AZGroup365MemberOf; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx new file mode 100644 index 0000000000..16a23716d7 --- /dev/null +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx @@ -0,0 +1,27 @@ +// Copyright 2023 Specter Ops, Inc. +// +// Licensed under the Apache License, Version 2.0 +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +import { Typography } from '@mui/material'; +import { FC } from 'react'; + +const Abuse: FC = () => { + return ( + + No abuse is necessary. This edge simply indicates that a principal belongs to a security group. + + ); +}; +export default Abuse; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx new file mode 100644 index 0000000000..05d1071162 --- /dev/null +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx @@ -0,0 +1,41 @@ +// Copyright 2023 Specter Ops, Inc. +// +// Licensed under the Apache License, Version 2.0 +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +import { Typography } from '@mui/material'; +import { FC } from 'react'; +import { EdgeInfoProps } from '../index'; +import { typeFormat } from '../utils'; + +const General: FC = ({ sourceName, sourceType, targetName }) => { + + return ( + <> + + + The {typeFormat(sourceType)} {sourceName} is a member of the group {targetName}. + + + + + + Groups in Azure Active Directory grant their direct members any privileges the group itself has. If a + group has an AzureAD admin role, direct members of the group inherit those permissions. + + + + ); +}; +export default General; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Opsec.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Opsec.tsx new file mode 100644 index 0000000000..6807158230 --- /dev/null +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Opsec.tsx @@ -0,0 +1,23 @@ +// Copyright 2023 Specter Ops, Inc. +// +// Licensed under the Apache License, Version 2.0 +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +import { Typography } from '@mui/material'; +import { FC } from 'react'; + +const Opsec: FC = () => { + return No opsec considerations apply to this edge.; +}; +export default Opsec; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/References.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/References.tsx new file mode 100644 index 0000000000..1545ea55a8 --- /dev/null +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/References.tsx @@ -0,0 +1,37 @@ +// Copyright 2023 Specter Ops, Inc. +// +// Licensed under the Apache License, Version 2.0 +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + +import { Box, Link } from '@mui/material'; +import { FC } from 'react'; + +const References: FC = () => { + + return ( + + + + Create a role-assignable group in Azure Active Directory + + + + ); +}; + +export default References; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx index cc44954bdc..f275cccb72 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx @@ -57,6 +57,7 @@ import AZMGRoleManagement_ReadWrite_Directory from './AZMGRoleManagement_ReadWri import AZMGServicePrincipalEndpoint_ReadWrite_All from './AZMGServicePrincipalEndpoint_ReadWrite_All/AZMGServicePrincipalEndpoint_ReadWrite_All'; import AZManagedIdentity from './AZManagedIdentity/AZManagedIdentity'; import AZMemberOf from './AZMemberOf/AZMemberOf'; +import AZGroup365Member from './AZGroup365MemberOf/AZGroup365MemberOf'; import AZNodeResourceGroup from './AZNodeResourceGroup/AZNodeResourceGroup'; import AZOwns from './AZOwns/AZOwns'; import AZPrivilegedAuthAdmin from './AZPrivilegedAuthAdmin/AZPrivilegedAuthAdmin'; @@ -145,6 +146,7 @@ export type EdgeInfoProps = { const EdgeInfoComponents = { GenericAll: GenericAll, MemberOf: MemberOf, + AZGroup365MemberOf: AZGroup365Member, AllExtendedRights: AllExtendedRights, AdminTo: AdminTo, HasSession: HasSession, diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index da665fc99f..04054a166c 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -1,25 +1,9 @@ -// Copyright 2025 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 export enum ActiveDirectoryNodeKind { Entity = 'Base', User = 'User', Computer = 'Computer', Group = 'Group', -Group365 = 'Group365', GPO = 'GPO', OU = 'OU', Container = 'Container', @@ -43,8 +27,6 @@ case ActiveDirectoryNodeKind.Computer: return 'Computer' case ActiveDirectoryNodeKind.Group: return 'Group' -case ActiveDirectoryNodeKind.Group365: -return 'Group365' case ActiveDirectoryNodeKind.GPO: return 'GPO' case ActiveDirectoryNodeKind.OU: @@ -759,6 +741,7 @@ GetKeys = 'AZGetKeys', GetSecrets = 'AZGetSecrets', HasRole = 'AZHasRole', MemberOf = 'AZMemberOf', +O365MemberOf = 'AZGroup365Member', Owner = 'AZOwner', RunsAs = 'AZRunsAs', VMContributor = 'AZVMContributor', @@ -817,6 +800,8 @@ case AzureRelationshipKind.HasRole: return 'HasRole' case AzureRelationshipKind.MemberOf: return 'MemberOf' +case AzureRelationshipKind.O365MemberOf: +return 'O365MemberOf' case AzureRelationshipKind.Owner: return 'Owner' case AzureRelationshipKind.RunsAs: @@ -1005,7 +990,7 @@ return undefined } } export function AzurePathfindingEdges (): AzureRelationshipKind[] { -return [AzureRelationshipKind.AvereContributor,AzureRelationshipKind.Contributor,AzureRelationshipKind.GetCertificates,AzureRelationshipKind.GetKeys,AzureRelationshipKind.GetSecrets,AzureRelationshipKind.HasRole,AzureRelationshipKind.MemberOf,AzureRelationshipKind.Owner,AzureRelationshipKind.RunsAs,AzureRelationshipKind.VMContributor,AzureRelationshipKind.AutomationContributor,AzureRelationshipKind.KeyVaultContributor,AzureRelationshipKind.VMAdminLogin,AzureRelationshipKind.AddMembers,AzureRelationshipKind.AddSecret,AzureRelationshipKind.ExecuteCommand,AzureRelationshipKind.GlobalAdmin,AzureRelationshipKind.PrivilegedAuthAdmin,AzureRelationshipKind.Grant,AzureRelationshipKind.GrantSelf,AzureRelationshipKind.PrivilegedRoleAdmin,AzureRelationshipKind.ResetPassword,AzureRelationshipKind.UserAccessAdministrator,AzureRelationshipKind.Owns,AzureRelationshipKind.CloudAppAdmin,AzureRelationshipKind.AppAdmin,AzureRelationshipKind.AddOwner,AzureRelationshipKind.ManagedIdentity,AzureRelationshipKind.AKSContributor,AzureRelationshipKind.NodeResourceGroup,AzureRelationshipKind.WebsiteContributor,AzureRelationshipKind.LogicAppContributor,AzureRelationshipKind.AZMGAddMember,AzureRelationshipKind.AZMGAddOwner,AzureRelationshipKind.AZMGAddSecret,AzureRelationshipKind.AZMGGrantAppRoles,AzureRelationshipKind.AZMGGrantRole,AzureRelationshipKind.SyncedToADUser,AzureRelationshipKind.Contains] +return [AzureRelationshipKind.AvereContributor,AzureRelationshipKind.Contributor,AzureRelationshipKind.GetCertificates,AzureRelationshipKind.GetKeys,AzureRelationshipKind.GetSecrets,AzureRelationshipKind.HasRole,AzureRelationshipKind.MemberOf,AzureRelationshipKind.O365MemberOf,AzureRelationshipKind.Owner,AzureRelationshipKind.RunsAs,AzureRelationshipKind.VMContributor,AzureRelationshipKind.AutomationContributor,AzureRelationshipKind.KeyVaultContributor,AzureRelationshipKind.VMAdminLogin,AzureRelationshipKind.AddMembers,AzureRelationshipKind.AddSecret,AzureRelationshipKind.ExecuteCommand,AzureRelationshipKind.GlobalAdmin,AzureRelationshipKind.PrivilegedAuthAdmin,AzureRelationshipKind.Grant,AzureRelationshipKind.GrantSelf,AzureRelationshipKind.PrivilegedRoleAdmin,AzureRelationshipKind.ResetPassword,AzureRelationshipKind.UserAccessAdministrator,AzureRelationshipKind.Owns,AzureRelationshipKind.CloudAppAdmin,AzureRelationshipKind.AppAdmin,AzureRelationshipKind.AddOwner,AzureRelationshipKind.ManagedIdentity,AzureRelationshipKind.AKSContributor,AzureRelationshipKind.NodeResourceGroup,AzureRelationshipKind.WebsiteContributor,AzureRelationshipKind.LogicAppContributor,AzureRelationshipKind.AZMGAddMember,AzureRelationshipKind.AZMGAddOwner,AzureRelationshipKind.AZMGAddSecret,AzureRelationshipKind.AZMGGrantAppRoles,AzureRelationshipKind.AZMGGrantRole,AzureRelationshipKind.SyncedToADUser,AzureRelationshipKind.Contains] } export enum CommonNodeKind { MigrationData = 'MigrationData', @@ -1076,4 +1061,4 @@ return 'Composition ID' default: return undefined } -} +} \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/utils/content.ts b/packages/javascript/bh-shared-ui/src/utils/content.ts index f185f6b2cf..ddad71197d 100644 --- a/packages/javascript/bh-shared-ui/src/utils/content.ts +++ b/packages/javascript/bh-shared-ui/src/utils/content.ts @@ -1121,102 +1121,102 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('az-base', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azbase-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('az-base', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azapp-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('applications', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azvmscaleset-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('vm-scale-sets', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azdevice-local_admins': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('devices', id, 'inbound-execution-privileges', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azdevice-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('devices', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azfunctionapp-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('function-apps', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup-members': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'group-members', counts, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup-member_of': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'group-membership', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup-roles': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup365-members': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'group-members', counts, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup365-member_of': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'group-membership', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup365-roles': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup365-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azgroup365-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azkeyvault-key_readers': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('key-vaults', id, 'key-readers', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => { + .then((res: { data: { countLabel: string; }; }) => { if (type !== 'graph') res.data.countLabel = 'Key Readers'; return res.data; }), @@ -1225,7 +1225,7 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('key-vaults', id, 'certificate-readers', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => { + .then((res: { data: { countLabel: string; }; }) => { if (type !== 'graph') res.data.countLabel = 'Certificate Readers'; return res.data; }), @@ -1234,7 +1234,7 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('key-vaults', id, 'secret-readers', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => { + .then((res: { data: { countLabel: string; }; }) => { if (type !== 'graph') res.data.countLabel = 'Secret Readers'; return res.data; }), @@ -1243,7 +1243,7 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('key-vaults', id, 'all-readers', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => { + .then((res: { data: { countLabel: string; }; }) => { if (type !== 'graph') res.data.countLabel = 'All Readers'; return res.data; }), @@ -1252,169 +1252,169 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('key-vaults', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_management_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-management-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_subscriptions': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-subscriptions', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_resource_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-resource-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_vms': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-virtual-machines', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_managed_clusters': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-managed-clusters', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_vm_scale_sets': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-vm-scale-sets', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_container_registries': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-container-registries', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_web_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-web-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_automation_accounts': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-automation-accounts', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_key_vaults': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-key-vaults', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_function_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-function-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-descendant_logic_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-logic-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagementgroup-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-descendant_vms': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-virtual-machines', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-descendant_managed_clusters': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-managed-clusters', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-descendant_vm_scale_sets': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-vm-scale-sets', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-descendant_container_registries': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-container-registries', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-descendant_automation_accounts': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-automation-accounts', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-descendant_key_vaults': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-key-vaults', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-descendant_web_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-web-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-descendant_function_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-function-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-descendant_logic_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-logic-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azresourcegroup-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azrole-active_assignments': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('roles', id, 'active-assignments', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azserviceprincipal-roles': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('service-principals', id, 'roles', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azserviceprincipal-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('service-principals', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azserviceprincipal-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('service-principals', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azserviceprincipal-inbound_abusable_app_role_assignments': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2( @@ -1429,7 +1429,7 @@ export const entityRelationshipEndpoints = { signal: controller.signal, } ) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azserviceprincipal-outbound_abusable_app_role_assignments': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2( @@ -1444,403 +1444,403 @@ export const entityRelationshipEndpoints = { signal: controller.signal, } ) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_resource_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-resource-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_vms': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-virtual-machines', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_managed_clusters': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-managed-clusters', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_vm_scale_sets': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-vm-scale-sets', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_container_registries': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-container-registries', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_automation_accounts': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-automation-accounts', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_key_vaults': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-key-vaults', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_web_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-web-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_function_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-function-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-descendant_objects-descendant_logic_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-logic-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azsubscription-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_users': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-users', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_management_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-management-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_subscriptions': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-subscriptions', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_resource_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-resource-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_vms': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-virtual-machines', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_managed_clusters': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-managed-clusters', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_vm_scale_sets': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-vm-scale-sets', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_container_registries': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-container-registries', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_web_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-web-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_automation_accounts': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-automation-accounts', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_key_vaults': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-key-vaults', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_function_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-function-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_logic_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-logic-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_app_registrations': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-applications', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_service_principals': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-service-principals', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-descendant_devices': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-devices', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aztenant-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azuser-member_of': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'group-membership', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azuser-roles': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azuser-execution_privileges': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'outbound-execution-privileges', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azuser-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azuser-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azvm-local_admins': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('vms', id, 'inbound-execution-privileges', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azvm-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('vms', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azmanagedcluster-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('managed-clusters', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azcontainerregistry-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('container-registries', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azwebapp-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('web-apps', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azlogicapp-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('logic-apps', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'azautomationaccount-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('automation-accounts', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'base-outbound_object_control': ({ id, skip, limit, type }) => - apiClient.getBaseControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getBaseControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'base-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getBaseControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getBaseControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'container-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getContainerControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'aiaca-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getAIACAControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getAIACAControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'certtemplate-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getCertTemplateControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'computer-sessions': ({ id, skip, limit, type }) => - apiClient.getComputerSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getComputerSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'computer-local_admins': ({ id, skip, limit, type }) => - apiClient.getComputerAdminUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getComputerAdminUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'computer-rdp_users': ({ id, skip, limit, type }) => - apiClient.getComputerRDPUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getComputerRDPUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'computer-psremote_users': ({ id, skip, limit, type }) => apiClient .getComputerPSRemoteUsersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'computer-dcom_users': ({ id, skip, limit, type }) => - apiClient.getComputerDCOMUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getComputerDCOMUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'computer-sql_admin_users': ({ id, skip, limit, type }) => - apiClient.getComputerSQLAdminsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getComputerSQLAdminsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'computer-constrained_delegation_users': ({ id, skip, limit, type }) => apiClient .getComputerConstrainedDelegationRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'computer-member_of': ({ id, skip, limit, type }) => apiClient .getComputerGroupMembershipV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'computer-local_admin_privileges': ({ id, skip, limit, type }) => apiClient .getComputerAdminRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'computer-rdp_privileges': ({ id, skip, limit, type }) => - apiClient.getComputerRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getComputerRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'computer-psremote_rights': ({ id, skip, limit, type }) => apiClient .getComputerPSRemoteRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'computer-dcom_privileges': ({ id, skip, limit, type }) => - apiClient.getComputerDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getComputerDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'computer-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getComputerControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'computer-outbound_object_control': ({ id, skip, limit, type }) => apiClient .getComputerControllablesV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'domain-foreign_users': ({ id, skip, limit, type }) => - apiClient.getDomainForeignUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getDomainForeignUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'domain-foreign_groups': ({ id, skip, limit, type }) => apiClient .getDomainForeignGroupsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'domain-foreign_admins': ({ id, skip, limit, type }) => apiClient .getDomainForeignAdminsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'domain-foreign_gpo_controllers': ({ id, skip, limit, type }) => apiClient .getDomainForeignGPOControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'domain-inbound_trusts': ({ id, skip, limit, type }) => apiClient .getDomainInboundTrustsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'domain-outbound_trusts': ({ id, skip, limit, type }) => apiClient .getDomainOutboundTrustsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'domain-controllers': ({ id, skip, limit, type }) => - apiClient.getDomainControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getDomainControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'enterpriseca-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getEnterpriseCAControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'gpo-ous': ({ id, skip, limit, type }) => - apiClient.getGPOOUsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGPOOUsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'gpo-computers': ({ id, skip, limit, type }) => - apiClient.getGPOComputersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGPOComputersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'gpo-users': ({ id, skip, limit, type }) => - apiClient.getGPOUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGPOUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'gpo-tier_zero_objects': ({ id, skip, limit, type }) => - apiClient.getGPOTierZeroV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGPOTierZeroV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'gpo-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getGPOControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGPOControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'group-sessions': ({ id, skip, limit, type }) => - apiClient.getGroupSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGroupSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'group-members': ({ id, skip, limit, type }) => - apiClient.getGroupMembersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGroupMembersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'group-member_of': ({ id, skip, limit, type }) => - apiClient.getGroupMembershipsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGroupMembershipsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'group-local_admin_privileges': ({ id, skip, limit, type }) => - apiClient.getGroupAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGroupAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'group-rdp_privileges': ({ id, skip, limit, type }) => - apiClient.getGroupRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGroupRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'group-dcom_privileges': ({ id, skip, limit, type }) => - apiClient.getGroupDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGroupDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'group-psremote_rights': ({ id, skip, limit, type }) => apiClient .getGroupPSRemoteRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'group-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getGroupControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGroupControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'group-outbound_object_control': ({ id, skip, limit, type }) => - apiClient.getGroupControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getGroupControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'ntauthstore-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getNTAuthStoreControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'ou-affecting_gpos': ({ id, skip, limit, type }) => - apiClient.getOUGPOsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getOUGPOsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'ou-groups': ({ id, skip, limit, type }) => - apiClient.getOUGroupsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getOUGroupsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'ou-computers': ({ id, skip, limit, type }) => - apiClient.getOUComputersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getOUComputersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'ou-users': ({ id, skip, limit, type }) => - apiClient.getOUUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getOUUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'rootca-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getRootCAControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getRootCAControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'issuancepolicy-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getIssuancePolicyControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'issuancepolicy-linked_certificate_templates': ({ id, skip, limit, type }) => apiClient .getIssuancePolicyLinkedTemplatesV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'user-sessions': ({ id, skip, limit, type }) => - apiClient.getUserSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getUserSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'user-member_of': ({ id, skip, limit, type }) => - apiClient.getUserMembershipsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getUserMembershipsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'user-local_admin_privileges': ({ id, skip, limit, type }) => - apiClient.getUserAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getUserAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'user-rdp_privileges': ({ id, skip, limit, type }) => - apiClient.getUserRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getUserRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'user-psremote_privileges': ({ id, skip, limit, type }) => - apiClient.getUserPSRemoteRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getUserPSRemoteRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'user-dcom_privileges': ({ id, skip, limit, type }) => - apiClient.getUserDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getUserDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'user-sql_admin_rights': ({ id, skip, limit, type }) => - apiClient.getUserSQLAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getUserSQLAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'user-constrained_delegation_privileges': ({ id, skip, limit, type }) => apiClient .getUserConstrainedDelegationRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res: { data: any; }) => res.data), 'user-outbound_object_control': ({ id, skip, limit, type }) => - apiClient.getUserControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getUserControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), 'user-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getUserControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), + apiClient.getUserControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), } as const satisfies EntityRelationshipEndpoint; From e2d86c21ead78bdcb26ea168687ccf76a44b11c9 Mon Sep 17 00:00:00 2001 From: Basile Date: Wed, 2 Apr 2025 15:00:13 +0200 Subject: [PATCH 03/11] Added integration tests for Microsoft 365 groups --- .../analysis/azure/azure_integration_test.go | 35 +++++++++++- cmd/api/src/analysis/azure/queries_test.go | 1 + cmd/api/src/test/integration/graph.go | 11 ++++ cmd/api/src/test/integration/harnesses.go | 56 +++++++++++++++++-- packages/go/analysis/analysis_test.go | 1 + 5 files changed, 95 insertions(+), 9 deletions(-) diff --git a/cmd/api/src/analysis/azure/azure_integration_test.go b/cmd/api/src/analysis/azure/azure_integration_test.go index 90f81a735f..3453df27a4 100644 --- a/cmd/api/src/analysis/azure/azure_integration_test.go +++ b/cmd/api/src/analysis/azure/azure_integration_test.go @@ -127,7 +127,7 @@ func TestAzureEntityGroupMembership(t *testing.T) { if groupPaths, err := azureanalysis.FetchEntityGroupMembershipPaths(tx, harness.AZBaseHarness.User); err != nil { t.Fatal(err) } else { - assert.ElementsMatch(t, harness.AZBaseHarness.UserFirstDegreeGroups.IDs(), groupPaths.AllNodes().ContainingNodeKinds(azure.Group).IDs()) + assert.ElementsMatch(t, harness.AZBaseHarness.UserFirstDegreeGroups.IDs(), groupPaths.AllNodes().ContainingNodeKinds(azure.Group, azure.Group365).IDs()) } }) } @@ -554,6 +554,31 @@ func TestGroupEntityDetails(t *testing.T) { }) } +func TestGroup365EntityDetails(t *testing.T) { + testContext := integration.NewGraphTestContext(t, schema.DefaultGraphSchema()) + testContext.ReadTransactionTestWithSetup(func(harness *integration.HarnessDetails) error { + harness.AZEntityPanelHarness.Setup(testContext) + return nil + + }, func(harness integration.HarnessDetails, tx graph.Transaction) { + + groupObjectID, err := harness.AZEntityPanelHarness.Group365.Properties.Get(common.ObjectID.String()).String() + require.Nil(t, err) + + assert.NotEqual(t, "", groupObjectID) + + group, err := azureanalysis.Group365EntityDetails(testContext.Graph.Database, groupObjectID, false) + + require.Nil(t, err) + assert.Equal(t, harness.AZEntityPanelHarness.Group365.Properties.Get(common.ObjectID.String()).Any(), group.Properties[common.ObjectID.String()]) + assert.Equal(t, 0, group.InboundObjectControl) + + group, err = azureanalysis.Group365EntityDetails(testContext.Graph.Database, groupObjectID, true) + require.Nil(t, err) + assert.NotEqual(t, 0, group.InboundObjectControl) + }) +} + func TestManagementGroupEntityDetails(t *testing.T) { testContext := integration.NewGraphTestContext(t, schema.DefaultGraphSchema()) testContext.ReadTransactionTestWithSetup(func(harness *integration.HarnessDetails) error { @@ -807,11 +832,13 @@ func TestFetchInboundEntityObjectControlPaths(t *testing.T) { paths, err := azureanalysis.FetchInboundEntityObjectControlPaths(tx, harness.AZInboundControlHarness.ControlledAZUser) require.Nil(t, err) nodes := paths.AllNodes().IDs() - require.Equal(t, 8, len(nodes)) + require.Equal(t, 10, len(nodes)) require.NotContains(t, nodes, harness.AZInboundControlHarness.AZAppA.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.ControlledAZUser.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZGroupA.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZGroupB.ID) + require.Contains(t, nodes, harness.AZInboundControlHarness.AZGroup365A.ID) + require.Contains(t, nodes, harness.AZInboundControlHarness.AZGroup365B.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZServicePrincipalA.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZServicePrincipalB.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZUserA.ID) @@ -830,11 +857,13 @@ func TestFetchInboundEntityObjectControllers(t *testing.T) { control, err := azureanalysis.FetchInboundEntityObjectControllers(tx, harness.AZInboundControlHarness.ControlledAZUser, 0, 0) require.Nil(t, err) nodes := control.IDs() - require.Equal(t, 7, len(nodes)) + require.Equal(t, 9, len(nodes)) require.NotContains(t, nodes, harness.AZInboundControlHarness.ControlledAZUser.ID) require.NotContains(t, nodes, harness.AZInboundControlHarness.AZAppA.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZGroupA.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZGroupB.ID) + require.Contains(t, nodes, harness.AZInboundControlHarness.AZGroup365A.ID) + require.Contains(t, nodes, harness.AZInboundControlHarness.AZGroup365B.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZServicePrincipalA.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZServicePrincipalB.ID) require.Contains(t, nodes, harness.AZInboundControlHarness.AZUserA.ID) diff --git a/cmd/api/src/analysis/azure/queries_test.go b/cmd/api/src/analysis/azure/queries_test.go index 10f57150a5..8922c1682f 100644 --- a/cmd/api/src/analysis/azure/queries_test.go +++ b/cmd/api/src/analysis/azure/queries_test.go @@ -41,6 +41,7 @@ func TestAnalysisAzure_GraphStats(t *testing.T) { assert.NotZero(t, agg.Tenants) assert.NotZero(t, agg.Users) assert.NotZero(t, agg.Groups) + assert.NotZero(t, agg.Groups365) assert.NotZero(t, agg.Apps) assert.NotZero(t, agg.ServicePrincipals) assert.NotZero(t, agg.Devices) diff --git a/cmd/api/src/test/integration/graph.go b/cmd/api/src/test/integration/graph.go index 8e65f9962e..b4f230a259 100644 --- a/cmd/api/src/test/integration/graph.go +++ b/cmd/api/src/test/integration/graph.go @@ -228,6 +228,17 @@ func (s *GraphTestContext) NewAzureGroup(name, objectID, tenantID string) *graph }), azure.Entity, azure.Group) } +func (s *GraphTestContext) NewAzureGroup365(name, objectID, tenantID string) *graph.Node { + + return s.NewNode(graph.AsProperties(graph.PropertyMap{ + + common.Name: name, + common.ObjectID: objectID, + azure.TenantID: tenantID, + azure.IsAssignableToRole: true, + }), azure.Entity, azure.Group365) +} + func (s *GraphTestContext) NewAzureVM(name, objectID, tenantID string) *graph.Node { return s.NewNode(graph.AsProperties(graph.PropertyMap{ common.Name: name, diff --git a/cmd/api/src/test/integration/harnesses.go b/cmd/api/src/test/integration/harnesses.go index fea0151f22..1869e40735 100644 --- a/cmd/api/src/test/integration/harnesses.go +++ b/cmd/api/src/test/integration/harnesses.go @@ -806,7 +806,7 @@ func (s *AZBaseHarness) Setup(testCtx *GraphTestContext) { s.ServicePrincipal = testCtx.NewAzureServicePrincipal(HarnessServicePrincipalName, RandomObjectID(testCtx.testCtx), tenantID) s.Nodes.Add(s.Tenant, s.User, s.Application, s.ServicePrincipal) s.UserFirstDegreeGroups = graph.NewNodeSet() - s.NumPaths = 1287 + s.NumPaths = 1307 // Tie the user to the tenant and vice-versa // Note: This will cause a full re-traversal of paths outbound from the user object @@ -816,6 +816,7 @@ func (s *AZBaseHarness) Setup(testCtx *GraphTestContext) { // Create some MemberOf relationships for the new user for nestingDepth := numGroups; nestingDepth > 0; nestingDepth-- { newGroups := s.CreateAzureNestedGroupChain(testCtx, tenantID, nestingDepth) + newGroups.AddSet(s.CreateAzureNestedGroup365Chain(testCtx, tenantID, nestingDepth)) s.Nodes.Add(newGroups.Slice()...) for _, newGroup := range newGroups { @@ -892,12 +893,38 @@ func (s *AZBaseHarness) CreateAzureNestedGroupChain(testCtx *GraphTestContext, t return groupNodes } +func (s *AZBaseHarness) CreateAzureNestedGroup365Chain(testCtx *GraphTestContext, tenantID string, chainDepth int) graph.NodeSet { + var ( + previousGroup *graph.Node + groupNodes = graph.NewNodeSet() + ) + + for groupIdx := 0; groupIdx < chainDepth; groupIdx++ { + var ( + objectID = RandomObjectID(testCtx.testCtx) + newGroup = testCtx.NewAzureGroup365(fmt.Sprintf("AZGroup365_%s", objectID), objectID, tenantID) + ) + + if previousGroup == nil { + testCtx.NewRelationship(s.User, newGroup, azure.O365MemberOf) + s.UserFirstDegreeGroups.Add(newGroup) + } else { + testCtx.NewRelationship(previousGroup, newGroup, azure.O365MemberOf) + } + + groupNodes.Add(newGroup) + previousGroup = newGroup + } + return groupNodes +} + type AZGroupMembershipHarness struct { - Tenant *graph.Node - UserA *graph.Node - UserB *graph.Node - UserC *graph.Node - Group *graph.Node + Tenant *graph.Node + UserA *graph.Node + UserB *graph.Node + UserC *graph.Node + Group *graph.Node + Group365 *graph.Node } func (s *AZGroupMembershipHarness) Setup(testCtx *GraphTestContext) { @@ -907,12 +934,17 @@ func (s *AZGroupMembershipHarness) Setup(testCtx *GraphTestContext) { s.UserB = testCtx.NewAzureUser("UserB", "UserB", "", RandomObjectID(testCtx.testCtx), "", tenantID, false) s.UserC = testCtx.NewAzureUser("UserC", "UserC", "", RandomObjectID(testCtx.testCtx), "", tenantID, false) s.Group = testCtx.NewAzureGroup("Group", RandomObjectID(testCtx.testCtx), tenantID) + s.Group365 = testCtx.NewAzureGroup365("Group365", RandomObjectID(testCtx.testCtx), tenantID) testCtx.NewRelationship(s.Tenant, s.Group, azure.Contains) + testCtx.NewRelationship(s.Tenant, s.Group365, azure.Contains) testCtx.NewRelationship(s.UserA, s.Group, azure.MemberOf) testCtx.NewRelationship(s.UserB, s.Group, azure.MemberOf) testCtx.NewRelationship(s.UserC, s.Group, azure.MemberOf) + testCtx.NewRelationship(s.UserA, s.Group365, azure.O365MemberOf) + testCtx.NewRelationship(s.UserB, s.Group365, azure.O365MemberOf) + testCtx.NewRelationship(s.UserC, s.Group365, azure.O365MemberOf) } type AZManagementGroupHarness struct { @@ -941,6 +973,7 @@ type AZEntityPanelHarness struct { Application *graph.Node Device *graph.Node Group *graph.Node + Group365 *graph.Node ManagementGroup *graph.Node ResourceGroup *graph.Node KeyVault *graph.Node @@ -957,6 +990,7 @@ func (s *AZEntityPanelHarness) Setup(testCtx *GraphTestContext) { s.Application = testCtx.NewAzureApplication("App", RandomObjectID(testCtx.testCtx), tenantID) s.Device = testCtx.NewAzureDevice("Device", RandomObjectID(testCtx.testCtx), RandomObjectID(testCtx.testCtx), tenantID) s.Group = testCtx.NewAzureGroup("Group", RandomObjectID(testCtx.testCtx), tenantID) + s.Group365 = testCtx.NewAzureGroup("Group365", RandomObjectID(testCtx.testCtx), tenantID) s.ManagementGroup = testCtx.NewAzureResourceGroup("Mgmt Group", RandomObjectID(testCtx.testCtx), tenantID) s.ResourceGroup = testCtx.NewAzureResourceGroup("Resource Group", RandomObjectID(testCtx.testCtx), tenantID) s.KeyVault = testCtx.NewAzureKeyVault("Key Vault", RandomObjectID(testCtx.testCtx), tenantID) @@ -978,6 +1012,7 @@ func (s *AZEntityPanelHarness) Setup(testCtx *GraphTestContext) { testCtx.NewRelationship(s.User, s.Group, azure.Owns) testCtx.NewRelationship(s.User, s.ResourceGroup, azure.Owns) testCtx.NewRelationship(s.User, s.ManagementGroup, azure.Owner) + testCtx.NewRelationship(s.User, s.Group365, azure.Owns) // Key Vault testCtx.NewRelationship(s.User, s.KeyVault, azure.Owns) @@ -1209,6 +1244,8 @@ type AZInboundControlHarness struct { AZAppA *graph.Node AZGroupA *graph.Node AZGroupB *graph.Node + AZGroup365A *graph.Node + AZGroup365B *graph.Node AZUserA *graph.Node AZUserB *graph.Node AZServicePrincipalA *graph.Node @@ -1222,20 +1259,27 @@ func (s *AZInboundControlHarness) Setup(testCtx *GraphTestContext) { s.AZAppA = testCtx.NewAzureApplication("AZAppA", RandomObjectID(testCtx.testCtx), tenantID) s.AZGroupA = testCtx.NewAzureGroup("AZGroupA", RandomObjectID(testCtx.testCtx), tenantID) s.AZGroupB = testCtx.NewAzureGroup("AZGroupB", RandomObjectID(testCtx.testCtx), tenantID) + s.AZGroup365A = testCtx.NewAzureGroup365("AZGroup365A", RandomObjectID(testCtx.testCtx), tenantID) + s.AZGroup365B = testCtx.NewAzureGroup365("AZGroup365B", RandomObjectID(testCtx.testCtx), tenantID) s.AZUserA = testCtx.NewAzureUser("AZUserA", "AZUserA", "", RandomObjectID(testCtx.testCtx), HarnessUserLicenses, tenantID, HarnessUserMFAEnabled) s.AZUserB = testCtx.NewAzureUser("AZUserB", "AZUserB", "", RandomObjectID(testCtx.testCtx), HarnessUserLicenses, tenantID, HarnessUserMFAEnabled) s.AZServicePrincipalA = testCtx.NewAzureServicePrincipal("AZServicePrincipalA", RandomObjectID(testCtx.testCtx), tenantID) s.AZServicePrincipalB = testCtx.NewAzureServicePrincipal("AZServicePrincipalB", RandomObjectID(testCtx.testCtx), tenantID) testCtx.NewRelationship(s.AZTenant, s.AZGroupA, azure.Contains) + testCtx.NewRelationship(s.AZTenant, s.AZGroup365A, azure.Contains) testCtx.NewRelationship(s.AZUserA, s.AZGroupA, azure.MemberOf) testCtx.NewRelationship(s.AZServicePrincipalB, s.AZGroupB, azure.MemberOf) + testCtx.NewRelationship(s.AZUserA, s.AZGroup365A, azure.O365MemberOf) + testCtx.NewRelationship(s.AZServicePrincipalB, s.AZGroup365B, azure.O365MemberOf) testCtx.NewRelationship(s.AZAppA, s.AZServicePrincipalA, azure.RunsAs) testCtx.NewRelationship(s.AZGroupA, s.ControlledAZUser, azure.ResetPassword) testCtx.NewRelationship(s.AZGroupB, s.ControlledAZUser, azure.ResetPassword) + testCtx.NewRelationship(s.AZGroup365A, s.ControlledAZUser, azure.ResetPassword) + testCtx.NewRelationship(s.AZGroup365B, s.ControlledAZUser, azure.ResetPassword) testCtx.NewRelationship(s.AZUserB, s.ControlledAZUser, azure.ResetPassword) testCtx.NewRelationship(s.AZServicePrincipalA, s.ControlledAZUser, azure.ResetPassword) } diff --git a/packages/go/analysis/analysis_test.go b/packages/go/analysis/analysis_test.go index 2b7ebc8288..17a54f1cd5 100644 --- a/packages/go/analysis/analysis_test.go +++ b/packages/go/analysis/analysis_test.go @@ -105,6 +105,7 @@ func TestGetNodeKindDisplayLabel(t *testing.T) { assert.Equal(ad.Group.String(), analysis.GetNodeKindDisplayLabel(graph.PrepareNode(graph.NewProperties(), ad.Entity, ad.Group, ad.LocalGroup)), "should return valid kind other than LocalGroup if one is present") assert.Equal(ad.LocalGroup.String(), analysis.GetNodeKindDisplayLabel(graph.PrepareNode(graph.NewProperties(), ad.Entity, ad.LocalGroup)), "should return LocalGroup if no other valid kinds are present") assert.Equal(azure.Group.String(), analysis.GetNodeKindDisplayLabel(graph.PrepareNode(graph.NewProperties(), azure.Entity, azure.Group)), "should return valid Azure kind when base and kind are present") + assert.Equal(azure.Group365.String(), analysis.GetNodeKindDisplayLabel(graph.PrepareNode(graph.NewProperties(), azure.Entity, azure.Group365)), "should return valid Azure kind when base and kind are present") assert.Equal(analysis.NodeKindUnknown, analysis.GetNodeKindDisplayLabel(graph.PrepareNode(graph.NewProperties(), unsupportedKind)), "should return Unknown when only an unsupported kind is present") assert.Equal(ad.Entity.String(), analysis.GetNodeKindDisplayLabel(graph.PrepareNode(graph.NewProperties(), ad.Entity, unsupportedKind)), "should return valid kind if one is preseneven if an unsupported kind is also present") assert.Equal(analysis.NodeKindUnknown, analysis.GetNodeKindDisplayLabel(graph.PrepareNode(graph.NewProperties())), "should return Unknown if no node has no kinds on it") From 6988c12a4d464660eab139a3ac3b64a59f430de1 Mon Sep 17 00:00:00 2001 From: Basile Date: Wed, 2 Apr 2025 17:12:52 +0200 Subject: [PATCH 04/11] Fixed the unwanted behavior of some Microsoft 365 groups being rendered as normal AZGroups --- .../database/migration/migrations/schema.sql | 1 - cmd/ui/src/ducks/graph/graphutils.ts | 2 +- packages/go/analysis/azure/group365.go | 56 ----------------- packages/go/ein/azure.go | 34 +--------- .../bh-shared-ui/src/utils/content.ts | 63 ++----------------- 5 files changed, 9 insertions(+), 147 deletions(-) diff --git a/cmd/api/src/database/migration/migrations/schema.sql b/cmd/api/src/database/migration/migrations/schema.sql index c882222580..fd49aa1c8e 100644 --- a/cmd/api/src/database/migration/migrations/schema.sql +++ b/cmd/api/src/database/migration/migrations/schema.sql @@ -256,7 +256,6 @@ CREATE TABLE IF NOT EXISTS domain_collection_results ( message text, user_count bigint, group_count bigint, - group365_count bigint, computer_count bigint, gpo_count bigint, ou_count bigint, diff --git a/cmd/ui/src/ducks/graph/graphutils.ts b/cmd/ui/src/ducks/graph/graphutils.ts index c65dc41033..92d66df5ee 100644 --- a/cmd/ui/src/ducks/graph/graphutils.ts +++ b/cmd/ui/src/ducks/graph/graphutils.ts @@ -209,7 +209,6 @@ const ICONS: { [id in GraphNodeTypes]: string } = { [GraphNodeTypes.AZDevice]: 'fa-desktop', [GraphNodeTypes.AZFunctionApp]: 'fa-bolt', [GraphNodeTypes.AZGroup]: 'fa-users', - [GraphNodeTypes.AZGroup365]: 'fa-users', [GraphNodeTypes.AZKeyVault]: 'fa-lock', [GraphNodeTypes.AZManagementGroup]: 'fa-cube', [GraphNodeTypes.AZResourceGroup]: 'fa-cube', @@ -228,6 +227,7 @@ const ICONS: { [id in GraphNodeTypes]: string } = { [GraphNodeTypes.Domain]: 'fa-globe', [GraphNodeTypes.GPO]: 'fa-th-list', [GraphNodeTypes.Group]: 'fa-users', + [GraphNodeTypes.AZGroup365]: 'fa-users', [GraphNodeTypes.OU]: 'fa-sitemap', [GraphNodeTypes.User]: 'fa-user', [GraphNodeTypes.Container]: 'fa-box', diff --git a/packages/go/analysis/azure/group365.go b/packages/go/analysis/azure/group365.go index 65d4591590..29997c648f 100644 --- a/packages/go/analysis/azure/group365.go +++ b/packages/go/analysis/azure/group365.go @@ -1,31 +1,17 @@ // Copyright 2023 Specter Ops, Inc. - // - // Licensed under the Apache License, Version 2.0 - // you may not use this file except in compliance with the License. - // You may obtain a copy of the License at - // - // http://www.apache.org/licenses/LICENSE-2.0 - // - // Unless required by applicable law or agreed to in writing, software - // distributed under the License is distributed on an "AS IS" BASIS, - // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - // See the License for the specific language governing permissions and - // limitations under the License. - // - // SPDX-License-Identifier: Apache-2.0 package azure @@ -39,108 +25,66 @@ import ( func NewGroup365EntityDetails(node *graph.Node) Group365Details { return Group365Details{ - Node: FromGraphNode(node), } - } func Group365EntityDetails(db graph.Database, objectID string, hydrateCounts bool) (Group365Details, error) { var details Group365Details - return details, db.ReadTransaction(context.Background(), func(tx graph.Transaction) error { if node, err := FetchEntityByObjectID(tx, objectID); err != nil { - return err } else { - details = NewGroup365EntityDetails(node) if hydrateCounts { - details, err = PopulateGroup365EntityDetailsCounts(tx, node, details) - } return err - } - }) - } func PopulateGroup365EntityDetailsCounts(tx graph.Transaction, node *graph.Node, details Group365Details) (Group365Details, error) { /* if roles, err := FetchEntityRoles(tx, node, 0, 0); err != nil { - - return details, err - } else { - - details.Roles = roles.Len() - - } */ /* if groupMembers, err := FetchGroupMemberPaths(tx, node); err != nil { - - return details, err - } else { - - details.Group365Members = groupMembers.Len() - - } */ /* if groupMembership, err := FetchEntityGroupMembershipPaths(tx, node); err != nil { - - return details, err - } else { - - details.Group365Membership = groupMembership.Len() - } */ if inboundObjectControl, err := FetchInboundEntityObjectControllers(tx, node, 0, 0); err != nil { - return details, err } else { - details.InboundObjectControl = inboundObjectControl.Len() - } /* if outboundObjectControl, err := FetchOutboundEntityObjectControl(tx, node, 0, 0); err != nil { - - return details, err - } else { - - details.OutboundObjectControl = outboundObjectControl.Len() - - } */ - return details, nil - } diff --git a/packages/go/ein/azure.go b/packages/go/ein/azure.go index 1d698ca889..ee48b34852 100644 --- a/packages/go/ein/azure.go +++ b/packages/go/ein/azure.go @@ -482,67 +482,39 @@ func ConvertAzureGroupMembersToRels(data models.GroupMembers) []IngestibleRelati func ConvertAzureGroup365ToNode(data models.Group365) IngestibleNode { return IngestibleNode{ - ObjectID: strings.ToUpper(data.Id), - PropertyMap: map[string]any{ - common.Name.String(): strings.ToUpper(fmt.Sprintf("%s@%s", data.DisplayName, data.TenantName)), - /* common.WhenCreated.String(): ParseISO8601(data.CreatedDateTime), - - common.Description.String(): data.Description, - - common.DisplayName.String(): data.DisplayName, - - azure.IsAssignableToRole.String(): data.IsAssignableToRole, - - azure.OnPremID.String(): data.OnPremisesSecurityIdentifier, - - azure.OnPremSyncEnabled.String(): data.OnPremisesSyncEnabled, - - azure.SecurityEnabled.String(): data.SecurityEnabled, - - azure.SecurityIdentifier.String(): data.SecurityIdentifier, */ - azure.TenantID.String(): strings.ToUpper(data.TenantId), }, - Label: azure.Group365, } - } func ConvertAzureGroup365ToRel(data models.Group365) IngestibleRelationship { return NewIngestibleRelationship( - IngestibleSource{ - - Source: strings.ToUpper(data.TenantId), - + Source: strings.ToUpper(data.TenantId), SourceType: azure.Tenant, }, IngestibleTarget{ - TargetType: azure.Group365, - - Target: strings.ToUpper(data.Id), + Target: strings.ToUpper(data.Id), }, IngestibleRel{ - RelProps: map[string]any{}, - - RelType: azure.Contains, + RelType: azure.Contains, }, ) diff --git a/packages/javascript/bh-shared-ui/src/utils/content.ts b/packages/javascript/bh-shared-ui/src/utils/content.ts index ddad71197d..6461d54fd8 100644 --- a/packages/javascript/bh-shared-ui/src/utils/content.ts +++ b/packages/javascript/bh-shared-ui/src/utils/content.ts @@ -230,84 +230,31 @@ export const allSections: Partial EntityInfo }, ], [AzureNodeKind.Group365]: (id: string) => [ - - - { - - id, - - label: 'Members', - - queryType: 'azgroup365-members', - - }, - - { - - id, - - label: 'Member Of', - - queryType: 'azgroup365-member_of', - - }, - - { - - id, - - label: 'Roles', - - queryType: 'azgroup365-roles', - - }, - - { - - id, - - label: 'Inbound Object Control', - - queryType: 'azgroup365-inbound_object_control', - - }, - - { - - id, - - label: 'Outbound Object Control', - - queryType: 'azgroup365-outbound_object_control', - - }, - - ], [AzureNodeKind.KeyVault]: (id: string) => [ { @@ -1186,28 +1133,28 @@ export const entityRelationshipEndpoints = { .then((res: { data: any; }) => res.data), 'azgroup365-members': ({ id, counts, skip, limit, type }) => apiClient - .getAZEntityInfoV2('groups', id, 'group-members', counts, skip, limit, type, { signal: controller.signal }) + .getAZEntityInfoV2('groups365', id, 'group-members', counts, skip, limit, type, { signal: controller.signal }) .then((res: { data: any; }) => res.data), 'azgroup365-member_of': ({ id, counts, skip, limit, type }) => apiClient - .getAZEntityInfoV2('groups', id, 'group-membership', counts, skip, limit, type, { + .getAZEntityInfoV2('groups365', id, 'group-membership', counts, skip, limit, type, { signal: controller.signal, }) .then((res: { data: any; }) => res.data), 'azgroup365-roles': ({ id, counts, skip, limit, type }) => apiClient - .getAZEntityInfoV2('groups', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) + .getAZEntityInfoV2('groups365', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) .then((res: { data: any; }) => res.data), 'azgroup365-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient - .getAZEntityInfoV2('groups', id, 'inbound-control', counts, skip, limit, type, { + .getAZEntityInfoV2('groups365', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) .then((res: { data: any; }) => res.data), 'azgroup365-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient - .getAZEntityInfoV2('groups', id, 'outbound-control', counts, skip, limit, type, { + .getAZEntityInfoV2('groups365', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) .then((res: { data: any; }) => res.data), From 30cf8d30e103b2e432696fa4b789129c2caf9d41 Mon Sep 17 00:00:00 2001 From: Basile Date: Thu, 3 Apr 2025 15:36:55 +0200 Subject: [PATCH 05/11] Added visibility attribute to office 365 groups + small changes to database & AZGroup365 edge description --- .../database/migration/migrations/schema.sql | 2 -- .../database/migration/migrations/v7.4.0.sql | 25 +++++++++++++++++++ packages/cue/bh/azure/azure.cue | 8 ++++++ packages/go/ein/azure.go | 3 ++- packages/go/graphschema/azure/azure.go | 9 ++++++- .../HelpTexts/AZGroup365MemberOf/Abuse.tsx | 3 ++- .../HelpTexts/AZGroup365MemberOf/General.tsx | 6 ++--- .../src/components/HelpTexts/index.tsx | 4 +-- .../bh-shared-ui/src/graphSchema.ts | 3 +++ 9 files changed, 53 insertions(+), 10 deletions(-) create mode 100644 cmd/api/src/database/migration/migrations/v7.4.0.sql diff --git a/cmd/api/src/database/migration/migrations/schema.sql b/cmd/api/src/database/migration/migrations/schema.sql index fd49aa1c8e..77aa351f22 100644 --- a/cmd/api/src/database/migration/migrations/schema.sql +++ b/cmd/api/src/database/migration/migrations/schema.sql @@ -195,7 +195,6 @@ CREATE TABLE IF NOT EXISTS azure_data_quality_aggregations ( tenants bigint, users bigint, groups bigint, - groups365 bigint, apps bigint, service_principals bigint, devices bigint, @@ -224,7 +223,6 @@ CREATE TABLE IF NOT EXISTS azure_data_quality_stats ( tenant_id text, users bigint, groups bigint, - groups365 bigint, apps bigint, service_principals bigint, devices bigint, diff --git a/cmd/api/src/database/migration/migrations/v7.4.0.sql b/cmd/api/src/database/migration/migrations/v7.4.0.sql new file mode 100644 index 0000000000..32ff3cca5e --- /dev/null +++ b/cmd/api/src/database/migration/migrations/v7.4.0.sql @@ -0,0 +1,25 @@ +-- Copyright 2025 Specter Ops, Inc. +-- +-- Licensed under the Apache License, Version 2.0 +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- +-- SPDX-License-Identifier: Apache-2.0 + +-- Migration to add `Microsoft 365 groups` column to relevant tables + +-- Add `groups365` column to `azure_data_quality_aggregations` table +ALTER TABLE IF EXISTS azure_data_quality_aggregations + ADD COLUMN groups365 bigint; + +-- Add `groups365` column to `azure_data_quality_stats` table +ALTER TABLE IF EXISTS azure_data_quality_stats + ADD COLUMN groups365 bigint; \ No newline at end of file diff --git a/packages/cue/bh/azure/azure.cue b/packages/cue/bh/azure/azure.cue index 4a3624268e..b5d091d7b7 100644 --- a/packages/cue/bh/azure/azure.cue +++ b/packages/cue/bh/azure/azure.cue @@ -254,6 +254,13 @@ TenantID: types.#StringEnum & { representation: "tenantid" } +Visibility: types.#StringEnum & { + symbol: "Visibility" + schema: "azure" + name: "Visibility" + representation: "visibility" +} + Properties: [ AppOwnerOrganizationID, AppDescription, @@ -287,6 +294,7 @@ Properties: [ PublisherDomain, SignInAudience, RoleTemplateID, + Visibility, ] // Kinds diff --git a/packages/go/ein/azure.go b/packages/go/ein/azure.go index ee48b34852..a8992b2045 100644 --- a/packages/go/ein/azure.go +++ b/packages/go/ein/azure.go @@ -493,7 +493,8 @@ func ConvertAzureGroup365ToNode(data models.Group365) IngestibleNode { azure.OnPremSyncEnabled.String(): data.OnPremisesSyncEnabled, azure.SecurityEnabled.String(): data.SecurityEnabled, azure.SecurityIdentifier.String(): data.SecurityIdentifier, */ - azure.TenantID.String(): strings.ToUpper(data.TenantId), + azure.Visibility.String(): data.Visibility, + azure.TenantID.String(): strings.ToUpper(data.TenantId), }, Label: azure.Group365, } diff --git a/packages/go/graphschema/azure/azure.go b/packages/go/graphschema/azure/azure.go index da236ef235..33f9dc5c65 100644 --- a/packages/go/graphschema/azure/azure.go +++ b/packages/go/graphschema/azure/azure.go @@ -115,10 +115,11 @@ const ( PublisherDomain Property = "publisherdomain" SignInAudience Property = "signinaudience" RoleTemplateID Property = "templateid" + Visibility Property = "visibility" ) func AllProperties() []Property { - return []Property{AppOwnerOrganizationID, AppDescription, AppDisplayName, ServicePrincipalType, UserType, TenantID, ServicePrincipalID, ServicePrincipalNames, OperatingSystemVersion, TrustType, IsBuiltIn, AppID, AppRoleID, DeviceID, NodeResourceGroupID, OnPremID, OnPremSyncEnabled, SecurityEnabled, SecurityIdentifier, EnableRBACAuthorization, Scope, Offer, MFAEnabled, License, Licenses, LoginURL, MFAEnforced, UserPrincipalName, IsAssignableToRole, PublisherDomain, SignInAudience, RoleTemplateID} + return []Property{AppOwnerOrganizationID, AppDescription, AppDisplayName, ServicePrincipalType, UserType, TenantID, ServicePrincipalID, ServicePrincipalNames, OperatingSystemVersion, TrustType, IsBuiltIn, AppID, AppRoleID, DeviceID, NodeResourceGroupID, OnPremID, OnPremSyncEnabled, SecurityEnabled, SecurityIdentifier, EnableRBACAuthorization, Scope, Offer, MFAEnabled, License, Licenses, LoginURL, MFAEnforced, UserPrincipalName, IsAssignableToRole, PublisherDomain, SignInAudience, RoleTemplateID, Visibility} } func ParseProperty(source string) (Property, error) { switch source { @@ -186,6 +187,8 @@ func ParseProperty(source string) (Property, error) { return SignInAudience, nil case "templateid": return RoleTemplateID, nil + case "visibility": + return Visibility, nil default: return "", errors.New("Invalid enumeration value: " + source) } @@ -256,6 +259,8 @@ func (s Property) String() string { return string(SignInAudience) case RoleTemplateID: return string(RoleTemplateID) + case Visibility: + return string(Visibility) default: return "Invalid enumeration case: " + string(s) } @@ -326,6 +331,8 @@ func (s Property) Name() string { return "Sign In Audience" case RoleTemplateID: return "Role Template ID" + case Visibility: + return "Visibility" default: return "Invalid enumeration case: " + string(s) } diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx index 16a23716d7..1e58b87449 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx @@ -20,7 +20,8 @@ import { FC } from 'react'; const Abuse: FC = () => { return ( - No abuse is necessary. This edge simply indicates that a principal belongs to a security group. + This edge simply indicates that the user is a member of the Microsoft 365 group. Potential abuses will depend on the group and its permissions. + ); }; diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx index 05d1071162..4f76aecd9c 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx @@ -25,14 +25,14 @@ const General: FC = ({ sourceName, sourceType, targetName }) => { <> - The {typeFormat(sourceType)} {sourceName} is a member of the group {targetName}. + The {typeFormat(sourceType)} {sourceName} is a member of the Microsoft 365 group {targetName}. - Groups in Azure Active Directory grant their direct members any privileges the group itself has. If a - group has an AzureAD admin role, direct members of the group inherit those permissions. + Microsoft 365 groups in Azure Active Directory grant their direct members any privileges the group itself has. It includes + access to shared resources such as SharePoint sites, Microsoft Teams, Emails and OneNote notebooks. diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx index f275cccb72..9c736108a7 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx @@ -57,7 +57,7 @@ import AZMGRoleManagement_ReadWrite_Directory from './AZMGRoleManagement_ReadWri import AZMGServicePrincipalEndpoint_ReadWrite_All from './AZMGServicePrincipalEndpoint_ReadWrite_All/AZMGServicePrincipalEndpoint_ReadWrite_All'; import AZManagedIdentity from './AZManagedIdentity/AZManagedIdentity'; import AZMemberOf from './AZMemberOf/AZMemberOf'; -import AZGroup365Member from './AZGroup365MemberOf/AZGroup365MemberOf'; +import AZGroup365MemberOf from './AZGroup365MemberOf/AZGroup365MemberOf'; import AZNodeResourceGroup from './AZNodeResourceGroup/AZNodeResourceGroup'; import AZOwns from './AZOwns/AZOwns'; import AZPrivilegedAuthAdmin from './AZPrivilegedAuthAdmin/AZPrivilegedAuthAdmin'; @@ -146,7 +146,7 @@ export type EdgeInfoProps = { const EdgeInfoComponents = { GenericAll: GenericAll, MemberOf: MemberOf, - AZGroup365MemberOf: AZGroup365Member, + AZGroup365Member: AZGroup365MemberOf, AllExtendedRights: AllExtendedRights, AdminTo: AdminTo, HasSession: HasSession, diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index 04054a166c..a035343b5e 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -918,6 +918,7 @@ IsAssignableToRole = 'isassignabletorole', PublisherDomain = 'publisherdomain', SignInAudience = 'signinaudience', RoleTemplateID = 'templateid', +Visibility = 'visibility', } export function AzureKindPropertiesToDisplay (value : AzureKindProperties): string | undefined { switch (value) { @@ -985,6 +986,8 @@ case AzureKindProperties.SignInAudience: return 'Sign In Audience' case AzureKindProperties.RoleTemplateID: return 'Role Template ID' +case AzureKindProperties.Visibility: +return 'Visibility' default: return undefined } From c79182b841adcc92779d59c2acd53b1df50cdbe4 Mon Sep 17 00:00:00 2001 From: Basile Date: Tue, 8 Apr 2025 16:20:16 +0200 Subject: [PATCH 06/11] Changed Microsoft membership edge name,description,abuse... Added back every AZGroup properties to Microsoft 365 groups. --- cmd/api/src/test/integration/harnesses.go | 14 +- packages/cue/bh/azure/azure.cue | 19 +- packages/go/analysis/azure/azure.go | 2 +- packages/go/analysis/azure/filters.go | 6 +- packages/go/analysis/azure/queries.go | 4 +- packages/go/ein/azure.go | 13 +- packages/go/graphschema/azure/azure.go | 15 +- packages/go/graphschema/common/common.go | 4 +- .../AZM365MemberOf.tsx} | 4 +- .../Abuse.tsx | 0 .../General.tsx | 0 .../Opsec.tsx | 0 .../References.tsx | 0 .../src/components/HelpTexts/index.tsx | 4 +- .../bh-shared-ui/src/graphSchema.ts | 11 +- .../js-client-library/package-lock.json | 1977 +++++++++++++++++ 16 files changed, 2035 insertions(+), 38 deletions(-) rename packages/javascript/bh-shared-ui/src/components/HelpTexts/{AZGroup365MemberOf/AZGroup365MemberOf.tsx => AZM365MemberOf/AZM365MemberOf.tsx} (93%) rename packages/javascript/bh-shared-ui/src/components/HelpTexts/{AZGroup365MemberOf => AZM365MemberOf}/Abuse.tsx (100%) rename packages/javascript/bh-shared-ui/src/components/HelpTexts/{AZGroup365MemberOf => AZM365MemberOf}/General.tsx (100%) rename packages/javascript/bh-shared-ui/src/components/HelpTexts/{AZGroup365MemberOf => AZM365MemberOf}/Opsec.tsx (100%) rename packages/javascript/bh-shared-ui/src/components/HelpTexts/{AZGroup365MemberOf => AZM365MemberOf}/References.tsx (100%) create mode 100644 packages/javascript/js-client-library/package-lock.json diff --git a/cmd/api/src/test/integration/harnesses.go b/cmd/api/src/test/integration/harnesses.go index 1869e40735..9beb891777 100644 --- a/cmd/api/src/test/integration/harnesses.go +++ b/cmd/api/src/test/integration/harnesses.go @@ -906,10 +906,10 @@ func (s *AZBaseHarness) CreateAzureNestedGroup365Chain(testCtx *GraphTestContext ) if previousGroup == nil { - testCtx.NewRelationship(s.User, newGroup, azure.O365MemberOf) + testCtx.NewRelationship(s.User, newGroup, azure.M365MemberOf) s.UserFirstDegreeGroups.Add(newGroup) } else { - testCtx.NewRelationship(previousGroup, newGroup, azure.O365MemberOf) + testCtx.NewRelationship(previousGroup, newGroup, azure.M365MemberOf) } groupNodes.Add(newGroup) @@ -942,9 +942,9 @@ func (s *AZGroupMembershipHarness) Setup(testCtx *GraphTestContext) { testCtx.NewRelationship(s.UserA, s.Group, azure.MemberOf) testCtx.NewRelationship(s.UserB, s.Group, azure.MemberOf) testCtx.NewRelationship(s.UserC, s.Group, azure.MemberOf) - testCtx.NewRelationship(s.UserA, s.Group365, azure.O365MemberOf) - testCtx.NewRelationship(s.UserB, s.Group365, azure.O365MemberOf) - testCtx.NewRelationship(s.UserC, s.Group365, azure.O365MemberOf) + testCtx.NewRelationship(s.UserA, s.Group365, azure.M365MemberOf) + testCtx.NewRelationship(s.UserB, s.Group365, azure.M365MemberOf) + testCtx.NewRelationship(s.UserC, s.Group365, azure.M365MemberOf) } type AZManagementGroupHarness struct { @@ -1271,8 +1271,8 @@ func (s *AZInboundControlHarness) Setup(testCtx *GraphTestContext) { testCtx.NewRelationship(s.AZUserA, s.AZGroupA, azure.MemberOf) testCtx.NewRelationship(s.AZServicePrincipalB, s.AZGroupB, azure.MemberOf) - testCtx.NewRelationship(s.AZUserA, s.AZGroup365A, azure.O365MemberOf) - testCtx.NewRelationship(s.AZServicePrincipalB, s.AZGroup365B, azure.O365MemberOf) + testCtx.NewRelationship(s.AZUserA, s.AZGroup365A, azure.M365MemberOf) + testCtx.NewRelationship(s.AZServicePrincipalB, s.AZGroup365B, azure.M365MemberOf) testCtx.NewRelationship(s.AZAppA, s.AZServicePrincipalA, azure.RunsAs) diff --git a/packages/cue/bh/azure/azure.cue b/packages/cue/bh/azure/azure.cue index b5d091d7b7..fceb8b646e 100644 --- a/packages/cue/bh/azure/azure.cue +++ b/packages/cue/bh/azure/azure.cue @@ -261,6 +261,14 @@ Visibility: types.#StringEnum & { representation: "visibility" } +M365GroupMail: types.#StringEnum & { + symbol: "Mail" + schema: "azure" + name: "M365 Group Mail" + representation: "mail" +} + + Properties: [ AppOwnerOrganizationID, AppDescription, @@ -295,6 +303,7 @@ Properties: [ SignInAudience, RoleTemplateID, Visibility, + M365GroupMail, ] // Kinds @@ -610,10 +619,10 @@ Owns: types.#Kind & { representation: "AZOwns" } -O365MemberOf: types.#Kind & { - symbol: "O365MemberOf" +M365MemberOf: types.#Kind & { + symbol: "M365MemberOf" schema: "azure" - representation: "AZGroup365Member" + representation: "AZM365MemberOf" } ScopedTo: types.#Kind & { @@ -757,7 +766,7 @@ RelationshipKinds: [ GetSecrets, HasRole, MemberOf, - O365MemberOf, + M365MemberOf, Owner, RunsAs, VMContributor, @@ -866,7 +875,7 @@ InboundOutboundRelationshipKinds: [ GetSecrets, HasRole, MemberOf, - O365MemberOf, + M365MemberOf, Owner, RunsAs, VMContributor, diff --git a/packages/go/analysis/azure/azure.go b/packages/go/analysis/azure/azure.go index e2948c714b..f4c0e98e07 100644 --- a/packages/go/analysis/azure/azure.go +++ b/packages/go/analysis/azure/azure.go @@ -102,7 +102,7 @@ func GetDescendentKinds(kind graph.Kind) []graph.Kind { func AzureNonDescentKinds() graph.Kinds { return []graph.Kind{ azure.MemberOf, - azure.O365MemberOf, + azure.M365MemberOf, azure.HasRole, azure.RunsAs, } diff --git a/packages/go/analysis/azure/filters.go b/packages/go/analysis/azure/filters.go index 9cb3d01384..7cdfd6de96 100644 --- a/packages/go/analysis/azure/filters.go +++ b/packages/go/analysis/azure/filters.go @@ -27,7 +27,7 @@ import ( ) func FilterEntityActiveAssignments() graph.Criteria { - return query.KindIn(query.Relationship(), azure.HasRole, azure.MemberOf, azure.O365MemberOf) + return query.KindIn(query.Relationship(), azure.HasRole, azure.MemberOf, azure.M365MemberOf) } func FilterEntityPIMAssignments() graph.Criteria { @@ -63,12 +63,12 @@ func FilterAbusableAppRoleAssignmentRelationships() graph.Criteria { } func FilterGroupMembership() graph.Criteria { - return query.Kind(query.Relationship(), azure.MemberOf, azure.O365MemberOf) + return query.Kind(query.Relationship(), azure.MemberOf, azure.M365MemberOf) } func FilterGroupMembers() graph.Criteria { return query.And( - query.Kind(query.Relationship(), azure.MemberOf, azure.O365MemberOf), + query.Kind(query.Relationship(), azure.MemberOf, azure.M365MemberOf), query.Kind(query.Start(), azure.Entity), ) } diff --git a/packages/go/analysis/azure/queries.go b/packages/go/analysis/azure/queries.go index 97ac62d8f6..33516f13c4 100644 --- a/packages/go/analysis/azure/queries.go +++ b/packages/go/analysis/azure/queries.go @@ -288,7 +288,7 @@ func InboundControlDescentFilter(_ *ops.TraversalContext, segment *graph.PathSeg if segment.Depth() == 1 { return true } else { - return segment.Edge.Kind.Is(azure.MemberOf, azure.O365MemberOf, azure.Contains) + return segment.Edge.Kind.Is(azure.MemberOf, azure.M365MemberOf, azure.Contains) } } @@ -320,7 +320,7 @@ func OutboundControlDescentFilter(_ *ops.TraversalContext, segment *graph.PathSe } func OutboundControlPathFilter(_ *ops.TraversalContext, segment *graph.PathSegment) bool { - return !segment.Edge.Kind.Is(azure.MemberOf, azure.O365MemberOf, azure.Contains) + return !segment.Edge.Kind.Is(azure.MemberOf, azure.M365MemberOf, azure.Contains) } func FetchOutboundEntityObjectControlPaths(tx graph.Transaction, root *graph.Node) (graph.PathSet, error) { diff --git a/packages/go/ein/azure.go b/packages/go/ein/azure.go index a8992b2045..f77633af9f 100644 --- a/packages/go/ein/azure.go +++ b/packages/go/ein/azure.go @@ -484,17 +484,18 @@ func ConvertAzureGroup365ToNode(data models.Group365) IngestibleNode { return IngestibleNode{ ObjectID: strings.ToUpper(data.Id), PropertyMap: map[string]any{ - common.Name.String(): strings.ToUpper(fmt.Sprintf("%s@%s", data.DisplayName, data.TenantName)), - /* common.WhenCreated.String(): ParseISO8601(data.CreatedDateTime), + common.Name.String(): strings.ToUpper(fmt.Sprintf("%s@%s", data.DisplayName, data.TenantName)), + common.WhenCreated.String(): ParseISO8601(data.CreatedDateTime), common.Description.String(): data.Description, common.DisplayName.String(): data.DisplayName, azure.IsAssignableToRole.String(): data.IsAssignableToRole, azure.OnPremID.String(): data.OnPremisesSecurityIdentifier, azure.OnPremSyncEnabled.String(): data.OnPremisesSyncEnabled, azure.SecurityEnabled.String(): data.SecurityEnabled, - azure.SecurityIdentifier.String(): data.SecurityIdentifier, */ - azure.Visibility.String(): data.Visibility, - azure.TenantID.String(): strings.ToUpper(data.TenantId), + azure.SecurityIdentifier.String(): data.SecurityIdentifier, + azure.Visibility.String(): data.Visibility, + azure.TenantID.String(): strings.ToUpper(data.TenantId), + azure.Mail.String(): data.Mail, }, Label: azure.Group365, } @@ -546,7 +547,7 @@ func ConvertAzureGroup365MembersToRels(data models.Group365Members) []Ingestible }, IngestibleRel{ RelProps: map[string]any{}, - RelType: azure.O365MemberOf, + RelType: azure.M365MemberOf, }, )) } diff --git a/packages/go/graphschema/azure/azure.go b/packages/go/graphschema/azure/azure.go index 33f9dc5c65..b64fda7950 100644 --- a/packages/go/graphschema/azure/azure.go +++ b/packages/go/graphschema/azure/azure.go @@ -38,7 +38,7 @@ var ( GetSecrets = graph.StringKind("AZGetSecrets") HasRole = graph.StringKind("AZHasRole") MemberOf = graph.StringKind("AZMemberOf") - O365MemberOf = graph.StringKind("AZGroup365Member") + M365MemberOf = graph.StringKind("AZM365MemberOf") Owner = graph.StringKind("AZOwner") RunsAs = graph.StringKind("AZRunsAs") VMContributor = graph.StringKind("AZVMContributor") @@ -116,10 +116,11 @@ const ( SignInAudience Property = "signinaudience" RoleTemplateID Property = "templateid" Visibility Property = "visibility" + Mail Property = "mail" ) func AllProperties() []Property { - return []Property{AppOwnerOrganizationID, AppDescription, AppDisplayName, ServicePrincipalType, UserType, TenantID, ServicePrincipalID, ServicePrincipalNames, OperatingSystemVersion, TrustType, IsBuiltIn, AppID, AppRoleID, DeviceID, NodeResourceGroupID, OnPremID, OnPremSyncEnabled, SecurityEnabled, SecurityIdentifier, EnableRBACAuthorization, Scope, Offer, MFAEnabled, License, Licenses, LoginURL, MFAEnforced, UserPrincipalName, IsAssignableToRole, PublisherDomain, SignInAudience, RoleTemplateID, Visibility} + return []Property{AppOwnerOrganizationID, AppDescription, AppDisplayName, ServicePrincipalType, UserType, TenantID, ServicePrincipalID, ServicePrincipalNames, OperatingSystemVersion, TrustType, IsBuiltIn, AppID, AppRoleID, DeviceID, NodeResourceGroupID, OnPremID, OnPremSyncEnabled, SecurityEnabled, SecurityIdentifier, EnableRBACAuthorization, Scope, Offer, MFAEnabled, License, Licenses, LoginURL, MFAEnforced, UserPrincipalName, IsAssignableToRole, PublisherDomain, SignInAudience, RoleTemplateID, Visibility, Mail} } func ParseProperty(source string) (Property, error) { switch source { @@ -189,6 +190,8 @@ func ParseProperty(source string) (Property, error) { return RoleTemplateID, nil case "visibility": return Visibility, nil + case "mail": + return Mail, nil default: return "", errors.New("Invalid enumeration value: " + source) } @@ -261,6 +264,8 @@ func (s Property) String() string { return string(RoleTemplateID) case Visibility: return string(Visibility) + case Mail: + return string(Mail) default: return "Invalid enumeration case: " + string(s) } @@ -333,6 +338,8 @@ func (s Property) Name() string { return "Role Template ID" case Visibility: return "Visibility" + case Mail: + return "M365 Group Mail" default: return "Invalid enumeration case: " + string(s) } @@ -346,7 +353,7 @@ func (s Property) Is(others ...graph.Kind) bool { return false } func Relationships() []graph.Kind { - return []graph.Kind{AvereContributor, Contains, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, O365MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, ScopedTo, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, ApplicationReadWriteAll, AppRoleAssignmentReadWriteAll, DirectoryReadWriteAll, GroupReadWriteAll, GroupMemberReadWriteAll, RoleManagementReadWriteDirectory, ServicePrincipalEndpointReadWriteAll, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser} + return []graph.Kind{AvereContributor, Contains, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, M365MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, ScopedTo, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, ApplicationReadWriteAll, AppRoleAssignmentReadWriteAll, DirectoryReadWriteAll, GroupReadWriteAll, GroupMemberReadWriteAll, RoleManagementReadWriteDirectory, ServicePrincipalEndpointReadWriteAll, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser} } func AppRoleTransitRelationshipKinds() []graph.Kind { return []graph.Kind{AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole} @@ -361,7 +368,7 @@ func ExecutionPrivileges() []graph.Kind { return []graph.Kind{VMAdminLogin, VMContributor, AvereContributor, WebsiteContributor, Contributor, ExecuteCommand} } func PathfindingRelationships() []graph.Kind { - return []graph.Kind{AvereContributor, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, O365MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser, Contains} + return []graph.Kind{AvereContributor, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, M365MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser, Contains} } func NodeKinds() []graph.Kind { return []graph.Kind{Entity, VMScaleSet, App, Role, Device, FunctionApp, Group, Group365, KeyVault, ManagementGroup, ResourceGroup, ServicePrincipal, Subscription, Tenant, User, VM, ManagedCluster, ContainerRegistry, WebApp, LogicApp, AutomationAccount} diff --git a/packages/go/graphschema/common/common.go b/packages/go/graphschema/common/common.go index 99c199daf3..f75cae4282 100644 --- a/packages/go/graphschema/common/common.go +++ b/packages/go/graphschema/common/common.go @@ -24,10 +24,10 @@ func NodeKinds() []graph.Kind { return []graph.Kind{MigrationData} } func InboundRelationshipKinds() []graph.Kind { - return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.O365MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} + return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.M365MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} } func OutboundRelationshipKinds() []graph.Kind { - return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, ad.DCFor, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.O365MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} + return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, ad.DCFor, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.M365MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} } type Property string diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/AZGroup365MemberOf.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/AZM365MemberOf.tsx similarity index 93% rename from packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/AZGroup365MemberOf.tsx rename to packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/AZM365MemberOf.tsx index 95c2a310b5..6070592210 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/AZGroup365MemberOf.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/AZM365MemberOf.tsx @@ -19,10 +19,10 @@ import General from './General'; import Opsec from './Opsec'; import References from './References'; -const AZGroup365MemberOf = { +const AZM365MemberOf = { general: General, abuse: Abuse, opsec: Opsec, references: References, }; -export default AZGroup365MemberOf; \ No newline at end of file +export default AZM365MemberOf; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Abuse.tsx similarity index 100% rename from packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Abuse.tsx rename to packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Abuse.tsx diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/General.tsx similarity index 100% rename from packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/General.tsx rename to packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/General.tsx diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Opsec.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Opsec.tsx similarity index 100% rename from packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/Opsec.tsx rename to packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Opsec.tsx diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/References.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/References.tsx similarity index 100% rename from packages/javascript/bh-shared-ui/src/components/HelpTexts/AZGroup365MemberOf/References.tsx rename to packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/References.tsx diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx index 9c736108a7..3dfe1cf057 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx @@ -57,7 +57,7 @@ import AZMGRoleManagement_ReadWrite_Directory from './AZMGRoleManagement_ReadWri import AZMGServicePrincipalEndpoint_ReadWrite_All from './AZMGServicePrincipalEndpoint_ReadWrite_All/AZMGServicePrincipalEndpoint_ReadWrite_All'; import AZManagedIdentity from './AZManagedIdentity/AZManagedIdentity'; import AZMemberOf from './AZMemberOf/AZMemberOf'; -import AZGroup365MemberOf from './AZGroup365MemberOf/AZGroup365MemberOf'; +import AZM365MemberOf from './AZM365MemberOf/AZM365MemberOf'; import AZNodeResourceGroup from './AZNodeResourceGroup/AZNodeResourceGroup'; import AZOwns from './AZOwns/AZOwns'; import AZPrivilegedAuthAdmin from './AZPrivilegedAuthAdmin/AZPrivilegedAuthAdmin'; @@ -146,7 +146,7 @@ export type EdgeInfoProps = { const EdgeInfoComponents = { GenericAll: GenericAll, MemberOf: MemberOf, - AZGroup365Member: AZGroup365MemberOf, + AZM365MemberOf: AZM365MemberOf, AllExtendedRights: AllExtendedRights, AdminTo: AdminTo, HasSession: HasSession, diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index a035343b5e..b915aefa7b 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -741,7 +741,7 @@ GetKeys = 'AZGetKeys', GetSecrets = 'AZGetSecrets', HasRole = 'AZHasRole', MemberOf = 'AZMemberOf', -O365MemberOf = 'AZGroup365Member', +M365MemberOf = 'AZM365MemberOf', Owner = 'AZOwner', RunsAs = 'AZRunsAs', VMContributor = 'AZVMContributor', @@ -800,8 +800,8 @@ case AzureRelationshipKind.HasRole: return 'HasRole' case AzureRelationshipKind.MemberOf: return 'MemberOf' -case AzureRelationshipKind.O365MemberOf: -return 'O365MemberOf' +case AzureRelationshipKind.M365MemberOf: +return 'M365MemberOf' case AzureRelationshipKind.Owner: return 'Owner' case AzureRelationshipKind.RunsAs: @@ -919,6 +919,7 @@ PublisherDomain = 'publisherdomain', SignInAudience = 'signinaudience', RoleTemplateID = 'templateid', Visibility = 'visibility', +Mail = 'mail', } export function AzureKindPropertiesToDisplay (value : AzureKindProperties): string | undefined { switch (value) { @@ -988,12 +989,14 @@ case AzureKindProperties.RoleTemplateID: return 'Role Template ID' case AzureKindProperties.Visibility: return 'Visibility' +case AzureKindProperties.Mail: +return 'M365 Group Mail' default: return undefined } } export function AzurePathfindingEdges (): AzureRelationshipKind[] { -return [AzureRelationshipKind.AvereContributor,AzureRelationshipKind.Contributor,AzureRelationshipKind.GetCertificates,AzureRelationshipKind.GetKeys,AzureRelationshipKind.GetSecrets,AzureRelationshipKind.HasRole,AzureRelationshipKind.MemberOf,AzureRelationshipKind.O365MemberOf,AzureRelationshipKind.Owner,AzureRelationshipKind.RunsAs,AzureRelationshipKind.VMContributor,AzureRelationshipKind.AutomationContributor,AzureRelationshipKind.KeyVaultContributor,AzureRelationshipKind.VMAdminLogin,AzureRelationshipKind.AddMembers,AzureRelationshipKind.AddSecret,AzureRelationshipKind.ExecuteCommand,AzureRelationshipKind.GlobalAdmin,AzureRelationshipKind.PrivilegedAuthAdmin,AzureRelationshipKind.Grant,AzureRelationshipKind.GrantSelf,AzureRelationshipKind.PrivilegedRoleAdmin,AzureRelationshipKind.ResetPassword,AzureRelationshipKind.UserAccessAdministrator,AzureRelationshipKind.Owns,AzureRelationshipKind.CloudAppAdmin,AzureRelationshipKind.AppAdmin,AzureRelationshipKind.AddOwner,AzureRelationshipKind.ManagedIdentity,AzureRelationshipKind.AKSContributor,AzureRelationshipKind.NodeResourceGroup,AzureRelationshipKind.WebsiteContributor,AzureRelationshipKind.LogicAppContributor,AzureRelationshipKind.AZMGAddMember,AzureRelationshipKind.AZMGAddOwner,AzureRelationshipKind.AZMGAddSecret,AzureRelationshipKind.AZMGGrantAppRoles,AzureRelationshipKind.AZMGGrantRole,AzureRelationshipKind.SyncedToADUser,AzureRelationshipKind.Contains] +return [AzureRelationshipKind.AvereContributor,AzureRelationshipKind.Contributor,AzureRelationshipKind.GetCertificates,AzureRelationshipKind.GetKeys,AzureRelationshipKind.GetSecrets,AzureRelationshipKind.HasRole,AzureRelationshipKind.MemberOf,AzureRelationshipKind.M365MemberOf,AzureRelationshipKind.Owner,AzureRelationshipKind.RunsAs,AzureRelationshipKind.VMContributor,AzureRelationshipKind.AutomationContributor,AzureRelationshipKind.KeyVaultContributor,AzureRelationshipKind.VMAdminLogin,AzureRelationshipKind.AddMembers,AzureRelationshipKind.AddSecret,AzureRelationshipKind.ExecuteCommand,AzureRelationshipKind.GlobalAdmin,AzureRelationshipKind.PrivilegedAuthAdmin,AzureRelationshipKind.Grant,AzureRelationshipKind.GrantSelf,AzureRelationshipKind.PrivilegedRoleAdmin,AzureRelationshipKind.ResetPassword,AzureRelationshipKind.UserAccessAdministrator,AzureRelationshipKind.Owns,AzureRelationshipKind.CloudAppAdmin,AzureRelationshipKind.AppAdmin,AzureRelationshipKind.AddOwner,AzureRelationshipKind.ManagedIdentity,AzureRelationshipKind.AKSContributor,AzureRelationshipKind.NodeResourceGroup,AzureRelationshipKind.WebsiteContributor,AzureRelationshipKind.LogicAppContributor,AzureRelationshipKind.AZMGAddMember,AzureRelationshipKind.AZMGAddOwner,AzureRelationshipKind.AZMGAddSecret,AzureRelationshipKind.AZMGGrantAppRoles,AzureRelationshipKind.AZMGGrantRole,AzureRelationshipKind.SyncedToADUser,AzureRelationshipKind.Contains] } export enum CommonNodeKind { MigrationData = 'MigrationData', diff --git a/packages/javascript/js-client-library/package-lock.json b/packages/javascript/js-client-library/package-lock.json new file mode 100644 index 0000000000..916445095b --- /dev/null +++ b/packages/javascript/js-client-library/package-lock.json @@ -0,0 +1,1977 @@ +{ + "name": "js-client-library", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "js-client-library", + "dependencies": { + "axios": "^1.8.2" + }, + "devDependencies": { + "@rollup/plugin-typescript": "^11.1.6", + "@typescript-eslint/eslint-plugin": "^7.3.0", + "@typescript-eslint/parser": "^7.3.0", + "eslint": "^8.57.0", + "eslint-config-prettier": "^9.1.0", + "prettier": "^3.2.5", + "prettier-plugin-organize-imports": "^4.1.0", + "rollup": "^4.13.2", + "rollup-plugin-delete": "^2.0.0", + "typescript": "^5.1.6" + } + }, + "node_modules/@aashutoshrathi/word-wrap": { + "version": "1.2.6", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/@eslint-community/eslint-utils": { + "version": "4.4.0", + "dev": true, + "license": "MIT", + "dependencies": { + "eslint-visitor-keys": "^3.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" + } + }, + "node_modules/@eslint-community/regexpp": { + "version": "4.10.0", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.0.0 || ^14.0.0 || >=16.0.0" + } + }, + "node_modules/@eslint/eslintrc": { + "version": "2.1.4", + "dev": true, + "license": "MIT", + "dependencies": { + "ajv": "^6.12.4", + "debug": "^4.3.2", + "espree": "^9.6.0", + "globals": "^13.19.0", + "ignore": "^5.2.0", + "import-fresh": "^3.2.1", + "js-yaml": "^4.1.0", + "minimatch": "^3.1.2", + "strip-json-comments": "^3.1.1" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@eslint/js": { + "version": "8.57.0", + "dev": true, + "license": "MIT", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/@humanwhocodes/config-array": { + "version": "0.11.14", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "@humanwhocodes/object-schema": "^2.0.2", + "debug": "^4.3.1", + "minimatch": "^3.0.5" + }, + "engines": { + "node": ">=10.10.0" + } + }, + "node_modules/@humanwhocodes/module-importer": { + "version": "1.0.1", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": ">=12.22" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } + }, + "node_modules/@humanwhocodes/object-schema": { + "version": "2.0.2", + "dev": true, + "license": "BSD-3-Clause" + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "dev": true, + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "dev": true, + "license": "MIT", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@rollup/plugin-typescript": { + "version": "11.1.6", + "dev": true, + "license": "MIT", + "dependencies": { + "@rollup/pluginutils": "^5.1.0", + "resolve": "^1.22.1" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "rollup": "^2.14.0||^3.0.0||^4.0.0", + "tslib": "*", + "typescript": ">=3.7.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + }, + "tslib": { + "optional": true + } + } + }, + "node_modules/@rollup/pluginutils": { + "version": "5.1.4", + "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-5.1.4.tgz", + "integrity": "sha512-USm05zrsFxYLPdWWq+K3STlWiT/3ELn3RcV5hJMghpeAIhxfsUIg6mt12CBJBInWMV4VneoV7SfGv8xIwo2qNQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "^1.0.0", + "estree-walker": "^2.0.2", + "picomatch": "^4.0.2" + }, + "engines": { + "node": ">=14.0.0" + }, + "peerDependencies": { + "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" + }, + "peerDependenciesMeta": { + "rollup": { + "optional": true + } + } + }, + "node_modules/@rollup/pluginutils/node_modules/picomatch": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz", + "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/@rollup/rollup-darwin-arm64": { + "version": "4.13.2", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-darwin-x64": { + "version": "4.13.2", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-gnu": { + "version": "4.13.2", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-arm64-musl": { + "version": "4.13.2", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-gnu": { + "version": "4.13.2", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-linux-x64-musl": { + "version": "4.13.2", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "linux" + ] + }, + "node_modules/@rollup/rollup-win32-arm64-msvc": { + "version": "4.13.2", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@rollup/rollup-win32-x64-msvc": { + "version": "4.13.2", + "cpu": [ + "x64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "win32" + ] + }, + "node_modules/@types/estree": { + "version": "1.0.5", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/glob": { + "version": "7.2.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/minimatch": "*", + "@types/node": "*" + } + }, + "node_modules/@types/json-schema": { + "version": "7.0.15", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/minimatch": { + "version": "5.1.2", + "dev": true, + "license": "MIT" + }, + "node_modules/@types/node": { + "version": "20.11.29", + "dev": true, + "license": "MIT", + "dependencies": { + "undici-types": "~5.26.4" + } + }, + "node_modules/@types/semver": { + "version": "7.5.8", + "dev": true, + "license": "MIT" + }, + "node_modules/@typescript-eslint/eslint-plugin": { + "version": "7.3.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/regexpp": "^4.5.1", + "@typescript-eslint/scope-manager": "7.3.0", + "@typescript-eslint/type-utils": "7.3.0", + "@typescript-eslint/utils": "7.3.0", + "@typescript-eslint/visitor-keys": "7.3.0", + "debug": "^4.3.4", + "graphemer": "^1.4.0", + "ignore": "^5.2.4", + "natural-compare": "^1.4.0", + "semver": "^7.5.4", + "ts-api-utils": "^1.0.1" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "@typescript-eslint/parser": "^7.0.0", + "eslint": "^8.56.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/parser": { + "version": "7.3.0", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "@typescript-eslint/scope-manager": "7.3.0", + "@typescript-eslint/types": "7.3.0", + "@typescript-eslint/typescript-estree": "7.3.0", + "@typescript-eslint/visitor-keys": "7.3.0", + "debug": "^4.3.4" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.56.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/scope-manager": { + "version": "7.3.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "7.3.0", + "@typescript-eslint/visitor-keys": "7.3.0" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/type-utils": { + "version": "7.3.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/typescript-estree": "7.3.0", + "@typescript-eslint/utils": "7.3.0", + "debug": "^4.3.4", + "ts-api-utils": "^1.0.1" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.56.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/types": { + "version": "7.3.0", + "dev": true, + "license": "MIT", + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/typescript-estree": { + "version": "7.3.0", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "@typescript-eslint/types": "7.3.0", + "@typescript-eslint/visitor-keys": "7.3.0", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-glob": "^4.0.3", + "minimatch": "9.0.3", + "semver": "^7.5.4", + "ts-api-utils": "^1.0.1" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", + "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0" + } + }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/globby": { + "version": "11.1.0", + "dev": true, + "license": "MIT", + "dependencies": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.9", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": { + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.3.tgz", + "integrity": "sha512-RHiac9mvaRw0x3AYRgDC1CxAP7HTcNrrECeA8YYJeWnpo+2Q5CegtZjaotWTWxDG3UeGA1coE05iH1mPjT/2mg==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^2.0.1" + }, + "engines": { + "node": ">=16 || 14 >=14.17" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/@typescript-eslint/utils": { + "version": "7.3.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/eslint-utils": "^4.4.0", + "@types/json-schema": "^7.0.12", + "@types/semver": "^7.5.0", + "@typescript-eslint/scope-manager": "7.3.0", + "@typescript-eslint/types": "7.3.0", + "@typescript-eslint/typescript-estree": "7.3.0", + "semver": "^7.5.4" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^8.56.0" + } + }, + "node_modules/@typescript-eslint/visitor-keys": { + "version": "7.3.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@typescript-eslint/types": "7.3.0", + "eslint-visitor-keys": "^3.4.1" + }, + "engines": { + "node": "^18.18.0 || >=20.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@ungap/structured-clone": { + "version": "1.2.0", + "dev": true, + "license": "ISC" + }, + "node_modules/acorn": { + "version": "8.11.3", + "dev": true, + "license": "MIT", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-jsx": { + "version": "5.3.2", + "dev": true, + "license": "MIT", + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/aggregate-error": { + "version": "3.1.0", + "dev": true, + "license": "MIT", + "dependencies": { + "clean-stack": "^2.0.0", + "indent-string": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/ajv": { + "version": "6.12.6", + "dev": true, + "license": "MIT", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "dev": true, + "license": "MIT", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "dev": true, + "license": "Python-2.0" + }, + "node_modules/array-union": { + "version": "2.1.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/asynckit": { + "version": "0.4.0", + "license": "MIT" + }, + "node_modules/axios": { + "version": "1.8.2", + "license": "MIT", + "dependencies": { + "follow-redirects": "^1.15.6", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "dev": true, + "license": "MIT" + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.3", + "dev": true, + "license": "MIT", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/callsites": { + "version": "3.1.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/chalk": { + "version": "4.1.2", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/clean-stack": { + "version": "2.2.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/color-convert": { + "version": "2.0.1", + "dev": true, + "license": "MIT", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "dev": true, + "license": "MIT" + }, + "node_modules/combined-stream": { + "version": "1.0.8", + "license": "MIT", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/concat-map": { + "version": "0.0.1", + "dev": true, + "license": "MIT" + }, + "node_modules/cross-spawn": { + "version": "7.0.6", + "dev": true, + "license": "MIT", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/debug": { + "version": "4.3.4", + "dev": true, + "license": "MIT", + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/deep-is": { + "version": "0.1.4", + "dev": true, + "license": "MIT" + }, + "node_modules/del": { + "version": "5.1.0", + "dev": true, + "license": "MIT", + "dependencies": { + "globby": "^10.0.1", + "graceful-fs": "^4.2.2", + "is-glob": "^4.0.1", + "is-path-cwd": "^2.2.0", + "is-path-inside": "^3.0.1", + "p-map": "^3.0.0", + "rimraf": "^3.0.0", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "license": "MIT", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/dir-glob": { + "version": "3.0.1", + "dev": true, + "license": "MIT", + "dependencies": { + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/doctrine": { + "version": "3.0.0", + "dev": true, + "license": "Apache-2.0", + "dependencies": { + "esutils": "^2.0.2" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint": { + "version": "8.57.0", + "dev": true, + "license": "MIT", + "dependencies": { + "@eslint-community/eslint-utils": "^4.2.0", + "@eslint-community/regexpp": "^4.6.1", + "@eslint/eslintrc": "^2.1.4", + "@eslint/js": "8.57.0", + "@humanwhocodes/config-array": "^0.11.14", + "@humanwhocodes/module-importer": "^1.0.1", + "@nodelib/fs.walk": "^1.2.8", + "@ungap/structured-clone": "^1.2.0", + "ajv": "^6.12.4", + "chalk": "^4.0.0", + "cross-spawn": "^7.0.2", + "debug": "^4.3.2", + "doctrine": "^3.0.0", + "escape-string-regexp": "^4.0.0", + "eslint-scope": "^7.2.2", + "eslint-visitor-keys": "^3.4.3", + "espree": "^9.6.1", + "esquery": "^1.4.2", + "esutils": "^2.0.2", + "fast-deep-equal": "^3.1.3", + "file-entry-cache": "^6.0.1", + "find-up": "^5.0.0", + "glob-parent": "^6.0.2", + "globals": "^13.19.0", + "graphemer": "^1.4.0", + "ignore": "^5.2.0", + "imurmurhash": "^0.1.4", + "is-glob": "^4.0.0", + "is-path-inside": "^3.0.3", + "js-yaml": "^4.1.0", + "json-stable-stringify-without-jsonify": "^1.0.1", + "levn": "^0.4.1", + "lodash.merge": "^4.6.2", + "minimatch": "^3.1.2", + "natural-compare": "^1.4.0", + "optionator": "^0.9.3", + "strip-ansi": "^6.0.1", + "text-table": "^0.2.0" + }, + "bin": { + "eslint": "bin/eslint.js" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-config-prettier": { + "version": "9.1.0", + "dev": true, + "license": "MIT", + "bin": { + "eslint-config-prettier": "bin/cli.js" + }, + "peerDependencies": { + "eslint": ">=7.0.0" + } + }, + "node_modules/eslint-scope": { + "version": "7.2.2", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-visitor-keys": { + "version": "3.4.3", + "dev": true, + "license": "Apache-2.0", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/espree": { + "version": "9.6.1", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "acorn": "^8.9.0", + "acorn-jsx": "^5.3.2", + "eslint-visitor-keys": "^3.4.1" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/esquery": { + "version": "1.5.0", + "dev": true, + "license": "BSD-3-Clause", + "dependencies": { + "estraverse": "^5.1.0" + }, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "5.3.0", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estree-walker": { + "version": "2.0.2", + "dev": true, + "license": "MIT" + }, + "node_modules/esutils": { + "version": "2.0.3", + "dev": true, + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "dev": true, + "license": "MIT" + }, + "node_modules/fast-glob": { + "version": "3.3.1", + "dev": true, + "license": "MIT", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.4" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fast-glob/node_modules/glob-parent": { + "version": "5.1.2", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "dev": true, + "license": "MIT" + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "dev": true, + "license": "MIT" + }, + "node_modules/fastq": { + "version": "1.15.0", + "dev": true, + "license": "ISC", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/file-entry-cache": { + "version": "6.0.1", + "dev": true, + "license": "MIT", + "dependencies": { + "flat-cache": "^3.0.4" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + } + }, + "node_modules/fill-range": { + "version": "7.1.1", + "dev": true, + "license": "MIT", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/find-up": { + "version": "5.0.0", + "dev": true, + "license": "MIT", + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat-cache": { + "version": "3.0.4", + "dev": true, + "license": "MIT", + "dependencies": { + "flatted": "^3.1.0", + "rimraf": "^3.0.2" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + } + }, + "node_modules/flatted": { + "version": "3.2.7", + "dev": true, + "license": "ISC" + }, + "node_modules/follow-redirects": { + "version": "1.15.6", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "license": "MIT", + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/form-data": { + "version": "4.0.0", + "license": "MIT", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "dev": true, + "license": "ISC" + }, + "node_modules/fsevents": { + "version": "2.3.3", + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "dev": true, + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/glob": { + "version": "7.2.3", + "dev": true, + "license": "ISC", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "6.0.2", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/globals": { + "version": "13.20.0", + "dev": true, + "license": "MIT", + "dependencies": { + "type-fest": "^0.20.2" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/globby": { + "version": "10.0.2", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/glob": "^7.1.1", + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.0.3", + "glob": "^7.1.3", + "ignore": "^5.1.1", + "merge2": "^1.2.3", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.11", + "dev": true, + "license": "ISC" + }, + "node_modules/graphemer": { + "version": "1.4.0", + "dev": true, + "license": "MIT" + }, + "node_modules/has-flag": { + "version": "4.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/hasown": { + "version": "2.0.2", + "dev": true, + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/ignore": { + "version": "5.3.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 4" + } + }, + "node_modules/import-fresh": { + "version": "3.3.0", + "dev": true, + "license": "MIT", + "dependencies": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/imurmurhash": { + "version": "0.1.4", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.8.19" + } + }, + "node_modules/indent-string": { + "version": "4.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "dev": true, + "license": "ISC", + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "dev": true, + "license": "ISC" + }, + "node_modules/is-core-module": { + "version": "2.13.1", + "dev": true, + "license": "MIT", + "dependencies": { + "hasown": "^2.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "dev": true, + "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-path-cwd": { + "version": "2.2.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/is-path-inside": { + "version": "3.0.3", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "dev": true, + "license": "ISC" + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "dev": true, + "license": "MIT", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/json-schema-traverse": { + "version": "0.4.1", + "dev": true, + "license": "MIT" + }, + "node_modules/json-stable-stringify-without-jsonify": { + "version": "1.0.1", + "dev": true, + "license": "MIT" + }, + "node_modules/levn": { + "version": "0.4.1", + "dev": true, + "license": "MIT", + "dependencies": { + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/locate-path": { + "version": "6.0.0", + "dev": true, + "license": "MIT", + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash.merge": { + "version": "4.6.2", + "dev": true, + "license": "MIT" + }, + "node_modules/merge2": { + "version": "1.4.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 8" + } + }, + "node_modules/micromatch": { + "version": "4.0.5", + "dev": true, + "license": "MIT", + "dependencies": { + "braces": "^3.0.2", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/minimatch": { + "version": "3.1.2", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/ms": { + "version": "2.1.2", + "dev": true, + "license": "MIT" + }, + "node_modules/natural-compare": { + "version": "1.4.0", + "dev": true, + "license": "MIT" + }, + "node_modules/once": { + "version": "1.4.0", + "dev": true, + "license": "ISC", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/optionator": { + "version": "0.9.3", + "dev": true, + "license": "MIT", + "dependencies": { + "@aashutoshrathi/word-wrap": "^1.2.3", + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/p-limit": { + "version": "3.1.0", + "dev": true, + "license": "MIT", + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "dev": true, + "license": "MIT", + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-map": { + "version": "3.0.0", + "dev": true, + "license": "MIT", + "dependencies": { + "aggregate-error": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/parent-module": { + "version": "1.0.1", + "dev": true, + "license": "MIT", + "dependencies": { + "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-parse": { + "version": "1.0.7", + "dev": true, + "license": "MIT" + }, + "node_modules/path-type": { + "version": "4.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/picomatch": { + "version": "2.3.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/prelude-ls": { + "version": "1.2.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/prettier": { + "version": "3.2.5", + "dev": true, + "license": "MIT", + "bin": { + "prettier": "bin/prettier.cjs" + }, + "engines": { + "node": ">=14" + }, + "funding": { + "url": "https://github.com/prettier/prettier?sponsor=1" + } + }, + "node_modules/prettier-plugin-organize-imports": { + "version": "4.1.0", + "dev": true, + "license": "MIT", + "peerDependencies": { + "prettier": ">=2.0", + "typescript": ">=2.9", + "vue-tsc": "^2.1.0" + }, + "peerDependenciesMeta": { + "vue-tsc": { + "optional": true + } + } + }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "license": "MIT" + }, + "node_modules/punycode": { + "version": "2.3.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=6" + } + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/resolve": { + "version": "1.22.3", + "dev": true, + "license": "MIT", + "dependencies": { + "is-core-module": "^2.12.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/resolve-from": { + "version": "4.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/reusify": { + "version": "1.0.4", + "dev": true, + "license": "MIT", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/rimraf": { + "version": "3.0.2", + "dev": true, + "license": "ISC", + "dependencies": { + "glob": "^7.1.3" + }, + "bin": { + "rimraf": "bin.js" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/rollup": { + "version": "4.13.2", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/estree": "1.0.5" + }, + "bin": { + "rollup": "dist/bin/rollup" + }, + "engines": { + "node": ">=18.0.0", + "npm": ">=8.0.0" + }, + "optionalDependencies": { + "@rollup/rollup-android-arm-eabi": "4.13.2", + "@rollup/rollup-android-arm64": "4.13.2", + "@rollup/rollup-darwin-arm64": "4.13.2", + "@rollup/rollup-darwin-x64": "4.13.2", + "@rollup/rollup-linux-arm-gnueabihf": "4.13.2", + "@rollup/rollup-linux-arm64-gnu": "4.13.2", + "@rollup/rollup-linux-arm64-musl": "4.13.2", + "@rollup/rollup-linux-powerpc64le-gnu": "4.13.2", + "@rollup/rollup-linux-riscv64-gnu": "4.13.2", + "@rollup/rollup-linux-s390x-gnu": "4.13.2", + "@rollup/rollup-linux-x64-gnu": "4.13.2", + "@rollup/rollup-linux-x64-musl": "4.13.2", + "@rollup/rollup-win32-arm64-msvc": "4.13.2", + "@rollup/rollup-win32-ia32-msvc": "4.13.2", + "@rollup/rollup-win32-x64-msvc": "4.13.2", + "fsevents": "~2.3.2" + } + }, + "node_modules/rollup-plugin-delete": { + "version": "2.0.0", + "dev": true, + "license": "MIT", + "dependencies": { + "del": "^5.1.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "dev": true, + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT", + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/semver": { + "version": "7.6.0", + "dev": true, + "license": "ISC", + "dependencies": { + "lru-cache": "^6.0.0" + }, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/semver/node_modules/lru-cache": { + "version": "6.0.0", + "dev": true, + "license": "ISC", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "dev": true, + "license": "MIT", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/slash": { + "version": "3.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dev": true, + "license": "MIT", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/supports-color": { + "version": "7.2.0", + "dev": true, + "license": "MIT", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/text-table": { + "version": "0.2.0", + "dev": true, + "license": "MIT" + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "dev": true, + "license": "MIT", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/ts-api-utils": { + "version": "1.3.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=16" + }, + "peerDependencies": { + "typescript": ">=4.2.0" + } + }, + "node_modules/type-check": { + "version": "0.4.0", + "dev": true, + "license": "MIT", + "dependencies": { + "prelude-ls": "^1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/type-fest": { + "version": "0.20.2", + "dev": true, + "license": "(MIT OR CC0-1.0)", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/typescript": { + "version": "5.1.6", + "dev": true, + "license": "Apache-2.0", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=14.17" + } + }, + "node_modules/undici-types": { + "version": "5.26.5", + "dev": true, + "license": "MIT" + }, + "node_modules/uri-js": { + "version": "4.4.1", + "dev": true, + "license": "BSD-2-Clause", + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/which": { + "version": "2.0.2", + "dev": true, + "license": "ISC", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "dev": true, + "license": "ISC" + }, + "node_modules/yallist": { + "version": "4.0.0", + "dev": true, + "license": "ISC" + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + } + } +} From 9ca16130a8b8862f6b9490382d3d785f2883574a Mon Sep 17 00:00:00 2001 From: Basile Date: Thu, 10 Apr 2025 16:28:11 +0200 Subject: [PATCH 07/11] Code cleaning --- packages/go/analysis/azure/group365.go | 30 +- packages/go/analysis/azure/model.go | 5 - packages/go/graphschema/azure/azure.go | 16 + packages/go/schemagen/main.go | 6 +- .../bh-shared-ui/src/graphSchema.ts | 2202 +++++++++-------- .../bh-shared-ui/src/utils/content.ts | 294 +-- 6 files changed, 1331 insertions(+), 1222 deletions(-) diff --git a/packages/go/analysis/azure/group365.go b/packages/go/analysis/azure/group365.go index 29997c648f..5d7e6c803e 100644 --- a/packages/go/analysis/azure/group365.go +++ b/packages/go/analysis/azure/group365.go @@ -1,4 +1,4 @@ -// Copyright 2023 Specter Ops, Inc. +// Copyright 2025 Specter Ops, Inc. // // Licensed under the Apache License, Version 2.0 // you may not use this file except in compliance with the License. @@ -51,28 +51,6 @@ func Group365EntityDetails(db graph.Database, objectID string, hydrateCounts boo func PopulateGroup365EntityDetailsCounts(tx graph.Transaction, node *graph.Node, details Group365Details) (Group365Details, error) { - /* if roles, err := FetchEntityRoles(tx, node, 0, 0); err != nil { - return details, err - - } else { - details.Roles = roles.Len() - } */ - - /* if groupMembers, err := FetchGroupMemberPaths(tx, node); err != nil { - return details, err - - } else { - details.Group365Members = groupMembers.Len() - } */ - - /* if groupMembership, err := FetchEntityGroupMembershipPaths(tx, node); err != nil { - return details, err - - } else { - details.Group365Membership = groupMembership.Len() - - } */ - if inboundObjectControl, err := FetchInboundEntityObjectControllers(tx, node, 0, 0); err != nil { return details, err @@ -80,11 +58,5 @@ func PopulateGroup365EntityDetailsCounts(tx graph.Transaction, node *graph.Node, details.InboundObjectControl = inboundObjectControl.Len() } - /* if outboundObjectControl, err := FetchOutboundEntityObjectControl(tx, node, 0, 0); err != nil { - return details, err - - } else { - details.OutboundObjectControl = outboundObjectControl.Len() - } */ return details, nil } diff --git a/packages/go/analysis/azure/model.go b/packages/go/analysis/azure/model.go index 624adb276c..96364d45a2 100644 --- a/packages/go/analysis/azure/model.go +++ b/packages/go/analysis/azure/model.go @@ -118,11 +118,6 @@ type GroupDetails struct { type Group365Details struct { Node - - //Roles int `json:"roles"` - //GroupMembers int `json:"group_members"` - //GroupMembership int `json:"group_membership"` - //OutboundObjectControl int `json:"outbound_object_control"` InboundObjectControl int `json:"inbound_object_control"` } diff --git a/packages/go/graphschema/azure/azure.go b/packages/go/graphschema/azure/azure.go index b64fda7950..3fdcd81fd3 100644 --- a/packages/go/graphschema/azure/azure.go +++ b/packages/go/graphschema/azure/azure.go @@ -1,3 +1,19 @@ +// Copyright 2025 Specter Ops, Inc. +// +// Licensed under the Apache License, Version 2.0 +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + // Code generated by Cuelang code gen. DO NOT EDIT! // Cuelang source: github.com/specterops/bloodhound/-/tree/main/packages/cue/schemas/ diff --git a/packages/go/schemagen/main.go b/packages/go/schemagen/main.go index 9b6876de2a..dc71a8068b 100644 --- a/packages/go/schemagen/main.go +++ b/packages/go/schemagen/main.go @@ -69,7 +69,6 @@ func GenerateSharedTypeScript(projectRoot string, rootSchema Schema) error { } func main() { - cfgBuilder := generator.NewConfigBuilder("/schemas") if projectRoot, err := generator.FindGolangWorkspaceRoot(); err != nil { slog.Error(fmt.Sprintf("Error finding project root: %v", err)) @@ -77,6 +76,9 @@ func main() { } else { slog.Info(fmt.Sprintf("Project root is %s", projectRoot)) + absolutepath, _ := filepath.Abs(projectRoot) + cfgBuilder := generator.NewConfigBuilder(absolutepath) + if err := cfgBuilder.OverlayPath(filepath.Join(projectRoot, "packages/cue")); err != nil { slog.Error(fmt.Sprintf("Error: %v", err)) os.Exit(1) @@ -84,7 +86,7 @@ func main() { cfg := cfgBuilder.Build() - if bhInstance, err := cfg.Value("/schemas/bh/bh.cue"); err != nil { + if bhInstance, err := cfg.Value("/bh/bh.cue"); err != nil { slog.Error(fmt.Sprintf("Error: %v", errors.Details(err, nil))) os.Exit(1) } else { diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index b915aefa7b..0ba2f80883 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -1,1070 +1,1194 @@ +// Copyright 2025 Specter Ops, Inc. +// +// Licensed under the Apache License, Version 2.0 +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 export enum ActiveDirectoryNodeKind { -Entity = 'Base', -User = 'User', -Computer = 'Computer', -Group = 'Group', -GPO = 'GPO', -OU = 'OU', -Container = 'Container', -Domain = 'Domain', -LocalGroup = 'ADLocalGroup', -LocalUser = 'ADLocalUser', -AIACA = 'AIACA', -RootCA = 'RootCA', -EnterpriseCA = 'EnterpriseCA', -NTAuthStore = 'NTAuthStore', -CertTemplate = 'CertTemplate', -IssuancePolicy = 'IssuancePolicy', -} -export function ActiveDirectoryNodeKindToDisplay (value : ActiveDirectoryNodeKind): string | undefined { -switch (value) { -case ActiveDirectoryNodeKind.Entity: -return 'Entity' -case ActiveDirectoryNodeKind.User: -return 'User' -case ActiveDirectoryNodeKind.Computer: -return 'Computer' -case ActiveDirectoryNodeKind.Group: -return 'Group' -case ActiveDirectoryNodeKind.GPO: -return 'GPO' -case ActiveDirectoryNodeKind.OU: -return 'OU' -case ActiveDirectoryNodeKind.Container: -return 'Container' -case ActiveDirectoryNodeKind.Domain: -return 'Domain' -case ActiveDirectoryNodeKind.LocalGroup: -return 'LocalGroup' -case ActiveDirectoryNodeKind.LocalUser: -return 'LocalUser' -case ActiveDirectoryNodeKind.AIACA: -return 'AIACA' -case ActiveDirectoryNodeKind.RootCA: -return 'RootCA' -case ActiveDirectoryNodeKind.EnterpriseCA: -return 'EnterpriseCA' -case ActiveDirectoryNodeKind.NTAuthStore: -return 'NTAuthStore' -case ActiveDirectoryNodeKind.CertTemplate: -return 'CertTemplate' -case ActiveDirectoryNodeKind.IssuancePolicy: -return 'IssuancePolicy' -default: -return undefined + Entity = 'Base', + User = 'User', + Computer = 'Computer', + Group = 'Group', + GPO = 'GPO', + OU = 'OU', + Container = 'Container', + Domain = 'Domain', + LocalGroup = 'ADLocalGroup', + LocalUser = 'ADLocalUser', + AIACA = 'AIACA', + RootCA = 'RootCA', + EnterpriseCA = 'EnterpriseCA', + NTAuthStore = 'NTAuthStore', + CertTemplate = 'CertTemplate', + IssuancePolicy = 'IssuancePolicy', } +export function ActiveDirectoryNodeKindToDisplay (value: ActiveDirectoryNodeKind): string | undefined { + switch (value) { + case ActiveDirectoryNodeKind.Entity: + return 'Entity'; + case ActiveDirectoryNodeKind.User: + return 'User'; + case ActiveDirectoryNodeKind.Computer: + return 'Computer'; + case ActiveDirectoryNodeKind.Group: + return 'Group'; + case ActiveDirectoryNodeKind.GPO: + return 'GPO'; + case ActiveDirectoryNodeKind.OU: + return 'OU'; + case ActiveDirectoryNodeKind.Container: + return 'Container'; + case ActiveDirectoryNodeKind.Domain: + return 'Domain'; + case ActiveDirectoryNodeKind.LocalGroup: + return 'LocalGroup'; + case ActiveDirectoryNodeKind.LocalUser: + return 'LocalUser'; + case ActiveDirectoryNodeKind.AIACA: + return 'AIACA'; + case ActiveDirectoryNodeKind.RootCA: + return 'RootCA'; + case ActiveDirectoryNodeKind.EnterpriseCA: + return 'EnterpriseCA'; + case ActiveDirectoryNodeKind.NTAuthStore: + return 'NTAuthStore'; + case ActiveDirectoryNodeKind.CertTemplate: + return 'CertTemplate'; + case ActiveDirectoryNodeKind.IssuancePolicy: + return 'IssuancePolicy'; + default: + return undefined; + } } export enum ActiveDirectoryRelationshipKind { -Owns = 'Owns', -GenericAll = 'GenericAll', -GenericWrite = 'GenericWrite', -WriteOwner = 'WriteOwner', -WriteDACL = 'WriteDacl', -MemberOf = 'MemberOf', -ForceChangePassword = 'ForceChangePassword', -AllExtendedRights = 'AllExtendedRights', -AddMember = 'AddMember', -HasSession = 'HasSession', -Contains = 'Contains', -GPLink = 'GPLink', -AllowedToDelegate = 'AllowedToDelegate', -CoerceToTGT = 'CoerceToTGT', -GetChanges = 'GetChanges', -GetChangesAll = 'GetChangesAll', -GetChangesInFilteredSet = 'GetChangesInFilteredSet', -TrustedBy = 'TrustedBy', -AllowedToAct = 'AllowedToAct', -AdminTo = 'AdminTo', -CanPSRemote = 'CanPSRemote', -CanRDP = 'CanRDP', -ExecuteDCOM = 'ExecuteDCOM', -HasSIDHistory = 'HasSIDHistory', -AddSelf = 'AddSelf', -DCSync = 'DCSync', -ReadLAPSPassword = 'ReadLAPSPassword', -ReadGMSAPassword = 'ReadGMSAPassword', -DumpSMSAPassword = 'DumpSMSAPassword', -SQLAdmin = 'SQLAdmin', -AddAllowedToAct = 'AddAllowedToAct', -WriteSPN = 'WriteSPN', -AddKeyCredentialLink = 'AddKeyCredentialLink', -LocalToComputer = 'LocalToComputer', -MemberOfLocalGroup = 'MemberOfLocalGroup', -RemoteInteractiveLogonRight = 'RemoteInteractiveLogonRight', -SyncLAPSPassword = 'SyncLAPSPassword', -WriteAccountRestrictions = 'WriteAccountRestrictions', -WriteGPLink = 'WriteGPLink', -RootCAFor = 'RootCAFor', -DCFor = 'DCFor', -PublishedTo = 'PublishedTo', -ManageCertificates = 'ManageCertificates', -ManageCA = 'ManageCA', -DelegatedEnrollmentAgent = 'DelegatedEnrollmentAgent', -Enroll = 'Enroll', -HostsCAService = 'HostsCAService', -WritePKIEnrollmentFlag = 'WritePKIEnrollmentFlag', -WritePKINameFlag = 'WritePKINameFlag', -NTAuthStoreFor = 'NTAuthStoreFor', -TrustedForNTAuth = 'TrustedForNTAuth', -EnterpriseCAFor = 'EnterpriseCAFor', -IssuedSignedBy = 'IssuedSignedBy', -GoldenCert = 'GoldenCert', -EnrollOnBehalfOf = 'EnrollOnBehalfOf', -OIDGroupLink = 'OIDGroupLink', -ExtendedByPolicy = 'ExtendedByPolicy', -ADCSESC1 = 'ADCSESC1', -ADCSESC3 = 'ADCSESC3', -ADCSESC4 = 'ADCSESC4', -ADCSESC6a = 'ADCSESC6a', -ADCSESC6b = 'ADCSESC6b', -ADCSESC9a = 'ADCSESC9a', -ADCSESC9b = 'ADCSESC9b', -ADCSESC10a = 'ADCSESC10a', -ADCSESC10b = 'ADCSESC10b', -ADCSESC13 = 'ADCSESC13', -SyncedToEntraUser = 'SyncedToEntraUser', -CoerceAndRelayNTLMToSMB = 'CoerceAndRelayNTLMToSMB', -CoerceAndRelayNTLMToADCS = 'CoerceAndRelayNTLMToADCS', -WriteOwnerLimitedRights = 'WriteOwnerLimitedRights', -WriteOwnerRaw = 'WriteOwnerRaw', -OwnsLimitedRights = 'OwnsLimitedRights', -OwnsRaw = 'OwnsRaw', -CoerceAndRelayNTLMToLDAP = 'CoerceAndRelayNTLMToLDAP', -CoerceAndRelayNTLMToLDAPS = 'CoerceAndRelayNTLMToLDAPS', -} -export function ActiveDirectoryRelationshipKindToDisplay (value : ActiveDirectoryRelationshipKind): string | undefined { -switch (value) { -case ActiveDirectoryRelationshipKind.Owns: -return 'Owns' -case ActiveDirectoryRelationshipKind.GenericAll: -return 'GenericAll' -case ActiveDirectoryRelationshipKind.GenericWrite: -return 'GenericWrite' -case ActiveDirectoryRelationshipKind.WriteOwner: -return 'WriteOwner' -case ActiveDirectoryRelationshipKind.WriteDACL: -return 'WriteDACL' -case ActiveDirectoryRelationshipKind.MemberOf: -return 'MemberOf' -case ActiveDirectoryRelationshipKind.ForceChangePassword: -return 'ForceChangePassword' -case ActiveDirectoryRelationshipKind.AllExtendedRights: -return 'AllExtendedRights' -case ActiveDirectoryRelationshipKind.AddMember: -return 'AddMember' -case ActiveDirectoryRelationshipKind.HasSession: -return 'HasSession' -case ActiveDirectoryRelationshipKind.Contains: -return 'Contains' -case ActiveDirectoryRelationshipKind.GPLink: -return 'GPLink' -case ActiveDirectoryRelationshipKind.AllowedToDelegate: -return 'AllowedToDelegate' -case ActiveDirectoryRelationshipKind.CoerceToTGT: -return 'CoerceToTGT' -case ActiveDirectoryRelationshipKind.GetChanges: -return 'GetChanges' -case ActiveDirectoryRelationshipKind.GetChangesAll: -return 'GetChangesAll' -case ActiveDirectoryRelationshipKind.GetChangesInFilteredSet: -return 'GetChangesInFilteredSet' -case ActiveDirectoryRelationshipKind.TrustedBy: -return 'TrustedBy' -case ActiveDirectoryRelationshipKind.AllowedToAct: -return 'AllowedToAct' -case ActiveDirectoryRelationshipKind.AdminTo: -return 'AdminTo' -case ActiveDirectoryRelationshipKind.CanPSRemote: -return 'CanPSRemote' -case ActiveDirectoryRelationshipKind.CanRDP: -return 'CanRDP' -case ActiveDirectoryRelationshipKind.ExecuteDCOM: -return 'ExecuteDCOM' -case ActiveDirectoryRelationshipKind.HasSIDHistory: -return 'HasSIDHistory' -case ActiveDirectoryRelationshipKind.AddSelf: -return 'AddSelf' -case ActiveDirectoryRelationshipKind.DCSync: -return 'DCSync' -case ActiveDirectoryRelationshipKind.ReadLAPSPassword: -return 'ReadLAPSPassword' -case ActiveDirectoryRelationshipKind.ReadGMSAPassword: -return 'ReadGMSAPassword' -case ActiveDirectoryRelationshipKind.DumpSMSAPassword: -return 'DumpSMSAPassword' -case ActiveDirectoryRelationshipKind.SQLAdmin: -return 'SQLAdmin' -case ActiveDirectoryRelationshipKind.AddAllowedToAct: -return 'AddAllowedToAct' -case ActiveDirectoryRelationshipKind.WriteSPN: -return 'WriteSPN' -case ActiveDirectoryRelationshipKind.AddKeyCredentialLink: -return 'AddKeyCredentialLink' -case ActiveDirectoryRelationshipKind.LocalToComputer: -return 'LocalToComputer' -case ActiveDirectoryRelationshipKind.MemberOfLocalGroup: -return 'MemberOfLocalGroup' -case ActiveDirectoryRelationshipKind.RemoteInteractiveLogonRight: -return 'RemoteInteractiveLogonRight' -case ActiveDirectoryRelationshipKind.SyncLAPSPassword: -return 'SyncLAPSPassword' -case ActiveDirectoryRelationshipKind.WriteAccountRestrictions: -return 'WriteAccountRestrictions' -case ActiveDirectoryRelationshipKind.WriteGPLink: -return 'WriteGPLink' -case ActiveDirectoryRelationshipKind.RootCAFor: -return 'RootCAFor' -case ActiveDirectoryRelationshipKind.DCFor: -return 'DCFor' -case ActiveDirectoryRelationshipKind.PublishedTo: -return 'PublishedTo' -case ActiveDirectoryRelationshipKind.ManageCertificates: -return 'ManageCertificates' -case ActiveDirectoryRelationshipKind.ManageCA: -return 'ManageCA' -case ActiveDirectoryRelationshipKind.DelegatedEnrollmentAgent: -return 'DelegatedEnrollmentAgent' -case ActiveDirectoryRelationshipKind.Enroll: -return 'Enroll' -case ActiveDirectoryRelationshipKind.HostsCAService: -return 'HostsCAService' -case ActiveDirectoryRelationshipKind.WritePKIEnrollmentFlag: -return 'WritePKIEnrollmentFlag' -case ActiveDirectoryRelationshipKind.WritePKINameFlag: -return 'WritePKINameFlag' -case ActiveDirectoryRelationshipKind.NTAuthStoreFor: -return 'NTAuthStoreFor' -case ActiveDirectoryRelationshipKind.TrustedForNTAuth: -return 'TrustedForNTAuth' -case ActiveDirectoryRelationshipKind.EnterpriseCAFor: -return 'EnterpriseCAFor' -case ActiveDirectoryRelationshipKind.IssuedSignedBy: -return 'IssuedSignedBy' -case ActiveDirectoryRelationshipKind.GoldenCert: -return 'GoldenCert' -case ActiveDirectoryRelationshipKind.EnrollOnBehalfOf: -return 'EnrollOnBehalfOf' -case ActiveDirectoryRelationshipKind.OIDGroupLink: -return 'OIDGroupLink' -case ActiveDirectoryRelationshipKind.ExtendedByPolicy: -return 'ExtendedByPolicy' -case ActiveDirectoryRelationshipKind.ADCSESC1: -return 'ADCSESC1' -case ActiveDirectoryRelationshipKind.ADCSESC3: -return 'ADCSESC3' -case ActiveDirectoryRelationshipKind.ADCSESC4: -return 'ADCSESC4' -case ActiveDirectoryRelationshipKind.ADCSESC6a: -return 'ADCSESC6a' -case ActiveDirectoryRelationshipKind.ADCSESC6b: -return 'ADCSESC6b' -case ActiveDirectoryRelationshipKind.ADCSESC9a: -return 'ADCSESC9a' -case ActiveDirectoryRelationshipKind.ADCSESC9b: -return 'ADCSESC9b' -case ActiveDirectoryRelationshipKind.ADCSESC10a: -return 'ADCSESC10a' -case ActiveDirectoryRelationshipKind.ADCSESC10b: -return 'ADCSESC10b' -case ActiveDirectoryRelationshipKind.ADCSESC13: -return 'ADCSESC13' -case ActiveDirectoryRelationshipKind.SyncedToEntraUser: -return 'SyncedToEntraUser' -case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB: -return 'CoerceAndRelayNTLMToSMB' -case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS: -return 'CoerceAndRelayNTLMToADCS' -case ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights: -return 'WriteOwnerLimitedRights' -case ActiveDirectoryRelationshipKind.WriteOwnerRaw: -return 'WriteOwnerRaw' -case ActiveDirectoryRelationshipKind.OwnsLimitedRights: -return 'OwnsLimitedRights' -case ActiveDirectoryRelationshipKind.OwnsRaw: -return 'OwnsRaw' -case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP: -return 'CoerceAndRelayNTLMToLDAP' -case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS: -return 'CoerceAndRelayNTLMToLDAPS' -default: -return undefined + Owns = 'Owns', + GenericAll = 'GenericAll', + GenericWrite = 'GenericWrite', + WriteOwner = 'WriteOwner', + WriteDACL = 'WriteDacl', + MemberOf = 'MemberOf', + ForceChangePassword = 'ForceChangePassword', + AllExtendedRights = 'AllExtendedRights', + AddMember = 'AddMember', + HasSession = 'HasSession', + Contains = 'Contains', + GPLink = 'GPLink', + AllowedToDelegate = 'AllowedToDelegate', + CoerceToTGT = 'CoerceToTGT', + GetChanges = 'GetChanges', + GetChangesAll = 'GetChangesAll', + GetChangesInFilteredSet = 'GetChangesInFilteredSet', + TrustedBy = 'TrustedBy', + AllowedToAct = 'AllowedToAct', + AdminTo = 'AdminTo', + CanPSRemote = 'CanPSRemote', + CanRDP = 'CanRDP', + ExecuteDCOM = 'ExecuteDCOM', + HasSIDHistory = 'HasSIDHistory', + AddSelf = 'AddSelf', + DCSync = 'DCSync', + ReadLAPSPassword = 'ReadLAPSPassword', + ReadGMSAPassword = 'ReadGMSAPassword', + DumpSMSAPassword = 'DumpSMSAPassword', + SQLAdmin = 'SQLAdmin', + AddAllowedToAct = 'AddAllowedToAct', + WriteSPN = 'WriteSPN', + AddKeyCredentialLink = 'AddKeyCredentialLink', + LocalToComputer = 'LocalToComputer', + MemberOfLocalGroup = 'MemberOfLocalGroup', + RemoteInteractiveLogonRight = 'RemoteInteractiveLogonRight', + SyncLAPSPassword = 'SyncLAPSPassword', + WriteAccountRestrictions = 'WriteAccountRestrictions', + WriteGPLink = 'WriteGPLink', + RootCAFor = 'RootCAFor', + DCFor = 'DCFor', + PublishedTo = 'PublishedTo', + ManageCertificates = 'ManageCertificates', + ManageCA = 'ManageCA', + DelegatedEnrollmentAgent = 'DelegatedEnrollmentAgent', + Enroll = 'Enroll', + HostsCAService = 'HostsCAService', + WritePKIEnrollmentFlag = 'WritePKIEnrollmentFlag', + WritePKINameFlag = 'WritePKINameFlag', + NTAuthStoreFor = 'NTAuthStoreFor', + TrustedForNTAuth = 'TrustedForNTAuth', + EnterpriseCAFor = 'EnterpriseCAFor', + IssuedSignedBy = 'IssuedSignedBy', + GoldenCert = 'GoldenCert', + EnrollOnBehalfOf = 'EnrollOnBehalfOf', + OIDGroupLink = 'OIDGroupLink', + ExtendedByPolicy = 'ExtendedByPolicy', + ADCSESC1 = 'ADCSESC1', + ADCSESC3 = 'ADCSESC3', + ADCSESC4 = 'ADCSESC4', + ADCSESC6a = 'ADCSESC6a', + ADCSESC6b = 'ADCSESC6b', + ADCSESC9a = 'ADCSESC9a', + ADCSESC9b = 'ADCSESC9b', + ADCSESC10a = 'ADCSESC10a', + ADCSESC10b = 'ADCSESC10b', + ADCSESC13 = 'ADCSESC13', + SyncedToEntraUser = 'SyncedToEntraUser', + CoerceAndRelayNTLMToSMB = 'CoerceAndRelayNTLMToSMB', + CoerceAndRelayNTLMToADCS = 'CoerceAndRelayNTLMToADCS', + WriteOwnerLimitedRights = 'WriteOwnerLimitedRights', + WriteOwnerRaw = 'WriteOwnerRaw', + OwnsLimitedRights = 'OwnsLimitedRights', + OwnsRaw = 'OwnsRaw', + CoerceAndRelayNTLMToLDAP = 'CoerceAndRelayNTLMToLDAP', + CoerceAndRelayNTLMToLDAPS = 'CoerceAndRelayNTLMToLDAPS', } +export function ActiveDirectoryRelationshipKindToDisplay (value: ActiveDirectoryRelationshipKind): string | undefined { + switch (value) { + case ActiveDirectoryRelationshipKind.Owns: + return 'Owns'; + case ActiveDirectoryRelationshipKind.GenericAll: + return 'GenericAll'; + case ActiveDirectoryRelationshipKind.GenericWrite: + return 'GenericWrite'; + case ActiveDirectoryRelationshipKind.WriteOwner: + return 'WriteOwner'; + case ActiveDirectoryRelationshipKind.WriteDACL: + return 'WriteDACL'; + case ActiveDirectoryRelationshipKind.MemberOf: + return 'MemberOf'; + case ActiveDirectoryRelationshipKind.ForceChangePassword: + return 'ForceChangePassword'; + case ActiveDirectoryRelationshipKind.AllExtendedRights: + return 'AllExtendedRights'; + case ActiveDirectoryRelationshipKind.AddMember: + return 'AddMember'; + case ActiveDirectoryRelationshipKind.HasSession: + return 'HasSession'; + case ActiveDirectoryRelationshipKind.Contains: + return 'Contains'; + case ActiveDirectoryRelationshipKind.GPLink: + return 'GPLink'; + case ActiveDirectoryRelationshipKind.AllowedToDelegate: + return 'AllowedToDelegate'; + case ActiveDirectoryRelationshipKind.CoerceToTGT: + return 'CoerceToTGT'; + case ActiveDirectoryRelationshipKind.GetChanges: + return 'GetChanges'; + case ActiveDirectoryRelationshipKind.GetChangesAll: + return 'GetChangesAll'; + case ActiveDirectoryRelationshipKind.GetChangesInFilteredSet: + return 'GetChangesInFilteredSet'; + case ActiveDirectoryRelationshipKind.TrustedBy: + return 'TrustedBy'; + case ActiveDirectoryRelationshipKind.AllowedToAct: + return 'AllowedToAct'; + case ActiveDirectoryRelationshipKind.AdminTo: + return 'AdminTo'; + case ActiveDirectoryRelationshipKind.CanPSRemote: + return 'CanPSRemote'; + case ActiveDirectoryRelationshipKind.CanRDP: + return 'CanRDP'; + case ActiveDirectoryRelationshipKind.ExecuteDCOM: + return 'ExecuteDCOM'; + case ActiveDirectoryRelationshipKind.HasSIDHistory: + return 'HasSIDHistory'; + case ActiveDirectoryRelationshipKind.AddSelf: + return 'AddSelf'; + case ActiveDirectoryRelationshipKind.DCSync: + return 'DCSync'; + case ActiveDirectoryRelationshipKind.ReadLAPSPassword: + return 'ReadLAPSPassword'; + case ActiveDirectoryRelationshipKind.ReadGMSAPassword: + return 'ReadGMSAPassword'; + case ActiveDirectoryRelationshipKind.DumpSMSAPassword: + return 'DumpSMSAPassword'; + case ActiveDirectoryRelationshipKind.SQLAdmin: + return 'SQLAdmin'; + case ActiveDirectoryRelationshipKind.AddAllowedToAct: + return 'AddAllowedToAct'; + case ActiveDirectoryRelationshipKind.WriteSPN: + return 'WriteSPN'; + case ActiveDirectoryRelationshipKind.AddKeyCredentialLink: + return 'AddKeyCredentialLink'; + case ActiveDirectoryRelationshipKind.LocalToComputer: + return 'LocalToComputer'; + case ActiveDirectoryRelationshipKind.MemberOfLocalGroup: + return 'MemberOfLocalGroup'; + case ActiveDirectoryRelationshipKind.RemoteInteractiveLogonRight: + return 'RemoteInteractiveLogonRight'; + case ActiveDirectoryRelationshipKind.SyncLAPSPassword: + return 'SyncLAPSPassword'; + case ActiveDirectoryRelationshipKind.WriteAccountRestrictions: + return 'WriteAccountRestrictions'; + case ActiveDirectoryRelationshipKind.WriteGPLink: + return 'WriteGPLink'; + case ActiveDirectoryRelationshipKind.RootCAFor: + return 'RootCAFor'; + case ActiveDirectoryRelationshipKind.DCFor: + return 'DCFor'; + case ActiveDirectoryRelationshipKind.PublishedTo: + return 'PublishedTo'; + case ActiveDirectoryRelationshipKind.ManageCertificates: + return 'ManageCertificates'; + case ActiveDirectoryRelationshipKind.ManageCA: + return 'ManageCA'; + case ActiveDirectoryRelationshipKind.DelegatedEnrollmentAgent: + return 'DelegatedEnrollmentAgent'; + case ActiveDirectoryRelationshipKind.Enroll: + return 'Enroll'; + case ActiveDirectoryRelationshipKind.HostsCAService: + return 'HostsCAService'; + case ActiveDirectoryRelationshipKind.WritePKIEnrollmentFlag: + return 'WritePKIEnrollmentFlag'; + case ActiveDirectoryRelationshipKind.WritePKINameFlag: + return 'WritePKINameFlag'; + case ActiveDirectoryRelationshipKind.NTAuthStoreFor: + return 'NTAuthStoreFor'; + case ActiveDirectoryRelationshipKind.TrustedForNTAuth: + return 'TrustedForNTAuth'; + case ActiveDirectoryRelationshipKind.EnterpriseCAFor: + return 'EnterpriseCAFor'; + case ActiveDirectoryRelationshipKind.IssuedSignedBy: + return 'IssuedSignedBy'; + case ActiveDirectoryRelationshipKind.GoldenCert: + return 'GoldenCert'; + case ActiveDirectoryRelationshipKind.EnrollOnBehalfOf: + return 'EnrollOnBehalfOf'; + case ActiveDirectoryRelationshipKind.OIDGroupLink: + return 'OIDGroupLink'; + case ActiveDirectoryRelationshipKind.ExtendedByPolicy: + return 'ExtendedByPolicy'; + case ActiveDirectoryRelationshipKind.ADCSESC1: + return 'ADCSESC1'; + case ActiveDirectoryRelationshipKind.ADCSESC3: + return 'ADCSESC3'; + case ActiveDirectoryRelationshipKind.ADCSESC4: + return 'ADCSESC4'; + case ActiveDirectoryRelationshipKind.ADCSESC6a: + return 'ADCSESC6a'; + case ActiveDirectoryRelationshipKind.ADCSESC6b: + return 'ADCSESC6b'; + case ActiveDirectoryRelationshipKind.ADCSESC9a: + return 'ADCSESC9a'; + case ActiveDirectoryRelationshipKind.ADCSESC9b: + return 'ADCSESC9b'; + case ActiveDirectoryRelationshipKind.ADCSESC10a: + return 'ADCSESC10a'; + case ActiveDirectoryRelationshipKind.ADCSESC10b: + return 'ADCSESC10b'; + case ActiveDirectoryRelationshipKind.ADCSESC13: + return 'ADCSESC13'; + case ActiveDirectoryRelationshipKind.SyncedToEntraUser: + return 'SyncedToEntraUser'; + case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB: + return 'CoerceAndRelayNTLMToSMB'; + case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS: + return 'CoerceAndRelayNTLMToADCS'; + case ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights: + return 'WriteOwnerLimitedRights'; + case ActiveDirectoryRelationshipKind.WriteOwnerRaw: + return 'WriteOwnerRaw'; + case ActiveDirectoryRelationshipKind.OwnsLimitedRights: + return 'OwnsLimitedRights'; + case ActiveDirectoryRelationshipKind.OwnsRaw: + return 'OwnsRaw'; + case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP: + return 'CoerceAndRelayNTLMToLDAP'; + case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS: + return 'CoerceAndRelayNTLMToLDAPS'; + default: + return undefined; + } } -export type ActiveDirectoryKind = ActiveDirectoryNodeKind|ActiveDirectoryRelationshipKind -export const EdgeCompositionRelationships = ['GoldenCert','ADCSESC1','ADCSESC3','ADCSESC4','ADCSESC6a','ADCSESC6b','ADCSESC9a','ADCSESC9b','ADCSESC10a','ADCSESC10b','ADCSESC13','CoerceAndRelayNTLMToSMB','CoerceAndRelayNTLMToADCS','CoerceAndRelayNTLMToLDAP','CoerceAndRelayNTLMToLDAPS'] +export type ActiveDirectoryKind = ActiveDirectoryNodeKind | ActiveDirectoryRelationshipKind +export const EdgeCompositionRelationships = [ + 'GoldenCert', + 'ADCSESC1', + 'ADCSESC3', + 'ADCSESC4', + 'ADCSESC6a', + 'ADCSESC6b', + 'ADCSESC9a', + 'ADCSESC9b', + 'ADCSESC10a', + 'ADCSESC10b', + 'ADCSESC13', + 'CoerceAndRelayNTLMToSMB', + 'CoerceAndRelayNTLMToADCS', + 'CoerceAndRelayNTLMToLDAP', + 'CoerceAndRelayNTLMToLDAPS' +]; export enum ActiveDirectoryKindProperties { -AdminCount = 'admincount', -CASecurityCollected = 'casecuritycollected', -CAName = 'caname', -CertChain = 'certchain', -CertName = 'certname', -CertThumbprint = 'certthumbprint', -CertThumbprints = 'certthumbprints', -HasEnrollmentAgentRestrictions = 'hasenrollmentagentrestrictions', -EnrollmentAgentRestrictionsCollected = 'enrollmentagentrestrictionscollected', -IsUserSpecifiesSanEnabled = 'isuserspecifiessanenabled', -IsUserSpecifiesSanEnabledCollected = 'isuserspecifiessanenabledcollected', -RoleSeparationEnabled = 'roleseparationenabled', -RoleSeparationEnabledCollected = 'roleseparationenabledcollected', -HasBasicConstraints = 'hasbasicconstraints', -BasicConstraintPathLength = 'basicconstraintpathlength', -UnresolvedPublishedTemplates = 'unresolvedpublishedtemplates', -DNSHostname = 'dnshostname', -CrossCertificatePair = 'crosscertificatepair', -DistinguishedName = 'distinguishedname', -DomainFQDN = 'domain', -DomainSID = 'domainsid', -Sensitive = 'sensitive', -BlocksInheritance = 'blocksinheritance', -IsACL = 'isacl', -IsACLProtected = 'isaclprotected', -IsDeleted = 'isdeleted', -Enforced = 'enforced', -Department = 'department', -HasCrossCertificatePair = 'hascrosscertificatepair', -HasSPN = 'hasspn', -UnconstrainedDelegation = 'unconstraineddelegation', -LastLogon = 'lastlogon', -LastLogonTimestamp = 'lastlogontimestamp', -IsPrimaryGroup = 'isprimarygroup', -HasLAPS = 'haslaps', -DontRequirePreAuth = 'dontreqpreauth', -LogonType = 'logontype', -HasURA = 'hasura', -PasswordNeverExpires = 'pwdneverexpires', -PasswordNotRequired = 'passwordnotreqd', -FunctionalLevel = 'functionallevel', -TrustType = 'trusttype', -SidFiltering = 'sidfiltering', -TrustedToAuth = 'trustedtoauth', -SamAccountName = 'samaccountname', -CertificateMappingMethodsRaw = 'certificatemappingmethodsraw', -CertificateMappingMethods = 'certificatemappingmethods', -StrongCertificateBindingEnforcementRaw = 'strongcertificatebindingenforcementraw', -StrongCertificateBindingEnforcement = 'strongcertificatebindingenforcement', -EKUs = 'ekus', -SubjectAltRequireUPN = 'subjectaltrequireupn', -SubjectAltRequireDNS = 'subjectaltrequiredns', -SubjectAltRequireDomainDNS = 'subjectaltrequiredomaindns', -SubjectAltRequireEmail = 'subjectaltrequireemail', -SubjectAltRequireSPN = 'subjectaltrequirespn', -SubjectRequireEmail = 'subjectrequireemail', -AuthorizedSignatures = 'authorizedsignatures', -ApplicationPolicies = 'applicationpolicies', -IssuancePolicies = 'issuancepolicies', -SchemaVersion = 'schemaversion', -RequiresManagerApproval = 'requiresmanagerapproval', -AuthenticationEnabled = 'authenticationenabled', -SchannelAuthenticationEnabled = 'schannelauthenticationenabled', -EnrolleeSuppliesSubject = 'enrolleesuppliessubject', -CertificateApplicationPolicy = 'certificateapplicationpolicy', -CertificateNameFlag = 'certificatenameflag', -EffectiveEKUs = 'effectiveekus', -EnrollmentFlag = 'enrollmentflag', -Flags = 'flags', -NoSecurityExtension = 'nosecurityextension', -RenewalPeriod = 'renewalperiod', -ValidityPeriod = 'validityperiod', -OID = 'oid', -HomeDirectory = 'homedirectory', -CertificatePolicy = 'certificatepolicy', -CertTemplateOID = 'certtemplateoid', -GroupLinkID = 'grouplinkid', -ObjectGUID = 'objectguid', -ExpirePasswordsOnSmartCardOnlyAccounts = 'expirepasswordsonsmartcardonlyaccounts', -MachineAccountQuota = 'machineaccountquota', -SupportedKerberosEncryptionTypes = 'supportedencryptiontypes', -TGTDelegationEnabled = 'tgtdelegationenabled', -PasswordStoredUsingReversibleEncryption = 'encryptedtextpwdallowed', -SmartcardRequired = 'smartcardrequired', -UseDESKeyOnly = 'usedeskeyonly', -LogonScriptEnabled = 'logonscriptenabled', -LockedOut = 'lockedout', -UserCannotChangePassword = 'passwordcantchange', -PasswordExpired = 'passwordexpired', -DSHeuristics = 'dsheuristics', -UserAccountControl = 'useraccountcontrol', -TrustAttributes = 'trustattributes', -MinPwdLength = 'minpwdlength', -PwdProperties = 'pwdproperties', -PwdHistoryLength = 'pwdhistorylength', -LockoutThreshold = 'lockoutthreshold', -MinPwdAge = 'minpwdage', -MaxPwdAge = 'maxpwdage', -LockoutDuration = 'lockoutduration', -LockoutObservationWindow = 'lockoutobservationwindow', -OwnerSid = 'ownersid', -SMBSigning = 'smbsigning', -WebClientRunning = 'webclientrunning', -RestrictOutboundNTLM = 'restrictoutboundntlm', -GMSA = 'gmsa', -MSA = 'msa', -DoesAnyAceGrantOwnerRights = 'doesanyacegrantownerrights', -DoesAnyInheritedAceGrantOwnerRights = 'doesanyinheritedacegrantownerrights', -ADCSWebEnrollmentHTTP = 'adcswebenrollmenthttp', -ADCSWebEnrollmentHTTPS = 'adcswebenrollmenthttps', -ADCSWebEnrollmentHTTPSEPA = 'adcswebenrollmenthttpsepa', -LDAPSigning = 'ldapsigning', -LDAPAvailable = 'ldapavailable', -LDAPSAvailable = 'ldapsavailable', -LDAPSEPA = 'ldapsepa', -IsDC = 'isdc', -HTTPEnrollmentEndpoints = 'httpenrollmentendpoints', -HTTPSEnrollmentEndpoints = 'httpsenrollmentendpoints', -HasVulnerableEndpoint = 'hasvulnerableendpoint', + AdminCount = 'admincount', + CASecurityCollected = 'casecuritycollected', + CAName = 'caname', + CertChain = 'certchain', + CertName = 'certname', + CertThumbprint = 'certthumbprint', + CertThumbprints = 'certthumbprints', + HasEnrollmentAgentRestrictions = 'hasenrollmentagentrestrictions', + EnrollmentAgentRestrictionsCollected = 'enrollmentagentrestrictionscollected', + IsUserSpecifiesSanEnabled = 'isuserspecifiessanenabled', + IsUserSpecifiesSanEnabledCollected = 'isuserspecifiessanenabledcollected', + RoleSeparationEnabled = 'roleseparationenabled', + RoleSeparationEnabledCollected = 'roleseparationenabledcollected', + HasBasicConstraints = 'hasbasicconstraints', + BasicConstraintPathLength = 'basicconstraintpathlength', + UnresolvedPublishedTemplates = 'unresolvedpublishedtemplates', + DNSHostname = 'dnshostname', + CrossCertificatePair = 'crosscertificatepair', + DistinguishedName = 'distinguishedname', + DomainFQDN = 'domain', + DomainSID = 'domainsid', + Sensitive = 'sensitive', + BlocksInheritance = 'blocksinheritance', + IsACL = 'isacl', + IsACLProtected = 'isaclprotected', + IsDeleted = 'isdeleted', + Enforced = 'enforced', + Department = 'department', + HasCrossCertificatePair = 'hascrosscertificatepair', + HasSPN = 'hasspn', + UnconstrainedDelegation = 'unconstraineddelegation', + LastLogon = 'lastlogon', + LastLogonTimestamp = 'lastlogontimestamp', + IsPrimaryGroup = 'isprimarygroup', + HasLAPS = 'haslaps', + DontRequirePreAuth = 'dontreqpreauth', + LogonType = 'logontype', + HasURA = 'hasura', + PasswordNeverExpires = 'pwdneverexpires', + PasswordNotRequired = 'passwordnotreqd', + FunctionalLevel = 'functionallevel', + TrustType = 'trusttype', + SidFiltering = 'sidfiltering', + TrustedToAuth = 'trustedtoauth', + SamAccountName = 'samaccountname', + CertificateMappingMethodsRaw = 'certificatemappingmethodsraw', + CertificateMappingMethods = 'certificatemappingmethods', + StrongCertificateBindingEnforcementRaw = 'strongcertificatebindingenforcementraw', + StrongCertificateBindingEnforcement = 'strongcertificatebindingenforcement', + EKUs = 'ekus', + SubjectAltRequireUPN = 'subjectaltrequireupn', + SubjectAltRequireDNS = 'subjectaltrequiredns', + SubjectAltRequireDomainDNS = 'subjectaltrequiredomaindns', + SubjectAltRequireEmail = 'subjectaltrequireemail', + SubjectAltRequireSPN = 'subjectaltrequirespn', + SubjectRequireEmail = 'subjectrequireemail', + AuthorizedSignatures = 'authorizedsignatures', + ApplicationPolicies = 'applicationpolicies', + IssuancePolicies = 'issuancepolicies', + SchemaVersion = 'schemaversion', + RequiresManagerApproval = 'requiresmanagerapproval', + AuthenticationEnabled = 'authenticationenabled', + SchannelAuthenticationEnabled = 'schannelauthenticationenabled', + EnrolleeSuppliesSubject = 'enrolleesuppliessubject', + CertificateApplicationPolicy = 'certificateapplicationpolicy', + CertificateNameFlag = 'certificatenameflag', + EffectiveEKUs = 'effectiveekus', + EnrollmentFlag = 'enrollmentflag', + Flags = 'flags', + NoSecurityExtension = 'nosecurityextension', + RenewalPeriod = 'renewalperiod', + ValidityPeriod = 'validityperiod', + OID = 'oid', + HomeDirectory = 'homedirectory', + CertificatePolicy = 'certificatepolicy', + CertTemplateOID = 'certtemplateoid', + GroupLinkID = 'grouplinkid', + ObjectGUID = 'objectguid', + ExpirePasswordsOnSmartCardOnlyAccounts = 'expirepasswordsonsmartcardonlyaccounts', + MachineAccountQuota = 'machineaccountquota', + SupportedKerberosEncryptionTypes = 'supportedencryptiontypes', + TGTDelegationEnabled = 'tgtdelegationenabled', + PasswordStoredUsingReversibleEncryption = 'encryptedtextpwdallowed', + SmartcardRequired = 'smartcardrequired', + UseDESKeyOnly = 'usedeskeyonly', + LogonScriptEnabled = 'logonscriptenabled', + LockedOut = 'lockedout', + UserCannotChangePassword = 'passwordcantchange', + PasswordExpired = 'passwordexpired', + DSHeuristics = 'dsheuristics', + UserAccountControl = 'useraccountcontrol', + TrustAttributes = 'trustattributes', + MinPwdLength = 'minpwdlength', + PwdProperties = 'pwdproperties', + PwdHistoryLength = 'pwdhistorylength', + LockoutThreshold = 'lockoutthreshold', + MinPwdAge = 'minpwdage', + MaxPwdAge = 'maxpwdage', + LockoutDuration = 'lockoutduration', + LockoutObservationWindow = 'lockoutobservationwindow', + OwnerSid = 'ownersid', + SMBSigning = 'smbsigning', + WebClientRunning = 'webclientrunning', + RestrictOutboundNTLM = 'restrictoutboundntlm', + GMSA = 'gmsa', + MSA = 'msa', + DoesAnyAceGrantOwnerRights = 'doesanyacegrantownerrights', + DoesAnyInheritedAceGrantOwnerRights = 'doesanyinheritedacegrantownerrights', + ADCSWebEnrollmentHTTP = 'adcswebenrollmenthttp', + ADCSWebEnrollmentHTTPS = 'adcswebenrollmenthttps', + ADCSWebEnrollmentHTTPSEPA = 'adcswebenrollmenthttpsepa', + LDAPSigning = 'ldapsigning', + LDAPAvailable = 'ldapavailable', + LDAPSAvailable = 'ldapsavailable', + LDAPSEPA = 'ldapsepa', + IsDC = 'isdc', + HTTPEnrollmentEndpoints = 'httpenrollmentendpoints', + HTTPSEnrollmentEndpoints = 'httpsenrollmentendpoints', + HasVulnerableEndpoint = 'hasvulnerableendpoint', } -export function ActiveDirectoryKindPropertiesToDisplay (value : ActiveDirectoryKindProperties): string | undefined { -switch (value) { -case ActiveDirectoryKindProperties.AdminCount: -return 'Admin Count' -case ActiveDirectoryKindProperties.CASecurityCollected: -return 'CA Security Collected' -case ActiveDirectoryKindProperties.CAName: -return 'CA Name' -case ActiveDirectoryKindProperties.CertChain: -return 'Certificate Chain' -case ActiveDirectoryKindProperties.CertName: -return 'Certificate Name' -case ActiveDirectoryKindProperties.CertThumbprint: -return 'Certificate Thumbprint' -case ActiveDirectoryKindProperties.CertThumbprints: -return 'Certificate Thumbprints' -case ActiveDirectoryKindProperties.HasEnrollmentAgentRestrictions: -return 'Has Enrollment Agent Restrictions' -case ActiveDirectoryKindProperties.EnrollmentAgentRestrictionsCollected: -return 'Enrollment Agent Restrictions Collected' -case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabled: -return 'Is User Specifies San Enabled' -case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabledCollected: -return 'Is User Specifies San Enabled Collected' -case ActiveDirectoryKindProperties.RoleSeparationEnabled: -return 'Role Separation Enabled' -case ActiveDirectoryKindProperties.RoleSeparationEnabledCollected: -return 'Role Separation Enabled Collected' -case ActiveDirectoryKindProperties.HasBasicConstraints: -return 'Has Basic Constraints' -case ActiveDirectoryKindProperties.BasicConstraintPathLength: -return 'Basic Constraint Path Length' -case ActiveDirectoryKindProperties.UnresolvedPublishedTemplates: -return 'Unresolved Published Certificate Templates' -case ActiveDirectoryKindProperties.DNSHostname: -return 'DNS Hostname' -case ActiveDirectoryKindProperties.CrossCertificatePair: -return 'Cross Certificate Pair' -case ActiveDirectoryKindProperties.DistinguishedName: -return 'Distinguished Name' -case ActiveDirectoryKindProperties.DomainFQDN: -return 'Domain FQDN' -case ActiveDirectoryKindProperties.DomainSID: -return 'Domain SID' -case ActiveDirectoryKindProperties.Sensitive: -return 'Marked Sensitive' -case ActiveDirectoryKindProperties.BlocksInheritance: -return 'Blocks GPO Inheritance' -case ActiveDirectoryKindProperties.IsACL: -return 'Is ACL' -case ActiveDirectoryKindProperties.IsACLProtected: -return 'ACL Inheritance Denied' -case ActiveDirectoryKindProperties.IsDeleted: -return 'Is Deleted' -case ActiveDirectoryKindProperties.Enforced: -return 'Enforced' -case ActiveDirectoryKindProperties.Department: -return 'Department' -case ActiveDirectoryKindProperties.HasCrossCertificatePair: -return 'Has Cross Certificate Pair' -case ActiveDirectoryKindProperties.HasSPN: -return 'Has SPN' -case ActiveDirectoryKindProperties.UnconstrainedDelegation: -return 'Allows Unconstrained Delegation' -case ActiveDirectoryKindProperties.LastLogon: -return 'Last Logon' -case ActiveDirectoryKindProperties.LastLogonTimestamp: -return 'Last Logon (Replicated)' -case ActiveDirectoryKindProperties.IsPrimaryGroup: -return 'Is Primary Group' -case ActiveDirectoryKindProperties.HasLAPS: -return 'LAPS Enabled' -case ActiveDirectoryKindProperties.DontRequirePreAuth: -return 'Do Not Require Pre-Authentication' -case ActiveDirectoryKindProperties.LogonType: -return 'Logon Type' -case ActiveDirectoryKindProperties.HasURA: -return 'Has User Rights Assignment Collection' -case ActiveDirectoryKindProperties.PasswordNeverExpires: -return 'Password Never Expires' -case ActiveDirectoryKindProperties.PasswordNotRequired: -return 'Password Not Required' -case ActiveDirectoryKindProperties.FunctionalLevel: -return 'Functional Level' -case ActiveDirectoryKindProperties.TrustType: -return 'Trust Type' -case ActiveDirectoryKindProperties.SidFiltering: -return 'SID Filtering Enabled' -case ActiveDirectoryKindProperties.TrustedToAuth: -return 'Trusted For Constrained Delegation' -case ActiveDirectoryKindProperties.SamAccountName: -return 'SAM Account Name' -case ActiveDirectoryKindProperties.CertificateMappingMethodsRaw: -return 'Certificate Mapping Methods (Raw)' -case ActiveDirectoryKindProperties.CertificateMappingMethods: -return 'Certificate Mapping Methods' -case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcementRaw: -return 'Strong Certificate Binding Enforcement (Raw)' -case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcement: -return 'Strong Certificate Binding Enforcement' -case ActiveDirectoryKindProperties.EKUs: -return 'Enhanced Key Usage' -case ActiveDirectoryKindProperties.SubjectAltRequireUPN: -return 'Subject Alternative Name Require UPN' -case ActiveDirectoryKindProperties.SubjectAltRequireDNS: -return 'Subject Alternative Name Require DNS' -case ActiveDirectoryKindProperties.SubjectAltRequireDomainDNS: -return 'Subject Alternative Name Require Domain DNS' -case ActiveDirectoryKindProperties.SubjectAltRequireEmail: -return 'Subject Alternative Name Require Email' -case ActiveDirectoryKindProperties.SubjectAltRequireSPN: -return 'Subject Alternative Name Require SPN' -case ActiveDirectoryKindProperties.SubjectRequireEmail: -return 'Subject Require Email' -case ActiveDirectoryKindProperties.AuthorizedSignatures: -return 'Authorized Signatures Required' -case ActiveDirectoryKindProperties.ApplicationPolicies: -return 'Application Policies Required' -case ActiveDirectoryKindProperties.IssuancePolicies: -return 'Issuance Policies Required' -case ActiveDirectoryKindProperties.SchemaVersion: -return 'Schema Version' -case ActiveDirectoryKindProperties.RequiresManagerApproval: -return 'Requires Manager Approval' -case ActiveDirectoryKindProperties.AuthenticationEnabled: -return 'Authentication Enabled' -case ActiveDirectoryKindProperties.SchannelAuthenticationEnabled: -return 'Schannel Authentication Enabled' -case ActiveDirectoryKindProperties.EnrolleeSuppliesSubject: -return 'Enrollee Supplies Subject' -case ActiveDirectoryKindProperties.CertificateApplicationPolicy: -return 'Application Policy Extensions' -case ActiveDirectoryKindProperties.CertificateNameFlag: -return 'Certificate Name Flags' -case ActiveDirectoryKindProperties.EffectiveEKUs: -return 'Effective EKUs' -case ActiveDirectoryKindProperties.EnrollmentFlag: -return 'Enrollment Flags' -case ActiveDirectoryKindProperties.Flags: -return 'Flags' -case ActiveDirectoryKindProperties.NoSecurityExtension: -return 'No Security Extension' -case ActiveDirectoryKindProperties.RenewalPeriod: -return 'Renewal Period' -case ActiveDirectoryKindProperties.ValidityPeriod: -return 'Validity Period' -case ActiveDirectoryKindProperties.OID: -return 'OID' -case ActiveDirectoryKindProperties.HomeDirectory: -return 'Home Directory' -case ActiveDirectoryKindProperties.CertificatePolicy: -return 'Issuance Policy Extensions' -case ActiveDirectoryKindProperties.CertTemplateOID: -return 'Certificate Template OID' -case ActiveDirectoryKindProperties.GroupLinkID: -return 'Group Link ID' -case ActiveDirectoryKindProperties.ObjectGUID: -return 'Object GUID' -case ActiveDirectoryKindProperties.ExpirePasswordsOnSmartCardOnlyAccounts: -return 'Expire Passwords on Smart Card only Accounts' -case ActiveDirectoryKindProperties.MachineAccountQuota: -return 'Machine Account Quota' -case ActiveDirectoryKindProperties.SupportedKerberosEncryptionTypes: -return 'Supported Kerberos Encryption Types' -case ActiveDirectoryKindProperties.TGTDelegationEnabled: -return 'TGT Delegation Enabled' -case ActiveDirectoryKindProperties.PasswordStoredUsingReversibleEncryption: -return 'Password Stored Using Reversible Encryption' -case ActiveDirectoryKindProperties.SmartcardRequired: -return 'Smartcard Required' -case ActiveDirectoryKindProperties.UseDESKeyOnly: -return 'Use DES Key Only' -case ActiveDirectoryKindProperties.LogonScriptEnabled: -return 'Logon Script Enabled' -case ActiveDirectoryKindProperties.LockedOut: -return 'Locked Out' -case ActiveDirectoryKindProperties.UserCannotChangePassword: -return 'User Cannot Change Password' -case ActiveDirectoryKindProperties.PasswordExpired: -return 'Password Expired' -case ActiveDirectoryKindProperties.DSHeuristics: -return 'DSHeuristics' -case ActiveDirectoryKindProperties.UserAccountControl: -return 'User Account Control' -case ActiveDirectoryKindProperties.TrustAttributes: -return 'Trust Attributes' -case ActiveDirectoryKindProperties.MinPwdLength: -return 'Minimum password length' -case ActiveDirectoryKindProperties.PwdProperties: -return 'Password Properties' -case ActiveDirectoryKindProperties.PwdHistoryLength: -return 'Password History Length' -case ActiveDirectoryKindProperties.LockoutThreshold: -return 'Lockout Threshold' -case ActiveDirectoryKindProperties.MinPwdAge: -return 'Minimum Password Age' -case ActiveDirectoryKindProperties.MaxPwdAge: -return 'Maximum Password Age' -case ActiveDirectoryKindProperties.LockoutDuration: -return 'Lockout Duration' -case ActiveDirectoryKindProperties.LockoutObservationWindow: -return 'Lockout Observation Window' -case ActiveDirectoryKindProperties.OwnerSid: -return 'Owner SID' -case ActiveDirectoryKindProperties.SMBSigning: -return 'SMB Signing' -case ActiveDirectoryKindProperties.WebClientRunning: -return 'WebClient Running' -case ActiveDirectoryKindProperties.RestrictOutboundNTLM: -return 'Restrict Outbound NTLM' -case ActiveDirectoryKindProperties.GMSA: -return 'GMSA' -case ActiveDirectoryKindProperties.MSA: -return 'MSA' -case ActiveDirectoryKindProperties.DoesAnyAceGrantOwnerRights: -return 'Does Any ACE Grant Owner Rights' -case ActiveDirectoryKindProperties.DoesAnyInheritedAceGrantOwnerRights: -return 'Does Any Inherited ACE Grant Owner Rights' -case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTP: -return 'ADCS Web Enrollment HTTP' -case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPS: -return 'ADCS Web Enrollment HTTPS' -case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPSEPA: -return 'ADCS Web Enrollment HTTPS EPA' -case ActiveDirectoryKindProperties.LDAPSigning: -return 'LDAP Signing' -case ActiveDirectoryKindProperties.LDAPAvailable: -return 'LDAP Available' -case ActiveDirectoryKindProperties.LDAPSAvailable: -return 'LDAPS Available' -case ActiveDirectoryKindProperties.LDAPSEPA: -return 'LDAPS EPA' -case ActiveDirectoryKindProperties.IsDC: -return 'Is Domain Controller' -case ActiveDirectoryKindProperties.HTTPEnrollmentEndpoints: -return 'HTTP Enrollment Endpoints' -case ActiveDirectoryKindProperties.HTTPSEnrollmentEndpoints: -return 'HTTPS Enrollment Endpoints' -case ActiveDirectoryKindProperties.HasVulnerableEndpoint: -return 'Has Vulnerable Endpoint' -default: -return undefined +export function ActiveDirectoryKindPropertiesToDisplay (value: ActiveDirectoryKindProperties): string | undefined { + switch (value) { + case ActiveDirectoryKindProperties.AdminCount: + return 'Admin Count'; + case ActiveDirectoryKindProperties.CASecurityCollected: + return 'CA Security Collected'; + case ActiveDirectoryKindProperties.CAName: + return 'CA Name'; + case ActiveDirectoryKindProperties.CertChain: + return 'Certificate Chain'; + case ActiveDirectoryKindProperties.CertName: + return 'Certificate Name'; + case ActiveDirectoryKindProperties.CertThumbprint: + return 'Certificate Thumbprint'; + case ActiveDirectoryKindProperties.CertThumbprints: + return 'Certificate Thumbprints'; + case ActiveDirectoryKindProperties.HasEnrollmentAgentRestrictions: + return 'Has Enrollment Agent Restrictions'; + case ActiveDirectoryKindProperties.EnrollmentAgentRestrictionsCollected: + return 'Enrollment Agent Restrictions Collected'; + case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabled: + return 'Is User Specifies San Enabled'; + case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabledCollected: + return 'Is User Specifies San Enabled Collected'; + case ActiveDirectoryKindProperties.RoleSeparationEnabled: + return 'Role Separation Enabled'; + case ActiveDirectoryKindProperties.RoleSeparationEnabledCollected: + return 'Role Separation Enabled Collected'; + case ActiveDirectoryKindProperties.HasBasicConstraints: + return 'Has Basic Constraints'; + case ActiveDirectoryKindProperties.BasicConstraintPathLength: + return 'Basic Constraint Path Length'; + case ActiveDirectoryKindProperties.UnresolvedPublishedTemplates: + return 'Unresolved Published Certificate Templates'; + case ActiveDirectoryKindProperties.DNSHostname: + return 'DNS Hostname'; + case ActiveDirectoryKindProperties.CrossCertificatePair: + return 'Cross Certificate Pair'; + case ActiveDirectoryKindProperties.DistinguishedName: + return 'Distinguished Name'; + case ActiveDirectoryKindProperties.DomainFQDN: + return 'Domain FQDN'; + case ActiveDirectoryKindProperties.DomainSID: + return 'Domain SID'; + case ActiveDirectoryKindProperties.Sensitive: + return 'Marked Sensitive'; + case ActiveDirectoryKindProperties.BlocksInheritance: + return 'Blocks GPO Inheritance'; + case ActiveDirectoryKindProperties.IsACL: + return 'Is ACL'; + case ActiveDirectoryKindProperties.IsACLProtected: + return 'ACL Inheritance Denied'; + case ActiveDirectoryKindProperties.IsDeleted: + return 'Is Deleted'; + case ActiveDirectoryKindProperties.Enforced: + return 'Enforced'; + case ActiveDirectoryKindProperties.Department: + return 'Department'; + case ActiveDirectoryKindProperties.HasCrossCertificatePair: + return 'Has Cross Certificate Pair'; + case ActiveDirectoryKindProperties.HasSPN: + return 'Has SPN'; + case ActiveDirectoryKindProperties.UnconstrainedDelegation: + return 'Allows Unconstrained Delegation'; + case ActiveDirectoryKindProperties.LastLogon: + return 'Last Logon'; + case ActiveDirectoryKindProperties.LastLogonTimestamp: + return 'Last Logon (Replicated)'; + case ActiveDirectoryKindProperties.IsPrimaryGroup: + return 'Is Primary Group'; + case ActiveDirectoryKindProperties.HasLAPS: + return 'LAPS Enabled'; + case ActiveDirectoryKindProperties.DontRequirePreAuth: + return 'Do Not Require Pre-Authentication'; + case ActiveDirectoryKindProperties.LogonType: + return 'Logon Type'; + case ActiveDirectoryKindProperties.HasURA: + return 'Has User Rights Assignment Collection'; + case ActiveDirectoryKindProperties.PasswordNeverExpires: + return 'Password Never Expires'; + case ActiveDirectoryKindProperties.PasswordNotRequired: + return 'Password Not Required'; + case ActiveDirectoryKindProperties.FunctionalLevel: + return 'Functional Level'; + case ActiveDirectoryKindProperties.TrustType: + return 'Trust Type'; + case ActiveDirectoryKindProperties.SidFiltering: + return 'SID Filtering Enabled'; + case ActiveDirectoryKindProperties.TrustedToAuth: + return 'Trusted For Constrained Delegation'; + case ActiveDirectoryKindProperties.SamAccountName: + return 'SAM Account Name'; + case ActiveDirectoryKindProperties.CertificateMappingMethodsRaw: + return 'Certificate Mapping Methods (Raw)'; + case ActiveDirectoryKindProperties.CertificateMappingMethods: + return 'Certificate Mapping Methods'; + case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcementRaw: + return 'Strong Certificate Binding Enforcement (Raw)'; + case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcement: + return 'Strong Certificate Binding Enforcement'; + case ActiveDirectoryKindProperties.EKUs: + return 'Enhanced Key Usage'; + case ActiveDirectoryKindProperties.SubjectAltRequireUPN: + return 'Subject Alternative Name Require UPN'; + case ActiveDirectoryKindProperties.SubjectAltRequireDNS: + return 'Subject Alternative Name Require DNS'; + case ActiveDirectoryKindProperties.SubjectAltRequireDomainDNS: + return 'Subject Alternative Name Require Domain DNS'; + case ActiveDirectoryKindProperties.SubjectAltRequireEmail: + return 'Subject Alternative Name Require Email'; + case ActiveDirectoryKindProperties.SubjectAltRequireSPN: + return 'Subject Alternative Name Require SPN'; + case ActiveDirectoryKindProperties.SubjectRequireEmail: + return 'Subject Require Email'; + case ActiveDirectoryKindProperties.AuthorizedSignatures: + return 'Authorized Signatures Required'; + case ActiveDirectoryKindProperties.ApplicationPolicies: + return 'Application Policies Required'; + case ActiveDirectoryKindProperties.IssuancePolicies: + return 'Issuance Policies Required'; + case ActiveDirectoryKindProperties.SchemaVersion: + return 'Schema Version'; + case ActiveDirectoryKindProperties.RequiresManagerApproval: + return 'Requires Manager Approval'; + case ActiveDirectoryKindProperties.AuthenticationEnabled: + return 'Authentication Enabled'; + case ActiveDirectoryKindProperties.SchannelAuthenticationEnabled: + return 'Schannel Authentication Enabled'; + case ActiveDirectoryKindProperties.EnrolleeSuppliesSubject: + return 'Enrollee Supplies Subject'; + case ActiveDirectoryKindProperties.CertificateApplicationPolicy: + return 'Application Policy Extensions'; + case ActiveDirectoryKindProperties.CertificateNameFlag: + return 'Certificate Name Flags'; + case ActiveDirectoryKindProperties.EffectiveEKUs: + return 'Effective EKUs'; + case ActiveDirectoryKindProperties.EnrollmentFlag: + return 'Enrollment Flags'; + case ActiveDirectoryKindProperties.Flags: + return 'Flags'; + case ActiveDirectoryKindProperties.NoSecurityExtension: + return 'No Security Extension'; + case ActiveDirectoryKindProperties.RenewalPeriod: + return 'Renewal Period'; + case ActiveDirectoryKindProperties.ValidityPeriod: + return 'Validity Period'; + case ActiveDirectoryKindProperties.OID: + return 'OID'; + case ActiveDirectoryKindProperties.HomeDirectory: + return 'Home Directory'; + case ActiveDirectoryKindProperties.CertificatePolicy: + return 'Issuance Policy Extensions'; + case ActiveDirectoryKindProperties.CertTemplateOID: + return 'Certificate Template OID'; + case ActiveDirectoryKindProperties.GroupLinkID: + return 'Group Link ID'; + case ActiveDirectoryKindProperties.ObjectGUID: + return 'Object GUID'; + case ActiveDirectoryKindProperties.ExpirePasswordsOnSmartCardOnlyAccounts: + return 'Expire Passwords on Smart Card only Accounts'; + case ActiveDirectoryKindProperties.MachineAccountQuota: + return 'Machine Account Quota'; + case ActiveDirectoryKindProperties.SupportedKerberosEncryptionTypes: + return 'Supported Kerberos Encryption Types'; + case ActiveDirectoryKindProperties.TGTDelegationEnabled: + return 'TGT Delegation Enabled'; + case ActiveDirectoryKindProperties.PasswordStoredUsingReversibleEncryption: + return 'Password Stored Using Reversible Encryption'; + case ActiveDirectoryKindProperties.SmartcardRequired: + return 'Smartcard Required'; + case ActiveDirectoryKindProperties.UseDESKeyOnly: + return 'Use DES Key Only'; + case ActiveDirectoryKindProperties.LogonScriptEnabled: + return 'Logon Script Enabled'; + case ActiveDirectoryKindProperties.LockedOut: + return 'Locked Out'; + case ActiveDirectoryKindProperties.UserCannotChangePassword: + return 'User Cannot Change Password'; + case ActiveDirectoryKindProperties.PasswordExpired: + return 'Password Expired'; + case ActiveDirectoryKindProperties.DSHeuristics: + return 'DSHeuristics'; + case ActiveDirectoryKindProperties.UserAccountControl: + return 'User Account Control'; + case ActiveDirectoryKindProperties.TrustAttributes: + return 'Trust Attributes'; + case ActiveDirectoryKindProperties.MinPwdLength: + return 'Minimum password length'; + case ActiveDirectoryKindProperties.PwdProperties: + return 'Password Properties'; + case ActiveDirectoryKindProperties.PwdHistoryLength: + return 'Password History Length'; + case ActiveDirectoryKindProperties.LockoutThreshold: + return 'Lockout Threshold'; + case ActiveDirectoryKindProperties.MinPwdAge: + return 'Minimum Password Age'; + case ActiveDirectoryKindProperties.MaxPwdAge: + return 'Maximum Password Age'; + case ActiveDirectoryKindProperties.LockoutDuration: + return 'Lockout Duration'; + case ActiveDirectoryKindProperties.LockoutObservationWindow: + return 'Lockout Observation Window'; + case ActiveDirectoryKindProperties.OwnerSid: + return 'Owner SID'; + case ActiveDirectoryKindProperties.SMBSigning: + return 'SMB Signing'; + case ActiveDirectoryKindProperties.WebClientRunning: + return 'WebClient Running'; + case ActiveDirectoryKindProperties.RestrictOutboundNTLM: + return 'Restrict Outbound NTLM'; + case ActiveDirectoryKindProperties.GMSA: + return 'GMSA'; + case ActiveDirectoryKindProperties.MSA: + return 'MSA'; + case ActiveDirectoryKindProperties.DoesAnyAceGrantOwnerRights: + return 'Does Any ACE Grant Owner Rights'; + case ActiveDirectoryKindProperties.DoesAnyInheritedAceGrantOwnerRights: + return 'Does Any Inherited ACE Grant Owner Rights'; + case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTP: + return 'ADCS Web Enrollment HTTP'; + case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPS: + return 'ADCS Web Enrollment HTTPS'; + case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPSEPA: + return 'ADCS Web Enrollment HTTPS EPA'; + case ActiveDirectoryKindProperties.LDAPSigning: + return 'LDAP Signing'; + case ActiveDirectoryKindProperties.LDAPAvailable: + return 'LDAP Available'; + case ActiveDirectoryKindProperties.LDAPSAvailable: + return 'LDAPS Available'; + case ActiveDirectoryKindProperties.LDAPSEPA: + return 'LDAPS EPA'; + case ActiveDirectoryKindProperties.IsDC: + return 'Is Domain Controller'; + case ActiveDirectoryKindProperties.HTTPEnrollmentEndpoints: + return 'HTTP Enrollment Endpoints'; + case ActiveDirectoryKindProperties.HTTPSEnrollmentEndpoints: + return 'HTTPS Enrollment Endpoints'; + case ActiveDirectoryKindProperties.HasVulnerableEndpoint: + return 'Has Vulnerable Endpoint'; + default: + return undefined; } } export function ActiveDirectoryPathfindingEdges (): ActiveDirectoryRelationshipKind[] { -return [ActiveDirectoryRelationshipKind.Owns,ActiveDirectoryRelationshipKind.GenericAll,ActiveDirectoryRelationshipKind.GenericWrite,ActiveDirectoryRelationshipKind.WriteOwner,ActiveDirectoryRelationshipKind.WriteDACL,ActiveDirectoryRelationshipKind.MemberOf,ActiveDirectoryRelationshipKind.ForceChangePassword,ActiveDirectoryRelationshipKind.AllExtendedRights,ActiveDirectoryRelationshipKind.AddMember,ActiveDirectoryRelationshipKind.HasSession,ActiveDirectoryRelationshipKind.GPLink,ActiveDirectoryRelationshipKind.AllowedToDelegate,ActiveDirectoryRelationshipKind.CoerceToTGT,ActiveDirectoryRelationshipKind.AllowedToAct,ActiveDirectoryRelationshipKind.AdminTo,ActiveDirectoryRelationshipKind.CanPSRemote,ActiveDirectoryRelationshipKind.CanRDP,ActiveDirectoryRelationshipKind.ExecuteDCOM,ActiveDirectoryRelationshipKind.HasSIDHistory,ActiveDirectoryRelationshipKind.AddSelf,ActiveDirectoryRelationshipKind.DCSync,ActiveDirectoryRelationshipKind.ReadLAPSPassword,ActiveDirectoryRelationshipKind.ReadGMSAPassword,ActiveDirectoryRelationshipKind.DumpSMSAPassword,ActiveDirectoryRelationshipKind.SQLAdmin,ActiveDirectoryRelationshipKind.AddAllowedToAct,ActiveDirectoryRelationshipKind.WriteSPN,ActiveDirectoryRelationshipKind.AddKeyCredentialLink,ActiveDirectoryRelationshipKind.SyncLAPSPassword,ActiveDirectoryRelationshipKind.WriteAccountRestrictions,ActiveDirectoryRelationshipKind.WriteGPLink,ActiveDirectoryRelationshipKind.GoldenCert,ActiveDirectoryRelationshipKind.ADCSESC1,ActiveDirectoryRelationshipKind.ADCSESC3,ActiveDirectoryRelationshipKind.ADCSESC4,ActiveDirectoryRelationshipKind.ADCSESC6a,ActiveDirectoryRelationshipKind.ADCSESC6b,ActiveDirectoryRelationshipKind.ADCSESC9a,ActiveDirectoryRelationshipKind.ADCSESC9b,ActiveDirectoryRelationshipKind.ADCSESC10a,ActiveDirectoryRelationshipKind.ADCSESC10b,ActiveDirectoryRelationshipKind.ADCSESC13,ActiveDirectoryRelationshipKind.SyncedToEntraUser,ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB,ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS,ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights,ActiveDirectoryRelationshipKind.OwnsLimitedRights,ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP,ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS,ActiveDirectoryRelationshipKind.Contains,ActiveDirectoryRelationshipKind.DCFor,ActiveDirectoryRelationshipKind.TrustedBy] + return [ + ActiveDirectoryRelationshipKind.Owns, + ActiveDirectoryRelationshipKind.GenericAll, + ActiveDirectoryRelationshipKind.GenericWrite, + ActiveDirectoryRelationshipKind.WriteOwner, + ActiveDirectoryRelationshipKind.WriteDACL, + ActiveDirectoryRelationshipKind.MemberOf, + ActiveDirectoryRelationshipKind.ForceChangePassword, + ActiveDirectoryRelationshipKind.AllExtendedRights, + ActiveDirectoryRelationshipKind.AddMember, + ActiveDirectoryRelationshipKind.HasSession, + ActiveDirectoryRelationshipKind.GPLink, + ActiveDirectoryRelationshipKind.AllowedToDelegate, + ActiveDirectoryRelationshipKind.CoerceToTGT, + ActiveDirectoryRelationshipKind.AllowedToAct, + ActiveDirectoryRelationshipKind.AdminTo, + ActiveDirectoryRelationshipKind.CanPSRemote, + ActiveDirectoryRelationshipKind.CanRDP, + ActiveDirectoryRelationshipKind.ExecuteDCOM, + ActiveDirectoryRelationshipKind.HasSIDHistory, + ActiveDirectoryRelationshipKind.AddSelf, + ActiveDirectoryRelationshipKind.DCSync, + ActiveDirectoryRelationshipKind.ReadLAPSPassword, + ActiveDirectoryRelationshipKind.ReadGMSAPassword, + ActiveDirectoryRelationshipKind.DumpSMSAPassword, + ActiveDirectoryRelationshipKind.SQLAdmin, + ActiveDirectoryRelationshipKind.AddAllowedToAct, + ActiveDirectoryRelationshipKind.WriteSPN, + ActiveDirectoryRelationshipKind.AddKeyCredentialLink, + ActiveDirectoryRelationshipKind.SyncLAPSPassword, + ActiveDirectoryRelationshipKind.WriteAccountRestrictions, + ActiveDirectoryRelationshipKind.WriteGPLink, + ActiveDirectoryRelationshipKind.GoldenCert, + ActiveDirectoryRelationshipKind.ADCSESC1, + ActiveDirectoryRelationshipKind.ADCSESC3, + ActiveDirectoryRelationshipKind.ADCSESC4, + ActiveDirectoryRelationshipKind.ADCSESC6a, + ActiveDirectoryRelationshipKind.ADCSESC6b, + ActiveDirectoryRelationshipKind.ADCSESC9a, + ActiveDirectoryRelationshipKind.ADCSESC9b, + ActiveDirectoryRelationshipKind.ADCSESC10a, + ActiveDirectoryRelationshipKind.ADCSESC10b, + ActiveDirectoryRelationshipKind.ADCSESC13, + ActiveDirectoryRelationshipKind.SyncedToEntraUser, + ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB, + ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS, + ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights, + ActiveDirectoryRelationshipKind.OwnsLimitedRights, + ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP, + ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS, + ActiveDirectoryRelationshipKind.Contains, + ActiveDirectoryRelationshipKind.DCFor, + ActiveDirectoryRelationshipKind.TrustedBy] } export enum AzureNodeKind { -Entity = 'AZBase', -VMScaleSet = 'AZVMScaleSet', -App = 'AZApp', -Role = 'AZRole', -Device = 'AZDevice', -FunctionApp = 'AZFunctionApp', -Group = 'AZGroup', -Group365 = 'AZGroup365', -KeyVault = 'AZKeyVault', -ManagementGroup = 'AZManagementGroup', -ResourceGroup = 'AZResourceGroup', -ServicePrincipal = 'AZServicePrincipal', -Subscription = 'AZSubscription', -Tenant = 'AZTenant', -User = 'AZUser', -VM = 'AZVM', -ManagedCluster = 'AZManagedCluster', -ContainerRegistry = 'AZContainerRegistry', -WebApp = 'AZWebApp', -LogicApp = 'AZLogicApp', -AutomationAccount = 'AZAutomationAccount', -} -export function AzureNodeKindToDisplay (value : AzureNodeKind): string | undefined { -switch (value) { -case AzureNodeKind.Entity: -return 'Entity' -case AzureNodeKind.VMScaleSet: -return 'VMScaleSet' -case AzureNodeKind.App: -return 'App' -case AzureNodeKind.Role: -return 'Role' -case AzureNodeKind.Device: -return 'Device' -case AzureNodeKind.FunctionApp: -return 'FunctionApp' -case AzureNodeKind.Group: -return 'Group' -case AzureNodeKind.Group365: -return 'Group365' -case AzureNodeKind.KeyVault: -return 'KeyVault' -case AzureNodeKind.ManagementGroup: -return 'ManagementGroup' -case AzureNodeKind.ResourceGroup: -return 'ResourceGroup' -case AzureNodeKind.ServicePrincipal: -return 'ServicePrincipal' -case AzureNodeKind.Subscription: -return 'Subscription' -case AzureNodeKind.Tenant: -return 'Tenant' -case AzureNodeKind.User: -return 'User' -case AzureNodeKind.VM: -return 'VM' -case AzureNodeKind.ManagedCluster: -return 'ManagedCluster' -case AzureNodeKind.ContainerRegistry: -return 'ContainerRegistry' -case AzureNodeKind.WebApp: -return 'WebApp' -case AzureNodeKind.LogicApp: -return 'LogicApp' -case AzureNodeKind.AutomationAccount: -return 'AutomationAccount' -default: -return undefined + Entity = 'AZBase', + VMScaleSet = 'AZVMScaleSet', + App = 'AZApp', + Role = 'AZRole', + Device = 'AZDevice', + FunctionApp = 'AZFunctionApp', + Group = 'AZGroup', + Group365 = 'AZGroup365', + KeyVault = 'AZKeyVault', + ManagementGroup = 'AZManagementGroup', + ResourceGroup = 'AZResourceGroup', + ServicePrincipal = 'AZServicePrincipal', + Subscription = 'AZSubscription', + Tenant = 'AZTenant', + User = 'AZUser', + VM = 'AZVM', + ManagedCluster = 'AZManagedCluster', + ContainerRegistry = 'AZContainerRegistry', + WebApp = 'AZWebApp', + LogicApp = 'AZLogicApp', + AutomationAccount = 'AZAutomationAccount', } +export function AzureNodeKindToDisplay (value: AzureNodeKind): string | undefined { + switch (value) { + case AzureNodeKind.Entity: + return 'Entity'; + case AzureNodeKind.VMScaleSet: + return 'VMScaleSet'; + case AzureNodeKind.App: + return 'App'; + case AzureNodeKind.Role: + return 'Role'; + case AzureNodeKind.Device: + return 'Device'; + case AzureNodeKind.FunctionApp: + return 'FunctionApp'; + case AzureNodeKind.Group: + return 'Group'; + case AzureNodeKind.Group365: + return 'Group365'; + case AzureNodeKind.KeyVault: + return 'KeyVault'; + case AzureNodeKind.ManagementGroup: + return 'ManagementGroup'; + case AzureNodeKind.ResourceGroup: + return 'ResourceGroup'; + case AzureNodeKind.ServicePrincipal: + return 'ServicePrincipal'; + case AzureNodeKind.Subscription: + return 'Subscription'; + case AzureNodeKind.Tenant: + return 'Tenant'; + case AzureNodeKind.User: + return 'User'; + case AzureNodeKind.VM: + return 'VM'; + case AzureNodeKind.ManagedCluster: + return 'ManagedCluster'; + case AzureNodeKind.ContainerRegistry: + return 'ContainerRegistry'; + case AzureNodeKind.WebApp: + return 'WebApp'; + case AzureNodeKind.LogicApp: + return 'LogicApp'; + case AzureNodeKind.AutomationAccount: + return 'AutomationAccount'; + default: + return undefined; + } } export enum AzureRelationshipKind { -AvereContributor = 'AZAvereContributor', -Contains = 'AZContains', -Contributor = 'AZContributor', -GetCertificates = 'AZGetCertificates', -GetKeys = 'AZGetKeys', -GetSecrets = 'AZGetSecrets', -HasRole = 'AZHasRole', -MemberOf = 'AZMemberOf', -M365MemberOf = 'AZM365MemberOf', -Owner = 'AZOwner', -RunsAs = 'AZRunsAs', -VMContributor = 'AZVMContributor', -AutomationContributor = 'AZAutomationContributor', -KeyVaultContributor = 'AZKeyVaultContributor', -VMAdminLogin = 'AZVMAdminLogin', -AddMembers = 'AZAddMembers', -AddSecret = 'AZAddSecret', -ExecuteCommand = 'AZExecuteCommand', -GlobalAdmin = 'AZGlobalAdmin', -PrivilegedAuthAdmin = 'AZPrivilegedAuthAdmin', -Grant = 'AZGrant', -GrantSelf = 'AZGrantSelf', -PrivilegedRoleAdmin = 'AZPrivilegedRoleAdmin', -ResetPassword = 'AZResetPassword', -UserAccessAdministrator = 'AZUserAccessAdministrator', -Owns = 'AZOwns', -ScopedTo = 'AZScopedTo', -CloudAppAdmin = 'AZCloudAppAdmin', -AppAdmin = 'AZAppAdmin', -AddOwner = 'AZAddOwner', -ManagedIdentity = 'AZManagedIdentity', -ApplicationReadWriteAll = 'AZMGApplication_ReadWrite_All', -AppRoleAssignmentReadWriteAll = 'AZMGAppRoleAssignment_ReadWrite_All', -DirectoryReadWriteAll = 'AZMGDirectory_ReadWrite_All', -GroupReadWriteAll = 'AZMGGroup_ReadWrite_All', -GroupMemberReadWriteAll = 'AZMGGroupMember_ReadWrite_All', -RoleManagementReadWriteDirectory = 'AZMGRoleManagement_ReadWrite_Directory', -ServicePrincipalEndpointReadWriteAll = 'AZMGServicePrincipalEndpoint_ReadWrite_All', -AKSContributor = 'AZAKSContributor', -NodeResourceGroup = 'AZNodeResourceGroup', -WebsiteContributor = 'AZWebsiteContributor', -LogicAppContributor = 'AZLogicAppContributor', -AZMGAddMember = 'AZMGAddMember', -AZMGAddOwner = 'AZMGAddOwner', -AZMGAddSecret = 'AZMGAddSecret', -AZMGGrantAppRoles = 'AZMGGrantAppRoles', -AZMGGrantRole = 'AZMGGrantRole', -SyncedToADUser = 'SyncedToADUser', + AvereContributor = 'AZAvereContributor', + Contains = 'AZContains', + Contributor = 'AZContributor', + GetCertificates = 'AZGetCertificates', + GetKeys = 'AZGetKeys', + GetSecrets = 'AZGetSecrets', + HasRole = 'AZHasRole', + MemberOf = 'AZMemberOf', + M365MemberOf = 'AZM365MemberOf', + Owner = 'AZOwner', + RunsAs = 'AZRunsAs', + VMContributor = 'AZVMContributor', + AutomationContributor = 'AZAutomationContributor', + KeyVaultContributor = 'AZKeyVaultContributor', + VMAdminLogin = 'AZVMAdminLogin', + AddMembers = 'AZAddMembers', + AddSecret = 'AZAddSecret', + ExecuteCommand = 'AZExecuteCommand', + GlobalAdmin = 'AZGlobalAdmin', + PrivilegedAuthAdmin = 'AZPrivilegedAuthAdmin', + Grant = 'AZGrant', + GrantSelf = 'AZGrantSelf', + PrivilegedRoleAdmin = 'AZPrivilegedRoleAdmin', + ResetPassword = 'AZResetPassword', + UserAccessAdministrator = 'AZUserAccessAdministrator', + Owns = 'AZOwns', + ScopedTo = 'AZScopedTo', + CloudAppAdmin = 'AZCloudAppAdmin', + AppAdmin = 'AZAppAdmin', + AddOwner = 'AZAddOwner', + ManagedIdentity = 'AZManagedIdentity', + ApplicationReadWriteAll = 'AZMGApplication_ReadWrite_All', + AppRoleAssignmentReadWriteAll = 'AZMGAppRoleAssignment_ReadWrite_All', + DirectoryReadWriteAll = 'AZMGDirectory_ReadWrite_All', + GroupReadWriteAll = 'AZMGGroup_ReadWrite_All', + GroupMemberReadWriteAll = 'AZMGGroupMember_ReadWrite_All', + RoleManagementReadWriteDirectory = 'AZMGRoleManagement_ReadWrite_Directory', + ServicePrincipalEndpointReadWriteAll = 'AZMGServicePrincipalEndpoint_ReadWrite_All', + AKSContributor = 'AZAKSContributor', + NodeResourceGroup = 'AZNodeResourceGroup', + WebsiteContributor = 'AZWebsiteContributor', + LogicAppContributor = 'AZLogicAppContributor', + AZMGAddMember = 'AZMGAddMember', + AZMGAddOwner = 'AZMGAddOwner', + AZMGAddSecret = 'AZMGAddSecret', + AZMGGrantAppRoles = 'AZMGGrantAppRoles', + AZMGGrantRole = 'AZMGGrantRole', + SyncedToADUser = 'SyncedToADUser', } -export function AzureRelationshipKindToDisplay (value : AzureRelationshipKind): string | undefined { -switch (value) { -case AzureRelationshipKind.AvereContributor: -return 'AvereContributor' -case AzureRelationshipKind.Contains: -return 'Contains' -case AzureRelationshipKind.Contributor: -return 'Contributor' -case AzureRelationshipKind.GetCertificates: -return 'GetCertificates' -case AzureRelationshipKind.GetKeys: -return 'GetKeys' -case AzureRelationshipKind.GetSecrets: -return 'GetSecrets' -case AzureRelationshipKind.HasRole: -return 'HasRole' -case AzureRelationshipKind.MemberOf: -return 'MemberOf' -case AzureRelationshipKind.M365MemberOf: -return 'M365MemberOf' -case AzureRelationshipKind.Owner: -return 'Owner' -case AzureRelationshipKind.RunsAs: -return 'RunsAs' -case AzureRelationshipKind.VMContributor: -return 'VMContributor' -case AzureRelationshipKind.AutomationContributor: -return 'AutomationContributor' -case AzureRelationshipKind.KeyVaultContributor: -return 'KeyVaultContributor' -case AzureRelationshipKind.VMAdminLogin: -return 'VMAdminLogin' -case AzureRelationshipKind.AddMembers: -return 'AddMembers' -case AzureRelationshipKind.AddSecret: -return 'AddSecret' -case AzureRelationshipKind.ExecuteCommand: -return 'ExecuteCommand' -case AzureRelationshipKind.GlobalAdmin: -return 'GlobalAdmin' -case AzureRelationshipKind.PrivilegedAuthAdmin: -return 'PrivilegedAuthAdmin' -case AzureRelationshipKind.Grant: -return 'Grant' -case AzureRelationshipKind.GrantSelf: -return 'GrantSelf' -case AzureRelationshipKind.PrivilegedRoleAdmin: -return 'PrivilegedRoleAdmin' -case AzureRelationshipKind.ResetPassword: -return 'ResetPassword' -case AzureRelationshipKind.UserAccessAdministrator: -return 'UserAccessAdministrator' -case AzureRelationshipKind.Owns: -return 'Owns' -case AzureRelationshipKind.ScopedTo: -return 'ScopedTo' -case AzureRelationshipKind.CloudAppAdmin: -return 'CloudAppAdmin' -case AzureRelationshipKind.AppAdmin: -return 'AppAdmin' -case AzureRelationshipKind.AddOwner: -return 'AddOwner' -case AzureRelationshipKind.ManagedIdentity: -return 'ManagedIdentity' -case AzureRelationshipKind.ApplicationReadWriteAll: -return 'ApplicationReadWriteAll' -case AzureRelationshipKind.AppRoleAssignmentReadWriteAll: -return 'AppRoleAssignmentReadWriteAll' -case AzureRelationshipKind.DirectoryReadWriteAll: -return 'DirectoryReadWriteAll' -case AzureRelationshipKind.GroupReadWriteAll: -return 'GroupReadWriteAll' -case AzureRelationshipKind.GroupMemberReadWriteAll: -return 'GroupMemberReadWriteAll' -case AzureRelationshipKind.RoleManagementReadWriteDirectory: -return 'RoleManagementReadWriteDirectory' -case AzureRelationshipKind.ServicePrincipalEndpointReadWriteAll: -return 'ServicePrincipalEndpointReadWriteAll' -case AzureRelationshipKind.AKSContributor: -return 'AKSContributor' -case AzureRelationshipKind.NodeResourceGroup: -return 'NodeResourceGroup' -case AzureRelationshipKind.WebsiteContributor: -return 'WebsiteContributor' -case AzureRelationshipKind.LogicAppContributor: -return 'LogicAppContributor' -case AzureRelationshipKind.AZMGAddMember: -return 'AZMGAddMember' -case AzureRelationshipKind.AZMGAddOwner: -return 'AZMGAddOwner' -case AzureRelationshipKind.AZMGAddSecret: -return 'AZMGAddSecret' -case AzureRelationshipKind.AZMGGrantAppRoles: -return 'AZMGGrantAppRoles' -case AzureRelationshipKind.AZMGGrantRole: -return 'AZMGGrantRole' -case AzureRelationshipKind.SyncedToADUser: -return 'SyncedToADUser' -default: -return undefined +export function AzureRelationshipKindToDisplay (value: AzureRelationshipKind): string | undefined { + switch (value) { + case AzureRelationshipKind.AvereContributor: + return 'AvereContributor'; + case AzureRelationshipKind.Contains: + return 'Contains'; + case AzureRelationshipKind.Contributor: + return 'Contributor'; + case AzureRelationshipKind.GetCertificates: + return 'GetCertificates'; + case AzureRelationshipKind.GetKeys: + return 'GetKeys'; + case AzureRelationshipKind.GetSecrets: + return 'GetSecrets'; + case AzureRelationshipKind.HasRole: + return 'HasRole'; + case AzureRelationshipKind.MemberOf: + return 'MemberOf'; + case AzureRelationshipKind.M365MemberOf: + return 'M365MemberOf'; + case AzureRelationshipKind.Owner: + return 'Owner'; + case AzureRelationshipKind.RunsAs: + return 'RunsAs'; + case AzureRelationshipKind.VMContributor: + return 'VMContributor'; + case AzureRelationshipKind.AutomationContributor: + return 'AutomationContributor'; + case AzureRelationshipKind.KeyVaultContributor: + return 'KeyVaultContributor'; + case AzureRelationshipKind.VMAdminLogin: + return 'VMAdminLogin'; + case AzureRelationshipKind.AddMembers: + return 'AddMembers'; + case AzureRelationshipKind.AddSecret: + return 'AddSecret'; + case AzureRelationshipKind.ExecuteCommand: + return 'ExecuteCommand'; + case AzureRelationshipKind.GlobalAdmin: + return 'GlobalAdmin'; + case AzureRelationshipKind.PrivilegedAuthAdmin: + return 'PrivilegedAuthAdmin'; + case AzureRelationshipKind.Grant: + return 'Grant'; + case AzureRelationshipKind.GrantSelf: + return 'GrantSelf'; + case AzureRelationshipKind.PrivilegedRoleAdmin: + return 'PrivilegedRoleAdmin'; + case AzureRelationshipKind.ResetPassword: + return 'ResetPassword'; + case AzureRelationshipKind.UserAccessAdministrator: + return 'UserAccessAdministrator'; + case AzureRelationshipKind.Owns: + return 'Owns'; + case AzureRelationshipKind.ScopedTo: + return 'ScopedTo'; + case AzureRelationshipKind.CloudAppAdmin: + return 'CloudAppAdmin'; + case AzureRelationshipKind.AppAdmin: + return 'AppAdmin'; + case AzureRelationshipKind.AddOwner: + return 'AddOwner'; + case AzureRelationshipKind.ManagedIdentity: + return 'ManagedIdentity'; + case AzureRelationshipKind.ApplicationReadWriteAll: + return 'ApplicationReadWriteAll'; + case AzureRelationshipKind.AppRoleAssignmentReadWriteAll: + return 'AppRoleAssignmentReadWriteAll'; + case AzureRelationshipKind.DirectoryReadWriteAll: + return 'DirectoryReadWriteAll'; + case AzureRelationshipKind.GroupReadWriteAll: + return 'GroupReadWriteAll'; + case AzureRelationshipKind.GroupMemberReadWriteAll: + return 'GroupMemberReadWriteAll'; + case AzureRelationshipKind.RoleManagementReadWriteDirectory: + return 'RoleManagementReadWriteDirectory'; + case AzureRelationshipKind.ServicePrincipalEndpointReadWriteAll: + return 'ServicePrincipalEndpointReadWriteAll'; + case AzureRelationshipKind.AKSContributor: + return 'AKSContributor'; + case AzureRelationshipKind.NodeResourceGroup: + return 'NodeResourceGroup'; + case AzureRelationshipKind.WebsiteContributor: + return 'WebsiteContributor'; + case AzureRelationshipKind.LogicAppContributor: + return 'LogicAppContributor'; + case AzureRelationshipKind.AZMGAddMember: + return 'AZMGAddMember'; + case AzureRelationshipKind.AZMGAddOwner: + return 'AZMGAddOwner'; + case AzureRelationshipKind.AZMGAddSecret: + return 'AZMGAddSecret'; + case AzureRelationshipKind.AZMGGrantAppRoles: + return 'AZMGGrantAppRoles'; + case AzureRelationshipKind.AZMGGrantRole: + return 'AZMGGrantRole'; + case AzureRelationshipKind.SyncedToADUser: + return 'SyncedToADUser'; + default: + return undefined; } } -export type AzureKind = AzureNodeKind|AzureRelationshipKind +export type AzureKind = AzureNodeKind | AzureRelationshipKind export enum AzureKindProperties { -AppOwnerOrganizationID = 'appownerorganizationid', -AppDescription = 'appdescription', -AppDisplayName = 'appdisplayname', -ServicePrincipalType = 'serviceprincipaltype', -UserType = 'usertype', -TenantID = 'tenantid', -ServicePrincipalID = 'service_principal_id', -ServicePrincipalNames = 'service_principal_names', -OperatingSystemVersion = 'operatingsystemversion', -TrustType = 'trustype', -IsBuiltIn = 'isbuiltin', -AppID = 'appid', -AppRoleID = 'approleid', -DeviceID = 'deviceid', -NodeResourceGroupID = 'noderesourcegroupid', -OnPremID = 'onpremid', -OnPremSyncEnabled = 'onpremsyncenabled', -SecurityEnabled = 'securityenabled', -SecurityIdentifier = 'securityidentifier', -EnableRBACAuthorization = 'enablerbacauthorization', -Scope = 'scope', -Offer = 'offer', -MFAEnabled = 'mfaenabled', -License = 'license', -Licenses = 'licenses', -LoginURL = 'loginurl', -MFAEnforced = 'mfaenforced', -UserPrincipalName = 'userprincipalname', -IsAssignableToRole = 'isassignabletorole', -PublisherDomain = 'publisherdomain', -SignInAudience = 'signinaudience', -RoleTemplateID = 'templateid', -Visibility = 'visibility', -Mail = 'mail', -} -export function AzureKindPropertiesToDisplay (value : AzureKindProperties): string | undefined { -switch (value) { -case AzureKindProperties.AppOwnerOrganizationID: -return 'App Owner Organization ID' -case AzureKindProperties.AppDescription: -return 'App Description' -case AzureKindProperties.AppDisplayName: -return 'App Display Name' -case AzureKindProperties.ServicePrincipalType: -return 'Service Principal Type' -case AzureKindProperties.UserType: -return 'User Type' -case AzureKindProperties.TenantID: -return 'Tenant ID' -case AzureKindProperties.ServicePrincipalID: -return 'Service Principal ID' -case AzureKindProperties.ServicePrincipalNames: -return 'Service Principal Names' -case AzureKindProperties.OperatingSystemVersion: -return 'Operating System Version' -case AzureKindProperties.TrustType: -return 'Trust Type' -case AzureKindProperties.IsBuiltIn: -return 'Is Built In' -case AzureKindProperties.AppID: -return 'App ID' -case AzureKindProperties.AppRoleID: -return 'App Role ID' -case AzureKindProperties.DeviceID: -return 'Device ID' -case AzureKindProperties.NodeResourceGroupID: -return 'Node Resource Group ID' -case AzureKindProperties.OnPremID: -return 'On Prem ID' -case AzureKindProperties.OnPremSyncEnabled: -return 'On Prem Sync Enabled' -case AzureKindProperties.SecurityEnabled: -return 'Security Enabled' -case AzureKindProperties.SecurityIdentifier: -return 'Security Identifier' -case AzureKindProperties.EnableRBACAuthorization: -return 'RBAC Authorization Enabled' -case AzureKindProperties.Scope: -return 'Scope' -case AzureKindProperties.Offer: -return 'Offer' -case AzureKindProperties.MFAEnabled: -return 'MFA Enabled' -case AzureKindProperties.License: -return 'License' -case AzureKindProperties.Licenses: -return 'Licenses' -case AzureKindProperties.LoginURL: -return 'Login URL' -case AzureKindProperties.MFAEnforced: -return 'MFA Enforced' -case AzureKindProperties.UserPrincipalName: -return 'User Principal Name' -case AzureKindProperties.IsAssignableToRole: -return 'Is Role Assignable' -case AzureKindProperties.PublisherDomain: -return 'Publisher Domain' -case AzureKindProperties.SignInAudience: -return 'Sign In Audience' -case AzureKindProperties.RoleTemplateID: -return 'Role Template ID' -case AzureKindProperties.Visibility: -return 'Visibility' -case AzureKindProperties.Mail: -return 'M365 Group Mail' -default: -return undefined + AppOwnerOrganizationID = 'appownerorganizationid', + AppDescription = 'appdescription', + AppDisplayName = 'appdisplayname', + ServicePrincipalType = 'serviceprincipaltype', + UserType = 'usertype', + TenantID = 'tenantid', + ServicePrincipalID = 'service_principal_id', + ServicePrincipalNames = 'service_principal_names', + OperatingSystemVersion = 'operatingsystemversion', + TrustType = 'trustype', + IsBuiltIn = 'isbuiltin', + AppID = 'appid', + AppRoleID = 'approleid', + DeviceID = 'deviceid', + NodeResourceGroupID = 'noderesourcegroupid', + OnPremID = 'onpremid', + OnPremSyncEnabled = 'onpremsyncenabled', + SecurityEnabled = 'securityenabled', + SecurityIdentifier = 'securityidentifier', + EnableRBACAuthorization = 'enablerbacauthorization', + Scope = 'scope', + Offer = 'offer', + MFAEnabled = 'mfaenabled', + License = 'license', + Licenses = 'licenses', + LoginURL = 'loginurl', + MFAEnforced = 'mfaenforced', + UserPrincipalName = 'userprincipalname', + IsAssignableToRole = 'isassignabletorole', + PublisherDomain = 'publisherdomain', + SignInAudience = 'signinaudience', + RoleTemplateID = 'templateid', + Visibility = 'visibility', + Mail = 'mail', } +export function AzureKindPropertiesToDisplay (value: AzureKindProperties): string | undefined { + switch (value) { + case AzureKindProperties.AppOwnerOrganizationID: + return 'App Owner Organization ID'; + case AzureKindProperties.AppDescription: + return 'App Description'; + case AzureKindProperties.AppDisplayName: + return 'App Display Name'; + case AzureKindProperties.ServicePrincipalType: + return 'Service Principal Type'; + case AzureKindProperties.UserType: + return 'User Type'; + case AzureKindProperties.TenantID: + return 'Tenant ID'; + case AzureKindProperties.ServicePrincipalID: + return 'Service Principal ID'; + case AzureKindProperties.ServicePrincipalNames: + return 'Service Principal Names'; + case AzureKindProperties.OperatingSystemVersion: + return 'Operating System Version'; + case AzureKindProperties.TrustType: + return 'Trust Type'; + case AzureKindProperties.IsBuiltIn: + return 'Is Built In'; + case AzureKindProperties.AppID: + return 'App ID'; + case AzureKindProperties.AppRoleID: + return 'App Role ID'; + case AzureKindProperties.DeviceID: + return 'Device ID'; + case AzureKindProperties.NodeResourceGroupID: + return 'Node Resource Group ID'; + case AzureKindProperties.OnPremID: + return 'On Prem ID'; + case AzureKindProperties.OnPremSyncEnabled: + return 'On Prem Sync Enabled'; + case AzureKindProperties.SecurityEnabled: + return 'Security Enabled'; + case AzureKindProperties.SecurityIdentifier: + return 'Security Identifier'; + case AzureKindProperties.EnableRBACAuthorization: + return 'RBAC Authorization Enabled'; + case AzureKindProperties.Scope: + return 'Scope'; + case AzureKindProperties.Offer: + return 'Offer'; + case AzureKindProperties.MFAEnabled: + return 'MFA Enabled'; + case AzureKindProperties.License: + return 'License'; + case AzureKindProperties.Licenses: + return 'Licenses'; + case AzureKindProperties.LoginURL: + return 'Login URL'; + case AzureKindProperties.MFAEnforced: + return 'MFA Enforced'; + case AzureKindProperties.UserPrincipalName: + return 'User Principal Name'; + case AzureKindProperties.IsAssignableToRole: + return 'Is Role Assignable'; + case AzureKindProperties.PublisherDomain: + return 'Publisher Domain'; + case AzureKindProperties.SignInAudience: + return 'Sign In Audience'; + case AzureKindProperties.RoleTemplateID: + return 'Role Template ID'; + case AzureKindProperties.Visibility: + return 'Visibility'; + case AzureKindProperties.Mail: + return 'M365 Group Mail'; + default: + return undefined; + } } export function AzurePathfindingEdges (): AzureRelationshipKind[] { -return [AzureRelationshipKind.AvereContributor,AzureRelationshipKind.Contributor,AzureRelationshipKind.GetCertificates,AzureRelationshipKind.GetKeys,AzureRelationshipKind.GetSecrets,AzureRelationshipKind.HasRole,AzureRelationshipKind.MemberOf,AzureRelationshipKind.M365MemberOf,AzureRelationshipKind.Owner,AzureRelationshipKind.RunsAs,AzureRelationshipKind.VMContributor,AzureRelationshipKind.AutomationContributor,AzureRelationshipKind.KeyVaultContributor,AzureRelationshipKind.VMAdminLogin,AzureRelationshipKind.AddMembers,AzureRelationshipKind.AddSecret,AzureRelationshipKind.ExecuteCommand,AzureRelationshipKind.GlobalAdmin,AzureRelationshipKind.PrivilegedAuthAdmin,AzureRelationshipKind.Grant,AzureRelationshipKind.GrantSelf,AzureRelationshipKind.PrivilegedRoleAdmin,AzureRelationshipKind.ResetPassword,AzureRelationshipKind.UserAccessAdministrator,AzureRelationshipKind.Owns,AzureRelationshipKind.CloudAppAdmin,AzureRelationshipKind.AppAdmin,AzureRelationshipKind.AddOwner,AzureRelationshipKind.ManagedIdentity,AzureRelationshipKind.AKSContributor,AzureRelationshipKind.NodeResourceGroup,AzureRelationshipKind.WebsiteContributor,AzureRelationshipKind.LogicAppContributor,AzureRelationshipKind.AZMGAddMember,AzureRelationshipKind.AZMGAddOwner,AzureRelationshipKind.AZMGAddSecret,AzureRelationshipKind.AZMGGrantAppRoles,AzureRelationshipKind.AZMGGrantRole,AzureRelationshipKind.SyncedToADUser,AzureRelationshipKind.Contains] + return [ + AzureRelationshipKind.AvereContributor, + AzureRelationshipKind.Contributor, + AzureRelationshipKind.GetCertificates, + AzureRelationshipKind.GetKeys, + AzureRelationshipKind.GetSecrets, + AzureRelationshipKind.HasRole, + AzureRelationshipKind.MemberOf, + AzureRelationshipKind.M365MemberOf, + AzureRelationshipKind.Owner, + AzureRelationshipKind.RunsAs, + AzureRelationshipKind.VMContributor, + AzureRelationshipKind.AutomationContributor, + AzureRelationshipKind.KeyVaultContributor, + AzureRelationshipKind.VMAdminLogin, + AzureRelationshipKind.AddMembers, + AzureRelationshipKind.AddSecret, + AzureRelationshipKind.ExecuteCommand, + AzureRelationshipKind.GlobalAdmin, + AzureRelationshipKind.PrivilegedAuthAdmin, + AzureRelationshipKind.Grant, + AzureRelationshipKind.GrantSelf, + AzureRelationshipKind.PrivilegedRoleAdmin, + AzureRelationshipKind.ResetPassword, + AzureRelationshipKind.UserAccessAdministrator, + AzureRelationshipKind.Owns, + AzureRelationshipKind.CloudAppAdmin, + AzureRelationshipKind.AppAdmin, + AzureRelationshipKind.AddOwner, + AzureRelationshipKind.ManagedIdentity, + AzureRelationshipKind.AKSContributor, + AzureRelationshipKind.NodeResourceGroup, + AzureRelationshipKind.WebsiteContributor, + AzureRelationshipKind.LogicAppContributor, + AzureRelationshipKind.AZMGAddMember, + AzureRelationshipKind.AZMGAddOwner, + AzureRelationshipKind.AZMGAddSecret, + AzureRelationshipKind.AZMGGrantAppRoles, + AzureRelationshipKind.AZMGGrantRole, + AzureRelationshipKind.SyncedToADUser, + AzureRelationshipKind.Contains + ]; } export enum CommonNodeKind { -MigrationData = 'MigrationData', -} -export function CommonNodeKindToDisplay (value : CommonNodeKind): string | undefined { -switch (value) { -case CommonNodeKind.MigrationData: -return 'MigrationData' -default: -return undefined + MigrationData = 'MigrationData', } +export function CommonNodeKindToDisplay (value: CommonNodeKind): string | undefined { + switch (value) { + case CommonNodeKind.MigrationData: + return 'MigrationData'; + default: + return undefined; + } } export enum CommonKindProperties { -ObjectID = 'objectid', -Name = 'name', -DisplayName = 'displayname', -Description = 'description', -OwnerObjectID = 'owner_objectid', -Collected = 'collected', -OperatingSystem = 'operatingsystem', -SystemTags = 'system_tags', -UserTags = 'user_tags', -LastSeen = 'lastseen', -WhenCreated = 'whencreated', -Enabled = 'enabled', -PasswordLastSet = 'pwdlastset', -Title = 'title', -Email = 'email', -IsInherited = 'isinherited', -CompositionID = 'compositionid', -} -export function CommonKindPropertiesToDisplay (value : CommonKindProperties): string | undefined { -switch (value) { -case CommonKindProperties.ObjectID: -return 'Object ID' -case CommonKindProperties.Name: -return 'Name' -case CommonKindProperties.DisplayName: -return 'Display Name' -case CommonKindProperties.Description: -return 'Description' -case CommonKindProperties.OwnerObjectID: -return 'Owner Object ID' -case CommonKindProperties.Collected: -return 'Collected' -case CommonKindProperties.OperatingSystem: -return 'Operating System' -case CommonKindProperties.SystemTags: -return 'Node System Tags' -case CommonKindProperties.UserTags: -return 'Node User Tags' -case CommonKindProperties.LastSeen: -return 'Last Collected by BloodHound' -case CommonKindProperties.WhenCreated: -return 'Created' -case CommonKindProperties.Enabled: -return 'Enabled' -case CommonKindProperties.PasswordLastSet: -return 'Password Last Set' -case CommonKindProperties.Title: -return 'Title' -case CommonKindProperties.Email: -return 'Email' -case CommonKindProperties.IsInherited: -return 'Is Inherited' -case CommonKindProperties.CompositionID: -return 'Composition ID' -default: -return undefined + ObjectID = 'objectid', + Name = 'name', + DisplayName = 'displayname', + Description = 'description', + OwnerObjectID = 'owner_objectid', + Collected = 'collected', + OperatingSystem = 'operatingsystem', + SystemTags = 'system_tags', + UserTags = 'user_tags', + LastSeen = 'lastseen', + WhenCreated = 'whencreated', + Enabled = 'enabled', + PasswordLastSet = 'pwdlastset', + Title = 'title', + Email = 'email', + IsInherited = 'isinherited', + CompositionID = 'compositionid', } +export function CommonKindPropertiesToDisplay (value: CommonKindProperties): string | undefined { + switch (value) { + case CommonKindProperties.ObjectID: + return 'Object ID'; + case CommonKindProperties.Name: + return 'Name'; + case CommonKindProperties.DisplayName: + return 'Display Name'; + case CommonKindProperties.Description: + return 'Description'; + case CommonKindProperties.OwnerObjectID: + return 'Owner Object ID'; + case CommonKindProperties.Collected: + return 'Collected'; + case CommonKindProperties.OperatingSystem: + return 'Operating System'; + case CommonKindProperties.SystemTags: + return 'Node System Tags'; + case CommonKindProperties.UserTags: + return 'Node User Tags'; + case CommonKindProperties.LastSeen: + return 'Last Collected by BloodHound'; + case CommonKindProperties.WhenCreated: + return 'Created'; + case CommonKindProperties.Enabled: + return 'Enabled'; + case CommonKindProperties.PasswordLastSet: + return 'Password Last Set'; + case CommonKindProperties.Title: + return 'Title'; + case CommonKindProperties.Email: + return 'Email'; + case CommonKindProperties.IsInherited: + return 'Is Inherited'; + case CommonKindProperties.CompositionID: + return 'Composition ID'; + default: + return undefined; + } } \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/utils/content.ts b/packages/javascript/bh-shared-ui/src/utils/content.ts index 6461d54fd8..266e5158e7 100644 --- a/packages/javascript/bh-shared-ui/src/utils/content.ts +++ b/packages/javascript/bh-shared-ui/src/utils/content.ts @@ -1068,96 +1068,96 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('az-base', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azbase-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('az-base', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azapp-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('applications', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azvmscaleset-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('vm-scale-sets', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azdevice-local_admins': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('devices', id, 'inbound-execution-privileges', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azdevice-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('devices', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azfunctionapp-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('function-apps', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup-members': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'group-members', counts, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup-member_of': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'group-membership', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup-roles': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup365-members': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'group-members', counts, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup365-member_of': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'group-membership', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup365-roles': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup365-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azgroup365-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azkeyvault-key_readers': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('key-vaults', id, 'key-readers', counts, skip, limit, type, { @@ -1199,169 +1199,169 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('key-vaults', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_management_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-management-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_subscriptions': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-subscriptions', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_resource_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-resource-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_vms': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-virtual-machines', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_managed_clusters': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-managed-clusters', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_vm_scale_sets': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-vm-scale-sets', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_container_registries': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-container-registries', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_web_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-web-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_automation_accounts': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-automation-accounts', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_key_vaults': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-key-vaults', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_function_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-function-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-descendant_logic_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'descendent-logic-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagementgroup-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('management-groups', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-descendant_vms': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-virtual-machines', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-descendant_managed_clusters': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-managed-clusters', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-descendant_vm_scale_sets': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-vm-scale-sets', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-descendant_container_registries': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-container-registries', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-descendant_automation_accounts': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-automation-accounts', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-descendant_key_vaults': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-key-vaults', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-descendant_web_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-web-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-descendant_function_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-function-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-descendant_logic_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'descendent-logic-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azresourcegroup-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('resource-groups', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azrole-active_assignments': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('roles', id, 'active-assignments', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azserviceprincipal-roles': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('service-principals', id, 'roles', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azserviceprincipal-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('service-principals', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azserviceprincipal-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('service-principals', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azserviceprincipal-inbound_abusable_app_role_assignments': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2( @@ -1376,7 +1376,7 @@ export const entityRelationshipEndpoints = { signal: controller.signal, } ) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azserviceprincipal-outbound_abusable_app_role_assignments': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2( @@ -1391,403 +1391,403 @@ export const entityRelationshipEndpoints = { signal: controller.signal, } ) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_resource_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-resource-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_vms': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-virtual-machines', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_managed_clusters': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-managed-clusters', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_vm_scale_sets': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-vm-scale-sets', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_container_registries': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-container-registries', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_automation_accounts': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-automation-accounts', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_key_vaults': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-key-vaults', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_web_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-web-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_function_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-function-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-descendant_objects-descendant_logic_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'descendent-logic-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azsubscription-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('subscriptions', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_users': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-users', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_management_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-management-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_subscriptions': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-subscriptions', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_resource_groups': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-resource-groups', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_vms': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-virtual-machines', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_managed_clusters': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-managed-clusters', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_vm_scale_sets': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-vm-scale-sets', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_container_registries': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-container-registries', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_web_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-web-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_automation_accounts': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-automation-accounts', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_key_vaults': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-key-vaults', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_function_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-function-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_logic_apps': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-logic-apps', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_app_registrations': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-applications', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_service_principals': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-service-principals', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-descendant_devices': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'descendent-devices', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aztenant-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('tenants', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azuser-member_of': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'group-membership', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azuser-roles': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azuser-execution_privileges': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'outbound-execution-privileges', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azuser-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azuser-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('users', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azvm-local_admins': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('vms', id, 'inbound-execution-privileges', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azvm-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('vms', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azmanagedcluster-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('managed-clusters', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azcontainerregistry-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('container-registries', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azwebapp-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('web-apps', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azlogicapp-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('logic-apps', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'azautomationaccount-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('automation-accounts', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'base-outbound_object_control': ({ id, skip, limit, type }) => - apiClient.getBaseControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getBaseControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'base-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getBaseControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getBaseControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'container-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getContainerControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'aiaca-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getAIACAControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getAIACAControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'certtemplate-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getCertTemplateControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'computer-sessions': ({ id, skip, limit, type }) => - apiClient.getComputerSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getComputerSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'computer-local_admins': ({ id, skip, limit, type }) => - apiClient.getComputerAdminUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getComputerAdminUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'computer-rdp_users': ({ id, skip, limit, type }) => - apiClient.getComputerRDPUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getComputerRDPUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'computer-psremote_users': ({ id, skip, limit, type }) => apiClient .getComputerPSRemoteUsersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'computer-dcom_users': ({ id, skip, limit, type }) => - apiClient.getComputerDCOMUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getComputerDCOMUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'computer-sql_admin_users': ({ id, skip, limit, type }) => - apiClient.getComputerSQLAdminsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getComputerSQLAdminsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'computer-constrained_delegation_users': ({ id, skip, limit, type }) => apiClient .getComputerConstrainedDelegationRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'computer-member_of': ({ id, skip, limit, type }) => apiClient .getComputerGroupMembershipV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'computer-local_admin_privileges': ({ id, skip, limit, type }) => apiClient .getComputerAdminRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'computer-rdp_privileges': ({ id, skip, limit, type }) => - apiClient.getComputerRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getComputerRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'computer-psremote_rights': ({ id, skip, limit, type }) => apiClient .getComputerPSRemoteRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'computer-dcom_privileges': ({ id, skip, limit, type }) => - apiClient.getComputerDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getComputerDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'computer-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getComputerControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'computer-outbound_object_control': ({ id, skip, limit, type }) => apiClient .getComputerControllablesV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'domain-foreign_users': ({ id, skip, limit, type }) => - apiClient.getDomainForeignUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getDomainForeignUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'domain-foreign_groups': ({ id, skip, limit, type }) => apiClient .getDomainForeignGroupsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'domain-foreign_admins': ({ id, skip, limit, type }) => apiClient .getDomainForeignAdminsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'domain-foreign_gpo_controllers': ({ id, skip, limit, type }) => apiClient .getDomainForeignGPOControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'domain-inbound_trusts': ({ id, skip, limit, type }) => apiClient .getDomainInboundTrustsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'domain-outbound_trusts': ({ id, skip, limit, type }) => apiClient .getDomainOutboundTrustsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'domain-controllers': ({ id, skip, limit, type }) => - apiClient.getDomainControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getDomainControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'enterpriseca-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getEnterpriseCAControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'gpo-ous': ({ id, skip, limit, type }) => - apiClient.getGPOOUsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGPOOUsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'gpo-computers': ({ id, skip, limit, type }) => - apiClient.getGPOComputersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGPOComputersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'gpo-users': ({ id, skip, limit, type }) => - apiClient.getGPOUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGPOUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'gpo-tier_zero_objects': ({ id, skip, limit, type }) => - apiClient.getGPOTierZeroV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGPOTierZeroV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'gpo-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getGPOControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGPOControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'group-sessions': ({ id, skip, limit, type }) => - apiClient.getGroupSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGroupSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'group-members': ({ id, skip, limit, type }) => - apiClient.getGroupMembersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGroupMembersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'group-member_of': ({ id, skip, limit, type }) => - apiClient.getGroupMembershipsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGroupMembershipsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'group-local_admin_privileges': ({ id, skip, limit, type }) => - apiClient.getGroupAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGroupAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'group-rdp_privileges': ({ id, skip, limit, type }) => - apiClient.getGroupRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGroupRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'group-dcom_privileges': ({ id, skip, limit, type }) => - apiClient.getGroupDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGroupDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'group-psremote_rights': ({ id, skip, limit, type }) => apiClient .getGroupPSRemoteRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'group-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getGroupControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGroupControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'group-outbound_object_control': ({ id, skip, limit, type }) => - apiClient.getGroupControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getGroupControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'ntauthstore-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getNTAuthStoreControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'ou-affecting_gpos': ({ id, skip, limit, type }) => - apiClient.getOUGPOsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getOUGPOsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'ou-groups': ({ id, skip, limit, type }) => - apiClient.getOUGroupsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getOUGroupsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'ou-computers': ({ id, skip, limit, type }) => - apiClient.getOUComputersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getOUComputersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'ou-users': ({ id, skip, limit, type }) => - apiClient.getOUUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getOUUsersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'rootca-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getRootCAControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getRootCAControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'issuancepolicy-inbound_object_control': ({ id, skip, limit, type }) => apiClient .getIssuancePolicyControllersV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'issuancepolicy-linked_certificate_templates': ({ id, skip, limit, type }) => apiClient .getIssuancePolicyLinkedTemplatesV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'user-sessions': ({ id, skip, limit, type }) => - apiClient.getUserSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getUserSessionsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'user-member_of': ({ id, skip, limit, type }) => - apiClient.getUserMembershipsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getUserMembershipsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'user-local_admin_privileges': ({ id, skip, limit, type }) => - apiClient.getUserAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getUserAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'user-rdp_privileges': ({ id, skip, limit, type }) => - apiClient.getUserRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getUserRDPRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'user-psremote_privileges': ({ id, skip, limit, type }) => - apiClient.getUserPSRemoteRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getUserPSRemoteRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'user-dcom_privileges': ({ id, skip, limit, type }) => - apiClient.getUserDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getUserDCOMRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'user-sql_admin_rights': ({ id, skip, limit, type }) => - apiClient.getUserSQLAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getUserSQLAdminRightsV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'user-constrained_delegation_privileges': ({ id, skip, limit, type }) => apiClient .getUserConstrainedDelegationRightsV2(id, skip, limit, type, { signal: controller.signal }) - .then((res: { data: any; }) => res.data), + .then((res) => res.data), 'user-outbound_object_control': ({ id, skip, limit, type }) => - apiClient.getUserControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getUserControllablesV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), 'user-inbound_object_control': ({ id, skip, limit, type }) => - apiClient.getUserControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res: { data: any; }) => res.data), + apiClient.getUserControllersV2(id, skip, limit, type, { signal: controller.signal }).then((res) => res.data), } as const satisfies EntityRelationshipEndpoint; From 21c84029dc38e242c5f7576f21cd7c510df974c5 Mon Sep 17 00:00:00 2001 From: Basile Date: Thu, 10 Apr 2025 16:37:59 +0200 Subject: [PATCH 08/11] rollback wrongly commited local changes --- packages/go/schemagen/main.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/packages/go/schemagen/main.go b/packages/go/schemagen/main.go index dc71a8068b..9b6876de2a 100644 --- a/packages/go/schemagen/main.go +++ b/packages/go/schemagen/main.go @@ -69,6 +69,7 @@ func GenerateSharedTypeScript(projectRoot string, rootSchema Schema) error { } func main() { + cfgBuilder := generator.NewConfigBuilder("/schemas") if projectRoot, err := generator.FindGolangWorkspaceRoot(); err != nil { slog.Error(fmt.Sprintf("Error finding project root: %v", err)) @@ -76,9 +77,6 @@ func main() { } else { slog.Info(fmt.Sprintf("Project root is %s", projectRoot)) - absolutepath, _ := filepath.Abs(projectRoot) - cfgBuilder := generator.NewConfigBuilder(absolutepath) - if err := cfgBuilder.OverlayPath(filepath.Join(projectRoot, "packages/cue")); err != nil { slog.Error(fmt.Sprintf("Error: %v", err)) os.Exit(1) @@ -86,7 +84,7 @@ func main() { cfg := cfgBuilder.Build() - if bhInstance, err := cfg.Value("/bh/bh.cue"); err != nil { + if bhInstance, err := cfg.Value("/schemas/bh/bh.cue"); err != nil { slog.Error(fmt.Sprintf("Error: %v", errors.Details(err, nil))) os.Exit(1) } else { From e46c9ca059bcd7a7a195027b933e00d8c0b4a08f Mon Sep 17 00:00:00 2001 From: Basile Date: Tue, 15 Apr 2025 13:30:06 +0200 Subject: [PATCH 09/11] Removed AZM365MemberOf edge (replaced by AZGroupMember since it is the same) + added Owners for Microsoft 365 groups + some clean up --- .../src/daemons/datapipe/azure_convertors.go | 15 ++++++- cmd/api/src/test/integration/harnesses.go | 14 +++---- packages/cue/bh/azure/azure.cue | 8 ---- packages/go/analysis/azure/azure.go | 1 - packages/go/analysis/azure/filters.go | 6 +-- packages/go/analysis/azure/queries.go | 4 +- packages/go/ein/azure.go | 36 +++++++++++++++- packages/go/graphschema/azure/azure.go | 5 +-- packages/go/graphschema/common/common.go | 20 ++++++++- .../AZM365MemberOf/AZM365MemberOf.tsx | 28 ------------- .../HelpTexts/AZM365MemberOf/Abuse.tsx | 28 ------------- .../HelpTexts/AZM365MemberOf/General.tsx | 41 ------------------- .../HelpTexts/AZM365MemberOf/Opsec.tsx | 23 ----------- .../HelpTexts/AZM365MemberOf/References.tsx | 37 ----------------- .../src/components/HelpTexts/index.tsx | 2 - .../bh-shared-ui/src/graphSchema.ts | 4 -- .../bh-shared-ui/src/utils/content.ts | 18 ++++---- 17 files changed, 90 insertions(+), 200 deletions(-) delete mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/AZM365MemberOf.tsx delete mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Abuse.tsx delete mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/General.tsx delete mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Opsec.tsx delete mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/References.tsx diff --git a/cmd/api/src/daemons/datapipe/azure_convertors.go b/cmd/api/src/daemons/datapipe/azure_convertors.go index a656e0c40e..e238cb15c4 100644 --- a/cmd/api/src/daemons/datapipe/azure_convertors.go +++ b/cmd/api/src/daemons/datapipe/azure_convertors.go @@ -63,6 +63,8 @@ func getKindConverter(kind enums.Kind) func(json.RawMessage, *ConvertedAzureData return convertAzureGroup365Member case enums.KindAZGroupOwner: return convertAzureGroupOwner + case enums.KindAZGroup365Owner: + return convertAzureGroup365Owner case enums.KindAZKeyVault: return convertAzureKeyVault case enums.KindAZKeyVaultAccessPolicy: @@ -292,7 +294,7 @@ func convertAzureGroup365(raw json.RawMessage, converted *ConvertedAzureData) { if err := json.Unmarshal(raw, &data); err != nil { - slog.Error(fmt.Sprintf(SerialError, "azure group365", err)) + slog.Error(fmt.Sprintf(SerialError, "azure Microsoft 36 group", err)) } else { @@ -339,6 +341,17 @@ func convertAzureGroupOwner(raw json.RawMessage, converted *ConvertedAzureData) } } +func convertAzureGroup365Owner(raw json.RawMessage, converted *ConvertedAzureData) { + var ( + data models.Group365Owners + ) + if err := json.Unmarshal(raw, &data); err != nil { + slog.Error(fmt.Sprintf(SerialError, "azure Microsoft 365 group owners", err)) + } else { + converted.RelProps = append(converted.RelProps, ein.ConvertAzureGroup365OwnerToRels(data)...) + } +} + func convertAzureKeyVault(raw json.RawMessage, converted *ConvertedAzureData) { var data models.KeyVault if err := json.Unmarshal(raw, &data); err != nil { diff --git a/cmd/api/src/test/integration/harnesses.go b/cmd/api/src/test/integration/harnesses.go index 9beb891777..6a40ca0dfd 100644 --- a/cmd/api/src/test/integration/harnesses.go +++ b/cmd/api/src/test/integration/harnesses.go @@ -906,10 +906,10 @@ func (s *AZBaseHarness) CreateAzureNestedGroup365Chain(testCtx *GraphTestContext ) if previousGroup == nil { - testCtx.NewRelationship(s.User, newGroup, azure.M365MemberOf) + testCtx.NewRelationship(s.User, newGroup, azure.MemberOf) s.UserFirstDegreeGroups.Add(newGroup) } else { - testCtx.NewRelationship(previousGroup, newGroup, azure.M365MemberOf) + testCtx.NewRelationship(previousGroup, newGroup, azure.MemberOf) } groupNodes.Add(newGroup) @@ -942,9 +942,9 @@ func (s *AZGroupMembershipHarness) Setup(testCtx *GraphTestContext) { testCtx.NewRelationship(s.UserA, s.Group, azure.MemberOf) testCtx.NewRelationship(s.UserB, s.Group, azure.MemberOf) testCtx.NewRelationship(s.UserC, s.Group, azure.MemberOf) - testCtx.NewRelationship(s.UserA, s.Group365, azure.M365MemberOf) - testCtx.NewRelationship(s.UserB, s.Group365, azure.M365MemberOf) - testCtx.NewRelationship(s.UserC, s.Group365, azure.M365MemberOf) + testCtx.NewRelationship(s.UserA, s.Group365, azure.MemberOf) + testCtx.NewRelationship(s.UserB, s.Group365, azure.MemberOf) + testCtx.NewRelationship(s.UserC, s.Group365, azure.MemberOf) } type AZManagementGroupHarness struct { @@ -1271,8 +1271,8 @@ func (s *AZInboundControlHarness) Setup(testCtx *GraphTestContext) { testCtx.NewRelationship(s.AZUserA, s.AZGroupA, azure.MemberOf) testCtx.NewRelationship(s.AZServicePrincipalB, s.AZGroupB, azure.MemberOf) - testCtx.NewRelationship(s.AZUserA, s.AZGroup365A, azure.M365MemberOf) - testCtx.NewRelationship(s.AZServicePrincipalB, s.AZGroup365B, azure.M365MemberOf) + testCtx.NewRelationship(s.AZUserA, s.AZGroup365A, azure.MemberOf) + testCtx.NewRelationship(s.AZServicePrincipalB, s.AZGroup365B, azure.MemberOf) testCtx.NewRelationship(s.AZAppA, s.AZServicePrincipalA, azure.RunsAs) diff --git a/packages/cue/bh/azure/azure.cue b/packages/cue/bh/azure/azure.cue index fceb8b646e..af8904505c 100644 --- a/packages/cue/bh/azure/azure.cue +++ b/packages/cue/bh/azure/azure.cue @@ -619,12 +619,6 @@ Owns: types.#Kind & { representation: "AZOwns" } -M365MemberOf: types.#Kind & { - symbol: "M365MemberOf" - schema: "azure" - representation: "AZM365MemberOf" -} - ScopedTo: types.#Kind & { symbol: "ScopedTo" schema: "azure" @@ -766,7 +760,6 @@ RelationshipKinds: [ GetSecrets, HasRole, MemberOf, - M365MemberOf, Owner, RunsAs, VMContributor, @@ -875,7 +868,6 @@ InboundOutboundRelationshipKinds: [ GetSecrets, HasRole, MemberOf, - M365MemberOf, Owner, RunsAs, VMContributor, diff --git a/packages/go/analysis/azure/azure.go b/packages/go/analysis/azure/azure.go index f4c0e98e07..13a0d9c8de 100644 --- a/packages/go/analysis/azure/azure.go +++ b/packages/go/analysis/azure/azure.go @@ -102,7 +102,6 @@ func GetDescendentKinds(kind graph.Kind) []graph.Kind { func AzureNonDescentKinds() graph.Kinds { return []graph.Kind{ azure.MemberOf, - azure.M365MemberOf, azure.HasRole, azure.RunsAs, } diff --git a/packages/go/analysis/azure/filters.go b/packages/go/analysis/azure/filters.go index 7cdfd6de96..9007d901ad 100644 --- a/packages/go/analysis/azure/filters.go +++ b/packages/go/analysis/azure/filters.go @@ -27,7 +27,7 @@ import ( ) func FilterEntityActiveAssignments() graph.Criteria { - return query.KindIn(query.Relationship(), azure.HasRole, azure.MemberOf, azure.M365MemberOf) + return query.KindIn(query.Relationship(), azure.HasRole, azure.MemberOf) } func FilterEntityPIMAssignments() graph.Criteria { @@ -63,12 +63,12 @@ func FilterAbusableAppRoleAssignmentRelationships() graph.Criteria { } func FilterGroupMembership() graph.Criteria { - return query.Kind(query.Relationship(), azure.MemberOf, azure.M365MemberOf) + return query.Kind(query.Relationship(), azure.MemberOf) } func FilterGroupMembers() graph.Criteria { return query.And( - query.Kind(query.Relationship(), azure.MemberOf, azure.M365MemberOf), + query.Kind(query.Relationship(), azure.MemberOf), query.Kind(query.Start(), azure.Entity), ) } diff --git a/packages/go/analysis/azure/queries.go b/packages/go/analysis/azure/queries.go index 33516f13c4..9f53dae5c2 100644 --- a/packages/go/analysis/azure/queries.go +++ b/packages/go/analysis/azure/queries.go @@ -288,7 +288,7 @@ func InboundControlDescentFilter(_ *ops.TraversalContext, segment *graph.PathSeg if segment.Depth() == 1 { return true } else { - return segment.Edge.Kind.Is(azure.MemberOf, azure.M365MemberOf, azure.Contains) + return segment.Edge.Kind.Is(azure.MemberOf, azure.Contains) } } @@ -320,7 +320,7 @@ func OutboundControlDescentFilter(_ *ops.TraversalContext, segment *graph.PathSe } func OutboundControlPathFilter(_ *ops.TraversalContext, segment *graph.PathSegment) bool { - return !segment.Edge.Kind.Is(azure.MemberOf, azure.M365MemberOf, azure.Contains) + return !segment.Edge.Kind.Is(azure.MemberOf, azure.Contains) } func FetchOutboundEntityObjectControlPaths(tx graph.Transaction, root *graph.Node) (graph.PathSet, error) { diff --git a/packages/go/ein/azure.go b/packages/go/ein/azure.go index f77633af9f..b1d3113e47 100644 --- a/packages/go/ein/azure.go +++ b/packages/go/ein/azure.go @@ -547,7 +547,7 @@ func ConvertAzureGroup365MembersToRels(data models.Group365Members) []Ingestible }, IngestibleRel{ RelProps: map[string]any{}, - RelType: azure.M365MemberOf, + RelType: azure.MemberOf, }, )) } @@ -589,6 +589,40 @@ func ConvertAzureGroupOwnerToRels(data models.GroupOwners) []IngestibleRelations return relationships } +func ConvertAzureGroup365OwnerToRels(data models.Group365Owners) []IngestibleRelationship { + relationships := make([]IngestibleRelationship, 0) + + for _, raw := range data.Owners { + var ( + owner azure2.DirectoryObject + ) + if err := json.Unmarshal(raw.Owner, &owner); err != nil { + slog.Error(fmt.Sprintf(SerialError, "azure Microsoft 365 group owner", err)) + } else if ownerType, err := ExtractTypeFromDirectoryObject(owner); errors.Is(err, ErrInvalidType) { + slog.Warn(fmt.Sprintf(ExtractError, err)) + } else if err != nil { + slog.Error(fmt.Sprintf(ExtractError, err)) + } else { + relationships = append(relationships, NewIngestibleRelationship( + IngestibleSource{ + Source: strings.ToUpper(owner.Id), + SourceType: ownerType, + }, + IngestibleTarget{ + TargetType: azure.Group365, + Target: strings.ToUpper(data.GroupId), + }, + IngestibleRel{ + RelProps: map[string]any{}, + RelType: azure.Owns, + }, + )) + } + } + + return relationships +} + func ConvertAzureKeyVault(data models.KeyVault) (IngestibleNode, IngestibleRelationship) { return IngestibleNode{ ObjectID: strings.ToUpper(data.Id), diff --git a/packages/go/graphschema/azure/azure.go b/packages/go/graphschema/azure/azure.go index 3fdcd81fd3..5cac4b439e 100644 --- a/packages/go/graphschema/azure/azure.go +++ b/packages/go/graphschema/azure/azure.go @@ -54,7 +54,6 @@ var ( GetSecrets = graph.StringKind("AZGetSecrets") HasRole = graph.StringKind("AZHasRole") MemberOf = graph.StringKind("AZMemberOf") - M365MemberOf = graph.StringKind("AZM365MemberOf") Owner = graph.StringKind("AZOwner") RunsAs = graph.StringKind("AZRunsAs") VMContributor = graph.StringKind("AZVMContributor") @@ -369,7 +368,7 @@ func (s Property) Is(others ...graph.Kind) bool { return false } func Relationships() []graph.Kind { - return []graph.Kind{AvereContributor, Contains, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, M365MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, ScopedTo, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, ApplicationReadWriteAll, AppRoleAssignmentReadWriteAll, DirectoryReadWriteAll, GroupReadWriteAll, GroupMemberReadWriteAll, RoleManagementReadWriteDirectory, ServicePrincipalEndpointReadWriteAll, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser} + return []graph.Kind{AvereContributor, Contains, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, ScopedTo, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, ApplicationReadWriteAll, AppRoleAssignmentReadWriteAll, DirectoryReadWriteAll, GroupReadWriteAll, GroupMemberReadWriteAll, RoleManagementReadWriteDirectory, ServicePrincipalEndpointReadWriteAll, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser} } func AppRoleTransitRelationshipKinds() []graph.Kind { return []graph.Kind{AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole} @@ -384,7 +383,7 @@ func ExecutionPrivileges() []graph.Kind { return []graph.Kind{VMAdminLogin, VMContributor, AvereContributor, WebsiteContributor, Contributor, ExecuteCommand} } func PathfindingRelationships() []graph.Kind { - return []graph.Kind{AvereContributor, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, M365MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser, Contains} + return []graph.Kind{AvereContributor, Contributor, GetCertificates, GetKeys, GetSecrets, HasRole, MemberOf, Owner, RunsAs, VMContributor, AutomationContributor, KeyVaultContributor, VMAdminLogin, AddMembers, AddSecret, ExecuteCommand, GlobalAdmin, PrivilegedAuthAdmin, Grant, GrantSelf, PrivilegedRoleAdmin, ResetPassword, UserAccessAdministrator, Owns, CloudAppAdmin, AppAdmin, AddOwner, ManagedIdentity, AKSContributor, NodeResourceGroup, WebsiteContributor, LogicAppContributor, AZMGAddMember, AZMGAddOwner, AZMGAddSecret, AZMGGrantAppRoles, AZMGGrantRole, SyncedToADUser, Contains} } func NodeKinds() []graph.Kind { return []graph.Kind{Entity, VMScaleSet, App, Role, Device, FunctionApp, Group, Group365, KeyVault, ManagementGroup, ResourceGroup, ServicePrincipal, Subscription, Tenant, User, VM, ManagedCluster, ContainerRegistry, WebApp, LogicApp, AutomationAccount} diff --git a/packages/go/graphschema/common/common.go b/packages/go/graphschema/common/common.go index f75cae4282..ba25b3e19f 100644 --- a/packages/go/graphschema/common/common.go +++ b/packages/go/graphschema/common/common.go @@ -1,3 +1,19 @@ +// Copyright 2025 Specter Ops, Inc. +// +// Licensed under the Apache License, Version 2.0 +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + // Code generated by Cuelang code gen. DO NOT EDIT! // Cuelang source: github.com/specterops/bloodhound/-/tree/main/packages/cue/schemas/ @@ -24,10 +40,10 @@ func NodeKinds() []graph.Kind { return []graph.Kind{MigrationData} } func InboundRelationshipKinds() []graph.Kind { - return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.M365MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} + return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} } func OutboundRelationshipKinds() []graph.Kind { - return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, ad.DCFor, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.M365MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} + return []graph.Kind{ad.Owns, ad.GenericAll, ad.GenericWrite, ad.WriteOwner, ad.WriteDACL, ad.MemberOf, ad.ForceChangePassword, ad.AllExtendedRights, ad.AddMember, ad.HasSession, ad.GPLink, ad.AllowedToDelegate, ad.CoerceToTGT, ad.AllowedToAct, ad.AdminTo, ad.CanPSRemote, ad.CanRDP, ad.ExecuteDCOM, ad.HasSIDHistory, ad.AddSelf, ad.DCSync, ad.ReadLAPSPassword, ad.ReadGMSAPassword, ad.DumpSMSAPassword, ad.SQLAdmin, ad.AddAllowedToAct, ad.WriteSPN, ad.AddKeyCredentialLink, ad.SyncLAPSPassword, ad.WriteAccountRestrictions, ad.WriteGPLink, ad.GoldenCert, ad.ADCSESC1, ad.ADCSESC3, ad.ADCSESC4, ad.ADCSESC6a, ad.ADCSESC6b, ad.ADCSESC9a, ad.ADCSESC9b, ad.ADCSESC10a, ad.ADCSESC10b, ad.ADCSESC13, ad.SyncedToEntraUser, ad.CoerceAndRelayNTLMToSMB, ad.CoerceAndRelayNTLMToADCS, ad.WriteOwnerLimitedRights, ad.OwnsLimitedRights, ad.CoerceAndRelayNTLMToLDAP, ad.CoerceAndRelayNTLMToLDAPS, ad.Contains, ad.DCFor, azure.AvereContributor, azure.Contributor, azure.GetCertificates, azure.GetKeys, azure.GetSecrets, azure.HasRole, azure.MemberOf, azure.Owner, azure.RunsAs, azure.VMContributor, azure.AutomationContributor, azure.KeyVaultContributor, azure.VMAdminLogin, azure.AddMembers, azure.AddSecret, azure.ExecuteCommand, azure.GlobalAdmin, azure.PrivilegedAuthAdmin, azure.Grant, azure.GrantSelf, azure.PrivilegedRoleAdmin, azure.ResetPassword, azure.UserAccessAdministrator, azure.Owns, azure.CloudAppAdmin, azure.AppAdmin, azure.AddOwner, azure.ManagedIdentity, azure.AKSContributor, azure.NodeResourceGroup, azure.WebsiteContributor, azure.LogicAppContributor, azure.AZMGAddMember, azure.AZMGAddOwner, azure.AZMGAddSecret, azure.AZMGGrantAppRoles, azure.AZMGGrantRole, azure.SyncedToADUser} } type Property string diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/AZM365MemberOf.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/AZM365MemberOf.tsx deleted file mode 100644 index 6070592210..0000000000 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/AZM365MemberOf.tsx +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2023 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 - -import Abuse from './Abuse'; -import General from './General'; -import Opsec from './Opsec'; -import References from './References'; - -const AZM365MemberOf = { - general: General, - abuse: Abuse, - opsec: Opsec, - references: References, -}; -export default AZM365MemberOf; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Abuse.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Abuse.tsx deleted file mode 100644 index 1e58b87449..0000000000 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Abuse.tsx +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright 2023 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 - -import { Typography } from '@mui/material'; -import { FC } from 'react'; - -const Abuse: FC = () => { - return ( - - This edge simply indicates that the user is a member of the Microsoft 365 group. Potential abuses will depend on the group and its permissions. - - - ); -}; -export default Abuse; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/General.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/General.tsx deleted file mode 100644 index 4f76aecd9c..0000000000 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/General.tsx +++ /dev/null @@ -1,41 +0,0 @@ -// Copyright 2023 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 - -import { Typography } from '@mui/material'; -import { FC } from 'react'; -import { EdgeInfoProps } from '../index'; -import { typeFormat } from '../utils'; - -const General: FC = ({ sourceName, sourceType, targetName }) => { - - return ( - <> - - - The {typeFormat(sourceType)} {sourceName} is a member of the Microsoft 365 group {targetName}. - - - - - - Microsoft 365 groups in Azure Active Directory grant their direct members any privileges the group itself has. It includes - access to shared resources such as SharePoint sites, Microsoft Teams, Emails and OneNote notebooks. - - - - ); -}; -export default General; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Opsec.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Opsec.tsx deleted file mode 100644 index 6807158230..0000000000 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/Opsec.tsx +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2023 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 - -import { Typography } from '@mui/material'; -import { FC } from 'react'; - -const Opsec: FC = () => { - return No opsec considerations apply to this edge.; -}; -export default Opsec; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/References.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/References.tsx deleted file mode 100644 index 1545ea55a8..0000000000 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/AZM365MemberOf/References.tsx +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright 2023 Specter Ops, Inc. -// -// Licensed under the Apache License, Version 2.0 -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// SPDX-License-Identifier: Apache-2.0 - -import { Box, Link } from '@mui/material'; -import { FC } from 'react'; - -const References: FC = () => { - - return ( - - - - Create a role-assignable group in Azure Active Directory - - - - ); -}; - -export default References; \ No newline at end of file diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx index 3dfe1cf057..cc44954bdc 100644 --- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx +++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx @@ -57,7 +57,6 @@ import AZMGRoleManagement_ReadWrite_Directory from './AZMGRoleManagement_ReadWri import AZMGServicePrincipalEndpoint_ReadWrite_All from './AZMGServicePrincipalEndpoint_ReadWrite_All/AZMGServicePrincipalEndpoint_ReadWrite_All'; import AZManagedIdentity from './AZManagedIdentity/AZManagedIdentity'; import AZMemberOf from './AZMemberOf/AZMemberOf'; -import AZM365MemberOf from './AZM365MemberOf/AZM365MemberOf'; import AZNodeResourceGroup from './AZNodeResourceGroup/AZNodeResourceGroup'; import AZOwns from './AZOwns/AZOwns'; import AZPrivilegedAuthAdmin from './AZPrivilegedAuthAdmin/AZPrivilegedAuthAdmin'; @@ -146,7 +145,6 @@ export type EdgeInfoProps = { const EdgeInfoComponents = { GenericAll: GenericAll, MemberOf: MemberOf, - AZM365MemberOf: AZM365MemberOf, AllExtendedRights: AllExtendedRights, AdminTo: AdminTo, HasSession: HasSession, diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index 0ba2f80883..74cab85a2b 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -824,7 +824,6 @@ export enum AzureRelationshipKind { GetSecrets = 'AZGetSecrets', HasRole = 'AZHasRole', MemberOf = 'AZMemberOf', - M365MemberOf = 'AZM365MemberOf', Owner = 'AZOwner', RunsAs = 'AZRunsAs', VMContributor = 'AZVMContributor', @@ -883,8 +882,6 @@ export function AzureRelationshipKindToDisplay (value: AzureRelationshipKind): s return 'HasRole'; case AzureRelationshipKind.MemberOf: return 'MemberOf'; - case AzureRelationshipKind.M365MemberOf: - return 'M365MemberOf'; case AzureRelationshipKind.Owner: return 'Owner'; case AzureRelationshipKind.RunsAs: @@ -1087,7 +1084,6 @@ export function AzurePathfindingEdges (): AzureRelationshipKind[] { AzureRelationshipKind.GetSecrets, AzureRelationshipKind.HasRole, AzureRelationshipKind.MemberOf, - AzureRelationshipKind.M365MemberOf, AzureRelationshipKind.Owner, AzureRelationshipKind.RunsAs, AzureRelationshipKind.VMContributor, diff --git a/packages/javascript/bh-shared-ui/src/utils/content.ts b/packages/javascript/bh-shared-ui/src/utils/content.ts index 266e5158e7..44be6182bd 100644 --- a/packages/javascript/bh-shared-ui/src/utils/content.ts +++ b/packages/javascript/bh-shared-ui/src/utils/content.ts @@ -1134,36 +1134,36 @@ export const entityRelationshipEndpoints = { 'azgroup365-members': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'group-members', counts, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res : any) => res.data), 'azgroup365-member_of': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'group-membership', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res : any) => res.data), 'azgroup365-roles': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'roles', counts, skip, limit, type, { signal: controller.signal }) - .then((res) => res.data), + .then((res : any) => res.data), 'azgroup365-inbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'inbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res : any) => res.data), 'azgroup365-outbound_object_control': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('groups365', id, 'outbound-control', counts, skip, limit, type, { signal: controller.signal, }) - .then((res) => res.data), + .then((res: any) => res.data), 'azkeyvault-key_readers': ({ id, counts, skip, limit, type }) => apiClient .getAZEntityInfoV2('key-vaults', id, 'key-readers', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: { countLabel: string; }; }) => { + .then((res) => { if (type !== 'graph') res.data.countLabel = 'Key Readers'; return res.data; }), @@ -1172,7 +1172,7 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('key-vaults', id, 'certificate-readers', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: { countLabel: string; }; }) => { + .then((res) => { if (type !== 'graph') res.data.countLabel = 'Certificate Readers'; return res.data; }), @@ -1181,7 +1181,7 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('key-vaults', id, 'secret-readers', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: { countLabel: string; }; }) => { + .then((res) => { if (type !== 'graph') res.data.countLabel = 'Secret Readers'; return res.data; }), @@ -1190,7 +1190,7 @@ export const entityRelationshipEndpoints = { .getAZEntityInfoV2('key-vaults', id, 'all-readers', counts, skip, limit, type, { signal: controller.signal, }) - .then((res: { data: { countLabel: string; }; }) => { + .then((res) => { if (type !== 'graph') res.data.countLabel = 'All Readers'; return res.data; }), From 51be54b25fd38f1236b07303591eef0d3225c12a Mon Sep 17 00:00:00 2001 From: Basile Date: Tue, 13 May 2025 16:09:25 +0200 Subject: [PATCH 10/11] code CleanUp --- packages/go/graphschema/graph.go | 16 + .../bh-shared-ui/src/graphSchema.ts | 693 +++++++++--------- 2 files changed, 363 insertions(+), 346 deletions(-) diff --git a/packages/go/graphschema/graph.go b/packages/go/graphschema/graph.go index c0cb953181..f606615cfa 100644 --- a/packages/go/graphschema/graph.go +++ b/packages/go/graphschema/graph.go @@ -1,3 +1,19 @@ +// Copyright 2025 Specter Ops, Inc. +// +// Licensed under the Apache License, Version 2.0 +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// SPDX-License-Identifier: Apache-2.0 + // Code generated by Cuelang code gen. DO NOT EDIT! // Cuelang source: github.com/specterops/bloodhound/-/tree/main/packages/cue/schemas/ diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index 74cab85a2b..3156649062 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -32,39 +32,39 @@ export enum ActiveDirectoryNodeKind { CertTemplate = 'CertTemplate', IssuancePolicy = 'IssuancePolicy', } -export function ActiveDirectoryNodeKindToDisplay (value: ActiveDirectoryNodeKind): string | undefined { +export function ActiveDirectoryNodeKindToDisplay(value: ActiveDirectoryNodeKind): string | undefined { switch (value) { - case ActiveDirectoryNodeKind.Entity: + case ActiveDirectoryNodeKind.Entity: return 'Entity'; - case ActiveDirectoryNodeKind.User: + case ActiveDirectoryNodeKind.User: return 'User'; - case ActiveDirectoryNodeKind.Computer: + case ActiveDirectoryNodeKind.Computer: return 'Computer'; - case ActiveDirectoryNodeKind.Group: + case ActiveDirectoryNodeKind.Group: return 'Group'; - case ActiveDirectoryNodeKind.GPO: + case ActiveDirectoryNodeKind.GPO: return 'GPO'; - case ActiveDirectoryNodeKind.OU: + case ActiveDirectoryNodeKind.OU: return 'OU'; - case ActiveDirectoryNodeKind.Container: + case ActiveDirectoryNodeKind.Container: return 'Container'; - case ActiveDirectoryNodeKind.Domain: + case ActiveDirectoryNodeKind.Domain: return 'Domain'; - case ActiveDirectoryNodeKind.LocalGroup: + case ActiveDirectoryNodeKind.LocalGroup: return 'LocalGroup'; - case ActiveDirectoryNodeKind.LocalUser: + case ActiveDirectoryNodeKind.LocalUser: return 'LocalUser'; - case ActiveDirectoryNodeKind.AIACA: + case ActiveDirectoryNodeKind.AIACA: return 'AIACA'; - case ActiveDirectoryNodeKind.RootCA: + case ActiveDirectoryNodeKind.RootCA: return 'RootCA'; - case ActiveDirectoryNodeKind.EnterpriseCA: + case ActiveDirectoryNodeKind.EnterpriseCA: return 'EnterpriseCA'; - case ActiveDirectoryNodeKind.NTAuthStore: + case ActiveDirectoryNodeKind.NTAuthStore: return 'NTAuthStore'; - case ActiveDirectoryNodeKind.CertTemplate: + case ActiveDirectoryNodeKind.CertTemplate: return 'CertTemplate'; - case ActiveDirectoryNodeKind.IssuancePolicy: + case ActiveDirectoryNodeKind.IssuancePolicy: return 'IssuancePolicy'; default: return undefined; @@ -148,165 +148,165 @@ export enum ActiveDirectoryRelationshipKind { CoerceAndRelayNTLMToLDAP = 'CoerceAndRelayNTLMToLDAP', CoerceAndRelayNTLMToLDAPS = 'CoerceAndRelayNTLMToLDAPS', } -export function ActiveDirectoryRelationshipKindToDisplay (value: ActiveDirectoryRelationshipKind): string | undefined { +export function ActiveDirectoryRelationshipKindToDisplay(value: ActiveDirectoryRelationshipKind): string | undefined { switch (value) { - case ActiveDirectoryRelationshipKind.Owns: + case ActiveDirectoryRelationshipKind.Owns: return 'Owns'; - case ActiveDirectoryRelationshipKind.GenericAll: + case ActiveDirectoryRelationshipKind.GenericAll: return 'GenericAll'; - case ActiveDirectoryRelationshipKind.GenericWrite: + case ActiveDirectoryRelationshipKind.GenericWrite: return 'GenericWrite'; - case ActiveDirectoryRelationshipKind.WriteOwner: + case ActiveDirectoryRelationshipKind.WriteOwner: return 'WriteOwner'; - case ActiveDirectoryRelationshipKind.WriteDACL: + case ActiveDirectoryRelationshipKind.WriteDACL: return 'WriteDACL'; - case ActiveDirectoryRelationshipKind.MemberOf: + case ActiveDirectoryRelationshipKind.MemberOf: return 'MemberOf'; - case ActiveDirectoryRelationshipKind.ForceChangePassword: + case ActiveDirectoryRelationshipKind.ForceChangePassword: return 'ForceChangePassword'; - case ActiveDirectoryRelationshipKind.AllExtendedRights: + case ActiveDirectoryRelationshipKind.AllExtendedRights: return 'AllExtendedRights'; - case ActiveDirectoryRelationshipKind.AddMember: + case ActiveDirectoryRelationshipKind.AddMember: return 'AddMember'; - case ActiveDirectoryRelationshipKind.HasSession: + case ActiveDirectoryRelationshipKind.HasSession: return 'HasSession'; - case ActiveDirectoryRelationshipKind.Contains: + case ActiveDirectoryRelationshipKind.Contains: return 'Contains'; - case ActiveDirectoryRelationshipKind.GPLink: + case ActiveDirectoryRelationshipKind.GPLink: return 'GPLink'; - case ActiveDirectoryRelationshipKind.AllowedToDelegate: + case ActiveDirectoryRelationshipKind.AllowedToDelegate: return 'AllowedToDelegate'; - case ActiveDirectoryRelationshipKind.CoerceToTGT: + case ActiveDirectoryRelationshipKind.CoerceToTGT: return 'CoerceToTGT'; - case ActiveDirectoryRelationshipKind.GetChanges: + case ActiveDirectoryRelationshipKind.GetChanges: return 'GetChanges'; - case ActiveDirectoryRelationshipKind.GetChangesAll: + case ActiveDirectoryRelationshipKind.GetChangesAll: return 'GetChangesAll'; - case ActiveDirectoryRelationshipKind.GetChangesInFilteredSet: + case ActiveDirectoryRelationshipKind.GetChangesInFilteredSet: return 'GetChangesInFilteredSet'; - case ActiveDirectoryRelationshipKind.TrustedBy: + case ActiveDirectoryRelationshipKind.TrustedBy: return 'TrustedBy'; - case ActiveDirectoryRelationshipKind.AllowedToAct: + case ActiveDirectoryRelationshipKind.AllowedToAct: return 'AllowedToAct'; - case ActiveDirectoryRelationshipKind.AdminTo: + case ActiveDirectoryRelationshipKind.AdminTo: return 'AdminTo'; - case ActiveDirectoryRelationshipKind.CanPSRemote: + case ActiveDirectoryRelationshipKind.CanPSRemote: return 'CanPSRemote'; - case ActiveDirectoryRelationshipKind.CanRDP: + case ActiveDirectoryRelationshipKind.CanRDP: return 'CanRDP'; - case ActiveDirectoryRelationshipKind.ExecuteDCOM: + case ActiveDirectoryRelationshipKind.ExecuteDCOM: return 'ExecuteDCOM'; - case ActiveDirectoryRelationshipKind.HasSIDHistory: + case ActiveDirectoryRelationshipKind.HasSIDHistory: return 'HasSIDHistory'; - case ActiveDirectoryRelationshipKind.AddSelf: + case ActiveDirectoryRelationshipKind.AddSelf: return 'AddSelf'; - case ActiveDirectoryRelationshipKind.DCSync: + case ActiveDirectoryRelationshipKind.DCSync: return 'DCSync'; - case ActiveDirectoryRelationshipKind.ReadLAPSPassword: + case ActiveDirectoryRelationshipKind.ReadLAPSPassword: return 'ReadLAPSPassword'; - case ActiveDirectoryRelationshipKind.ReadGMSAPassword: + case ActiveDirectoryRelationshipKind.ReadGMSAPassword: return 'ReadGMSAPassword'; - case ActiveDirectoryRelationshipKind.DumpSMSAPassword: + case ActiveDirectoryRelationshipKind.DumpSMSAPassword: return 'DumpSMSAPassword'; - case ActiveDirectoryRelationshipKind.SQLAdmin: + case ActiveDirectoryRelationshipKind.SQLAdmin: return 'SQLAdmin'; - case ActiveDirectoryRelationshipKind.AddAllowedToAct: + case ActiveDirectoryRelationshipKind.AddAllowedToAct: return 'AddAllowedToAct'; - case ActiveDirectoryRelationshipKind.WriteSPN: + case ActiveDirectoryRelationshipKind.WriteSPN: return 'WriteSPN'; - case ActiveDirectoryRelationshipKind.AddKeyCredentialLink: + case ActiveDirectoryRelationshipKind.AddKeyCredentialLink: return 'AddKeyCredentialLink'; - case ActiveDirectoryRelationshipKind.LocalToComputer: + case ActiveDirectoryRelationshipKind.LocalToComputer: return 'LocalToComputer'; - case ActiveDirectoryRelationshipKind.MemberOfLocalGroup: + case ActiveDirectoryRelationshipKind.MemberOfLocalGroup: return 'MemberOfLocalGroup'; - case ActiveDirectoryRelationshipKind.RemoteInteractiveLogonRight: + case ActiveDirectoryRelationshipKind.RemoteInteractiveLogonRight: return 'RemoteInteractiveLogonRight'; - case ActiveDirectoryRelationshipKind.SyncLAPSPassword: + case ActiveDirectoryRelationshipKind.SyncLAPSPassword: return 'SyncLAPSPassword'; - case ActiveDirectoryRelationshipKind.WriteAccountRestrictions: + case ActiveDirectoryRelationshipKind.WriteAccountRestrictions: return 'WriteAccountRestrictions'; - case ActiveDirectoryRelationshipKind.WriteGPLink: + case ActiveDirectoryRelationshipKind.WriteGPLink: return 'WriteGPLink'; - case ActiveDirectoryRelationshipKind.RootCAFor: + case ActiveDirectoryRelationshipKind.RootCAFor: return 'RootCAFor'; - case ActiveDirectoryRelationshipKind.DCFor: + case ActiveDirectoryRelationshipKind.DCFor: return 'DCFor'; - case ActiveDirectoryRelationshipKind.PublishedTo: + case ActiveDirectoryRelationshipKind.PublishedTo: return 'PublishedTo'; - case ActiveDirectoryRelationshipKind.ManageCertificates: + case ActiveDirectoryRelationshipKind.ManageCertificates: return 'ManageCertificates'; - case ActiveDirectoryRelationshipKind.ManageCA: + case ActiveDirectoryRelationshipKind.ManageCA: return 'ManageCA'; - case ActiveDirectoryRelationshipKind.DelegatedEnrollmentAgent: + case ActiveDirectoryRelationshipKind.DelegatedEnrollmentAgent: return 'DelegatedEnrollmentAgent'; - case ActiveDirectoryRelationshipKind.Enroll: + case ActiveDirectoryRelationshipKind.Enroll: return 'Enroll'; - case ActiveDirectoryRelationshipKind.HostsCAService: + case ActiveDirectoryRelationshipKind.HostsCAService: return 'HostsCAService'; - case ActiveDirectoryRelationshipKind.WritePKIEnrollmentFlag: + case ActiveDirectoryRelationshipKind.WritePKIEnrollmentFlag: return 'WritePKIEnrollmentFlag'; - case ActiveDirectoryRelationshipKind.WritePKINameFlag: + case ActiveDirectoryRelationshipKind.WritePKINameFlag: return 'WritePKINameFlag'; - case ActiveDirectoryRelationshipKind.NTAuthStoreFor: + case ActiveDirectoryRelationshipKind.NTAuthStoreFor: return 'NTAuthStoreFor'; - case ActiveDirectoryRelationshipKind.TrustedForNTAuth: + case ActiveDirectoryRelationshipKind.TrustedForNTAuth: return 'TrustedForNTAuth'; - case ActiveDirectoryRelationshipKind.EnterpriseCAFor: + case ActiveDirectoryRelationshipKind.EnterpriseCAFor: return 'EnterpriseCAFor'; - case ActiveDirectoryRelationshipKind.IssuedSignedBy: + case ActiveDirectoryRelationshipKind.IssuedSignedBy: return 'IssuedSignedBy'; - case ActiveDirectoryRelationshipKind.GoldenCert: + case ActiveDirectoryRelationshipKind.GoldenCert: return 'GoldenCert'; - case ActiveDirectoryRelationshipKind.EnrollOnBehalfOf: + case ActiveDirectoryRelationshipKind.EnrollOnBehalfOf: return 'EnrollOnBehalfOf'; - case ActiveDirectoryRelationshipKind.OIDGroupLink: + case ActiveDirectoryRelationshipKind.OIDGroupLink: return 'OIDGroupLink'; - case ActiveDirectoryRelationshipKind.ExtendedByPolicy: + case ActiveDirectoryRelationshipKind.ExtendedByPolicy: return 'ExtendedByPolicy'; - case ActiveDirectoryRelationshipKind.ADCSESC1: + case ActiveDirectoryRelationshipKind.ADCSESC1: return 'ADCSESC1'; - case ActiveDirectoryRelationshipKind.ADCSESC3: + case ActiveDirectoryRelationshipKind.ADCSESC3: return 'ADCSESC3'; - case ActiveDirectoryRelationshipKind.ADCSESC4: + case ActiveDirectoryRelationshipKind.ADCSESC4: return 'ADCSESC4'; - case ActiveDirectoryRelationshipKind.ADCSESC6a: + case ActiveDirectoryRelationshipKind.ADCSESC6a: return 'ADCSESC6a'; - case ActiveDirectoryRelationshipKind.ADCSESC6b: + case ActiveDirectoryRelationshipKind.ADCSESC6b: return 'ADCSESC6b'; - case ActiveDirectoryRelationshipKind.ADCSESC9a: + case ActiveDirectoryRelationshipKind.ADCSESC9a: return 'ADCSESC9a'; - case ActiveDirectoryRelationshipKind.ADCSESC9b: + case ActiveDirectoryRelationshipKind.ADCSESC9b: return 'ADCSESC9b'; - case ActiveDirectoryRelationshipKind.ADCSESC10a: + case ActiveDirectoryRelationshipKind.ADCSESC10a: return 'ADCSESC10a'; - case ActiveDirectoryRelationshipKind.ADCSESC10b: + case ActiveDirectoryRelationshipKind.ADCSESC10b: return 'ADCSESC10b'; - case ActiveDirectoryRelationshipKind.ADCSESC13: + case ActiveDirectoryRelationshipKind.ADCSESC13: return 'ADCSESC13'; - case ActiveDirectoryRelationshipKind.SyncedToEntraUser: + case ActiveDirectoryRelationshipKind.SyncedToEntraUser: return 'SyncedToEntraUser'; - case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB: + case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToSMB: return 'CoerceAndRelayNTLMToSMB'; - case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS: + case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToADCS: return 'CoerceAndRelayNTLMToADCS'; - case ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights: + case ActiveDirectoryRelationshipKind.WriteOwnerLimitedRights: return 'WriteOwnerLimitedRights'; - case ActiveDirectoryRelationshipKind.WriteOwnerRaw: + case ActiveDirectoryRelationshipKind.WriteOwnerRaw: return 'WriteOwnerRaw'; - case ActiveDirectoryRelationshipKind.OwnsLimitedRights: + case ActiveDirectoryRelationshipKind.OwnsLimitedRights: return 'OwnsLimitedRights'; - case ActiveDirectoryRelationshipKind.OwnsRaw: + case ActiveDirectoryRelationshipKind.OwnsRaw: return 'OwnsRaw'; - case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP: + case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAP: return 'CoerceAndRelayNTLMToLDAP'; - case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS: + case ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS: return 'CoerceAndRelayNTLMToLDAPS'; default: return undefined; } } -export type ActiveDirectoryKind = ActiveDirectoryNodeKind | ActiveDirectoryRelationshipKind +export type ActiveDirectoryKind = ActiveDirectoryNodeKind | ActiveDirectoryRelationshipKind; export const EdgeCompositionRelationships = [ 'GoldenCert', 'ADCSESC1', @@ -322,7 +322,7 @@ export const EdgeCompositionRelationships = [ 'CoerceAndRelayNTLMToSMB', 'CoerceAndRelayNTLMToADCS', 'CoerceAndRelayNTLMToLDAP', - 'CoerceAndRelayNTLMToLDAPS' + 'CoerceAndRelayNTLMToLDAPS', ]; export enum ActiveDirectoryKindProperties { AdminCount = 'admincount', @@ -445,249 +445,249 @@ export enum ActiveDirectoryKindProperties { HTTPSEnrollmentEndpoints = 'httpsenrollmentendpoints', HasVulnerableEndpoint = 'hasvulnerableendpoint', } -export function ActiveDirectoryKindPropertiesToDisplay (value: ActiveDirectoryKindProperties): string | undefined { +export function ActiveDirectoryKindPropertiesToDisplay(value: ActiveDirectoryKindProperties): string | undefined { switch (value) { - case ActiveDirectoryKindProperties.AdminCount: + case ActiveDirectoryKindProperties.AdminCount: return 'Admin Count'; - case ActiveDirectoryKindProperties.CASecurityCollected: + case ActiveDirectoryKindProperties.CASecurityCollected: return 'CA Security Collected'; - case ActiveDirectoryKindProperties.CAName: + case ActiveDirectoryKindProperties.CAName: return 'CA Name'; - case ActiveDirectoryKindProperties.CertChain: + case ActiveDirectoryKindProperties.CertChain: return 'Certificate Chain'; - case ActiveDirectoryKindProperties.CertName: + case ActiveDirectoryKindProperties.CertName: return 'Certificate Name'; - case ActiveDirectoryKindProperties.CertThumbprint: + case ActiveDirectoryKindProperties.CertThumbprint: return 'Certificate Thumbprint'; - case ActiveDirectoryKindProperties.CertThumbprints: + case ActiveDirectoryKindProperties.CertThumbprints: return 'Certificate Thumbprints'; - case ActiveDirectoryKindProperties.HasEnrollmentAgentRestrictions: + case ActiveDirectoryKindProperties.HasEnrollmentAgentRestrictions: return 'Has Enrollment Agent Restrictions'; - case ActiveDirectoryKindProperties.EnrollmentAgentRestrictionsCollected: + case ActiveDirectoryKindProperties.EnrollmentAgentRestrictionsCollected: return 'Enrollment Agent Restrictions Collected'; - case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabled: + case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabled: return 'Is User Specifies San Enabled'; - case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabledCollected: + case ActiveDirectoryKindProperties.IsUserSpecifiesSanEnabledCollected: return 'Is User Specifies San Enabled Collected'; - case ActiveDirectoryKindProperties.RoleSeparationEnabled: + case ActiveDirectoryKindProperties.RoleSeparationEnabled: return 'Role Separation Enabled'; - case ActiveDirectoryKindProperties.RoleSeparationEnabledCollected: + case ActiveDirectoryKindProperties.RoleSeparationEnabledCollected: return 'Role Separation Enabled Collected'; - case ActiveDirectoryKindProperties.HasBasicConstraints: + case ActiveDirectoryKindProperties.HasBasicConstraints: return 'Has Basic Constraints'; - case ActiveDirectoryKindProperties.BasicConstraintPathLength: + case ActiveDirectoryKindProperties.BasicConstraintPathLength: return 'Basic Constraint Path Length'; - case ActiveDirectoryKindProperties.UnresolvedPublishedTemplates: + case ActiveDirectoryKindProperties.UnresolvedPublishedTemplates: return 'Unresolved Published Certificate Templates'; - case ActiveDirectoryKindProperties.DNSHostname: + case ActiveDirectoryKindProperties.DNSHostname: return 'DNS Hostname'; - case ActiveDirectoryKindProperties.CrossCertificatePair: + case ActiveDirectoryKindProperties.CrossCertificatePair: return 'Cross Certificate Pair'; - case ActiveDirectoryKindProperties.DistinguishedName: + case ActiveDirectoryKindProperties.DistinguishedName: return 'Distinguished Name'; - case ActiveDirectoryKindProperties.DomainFQDN: + case ActiveDirectoryKindProperties.DomainFQDN: return 'Domain FQDN'; - case ActiveDirectoryKindProperties.DomainSID: + case ActiveDirectoryKindProperties.DomainSID: return 'Domain SID'; - case ActiveDirectoryKindProperties.Sensitive: + case ActiveDirectoryKindProperties.Sensitive: return 'Marked Sensitive'; - case ActiveDirectoryKindProperties.BlocksInheritance: + case ActiveDirectoryKindProperties.BlocksInheritance: return 'Blocks GPO Inheritance'; - case ActiveDirectoryKindProperties.IsACL: + case ActiveDirectoryKindProperties.IsACL: return 'Is ACL'; - case ActiveDirectoryKindProperties.IsACLProtected: + case ActiveDirectoryKindProperties.IsACLProtected: return 'ACL Inheritance Denied'; - case ActiveDirectoryKindProperties.IsDeleted: + case ActiveDirectoryKindProperties.IsDeleted: return 'Is Deleted'; - case ActiveDirectoryKindProperties.Enforced: + case ActiveDirectoryKindProperties.Enforced: return 'Enforced'; - case ActiveDirectoryKindProperties.Department: + case ActiveDirectoryKindProperties.Department: return 'Department'; - case ActiveDirectoryKindProperties.HasCrossCertificatePair: + case ActiveDirectoryKindProperties.HasCrossCertificatePair: return 'Has Cross Certificate Pair'; - case ActiveDirectoryKindProperties.HasSPN: + case ActiveDirectoryKindProperties.HasSPN: return 'Has SPN'; - case ActiveDirectoryKindProperties.UnconstrainedDelegation: + case ActiveDirectoryKindProperties.UnconstrainedDelegation: return 'Allows Unconstrained Delegation'; - case ActiveDirectoryKindProperties.LastLogon: + case ActiveDirectoryKindProperties.LastLogon: return 'Last Logon'; - case ActiveDirectoryKindProperties.LastLogonTimestamp: + case ActiveDirectoryKindProperties.LastLogonTimestamp: return 'Last Logon (Replicated)'; - case ActiveDirectoryKindProperties.IsPrimaryGroup: + case ActiveDirectoryKindProperties.IsPrimaryGroup: return 'Is Primary Group'; - case ActiveDirectoryKindProperties.HasLAPS: + case ActiveDirectoryKindProperties.HasLAPS: return 'LAPS Enabled'; - case ActiveDirectoryKindProperties.DontRequirePreAuth: + case ActiveDirectoryKindProperties.DontRequirePreAuth: return 'Do Not Require Pre-Authentication'; - case ActiveDirectoryKindProperties.LogonType: + case ActiveDirectoryKindProperties.LogonType: return 'Logon Type'; - case ActiveDirectoryKindProperties.HasURA: + case ActiveDirectoryKindProperties.HasURA: return 'Has User Rights Assignment Collection'; - case ActiveDirectoryKindProperties.PasswordNeverExpires: + case ActiveDirectoryKindProperties.PasswordNeverExpires: return 'Password Never Expires'; - case ActiveDirectoryKindProperties.PasswordNotRequired: + case ActiveDirectoryKindProperties.PasswordNotRequired: return 'Password Not Required'; - case ActiveDirectoryKindProperties.FunctionalLevel: + case ActiveDirectoryKindProperties.FunctionalLevel: return 'Functional Level'; - case ActiveDirectoryKindProperties.TrustType: + case ActiveDirectoryKindProperties.TrustType: return 'Trust Type'; - case ActiveDirectoryKindProperties.SidFiltering: + case ActiveDirectoryKindProperties.SidFiltering: return 'SID Filtering Enabled'; - case ActiveDirectoryKindProperties.TrustedToAuth: + case ActiveDirectoryKindProperties.TrustedToAuth: return 'Trusted For Constrained Delegation'; - case ActiveDirectoryKindProperties.SamAccountName: + case ActiveDirectoryKindProperties.SamAccountName: return 'SAM Account Name'; - case ActiveDirectoryKindProperties.CertificateMappingMethodsRaw: + case ActiveDirectoryKindProperties.CertificateMappingMethodsRaw: return 'Certificate Mapping Methods (Raw)'; - case ActiveDirectoryKindProperties.CertificateMappingMethods: + case ActiveDirectoryKindProperties.CertificateMappingMethods: return 'Certificate Mapping Methods'; - case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcementRaw: + case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcementRaw: return 'Strong Certificate Binding Enforcement (Raw)'; - case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcement: + case ActiveDirectoryKindProperties.StrongCertificateBindingEnforcement: return 'Strong Certificate Binding Enforcement'; - case ActiveDirectoryKindProperties.EKUs: + case ActiveDirectoryKindProperties.EKUs: return 'Enhanced Key Usage'; - case ActiveDirectoryKindProperties.SubjectAltRequireUPN: + case ActiveDirectoryKindProperties.SubjectAltRequireUPN: return 'Subject Alternative Name Require UPN'; - case ActiveDirectoryKindProperties.SubjectAltRequireDNS: + case ActiveDirectoryKindProperties.SubjectAltRequireDNS: return 'Subject Alternative Name Require DNS'; - case ActiveDirectoryKindProperties.SubjectAltRequireDomainDNS: + case ActiveDirectoryKindProperties.SubjectAltRequireDomainDNS: return 'Subject Alternative Name Require Domain DNS'; - case ActiveDirectoryKindProperties.SubjectAltRequireEmail: + case ActiveDirectoryKindProperties.SubjectAltRequireEmail: return 'Subject Alternative Name Require Email'; - case ActiveDirectoryKindProperties.SubjectAltRequireSPN: + case ActiveDirectoryKindProperties.SubjectAltRequireSPN: return 'Subject Alternative Name Require SPN'; - case ActiveDirectoryKindProperties.SubjectRequireEmail: + case ActiveDirectoryKindProperties.SubjectRequireEmail: return 'Subject Require Email'; - case ActiveDirectoryKindProperties.AuthorizedSignatures: + case ActiveDirectoryKindProperties.AuthorizedSignatures: return 'Authorized Signatures Required'; - case ActiveDirectoryKindProperties.ApplicationPolicies: + case ActiveDirectoryKindProperties.ApplicationPolicies: return 'Application Policies Required'; - case ActiveDirectoryKindProperties.IssuancePolicies: + case ActiveDirectoryKindProperties.IssuancePolicies: return 'Issuance Policies Required'; - case ActiveDirectoryKindProperties.SchemaVersion: + case ActiveDirectoryKindProperties.SchemaVersion: return 'Schema Version'; - case ActiveDirectoryKindProperties.RequiresManagerApproval: + case ActiveDirectoryKindProperties.RequiresManagerApproval: return 'Requires Manager Approval'; - case ActiveDirectoryKindProperties.AuthenticationEnabled: + case ActiveDirectoryKindProperties.AuthenticationEnabled: return 'Authentication Enabled'; - case ActiveDirectoryKindProperties.SchannelAuthenticationEnabled: + case ActiveDirectoryKindProperties.SchannelAuthenticationEnabled: return 'Schannel Authentication Enabled'; - case ActiveDirectoryKindProperties.EnrolleeSuppliesSubject: + case ActiveDirectoryKindProperties.EnrolleeSuppliesSubject: return 'Enrollee Supplies Subject'; - case ActiveDirectoryKindProperties.CertificateApplicationPolicy: + case ActiveDirectoryKindProperties.CertificateApplicationPolicy: return 'Application Policy Extensions'; - case ActiveDirectoryKindProperties.CertificateNameFlag: + case ActiveDirectoryKindProperties.CertificateNameFlag: return 'Certificate Name Flags'; - case ActiveDirectoryKindProperties.EffectiveEKUs: + case ActiveDirectoryKindProperties.EffectiveEKUs: return 'Effective EKUs'; - case ActiveDirectoryKindProperties.EnrollmentFlag: + case ActiveDirectoryKindProperties.EnrollmentFlag: return 'Enrollment Flags'; - case ActiveDirectoryKindProperties.Flags: + case ActiveDirectoryKindProperties.Flags: return 'Flags'; - case ActiveDirectoryKindProperties.NoSecurityExtension: + case ActiveDirectoryKindProperties.NoSecurityExtension: return 'No Security Extension'; - case ActiveDirectoryKindProperties.RenewalPeriod: + case ActiveDirectoryKindProperties.RenewalPeriod: return 'Renewal Period'; - case ActiveDirectoryKindProperties.ValidityPeriod: + case ActiveDirectoryKindProperties.ValidityPeriod: return 'Validity Period'; - case ActiveDirectoryKindProperties.OID: + case ActiveDirectoryKindProperties.OID: return 'OID'; - case ActiveDirectoryKindProperties.HomeDirectory: + case ActiveDirectoryKindProperties.HomeDirectory: return 'Home Directory'; - case ActiveDirectoryKindProperties.CertificatePolicy: + case ActiveDirectoryKindProperties.CertificatePolicy: return 'Issuance Policy Extensions'; - case ActiveDirectoryKindProperties.CertTemplateOID: + case ActiveDirectoryKindProperties.CertTemplateOID: return 'Certificate Template OID'; - case ActiveDirectoryKindProperties.GroupLinkID: + case ActiveDirectoryKindProperties.GroupLinkID: return 'Group Link ID'; - case ActiveDirectoryKindProperties.ObjectGUID: + case ActiveDirectoryKindProperties.ObjectGUID: return 'Object GUID'; - case ActiveDirectoryKindProperties.ExpirePasswordsOnSmartCardOnlyAccounts: + case ActiveDirectoryKindProperties.ExpirePasswordsOnSmartCardOnlyAccounts: return 'Expire Passwords on Smart Card only Accounts'; - case ActiveDirectoryKindProperties.MachineAccountQuota: + case ActiveDirectoryKindProperties.MachineAccountQuota: return 'Machine Account Quota'; - case ActiveDirectoryKindProperties.SupportedKerberosEncryptionTypes: + case ActiveDirectoryKindProperties.SupportedKerberosEncryptionTypes: return 'Supported Kerberos Encryption Types'; - case ActiveDirectoryKindProperties.TGTDelegationEnabled: + case ActiveDirectoryKindProperties.TGTDelegationEnabled: return 'TGT Delegation Enabled'; - case ActiveDirectoryKindProperties.PasswordStoredUsingReversibleEncryption: + case ActiveDirectoryKindProperties.PasswordStoredUsingReversibleEncryption: return 'Password Stored Using Reversible Encryption'; - case ActiveDirectoryKindProperties.SmartcardRequired: + case ActiveDirectoryKindProperties.SmartcardRequired: return 'Smartcard Required'; - case ActiveDirectoryKindProperties.UseDESKeyOnly: + case ActiveDirectoryKindProperties.UseDESKeyOnly: return 'Use DES Key Only'; - case ActiveDirectoryKindProperties.LogonScriptEnabled: + case ActiveDirectoryKindProperties.LogonScriptEnabled: return 'Logon Script Enabled'; - case ActiveDirectoryKindProperties.LockedOut: + case ActiveDirectoryKindProperties.LockedOut: return 'Locked Out'; - case ActiveDirectoryKindProperties.UserCannotChangePassword: + case ActiveDirectoryKindProperties.UserCannotChangePassword: return 'User Cannot Change Password'; - case ActiveDirectoryKindProperties.PasswordExpired: + case ActiveDirectoryKindProperties.PasswordExpired: return 'Password Expired'; - case ActiveDirectoryKindProperties.DSHeuristics: + case ActiveDirectoryKindProperties.DSHeuristics: return 'DSHeuristics'; - case ActiveDirectoryKindProperties.UserAccountControl: + case ActiveDirectoryKindProperties.UserAccountControl: return 'User Account Control'; - case ActiveDirectoryKindProperties.TrustAttributes: + case ActiveDirectoryKindProperties.TrustAttributes: return 'Trust Attributes'; - case ActiveDirectoryKindProperties.MinPwdLength: + case ActiveDirectoryKindProperties.MinPwdLength: return 'Minimum password length'; - case ActiveDirectoryKindProperties.PwdProperties: + case ActiveDirectoryKindProperties.PwdProperties: return 'Password Properties'; - case ActiveDirectoryKindProperties.PwdHistoryLength: + case ActiveDirectoryKindProperties.PwdHistoryLength: return 'Password History Length'; - case ActiveDirectoryKindProperties.LockoutThreshold: + case ActiveDirectoryKindProperties.LockoutThreshold: return 'Lockout Threshold'; - case ActiveDirectoryKindProperties.MinPwdAge: + case ActiveDirectoryKindProperties.MinPwdAge: return 'Minimum Password Age'; - case ActiveDirectoryKindProperties.MaxPwdAge: + case ActiveDirectoryKindProperties.MaxPwdAge: return 'Maximum Password Age'; - case ActiveDirectoryKindProperties.LockoutDuration: + case ActiveDirectoryKindProperties.LockoutDuration: return 'Lockout Duration'; - case ActiveDirectoryKindProperties.LockoutObservationWindow: + case ActiveDirectoryKindProperties.LockoutObservationWindow: return 'Lockout Observation Window'; - case ActiveDirectoryKindProperties.OwnerSid: + case ActiveDirectoryKindProperties.OwnerSid: return 'Owner SID'; - case ActiveDirectoryKindProperties.SMBSigning: + case ActiveDirectoryKindProperties.SMBSigning: return 'SMB Signing'; - case ActiveDirectoryKindProperties.WebClientRunning: + case ActiveDirectoryKindProperties.WebClientRunning: return 'WebClient Running'; - case ActiveDirectoryKindProperties.RestrictOutboundNTLM: + case ActiveDirectoryKindProperties.RestrictOutboundNTLM: return 'Restrict Outbound NTLM'; - case ActiveDirectoryKindProperties.GMSA: + case ActiveDirectoryKindProperties.GMSA: return 'GMSA'; - case ActiveDirectoryKindProperties.MSA: + case ActiveDirectoryKindProperties.MSA: return 'MSA'; - case ActiveDirectoryKindProperties.DoesAnyAceGrantOwnerRights: + case ActiveDirectoryKindProperties.DoesAnyAceGrantOwnerRights: return 'Does Any ACE Grant Owner Rights'; - case ActiveDirectoryKindProperties.DoesAnyInheritedAceGrantOwnerRights: + case ActiveDirectoryKindProperties.DoesAnyInheritedAceGrantOwnerRights: return 'Does Any Inherited ACE Grant Owner Rights'; - case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTP: + case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTP: return 'ADCS Web Enrollment HTTP'; - case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPS: + case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPS: return 'ADCS Web Enrollment HTTPS'; - case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPSEPA: + case ActiveDirectoryKindProperties.ADCSWebEnrollmentHTTPSEPA: return 'ADCS Web Enrollment HTTPS EPA'; - case ActiveDirectoryKindProperties.LDAPSigning: + case ActiveDirectoryKindProperties.LDAPSigning: return 'LDAP Signing'; - case ActiveDirectoryKindProperties.LDAPAvailable: + case ActiveDirectoryKindProperties.LDAPAvailable: return 'LDAP Available'; - case ActiveDirectoryKindProperties.LDAPSAvailable: + case ActiveDirectoryKindProperties.LDAPSAvailable: return 'LDAPS Available'; - case ActiveDirectoryKindProperties.LDAPSEPA: + case ActiveDirectoryKindProperties.LDAPSEPA: return 'LDAPS EPA'; - case ActiveDirectoryKindProperties.IsDC: + case ActiveDirectoryKindProperties.IsDC: return 'Is Domain Controller'; - case ActiveDirectoryKindProperties.HTTPEnrollmentEndpoints: + case ActiveDirectoryKindProperties.HTTPEnrollmentEndpoints: return 'HTTP Enrollment Endpoints'; - case ActiveDirectoryKindProperties.HTTPSEnrollmentEndpoints: + case ActiveDirectoryKindProperties.HTTPSEnrollmentEndpoints: return 'HTTPS Enrollment Endpoints'; - case ActiveDirectoryKindProperties.HasVulnerableEndpoint: + case ActiveDirectoryKindProperties.HasVulnerableEndpoint: return 'Has Vulnerable Endpoint'; default: return undefined; -} + } } export function ActiveDirectoryPathfindingEdges (): ActiveDirectoryRelationshipKind[] { return [ @@ -742,7 +742,8 @@ export function ActiveDirectoryPathfindingEdges (): ActiveDirectoryRelationshipK ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS, ActiveDirectoryRelationshipKind.Contains, ActiveDirectoryRelationshipKind.DCFor, - ActiveDirectoryRelationshipKind.TrustedBy] + ActiveDirectoryRelationshipKind.TrustedBy + ]; } export enum AzureNodeKind { Entity = 'AZBase', @@ -767,49 +768,49 @@ export enum AzureNodeKind { LogicApp = 'AZLogicApp', AutomationAccount = 'AZAutomationAccount', } -export function AzureNodeKindToDisplay (value: AzureNodeKind): string | undefined { +export function AzureNodeKindToDisplay(value: AzureNodeKind): string | undefined { switch (value) { - case AzureNodeKind.Entity: + case AzureNodeKind.Entity: return 'Entity'; - case AzureNodeKind.VMScaleSet: + case AzureNodeKind.VMScaleSet: return 'VMScaleSet'; - case AzureNodeKind.App: + case AzureNodeKind.App: return 'App'; - case AzureNodeKind.Role: + case AzureNodeKind.Role: return 'Role'; - case AzureNodeKind.Device: + case AzureNodeKind.Device: return 'Device'; - case AzureNodeKind.FunctionApp: + case AzureNodeKind.FunctionApp: return 'FunctionApp'; - case AzureNodeKind.Group: + case AzureNodeKind.Group: return 'Group'; - case AzureNodeKind.Group365: + case AzureNodeKind.Group365: return 'Group365'; - case AzureNodeKind.KeyVault: + case AzureNodeKind.KeyVault: return 'KeyVault'; - case AzureNodeKind.ManagementGroup: + case AzureNodeKind.ManagementGroup: return 'ManagementGroup'; - case AzureNodeKind.ResourceGroup: + case AzureNodeKind.ResourceGroup: return 'ResourceGroup'; - case AzureNodeKind.ServicePrincipal: + case AzureNodeKind.ServicePrincipal: return 'ServicePrincipal'; - case AzureNodeKind.Subscription: + case AzureNodeKind.Subscription: return 'Subscription'; - case AzureNodeKind.Tenant: + case AzureNodeKind.Tenant: return 'Tenant'; - case AzureNodeKind.User: + case AzureNodeKind.User: return 'User'; - case AzureNodeKind.VM: + case AzureNodeKind.VM: return 'VM'; - case AzureNodeKind.ManagedCluster: + case AzureNodeKind.ManagedCluster: return 'ManagedCluster'; - case AzureNodeKind.ContainerRegistry: + case AzureNodeKind.ContainerRegistry: return 'ContainerRegistry'; - case AzureNodeKind.WebApp: + case AzureNodeKind.WebApp: return 'WebApp'; - case AzureNodeKind.LogicApp: + case AzureNodeKind.LogicApp: return 'LogicApp'; - case AzureNodeKind.AutomationAccount: + case AzureNodeKind.AutomationAccount: return 'AutomationAccount'; default: return undefined; @@ -864,105 +865,105 @@ export enum AzureRelationshipKind { AZMGGrantRole = 'AZMGGrantRole', SyncedToADUser = 'SyncedToADUser', } -export function AzureRelationshipKindToDisplay (value: AzureRelationshipKind): string | undefined { +export function AzureRelationshipKindToDisplay(value: AzureRelationshipKind): string | undefined { switch (value) { - case AzureRelationshipKind.AvereContributor: + case AzureRelationshipKind.AvereContributor: return 'AvereContributor'; - case AzureRelationshipKind.Contains: + case AzureRelationshipKind.Contains: return 'Contains'; - case AzureRelationshipKind.Contributor: + case AzureRelationshipKind.Contributor: return 'Contributor'; - case AzureRelationshipKind.GetCertificates: + case AzureRelationshipKind.GetCertificates: return 'GetCertificates'; - case AzureRelationshipKind.GetKeys: + case AzureRelationshipKind.GetKeys: return 'GetKeys'; - case AzureRelationshipKind.GetSecrets: + case AzureRelationshipKind.GetSecrets: return 'GetSecrets'; - case AzureRelationshipKind.HasRole: + case AzureRelationshipKind.HasRole: return 'HasRole'; - case AzureRelationshipKind.MemberOf: + case AzureRelationshipKind.MemberOf: return 'MemberOf'; - case AzureRelationshipKind.Owner: + case AzureRelationshipKind.Owner: return 'Owner'; - case AzureRelationshipKind.RunsAs: + case AzureRelationshipKind.RunsAs: return 'RunsAs'; - case AzureRelationshipKind.VMContributor: + case AzureRelationshipKind.VMContributor: return 'VMContributor'; - case AzureRelationshipKind.AutomationContributor: + case AzureRelationshipKind.AutomationContributor: return 'AutomationContributor'; - case AzureRelationshipKind.KeyVaultContributor: + case AzureRelationshipKind.KeyVaultContributor: return 'KeyVaultContributor'; - case AzureRelationshipKind.VMAdminLogin: + case AzureRelationshipKind.VMAdminLogin: return 'VMAdminLogin'; - case AzureRelationshipKind.AddMembers: + case AzureRelationshipKind.AddMembers: return 'AddMembers'; - case AzureRelationshipKind.AddSecret: + case AzureRelationshipKind.AddSecret: return 'AddSecret'; - case AzureRelationshipKind.ExecuteCommand: + case AzureRelationshipKind.ExecuteCommand: return 'ExecuteCommand'; - case AzureRelationshipKind.GlobalAdmin: + case AzureRelationshipKind.GlobalAdmin: return 'GlobalAdmin'; - case AzureRelationshipKind.PrivilegedAuthAdmin: + case AzureRelationshipKind.PrivilegedAuthAdmin: return 'PrivilegedAuthAdmin'; - case AzureRelationshipKind.Grant: + case AzureRelationshipKind.Grant: return 'Grant'; - case AzureRelationshipKind.GrantSelf: + case AzureRelationshipKind.GrantSelf: return 'GrantSelf'; - case AzureRelationshipKind.PrivilegedRoleAdmin: + case AzureRelationshipKind.PrivilegedRoleAdmin: return 'PrivilegedRoleAdmin'; - case AzureRelationshipKind.ResetPassword: + case AzureRelationshipKind.ResetPassword: return 'ResetPassword'; - case AzureRelationshipKind.UserAccessAdministrator: + case AzureRelationshipKind.UserAccessAdministrator: return 'UserAccessAdministrator'; - case AzureRelationshipKind.Owns: + case AzureRelationshipKind.Owns: return 'Owns'; - case AzureRelationshipKind.ScopedTo: + case AzureRelationshipKind.ScopedTo: return 'ScopedTo'; - case AzureRelationshipKind.CloudAppAdmin: + case AzureRelationshipKind.CloudAppAdmin: return 'CloudAppAdmin'; - case AzureRelationshipKind.AppAdmin: + case AzureRelationshipKind.AppAdmin: return 'AppAdmin'; - case AzureRelationshipKind.AddOwner: + case AzureRelationshipKind.AddOwner: return 'AddOwner'; - case AzureRelationshipKind.ManagedIdentity: + case AzureRelationshipKind.ManagedIdentity: return 'ManagedIdentity'; - case AzureRelationshipKind.ApplicationReadWriteAll: + case AzureRelationshipKind.ApplicationReadWriteAll: return 'ApplicationReadWriteAll'; - case AzureRelationshipKind.AppRoleAssignmentReadWriteAll: + case AzureRelationshipKind.AppRoleAssignmentReadWriteAll: return 'AppRoleAssignmentReadWriteAll'; - case AzureRelationshipKind.DirectoryReadWriteAll: + case AzureRelationshipKind.DirectoryReadWriteAll: return 'DirectoryReadWriteAll'; - case AzureRelationshipKind.GroupReadWriteAll: + case AzureRelationshipKind.GroupReadWriteAll: return 'GroupReadWriteAll'; - case AzureRelationshipKind.GroupMemberReadWriteAll: + case AzureRelationshipKind.GroupMemberReadWriteAll: return 'GroupMemberReadWriteAll'; - case AzureRelationshipKind.RoleManagementReadWriteDirectory: + case AzureRelationshipKind.RoleManagementReadWriteDirectory: return 'RoleManagementReadWriteDirectory'; - case AzureRelationshipKind.ServicePrincipalEndpointReadWriteAll: + case AzureRelationshipKind.ServicePrincipalEndpointReadWriteAll: return 'ServicePrincipalEndpointReadWriteAll'; - case AzureRelationshipKind.AKSContributor: + case AzureRelationshipKind.AKSContributor: return 'AKSContributor'; - case AzureRelationshipKind.NodeResourceGroup: + case AzureRelationshipKind.NodeResourceGroup: return 'NodeResourceGroup'; - case AzureRelationshipKind.WebsiteContributor: + case AzureRelationshipKind.WebsiteContributor: return 'WebsiteContributor'; - case AzureRelationshipKind.LogicAppContributor: + case AzureRelationshipKind.LogicAppContributor: return 'LogicAppContributor'; - case AzureRelationshipKind.AZMGAddMember: + case AzureRelationshipKind.AZMGAddMember: return 'AZMGAddMember'; - case AzureRelationshipKind.AZMGAddOwner: + case AzureRelationshipKind.AZMGAddOwner: return 'AZMGAddOwner'; - case AzureRelationshipKind.AZMGAddSecret: + case AzureRelationshipKind.AZMGAddSecret: return 'AZMGAddSecret'; - case AzureRelationshipKind.AZMGGrantAppRoles: + case AzureRelationshipKind.AZMGGrantAppRoles: return 'AZMGGrantAppRoles'; - case AzureRelationshipKind.AZMGGrantRole: + case AzureRelationshipKind.AZMGGrantRole: return 'AZMGGrantRole'; - case AzureRelationshipKind.SyncedToADUser: + case AzureRelationshipKind.SyncedToADUser: return 'SyncedToADUser'; default: return undefined; -} + } } export type AzureKind = AzureNodeKind | AzureRelationshipKind export enum AzureKindProperties { @@ -1001,81 +1002,81 @@ export enum AzureKindProperties { Visibility = 'visibility', Mail = 'mail', } -export function AzureKindPropertiesToDisplay (value: AzureKindProperties): string | undefined { +export function AzureKindPropertiesToDisplay(value: AzureKindProperties): string | undefined { switch (value) { - case AzureKindProperties.AppOwnerOrganizationID: + case AzureKindProperties.AppOwnerOrganizationID: return 'App Owner Organization ID'; - case AzureKindProperties.AppDescription: + case AzureKindProperties.AppDescription: return 'App Description'; - case AzureKindProperties.AppDisplayName: + case AzureKindProperties.AppDisplayName: return 'App Display Name'; - case AzureKindProperties.ServicePrincipalType: + case AzureKindProperties.ServicePrincipalType: return 'Service Principal Type'; - case AzureKindProperties.UserType: + case AzureKindProperties.UserType: return 'User Type'; - case AzureKindProperties.TenantID: + case AzureKindProperties.TenantID: return 'Tenant ID'; - case AzureKindProperties.ServicePrincipalID: + case AzureKindProperties.ServicePrincipalID: return 'Service Principal ID'; - case AzureKindProperties.ServicePrincipalNames: + case AzureKindProperties.ServicePrincipalNames: return 'Service Principal Names'; - case AzureKindProperties.OperatingSystemVersion: + case AzureKindProperties.OperatingSystemVersion: return 'Operating System Version'; - case AzureKindProperties.TrustType: + case AzureKindProperties.TrustType: return 'Trust Type'; - case AzureKindProperties.IsBuiltIn: + case AzureKindProperties.IsBuiltIn: return 'Is Built In'; - case AzureKindProperties.AppID: + case AzureKindProperties.AppID: return 'App ID'; - case AzureKindProperties.AppRoleID: + case AzureKindProperties.AppRoleID: return 'App Role ID'; - case AzureKindProperties.DeviceID: + case AzureKindProperties.DeviceID: return 'Device ID'; - case AzureKindProperties.NodeResourceGroupID: + case AzureKindProperties.NodeResourceGroupID: return 'Node Resource Group ID'; - case AzureKindProperties.OnPremID: + case AzureKindProperties.OnPremID: return 'On Prem ID'; - case AzureKindProperties.OnPremSyncEnabled: + case AzureKindProperties.OnPremSyncEnabled: return 'On Prem Sync Enabled'; - case AzureKindProperties.SecurityEnabled: + case AzureKindProperties.SecurityEnabled: return 'Security Enabled'; - case AzureKindProperties.SecurityIdentifier: + case AzureKindProperties.SecurityIdentifier: return 'Security Identifier'; - case AzureKindProperties.EnableRBACAuthorization: + case AzureKindProperties.EnableRBACAuthorization: return 'RBAC Authorization Enabled'; - case AzureKindProperties.Scope: + case AzureKindProperties.Scope: return 'Scope'; - case AzureKindProperties.Offer: + case AzureKindProperties.Offer: return 'Offer'; - case AzureKindProperties.MFAEnabled: + case AzureKindProperties.MFAEnabled: return 'MFA Enabled'; - case AzureKindProperties.License: + case AzureKindProperties.License: return 'License'; - case AzureKindProperties.Licenses: + case AzureKindProperties.Licenses: return 'Licenses'; - case AzureKindProperties.LoginURL: + case AzureKindProperties.LoginURL: return 'Login URL'; - case AzureKindProperties.MFAEnforced: + case AzureKindProperties.MFAEnforced: return 'MFA Enforced'; - case AzureKindProperties.UserPrincipalName: + case AzureKindProperties.UserPrincipalName: return 'User Principal Name'; - case AzureKindProperties.IsAssignableToRole: + case AzureKindProperties.IsAssignableToRole: return 'Is Role Assignable'; - case AzureKindProperties.PublisherDomain: + case AzureKindProperties.PublisherDomain: return 'Publisher Domain'; - case AzureKindProperties.SignInAudience: + case AzureKindProperties.SignInAudience: return 'Sign In Audience'; - case AzureKindProperties.RoleTemplateID: + case AzureKindProperties.RoleTemplateID: return 'Role Template ID'; - case AzureKindProperties.Visibility: + case AzureKindProperties.Visibility: return 'Visibility'; - case AzureKindProperties.Mail: + case AzureKindProperties.Mail: return 'M365 Group Mail'; default: return undefined; } } -export function AzurePathfindingEdges (): AzureRelationshipKind[] { +export function AzurePathfindingEdges(): AzureRelationshipKind[] { return [ AzureRelationshipKind.AvereContributor, AzureRelationshipKind.Contributor, @@ -1115,15 +1116,15 @@ export function AzurePathfindingEdges (): AzureRelationshipKind[] { AzureRelationshipKind.AZMGGrantAppRoles, AzureRelationshipKind.AZMGGrantRole, AzureRelationshipKind.SyncedToADUser, - AzureRelationshipKind.Contains + AzureRelationshipKind.Contains, ]; } export enum CommonNodeKind { MigrationData = 'MigrationData', } -export function CommonNodeKindToDisplay (value: CommonNodeKind): string | undefined { +export function CommonNodeKindToDisplay(value: CommonNodeKind): string | undefined { switch (value) { - case CommonNodeKind.MigrationData: + case CommonNodeKind.MigrationData: return 'MigrationData'; default: return undefined; @@ -1148,41 +1149,41 @@ export enum CommonKindProperties { IsInherited = 'isinherited', CompositionID = 'compositionid', } -export function CommonKindPropertiesToDisplay (value: CommonKindProperties): string | undefined { +export function CommonKindPropertiesToDisplay(value: CommonKindProperties): string | undefined { switch (value) { - case CommonKindProperties.ObjectID: + case CommonKindProperties.ObjectID: return 'Object ID'; - case CommonKindProperties.Name: + case CommonKindProperties.Name: return 'Name'; - case CommonKindProperties.DisplayName: + case CommonKindProperties.DisplayName: return 'Display Name'; - case CommonKindProperties.Description: + case CommonKindProperties.Description: return 'Description'; - case CommonKindProperties.OwnerObjectID: + case CommonKindProperties.OwnerObjectID: return 'Owner Object ID'; - case CommonKindProperties.Collected: + case CommonKindProperties.Collected: return 'Collected'; - case CommonKindProperties.OperatingSystem: + case CommonKindProperties.OperatingSystem: return 'Operating System'; - case CommonKindProperties.SystemTags: + case CommonKindProperties.SystemTags: return 'Node System Tags'; - case CommonKindProperties.UserTags: + case CommonKindProperties.UserTags: return 'Node User Tags'; - case CommonKindProperties.LastSeen: + case CommonKindProperties.LastSeen: return 'Last Collected by BloodHound'; - case CommonKindProperties.WhenCreated: + case CommonKindProperties.WhenCreated: return 'Created'; - case CommonKindProperties.Enabled: + case CommonKindProperties.Enabled: return 'Enabled'; - case CommonKindProperties.PasswordLastSet: + case CommonKindProperties.PasswordLastSet: return 'Password Last Set'; - case CommonKindProperties.Title: + case CommonKindProperties.Title: return 'Title'; - case CommonKindProperties.Email: + case CommonKindProperties.Email: return 'Email'; - case CommonKindProperties.IsInherited: + case CommonKindProperties.IsInherited: return 'Is Inherited'; - case CommonKindProperties.CompositionID: + case CommonKindProperties.CompositionID: return 'Composition ID'; default: return undefined; From dbd7857ed260d4e19a5ec5d266894606f65a2f02 Mon Sep 17 00:00:00 2001 From: Basile Date: Wed, 14 May 2025 15:00:41 +0200 Subject: [PATCH 11/11] Updated doc with the new feature --- docs/resources/nodes/az-group365.mdx | 30 +++++++++++++++++++ .../bh-shared-ui/src/graphSchema.ts | 8 ++--- 2 files changed, 34 insertions(+), 4 deletions(-) create mode 100644 docs/resources/nodes/az-group365.mdx diff --git a/docs/resources/nodes/az-group365.mdx b/docs/resources/nodes/az-group365.mdx new file mode 100644 index 0000000000..e3d59590c0 --- /dev/null +++ b/docs/resources/nodes/az-group365.mdx @@ -0,0 +1,30 @@ +--- +title: AZGroup365 +--- + + + +## Node properties +The node supports the properties of the table below. + + +Properties which are blank/null will not be shown in the Entity Panel. + + +| | | +| --- | --- | +| **Entity Panel name** | **Description** | +| Tier Zero / High Value | BloodHound Enterprise: Whether the object is part of Tier Zero of the Microsoft's Active Directory Tier Model, or the Control Plane of Microsoft's Enterprise Access Model.

BloodHound CE: Whether the object is currently marked as High Value. By default any object that belongs to Tier Zero is marked as High Value. | +| Display Name | The display name for the object. | +| Object ID | The object's security identifier (SID), a unique identifier in the directory. | +| Admin Count | Whether the object currently, or possibly ever has belonged to a certain set of highly privileged groups. For Active Directory nodes this is related to the AdminSDHolder object and the SDProp process, read about that [here](https://adsecurity.org/?p=2053). | +| Created | The time when the object was created in the directory. | +| Description | The contents of the description field for the object. | +| Is Role Assignable | Whether the group can be assigned to Azure roles. When set to "True," group members inherit role-based permissions. When set to "False," role assignments are not allowed for the group. | +| On-Prem Sync Enabled | Whether the object is synchronized to on-premises Active Directory. | +| Security Enabled | Whether the group is a Security Principal, meaning it can be used to secure objects in Entra ID. | +| Security Identifier | - | +| Mail | The mail of the Group | +| Visibility | Set to "True" if the group can be join by anyone, "False" if not | +| Tenant ID | Unique identifier for the Azure tenant. | + diff --git a/packages/javascript/bh-shared-ui/src/graphSchema.ts b/packages/javascript/bh-shared-ui/src/graphSchema.ts index 3156649062..836d5a6ee8 100644 --- a/packages/javascript/bh-shared-ui/src/graphSchema.ts +++ b/packages/javascript/bh-shared-ui/src/graphSchema.ts @@ -689,7 +689,7 @@ export function ActiveDirectoryKindPropertiesToDisplay(value: ActiveDirectoryKin return undefined; } } -export function ActiveDirectoryPathfindingEdges (): ActiveDirectoryRelationshipKind[] { +export function ActiveDirectoryPathfindingEdges(): ActiveDirectoryRelationshipKind[] { return [ ActiveDirectoryRelationshipKind.Owns, ActiveDirectoryRelationshipKind.GenericAll, @@ -742,7 +742,7 @@ export function ActiveDirectoryPathfindingEdges (): ActiveDirectoryRelationshipK ActiveDirectoryRelationshipKind.CoerceAndRelayNTLMToLDAPS, ActiveDirectoryRelationshipKind.Contains, ActiveDirectoryRelationshipKind.DCFor, - ActiveDirectoryRelationshipKind.TrustedBy + ActiveDirectoryRelationshipKind.TrustedBy, ]; } export enum AzureNodeKind { @@ -965,7 +965,7 @@ export function AzureRelationshipKindToDisplay(value: AzureRelationshipKind): st return undefined; } } -export type AzureKind = AzureNodeKind | AzureRelationshipKind +export type AzureKind = AzureNodeKind | AzureRelationshipKind; export enum AzureKindProperties { AppOwnerOrganizationID = 'appownerorganizationid', AppDescription = 'appdescription', @@ -1126,7 +1126,7 @@ export function CommonNodeKindToDisplay(value: CommonNodeKind): string | undefin switch (value) { case CommonNodeKind.MigrationData: return 'MigrationData'; - default: + default: return undefined; } }