Skip to content

Commit

Permalink
feat+chore: BED-4955 - refactor to expect int64 graph IDs; BED-4954 -…
Browse files Browse the repository at this point in the history 
… fixup hybrid path post-process deletion to clean up old edges
  • Loading branch information
@zinic
zinic committed Oct 22, 2024
1 parent c347ed2 commit c951811
Show file tree
Hide file tree
Showing 44 changed files with 623 additions and 539 deletions.
3 changes: 2 additions & 1 deletion cmd/api/src/analysis/ad/post.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package ad

import (
"context"
"github.com/specterops/bloodhound/graphschema/azure"

"github.com/specterops/bloodhound/analysis"
adAnalysis "github.com/specterops/bloodhound/analysis/ad"
Expand All @@ -27,7 +28,7 @@ import (

func Post(ctx context.Context, db graph.Database, adcsEnabled bool, citrixEnabled bool) (*analysis.AtomicPostProcessingStats, error) {
aggregateStats := analysis.NewAtomicPostProcessingStats()
if stats, err := analysis.DeleteTransitEdges(ctx, db, ad.Entity, ad.Entity, adAnalysis.PostProcessedRelationships()...); err != nil {
if stats, err := analysis.DeleteTransitEdges(ctx, db, graph.Kinds{ad.Entity, azure.Entity}, adAnalysis.PostProcessedRelationships()...); err != nil {
return &aggregateStats, err
} else if groupExpansions, err := adAnalysis.ExpandAllRDPLocalGroups(ctx, db); err != nil {
return &aggregateStats, err
Expand Down
88 changes: 44 additions & 44 deletions cmd/api/src/analysis/analysis_integration_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ func TestFetchRDPEnsureNoDescent(t *testing.T) {
// We should expect all groups that have the RIL incoming privilege to the computer
require.Equal(t, 1, int(rdpEnabledEntityIDBitmap.Cardinality()))

require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPB.RDPDomainUsersGroup.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPB.RDPDomainUsersGroup.ID.Uint64()))

return nil
}))
Expand All @@ -72,21 +72,21 @@ func TestFetchRemoteDesktopUsersBitmapForComputer(t *testing.T) {
// We should expect all entities that have the RIL incoming privilege to the computer
require.Equal(t, 7, int(rdpEnabledEntityIDBitmap.Cardinality()))

require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DillonUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.IrshadUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.UliUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.EliUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupA.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupB.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.RohanUser.ID.Uint32()))

require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupC.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupD.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupE.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.RDPDomainUsersGroup.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.AlyxUser.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.AndyUser.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.JohnUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DillonUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.IrshadUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.UliUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.EliUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupA.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupB.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.RohanUser.ID.Uint64()))

require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupC.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupD.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupE.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.RDPDomainUsersGroup.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.AlyxUser.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.AndyUser.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.JohnUser.ID.Uint64()))

return nil
}))
Expand All @@ -96,21 +96,21 @@ func TestFetchRemoteDesktopUsersBitmapForComputer(t *testing.T) {
rdpEnabledEntityIDBitmap, err := analysis.FetchRemoteDesktopUsersBitmapForComputer(tx, harness.RDP.Computer.ID, groupExpansions, false)
require.Nil(t, err)

require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.IrshadUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.UliUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.EliUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupA.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupB.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupC.ID.Uint32()))

require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupD.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupE.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.RDPDomainUsersGroup.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.AlyxUser.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DillonUser.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.AndyUser.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.RohanUser.ID.Uint32()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.JohnUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.IrshadUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.UliUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.EliUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupA.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupB.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupC.ID.Uint64()))

require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupD.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupE.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.RDPDomainUsersGroup.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.AlyxUser.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DillonUser.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.AndyUser.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.RohanUser.ID.Uint64()))
require.False(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.JohnUser.ID.Uint64()))

return nil
}))
Expand All @@ -132,12 +132,12 @@ func TestFetchRemoteDesktopUsersBitmapForComputer(t *testing.T) {

require.Equal(t, 6, int(rdpEnabledEntityIDBitmap.Cardinality()))

require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupC.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.IrshadUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.UliUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupB.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.EliUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupA.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupC.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.IrshadUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.UliUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupB.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.EliUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDP.DomainGroupA.ID.Uint64()))

return nil
}))
Expand All @@ -161,10 +161,10 @@ func TestFetchRDPEntityBitmapForComputer(t *testing.T) {
// We should expect the intersection of members of `Direct Access Users`, with entities that have the RIL privilege to the computer
require.Equal(t, 4, int(rdpEnabledEntityIDBitmap.Cardinality()))

require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.UliUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.IrshadUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.DillonUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.RohanUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.UliUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.IrshadUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.DillonUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.RohanUser.ID.Uint64()))

return nil
}))
Expand All @@ -186,9 +186,9 @@ func TestFetchRDPEntityBitmapForComputer(t *testing.T) {
// We should expect the intersection of members of `Direct Access Users,` with entities that are first degree members of the `Remote Desktop Users` group
require.Equal(t, 3, int(rdpEnabledEntityIDBitmap.Cardinality()))

require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.DomainGroupC.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.IrshadUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.UliUser.ID.Uint32()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.DomainGroupC.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.IrshadUser.ID.Uint64()))
require.True(t, rdpEnabledEntityIDBitmap.Contains(harness.RDPHarnessWithCitrix.UliUser.ID.Uint64()))

return nil
}))
Expand Down
3 changes: 2 additions & 1 deletion cmd/api/src/analysis/azure/post.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package azure

import (
"context"
"github.com/specterops/bloodhound/graphschema/ad"

"github.com/specterops/bloodhound/analysis"
azureAnalysis "github.com/specterops/bloodhound/analysis/azure"
Expand All @@ -28,7 +29,7 @@ import (

func Post(ctx context.Context, db graph.Database) (*analysis.AtomicPostProcessingStats, error) {
aggregateStats := analysis.NewAtomicPostProcessingStats()
if stats, err := analysis.DeleteTransitEdges(ctx, db, azure.Entity, azure.Entity, azureAnalysis.AzurePostProcessedRelationships()...); err != nil {
if stats, err := analysis.DeleteTransitEdges(ctx, db, graph.Kinds{ad.Entity, azure.Entity}, azureAnalysis.AzurePostProcessedRelationships()...); err != nil {
return &aggregateStats, err
} else if userRoleStats, err := azureAnalysis.UserRoleAssignments(ctx, db); err != nil {
return &aggregateStats, err
Expand Down
3 changes: 3 additions & 0 deletions cmd/api/src/analysis/hybrid/hybrid_integration_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@
//
// SPDX-License-Identifier: Apache-2.0

//go:build integration
// +build integration

package hybrid

import (
Expand Down
10 changes: 5 additions & 5 deletions cmd/api/src/analysis/membership_integration_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,10 +84,10 @@ func TestResolveAllGroupMemberships(t *testing.T) {

test.RequireNilErr(t, err)

require.Equal(t, 3, int(memberships.Cardinality(harness.RDP.DomainGroupA.ID.Uint32()).Cardinality()))
require.Equal(t, 1, int(memberships.Cardinality(harness.RDP.DomainGroupB.ID.Uint32()).Cardinality()))
require.Equal(t, 1, int(memberships.Cardinality(harness.RDP.DomainGroupC.ID.Uint32()).Cardinality()))
require.Equal(t, 1, int(memberships.Cardinality(harness.RDP.DomainGroupD.ID.Uint32()).Cardinality()))
require.Equal(t, 2, int(memberships.Cardinality(harness.RDP.DomainGroupE.ID.Uint32()).Cardinality()))
require.Equal(t, 3, int(memberships.Cardinality(harness.RDP.DomainGroupA.ID.Uint64()).Cardinality()))
require.Equal(t, 1, int(memberships.Cardinality(harness.RDP.DomainGroupB.ID.Uint64()).Cardinality()))
require.Equal(t, 1, int(memberships.Cardinality(harness.RDP.DomainGroupC.ID.Uint64()).Cardinality()))
require.Equal(t, 1, int(memberships.Cardinality(harness.RDP.DomainGroupD.ID.Uint64()).Cardinality()))
require.Equal(t, 2, int(memberships.Cardinality(harness.RDP.DomainGroupE.ID.Uint64()).Cardinality()))
})
}
10 changes: 5 additions & 5 deletions cmd/api/src/analysis/post_integration_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ func TestCrossProduct(t *testing.T) {
require.Nil(t, err)
domainsid, _ := harness.ShortcutHarness.Group3.Properties.Get(ad.DomainSID.String()).String()
results := ad2.CalculateCrossProductNodeSets(tx, domainsid, groupExpansions, firstSet, secondSet)
require.Truef(t, results.Contains(harness.ShortcutHarness.Group3.ID.Uint32()), "missing id %d", harness.ShortcutHarness.Group3.ID.Uint32())
require.Truef(t, results.Contains(harness.ShortcutHarness.Group3.ID.Uint64()), "missing id %d", harness.ShortcutHarness.Group3.ID.Uint64())
})
}

Expand All @@ -105,7 +105,7 @@ func TestCrossProductAuthUsers(t *testing.T) {
require.Nil(t, err)
domainsid, _ := harness.ShortcutHarnessAuthUsers.Group3.Properties.Get(ad.DomainSID.String()).String()
results := ad2.CalculateCrossProductNodeSets(tx, domainsid, groupExpansions, firstSet, secondSet)
require.True(t, results.Contains(harness.ShortcutHarnessAuthUsers.Group2.ID.Uint32()))
require.True(t, results.Contains(harness.ShortcutHarnessAuthUsers.Group2.ID.Uint64()))
})
}

Expand All @@ -121,7 +121,7 @@ func TestCrossProductEveryone(t *testing.T) {
require.Nil(t, err)
domainsid, _ := harness.ShortcutHarnessEveryone.Group3.Properties.Get(ad.DomainSID.String()).String()
results := ad2.CalculateCrossProductNodeSets(tx, domainsid, groupExpansions, firstSet, secondSet)
require.True(t, results.Contains(harness.ShortcutHarnessEveryone.Group2.ID.Uint32()))
require.True(t, results.Contains(harness.ShortcutHarnessEveryone.Group2.ID.Uint64()))
})
}

Expand All @@ -137,7 +137,7 @@ func TestCrossProductEveryone2(t *testing.T) {
require.Nil(t, err)
domainsid, _ := harness.ShortcutHarnessEveryone2.Group3.Properties.Get(ad.DomainSID.String()).String()
results := ad2.CalculateCrossProductNodeSets(tx, domainsid, groupExpansions, firstSet, secondSet)
require.True(t, results.Contains(harness.ShortcutHarnessEveryone2.Group1.ID.Uint32()))
require.True(t, results.Contains(harness.ShortcutHarnessEveryone2.Group2.ID.Uint32()))
require.True(t, results.Contains(harness.ShortcutHarnessEveryone2.Group1.ID.Uint64()))
require.True(t, results.Contains(harness.ShortcutHarnessEveryone2.Group2.ID.Uint64()))
})
}
3 changes: 3 additions & 0 deletions cmd/api/src/database/datapipestatus_test.go → ...tabase/datapipestatus_integration_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@
//
// SPDX-License-Identifier: Apache-2.0

//go:build integration
// +build integration

package database_test

import (
Expand Down
3 changes: 3 additions & 0 deletions cmd/api/src/database/parameters_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@
//
// SPDX-License-Identifier: Apache-2.0

//go:build integration
// +build integration

package database_test

import (
Expand Down
3 changes: 3 additions & 0 deletions cmd/api/src/model/appcfg/parameter_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@
//
// SPDX-License-Identifier: Apache-2.0

//go:build integration
// +build integration

package appcfg_test

import (
Expand Down
36 changes: 18 additions & 18 deletions packages/go/analysis/ad/ad.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,26 +300,26 @@ func createOrUpdateWellKnownLink(tx graph.Transaction, startNode *graph.Node, en

// CalculateCrossProductNodeSets finds the intersection of the given sets of nodes.
// See CalculateCrossProductNodeSetsDoc.md for explaination of the specialGroups (Authenticated Users and Everyone) and why we treat them the way we do
func CalculateCrossProductNodeSets(tx graph.Transaction, domainsid string, groupExpansions impact.PathAggregator, nodeSlices ...[]*graph.Node) cardinality.Duplex[uint32] {
func CalculateCrossProductNodeSets(tx graph.Transaction, domainsid string, groupExpansions impact.PathAggregator, nodeSlices ...[]*graph.Node) cardinality.Duplex[uint64] {
if len(nodeSlices) < 2 {
log.Errorf("Cross products require at least 2 nodesets")
return cardinality.NewBitmap32()
return cardinality.NewBitmap64()
}

//The intention is that the node sets being passed into this function contain all the first degree principals for control
var (
//Temporary storage for first degree and unrolled sets without auth users/everyone
firstDegreeSets []cardinality.Duplex[uint32]
unrolledSets []cardinality.Duplex[uint32]
firstDegreeSets []cardinality.Duplex[uint64]
unrolledSets []cardinality.Duplex[uint64]

//This is the set we use as a reference set to check against checkset
unrolledRefSet = cardinality.NewBitmap32()
unrolledRefSet = cardinality.NewBitmap64()

//This is the set we use to aggregate multiple sets together it should have all the valid principals from all other sets at this point
checkSet = cardinality.NewBitmap32()
checkSet = cardinality.NewBitmap64()

//This is our set of entities that have the complete cross product of permissions
resultEntities = cardinality.NewBitmap32()
resultEntities = cardinality.NewBitmap64()
)

//Get the IDs of the Auth. Users and Everyone groups
Expand All @@ -332,26 +332,26 @@ func CalculateCrossProductNodeSets(tx graph.Transaction, domainsid string, group
//Unroll all nodesets
for _, nodeSlice := range nodeSlices {
var (
firstDegreeSet = cardinality.NewBitmap32()
unrolledSet = cardinality.NewBitmap32()
firstDegreeSet = cardinality.NewBitmap64()
unrolledSet = cardinality.NewBitmap64()
)

for _, entity := range nodeSlice {
entityID := entity.ID.Uint32()
entityID := entity.ID.Uint64()

firstDegreeSet.Add(entityID)
unrolledSet.Add(entityID)

if entity.Kinds.ContainsOneOf(ad.Group, ad.LocalGroup) {
unrolledSet.Or(groupExpansions.Cardinality(entity.ID.Uint32()).(cardinality.Duplex[uint32]))
unrolledSet.Or(groupExpansions.Cardinality(entity.ID.Uint64()))
}
}

//Skip sets containing Auth. Users or Everyone
hasSpecialGroup := false

for _, specialGroup := range specialGroups {
if unrolledSet.Contains(specialGroup.ID.Uint32()) {
if unrolledSet.Contains(specialGroup.ID.Uint64()) {
hasSpecialGroup = true
break
}
Expand All @@ -367,7 +367,7 @@ func CalculateCrossProductNodeSets(tx graph.Transaction, domainsid string, group
if len(firstDegreeSets) == 0 {
for _, nodeSet := range nodeSlices {
for _, entity := range nodeSet {
resultEntities.Add(entity.ID.Uint32())
resultEntities.Add(entity.ID.Uint64())
}
}

Expand All @@ -384,7 +384,7 @@ func CalculateCrossProductNodeSets(tx graph.Transaction, domainsid string, group
}

//Check first degree principals in our reference set (firstDegreeSets[0]) first
firstDegreeSets[0].Each(func(id uint32) bool {
firstDegreeSets[0].Each(func(id uint64) bool {
if checkSet.Contains(id) {
resultEntities.Add(id)
} else {
Expand All @@ -396,8 +396,8 @@ func CalculateCrossProductNodeSets(tx graph.Transaction, domainsid string, group

//Find all the groups in our secondary targets and map them to their cardinality in our expansions
//Saving off to a map to prevent multiple lookups on the expansions
tempMap := map[uint32]uint64{}
unrolledRefSet.Each(func(id uint32) bool {
tempMap := map[uint64]uint64{}
unrolledRefSet.Each(func(id uint64) bool {
//If group expansions contains this ID and its cardinality is > 0, it's a group/localgroup
idCardinality := groupExpansions.Cardinality(id).Cardinality()
if idCardinality > 0 {
Expand All @@ -408,7 +408,7 @@ func CalculateCrossProductNodeSets(tx graph.Transaction, domainsid string, group
})

//Save the map keys to a new slice, this represents our list of groups in the expansion
keys := make([]uint32, 0, len(tempMap))
keys := make([]uint64, 0, len(tempMap))

for key := range tempMap {
keys = append(keys, key)
Expand Down Expand Up @@ -437,7 +437,7 @@ func CalculateCrossProductNodeSets(tx graph.Transaction, domainsid string, group
}
}

unrolledRefSet.Each(func(remainder uint32) bool {
unrolledRefSet.Each(func(remainder uint64) bool {
if checkSet.Contains(remainder) {
resultEntities.Add(remainder)
}
Expand Down
Loading

0 comments on commit c951811

Please sign in to comment.