API Endpoint graphs/cypher does not work as described #79
Comments
Daniel-CS-Team
added
bug
|
We can update the documentation to reflect how this functions more accurately. There is a setting at https://github.com/SpecterOps/BloodHound/blob/main/examples/docker-compose/docker-compose.yml#L66C13-L66C13 that is supposed to enable or disable this filtering. However, we're tracking a bug internally where that setting only disables the timing constraints while leaving the expression constraints intact. We'll use this ticket to track both issues. |
|
@StephenHinck apologies for the bump but I was wondering if there has been any update on this? Would be ideal to add some paths between on-prem and Azure nodes which hopefully this would allow me to do. Follow up EDIT: As a workaround I'll run the CREATE query directly on the Neo4J DB assuming that will be reflected in the BHCE web UI. |
|
We haven't had an opportunity to work on this, no. Your workaround will work just fine - BHCE queries data out of Neo; nothing special there. |
|
It looks like there's just been a PR to fix this #190 thank you very much! @superlinkx |
|
Unfortunately, that PR does not fix this issue. The disable qc flag still currently only disables the heuristic timeouts on cypher queries, and your originally reported bug remains outstanding. |
|
It should be noted this PR only fixes the env var not being parsed properly. To give context, this current incarnation of There are several community expectations that it also allows for more standard Cypher queries to work (such as CREATE queries). For now, we don't have a way wired up to disable these guardrails, but we are discussing internally how to solve multiple community issues surrounding our cypher QoS settings and expanded cypher language support. We'll be sure to communicate plans as soon as we are able. |
|
Understood, thanks both for all your hard work on this! |
|
This should be resolved with v5.8.0 |
Description:
The buil-in API documentation for the endpoint
graphs/cypherreads as follows:Which made me expect, that whatever Cypher-Query is send to that endpoint is directly passed to neo4j. That is clearly not the case, as not all queries that work in neo4j-browser do work with this endpoint as well. The behavior can be reproduced in the GUI as well, since it uses the same Endpoint.
Component(s) Affected:
Steps to Reproduce:
WITH datetime() as now MATCH (n) WHERE duration.between(datetime(n.lastseen),now).hours > 1 RETURN n LIMIT 10'Expected Behavior:
Should return 10 Nodes.
Actual Behavior:
Gives Error
invalid inputScreenshots/Code Snippets/Sample Files:
Environment Information:
BloodhoundCE in AWS ECS
Neo4j Browser version: 5.11.0
Neo4j Server version: 4.4.25 (community)
Additional Information:
If the same query is run in neo4j-browser against the very same database, it works just fine.
Potential Solution (Optional):
Either correct the documentation to describe the actual behavior or really just forward the query directly to neo4j.
Related Issues:
Contributor Checklist:
The text was updated successfully, but these errors were encountered: