Disable query timeout and memory protections from Cypher not working

[rphlwnk]

Description:

I tried running the default cipher Shortest paths to systems trusted for unconstrained delegation against my data set but it did not finish, in the log i can see errors regarding dbms.timeout and api error - i tried increasing it in Neo4j but it still does not finish the cipher. I also tried with Docker option bhe_disable_cypher_qc=true but same outcome.

Component(s) Affected:

• [ ] UI
• [x] API
• [x] Neo4j
• [ ] PostgreSQL
• [ ] Data Collector (SharpHound, AzureHound)
• [ ] Other (tooling, documentation, etc.)

Actual Behavior:

Cipher ends with 'An error occured' and the following error log lines:

bloodhound  | {"level":"info","query":"match p = shortestPath((n)-[:Owns|GenericAll|GenericWrite|WriteOwner|WriteDacl|MemberOf|ForceChangePassword|AllExtendedRights|AddMember|HasSession|Contains|GPLink|AllowedToDelegate|TrustedBy|AllowedToAct|AdminTo|CanPSRemote|CanRDP|ExecuteDCOM|HasSIDHistory|AddSelf|DCSync|ReadLAPSPassword|ReadGMSAPassword|DumpSMSAPassword|SQLAdmin|AddAllowedToAct|WriteSPN|AddKeyCredentialLink|SyncLAPSPassword|WriteAccountRestrictions*1..]->(m:Computer)) where m.unconstraineddelegation = $STRIPPED and n <> m return p","time":"2023-09-18T15:05:32.439571861Z","message":"Executing user cypher query"}
bloodhound  | {"level":"warn","time":"2023-09-18T15:06:04.268603391Z","message":"Writing API Error. Status: 500. Message: [{ driver error: Neo4jError: Neo.ClientError.Transaction.TransactionTimedOut (The transaction has been terminated. Retry your operation in a new transaction, and you should see a successful result. The transaction has not completed within the specified timeout (dbms.transaction.timeout). You may want to retry with a longer timeout. ) - query: match p = shortestPath((n)-[:Owns|GenericAll|GenericWrite|WriteOwner|WriteDacl|MemberOf|ForceChangePassword|AllExtendedRights|AddMember|HasSession|Contains|GPLink|AllowedToDelegate|TrustedBy|AllowedToAct|AdminTo|CanPSRemote|CanRDP|ExecuteDCOM|HasSIDHistory|AddSelf|DCSync|ReadLAPSPassword|ReadGMSAPassword|DumpSMSAPassword|SQLAdmin|AddAllowedToAct|WriteSPN|AddKeyCredentialLink|SyncLAPSPassword|WriteAccountRestrictions*1..]->(m:Computer)) where m.unconstraineddelegation = true and n <> m return p}]"}
bloodhound  | {"level":"warn","time":"2023-09-18T15:06:04.268622873Z","message":"Writing API Error. Context Deadline Exceeded while writing JSON response."}

Screenshots/Code Snippets/Sample Files:

Current dataset volume

Users | 4 741 Groups | 8 082 Computers | 2 958 OUs | 451 GPOs | 167 Containers | 69 Domains | 5 Sessions | 1 690 ACLs | 224 903 Relationships | 351 346

Environment Information:

BloodHound: Bloodhound Docker image with tag latest

Collector: [SharpHound version / AzureHound version]

OS: Ubuntu Server LTS 22.04

Database (if persistence related): Neo4j version 4.4

Docker (if using Docker): 24.0.6, build ed223bc

Additional Information:

I also tried increasing the dbms.timeout with /config overwrite of Neo4J (mounted config file to /conf of Neo4J Container)

dbms.transaction.timeout=2m
dbms.lock.acquisition.timeout=2m

Potential Solution (Optional):

If you have any ideas about what might be causing the issue or how it could be fixed, you can share them here.

Related Issues:

If you've found related issues in the project's issue tracker, mention them here.

Contributor Checklist:

• [x] I have searched the issue tracker to ensure this bug hasn't been reported before or is not already being addressed.
• [ ] I have provided clear steps to reproduce the issue.
• [x] I have included relevant environment information details.
• [x] I have attached necessary supporting documents.
• [x] I have checked that any JSON files I am attempting to upload to BloodHound are valid.