BloodHound icon indicating copy to clipboard operation
BloodHound copied to clipboard
verified publisher icon SpecterOps

[BED-6440] Fix Issue #1846: Fetch app ID instead of service principal object ID

Open Mayyhem opened this issue 5 months ago • 2 comments

Description

The issue is that the FetchServicePrincipalApplications function called by getServicePrincipalAppID function (https://github.com/SpecterOps/BloodHound/blob/main/packages/go/analysis/azure/service_principal.go#L58 ) gets the end node (the service principal) instead of the application (the end node) on this line: https://github.com/SpecterOps/BloodHound/blob/0c823b12f27b29aa36df0342a49769e20a107e99/packages/go/analysis/azure/queries.go#L567

Changing FetchEndNodes to FetchStartNodes resolves the issue.

Motivation and Context

Resolves Issue #1846 (BED-6440, formerly BED-6431)

https://github.com/SpecterOps/BloodHound/issues/1846 https://specterops.atlassian.net/browse/BED-6440 (formerly https://specterops.atlassian.net/browse/BED-6431)

How Has This Been Tested?

After implementing the change, observed the correct app ID in the node entity panel.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • [X] I have met the contributing prerequisites
    • Assigned myself to this PR
    • Added the appropriate labels
    • Associated an issue: https://github.com/SpecterOps/BloodHound/issues/672
    • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing

Summary by CodeRabbit

  • Bug Fixes

    • Corrected Azure service principal and application relationship analysis to return accurate query results.

  • Tests

    • Enhanced test coverage for service principal and application object ID relationship validation.

Mayyhem avatar Nov 06 '25 21:11 Mayyhem