From 423dad7a6d21222259c3c746405439216ad432b3 Mon Sep 17 00:00:00 2001
From: anemeth <anemeth@specterops.io>
Date: Thu, 9 Jan 2025 09:32:26 -0800
Subject: [PATCH] Add test coverage for LdapConnectionPool excluded domains;
 fix preview feature use on LdapUtils

---
 src/CommonLib/LdapUtils.cs          |  2 +-
 test/unit/LdapConnectionPoolTest.cs | 45 +++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 test/unit/LdapConnectionPoolTest.cs

diff --git a/src/CommonLib/LdapUtils.cs b/src/CommonLib/LdapUtils.cs
index a9166aff..052e3be2 100644
--- a/src/CommonLib/LdapUtils.cs
+++ b/src/CommonLib/LdapUtils.cs
@@ -972,7 +972,7 @@ await GetForest(domainName) is (true, var forestName) &&
                     await GetDomainSidFromDomainName(forestName) is (true, var forestDomainSid)) {
                     forestSidToName.TryAdd(forestDomainSid, forestName);
                     if (!grouped.ContainsKey(forestDomainSid)) {
-                        grouped[forestDomainSid] = [];
+                        grouped[forestDomainSid] = new();
                     }
 
                     foreach (var k in domainSid) {
diff --git a/test/unit/LdapConnectionPoolTest.cs b/test/unit/LdapConnectionPoolTest.cs
new file mode 100644
index 00000000..5ac532c2
--- /dev/null
+++ b/test/unit/LdapConnectionPoolTest.cs
@@ -0,0 +1,45 @@
+using System.Reflection;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+using Moq;
+using SharpHoundCommonLib;
+using Xunit;
+
+public class LdapConnectionPoolTest
+{
+    private static void AddExclusionDomain(string identifier) {
+        var excludedDomainsField = typeof(LdapConnectionPool)
+            .GetField("_excludedDomains", BindingFlags.Static | BindingFlags.NonPublic);
+
+        var excludedDomains = (ConcurrentHashSet)excludedDomainsField.GetValue(null);
+
+        excludedDomains.Add(identifier);
+    }
+
+    [Fact]
+    public async Task LdapConnectionPool_ExcludedDomains_ShouldExitEarly()
+    {
+        var mockLogger = new Mock<ILogger>();
+        var ldapConfig = new LdapConfig();
+        var connectionPool = new ConnectionPoolManager(ldapConfig, mockLogger.Object);
+
+        AddExclusionDomain("excludedDomain.com");
+        var connectAttempt = await connectionPool.TestDomainConnection("excludedDomain.com", false);
+
+        Assert.False(connectAttempt.Success);
+        Assert.Contains("excluded for connection attempt", connectAttempt.Message);
+    }
+
+    [Fact]
+    public async Task LdapConnectionPool_ExcludedDomains_NonExcludedShouldntExit()
+    {
+        var mockLogger = new Mock<ILogger>();
+        var ldapConfig = new LdapConfig();
+        var connectionPool = new ConnectionPoolManager(ldapConfig, mockLogger.Object);
+
+        AddExclusionDomain("excludedDomain.com");
+        var connectAttempt = await connectionPool.TestDomainConnection("perfectlyValidDomain.com", false);
+
+        Assert.DoesNotContain("excluded for connection attempt", connectAttempt.Message);
+    }
+}
\ No newline at end of file