From de049530f68c436019b53aa7684ace2f116a6aa2 Mon Sep 17 00:00:00 2001
From: malacupa <malacupa@github.com>
Date: Thu, 16 Nov 2023 12:16:27 +0100
Subject: [PATCH] limit information collected by "azurehound list
 group-members" to only collect member IDs

---
 client/groups.go          | 6 +++---
 cmd/list-group-members.go | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/client/groups.go b/client/groups.go
index 4e205f8..5bc461b 100644
--- a/client/groups.go
+++ b/client/groups.go
@@ -61,10 +61,10 @@ func (s *azureClient) GetAzureADGroupOwners(ctx context.Context, objectId string
 	}
 }
 
-func (s *azureClient) GetAzureADGroupMembers(ctx context.Context, objectId string, filter string, search string, count bool) (azure.MemberObjectList, error) {
+func (s *azureClient) GetAzureADGroupMembers(ctx context.Context, objectId string, filter string, search string, count bool, selectCols []string) (azure.MemberObjectList, error) {
 	var (
 		path     = fmt.Sprintf("/%s/groups/%s/members", constants.GraphApiBetaVersion, objectId)
-		params   = query.Params{Filter: filter, Search: search, Count: count}.AsMap()
+        params   = query.Params{Filter: filter, Search: search, Count: count, Select: selectCols}.AsMap()
 		response azure.MemberObjectList
 	)
 	if res, err := s.msgraph.Get(ctx, path, params, nil); err != nil {
@@ -246,7 +246,7 @@ func (s *azureClient) ListAzureADGroupMembers(ctx context.Context, objectId stri
 			nextLink string
 		)
 
-		if list, err := s.GetAzureADGroupMembers(ctx, objectId, filter, search, false); err != nil {
+		if list, err := s.GetAzureADGroupMembers(ctx, objectId, filter, search, false, selectCols); err != nil {
 			errResult.Error = err
 			if ok := pipeline.Send(ctx.Done(), out, errResult); !ok {
 				return
diff --git a/cmd/list-group-members.go b/cmd/list-group-members.go
index cfdd203..e7c5587 100644
--- a/cmd/list-group-members.go
+++ b/cmd/list-group-members.go
@@ -92,7 +92,7 @@ func listGroupMembers(ctx context.Context, client client.AzureClient, groups <-c
 					}
 					count = 0
 				)
-				for item := range client.ListAzureADGroupMembers(ctx, id, "", "", "", nil) {
+				for item := range client.ListAzureADGroupMembers(ctx, id, "", "", "", []string{"id"}) {
 					if item.Error != nil {
 						log.Error(item.Error, "unable to continue processing members for this group", "groupId", id)
 					} else {