Add optional Neo4j GDS plugin installation (#1)

[CravateRouge]

I added an option to the old script to install the GDS plugin into neo4J. I don't know if it's useful for you but I share it anyway

[Copilot]

Pull Request Overview

This PR adds optional support for installing the Neo4j Graph Data Science (GDS) plugin to enhance BloodHound CE functionality. The installation is enabled by default but can be disabled via an environment variable.

Key Changes

• Added automatic GDS plugin download and installation with SHA-256 checksum verification
• Introduced INSTALL_GDS environment variable (defaults to true) to control plugin installation
• Updated documentation to explain the GDS plugin feature and how to disable it

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File	Description
bloodhound-ce	Implements GDS plugin installation logic with download, verification, and Neo4j configuration
README.md	Documents the new GDS plugin feature and usage instructions

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

[nitpick] The GDS version is hardcoded. Consider making this configurable via an environment variable (e.g., GDS_VERSION="${GDS_VERSION:-2.6.7}") to allow users to specify different versions without modifying the script.

Suggested change

	local GDS_VERSION="2.6.7"
	local GDS_VERSION="${GDS_VERSION:-2.6.7}"

[Copilot]

The hardcoded SHA-256 checksum is tightly coupled to the hardcoded version. If the version becomes configurable, this checksum validation will fail for other versions. Consider either documenting this limitation or implementing a version-to-checksum mapping.

Suggested change

	local GDS_SHA256="ecdad4b1050f7727af1af76579344b792b4ea8e48102955bec0e99d7cb8a46e9"
	# Mapping of supported GDS versions to their SHA-256 checksums.
	# To add support for a new version, add a new entry below:
	declare -A GDS_SHA256_MAP=(
	["2.6.7"]="ecdad4b1050f7727af1af76579344b792b4ea8e48102955bec0e99d7cb8a46e9"
	# Add more versions here as needed, e.g.:
	# ["2.7.0"]="sha256sum_for_2.7.0"
	)
	local GDS_SHA256="${GDS_SHA256_MAP[$GDS_VERSION]}"
	if [ -z "$GDS_SHA256" ]; then
	echo -e "${RED}Error: No SHA-256 checksum known for GDS version $GDS_VERSION.${NC}"
	echo "Please update the script to add the checksum for this version."
	return 1
	fi

[Copilot]

The install_gds_plugin function is called before run_neo4j, but it attempts to download files to $NEO4J_VOL/plugins which may not exist yet. If Neo4j has never run, this directory won't exist and the mkdir at line 103 may fail silently due to || true. Consider ensuring the base $NEO4J_VOL directory exists before attempting plugin installation, or handle the case where the directory creation fails more explicitly.

[Copilot]

The condition [ ! -e \"$PLUGINS_DIR\" ] will be true even if the parent directory doesn't exist, leading to attempted downloads that will fail. This doesn't properly guard against the case where $NEO4J_VOL itself doesn't exist. The download will fail but the error handling may not clearly indicate the root cause.

[Copilot]

The NEO4J_PLUGINS environment variable is set unconditionally, even when INSTALL_GDS=false. This will cause Neo4j to expect the GDS plugin but it won't be present, potentially causing errors. This environment variable should only be set when INSTALL_GDS=true.