jpetree331
f97d4845af
Complete RedFlag codebase with two major security audit implementations.
== A-1: Ed25519 Key Rotation Support ==
Server:
- SignCommand sets SignedAt timestamp and KeyID on every signature
- signing_keys database table (migration 020) for multi-key rotation
- InitializePrimaryKey registers active key at startup
- /api/v1/public-keys endpoint for rotation-aware agents
- SigningKeyQueries for key lifecycle management
Agent:
- Key-ID-aware verification via CheckKeyRotation
- FetchAndCacheAllActiveKeys for rotation pre-caching
- Cache metadata with TTL and staleness fallback
- SecurityLogger events for key rotation and command signing
== A-2: Replay Attack Fixes (F-1 through F-7) ==
F-5 CRITICAL - RetryCommand now signs via signAndCreateCommand
F-1 HIGH - v3 format: "{agent_id}:{cmd_id}:{type}:{hash}:{ts}"
F-7 HIGH - Migration 026: expires_at column with partial index
F-6 HIGH - GetPendingCommands/GetStuckCommands filter by expires_at
F-2 HIGH - Agent-side executedIDs dedup map with cleanup
F-4 HIGH - commandMaxAge reduced from 24h to 4h
F-3 CRITICAL - Old-format commands rejected after 48h via CreatedAt
Verification fixes: migration idempotency (ETHOS #4), log format
compliance (ETHOS #1), stale comments updated.
All 24 tests passing. Docker --no-cache build verified.
See docs/ for full audit reports and deviation log (DEV-001 to DEV-019).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
108 lines
2.9 KiB
Go
108 lines
2.9 KiB
Go
package command
|
|
|
|
import (
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/Fimeg/RedFlag/aggregator-server/internal/database/queries"
|
|
"github.com/Fimeg/RedFlag/aggregator-server/internal/models"
|
|
"github.com/google/uuid"
|
|
)
|
|
|
|
// Factory creates validated AgentCommand instances
|
|
type Factory struct {
|
|
validator *Validator
|
|
commandQueries *queries.CommandQueries
|
|
}
|
|
|
|
// NewFactory creates a new command factory
|
|
func NewFactory(commandQueries *queries.CommandQueries) *Factory {
|
|
return &Factory{
|
|
validator: NewValidator(),
|
|
commandQueries: commandQueries,
|
|
}
|
|
}
|
|
|
|
// Create generates a new validated AgentCommand with unique ID
|
|
func (f *Factory) Create(agentID uuid.UUID, commandType string, params map[string]interface{}) (*models.AgentCommand, error) {
|
|
cmd := &models.AgentCommand{
|
|
ID: uuid.New(),
|
|
AgentID: agentID,
|
|
CommandType: commandType,
|
|
Status: "pending",
|
|
Source: determineSource(commandType),
|
|
Params: params,
|
|
CreatedAt: time.Now(),
|
|
UpdatedAt: time.Now(),
|
|
}
|
|
|
|
if err := f.validator.Validate(cmd); err != nil {
|
|
return nil, fmt.Errorf("command validation failed: %w", err)
|
|
}
|
|
|
|
return cmd, nil
|
|
}
|
|
|
|
// CreateWithIdempotency generates a command with idempotency protection
|
|
// If a command with the same idempotency key exists, returns it instead of creating a duplicate
|
|
func (f *Factory) CreateWithIdempotency(agentID uuid.UUID, commandType string, params map[string]interface{}, idempotencyKey string) (*models.AgentCommand, error) {
|
|
// If no idempotency key provided, create normally
|
|
if idempotencyKey == "" {
|
|
return f.Create(agentID, commandType, params)
|
|
}
|
|
|
|
// Check for existing command with same idempotency key
|
|
existing, err := f.commandQueries.GetCommandByIdempotencyKey(agentID, idempotencyKey)
|
|
if err != nil {
|
|
// If no existing command found, proceed with creation
|
|
if err.Error() == "sql: no rows in result set" || err.Error() == "command not found" {
|
|
cmd := &models.AgentCommand{
|
|
ID: uuid.New(),
|
|
AgentID: agentID,
|
|
CommandType: commandType,
|
|
Status: "pending",
|
|
Source: determineSource(commandType),
|
|
IdempotencyKey: &idempotencyKey,
|
|
Params: params,
|
|
CreatedAt: time.Now(),
|
|
UpdatedAt: time.Now(),
|
|
}
|
|
|
|
if err := f.validator.Validate(cmd); err != nil {
|
|
return nil, fmt.Errorf("command validation failed: %w", err)
|
|
}
|
|
return cmd, nil
|
|
}
|
|
return nil, fmt.Errorf("failed to check idempotency: %w", err)
|
|
}
|
|
|
|
// Return existing command
|
|
return existing, nil
|
|
}
|
|
|
|
// determineSource classifies command source based on type
|
|
func determineSource(commandType string) string {
|
|
if isSystemCommand(commandType) {
|
|
return "system"
|
|
}
|
|
return "manual"
|
|
}
|
|
|
|
func isSystemCommand(commandType string) bool {
|
|
systemCommands := []string{
|
|
"enable_heartbeat",
|
|
"disable_heartbeat",
|
|
"update_check",
|
|
"cleanup_old_logs",
|
|
"heartbeat_on",
|
|
"heartbeat_off",
|
|
}
|
|
|
|
for _, cmd := range systemCommands {
|
|
if commandType == cmd {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|