Fimeg/Redflag
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f97d4845affb2f018e8be5eca279ed8ca390b25b
Redflag/aggregator-agent/pkg/windowsupdate/iupdatesession.go
jpetree331 f97d4845af feat(security): A-1 Ed25519 key rotation + A-2 replay attack fixes 
Complete RedFlag codebase with two major security audit implementations.

== A-1: Ed25519 Key Rotation Support ==

Server:
- SignCommand sets SignedAt timestamp and KeyID on every signature
- signing_keys database table (migration 020) for multi-key rotation
- InitializePrimaryKey registers active key at startup
- /api/v1/public-keys endpoint for rotation-aware agents
- SigningKeyQueries for key lifecycle management

Agent:
- Key-ID-aware verification via CheckKeyRotation
- FetchAndCacheAllActiveKeys for rotation pre-caching
- Cache metadata with TTL and staleness fallback
- SecurityLogger events for key rotation and command signing

== A-2: Replay Attack Fixes (F-1 through F-7) ==

F-5 CRITICAL - RetryCommand now signs via signAndCreateCommand
F-1 HIGH     - v3 format: "{agent_id}:{cmd_id}:{type}:{hash}:{ts}"
F-7 HIGH     - Migration 026: expires_at column with partial index
F-6 HIGH     - GetPendingCommands/GetStuckCommands filter by expires_at
F-2 HIGH     - Agent-side executedIDs dedup map with cleanup
F-4 HIGH     - commandMaxAge reduced from 24h to 4h
F-3 CRITICAL - Old-format commands rejected after 48h via CreatedAt

Verification fixes: migration idempotency (ETHOS #4), log format
compliance (ETHOS #1), stale comments updated.

All 24 tests passing. Docker --no-cache build verified.
See docs/ for full audit reports and deviation log (DEV-001 to DEV-019).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 21:25:47 -04:00

101 lines
3.6 KiB
Go
Raw Blame History

/*
Copyright 2022 Zheng Dayu
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package windowsupdate
import (
"github.com/go-ole/go-ole"
"github.com/go-ole/go-ole/oleutil"
)
// IUpdateSession represents a session in which the caller can perform operations that involve updates.
// For example, this interface represents sessions in which the caller performs a search, download, installation, or uninstallation operation.
// https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nn-wuapi-iupdatesession
type IUpdateSession struct {
disp *ole.IDispatch
ClientApplicationID string
ReadOnly bool
WebProxy *IWebProxy
}
func toIUpdateSession(updateSessionDisp *ole.IDispatch) (*IUpdateSession, error) {
var err error
iUpdateSession := &IUpdateSession{
disp: updateSessionDisp,
}
if iUpdateSession.ClientApplicationID, err = toStringErr(oleutil.GetProperty(updateSessionDisp, "ClientApplicationID")); err != nil {
return nil, err
}
if iUpdateSession.ReadOnly, err = toBoolErr(oleutil.GetProperty(updateSessionDisp, "ReadOnly")); err != nil {
return nil, err
}
webProxyDisp, err := toIDispatchErr(oleutil.GetProperty(updateSessionDisp, "WebProxy"))
if err != nil {
return nil, err
}
if webProxyDisp != nil {
if iUpdateSession.WebProxy, err = toIWebProxy(webProxyDisp); err != nil {
return nil, err
}
}
return iUpdateSession, nil
}
// NewUpdateSession creates a new IUpdateSession interface.
func NewUpdateSession() (*IUpdateSession, error) {
unknown, err := oleutil.CreateObject("Microsoft.Update.Session")
if err != nil {
return nil, err
}
disp, err := unknown.QueryInterface(ole.IID_IDispatch)
if err != nil {
return nil, err
}
return toIUpdateSession(disp)
}
// CreateUpdateDownloader returns an IUpdateDownloader interface for this session.
// https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nf-wuapi-iupdatesession-createupdatedownloader
func (iUpdateSession *IUpdateSession) CreateUpdateDownloader() (*IUpdateDownloader, error) {
updateDownloaderDisp, err := toIDispatchErr(oleutil.CallMethod(iUpdateSession.disp, "CreateUpdateDownloader"))
if err != nil {
return nil, err
}
return toIUpdateDownloader(updateDownloaderDisp)
}
// CreateUpdateInstaller returns an IUpdateInstaller interface for this session.
// https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nf-wuapi-iupdatesession-createupdateinstaller
func (iUpdateSession *IUpdateSession) CreateUpdateInstaller() (*IUpdateInstaller, error) {
updateInstallerDisp, err := toIDispatchErr(oleutil.CallMethod(iUpdateSession.disp, "CreateUpdateInstaller"))
if err != nil {
return nil, err
}
return toIUpdateInstaller(updateInstallerDisp)
}
// CreateUpdateSearcher returns an IUpdateSearcher interface for this session.
// https://docs.microsoft.com/en-us/windows/win32/api/wuapi/nf-wuapi-iupdatesession-createupdatesearcher
func (iUpdateSession *IUpdateSession) CreateUpdateSearcher() (*IUpdateSearcher, error) {
updateSearcherDisp, err := toIDispatchErr(oleutil.CallMethod(iUpdateSession.disp, "CreateUpdateSearcher"))
if err != nil {
return nil, err
}
return toIUpdateSearcher(updateSearcherDisp)
}
Reference in New Issue View Git Blame Copy Permalink