feat(backend): c2 callbacks + execute endpoints (sprint 8 M2)

- Add C2Error exception to adapter ABC - Add promote_to_in_progress() helper to simulation_workflow (pending→in_progress) - Flesh out MythicAdapter: list_callbacks() (GraphQL query) + create_task() (mutation) - Expand FakeAdapter to 3 deterministic callbacks; switch task store to per-instance - Add GET /api/engagements/<id>/c2/callbacks — lists active callbacks via adapter - Add POST /api/simulations/<id>/c2/execute — issues tasks, stores C2Task rows, auto-transitions pending→in_progress, blocks on done (409) - Both endpoints: SOC=403, 503 no-key, 502 adapter error, sanitized error messages - Add requests-mock==1.12.1 to requirements.txt - 42 new tests (342 total, 300 M1 baseline preserved green) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-10 19:34:18 +02:00
parent 9a9c98beab
commit 53755a31d6
14 changed files with 983 additions and 23 deletions
--- a/backend/tests/test_c2_callbacks.py
+++ b/backend/tests/test_c2_callbacks.py
@@ -0,0 +1,142 @@
+"""Tests for GET /api/engagements/<id>/c2/callbacks."""
+from __future__ import annotations
+
+import pytest
+from cryptography.fernet import Fernet
+from flask.testing import FlaskClient
+
+from backend.app.services.c2.adapter import C2Error
+from backend.tests.conftest import auth_headers as _h
+
+_FERNET_KEY = Fernet.generate_key().decode()
+
+
+@pytest.fixture(autouse=True)
+def set_encryption_key(monkeypatch):
+    monkeypatch.setenv("MIMIC_ENCRYPTION_KEY", _FERNET_KEY)
+
+
+@pytest.fixture(autouse=True)
+def use_fake_adapter(monkeypatch):
+    monkeypatch.setenv("MIMIC_C2_ADAPTER", "fake")
+
+
+def _make_engagement(client: FlaskClient, token: str) -> dict:
+    resp = client.post(
+        "/api/engagements",
+        headers=_h(token),
+        json={"name": "Op Alpha", "start_date": "2026-06-10"},
+    )
+    assert resp.status_code == 201
+    return resp.get_json()
+
+
+def _put_config(client: FlaskClient, token: str, eid: int) -> None:
+    resp = client.put(
+        f"/api/engagements/{eid}/c2-config",
+        headers=_h(token),
+        json={"url": "https://c2.internal:7443", "api_token": "s3cr3t", "verify_tls": True},
+    )
+    assert resp.status_code == 200
+
+
+class TestGetCallbacksHappyPath:
+    def test_returns_3_callbacks_with_fake_adapter(
+        self, client: FlaskClient, admin_token: str
+    ) -> None:
+        eng = _make_engagement(client, admin_token)
+        _put_config(client, admin_token, eng["id"])
+
+        resp = client.get(
+            f"/api/engagements/{eng['id']}/c2/callbacks",
+            headers=_h(admin_token),
+        )
+        assert resp.status_code == 200
+        body = resp.get_json()
+        assert "callbacks" in body
+        assert len(body["callbacks"]) == 3
+
+    def test_callback_shape(self, client: FlaskClient, admin_token: str) -> None:
+        eng = _make_engagement(client, admin_token)
+        _put_config(client, admin_token, eng["id"])
+
+        resp = client.get(
+            f"/api/engagements/{eng['id']}/c2/callbacks",
+            headers=_h(admin_token),
+        )
+        cb = resp.get_json()["callbacks"][0]
+        assert "display_id" in cb
+        assert "active" in cb
+        assert "host" in cb
+        assert "user" in cb
+        assert "domain" in cb
+        assert "last_checkin" in cb
+
+    def test_redteam_allowed(
+        self, client: FlaskClient, admin_token: str, redteam_token: str
+    ) -> None:
+        eng = _make_engagement(client, admin_token)
+        _put_config(client, admin_token, eng["id"])
+        resp = client.get(
+            f"/api/engagements/{eng['id']}/c2/callbacks",
+            headers=_h(redteam_token),
+        )
+        assert resp.status_code == 200
+
+
+class TestGetCallbacksErrorCases:
+    def test_404_when_no_config(self, client: FlaskClient, admin_token: str) -> None:
+        eng = _make_engagement(client, admin_token)
+        resp = client.get(
+            f"/api/engagements/{eng['id']}/c2/callbacks",
+            headers=_h(admin_token),
+        )
+        assert resp.status_code == 404
+
+    def test_404_engagement_not_found(self, client: FlaskClient, admin_token: str) -> None:
+        resp = client.get(
+            "/api/engagements/9999/c2/callbacks",
+            headers=_h(admin_token),
+        )
+        assert resp.status_code == 404
+
+    def test_403_soc(
+        self, client: FlaskClient, admin_token: str, soc_token: str
+    ) -> None:
+        eng = _make_engagement(client, admin_token)
+        resp = client.get(
+            f"/api/engagements/{eng['id']}/c2/callbacks",
+            headers=_h(soc_token),
+        )
+        assert resp.status_code == 403
+
+    def test_503_no_key(
+        self, monkeypatch, client: FlaskClient, admin_token: str
+    ) -> None:
+        monkeypatch.delenv("MIMIC_ENCRYPTION_KEY", raising=False)
+        eng = _make_engagement(client, admin_token)
+        resp = client.get(
+            f"/api/engagements/{eng['id']}/c2/callbacks",
+            headers=_h(admin_token),
+        )
+        assert resp.status_code == 503
+
+    def test_502_when_adapter_raises(
+        self, monkeypatch, client: FlaskClient, admin_token: str
+    ) -> None:
+        from backend.app.services.c2 import fake as fake_mod
+
+        def _boom(self):
+            raise C2Error("mythic unreachable")
+
+        monkeypatch.setattr(fake_mod.FakeAdapter, "list_callbacks", _boom)
+
+        eng = _make_engagement(client, admin_token)
+        _put_config(client, admin_token, eng["id"])
+
+        resp = client.get(
+            f"/api/engagements/{eng['id']}/c2/callbacks",
+            headers=_h(admin_token),
+        )
+        assert resp.status_code == 502
+        assert "mythic unreachable" in resp.get_json().get("error", "")