feat(backend): c2 crypto + config CRUD + adapter scaffolding (sprint 8 M1)

- Add Fernet crypto service (MIMIC_ENCRYPTION_KEY env, C2Disabled on absent key) - Add Alembic migration 0006: c2_config + c2_task tables with cascade FKs - Add C2Config and C2Task SQLAlchemy models - Add C2Adapter ABC with dataclasses (C2Health, C2Callback, C2TaskStatus, C2TaskPage) - Add FakeAdapter (deterministic in-memory, MIMIC_C2_ADAPTER=fake) - Add MythicAdapter scaffold: test_connection() live, M2+ raise NotImplementedError - Add decode_response_text() helper for base64/binary Mythic responses - Add GET/PUT/DELETE/POST-test /api/engagements/<id>/c2-config endpoints - RBAC: admin+redteam OK, SOC 403; 503 guard when encryption key absent - Token never returned in API responses; stored Fernet-encrypted only - 42 new tests (300 total, 258 baseline preserved green) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-10 19:20:52 +02:00
parent 813e69ee01
commit 9a9c98beab
18 changed files with 1300 additions and 2 deletions
--- a/backend/migrations/versions/0006_c2_layer.py
+++ b/backend/migrations/versions/0006_c2_layer.py
@@ -0,0 +1,67 @@
+"""create c2_config and c2_task tables
+
+Revision ID: 0006
+Revises: 0005
+Create Date: 2026-06-10 00:00:00.000000
+"""
+import sqlalchemy as sa
+from alembic import op
+
+revision = "0006"
+down_revision = "0005"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.create_table(
+        "c2_config",
+        sa.Column("id", sa.Integer(), primary_key=True),
+        sa.Column(
+            "engagement_id",
+            sa.Integer(),
+            sa.ForeignKey("engagements.id", ondelete="CASCADE"),
+            nullable=False,
+            unique=True,
+        ),
+        sa.Column("url", sa.Text(), nullable=False),
+        sa.Column("api_token_encrypted", sa.Text(), nullable=False),
+        sa.Column("verify_tls", sa.Boolean(), nullable=False, server_default=sa.true()),
+        sa.Column("created_at", sa.DateTime(), nullable=False),
+        sa.Column("updated_at", sa.DateTime(), nullable=True),
+    )
+    op.create_index("ix_c2_config_engagement_id", "c2_config", ["engagement_id"])
+
+    op.create_table(
+        "c2_task",
+        sa.Column("id", sa.Integer(), primary_key=True),
+        sa.Column(
+            "simulation_id",
+            sa.Integer(),
+            sa.ForeignKey("simulations.id", ondelete="CASCADE"),
+            nullable=False,
+            index=True,
+        ),
+        sa.Column("mythic_task_display_id", sa.Integer(), nullable=False),
+        sa.Column("callback_display_id", sa.Integer(), nullable=False),
+        sa.Column("command", sa.Text(), nullable=False),
+        sa.Column("params", sa.Text(), nullable=True),
+        sa.Column("status", sa.Text(), nullable=False),
+        sa.Column("completed", sa.Boolean(), nullable=False, server_default=sa.false()),
+        sa.Column("output", sa.Text(), nullable=True),
+        sa.Column(
+            "source",
+            sa.Enum("mimic", "import", name="c2task_source"),
+            nullable=False,
+        ),
+        sa.Column("created_at", sa.DateTime(), nullable=False),
+        sa.Column("completed_at", sa.DateTime(), nullable=True),
+    )
+
+
+def downgrade() -> None:
+    op.drop_table("c2_task")
+    op.drop_index("ix_c2_config_engagement_id", "c2_config")
+    op.drop_table("c2_config")
+    # Remove the enum type (no-op on SQLite, required on Postgres)
+    sa.Enum(name="c2task_source").drop(op.get_bind(), checkfirst=True)