2026-06-11 10:29:19 +00:00
5 changed files with 205 additions and 66 deletions
--- a/backend/app/api/c2.py
+++ b/backend/app/api/c2.py
@@ -500,7 +500,6 @@ def import_tasks(sid: int):
                db.session.add(task)
                db.session.flush()
                apply_task_to_simulation(task, sim)
-                task.mapping_applied = True
            else:
                db.session.add(task)

--- a/backend/app/services/c2/mapping.py
+++ b/backend/app/services/c2/mapping.py
@@ -1,8 +1,9 @@
 """C2 task → Simulation output mapping.

-apply_task_to_simulation() writes task output into the simulation's
-execution_result field and marks the task as mapping_applied=True so that
-the operation is idempotent (safe to call multiple times for the same task).
+apply_task_to_simulation() implements the full §0.11 contract:
+  1. execution_result — append "$ <command>\n<output>\n" block.
+  2. executed_at — set from task.completed_at when currently null.
+  3. commands — append task.command deduplicated line-by-line.

 Caller is responsible for committing the session.
 """
@@ -15,24 +16,38 @@ from backend.app.models.simulation import Simulation


 def apply_task_to_simulation(task: C2Task, simulation: Simulation) -> None:
-    """Write task output into simulation.execution_result (append, newline-separated).
+    """Apply completed task data to simulation fields per §0.11.

-    No-op if task.mapping_applied is already True or task.output is empty.
-    Marks task.mapping_applied = True on completion.
+    Idempotent: no-op when task.mapping_applied is already True.
+    Always sets mapping_applied = True on exit so the task is never re-processed.
    """
    if task.mapping_applied:
        return

    output = (task.output or "").strip()
-    if not output:
-        task.mapping_applied = True
-        return

-    existing = (simulation.execution_result or "").rstrip("\n")
-    if existing:
-        simulation.execution_result = existing + "\n" + output
-    else:
-        simulation.execution_result = output
+    # 1) execution_result — "$ <command>\n<output>\n" block, only when output is non-empty.
+    if output:
+        block = f"$ {task.command}\n{output}\n"
+        existing = simulation.execution_result or ""
+        if existing:
+            sep = "" if existing.endswith("\n") else "\n"
+            simulation.execution_result = existing + sep + block
+        else:
+            simulation.execution_result = block
+
+    # 2) executed_at — set once from the first completed task's timestamp.
+    if simulation.executed_at is None and task.completed_at is not None:
+        simulation.executed_at = task.completed_at
+
+    # 3) commands — append deduplicated line.
+    if task.command:
+        existing_cmds = (simulation.commands or "").splitlines()
+        if task.command.strip() not in (line.strip() for line in existing_cmds):
+            if simulation.commands:
+                simulation.commands = simulation.commands + "\n" + task.command
+            else:
+                simulation.commands = task.command

    simulation.updated_at = datetime.now(UTC)
    task.mapping_applied = True
--- a/backend/app/services/c2/mythic.py
+++ b/backend/app/services/c2/mythic.py
@@ -158,7 +158,7 @@ class MythicAdapter(C2Adapter):
        try:
            data = self._post({"query": _CALLBACKS_QUERY})
        except requests.RequestException as exc:
-            raise C2Error(str(exc)) from exc
+            raise C2Error(f"C2 transport error: {type(exc).__name__}") from exc

        callbacks_raw = data.get("data", {}).get("callback", [])
        return [
@@ -190,7 +190,7 @@ class MythicAdapter(C2Adapter):
                },
            })
        except requests.RequestException as exc:
-            raise C2Error(str(exc)) from exc
+            raise C2Error(f"C2 transport error: {type(exc).__name__}") from exc

        task_data = data.get("data", {}).get("createTask", {})
        error_msg = task_data.get("error")
@@ -206,7 +206,7 @@ class MythicAdapter(C2Adapter):
                "variables": {"display_id": task_display_id},
            })
        except requests.RequestException as exc:
-            raise C2Error(str(exc)) from exc
+            raise C2Error(f"C2 transport error: {type(exc).__name__}") from exc

        rows = data.get("data", {}).get("task", [])
        if not rows:
@@ -238,7 +238,7 @@ class MythicAdapter(C2Adapter):
                "variables": {"display_id": task_display_id},
            })
        except requests.RequestException as exc:
-            raise C2Error(str(exc)) from exc
+            raise C2Error(f"C2 transport error: {type(exc).__name__}") from exc

        rows = data.get("data", {}).get("response", [])
        return "".join(
@@ -269,7 +269,7 @@ class MythicAdapter(C2Adapter):
                "variables": {"callback_display_id": callback_display_id},
            })
        except requests.RequestException as exc:
-            raise C2Error(str(exc)) from exc
+            raise C2Error(f"C2 transport error: {type(exc).__name__}") from exc

        rows = data.get("data", {}).get("task", [])
        total: int = (
--- a/backend/tests/test_c2_adapter_mythic.py
+++ b/backend/tests/test_c2_adapter_mythic.py
@@ -124,6 +124,20 @@ class TestMythicAdapterCreateTask:
                adapter.create_task(1, "whoami")


+class TestMythicAdapterErrorSanitization:
+    def test_connection_error_message_does_not_contain_url(self, adapter):
+        """C2Error message must not expose the configured Mythic URL."""
+        with rm_module.Mocker() as m:
+            m.post(_GQL_URL, exc=requests.exceptions.ConnectionError(
+                f"HTTPSConnectionPool(host='{_BASE_URL}', port=7443): Max retries exceeded"
+            ))
+            with pytest.raises(C2Error) as exc_info:
+                adapter.list_callbacks()
+
+        assert _BASE_URL not in str(exc_info.value)
+        assert "ConnectionError" in str(exc_info.value)
+
+
 class TestMythicAdapterNoRedirects:
    def test_does_not_follow_redirect(self, adapter):
        """Adapter must not follow HTTP redirects (allow_redirects=False)."""
--- a/backend/tests/test_c2_mapping.py
+++ b/backend/tests/test_c2_mapping.py
@@ -1,4 +1,4 @@
-"""Unit tests for apply_task_to_simulation() mapping helper."""
+"""Unit tests for apply_task_to_simulation() mapping helper — §0.11 contract."""
 from __future__ import annotations

 from datetime import UTC, datetime
@@ -7,91 +7,202 @@ from unittest.mock import MagicMock
 from backend.app.services.c2.mapping import apply_task_to_simulation


-def _make_task(output: str | None = "whoami output", mapping_applied: bool = False) -> MagicMock:
+def _make_task(
+    command: str = "whoami",
+    output: str | None = "root",
+    mapping_applied: bool = False,
+    completed_at: datetime | None = None,
+) -> MagicMock:
    task = MagicMock()
+    task.command = command
    task.output = output
    task.mapping_applied = mapping_applied
+    task.completed_at = completed_at
    return task


-def _make_sim(execution_result: str | None = None) -> MagicMock:
+def _make_sim(
+    execution_result: str | None = None,
+    executed_at: datetime | None = None,
+    commands: str | None = None,
+) -> MagicMock:
    sim = MagicMock()
    sim.execution_result = execution_result
+    sim.executed_at = executed_at
+    sim.commands = commands
    sim.updated_at = None
    return sim


-class TestApplyTaskToSimulation:
-    def test_appends_output_to_empty_simulation(self):
-        task = _make_task(output="whoami output")
-        sim = _make_sim(execution_result=None)
+class TestExecutionResult:
+    def test_first_task_produces_command_block(self):
+        task = _make_task(command="whoami", output="root")
+        sim = _make_sim()

        apply_task_to_simulation(task, sim)

-        assert sim.execution_result == "whoami output"
-        assert task.mapping_applied is True
+        assert sim.execution_result == "$ whoami\nroot\n"

-    def test_appends_with_newline_separator(self):
-        task = _make_task(output="second result")
-        sim = _make_sim(execution_result="first result")
+    def test_second_task_appended_with_block_separator(self):
+        """Two tasks → two '$ command\noutput\n' blocks separated by a single newline."""
+        sim = _make_sim()
+        t1 = _make_task(command="whoami", output="root")
+        t2 = _make_task(command="hostname", output="lab-1")
+
+        apply_task_to_simulation(t1, sim)
+        apply_task_to_simulation(t2, sim)
+
+        assert sim.execution_result == "$ whoami\nroot\n$ hostname\nlab-1\n"
+
+    def test_no_double_blank_line_when_existing_ends_with_newline(self):
+        """If existing result already ends with \n, no extra blank line is inserted."""
+        sim = _make_sim(execution_result="$ id\nuid=0\n")
+        task = _make_task(command="hostname", output="lab-1")

        apply_task_to_simulation(task, sim)

-        assert sim.execution_result == "first result\nsecond result"
+        assert sim.execution_result == "$ id\nuid=0\n$ hostname\nlab-1\n"

-    def test_idempotent_when_already_applied(self):
-        task = _make_task(output="some output", mapping_applied=True)
-        sim = _make_sim(execution_result="existing")
-
-        apply_task_to_simulation(task, sim)
-
-        # execution_result must not be modified.
-        assert sim.execution_result == "existing"
-
-    def test_no_op_when_output_is_empty_string(self):
+    def test_empty_output_skips_block_but_marks_applied(self):
        task = _make_task(output="")
-        sim = _make_sim(execution_result="existing")
+        sim = _make_sim(execution_result="$ id\nuid=0\n")

        apply_task_to_simulation(task, sim)

-        assert sim.execution_result == "existing"
-        # Still marks mapping_applied so we don't revisit it.
+        assert sim.execution_result == "$ id\nuid=0\n"
        assert task.mapping_applied is True

-    def test_no_op_when_output_is_none(self):
+    def test_none_output_skips_block_but_marks_applied(self):
        task = _make_task(output=None)
+        sim = _make_sim()
+
+        apply_task_to_simulation(task, sim)
+
+        assert sim.execution_result is None
+        assert task.mapping_applied is True
+
+    def test_command_with_empty_string_produces_dollar_header(self):
+        """Empty command → block header is '$ \n<output>\n' (consistent, not suppressed)."""
+        task = _make_task(command="", output="some output")
+        sim = _make_sim()
+
+        apply_task_to_simulation(task, sim)
+
+        assert sim.execution_result == "$  \nsome output\n" or sim.execution_result == "$ \nsome output\n"
+
+
+class TestExecutedAt:
+    def test_sets_executed_at_from_task_when_null(self):
+        ts = datetime(2026, 6, 10, 12, 0, 0, tzinfo=UTC)
+        task = _make_task(completed_at=ts)
+        sim = _make_sim(executed_at=None)
+
+        apply_task_to_simulation(task, sim)
+
+        assert sim.executed_at == ts
+
+    def test_does_not_overwrite_existing_executed_at(self):
+        original_ts = datetime(2026, 6, 1, 0, 0, 0, tzinfo=UTC)
+        later_ts = datetime(2026, 6, 10, 12, 0, 0, tzinfo=UTC)
+        task = _make_task(completed_at=later_ts)
+        sim = _make_sim(executed_at=original_ts)
+
+        apply_task_to_simulation(task, sim)
+
+        assert sim.executed_at == original_ts
+
+    def test_executed_at_stays_null_when_task_completed_at_is_none(self):
+        task = _make_task(completed_at=None)
+        sim = _make_sim(executed_at=None)
+
+        apply_task_to_simulation(task, sim)
+
+        assert sim.executed_at is None
+
+    def test_first_task_sets_executed_at_second_does_not_overwrite(self):
+        ts1 = datetime(2026, 6, 10, 10, 0, 0, tzinfo=UTC)
+        ts2 = datetime(2026, 6, 10, 11, 0, 0, tzinfo=UTC)
+        t1 = _make_task(command="whoami", output="root", completed_at=ts1)
+        t2 = _make_task(command="hostname", output="lab-1", completed_at=ts2)
+        sim = _make_sim(executed_at=None)
+
+        apply_task_to_simulation(t1, sim)
+        apply_task_to_simulation(t2, sim)
+
+        assert sim.executed_at == ts1
+
+
+class TestCommandsDedup:
+    def test_appends_command_to_empty_commands(self):
+        task = _make_task(command="whoami", output="root")
+        sim = _make_sim(commands=None)
+
+        apply_task_to_simulation(task, sim)
+
+        assert sim.commands == "whoami"
+
+    def test_appends_second_distinct_command(self):
+        sim = _make_sim(commands=None)
+        t1 = _make_task(command="whoami", output="root")
+        t2 = _make_task(command="hostname", output="lab-1")
+
+        apply_task_to_simulation(t1, sim)
+        apply_task_to_simulation(t2, sim)
+
+        assert sim.commands == "whoami\nhostname"
+
+    def test_deduplicates_repeated_command(self):
+        sim = _make_sim(commands=None)
+        t1 = _make_task(command="whoami", output="root")
+        t2 = _make_task(command="whoami", output="root2")
+
+        apply_task_to_simulation(t1, sim)
+        apply_task_to_simulation(t2, sim)
+
+        assert sim.commands == "whoami"
+
+    def test_dedup_is_case_and_whitespace_stripped(self):
+        sim = _make_sim(commands="whoami")
+        task = _make_task(command="  whoami  ", output="root")
+
+        apply_task_to_simulation(task, sim)
+
+        # "  whoami  ".strip() == "whoami" which is already present → no append.
+        assert sim.commands == "whoami"
+
+    def test_empty_command_not_appended(self):
+        task = _make_task(command="", output="output")
+        sim = _make_sim(commands=None)
+
+        apply_task_to_simulation(task, sim)
+
+        # task.command is falsy → commands block skipped.
+        assert sim.commands is None
+
+
+class TestIdempotency:
+    def test_no_op_when_mapping_already_applied(self):
+        task = _make_task(output="root", mapping_applied=True)
        sim = _make_sim(execution_result="existing")

        apply_task_to_simulation(task, sim)

        assert sim.execution_result == "existing"
-        assert task.mapping_applied is True

-    def test_strips_trailing_newlines_from_existing(self):
-        """Existing execution_result with trailing newlines should not cause double blank lines."""
-        task = _make_task(output="new output")
-        sim = _make_sim(execution_result="old output\n\n")
+    def test_always_marks_mapping_applied(self):
+        task = _make_task(output="root")
+        sim = _make_sim()

        apply_task_to_simulation(task, sim)

-        assert sim.execution_result == "old output\nnew output"
+        assert task.mapping_applied is True

-    def test_updated_at_is_set_on_sim(self):
-        task = _make_task(output="something")
-        sim = _make_sim(execution_result=None)
+    def test_updated_at_is_set(self):
+        task = _make_task(output="root")
+        sim = _make_sim()
        before = datetime.now(UTC)

        apply_task_to_simulation(task, sim)

        assert sim.updated_at is not None
        assert sim.updated_at >= before
-
-    def test_multiple_tasks_accumulate(self):
-        sim = _make_sim(execution_result=None)
-        tasks = [_make_task(output=f"result {i}") for i in range(3)]
-
-        for t in tasks:
-            apply_task_to_simulation(t, sim)
-
-        lines = sim.execution_result.split("\n")
-        assert lines == ["result 0", "result 1", "result 2"]