insecure

package
v0.28.15-access-admin-... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 3, 2022 License: AGPL-3.0 Imports: 18 Imported by: 14

README

Insecure Package

The insecure package encapsulates tools and technologies for testing codebase against attack vectors of malicious nodes. The package and sub-packages namings are chosen in a way that reflect this purpose. This package is for testing only and should not be utilized for any production-grade development that affects production networks such as the mainnet.

Documentation

Index

Constants

View Source
const (
	ProtocolUnicast   = "protocol-unicast"
	ProtocolMulticast = "protocol-multicast"
	ProtocolPublish   = "protocol-publish"
	ProtocolUnknown   = "unknown-protocol"
)
View Source
const DefaultAddress = "localhost:0"

Variables

View Source
var Protocol_name = map[int32]string{
	0: "UNKNOWN",
	1: "UNICAST",
	2: "MULTICAST",
	3: "PUBLISH",
}
View Source
var Protocol_value = map[string]int32{
	"UNKNOWN":   0,
	"UNICAST":   1,
	"MULTICAST": 2,
	"PUBLISH":   3,
}

Functions

func EgressMessageFixture added in v0.28.0

func EgressMessageFixture(t *testing.T, codec network.Codec, protocol Protocol, content interface{}) (*Message, *EgressEvent, *flow.Identity)

EgressMessageFixture creates and returns a randomly generated gRPC egress message that is sent between a corruptible conduit and the orchestrator network. It also generates and returns the corresponding application-layer event of that message, which is sent between the orchestrator network and the orchestrator.

func EgressMessageFixtures added in v0.28.0

func EgressMessageFixtures(t *testing.T, codec network.Codec, protocol Protocol, count int) ([]*Message, []*EgressEvent,
	flow.IdentityList)

EgressMessageFixtures creates and returns randomly generated gRCP messages and their corresponding protocol-level events. The messages are sent between a corruptible conduit and the orchestrator network. The events are the corresponding protocol-level representation of messages.

func ProtocolStr added in v0.26.0

func ProtocolStr(p Protocol) string

func RegisterCorruptNetworkServer added in v0.28.0

func RegisterCorruptNetworkServer(s *grpc.Server, srv CorruptNetworkServer)

Types

type AttackOrchestrator

type AttackOrchestrator interface {
	// HandleEgressEvent implements logic of processing the outgoing events received from a corrupted node.
	// Corrupted nodes relay all their outgoing events to the orchestrator instead of dispatching them to the network.
	//
	// Note: as a design assumption, this method is invoked sequentially by the OrchestratorNetwork to pass the
	// events of corrupted nodes. Hence, no extra concurrency-safe consideration is needed.
	HandleEgressEvent(*EgressEvent) error

	Register(OrchestratorNetwork)

	// HandleIngressEvent implements the logic of processing an incoming event to a corrupted node.
	// Note: as a design assumption, this method is invoked sequentially by the OrchestratorNetwork to pass the
	// events of corrupted nodes. Hence, no extra concurrency-safe consideration is needed.
	HandleIngressEvent(*IngressEvent) error
}

AttackOrchestrator represents the stateful interface that implements a certain type of attack, e.g., wintermute attack.

type CorruptConduitFactory added in v0.28.0

type CorruptConduitFactory interface {
	network.ConduitFactory

	// SendOnFlowNetwork dispatches the given event to the networking layer of the node in order to be delivered
	// through the specified protocol to the target identifiers.
	SendOnFlowNetwork(interface{}, channels.Channel, Protocol, uint, ...flow.Identifier) error

	// UnregisterChannel is called by the slave conduits of this factory to let it know that the corresponding engine of the
	// conduit is not going to use it anymore, so the channel can be closed safely.
	UnregisterChannel(channels.Channel) error

	// RegisterEgressController sets the EgressController component of the factory. All outgoing messages of the (slave) conduits that
	// this factory creates are forwarded to the EgressController instead of being dispatched on the Flow network.
	RegisterEgressController(EgressController) error
}

type CorruptNetworkClient added in v0.28.0

type CorruptNetworkClient interface {
	// ConnectAttacker registers an attacker to the corrupt network.
	ConnectAttacker(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (CorruptNetwork_ConnectAttackerClient, error)
	// ProcessAttackerMessage is the central place for the corrupt network to process messages from an attacker.
	ProcessAttackerMessage(ctx context.Context, opts ...grpc.CallOption) (CorruptNetwork_ProcessAttackerMessageClient, error)
}

CorruptNetworkClient is the client API for CorruptNetwork service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewCorruptNetworkClient added in v0.28.0

func NewCorruptNetworkClient(cc *grpc.ClientConn) CorruptNetworkClient

type CorruptNetworkServer added in v0.28.0

type CorruptNetworkServer interface {
	// ConnectAttacker registers an attacker to the corrupt network.
	ConnectAttacker(*emptypb.Empty, CorruptNetwork_ConnectAttackerServer) error
	// ProcessAttackerMessage is the central place for the corrupt network to process messages from an attacker.
	ProcessAttackerMessage(CorruptNetwork_ProcessAttackerMessageServer) error
}

CorruptNetworkServer is the server API for CorruptNetwork service.

type CorruptNetwork_ConnectAttackerClient added in v0.28.0

type CorruptNetwork_ConnectAttackerClient interface {
	Recv() (*Message, error)
	grpc.ClientStream
}

type CorruptNetwork_ConnectAttackerServer added in v0.28.0

type CorruptNetwork_ConnectAttackerServer interface {
	Send(*Message) error
	grpc.ServerStream
}

type CorruptNetwork_ProcessAttackerMessageClient added in v0.28.0

type CorruptNetwork_ProcessAttackerMessageClient interface {
	Send(*Message) error
	CloseAndRecv() (*emptypb.Empty, error)
	grpc.ClientStream
}

type CorruptNetwork_ProcessAttackerMessageServer added in v0.28.0

type CorruptNetwork_ProcessAttackerMessageServer interface {
	SendAndClose(*emptypb.Empty) error
	Recv() (*Message, error)
	grpc.ServerStream
}

type CorruptedNodeConnection added in v0.25.2

type CorruptedNodeConnection interface {
	// SendMessage sends the message from orchestrator to the corrupted conduit factory.
	SendMessage(*Message) error

	// CloseConnection closes the connection to the corrupted conduit factory.
	CloseConnection() error
}

CorruptedNodeConnection abstracts connection from orchestrator to a corrupted conduit factory through the orchestrator network.

type CorruptedNodeConnector added in v0.25.2

type CorruptedNodeConnector interface {
	// Connect creates a connection the corruptible conduit factory of the given corrupted identity.
	Connect(irrecoverable.SignalerContext, flow.Identifier) (CorruptedNodeConnection, error)

	// WithIncomingMessageHandler sets the handler for the incoming messages from remote corrupted nodes.
	WithIncomingMessageHandler(func(*Message))
}

CorruptedNodeConnector establishes a connection to a remote corrupted node.

type EgressController added in v0.28.0

type EgressController interface {
	// HandleOutgoingEvent sends an outgoing event (of an engine) to the corruptible networking layer.
	HandleOutgoingEvent(interface{}, channels.Channel, Protocol, uint32, ...flow.Identifier) error

	// EngineClosingChannel informs the corruptible networking layer that the corresponding engine of the given channel is not going to
	// use it anymore, hence the channel can be closed.
	EngineClosingChannel(channels.Channel) error
}

EgressController defines part of the behavior of a corruptible networking layer that controls outbound traffic of its engines. By the outbound traffic, we mean the traffic from engine to networking layer that passes through conduits, i.e., egress traffic of the engine.

type EgressEvent added in v0.28.0

type EgressEvent struct {
	CorruptOriginId flow.Identifier  // identifier of corrupt flow node that this corrupt conduit belongs to
	Channel         channels.Channel // channel of the event on the corrupt conduit
	Protocol        Protocol         // networking-layer protocol that this event was meant to send on.
	TargetNum       uint32           // number of randomly chosen targets (used in multicast protocol).

	// set of target identifiers (can be any subset of nodes, either honest or corrupt).
	TargetIds flow.IdentifierList

	// the protocol-level event that the corrupt node is relaying to
	// the attacker. The event is originated by the corrupt node, and is
	// sent to attacker to decide on its content before dispatching it to the
	// Flow network.
	FlowProtocolEvent interface{}
}

EgressEvent represents the data model that is exchanged between the attacker and the attack orchestrator. An egress event is the protocol-level representation of an outgoing message of a corrupt conduit (of a corrupt node). The corrupt conduit relays the message to the attacker instead of dispatching it through the Flow network. The attacker decodes the message into an event and relays it to the orchestrator. Each corrupt conduit is uniquely identified by 1) corrupt node ID and 2) channel

type EgressMessage added in v0.28.0

type EgressMessage struct {
	ChannelID string `protobuf:"bytes,1,opt,name=ChannelID,proto3" json:"ChannelID,omitempty"`
	// CorruptOriginID represents the corrupt node id where the outgoing message is coming from.
	CorruptOriginID      []byte   `protobuf:"bytes,2,opt,name=CorruptOriginID,proto3" json:"CorruptOriginID,omitempty"`
	TargetNum            uint32   `protobuf:"varint,3,opt,name=TargetNum,proto3" json:"TargetNum,omitempty"`
	TargetIDs            [][]byte `protobuf:"bytes,4,rep,name=TargetIDs,proto3" json:"TargetIDs,omitempty"`
	Payload              []byte   `protobuf:"bytes,5,opt,name=Payload,proto3" json:"Payload,omitempty"`
	Protocol             Protocol `protobuf:"varint,6,opt,name=protocol,proto3,enum=net.Protocol" json:"protocol,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

EgressMessage represents an outgoing message from a corrupt node to another (honest or corrupt) node. The exchanged message is between the CorruptConduitFactory and Attacker.

func (*EgressMessage) Descriptor added in v0.28.0

func (*EgressMessage) Descriptor() ([]byte, []int)

func (*EgressMessage) GetChannelID added in v0.28.0

func (m *EgressMessage) GetChannelID() string

func (*EgressMessage) GetCorruptOriginID added in v0.28.0

func (m *EgressMessage) GetCorruptOriginID() []byte

func (*EgressMessage) GetPayload added in v0.28.0

func (m *EgressMessage) GetPayload() []byte

func (*EgressMessage) GetProtocol added in v0.28.0

func (m *EgressMessage) GetProtocol() Protocol

func (*EgressMessage) GetTargetIDs added in v0.28.0

func (m *EgressMessage) GetTargetIDs() [][]byte

func (*EgressMessage) GetTargetNum added in v0.28.0

func (m *EgressMessage) GetTargetNum() uint32

func (*EgressMessage) ProtoMessage added in v0.28.0

func (*EgressMessage) ProtoMessage()

func (*EgressMessage) Reset added in v0.28.0

func (m *EgressMessage) Reset()

func (*EgressMessage) String added in v0.28.0

func (m *EgressMessage) String() string

func (*EgressMessage) XXX_DiscardUnknown added in v0.28.0

func (m *EgressMessage) XXX_DiscardUnknown()

func (*EgressMessage) XXX_Marshal added in v0.28.0

func (m *EgressMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EgressMessage) XXX_Merge added in v0.28.0

func (m *EgressMessage) XXX_Merge(src proto.Message)

func (*EgressMessage) XXX_Size added in v0.28.0

func (m *EgressMessage) XXX_Size() int

func (*EgressMessage) XXX_Unmarshal added in v0.28.0

func (m *EgressMessage) XXX_Unmarshal(b []byte) error

type IngressController added in v0.28.0

type IngressController interface {
	// HandleIncomingEvent sends an incoming event (to an engine) to the corrupted networking layer to process.
	// Boolean return type represents whether attacker is registered with the corrupted network.
	// Returns true if it is, false otherwise.
	HandleIncomingEvent(interface{}, channels.Channel, flow.Identifier) bool
}

IngressController defines part of behavior of a corrupted networking layer that controls the inbound traffic of the engines registered to it. By the inbound traffic, we mean the traffic from networking layer to the engine that carries on the messages from remote nodes to this engine.

type IngressEvent added in v0.28.0

type IngressEvent struct {
	OriginID          flow.Identifier
	CorruptTargetID   flow.Identifier // corrupt node Id
	Channel           channels.Channel
	FlowProtocolEvent interface{}
}

IngressEvent is the incoming event coming to a corrupt node (from an honest or corrupt node)

type IngressMessage added in v0.28.0

type IngressMessage struct {
	ChannelID string `protobuf:"bytes,1,opt,name=ChannelID,proto3" json:"ChannelID,omitempty"`
	// OriginID represents the node id where the incoming message is coming from - that node could be corrupt or honest.
	OriginID             []byte   `protobuf:"bytes,2,opt,name=OriginID,proto3" json:"OriginID,omitempty"`
	CorruptTargetID      []byte   `protobuf:"bytes,3,opt,name=CorruptTargetID,proto3" json:"CorruptTargetID,omitempty"`
	Payload              []byte   `protobuf:"bytes,4,opt,name=Payload,proto3" json:"Payload,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

IngressMessage represents an incoming message from another node (honest or corrupt) to a corrupt node.

func (*IngressMessage) Descriptor added in v0.28.0

func (*IngressMessage) Descriptor() ([]byte, []int)

func (*IngressMessage) GetChannelID added in v0.28.0

func (m *IngressMessage) GetChannelID() string

func (*IngressMessage) GetCorruptTargetID added in v0.28.0

func (m *IngressMessage) GetCorruptTargetID() []byte

func (*IngressMessage) GetOriginID added in v0.28.0

func (m *IngressMessage) GetOriginID() []byte

func (*IngressMessage) GetPayload added in v0.28.0

func (m *IngressMessage) GetPayload() []byte

func (*IngressMessage) ProtoMessage added in v0.28.0

func (*IngressMessage) ProtoMessage()

func (*IngressMessage) Reset added in v0.28.0

func (m *IngressMessage) Reset()

func (*IngressMessage) String added in v0.28.0

func (m *IngressMessage) String() string

func (*IngressMessage) XXX_DiscardUnknown added in v0.28.0

func (m *IngressMessage) XXX_DiscardUnknown()

func (*IngressMessage) XXX_Marshal added in v0.28.0

func (m *IngressMessage) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IngressMessage) XXX_Merge added in v0.28.0

func (m *IngressMessage) XXX_Merge(src proto.Message)

func (*IngressMessage) XXX_Size added in v0.28.0

func (m *IngressMessage) XXX_Size() int

func (*IngressMessage) XXX_Unmarshal added in v0.28.0

func (m *IngressMessage) XXX_Unmarshal(b []byte) error

type Message

type Message struct {
	Egress               *EgressMessage  `protobuf:"bytes,1,opt,name=Egress,proto3" json:"Egress,omitempty"`
	Ingress              *IngressMessage `protobuf:"bytes,2,opt,name=Ingress,proto3" json:"Ingress,omitempty"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

Message represents the messages exchanged between the CorruptNetwork (server) and Attacker (client). This is a wrapper for both egress and ingress messages.

func IngressMessageFixture added in v0.28.0

func IngressMessageFixture(t *testing.T, codec network.Codec, protocol Protocol, content interface{}) *Message

IngressMessageFixture creates and returns a randomly generated gRPC ingress message that is sent from a corruptible network to the orchestrator network.

func (*Message) Descriptor

func (*Message) Descriptor() ([]byte, []int)

func (*Message) GetEgress added in v0.28.0

func (m *Message) GetEgress() *EgressMessage

func (*Message) GetIngress added in v0.28.0

func (m *Message) GetIngress() *IngressMessage

func (*Message) ProtoMessage

func (*Message) ProtoMessage()

func (*Message) Reset

func (m *Message) Reset()

func (*Message) String

func (m *Message) String() string

func (*Message) XXX_DiscardUnknown

func (m *Message) XXX_DiscardUnknown()

func (*Message) XXX_Marshal

func (m *Message) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Message) XXX_Merge

func (m *Message) XXX_Merge(src proto.Message)

func (*Message) XXX_Size

func (m *Message) XXX_Size() int

func (*Message) XXX_Unmarshal

func (m *Message) XXX_Unmarshal(b []byte) error

type OrchestratorNetwork added in v0.28.0

type OrchestratorNetwork interface {
	component.Component
	// SendEgress is called when the attack orchestrator sends an egress message to another node (corrupt or honest) via the corrupt flow network.
	SendEgress(*EgressEvent) error

	// SendIngress is called when an attack orchestrator allows a message (sent from an honest or corrupt node) to reach a corrupt node.
	// The message could be the originally intended message or another valid message (as necessary for the attack).
	SendIngress(*IngressEvent) error

	// Observe is the inbound message handler of the attack orchestrator network.
	// "Inbound" message means it's coming into the orchestrator network (either from a corrupt node, for an egress message OR
	// from another node on the network (honest or corrupt), for an ingress message).
	// The message that is observed can be an ingress or egress message.
	// An observed egress message is when a corrupt node (that's controlled by an attack orchestrator) sends a message to another node.
	// An observed ingress message is when another node sends a message to a corrupt node that's controlled by the attack orchestrator.
	// Instead of dispatching messages to the networking layer of Flow, the corrupt network
	// dispatches the message to the orchestrator network through a remote call to this method.
	Observe(*Message)
}

OrchestratorNetwork represents the networking interface that is available to the attack orchestrator for sending messages "through" the corrupt network and corrupt nodes "to" the rest of the network. This interface is used by attack orchestrators to communicate with the corrupt network.

type Protocol

type Protocol int32
const (
	Protocol_UNKNOWN   Protocol = 0
	Protocol_UNICAST   Protocol = 1
	Protocol_MULTICAST Protocol = 2
	Protocol_PUBLISH   Protocol = 3
)

func (Protocol) EnumDescriptor

func (Protocol) EnumDescriptor() ([]byte, []int)

func (Protocol) String

func (x Protocol) String() string

type UnimplementedCorruptNetworkServer added in v0.28.0

type UnimplementedCorruptNetworkServer struct {
}

UnimplementedCorruptNetworkServer can be embedded to have forward compatible implementations.

func (*UnimplementedCorruptNetworkServer) ConnectAttacker added in v0.28.0

func (*UnimplementedCorruptNetworkServer) ProcessAttackerMessage added in v0.28.0

Directories

Path Synopsis
cmd
integration

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL