vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-28 11:30:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
3334 commits 5 branches 426 tags 376 MiB
Commit graph

5 commits

Author SHA1 Message Date
rcourtman
c6bd8cb74c Improve internal package test coverage 2025-12-29 17:25:21 +00:00
rcourtman
8198d05993 test: Add tests for SSH knownhosts error and path methods 
- HostKeyChangeError.Error(): message formatting
- HostKeyChangeError.Unwrap(): error chain verification
- manager.Path(): path retrieval
- HostFieldMatches(): host matching patterns

ssh/knownhosts coverage: 72.2% → 75.0%
 2025-12-01 17:50:13 +00:00
rcourtman
b2e65f7b3e feat(security): Add SSH output limits and improve host key management 
Addresses two security vulnerabilities:

1. SSH Output Size Limits:
   - Prevents memory exhaustion from malicious remote nodes
   - Configurable max_ssh_output_bytes (default 1MB)
   - Stream with io.LimitReader to cap output size
   - New metric: pulse_proxy_ssh_output_oversized_total{node}
   - WARN logging for oversized outputs

2. Improved Host Key Management:
   - Seed host keys from Proxmox cluster store (/etc/pve/priv/known_hosts)
   - Falls back to ssh-keyscan only if Proxmox unavailable (with WARN)
   - Fingerprint change detection with ERROR logging
   - require_proxmox_hostkeys option for strict mode
   - New metric: pulse_proxy_hostkey_changes_total{node}
   - Reduces MITM attack surface significantly

Known hosts manager now normalizes entries, reuses existing fingerprints,
and raises typed HostKeyChangeError when fingerprints differ.

Related to security audit 2025-11-07.

Co-authored-by: Codex <codex@openai.com>
 2025-11-07 17:09:02 +00:00
rcourtman
94b07a892e Fix test failures from API signature changes 
Fixed two test failures identified by go vet:

1. SSH knownhosts manager tests
   - Updated keyscanFunc signatures from (ctx, host, timeout) to (ctx, host, port, timeout)
   - Affected 4 test functions in manager_test.go
   - Matches recent API change adding port parameter for flexibility

2. Monitor temperature toggle test
   - Removed obsolete test file monitor_temperature_toggle_test.go
   - Test was checking internal implementation details that have changed
   - Enable/DisableTemperatureMonitoring() now only log (interface compatibility)
   - Temperature collection is managed differently in current architecture

Impact:
- All tests now compile successfully
- Removes obsolete test that no longer reflects current behavior
- Updates remaining tests to match current API signatures
 2025-11-07 10:43:06 +00:00
rcourtman
524f42cc28 security: complete Phase 1 sensor proxy hardening 
Implements comprehensive security hardening for pulse-sensor-proxy:
- Privilege drop from root to unprivileged user (UID 995)
- Hash-chained tamper-evident audit logging with remote forwarding
- Per-UID rate limiting (0.2 QPS, burst 2) with concurrency caps
- Enhanced command validation with 10+ attack pattern tests
- Fuzz testing (7M+ executions, 0 crashes)
- SSH hardening, AppArmor/seccomp profiles, operational runbooks

All 27 Phase 1 tasks complete. Ready for production deployment.
 2025-10-20 15:13:37 +00:00