feat(db): enhance public key conflict handling#4555
Merged
Merged
Conversation
Strengthens the `NodeInfoDao` logic to provide robust protection against public key conflict (PKC) and identity wipe attacks. Key changes include: - Updates will no longer clear a known valid public key, even if an incoming packet indicates `is_licensed=true`. This prevents an attacker from wiping a node's identity from the database. - Refactors the key resolution logic into a dedicated `resolvePublicKey` function for clarity. - If an incoming update is a placeholder (default name, unset hardware model), the existing node's identity (user info, keys) is now preserved while still updating metadata like last heard time and telemetry. - Adds and updates tests to verify the new security logic, including scenarios for key mismatches, routine updates, and licensed users. - Updates `AGENTS.md` and `core/database/README.md` to document the new database safety and PKC handling rules for developers. Signed-off-by: James Rich <2199651+jamesarich@users.noreply.github.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4555 +/- ##
==========================================
+ Coverage 14.43% 14.50% +0.07%
==========================================
Files 424 427 +3
Lines 14582 14599 +17
Branches 2428 2427 -1
==========================================
+ Hits 2105 2118 +13
- Misses 12173 12175 +2
- Partials 304 306 +2 ☔ View full report in Codecov by Sentry. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Strengthens the
NodeInfoDaologic to provide robust protection against public key conflict (PKC) and identity wipe attacks.Key changes include:
is_licensed=true. This prevents an attacker from wiping a node's identity from the database.resolvePublicKeyfunction for clarity.