| Version | Status |
|---|---|
| 0.2.x | ✅ Security fixes |
| 0.1.x | ❌ End of life — please upgrade |
Please do not open a public GitHub issue for security bugs.
Email security@raven.example.com (replace with your real address) with:
- A clear description of the issue
- Steps to reproduce
- Affected version (
raven --version) - Impact assessment
We aim to acknowledge within 48 hours and ship a fix within 14 days for critical issues, 30 days for high, 90 days for medium/low.
Raven is an autonomous defense system. The threat model assumes:
| Trust zone | Component | Notes |
|---|---|---|
| Untrusted | Inbound HTTP traffic | All /ai/*, /hunt/*, /mitigate, /investigate/* mutations require JWT + role |
| Operator | Authenticated user with operator role |
Can run hunts, set targets, call AI |
| Privileged | Authenticated user with admin role |
Can hot-swap AI providers, set system prompts, save profiles |
| Internal | DB, Redis, AI providers | Reached only via NetworkPolicy-restricted egress |
| Out of band | SSH targets investigated by hunters | RejectPolicy host-key checks; operator pre-provisions known_hosts |
| Finding | Mitigation |
|---|---|
| F1 — base_url override → API key exfil | base_url validated against AI_ALLOWED_BASE_URLS allowlist + built-in defaults; route requires admin role |
F2 — filesystem read via /hunt/* |
repo_path must resolve inside SCAN_ROOT; route requires operator role |
| F3 — persistent prompt injection | /ai/system-prompt requires admin role; file loads jailed to CWD; all mutations audit-logged |
F4 — no auth on /ai/* |
JWT bearer required on every mutating route; CORS allowlist (no wildcard); rate-limiting middleware |
| F5 — profile name traversal | ^[A-Za-z0-9_-]{1,64}$ regex; route requires admin role |
| F6 — paramiko AutoAddPolicy MITM | RejectPolicy + operator-supplied known_hosts file; loud refusal on key mismatch |
- Password hashing: Argon2id (
t=2, m=19_456 KiB, p=1, OWASP 2023) - JWT: HS256 by default (HS256 acceptable for single-issuer single-audience); switch to RS256/EdDSA when federating
- TLS: terminated at the ingress (cert-manager + Let's Encrypt); pod-to-pod can use mTLS via service mesh
- Secrets at rest: mounted as K8s Secrets sourced from External Secrets Operator → AWS Secrets Manager / Vault
- Production startup checks refuse to boot when
SECRET_KEYis default,DEBUG=true, orCORS_ORIGINScontains*. - Audit log records every mutating authenticated request (actor, method, path, status, request ID, duration).
- Kill-chain destructive stages (Exploitation, Lateral Movement, Exfiltration, Privilege Escalation, Post-Exploitation) require an
adminrole approval via/hunt/killchain/approve.
- Day 0 — Researcher reports
- Day 1–2 — Triage + acknowledgement
- Day 3–14 — Fix + regression test + advisory drafted
- Day 14 — Coordinated release; CVE assigned if applicable
- Day 30 — Public advisory + remediation guide