ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

entropy: exempt small content from check

Browse Source 
Small data has unreliable entropy measurement due to sample size.
MIN_ENTROPY_SIZE (default 256 bytes) sets the threshold.
This commit is contained in:
Username
2025-12-20 08:48:13 +01:00
parent 8addf2d9e8
commit 7deba711d4
4 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/config.py
View File

@@ -29,8 +29,10 @@ class Config:
# Minimum entropy requirement (0 = disabled)
# Encrypted data has ~7.5-8.0 bits/byte, plaintext ~4.0-5.0
# Set to 7.0+ to effectively require encryption
# Set to 6.0+ to effectively require encryption
MIN_ENTROPY = float(os.environ.get("FLASKPASTE_MIN_ENTROPY", 0))
# Minimum size for entropy check (small data has unreliable entropy measurement)
MIN_ENTROPY_SIZE = int(os.environ.get("FLASKPASTE_MIN_ENTROPY_SIZE", 256))
# Reverse proxy trust configuration
# SECURITY: The X-SSL-Client-SHA1 header is trusted for authentication.