ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity
216 Commits 1 Branch 0 Tags
main
Commit Graph

12 Commits

Author SHA1 Message Date
Username
c31923f491 containerfile: pin wheel>=0.46.2 in runtime stage 2026-02-16 22:32:55 +01:00
Username
cf27bd3f6a containerfile: pin wheel>=0.46.2 (CVE-2026-24049) 2026-02-16 22:26:56 +01:00
Username
60652e96b4 containerfile: consolidate to single alpine image 2026-01-21 12:17:47 +01:00
Username
f5f2f8f363 containerfile: remove vendored jaraco from setuptools, purge pip cache 2026-01-20 08:28:26 +01:00
Username
ee0e1211a6 containerfile: remove vendored jaraco.context dist-info 
setuptools vendors jaraco.context 5.3.0 internally; Trivy detects
this even with 6.1.0 installed separately. Remove the vendored
dist-info to silence the false positive.
 2026-01-18 16:29:41 +01:00
Username
278ad73778 containerfile: fix jaraco.context CVE and consolidate 
- explicitly install jaraco.context>=6.1.0 in runtime stage
  to override vendored copy in setuptools (GHSA-58pv-8j8x-9vj2)
- remove redundant installs from builder (requirements.txt
  already pins setuptools>=80.0 and jaraco.context>=6.1.0)
- consolidate runtime pip install into single command
- remove redundant comments
 2026-01-18 12:09:53 +01:00
Username
cc1bba9a57 container: upgrade system setuptools to fix jaraco.context CVE 2026-01-18 11:12:17 +01:00
Username
6c0e2ab07f container: use apt instead of apt-get 2026-01-18 10:46:47 +01:00
Username
ba0e591dda container: clean apt caches and upgrade setuptools for CVE fix 2026-01-18 10:44:24 +01:00
Username
4e38517faf pki: add minimal certificate authority 
- CA generation with encrypted private key storage (AES-256-GCM)
- Client certificate issuance with configurable validity
- Certificate revocation with status tracking
- SHA1 fingerprint integration with existing mTLS auth
- API endpoints: /pki/status, /pki/ca, /pki/issue, /pki/revoke
- CLI commands: fpaste pki status/issue/revoke
- Comprehensive test coverage
 2025-12-20 17:20:15 +01:00
Username
2272b1ff12 add /client endpoint to download fpaste CLI 2025-12-20 05:19:20 +01:00
Username
8f9868f0d9 flaskpaste: initial commit with security hardening 
Features:
- REST API for text/binary pastes with MIME detection
- Client certificate auth via X-SSL-Client-SHA1 header
- SQLite with WAL mode for concurrent access
- Automatic paste expiry with LRU cleanup

Security:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- Cache-Control: no-store for sensitive responses
- X-Request-ID tracing for log correlation
- X-Proxy-Secret validation for defense-in-depth
- Parameterized queries, input validation
- Size limits (3 MiB anon, 50 MiB auth)

Includes /health endpoint, container support, and 70 tests.
 2025-12-16 04:42:18 +01:00