claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity

validate MIN_ENTROPY config bounds [0, 8]

Browse Source
This commit is contained in:
Username
2025-12-26 18:47:06 +01:00
parent 3cda73c8b0
commit bc751d1b8c
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/config.py
View File

@@ -42,9 +42,11 @@ class Config:
# Minimum entropy requirement (0 = disabled)
# Encrypted data has ~7.5-8.0 bits/byte, plaintext ~4.0-5.0
# Set to 6.0+ to effectively require encryption
MIN_ENTROPY = float(os.environ.get("FLASKPASTE_MIN_ENTROPY", 0))
_min_entropy_raw = float(os.environ.get("FLASKPASTE_MIN_ENTROPY", 0))
MIN_ENTROPY = max(0.0, min(8.0, _min_entropy_raw)) # Clamp to valid range [0, 8]
# Minimum size for entropy check (small data has unreliable entropy measurement)
MIN_ENTROPY_SIZE = int(os.environ.get("FLASKPASTE_MIN_ENTROPY_SIZE", 256))
_min_entropy_size_raw = int(os.environ.get("FLASKPASTE_MIN_ENTROPY_SIZE", 256))
MIN_ENTROPY_SIZE = max(1, _min_entropy_size_raw) # Must be positive
# Require binary content (reject recognizable formats)
# Rejects content with known magic bytes (PNG, JPEG, PDF, etc.) and UTF-8 text.