claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity
216 Commits 1 Branch 0 Tags
main
Commit Graph

11 Commits

Author SHA1 Message Date
Username
6da80aec76 docs: update for simplified MIME detection (v1.5.1) 2025-12-26 19:52:40 +01:00
Username
fb45005766 add polyglot generator and MIME confusion tests 
- polyglot_generator.py: creates files valid in multiple formats
- 41 new tests verify MIME detection handles polyglots correctly
- Document rate limiting behavior under attack
- Clarify DMG/ISO/DOCX detection limitations
 2025-12-26 18:25:46 +01:00
Username
98694ba1cc docs: add comprehensive threat model 
STRIDE analysis covering:
- System architecture and trust boundaries
- Attack surface analysis (10 entry points)
- Threat actors (anonymous, authenticated, operator, sophisticated)
- 20+ threats with mitigations across STRIDE categories
- Security controls matrix
- MIME polyglot attack mitigations
- Cryptographic controls
- Residual risks and known limitations
- Incident response guidance
 2025-12-26 17:10:41 +01:00
Username
dc2da67fb3 add Hypothesis property-based MIME detection tests 
- test_magic_prefix_detection: verify all signatures with random suffix
- test_random_binary_never_crashes: random data never crashes
- test_partial_magic_no_false_match: truncated magic handled safely
- test_magic_not_at_start_ignored: only detect magic at offset 0
 2025-12-26 17:09:02 +01:00
Username
03bcb157cc add HEIC/HEIF/AVIF MIME detection signatures 
- Add ftyp box signatures for heic, mif1, and avif brands
- Add tests for new image formats
- Fix nested if lint warning in lookup rate limit
- Update security docs: MKV uses WebM header, TAR needs offset 257
 2025-12-26 17:04:51 +01:00
Username
93a4dd2f97 ci: add security headers audit to pipeline 2025-12-26 16:56:03 +01:00
Username
bd75f81afd add security testing suite and update docs 
- tests/security/pentest_session.py: comprehensive 10-phase pentest
- tests/security/profiled_server.py: cProfile-enabled server
- tests/security/cli_security_audit.py: CLI security checks
- tests/security/dos_memory_test.py: memory exhaustion tests
- tests/security/race_condition_test.py: concurrency tests
- docs: add pentest results, profiling analysis, new test commands
 2025-12-26 00:39:33 +01:00
Username
c1d2e39b09 docs: complete penetration testing status update 
All pentest items now complete:
- CLI security audit (clipboard, permissions)
- DoS memory exhaustion (fixed lookup rate limit)
- Race conditions (all protected by locks)
 2025-12-26 00:17:11 +01:00
Username
0fa6052f69 docs: update security testing status with completed tests 
- Add race condition testing results (HEAD triggers burn-after-read)
- Add timing attack analysis (PBKDF2 constant-time verified)
- Mark RPM, AVI, WAV MIME signatures as fixed
- Update security controls table with new verifications
 2025-12-25 23:58:42 +01:00
Username
4823ff7b5d docs: update MIME testing results (26 signatures tested) 2025-12-25 23:37:05 +01:00
Username
645f6feefd docs: add security testing status and remaining tasks 2025-12-25 23:04:33 +01:00