claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity
216 Commits 1 Branch 0 Tags
main
Commit Graph

216 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Username
ff05f1b289 docs: add MIME detection security assessment 2025-12-25 22:21:35 +01:00
Username
4a44d846c2 pentest: add MIME detection abuse scenarios 2025-12-25 22:05:42 +01:00
Username
0c8bdacfd2 fix ruff S310 audit warnings in fpaste 2025-12-25 21:08:48 +01:00
Username
033751d8e5 ci: fix bandit nosec and cyclonedx-py syntax 2025-12-25 21:01:55 +01:00
Username
de39a36174 fix mypy type narrowing in test_cli_security 2025-12-25 20:49:27 +01:00
Username
e8b4cd5e77 ci: install dependencies for mypy type checking 
Also fix type errors in fuzz tests.
 2025-12-25 20:47:17 +01:00
Username
8408fedf5a fix lint errors (unused vars, line length, formatting) 2025-12-25 20:43:28 +01:00
Username
0496a39a91 add comprehensive MIME detection tests (50 tests) 
Cover all 42 magic byte signatures:
- Images: BMP, TIFF, ICO
- Video: MP4, WebM, FLV
- Audio: MP3, FLAC, OGG
- Documents: MS Office OLE
- Executables: PE, ELF, Mach-O, WASM
- Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR
- Data: SQLite
- Edge cases: empty, short, boundary tests

Also adds missing Mach-O 32-bit little-endian signature.
 2025-12-25 20:36:49 +01:00
Username
11bb095ca6 use prefix slicing for magic byte detection 
Slice content once to MAX_MAGIC_LEN (16 bytes) before
comparing against signatures. More explicit bounds, same
safety guarantees, marginally cleaner.
 2025-12-25 20:03:04 +01:00
Username
764b831bb0 expand magic byte detection for common file formats 
Add detection for:
- Images: BMP, TIFF, ICO
- Video: MP4, WebM, FLV, Matroska
- Audio: MP3, FLAC, OGG
- Documents: MS Office OLE (DOC/XLS/PPT)
- Executables: PE (EXE/DLL), ELF, Mach-O, WASM
- Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR
- Data: SQLite

This improves REQUIRE_BINARY enforcement by detecting more
recognizable formats that should be encrypted before upload.
 2025-12-25 19:47:33 +01:00
Username
9901649fd7 docs: add compression design constraints 
Compression must be paired with encryption (compress-then-encrypt)
to prevent bypassing entropy enforcement via compress-only uploads.
 2025-12-25 19:40:34 +01:00
Username
f640ec85b5 docs: sync ROADMAP and add compression design note 
- Update test count: 301 → 337
- Fix CLI commands: pki revoke doesn't exist, use pki download
- Add compression URL marker requirement to TODO ideas
 2025-12-25 19:30:09 +01:00
Username
14c8d0d83d docs: update test count and fix pki.md inaccuracies 
- README: update test count from 283 to 337
- pki.md: fix environment variable names (PKI_CA_PASSWORD)
- pki.md: correct CLI usage examples (config via env/file)
- pki.md: update pki status output format
- pki.md: clarify revocation is API-only (no CLI command)
 2025-12-25 19:24:17 +01:00
Username
cd7a9e8340 gitignore: add .hypothesis test cache 2025-12-25 19:20:33 +01:00
Username
debdc8478e add hypothesis-based fuzzing test suite 
18 property-based tests covering:
- Content handling (binary, text, unicode)
- Paste ID validation and path traversal
- Header fuzzing (auth, proxy, XFF)
- JSON endpoint fuzzing
- Size limit enforcement
- Injection detection (SQLi, SSTI, XSS)
- Error handling paths
 2025-12-25 19:20:16 +01:00
Username
d09ec0da74 fix: handle 405 Method Not Allowed properly 
Exception handler was catching MethodNotAllowed and returning 500.
Added dedicated 405 handler and passthrough for HTTPException.
 2025-12-25 19:20:08 +01:00
Username
0a7627fbe5 add offensive security testing framework 
- FUZZING.md: comprehensive attack methodology covering 10 phases
- tests/fuzz/run_fuzz.py: automated fuzzing harness with 6 test phases

Phases: recon, input fuzzing, injection (SQLi, SSTI, path traversal,
command injection), auth bypass, business logic, crypto attacks.

Includes: radamsa mutations, hypothesis property testing, atheris
coverage-guided fuzzing, HTTP smuggling, slowloris, nuclei templates.
 2025-12-25 01:11:02 +01:00
Username
0aa31c526b docs: add PKI usage guide with examples 2025-12-25 00:28:33 +01:00
Username
48e1e2d8e5 docs: add CONTRIBUTING.md with development setup 2025-12-25 00:27:05 +01:00
Username
d1df8c4f76 fix: validate algorithm parameter in PKI methods 2025-12-25 00:26:23 +01:00
Username
79b12cc3b3 ci: enforce mypy type checking (all errors fixed) 2025-12-25 00:20:21 +01:00
Username
a040fad0b8 fix: resolve all mypy type errors 2025-12-25 00:19:21 +01:00
Username
db9b45a9ad docs: update task tracking after CI enhancement 2025-12-25 00:10:37 +01:00
Username
88da4fedbe ci: enhance security scanning and add SBOM generation 
- Add dedicated security-tests job for security-focused test files
- Add SBOM generation job using CycloneDX for supply chain transparency
- Add Bandit scan for fpaste CLI
- Add hardcoded secrets detection step
- Fix SHA1 fingerprint warnings with usedforsecurity=False
- Split unit tests from security tests for better organization
- Add memory leak detection job
 2025-12-24 23:50:11 +01:00
Username
3059d533bc docs: update documentation after pentest remediation 
- TASKLIST.md: add pentest tasks to completed section
- TODO.md: add observation about pentest completion
- ROADMAP.md: update test count (301), add decision log entry
- PROJECT.md: update test count (301)
- SECURITY.md: remove obsolete limitations, add v1.5.0 changes
 2025-12-24 23:33:15 +01:00
Username
3a76453828 security: implement CRYPTO-001 and TIMING-001 remediations 
CRYPTO-001: Certificate serial collision detection
- Add _generate_unique_serial() helper for database-backed PKI
- Add _generate_unique_serial() method for in-memory PKI class
- Check database for existing serial before certificate issuance
- Retry with new random serial if collision detected (max 5 attempts)

TIMING-001: Constant-time database lookups for sensitive queries
- Add dummy PBKDF2 verification when paste not found
- Prevents timing-based enumeration (attackers can't distinguish
  'not found' from 'wrong password' by measuring response time)
 2025-12-24 23:28:16 +01:00
Username
c130020ab8 security: implement HASH-001 and ENUM-001 remediations 
HASH-001: Add threading lock to content hash deduplication
- Prevents race condition between SELECT and UPDATE
- Ensures accurate dedup counting under concurrent load

ENUM-001: Add rate limiting to paste lookups
- Separate rate limiter for GET/HEAD on paste endpoints
- Default 60 requests/minute per IP (configurable)
- Prevents brute-force paste ID enumeration attacks
 2025-12-24 23:12:28 +01:00
Username
da1beca893 security: implement quick win remediations (FLOOD-001, CLI-002, CLI-003, AUDIT-001) 
FLOOD-001: Cap anti-flood request list at configurable max entries
- Add ANTIFLOOD_MAX_ENTRIES config (default 10000)
- Prune oldest entries when limit exceeded

CLI-002: Explicitly set SSL hostname verification
- Add ctx.check_hostname = True and ctx.verify_mode = CERT_REQUIRED
- Defense in depth (create_default_context sets these by default)

CLI-003: Warn on insecure config file permissions
- Check if config file is world-readable
- Print warning to stderr if permissions too open

AUDIT-001: Already implemented - query has LIMIT/OFFSET with 500 max
 2025-12-24 23:02:55 +01:00
Username
1fbb69d7f9 security: implement pentest remediation (RATE-002, CLI-001) 
RATE-002: Proactive rate limit cleanup when entries exceed threshold
- Add RATE_LIMIT_CLEANUP_THRESHOLD config (default 0.8)
- Trigger cleanup before hitting hard limit
- Prevents memory exhaustion under sustained load

CLI-001: Validate clipboard tool paths against trusted directories
- Add TRUSTED_CLIPBOARD_DIRS for Unix system paths
- Add TRUSTED_WINDOWS_PATTERNS for Windows validation
- Reject tools in user-writable locations (PATH hijack prevention)
- Use absolute paths in subprocess calls
 2025-12-24 22:03:17 +01:00
Username
89eee3378a security: implement pentest remediation (PROXY-001, BURN-001, RATE-001) 
PROXY-001: Add startup warning when TRUSTED_PROXY_SECRET empty in production
- validate_security_config() checks for missing proxy secret
- Additional warning when PKI enabled without proxy secret
- Tests for security configuration validation

BURN-001: HEAD requests now trigger burn-after-read deletion
- Prevents attacker from probing paste existence before retrieval
- Updated test to verify new behavior

RATE-001: Add RATE_LIMIT_MAX_ENTRIES to cap memory usage
- Default 10000 unique IPs tracked
- Prunes oldest entries when limit exceeded
- Protects against memory exhaustion DoS

Test count: 284 -> 291 (7 new security tests)
 2025-12-24 21:42:15 +01:00
Username
bebc6e0354 add comprehensive penetration testing plan 
Define 8 specialized subagents for security testing:
- AuthBypass, InputFuzz, CryptoAudit, RaceCondition
- DoSResilience, InfoLeak, CLISecurity, DependencyAudit

Document critical vulnerabilities and remediation priorities.
 2025-12-24 21:32:19 +01:00
Username
4e06a3befb ci: retry after flaky test failure 2025-12-24 20:07:45 +01:00
Username
4577a1d7e4 docs: update for systemd and rate limit headers 2025-12-24 20:05:30 +01:00
Username
cf458347ef add systemd service unit and rate limit headers 
Systemd deployment:
- examples/flaskpaste.service with security hardening
- examples/flaskpaste.env with all config options
- README deployment section updated

Rate limit headers (X-RateLimit-*):
- Limit, Remaining, Reset on 201 and 429 responses
- Per-IP tracking with auth multiplier
- api.md documented
 2025-12-24 17:51:14 +01:00
Username
cb6eebee59 docs: update for v1.5.0 features 
- Add PKI audit logging, request duration metrics to features list
- Update test count from 216 to 283
- Add audit.py and metrics.py to project structure
- Document audit logging in api.md
- Update TASKLIST.md with completed tasks
- Update TODO.md (remove resolved debt items)
- Update ROADMAP.md decision log
 2025-12-24 17:10:42 +01:00
Username
045f73c998 feat: integrate unused observability features 
- Add request duration metrics via before/after request hooks
- Add PKI audit logging: CERT_ISSUED, CERT_REVOKED, AUTH_FAILURE
- Wire up observe_request_duration() from metrics.py
- Log certificate operations (registration, CA gen, issue, revoke)
- Log auth failures for revoked/expired certificates
 2025-12-24 16:41:31 +01:00
Username
fef5eac1b5 ci: add memory leak detection workflow 2025-12-24 00:19:33 +01:00
Username
51af8fd2f8 fix: suppress S608 for both ruff and bandit 2025-12-23 22:57:38 +01:00
Username
2a287c65f4 fix: use nosec for bandit SQL injection suppression 2025-12-23 22:53:52 +01:00
Username
482bd9a152 style: format metrics.py 2025-12-23 22:51:11 +01:00
Username
7063f8718e feat: add observability and CLI enhancements 
Audit logging:
- audit_log table with event tracking
- app/audit.py module with log_event(), query_audit_log()
- GET /audit endpoint (admin only)
- configurable retention and cleanup

Prometheus metrics:
- app/metrics.py with custom counters
- paste create/access/delete, rate limit, PoW, dedup metrics
- instrumentation in API routes

CLI clipboard integration:
- fpaste create -C/--clipboard (read from clipboard)
- fpaste create --copy-url (copy result URL)
- fpaste get -c/--copy (copy content)
- cross-platform: xclip, xsel, pbcopy, wl-copy

Shell completions:
- completions/ directory with bash/zsh/fish scripts
- fpaste completion --shell command
 2025-12-23 22:39:50 +01:00
Username
4d08a4467d fix: conditional requests import in container tests 2025-12-22 20:06:51 +01:00
Username
ceb81fdd7c style: format test files 2025-12-22 20:04:46 +01:00
Username
a469fc3343 test: add paste management tests (list, search, update, delete) 2025-12-22 19:42:55 +01:00
Username
bf74988ddb test: add container integration tests 
Tests verify:
- Container image builds successfully
- Health endpoint responds
- Paste creation/retrieval works
- Security headers present
- Non-root execution
- Gunicorn workers running

Skipped by default, run with:
  FLASKPASTE_INTEGRATION=1 pytest tests/test_container_integration.py
 2025-12-22 19:22:41 +01:00
Username
e130e9c84d test: add concurrent submission tests for abuse prevention 2025-12-22 19:16:24 +01:00
Username
ca9342e92d fix: add comprehensive type annotations for mypy 
- database.py: add type hints for Path, Flask, Any, BaseException
- pki.py: add assertions to narrow Optional types after has_ca() checks
- routes.py: annotate config values to avoid Any return types
- api/__init__.py: use float for cleanup timestamps (time.time())
- __init__.py: remove unused return from setup_rate_limiting
 2025-12-22 19:11:11 +01:00
Username
680b068c00 refactor: code consistency and best practices 
- add type hints to error handlers in app/__init__.py
- add docstrings to nested callback functions
- remove deprecated X-XSS-Protection header (superseded by CSP)
- fix typo in cleanup log message (entr(ies) -> entries)
- standardize loop variable naming in fpaste CLI
- update test for intentional header removal
 2025-12-22 00:25:18 +01:00
Username
028367d803 docs: modernize and clean deprecated content 
- replace deprecated FLASK_ENV with FLASK_DEBUG
- remove duplicate FLASKPASTE_MAX_EXPIRY entry
- update API version to 1.5.0
- add missing /pastes and /pki endpoints to table
- remove deprecated X-XSS-Protection header
- add PKI config variables
- update features list with current capabilities
- update auth benefits and security sections
 2025-12-21 22:36:48 +01:00
Username
e2e2039903 docs: update for tiered expiry, admin features, batch delete 2025-12-21 22:16:51 +01:00