claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity
195 Commits 1 Branch 0 Tags
0f63bb05e1e5bfe95cb674d1a667f84f7a7b09bc
Commit Graph

50 Commits

Author SHA1 Message Date
Username
0f63bb05e1 cleanup: add expired short url cleanup 2026-02-16 20:26:58 +01:00
Username
70d9a7f9f7 tests: remove name field assertion from index test 2026-01-21 10:18:01 +01:00
Username
195752fe75 ci: fix test file references and hardcoded paths 
- Remove non-existent test_mime_detection.py from unit tests
- Use relative paths in security tests for container compatibility
 2026-01-18 10:23:31 +01:00
Username
3be2fd6cf6 tests: fix mypy type errors in security tests 2026-01-18 10:18:09 +01:00
Username
97bf955820 tests: fix ruff lint errors in security tests 2026-01-18 10:04:27 +01:00
Username
28e31f0b37 remove obsolete MIME detection tests 2025-12-26 19:06:35 +01:00
Username
bc751d1b8c validate MIN_ENTROPY config bounds [0, 8] 2025-12-26 18:47:06 +01:00
Username
3cda73c8b0 simplify MIME detection to text/binary only 
Remove magic byte detection in favor of simple UTF-8 validation:
- text/plain for valid UTF-8 content
- application/octet-stream for binary data

Security maintained via headers (X-Content-Type-Options: nosniff, CSP).
Magic signatures preserved as comments for future reference.

Disabled test files:
- test_mime_detection.py.disabled (magic-dependent tests)
- test_polyglot.py.disabled (polyglot format tests)

For full MIME detection, consider using the `filetype` library.
 2025-12-26 18:44:24 +01:00
Username
fb45005766 add polyglot generator and MIME confusion tests 
- polyglot_generator.py: creates files valid in multiple formats
- 41 new tests verify MIME detection handles polyglots correctly
- Document rate limiting behavior under attack
- Clarify DMG/ISO/DOCX detection limitations
 2025-12-26 18:25:46 +01:00
Username
dc2da67fb3 add Hypothesis property-based MIME detection tests 
- test_magic_prefix_detection: verify all signatures with random suffix
- test_random_binary_never_crashes: random data never crashes
- test_partial_magic_no_false_match: truncated magic handled safely
- test_magic_not_at_start_ignored: only detect magic at offset 0
 2025-12-26 17:09:02 +01:00
Username
03bcb157cc add HEIC/HEIF/AVIF MIME detection signatures 
- Add ftyp box signatures for heic, mif1, and avif brands
- Add tests for new image formats
- Fix nested if lint warning in lookup rate limit
- Update security docs: MKV uses WebM header, TAR needs offset 257
 2025-12-26 17:04:51 +01:00
Username
93a4dd2f97 ci: add security headers audit to pipeline 2025-12-26 16:56:03 +01:00
Username
bd75f81afd add security testing suite and update docs 
- tests/security/pentest_session.py: comprehensive 10-phase pentest
- tests/security/profiled_server.py: cProfile-enabled server
- tests/security/cli_security_audit.py: CLI security checks
- tests/security/dos_memory_test.py: memory exhaustion tests
- tests/security/race_condition_test.py: concurrency tests
- docs: add pentest results, profiling analysis, new test commands
 2025-12-26 00:39:33 +01:00
Username
de39a36174 fix mypy type narrowing in test_cli_security 2025-12-25 20:49:27 +01:00
Username
e8b4cd5e77 ci: install dependencies for mypy type checking 
Also fix type errors in fuzz tests.
 2025-12-25 20:47:17 +01:00
Username
8408fedf5a fix lint errors (unused vars, line length, formatting) 2025-12-25 20:43:28 +01:00
Username
0496a39a91 add comprehensive MIME detection tests (50 tests) 
Cover all 42 magic byte signatures:
- Images: BMP, TIFF, ICO
- Video: MP4, WebM, FLV
- Audio: MP3, FLAC, OGG
- Documents: MS Office OLE
- Executables: PE, ELF, Mach-O, WASM
- Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR
- Data: SQLite
- Edge cases: empty, short, boundary tests

Also adds missing Mach-O 32-bit little-endian signature.
 2025-12-25 20:36:49 +01:00
Username
debdc8478e add hypothesis-based fuzzing test suite 
18 property-based tests covering:
- Content handling (binary, text, unicode)
- Paste ID validation and path traversal
- Header fuzzing (auth, proxy, XFF)
- JSON endpoint fuzzing
- Size limit enforcement
- Injection detection (SQLi, SSTI, XSS)
- Error handling paths
 2025-12-25 19:20:16 +01:00
Username
0a7627fbe5 add offensive security testing framework 
- FUZZING.md: comprehensive attack methodology covering 10 phases
- tests/fuzz/run_fuzz.py: automated fuzzing harness with 6 test phases

Phases: recon, input fuzzing, injection (SQLi, SSTI, path traversal,
command injection), auth bypass, business logic, crypto attacks.

Includes: radamsa mutations, hypothesis property testing, atheris
coverage-guided fuzzing, HTTP smuggling, slowloris, nuclei templates.
 2025-12-25 01:11:02 +01:00
Username
a040fad0b8 fix: resolve all mypy type errors 2025-12-25 00:19:21 +01:00
Username
3a76453828 security: implement CRYPTO-001 and TIMING-001 remediations 
CRYPTO-001: Certificate serial collision detection
- Add _generate_unique_serial() helper for database-backed PKI
- Add _generate_unique_serial() method for in-memory PKI class
- Check database for existing serial before certificate issuance
- Retry with new random serial if collision detected (max 5 attempts)

TIMING-001: Constant-time database lookups for sensitive queries
- Add dummy PBKDF2 verification when paste not found
- Prevents timing-based enumeration (attackers can't distinguish
  'not found' from 'wrong password' by measuring response time)
 2025-12-24 23:28:16 +01:00
Username
c130020ab8 security: implement HASH-001 and ENUM-001 remediations 
HASH-001: Add threading lock to content hash deduplication
- Prevents race condition between SELECT and UPDATE
- Ensures accurate dedup counting under concurrent load

ENUM-001: Add rate limiting to paste lookups
- Separate rate limiter for GET/HEAD on paste endpoints
- Default 60 requests/minute per IP (configurable)
- Prevents brute-force paste ID enumeration attacks
 2025-12-24 23:12:28 +01:00
Username
1fbb69d7f9 security: implement pentest remediation (RATE-002, CLI-001) 
RATE-002: Proactive rate limit cleanup when entries exceed threshold
- Add RATE_LIMIT_CLEANUP_THRESHOLD config (default 0.8)
- Trigger cleanup before hitting hard limit
- Prevents memory exhaustion under sustained load

CLI-001: Validate clipboard tool paths against trusted directories
- Add TRUSTED_CLIPBOARD_DIRS for Unix system paths
- Add TRUSTED_WINDOWS_PATTERNS for Windows validation
- Reject tools in user-writable locations (PATH hijack prevention)
- Use absolute paths in subprocess calls
 2025-12-24 22:03:17 +01:00
Username
89eee3378a security: implement pentest remediation (PROXY-001, BURN-001, RATE-001) 
PROXY-001: Add startup warning when TRUSTED_PROXY_SECRET empty in production
- validate_security_config() checks for missing proxy secret
- Additional warning when PKI enabled without proxy secret
- Tests for security configuration validation

BURN-001: HEAD requests now trigger burn-after-read deletion
- Prevents attacker from probing paste existence before retrieval
- Updated test to verify new behavior

RATE-001: Add RATE_LIMIT_MAX_ENTRIES to cap memory usage
- Default 10000 unique IPs tracked
- Prunes oldest entries when limit exceeded
- Protects against memory exhaustion DoS

Test count: 284 -> 291 (7 new security tests)
 2025-12-24 21:42:15 +01:00
Username
cf458347ef add systemd service unit and rate limit headers 
Systemd deployment:
- examples/flaskpaste.service with security hardening
- examples/flaskpaste.env with all config options
- README deployment section updated

Rate limit headers (X-RateLimit-*):
- Limit, Remaining, Reset on 201 and 429 responses
- Per-IP tracking with auth multiplier
- api.md documented
 2025-12-24 17:51:14 +01:00
Username
fef5eac1b5 ci: add memory leak detection workflow 2025-12-24 00:19:33 +01:00
Username
7063f8718e feat: add observability and CLI enhancements 
Audit logging:
- audit_log table with event tracking
- app/audit.py module with log_event(), query_audit_log()
- GET /audit endpoint (admin only)
- configurable retention and cleanup

Prometheus metrics:
- app/metrics.py with custom counters
- paste create/access/delete, rate limit, PoW, dedup metrics
- instrumentation in API routes

CLI clipboard integration:
- fpaste create -C/--clipboard (read from clipboard)
- fpaste create --copy-url (copy result URL)
- fpaste get -c/--copy (copy content)
- cross-platform: xclip, xsel, pbcopy, wl-copy

Shell completions:
- completions/ directory with bash/zsh/fish scripts
- fpaste completion --shell command
 2025-12-23 22:39:50 +01:00
Username
4d08a4467d fix: conditional requests import in container tests 2025-12-22 20:06:51 +01:00
Username
ceb81fdd7c style: format test files 2025-12-22 20:04:46 +01:00
Username
a469fc3343 test: add paste management tests (list, search, update, delete) 2025-12-22 19:42:55 +01:00
Username
bf74988ddb test: add container integration tests 
Tests verify:
- Container image builds successfully
- Health endpoint responds
- Paste creation/retrieval works
- Security headers present
- Non-root execution
- Gunicorn workers running

Skipped by default, run with:
  FLASKPASTE_INTEGRATION=1 pytest tests/test_container_integration.py
 2025-12-22 19:22:41 +01:00
Username
e130e9c84d test: add concurrent submission tests for abuse prevention 2025-12-22 19:16:24 +01:00
Username
680b068c00 refactor: code consistency and best practices 
- add type hints to error handlers in app/__init__.py
- add docstrings to nested callback functions
- remove deprecated X-XSS-Protection header (superseded by CSP)
- fix typo in cleanup log message (entr(ies) -> entries)
- standardize loop variable naming in fpaste CLI
- update test for intentional header removal
 2025-12-22 00:25:18 +01:00
Username
e8a99d5bdd add tiered auto-expiry based on auth level 2025-12-21 21:55:30 +01:00
Username
40873434c3 pki: admin can list/delete any paste 
Add is_admin() helper to check if current user is admin.
Update DELETE /<id> to allow admin to delete any paste.
Update GET /pastes to support ?all=1 for admin to list all pastes.
Admin view includes owner fingerprint in paste metadata.
 2025-12-21 21:30:50 +01:00
Username
2acf640d91 pki: first registered user gets admin rights 
Auto-detect first certificate issuance and grant admin flag.
Add is_admin column to issued_certificates table.
Add is_admin_certificate() helper function.
Include is_admin in /pki/issue response and X-Is-Admin header in registration.
 2025-12-21 21:13:30 +01:00
Username
99e6a019f4 tests: fix flaky cleanup test timing for CI 2025-12-21 13:45:05 +01:00
Username
098789ff89 allow untrusted certs to manage own pastes 
Split authentication into two functions:
- get_client_fingerprint(): Identity for ownership (any cert)
- get_client_id(): Elevated privileges (trusted certs only)

Behavior:
- Anonymous: Create only, strict limits
- Untrusted cert: Create + delete/update/list own pastes, strict limits
- Trusted cert: All operations, relaxed limits (50MB, 5x rate)

Updated tests to reflect new behavior where revoked certs
can still manage their own pastes.
 2025-12-21 12:59:18 +01:00
Username
5849c7406f add /register endpoint for public certificate registration 
Public endpoint allows anyone to obtain a client certificate for
authentication. Features:

- Higher PoW difficulty than paste creation (24 vs 20 bits)
- Auto-generates CA on first registration if not present
- Returns PKCS#12 bundle with cert, key, and CA
- Configurable via FLASKPASTE_REGISTER_POW

Endpoints:
- GET /register/challenge - Get registration PoW challenge
- POST /register - Register and receive PKCS#12 bundle
 2025-12-21 10:34:02 +01:00
Username
bfc238b5cf add CLI enhancements and scheduled cleanup 
CLI commands:
- list: show user's pastes with pagination
- search: filter by type (glob), after/before timestamps
- update: modify content, password, or extend expiry
- export: save pastes to directory with optional decryption

API changes:
- PUT /<id>: update paste content and metadata
- GET /pastes: add type, after, before query params

Scheduled tasks:
- Thread-safe cleanup with per-task intervals
- Activate cleanup_expired_hashes (15min)
- Activate cleanup_rate_limits (5min)

Tests: 205 passing
 2025-12-20 20:13:00 +01:00
Username
b7f247d148 add tests for size and binary enforcement 2025-12-20 17:46:54 +01:00
Username
9da33f786e fix lint issues across codebase 2025-12-20 17:20:27 +01:00
Username
4e38517faf pki: add minimal certificate authority 
- CA generation with encrypted private key storage (AES-256-GCM)
- Client certificate issuance with configurable validity
- Certificate revocation with status tracking
- SHA1 fingerprint integration with existing mTLS auth
- API endpoints: /pki/status, /pki/ca, /pki/issue, /pki/revoke
- CLI commands: fpaste pki status/issue/revoke
- Comprehensive test coverage
 2025-12-20 17:20:15 +01:00
Username
7deba711d4 entropy: exempt small content from check 
Small data has unreliable entropy measurement due to sample size.
MIN_ENTROPY_SIZE (default 256 bytes) sets the threshold.
 2025-12-20 08:48:13 +01:00
Username
8addf2d9e8 add entropy enforcement for optional encryption requirement 
Shannon entropy check rejects low-entropy content when MIN_ENTROPY > 0.
Encrypted data ~7.5-8.0 bits/byte, plaintext ~4.0-5.0 bits/byte.
Configurable via FLASKPASTE_MIN_ENTROPY environment variable.
 2025-12-20 06:57:50 +01:00
Username
c76a158c18 bump version to 1.1.0, centralize VERSION constant 2025-12-20 04:21:06 +01:00
Username
8fdeeaed9c add proof-of-work spam prevention 
Clients must solve a SHA256 hash puzzle before paste creation.
Configurable via FLASKPASTE_POW_DIFFICULTY (0 = disabled, 16 = default).
Challenge tokens expire after FLASKPASTE_POW_TTL seconds (default 300).
 2025-12-20 04:03:59 +01:00
Username
4532b9b1d5 add HEAD method for paste endpoints 2025-12-20 03:47:20 +01:00
Username
202e927918 add content-hash dedup for abuse prevention 
Throttle repeated submissions of identical content using SHA256 hash
tracking. Configurable via FLASKPASTE_DEDUP_WINDOW and FLASKPASTE_DEDUP_MAX.
 2025-12-20 03:31:20 +01:00
Username
8f9868f0d9 flaskpaste: initial commit with security hardening 
Features:
- REST API for text/binary pastes with MIME detection
- Client certificate auth via X-SSL-Client-SHA1 header
- SQLite with WAL mode for concurrent access
- Automatic paste expiry with LRU cleanup

Security:
- HSTS, CSP, X-Frame-Options, X-Content-Type-Options
- Cache-Control: no-store for sensitive responses
- X-Request-ID tracing for log correlation
- X-Proxy-Secret validation for defense-in-depth
- Parameterized queries, input validation
- Size limits (3 MiB anon, 50 MiB auth)

Includes /health endpoint, container support, and 70 tests.
 2025-12-16 04:42:18 +01:00