claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity
139 Commits 1 Branch 0 Tags
b9f0283a3be5d755cd12fc7727c16b3b72403a9b
Commit Graph

139 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Username
b9f0283a3b add Podman Quadlet deployment 
- flaskpaste.container for rootless systemd integration
- UserNS mapping for bind mount permissions
- README updated with deployment instructions
 2026-01-17 13:58:52 +01:00
Username
379178e409 exempt /health from rate limiting 
Health check endpoint was being rate-limited (60/hour), causing
container health checks (every 30s = 120/hour) to fail with 429.

Uses flask-limiter's request_filter to bypass rate limiting for
the health endpoint, supporting URL_PREFIX configuration.
 2026-01-08 20:12:03 +01:00
Username
6da80aec76 docs: update for simplified MIME detection (v1.5.1) 2025-12-26 19:52:40 +01:00
Username
a7f1c09634 bump version to 1.5.1 2025-12-26 19:15:20 +01:00
Username
28e31f0b37 remove obsolete MIME detection tests 2025-12-26 19:06:35 +01:00
Username
bc751d1b8c validate MIN_ENTROPY config bounds [0, 8] 2025-12-26 18:47:06 +01:00
Username
3cda73c8b0 simplify MIME detection to text/binary only 
Remove magic byte detection in favor of simple UTF-8 validation:
- text/plain for valid UTF-8 content
- application/octet-stream for binary data

Security maintained via headers (X-Content-Type-Options: nosniff, CSP).
Magic signatures preserved as comments for future reference.

Disabled test files:
- test_mime_detection.py.disabled (magic-dependent tests)
- test_polyglot.py.disabled (polyglot format tests)

For full MIME detection, consider using the `filetype` library.
 2025-12-26 18:44:24 +01:00
Username
fb45005766 add polyglot generator and MIME confusion tests 
- polyglot_generator.py: creates files valid in multiple formats
- 41 new tests verify MIME detection handles polyglots correctly
- Document rate limiting behavior under attack
- Clarify DMG/ISO/DOCX detection limitations
 2025-12-26 18:25:46 +01:00
Username
98694ba1cc docs: add comprehensive threat model 
STRIDE analysis covering:
- System architecture and trust boundaries
- Attack surface analysis (10 entry points)
- Threat actors (anonymous, authenticated, operator, sophisticated)
- 20+ threats with mitigations across STRIDE categories
- Security controls matrix
- MIME polyglot attack mitigations
- Cryptographic controls
- Residual risks and known limitations
- Incident response guidance
 2025-12-26 17:10:41 +01:00
Username
dc2da67fb3 add Hypothesis property-based MIME detection tests 
- test_magic_prefix_detection: verify all signatures with random suffix
- test_random_binary_never_crashes: random data never crashes
- test_partial_magic_no_false_match: truncated magic handled safely
- test_magic_not_at_start_ignored: only detect magic at offset 0
 2025-12-26 17:09:02 +01:00
Username
03bcb157cc add HEIC/HEIF/AVIF MIME detection signatures 
- Add ftyp box signatures for heic, mif1, and avif brands
- Add tests for new image formats
- Fix nested if lint warning in lookup rate limit
- Update security docs: MKV uses WebM header, TAR needs offset 257
 2025-12-26 17:04:51 +01:00
Username
93a4dd2f97 ci: add security headers audit to pipeline 2025-12-26 16:56:03 +01:00
Username
63034e17fe perf: cache is_trusted_proxy result per request 2025-12-26 00:48:55 +01:00
Username
13ed5ed9cb ci: add advanced security tests job 2025-12-26 00:42:43 +01:00
Username
bd75f81afd add security testing suite and update docs 
- tests/security/pentest_session.py: comprehensive 10-phase pentest
- tests/security/profiled_server.py: cProfile-enabled server
- tests/security/cli_security_audit.py: CLI security checks
- tests/security/dos_memory_test.py: memory exhaustion tests
- tests/security/race_condition_test.py: concurrency tests
- docs: add pentest results, profiling analysis, new test commands
 2025-12-26 00:39:33 +01:00
Username
c1d2e39b09 docs: complete penetration testing status update 
All pentest items now complete:
- CLI security audit (clipboard, permissions)
- DoS memory exhaustion (fixed lookup rate limit)
- Race conditions (all protected by locks)
 2025-12-26 00:17:11 +01:00
Username
4f5da8ca66 fix: add memory protection to lookup rate limiting 
ENUM-002: Lookup rate limit now respects LOOKUP_RATE_LIMIT_MAX_ENTRIES
(default 10000) to prevent memory exhaustion from unique IP flood.

Eviction strategy: expired entries first, then oldest by last request.
 2025-12-26 00:16:41 +01:00
Username
0fa6052f69 docs: update security testing status with completed tests 
- Add race condition testing results (HEAD triggers burn-after-read)
- Add timing attack analysis (PBKDF2 constant-time verified)
- Mark RPM, AVI, WAV MIME signatures as fixed
- Update security controls table with new verifications
 2025-12-25 23:58:42 +01:00
Username
d7a8f43dae add MIME signatures: RPM, AVI, WAV (RIFF subtypes) 2025-12-25 23:51:14 +01:00
Username
4823ff7b5d docs: update MIME testing results (26 signatures tested) 2025-12-25 23:37:05 +01:00
Username
645f6feefd docs: add security testing status and remaining tasks 2025-12-25 23:04:33 +01:00
Username
da36f15741 docs: add fuzzer results to security assessment 2025-12-25 22:52:43 +01:00
Username
a9cd0313d3 run.py: accept --host and --port arguments 2025-12-25 22:52:02 +01:00
Username
ff05f1b289 docs: add MIME detection security assessment 2025-12-25 22:21:35 +01:00
Username
4a44d846c2 pentest: add MIME detection abuse scenarios 2025-12-25 22:05:42 +01:00
Username
0c8bdacfd2 fix ruff S310 audit warnings in fpaste 2025-12-25 21:08:48 +01:00
Username
033751d8e5 ci: fix bandit nosec and cyclonedx-py syntax 2025-12-25 21:01:55 +01:00
Username
de39a36174 fix mypy type narrowing in test_cli_security 2025-12-25 20:49:27 +01:00
Username
e8b4cd5e77 ci: install dependencies for mypy type checking 
Also fix type errors in fuzz tests.
 2025-12-25 20:47:17 +01:00
Username
8408fedf5a fix lint errors (unused vars, line length, formatting) 2025-12-25 20:43:28 +01:00
Username
0496a39a91 add comprehensive MIME detection tests (50 tests) 
Cover all 42 magic byte signatures:
- Images: BMP, TIFF, ICO
- Video: MP4, WebM, FLV
- Audio: MP3, FLAC, OGG
- Documents: MS Office OLE
- Executables: PE, ELF, Mach-O, WASM
- Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR
- Data: SQLite
- Edge cases: empty, short, boundary tests

Also adds missing Mach-O 32-bit little-endian signature.
 2025-12-25 20:36:49 +01:00
Username
11bb095ca6 use prefix slicing for magic byte detection 
Slice content once to MAX_MAGIC_LEN (16 bytes) before
comparing against signatures. More explicit bounds, same
safety guarantees, marginally cleaner.
 2025-12-25 20:03:04 +01:00
Username
764b831bb0 expand magic byte detection for common file formats 
Add detection for:
- Images: BMP, TIFF, ICO
- Video: MP4, WebM, FLV, Matroska
- Audio: MP3, FLAC, OGG
- Documents: MS Office OLE (DOC/XLS/PPT)
- Executables: PE (EXE/DLL), ELF, Mach-O, WASM
- Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR
- Data: SQLite

This improves REQUIRE_BINARY enforcement by detecting more
recognizable formats that should be encrypted before upload.
 2025-12-25 19:47:33 +01:00
Username
9901649fd7 docs: add compression design constraints 
Compression must be paired with encryption (compress-then-encrypt)
to prevent bypassing entropy enforcement via compress-only uploads.
 2025-12-25 19:40:34 +01:00
Username
f640ec85b5 docs: sync ROADMAP and add compression design note 
- Update test count: 301 → 337
- Fix CLI commands: pki revoke doesn't exist, use pki download
- Add compression URL marker requirement to TODO ideas
 2025-12-25 19:30:09 +01:00
Username
14c8d0d83d docs: update test count and fix pki.md inaccuracies 
- README: update test count from 283 to 337
- pki.md: fix environment variable names (PKI_CA_PASSWORD)
- pki.md: correct CLI usage examples (config via env/file)
- pki.md: update pki status output format
- pki.md: clarify revocation is API-only (no CLI command)
 2025-12-25 19:24:17 +01:00
Username
cd7a9e8340 gitignore: add .hypothesis test cache 2025-12-25 19:20:33 +01:00
Username
debdc8478e add hypothesis-based fuzzing test suite 
18 property-based tests covering:
- Content handling (binary, text, unicode)
- Paste ID validation and path traversal
- Header fuzzing (auth, proxy, XFF)
- JSON endpoint fuzzing
- Size limit enforcement
- Injection detection (SQLi, SSTI, XSS)
- Error handling paths
 2025-12-25 19:20:16 +01:00
Username
d09ec0da74 fix: handle 405 Method Not Allowed properly 
Exception handler was catching MethodNotAllowed and returning 500.
Added dedicated 405 handler and passthrough for HTTPException.
 2025-12-25 19:20:08 +01:00
Username
0a7627fbe5 add offensive security testing framework 
- FUZZING.md: comprehensive attack methodology covering 10 phases
- tests/fuzz/run_fuzz.py: automated fuzzing harness with 6 test phases

Phases: recon, input fuzzing, injection (SQLi, SSTI, path traversal,
command injection), auth bypass, business logic, crypto attacks.

Includes: radamsa mutations, hypothesis property testing, atheris
coverage-guided fuzzing, HTTP smuggling, slowloris, nuclei templates.
 2025-12-25 01:11:02 +01:00
Username
0aa31c526b docs: add PKI usage guide with examples 2025-12-25 00:28:33 +01:00
Username
48e1e2d8e5 docs: add CONTRIBUTING.md with development setup 2025-12-25 00:27:05 +01:00
Username
d1df8c4f76 fix: validate algorithm parameter in PKI methods 2025-12-25 00:26:23 +01:00
Username
79b12cc3b3 ci: enforce mypy type checking (all errors fixed) 2025-12-25 00:20:21 +01:00
Username
a040fad0b8 fix: resolve all mypy type errors 2025-12-25 00:19:21 +01:00
Username
db9b45a9ad docs: update task tracking after CI enhancement 2025-12-25 00:10:37 +01:00
Username
88da4fedbe ci: enhance security scanning and add SBOM generation 
- Add dedicated security-tests job for security-focused test files
- Add SBOM generation job using CycloneDX for supply chain transparency
- Add Bandit scan for fpaste CLI
- Add hardcoded secrets detection step
- Fix SHA1 fingerprint warnings with usedforsecurity=False
- Split unit tests from security tests for better organization
- Add memory leak detection job
 2025-12-24 23:50:11 +01:00
Username
3059d533bc docs: update documentation after pentest remediation 
- TASKLIST.md: add pentest tasks to completed section
- TODO.md: add observation about pentest completion
- ROADMAP.md: update test count (301), add decision log entry
- PROJECT.md: update test count (301)
- SECURITY.md: remove obsolete limitations, add v1.5.0 changes
 2025-12-24 23:33:15 +01:00
Username
3a76453828 security: implement CRYPTO-001 and TIMING-001 remediations 
CRYPTO-001: Certificate serial collision detection
- Add _generate_unique_serial() helper for database-backed PKI
- Add _generate_unique_serial() method for in-memory PKI class
- Check database for existing serial before certificate issuance
- Retry with new random serial if collision detected (max 5 attempts)

TIMING-001: Constant-time database lookups for sensitive queries
- Add dummy PBKDF2 verification when paste not found
- Prevents timing-based enumeration (attackers can't distinguish
  'not found' from 'wrong password' by measuring response time)
 2025-12-24 23:28:16 +01:00
Username
c130020ab8 security: implement HASH-001 and ENUM-001 remediations 
HASH-001: Add threading lock to content hash deduplication
- Prevents race condition between SELECT and UPDATE
- Ensures accurate dedup counting under concurrent load

ENUM-001: Add rate limiting to paste lookups
- Separate rate limiter for GET/HEAD on paste endpoints
- Default 60 requests/minute per IP (configurable)
- Prevents brute-force paste ID enumeration attacks
 2025-12-24 23:12:28 +01:00