claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity
Files
88da4fedbecaff0a62f56b37cbc98af31f9fe882
flaskpaste/app
History
Username 3a76453828 security: implement CRYPTO-001 and TIMING-001 remediations 
CRYPTO-001: Certificate serial collision detection
- Add _generate_unique_serial() helper for database-backed PKI
- Add _generate_unique_serial() method for in-memory PKI class
- Check database for existing serial before certificate issuance
- Retry with new random serial if collision detected (max 5 attempts)

TIMING-001: Constant-time database lookups for sensitive queries
- Add dummy PBKDF2 verification when paste not found
- Prevents timing-based enumeration (attackers can't distinguish
  'not found' from 'wrong password' by measuring response time)
2025-12-24 23:28:16 +01:00
..
api
security: implement CRYPTO-001 and TIMING-001 remediations
2025-12-24 23:28:16 +01:00
__init__.py
security: implement pentest remediation (PROXY-001, BURN-001, RATE-001)
2025-12-24 21:42:15 +01:00
audit.py
fix: suppress S608 for both ruff and bandit
2025-12-23 22:57:38 +01:00
config.py
security: implement HASH-001 and ENUM-001 remediations
2025-12-24 23:12:28 +01:00
database.py
security: implement HASH-001 and ENUM-001 remediations
2025-12-24 23:12:28 +01:00
metrics.py
style: format metrics.py
2025-12-23 22:51:11 +01:00
pki.py
security: implement CRYPTO-001 and TIMING-001 remediations
2025-12-24 23:28:16 +01:00