claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity
Files
da1beca89341195bc22d6f0466a694db6a3da178
flaskpaste/app
History
Username da1beca893 security: implement quick win remediations (FLOOD-001, CLI-002, CLI-003, AUDIT-001) 
FLOOD-001: Cap anti-flood request list at configurable max entries
- Add ANTIFLOOD_MAX_ENTRIES config (default 10000)
- Prune oldest entries when limit exceeded

CLI-002: Explicitly set SSL hostname verification
- Add ctx.check_hostname = True and ctx.verify_mode = CERT_REQUIRED
- Defense in depth (create_default_context sets these by default)

CLI-003: Warn on insecure config file permissions
- Check if config file is world-readable
- Print warning to stderr if permissions too open

AUDIT-001: Already implemented - query has LIMIT/OFFSET with 500 max
2025-12-24 23:02:55 +01:00
..
api
security: implement quick win remediations (FLOOD-001, CLI-002, CLI-003, AUDIT-001)
2025-12-24 23:02:55 +01:00
__init__.py
security: implement pentest remediation (PROXY-001, BURN-001, RATE-001)
2025-12-24 21:42:15 +01:00
audit.py
fix: suppress S608 for both ruff and bandit
2025-12-23 22:57:38 +01:00
config.py
security: implement quick win remediations (FLOOD-001, CLI-002, CLI-003, AUDIT-001)
2025-12-24 23:02:55 +01:00
database.py
feat: add observability and CLI enhancements
2025-12-23 22:39:50 +01:00
metrics.py
style: format metrics.py
2025-12-23 22:51:11 +01:00
pki.py
fix: add comprehensive type annotations for mypy
2025-12-22 19:11:11 +01:00