claw/flaskpaste
1
0
Fork 1
forked from username/flaskpaste
Code Pull Requests Activity
Files
da1beca89341195bc22d6f0466a694db6a3da178
flaskpaste/app/api
History
Username da1beca893 security: implement quick win remediations (FLOOD-001, CLI-002, CLI-003, AUDIT-001) 
FLOOD-001: Cap anti-flood request list at configurable max entries
- Add ANTIFLOOD_MAX_ENTRIES config (default 10000)
- Prune oldest entries when limit exceeded

CLI-002: Explicitly set SSL hostname verification
- Add ctx.check_hostname = True and ctx.verify_mode = CERT_REQUIRED
- Defense in depth (create_default_context sets these by default)

CLI-003: Warn on insecure config file permissions
- Check if config file is world-readable
- Print warning to stderr if permissions too open

AUDIT-001: Already implemented - query has LIMIT/OFFSET with 500 max
2025-12-24 23:02:55 +01:00
..
__init__.py
feat: add observability and CLI enhancements
2025-12-23 22:39:50 +01:00
routes.py
security: implement quick win remediations (FLOOD-001, CLI-002, CLI-003, AUDIT-001)
2025-12-24 23:02:55 +01:00