validate MIN_ENTROPY config bounds [0, 8]
Some checks failed
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 20s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
Some checks failed
CI / Lint & Format (push) Failing after 16s
CI / Unit Tests (push) Has been skipped
CI / Memory Leak Check (push) Has been skipped
CI / SBOM Generation (push) Has been skipped
CI / Security Scan (push) Successful in 20s
CI / Security Tests (push) Has been skipped
CI / Advanced Security Tests (push) Has been skipped
This commit is contained in:
Username
@@ -42,9 +42,11 @@ class Config:
|
|||||||
# Minimum entropy requirement (0 = disabled)
|
# Minimum entropy requirement (0 = disabled)
|
||||||
# Encrypted data has ~7.5-8.0 bits/byte, plaintext ~4.0-5.0
|
# Encrypted data has ~7.5-8.0 bits/byte, plaintext ~4.0-5.0
|
||||||
# Set to 6.0+ to effectively require encryption
|
# Set to 6.0+ to effectively require encryption
|
||||||
MIN_ENTROPY = float(os.environ.get("FLASKPASTE_MIN_ENTROPY", 0))
|
_min_entropy_raw = float(os.environ.get("FLASKPASTE_MIN_ENTROPY", 0))
|
||||||
|
MIN_ENTROPY = max(0.0, min(8.0, _min_entropy_raw)) # Clamp to valid range [0, 8]
|
||||||
# Minimum size for entropy check (small data has unreliable entropy measurement)
|
# Minimum size for entropy check (small data has unreliable entropy measurement)
|
||||||
MIN_ENTROPY_SIZE = int(os.environ.get("FLASKPASTE_MIN_ENTROPY_SIZE", 256))
|
_min_entropy_size_raw = int(os.environ.get("FLASKPASTE_MIN_ENTROPY_SIZE", 256))
|
||||||
|
MIN_ENTROPY_SIZE = max(1, _min_entropy_size_raw) # Must be positive
|
||||||
|
|
||||||
# Require binary content (reject recognizable formats)
|
# Require binary content (reject recognizable formats)
|
||||||
# Rejects content with known magic bytes (PNG, JPEG, PDF, etc.) and UTF-8 text.
|
# Rejects content with known magic bytes (PNG, JPEG, PDF, etc.) and UTF-8 text.
|
||||||
|
|||||||
@@ -410,6 +410,23 @@ class TestEntropyEnforcement:
|
|||||||
assert response.status_code == 201
|
assert response.status_code == 201
|
||||||
|
|
||||||
|
|
||||||
|
class TestEntropyConfigValidation:
|
||||||
|
"""Test entropy config validation and bounds checking."""
|
||||||
|
|
||||||
|
def test_min_entropy_clamped_to_valid_range(self):
|
||||||
|
"""MIN_ENTROPY should be clamped to [0, 8] range."""
|
||||||
|
from app.config import Config
|
||||||
|
|
||||||
|
# Verify clamping logic works (config uses max(0, min(8, value)))
|
||||||
|
assert 0.0 <= Config.MIN_ENTROPY <= 8.0
|
||||||
|
|
||||||
|
def test_min_entropy_size_positive(self):
|
||||||
|
"""MIN_ENTROPY_SIZE should be at least 1."""
|
||||||
|
from app.config import Config
|
||||||
|
|
||||||
|
assert Config.MIN_ENTROPY_SIZE >= 1
|
||||||
|
|
||||||
|
|
||||||
class TestConcurrentSubmissions:
|
class TestConcurrentSubmissions:
|
||||||
"""Test concurrent identical submissions handling.
|
"""Test concurrent identical submissions handling.
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user