security: implement HASH-001 and ENUM-001 remediations
HASH-001: Add threading lock to content hash deduplication - Prevents race condition between SELECT and UPDATE - Ensures accurate dedup counting under concurrent load ENUM-001: Add rate limiting to paste lookups - Separate rate limiter for GET/HEAD on paste endpoints - Default 60 requests/minute per IP (configurable) - Prevents brute-force paste ID enumeration attacks
This commit is contained in:
Username
@@ -250,9 +250,9 @@ Testing uses specialized Claude subagents for different security domains, with f
|
||||
|
||||
### Medium-term (Medium)
|
||||
|
||||
- [ ] **HASH-001**: Add locking to content hash deduplication
|
||||
- [x] **HASH-001**: Add locking to content hash deduplication
|
||||
- [x] **FLOOD-001**: Add memory limit to anti-flood request list
|
||||
- [ ] **ENUM-001**: Add rate limiting to paste metadata endpoints
|
||||
- [x] **ENUM-001**: Add rate limiting to paste metadata endpoints
|
||||
- [x] **CLI-002**: Verify SSL certificate hostname matching
|
||||
- [x] **CLI-003**: Add config file permission validation on startup
|
||||
- [x] **AUDIT-001**: Add query result limits to prevent enumeration
|
||||
|
||||
Reference in New Issue
Block a user