username/flaskpaste
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: implement HASH-001 and ENUM-001 remediations
Some checks failed
CI / Lint & Format (push) Failing after 16s
Details
CI / Tests (push) Has been skipped
Details
CI / Memory Leak Check (push) Has been skipped
Details
CI / Security Scan (push) Successful in 23s
Details

Browse Source 
HASH-001: Add threading lock to content hash deduplication
- Prevents race condition between SELECT and UPDATE
- Ensures accurate dedup counting under concurrent load

ENUM-001: Add rate limiting to paste lookups
- Separate rate limiter for GET/HEAD on paste endpoints
- Default 60 requests/minute per IP (configurable)
- Prevents brute-force paste ID enumeration attacks
This commit is contained in:
Username
2025-12-24 23:12:28 +01:00
parent da1beca893
commit c130020ab8
5 changed files with 116 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/conftest.py
View File

@@ -4,7 +4,7 @@ import pytest
import app.database as db_module
from app import create_app
from app.api.routes import reset_rate_limits
from app.api.routes import reset_lookup_rate_limits, reset_rate_limits
def _clear_database():
@@ -22,6 +22,7 @@ def app():
"""Create application for testing."""
# Reset global state for test isolation
reset_rate_limits()
reset_lookup_rate_limits()
_clear_database()
test_app = create_app("testing")
@@ -33,6 +34,7 @@ def app():
# Cleanup after test
reset_rate_limits()
reset_lookup_rate_limits()
@pytest.fixture