7 Commits

Author	SHA1	Message	Date
Username	4a44d846c2	pentest: add MIME detection abuse scenarios	2025-12-25 22:05:42 +01:00
Username	3a76453828	security: implement CRYPTO-001 and TIMING-001 remediations ... CRYPTO-001: Certificate serial collision detection - Add _generate_unique_serial() helper for database-backed PKI - Add _generate_unique_serial() method for in-memory PKI class - Check database for existing serial before certificate issuance - Retry with new random serial if collision detected (max 5 attempts) TIMING-001: Constant-time database lookups for sensitive queries - Add dummy PBKDF2 verification when paste not found - Prevents timing-based enumeration (attackers can't distinguish 'not found' from 'wrong password' by measuring response time)	2025-12-24 23:28:16 +01:00
Username	c130020ab8	security: implement HASH-001 and ENUM-001 remediations ... HASH-001: Add threading lock to content hash deduplication - Prevents race condition between SELECT and UPDATE - Ensures accurate dedup counting under concurrent load ENUM-001: Add rate limiting to paste lookups - Separate rate limiter for GET/HEAD on paste endpoints - Default 60 requests/minute per IP (configurable) - Prevents brute-force paste ID enumeration attacks	2025-12-24 23:12:28 +01:00
Username	da1beca893	security: implement quick win remediations (FLOOD-001, CLI-002, CLI-003, AUDIT-001) ... FLOOD-001: Cap anti-flood request list at configurable max entries - Add ANTIFLOOD_MAX_ENTRIES config (default 10000) - Prune oldest entries when limit exceeded CLI-002: Explicitly set SSL hostname verification - Add ctx.check_hostname = True and ctx.verify_mode = CERT_REQUIRED - Defense in depth (create_default_context sets these by default) CLI-003: Warn on insecure config file permissions - Check if config file is world-readable - Print warning to stderr if permissions too open AUDIT-001: Already implemented - query has LIMIT/OFFSET with 500 max	2025-12-24 23:02:55 +01:00
Username	1fbb69d7f9	security: implement pentest remediation (RATE-002, CLI-001) ... RATE-002: Proactive rate limit cleanup when entries exceed threshold - Add RATE_LIMIT_CLEANUP_THRESHOLD config (default 0.8) - Trigger cleanup before hitting hard limit - Prevents memory exhaustion under sustained load CLI-001: Validate clipboard tool paths against trusted directories - Add TRUSTED_CLIPBOARD_DIRS for Unix system paths - Add TRUSTED_WINDOWS_PATTERNS for Windows validation - Reject tools in user-writable locations (PATH hijack prevention) - Use absolute paths in subprocess calls	2025-12-24 22:03:17 +01:00
Username	89eee3378a	security: implement pentest remediation (PROXY-001, BURN-001, RATE-001) ... PROXY-001: Add startup warning when TRUSTED_PROXY_SECRET empty in production - validate_security_config() checks for missing proxy secret - Additional warning when PKI enabled without proxy secret - Tests for security configuration validation BURN-001: HEAD requests now trigger burn-after-read deletion - Prevents attacker from probing paste existence before retrieval - Updated test to verify new behavior RATE-001: Add RATE_LIMIT_MAX_ENTRIES to cap memory usage - Default 10000 unique IPs tracked - Prunes oldest entries when limit exceeded - Protects against memory exhaustion DoS Test count: 284 -> 291 (7 new security tests)	2025-12-24 21:42:15 +01:00
Username	bebc6e0354	add comprehensive penetration testing plan ... Define 8 specialized subagents for security testing: - AuthBypass, InputFuzz, CryptoAudit, RaceCondition - DoSResilience, InfoLeak, CLISecurity, DependencyAudit Document critical vulnerabilities and remediation priorities.	2025-12-24 21:32:19 +01:00