username/flaskpaste
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
216 Commits 1 Branch 0 Tags
main
Commit Graph

3 Commits

Author SHA1 Message Date
Username
de39a36174 fix mypy type narrowing in test_cli_security
Some checks failed
CI / Security Scan (push) Failing after 22s
Details
CI / Lint & Format (push) Successful in 24s
Details
CI / Security Tests (push) Has been skipped
Details
CI / Memory Leak Check (push) Successful in 22s
Details
CI / SBOM Generation (push) Failing after 21s
Details
CI / Unit Tests (push) Successful in 36s
Details
2025-12-25 20:49:27 +01:00
Username
3a76453828 security: implement CRYPTO-001 and TIMING-001 remediations
Some checks failed
CI / Lint & Format (push) Failing after 17s
Details
CI / Tests (push) Has been skipped
Details
CI / Memory Leak Check (push) Has been skipped
Details
CI / Security Scan (push) Successful in 23s
Details 
CRYPTO-001: Certificate serial collision detection
- Add _generate_unique_serial() helper for database-backed PKI
- Add _generate_unique_serial() method for in-memory PKI class
- Check database for existing serial before certificate issuance
- Retry with new random serial if collision detected (max 5 attempts)

TIMING-001: Constant-time database lookups for sensitive queries
- Add dummy PBKDF2 verification when paste not found
- Prevents timing-based enumeration (attackers can't distinguish
  'not found' from 'wrong password' by measuring response time)
 2025-12-24 23:28:16 +01:00
Username
1fbb69d7f9 security: implement pentest remediation (RATE-002, CLI-001)
Some checks failed
CI / Lint & Format (push) Failing after 16s
Details
CI / Tests (push) Has been skipped
Details
CI / Memory Leak Check (push) Has been skipped
Details
CI / Security Scan (push) Successful in 23s
Details 
RATE-002: Proactive rate limit cleanup when entries exceed threshold
- Add RATE_LIMIT_CLEANUP_THRESHOLD config (default 0.8)
- Trigger cleanup before hitting hard limit
- Prevents memory exhaustion under sustained load

CLI-001: Validate clipboard tool paths against trusted directories
- Add TRUSTED_CLIPBOARD_DIRS for Unix system paths
- Add TRUSTED_WINDOWS_PATTERNS for Windows validation
- Reject tools in user-writable locations (PATH hijack prevention)
- Use absolute paths in subprocess calls
 2025-12-24 22:03:17 +01:00