flaskpaste

username/flaskpaste

Fork 1

Commit Graph

Author	SHA1	Message	Date
Username	1fbb69d7f9	security: implement pentest remediation (RATE-002, CLI-001) Some checks failed CI / Lint & Format (push) Failing after 16s Details CI / Tests (push) Has been skipped Details CI / Memory Leak Check (push) Has been skipped Details CI / Security Scan (push) Successful in 23s Details RATE-002: Proactive rate limit cleanup when entries exceed threshold - Add RATE_LIMIT_CLEANUP_THRESHOLD config (default 0.8) - Trigger cleanup before hitting hard limit - Prevents memory exhaustion under sustained load CLI-001: Validate clipboard tool paths against trusted directories - Add TRUSTED_CLIPBOARD_DIRS for Unix system paths - Add TRUSTED_WINDOWS_PATTERNS for Windows validation - Reject tools in user-writable locations (PATH hijack prevention) - Use absolute paths in subprocess calls	2025-12-24 22:03:17 +01:00

Author

SHA1

Message

Date

Username

1fbb69d7f9

security: implement pentest remediation (RATE-002, CLI-001)

CI / Lint & Format (push) Failing after 16s

Details

CI / Tests (push) Has been skipped

Details

CI / Memory Leak Check (push) Has been skipped

Details

CI / Security Scan (push) Successful in 23s

Details

RATE-002: Proactive rate limit cleanup when entries exceed threshold
- Add RATE_LIMIT_CLEANUP_THRESHOLD config (default 0.8)
- Trigger cleanup before hitting hard limit
- Prevents memory exhaustion under sustained load

CLI-001: Validate clipboard tool paths against trusted directories
- Add TRUSTED_CLIPBOARD_DIRS for Unix system paths
- Add TRUSTED_WINDOWS_PATTERNS for Windows validation
- Reject tools in user-writable locations (PATH hijack prevention)
- Use absolute paths in subprocess calls

2025-12-24 22:03:17 +01:00

1 Commits