148 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Username	3be2fd6cf6	tests: fix mypy type errors in security tests	2026-01-18 10:18:09 +01:00
Username	97bf955820	tests: fix ruff lint errors in security tests	2026-01-18 10:04:27 +01:00
Username	661dab4a81	ci: add container image build and push to harbor	2026-01-18 09:57:32 +01:00
Username	9eee14e918	docs: update harbor integration status and remove hardcoded credentials	2026-01-18 09:57:27 +01:00
Username	0fc45587cd	deps: pin transitive dependencies for security fixes ... - urllib3>=2.6.3 (CVE-2025-43859) - jaraco.context>=6.1.0 (GHSA-58pv-8j8x-9vj2) - setuptools>=80.0 (vendored jaraco.context) reduces High vulnerabilities from 6 to 3	2026-01-18 09:16:08 +01:00
Username	a736bce346	docs: add kubernetes deployment guide	2026-01-17 16:27:56 +01:00
Username	7812af2e47	docs: add harbor registry guide	2026-01-17 16:27:51 +01:00
Username	9b1cddd7f1	kubernetes: use NodePort for external access ... - change service type from ClusterIP to NodePort (30500) - enables HAProxy routing from mymx to k8s cluster	2026-01-17 16:27:44 +01:00
Username	f6a69b0b55	add Kubernetes deployment manifest	2026-01-17 13:59:01 +01:00
Username	b9f0283a3b	add Podman Quadlet deployment ... - flaskpaste.container for rootless systemd integration - UserNS mapping for bind mount permissions - README updated with deployment instructions	2026-01-17 13:58:52 +01:00
Username	379178e409	exempt /health from rate limiting ... Health check endpoint was being rate-limited (60/hour), causing container health checks (every 30s = 120/hour) to fail with 429. Uses flask-limiter's request_filter to bypass rate limiting for the health endpoint, supporting URL_PREFIX configuration.	2026-01-08 20:12:03 +01:00
Username	6da80aec76	docs: update for simplified MIME detection (v1.5.1)	2025-12-26 19:52:40 +01:00
Username	a7f1c09634	bump version to 1.5.1	2025-12-26 19:15:20 +01:00
Username	28e31f0b37	remove obsolete MIME detection tests	2025-12-26 19:06:35 +01:00
Username	bc751d1b8c	validate MIN_ENTROPY config bounds [0, 8]	2025-12-26 18:47:06 +01:00
Username	3cda73c8b0	simplify MIME detection to text/binary only ... Remove magic byte detection in favor of simple UTF-8 validation: - text/plain for valid UTF-8 content - application/octet-stream for binary data Security maintained via headers (X-Content-Type-Options: nosniff, CSP). Magic signatures preserved as comments for future reference. Disabled test files: - test_mime_detection.py.disabled (magic-dependent tests) - test_polyglot.py.disabled (polyglot format tests) For full MIME detection, consider using the `filetype` library.	2025-12-26 18:44:24 +01:00
Username	fb45005766	add polyglot generator and MIME confusion tests ... - polyglot_generator.py: creates files valid in multiple formats - 41 new tests verify MIME detection handles polyglots correctly - Document rate limiting behavior under attack - Clarify DMG/ISO/DOCX detection limitations	2025-12-26 18:25:46 +01:00
Username	98694ba1cc	docs: add comprehensive threat model ... STRIDE analysis covering: - System architecture and trust boundaries - Attack surface analysis (10 entry points) - Threat actors (anonymous, authenticated, operator, sophisticated) - 20+ threats with mitigations across STRIDE categories - Security controls matrix - MIME polyglot attack mitigations - Cryptographic controls - Residual risks and known limitations - Incident response guidance	2025-12-26 17:10:41 +01:00
Username	dc2da67fb3	add Hypothesis property-based MIME detection tests ... - test_magic_prefix_detection: verify all signatures with random suffix - test_random_binary_never_crashes: random data never crashes - test_partial_magic_no_false_match: truncated magic handled safely - test_magic_not_at_start_ignored: only detect magic at offset 0	2025-12-26 17:09:02 +01:00
Username	03bcb157cc	add HEIC/HEIF/AVIF MIME detection signatures ... - Add ftyp box signatures for heic, mif1, and avif brands - Add tests for new image formats - Fix nested if lint warning in lookup rate limit - Update security docs: MKV uses WebM header, TAR needs offset 257	2025-12-26 17:04:51 +01:00
Username	93a4dd2f97	ci: add security headers audit to pipeline	2025-12-26 16:56:03 +01:00
Username	63034e17fe	perf: cache is_trusted_proxy result per request	2025-12-26 00:48:55 +01:00
Username	13ed5ed9cb	ci: add advanced security tests job	2025-12-26 00:42:43 +01:00
Username	bd75f81afd	add security testing suite and update docs ... - tests/security/pentest_session.py: comprehensive 10-phase pentest - tests/security/profiled_server.py: cProfile-enabled server - tests/security/cli_security_audit.py: CLI security checks - tests/security/dos_memory_test.py: memory exhaustion tests - tests/security/race_condition_test.py: concurrency tests - docs: add pentest results, profiling analysis, new test commands	2025-12-26 00:39:33 +01:00
Username	c1d2e39b09	docs: complete penetration testing status update ... All pentest items now complete: - CLI security audit (clipboard, permissions) - DoS memory exhaustion (fixed lookup rate limit) - Race conditions (all protected by locks)	2025-12-26 00:17:11 +01:00
Username	4f5da8ca66	fix: add memory protection to lookup rate limiting ... ENUM-002: Lookup rate limit now respects LOOKUP_RATE_LIMIT_MAX_ENTRIES (default 10000) to prevent memory exhaustion from unique IP flood. Eviction strategy: expired entries first, then oldest by last request.	2025-12-26 00:16:41 +01:00
Username	0fa6052f69	docs: update security testing status with completed tests ... - Add race condition testing results (HEAD triggers burn-after-read) - Add timing attack analysis (PBKDF2 constant-time verified) - Mark RPM, AVI, WAV MIME signatures as fixed - Update security controls table with new verifications	2025-12-25 23:58:42 +01:00
Username	d7a8f43dae	add MIME signatures: RPM, AVI, WAV (RIFF subtypes)	2025-12-25 23:51:14 +01:00
Username	4823ff7b5d	docs: update MIME testing results (26 signatures tested)	2025-12-25 23:37:05 +01:00
Username	645f6feefd	docs: add security testing status and remaining tasks	2025-12-25 23:04:33 +01:00
Username	da36f15741	docs: add fuzzer results to security assessment	2025-12-25 22:52:43 +01:00
Username	a9cd0313d3	run.py: accept --host and --port arguments	2025-12-25 22:52:02 +01:00
Username	ff05f1b289	docs: add MIME detection security assessment	2025-12-25 22:21:35 +01:00
Username	4a44d846c2	pentest: add MIME detection abuse scenarios	2025-12-25 22:05:42 +01:00
Username	0c8bdacfd2	fix ruff S310 audit warnings in fpaste	2025-12-25 21:08:48 +01:00
Username	033751d8e5	ci: fix bandit nosec and cyclonedx-py syntax	2025-12-25 21:01:55 +01:00
Username	de39a36174	fix mypy type narrowing in test_cli_security	2025-12-25 20:49:27 +01:00
Username	e8b4cd5e77	ci: install dependencies for mypy type checking ... Also fix type errors in fuzz tests.	2025-12-25 20:47:17 +01:00
Username	8408fedf5a	fix lint errors (unused vars, line length, formatting)	2025-12-25 20:43:28 +01:00
Username	0496a39a91	add comprehensive MIME detection tests (50 tests) ... Cover all 42 magic byte signatures: - Images: BMP, TIFF, ICO - Video: MP4, WebM, FLV - Audio: MP3, FLAC, OGG - Documents: MS Office OLE - Executables: PE, ELF, Mach-O, WASM - Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR - Data: SQLite - Edge cases: empty, short, boundary tests Also adds missing Mach-O 32-bit little-endian signature.	2025-12-25 20:36:49 +01:00
Username	11bb095ca6	use prefix slicing for magic byte detection ... Slice content once to MAX_MAGIC_LEN (16 bytes) before comparing against signatures. More explicit bounds, same safety guarantees, marginally cleaner.	2025-12-25 20:03:04 +01:00
Username	764b831bb0	expand magic byte detection for common file formats ... Add detection for: - Images: BMP, TIFF, ICO - Video: MP4, WebM, FLV, Matroska - Audio: MP3, FLAC, OGG - Documents: MS Office OLE (DOC/XLS/PPT) - Executables: PE (EXE/DLL), ELF, Mach-O, WASM - Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR - Data: SQLite This improves REQUIRE_BINARY enforcement by detecting more recognizable formats that should be encrypted before upload.	2025-12-25 19:47:33 +01:00
Username	9901649fd7	docs: add compression design constraints ... Compression must be paired with encryption (compress-then-encrypt) to prevent bypassing entropy enforcement via compress-only uploads.	2025-12-25 19:40:34 +01:00
Username	f640ec85b5	docs: sync ROADMAP and add compression design note ... - Update test count: 301 → 337 - Fix CLI commands: pki revoke doesn't exist, use pki download - Add compression URL marker requirement to TODO ideas	2025-12-25 19:30:09 +01:00
Username	14c8d0d83d	docs: update test count and fix pki.md inaccuracies ... - README: update test count from 283 to 337 - pki.md: fix environment variable names (PKI_CA_PASSWORD) - pki.md: correct CLI usage examples (config via env/file) - pki.md: update pki status output format - pki.md: clarify revocation is API-only (no CLI command)	2025-12-25 19:24:17 +01:00
Username	cd7a9e8340	gitignore: add .hypothesis test cache	2025-12-25 19:20:33 +01:00
Username	debdc8478e	add hypothesis-based fuzzing test suite ... 18 property-based tests covering: - Content handling (binary, text, unicode) - Paste ID validation and path traversal - Header fuzzing (auth, proxy, XFF) - JSON endpoint fuzzing - Size limit enforcement - Injection detection (SQLi, SSTI, XSS) - Error handling paths	2025-12-25 19:20:16 +01:00
Username	d09ec0da74	fix: handle 405 Method Not Allowed properly ... Exception handler was catching MethodNotAllowed and returning 500. Added dedicated 405 handler and passthrough for HTTPException.	2025-12-25 19:20:08 +01:00
Username	0a7627fbe5	add offensive security testing framework ... - FUZZING.md: comprehensive attack methodology covering 10 phases - tests/fuzz/run_fuzz.py: automated fuzzing harness with 6 test phases Phases: recon, input fuzzing, injection (SQLi, SSTI, path traversal, command injection), auth bypass, business logic, crypto attacks. Includes: radamsa mutations, hypothesis property testing, atheris coverage-guided fuzzing, HTTP smuggling, slowloris, nuclei templates.	2025-12-25 01:11:02 +01:00
Username	0aa31c526b	docs: add PKI usage guide with examples	2025-12-25 00:28:33 +01:00