95 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Username	a040fad0b8	fix: resolve all mypy type errors	2025-12-25 00:19:21 +01:00
Username	db9b45a9ad	docs: update task tracking after CI enhancement	2025-12-25 00:10:37 +01:00
Username	88da4fedbe	ci: enhance security scanning and add SBOM generation ... - Add dedicated security-tests job for security-focused test files - Add SBOM generation job using CycloneDX for supply chain transparency - Add Bandit scan for fpaste CLI - Add hardcoded secrets detection step - Fix SHA1 fingerprint warnings with usedforsecurity=False - Split unit tests from security tests for better organization - Add memory leak detection job	2025-12-24 23:50:11 +01:00
Username	3059d533bc	docs: update documentation after pentest remediation ... - TASKLIST.md: add pentest tasks to completed section - TODO.md: add observation about pentest completion - ROADMAP.md: update test count (301), add decision log entry - PROJECT.md: update test count (301) - SECURITY.md: remove obsolete limitations, add v1.5.0 changes	2025-12-24 23:33:15 +01:00
Username	3a76453828	security: implement CRYPTO-001 and TIMING-001 remediations ... CRYPTO-001: Certificate serial collision detection - Add _generate_unique_serial() helper for database-backed PKI - Add _generate_unique_serial() method for in-memory PKI class - Check database for existing serial before certificate issuance - Retry with new random serial if collision detected (max 5 attempts) TIMING-001: Constant-time database lookups for sensitive queries - Add dummy PBKDF2 verification when paste not found - Prevents timing-based enumeration (attackers can't distinguish 'not found' from 'wrong password' by measuring response time)	2025-12-24 23:28:16 +01:00
Username	c130020ab8	security: implement HASH-001 and ENUM-001 remediations ... HASH-001: Add threading lock to content hash deduplication - Prevents race condition between SELECT and UPDATE - Ensures accurate dedup counting under concurrent load ENUM-001: Add rate limiting to paste lookups - Separate rate limiter for GET/HEAD on paste endpoints - Default 60 requests/minute per IP (configurable) - Prevents brute-force paste ID enumeration attacks	2025-12-24 23:12:28 +01:00
Username	da1beca893	security: implement quick win remediations (FLOOD-001, CLI-002, CLI-003, AUDIT-001) ... FLOOD-001: Cap anti-flood request list at configurable max entries - Add ANTIFLOOD_MAX_ENTRIES config (default 10000) - Prune oldest entries when limit exceeded CLI-002: Explicitly set SSL hostname verification - Add ctx.check_hostname = True and ctx.verify_mode = CERT_REQUIRED - Defense in depth (create_default_context sets these by default) CLI-003: Warn on insecure config file permissions - Check if config file is world-readable - Print warning to stderr if permissions too open AUDIT-001: Already implemented - query has LIMIT/OFFSET with 500 max	2025-12-24 23:02:55 +01:00
Username	1fbb69d7f9	security: implement pentest remediation (RATE-002, CLI-001) ... RATE-002: Proactive rate limit cleanup when entries exceed threshold - Add RATE_LIMIT_CLEANUP_THRESHOLD config (default 0.8) - Trigger cleanup before hitting hard limit - Prevents memory exhaustion under sustained load CLI-001: Validate clipboard tool paths against trusted directories - Add TRUSTED_CLIPBOARD_DIRS for Unix system paths - Add TRUSTED_WINDOWS_PATTERNS for Windows validation - Reject tools in user-writable locations (PATH hijack prevention) - Use absolute paths in subprocess calls	2025-12-24 22:03:17 +01:00
Username	89eee3378a	security: implement pentest remediation (PROXY-001, BURN-001, RATE-001) ... PROXY-001: Add startup warning when TRUSTED_PROXY_SECRET empty in production - validate_security_config() checks for missing proxy secret - Additional warning when PKI enabled without proxy secret - Tests for security configuration validation BURN-001: HEAD requests now trigger burn-after-read deletion - Prevents attacker from probing paste existence before retrieval - Updated test to verify new behavior RATE-001: Add RATE_LIMIT_MAX_ENTRIES to cap memory usage - Default 10000 unique IPs tracked - Prunes oldest entries when limit exceeded - Protects against memory exhaustion DoS Test count: 284 -> 291 (7 new security tests)	2025-12-24 21:42:15 +01:00
Username	bebc6e0354	add comprehensive penetration testing plan ... Define 8 specialized subagents for security testing: - AuthBypass, InputFuzz, CryptoAudit, RaceCondition - DoSResilience, InfoLeak, CLISecurity, DependencyAudit Document critical vulnerabilities and remediation priorities.	2025-12-24 21:32:19 +01:00
Username	4e06a3befb	ci: retry after flaky test failure	2025-12-24 20:07:45 +01:00
Username	4577a1d7e4	docs: update for systemd and rate limit headers	2025-12-24 20:05:30 +01:00
Username	cf458347ef	add systemd service unit and rate limit headers ... Systemd deployment: - examples/flaskpaste.service with security hardening - examples/flaskpaste.env with all config options - README deployment section updated Rate limit headers (X-RateLimit-*): - Limit, Remaining, Reset on 201 and 429 responses - Per-IP tracking with auth multiplier - api.md documented	2025-12-24 17:51:14 +01:00
Username	cb6eebee59	docs: update for v1.5.0 features ... - Add PKI audit logging, request duration metrics to features list - Update test count from 216 to 283 - Add audit.py and metrics.py to project structure - Document audit logging in api.md - Update TASKLIST.md with completed tasks - Update TODO.md (remove resolved debt items) - Update ROADMAP.md decision log	2025-12-24 17:10:42 +01:00
Username	045f73c998	feat: integrate unused observability features ... - Add request duration metrics via before/after request hooks - Add PKI audit logging: CERT_ISSUED, CERT_REVOKED, AUTH_FAILURE - Wire up observe_request_duration() from metrics.py - Log certificate operations (registration, CA gen, issue, revoke) - Log auth failures for revoked/expired certificates	2025-12-24 16:41:31 +01:00
Username	fef5eac1b5	ci: add memory leak detection workflow	2025-12-24 00:19:33 +01:00
Username	51af8fd2f8	fix: suppress S608 for both ruff and bandit	2025-12-23 22:57:38 +01:00
Username	2a287c65f4	fix: use nosec for bandit SQL injection suppression	2025-12-23 22:53:52 +01:00
Username	482bd9a152	style: format metrics.py	2025-12-23 22:51:11 +01:00
Username	7063f8718e	feat: add observability and CLI enhancements ... Audit logging: - audit_log table with event tracking - app/audit.py module with log_event(), query_audit_log() - GET /audit endpoint (admin only) - configurable retention and cleanup Prometheus metrics: - app/metrics.py with custom counters - paste create/access/delete, rate limit, PoW, dedup metrics - instrumentation in API routes CLI clipboard integration: - fpaste create -C/--clipboard (read from clipboard) - fpaste create --copy-url (copy result URL) - fpaste get -c/--copy (copy content) - cross-platform: xclip, xsel, pbcopy, wl-copy Shell completions: - completions/ directory with bash/zsh/fish scripts - fpaste completion --shell command	2025-12-23 22:39:50 +01:00
Username	4d08a4467d	fix: conditional requests import in container tests	2025-12-22 20:06:51 +01:00
Username	ceb81fdd7c	style: format test files	2025-12-22 20:04:46 +01:00
Username	a469fc3343	test: add paste management tests (list, search, update, delete)	2025-12-22 19:42:55 +01:00
Username	bf74988ddb	test: add container integration tests ... Tests verify: - Container image builds successfully - Health endpoint responds - Paste creation/retrieval works - Security headers present - Non-root execution - Gunicorn workers running Skipped by default, run with: FLASKPASTE_INTEGRATION=1 pytest tests/test_container_integration.py	2025-12-22 19:22:41 +01:00
Username	e130e9c84d	test: add concurrent submission tests for abuse prevention	2025-12-22 19:16:24 +01:00
Username	ca9342e92d	fix: add comprehensive type annotations for mypy ... - database.py: add type hints for Path, Flask, Any, BaseException - pki.py: add assertions to narrow Optional types after has_ca() checks - routes.py: annotate config values to avoid Any return types - api/__init__.py: use float for cleanup timestamps (time.time()) - __init__.py: remove unused return from setup_rate_limiting	2025-12-22 19:11:11 +01:00
Username	680b068c00	refactor: code consistency and best practices ... - add type hints to error handlers in app/__init__.py - add docstrings to nested callback functions - remove deprecated X-XSS-Protection header (superseded by CSP) - fix typo in cleanup log message (entr(ies) -> entries) - standardize loop variable naming in fpaste CLI - update test for intentional header removal	2025-12-22 00:25:18 +01:00
Username	028367d803	docs: modernize and clean deprecated content ... - replace deprecated FLASK_ENV with FLASK_DEBUG - remove duplicate FLASKPASTE_MAX_EXPIRY entry - update API version to 1.5.0 - add missing /pastes and /pki endpoints to table - remove deprecated X-XSS-Protection header - add PKI config variables - update features list with current capabilities - update auth benefits and security sections	2025-12-21 22:36:48 +01:00
Username	e2e2039903	docs: update for tiered expiry, admin features, batch delete	2025-12-21 22:16:51 +01:00
Username	916a09f595	fpaste: add batch delete and --all with confirmation	2025-12-21 22:06:53 +01:00
Username	e8a99d5bdd	add tiered auto-expiry based on auth level	2025-12-21 21:55:30 +01:00
Username	3fe631f6b9	fpaste: add --all flag and expiry countdown to list	2025-12-21 21:43:48 +01:00
Username	40873434c3	pki: admin can list/delete any paste ... Add is_admin() helper to check if current user is admin. Update DELETE /<id> to allow admin to delete any paste. Update GET /pastes to support ?all=1 for admin to list all pastes. Admin view includes owner fingerprint in paste metadata.	2025-12-21 21:30:50 +01:00
Username	2acf640d91	pki: first registered user gets admin rights ... Auto-detect first certificate issuance and grant admin flag. Add is_admin column to issued_certificates table. Add is_admin_certificate() helper function. Include is_admin in /pki/issue response and X-Is-Admin header in registration.	2025-12-21 21:13:30 +01:00
Username	99e6a019f4	tests: fix flaky cleanup test timing for CI	2025-12-21 13:45:05 +01:00
Username	2ccbfcbfaa	ci: update linting and security checks ... - Fix bandit suppressions (use # nosec B608 for bandit) - Add # noqa: S608 for ruff compatibility - CI workflow: add coverage reporting (informational) - CI workflow: track mypy error baseline - CI workflow: improve documentation	2025-12-21 13:39:30 +01:00
Username	0c7bf6b587	improve index endpoint with comprehensive API info ... - Add all endpoints including PUT, register, PKI - Show authentication tiers (anonymous/client_cert/trusted) - Display current limits (size, rate) for each tier - Show PoW status and difficulty - Add CLI install/usage hints - Conditionally show PKI endpoints when enabled	2025-12-21 13:16:49 +01:00
Username	098789ff89	allow untrusted certs to manage own pastes ... Split authentication into two functions: - get_client_fingerprint(): Identity for ownership (any cert) - get_client_id(): Elevated privileges (trusted certs only) Behavior: - Anonymous: Create only, strict limits - Untrusted cert: Create + delete/update/list own pastes, strict limits - Trusted cert: All operations, relaxed limits (50MB, 5x rate) Updated tests to reflect new behavior where revoked certs can still manage their own pastes.	2025-12-21 12:59:18 +01:00
Username	1f09f2686a	fpaste: consolidate code and add type hints ... - Add type hints throughout (NoReturn, Path | None, etc.) - Extract helper functions to eliminate duplication: - read_config_file() / write_config_file() - parse_error() for JSON error parsing - format_paste_row() / print_paste_list() - prepare_content(), extract_paste_id() - auth_headers(), require_auth() - Add constants (CONFIG_DIR, CONFIG_KEYS, MIME_EXTENSIONS) - Replace if/elif chains with command dispatch tables - Extract build_parser() from main() - Use walrus operators and frozenset where appropriate Net reduction: 170 lines (-793 +623)	2025-12-21 12:43:34 +01:00
Username	37d2ccef0f	docs: update for v1.5.0 public registration feature	2025-12-21 12:34:35 +01:00
Username	c0c65a23ad	bump version to 1.5.0	2025-12-21 11:09:53 +01:00
Username	880bf631e3	fpaste: add register command for public certificate enrollment ... - Add register command to obtain client cert from server - Solve PoW challenge, receive PKCS#12 bundle - Extract cert/key, optionally update config (--configure) - Fix registration to work without PKI_ENABLED (only needs PKI_CA_PASSWORD) - Add skip_enabled_check param to get_ca_info() for registration path - Update docs: README examples, API header name fix (X-Fingerprint-SHA1)	2025-12-21 10:59:09 +01:00
Username	5849c7406f	add /register endpoint for public certificate registration ... Public endpoint allows anyone to obtain a client certificate for authentication. Features: - Higher PoW difficulty than paste creation (24 vs 20 bits) - Auto-generates CA on first registration if not present - Returns PKCS#12 bundle with cert, key, and CA - Configurable via FLASKPASTE_REGISTER_POW Endpoints: - GET /register/challenge - Get registration PoW challenge - POST /register - Register and receive PKCS#12 bundle	2025-12-21 10:34:02 +01:00
Username	68d51c5b3e	fpaste: show elevated pow difficulty on create	2025-12-20 21:57:13 +01:00
Username	b47c26dd14	docs: update for v1.4.0 features ... - Add anti-flood, rate limiting, scheduled cleanup to feature lists - Update version to 1.4.0, test count to 205 - Document /pastes endpoint with query parameters - Add anti-flood fields to /challenge response - Update CLI docs with new commands (list, search, export) - Add decision log entries for recent features	2025-12-20 21:36:09 +01:00
Username	98bc656c87	config: increase anti-flood decay to 60s	2025-12-20 21:18:54 +01:00
Username	c6b3dd410a	fpaste: retry on pow failure (max 5 attempts)	2025-12-20 21:09:14 +01:00
Username	89ac2af161	fpaste info: show pow difficulty level	2025-12-20 20:58:17 +01:00
Username	8d13f52549	bump to 1.4.0, lower anti-flood threshold to 5	2025-12-20 20:53:49 +01:00
Username	45712ea93f	add anti-flood: dynamic PoW difficulty under load ... When paste creation rate exceeds threshold, PoW difficulty increases to slow down attackers. Decays back to base when abuse stops. Config: - ANTIFLOOD_THRESHOLD: requests/window before increase (30) - ANTIFLOOD_STEP: difficulty bits per step (2) - ANTIFLOOD_MAX: maximum difficulty cap (28) - ANTIFLOOD_DECAY: seconds before reducing (30)	2025-12-20 20:45:58 +01:00