76 Commits

Author	SHA1	Message	Date
Username	c484c9ecc8	routes: fix ruff formatting	2026-02-16 22:02:36 +01:00
Username	727e432740	audit: migrate enums to StrEnum	2026-02-16 20:59:55 +01:00
Username	0f63bb05e1	cleanup: add expired short url cleanup	2026-02-16 20:26:58 +01:00
Username	727fc84784	routes: add url shortener endpoints	2026-02-16 20:26:54 +01:00
Username	965a6eac0e	metrics: add url shortener counters	2026-02-16 20:26:50 +01:00
Username	edc9e4344e	audit: add url shortener event types	2026-02-16 20:26:46 +01:00
Username	80b8dbdd40	config: add url shortener settings	2026-02-16 20:26:43 +01:00
Username	7fe1cc164b	database: add short_urls table schema	2026-02-16 20:26:39 +01:00
Username	fec9e22bb3	api: remove name field from index endpoint	2026-01-20 23:33:41 +01:00
Username	9777cbb053	bump version to 1.5.2	2026-01-20 08:41:22 +01:00
Username	756d83e066	api: remove prefix from index response	2026-01-19 19:40:04 +01:00
Username	3be2fd6cf6	tests: fix mypy type errors in security tests	2026-01-18 10:18:09 +01:00
Username	379178e409	exempt /health from rate limiting ... Health check endpoint was being rate-limited (60/hour), causing container health checks (every 30s = 120/hour) to fail with 429. Uses flask-limiter's request_filter to bypass rate limiting for the health endpoint, supporting URL_PREFIX configuration.	2026-01-08 20:12:03 +01:00
Username	a7f1c09634	bump version to 1.5.1	2025-12-26 19:15:20 +01:00
Username	bc751d1b8c	validate MIN_ENTROPY config bounds [0, 8]	2025-12-26 18:47:06 +01:00
Username	3cda73c8b0	simplify MIME detection to text/binary only ... Remove magic byte detection in favor of simple UTF-8 validation: - text/plain for valid UTF-8 content - application/octet-stream for binary data Security maintained via headers (X-Content-Type-Options: nosniff, CSP). Magic signatures preserved as comments for future reference. Disabled test files: - test_mime_detection.py.disabled (magic-dependent tests) - test_polyglot.py.disabled (polyglot format tests) For full MIME detection, consider using the `filetype` library.	2025-12-26 18:44:24 +01:00
Username	03bcb157cc	add HEIC/HEIF/AVIF MIME detection signatures ... - Add ftyp box signatures for heic, mif1, and avif brands - Add tests for new image formats - Fix nested if lint warning in lookup rate limit - Update security docs: MKV uses WebM header, TAR needs offset 257	2025-12-26 17:04:51 +01:00
Username	63034e17fe	perf: cache is_trusted_proxy result per request	2025-12-26 00:48:55 +01:00
Username	4f5da8ca66	fix: add memory protection to lookup rate limiting ... ENUM-002: Lookup rate limit now respects LOOKUP_RATE_LIMIT_MAX_ENTRIES (default 10000) to prevent memory exhaustion from unique IP flood. Eviction strategy: expired entries first, then oldest by last request.	2025-12-26 00:16:41 +01:00
Username	d7a8f43dae	add MIME signatures: RPM, AVI, WAV (RIFF subtypes)	2025-12-25 23:51:14 +01:00
Username	8408fedf5a	fix lint errors (unused vars, line length, formatting)	2025-12-25 20:43:28 +01:00
Username	0496a39a91	add comprehensive MIME detection tests (50 tests) ... Cover all 42 magic byte signatures: - Images: BMP, TIFF, ICO - Video: MP4, WebM, FLV - Audio: MP3, FLAC, OGG - Documents: MS Office OLE - Executables: PE, ELF, Mach-O, WASM - Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR - Data: SQLite - Edge cases: empty, short, boundary tests Also adds missing Mach-O 32-bit little-endian signature.	2025-12-25 20:36:49 +01:00
Username	11bb095ca6	use prefix slicing for magic byte detection ... Slice content once to MAX_MAGIC_LEN (16 bytes) before comparing against signatures. More explicit bounds, same safety guarantees, marginally cleaner.	2025-12-25 20:03:04 +01:00
Username	764b831bb0	expand magic byte detection for common file formats ... Add detection for: - Images: BMP, TIFF, ICO - Video: MP4, WebM, FLV, Matroska - Audio: MP3, FLAC, OGG - Documents: MS Office OLE (DOC/XLS/PPT) - Executables: PE (EXE/DLL), ELF, Mach-O, WASM - Archives: BZIP2, XZ, ZSTD, LZ4, 7z, RAR - Data: SQLite This improves REQUIRE_BINARY enforcement by detecting more recognizable formats that should be encrypted before upload.	2025-12-25 19:47:33 +01:00
Username	d09ec0da74	fix: handle 405 Method Not Allowed properly ... Exception handler was catching MethodNotAllowed and returning 500. Added dedicated 405 handler and passthrough for HTTPException.	2025-12-25 19:20:08 +01:00
Username	d1df8c4f76	fix: validate algorithm parameter in PKI methods	2025-12-25 00:26:23 +01:00
Username	3a76453828	security: implement CRYPTO-001 and TIMING-001 remediations ... CRYPTO-001: Certificate serial collision detection - Add _generate_unique_serial() helper for database-backed PKI - Add _generate_unique_serial() method for in-memory PKI class - Check database for existing serial before certificate issuance - Retry with new random serial if collision detected (max 5 attempts) TIMING-001: Constant-time database lookups for sensitive queries - Add dummy PBKDF2 verification when paste not found - Prevents timing-based enumeration (attackers can't distinguish 'not found' from 'wrong password' by measuring response time)	2025-12-24 23:28:16 +01:00
Username	c130020ab8	security: implement HASH-001 and ENUM-001 remediations ... HASH-001: Add threading lock to content hash deduplication - Prevents race condition between SELECT and UPDATE - Ensures accurate dedup counting under concurrent load ENUM-001: Add rate limiting to paste lookups - Separate rate limiter for GET/HEAD on paste endpoints - Default 60 requests/minute per IP (configurable) - Prevents brute-force paste ID enumeration attacks	2025-12-24 23:12:28 +01:00
Username	da1beca893	security: implement quick win remediations (FLOOD-001, CLI-002, CLI-003, AUDIT-001) ... FLOOD-001: Cap anti-flood request list at configurable max entries - Add ANTIFLOOD_MAX_ENTRIES config (default 10000) - Prune oldest entries when limit exceeded CLI-002: Explicitly set SSL hostname verification - Add ctx.check_hostname = True and ctx.verify_mode = CERT_REQUIRED - Defense in depth (create_default_context sets these by default) CLI-003: Warn on insecure config file permissions - Check if config file is world-readable - Print warning to stderr if permissions too open AUDIT-001: Already implemented - query has LIMIT/OFFSET with 500 max	2025-12-24 23:02:55 +01:00
Username	1fbb69d7f9	security: implement pentest remediation (RATE-002, CLI-001) ... RATE-002: Proactive rate limit cleanup when entries exceed threshold - Add RATE_LIMIT_CLEANUP_THRESHOLD config (default 0.8) - Trigger cleanup before hitting hard limit - Prevents memory exhaustion under sustained load CLI-001: Validate clipboard tool paths against trusted directories - Add TRUSTED_CLIPBOARD_DIRS for Unix system paths - Add TRUSTED_WINDOWS_PATTERNS for Windows validation - Reject tools in user-writable locations (PATH hijack prevention) - Use absolute paths in subprocess calls	2025-12-24 22:03:17 +01:00
Username	89eee3378a	security: implement pentest remediation (PROXY-001, BURN-001, RATE-001) ... PROXY-001: Add startup warning when TRUSTED_PROXY_SECRET empty in production - validate_security_config() checks for missing proxy secret - Additional warning when PKI enabled without proxy secret - Tests for security configuration validation BURN-001: HEAD requests now trigger burn-after-read deletion - Prevents attacker from probing paste existence before retrieval - Updated test to verify new behavior RATE-001: Add RATE_LIMIT_MAX_ENTRIES to cap memory usage - Default 10000 unique IPs tracked - Prunes oldest entries when limit exceeded - Protects against memory exhaustion DoS Test count: 284 -> 291 (7 new security tests)	2025-12-24 21:42:15 +01:00
Username	cf458347ef	add systemd service unit and rate limit headers ... Systemd deployment: - examples/flaskpaste.service with security hardening - examples/flaskpaste.env with all config options - README deployment section updated Rate limit headers (X-RateLimit-*): - Limit, Remaining, Reset on 201 and 429 responses - Per-IP tracking with auth multiplier - api.md documented	2025-12-24 17:51:14 +01:00
Username	045f73c998	feat: integrate unused observability features ... - Add request duration metrics via before/after request hooks - Add PKI audit logging: CERT_ISSUED, CERT_REVOKED, AUTH_FAILURE - Wire up observe_request_duration() from metrics.py - Log certificate operations (registration, CA gen, issue, revoke) - Log auth failures for revoked/expired certificates	2025-12-24 16:41:31 +01:00
Username	51af8fd2f8	fix: suppress S608 for both ruff and bandit	2025-12-23 22:57:38 +01:00
Username	2a287c65f4	fix: use nosec for bandit SQL injection suppression	2025-12-23 22:53:52 +01:00
Username	482bd9a152	style: format metrics.py	2025-12-23 22:51:11 +01:00
Username	7063f8718e	feat: add observability and CLI enhancements ... Audit logging: - audit_log table with event tracking - app/audit.py module with log_event(), query_audit_log() - GET /audit endpoint (admin only) - configurable retention and cleanup Prometheus metrics: - app/metrics.py with custom counters - paste create/access/delete, rate limit, PoW, dedup metrics - instrumentation in API routes CLI clipboard integration: - fpaste create -C/--clipboard (read from clipboard) - fpaste create --copy-url (copy result URL) - fpaste get -c/--copy (copy content) - cross-platform: xclip, xsel, pbcopy, wl-copy Shell completions: - completions/ directory with bash/zsh/fish scripts - fpaste completion --shell command	2025-12-23 22:39:50 +01:00
Username	ca9342e92d	fix: add comprehensive type annotations for mypy ... - database.py: add type hints for Path, Flask, Any, BaseException - pki.py: add assertions to narrow Optional types after has_ca() checks - routes.py: annotate config values to avoid Any return types - api/__init__.py: use float for cleanup timestamps (time.time()) - __init__.py: remove unused return from setup_rate_limiting	2025-12-22 19:11:11 +01:00
Username	680b068c00	refactor: code consistency and best practices ... - add type hints to error handlers in app/__init__.py - add docstrings to nested callback functions - remove deprecated X-XSS-Protection header (superseded by CSP) - fix typo in cleanup log message (entr(ies) -> entries) - standardize loop variable naming in fpaste CLI - update test for intentional header removal	2025-12-22 00:25:18 +01:00
Username	e8a99d5bdd	add tiered auto-expiry based on auth level	2025-12-21 21:55:30 +01:00
Username	40873434c3	pki: admin can list/delete any paste ... Add is_admin() helper to check if current user is admin. Update DELETE /<id> to allow admin to delete any paste. Update GET /pastes to support ?all=1 for admin to list all pastes. Admin view includes owner fingerprint in paste metadata.	2025-12-21 21:30:50 +01:00
Username	2acf640d91	pki: first registered user gets admin rights ... Auto-detect first certificate issuance and grant admin flag. Add is_admin column to issued_certificates table. Add is_admin_certificate() helper function. Include is_admin in /pki/issue response and X-Is-Admin header in registration.	2025-12-21 21:13:30 +01:00
Username	2ccbfcbfaa	ci: update linting and security checks ... - Fix bandit suppressions (use # nosec B608 for bandit) - Add # noqa: S608 for ruff compatibility - CI workflow: add coverage reporting (informational) - CI workflow: track mypy error baseline - CI workflow: improve documentation	2025-12-21 13:39:30 +01:00
Username	0c7bf6b587	improve index endpoint with comprehensive API info ... - Add all endpoints including PUT, register, PKI - Show authentication tiers (anonymous/client_cert/trusted) - Display current limits (size, rate) for each tier - Show PoW status and difficulty - Add CLI install/usage hints - Conditionally show PKI endpoints when enabled	2025-12-21 13:16:49 +01:00
Username	098789ff89	allow untrusted certs to manage own pastes ... Split authentication into two functions: - get_client_fingerprint(): Identity for ownership (any cert) - get_client_id(): Elevated privileges (trusted certs only) Behavior: - Anonymous: Create only, strict limits - Untrusted cert: Create + delete/update/list own pastes, strict limits - Trusted cert: All operations, relaxed limits (50MB, 5x rate) Updated tests to reflect new behavior where revoked certs can still manage their own pastes.	2025-12-21 12:59:18 +01:00
Username	c0c65a23ad	bump version to 1.5.0	2025-12-21 11:09:53 +01:00
Username	880bf631e3	fpaste: add register command for public certificate enrollment ... - Add register command to obtain client cert from server - Solve PoW challenge, receive PKCS#12 bundle - Extract cert/key, optionally update config (--configure) - Fix registration to work without PKI_ENABLED (only needs PKI_CA_PASSWORD) - Add skip_enabled_check param to get_ca_info() for registration path - Update docs: README examples, API header name fix (X-Fingerprint-SHA1)	2025-12-21 10:59:09 +01:00
Username	5849c7406f	add /register endpoint for public certificate registration ... Public endpoint allows anyone to obtain a client certificate for authentication. Features: - Higher PoW difficulty than paste creation (24 vs 20 bits) - Auto-generates CA on first registration if not present - Returns PKCS#12 bundle with cert, key, and CA - Configurable via FLASKPASTE_REGISTER_POW Endpoints: - GET /register/challenge - Get registration PoW challenge - POST /register - Register and receive PKCS#12 bundle	2025-12-21 10:34:02 +01:00
Username	98bc656c87	config: increase anti-flood decay to 60s	2025-12-20 21:18:54 +01:00
Username	8d13f52549	bump to 1.4.0, lower anti-flood threshold to 5	2025-12-20 20:53:49 +01:00