security: alle review bevindingen opgelost #1

Merged

forgejo merged 1 commit from security-fixes into main 2026-03-27 23:17:02 +01:00

Conversation 0 Commits 1 Files changed 8 +357 -192

forgejo commented 2026-03-27 23:16:57 +01:00

Collaborator

Copy link

Kritiek/Hoog:

• Race condition claim: BEGIN IMMEDIATE + IntegrityError handling
• Race condition verify: atomic status update (pending→provisioning→verified)
• SSH key injection: strip newlines, max 8KB, reject command= opties
• App als root: privilege-separated provision.sh via sudo helper
• Rate limiting: nginx limit_req + pending per IP + emails per uur
• Agate vs Molly Brown: Molly Brown config verwijderd, alleen Agate

Medium:

• HTTPS in nginx config + security headers + CSP
• X-Forwarded-For: gebruik X-Real-IP, overschrijf header in nginx
• Cleanup expired pending registraties bij startup + check
• Path traversal defense-in-depth check
• SECRET_KEY verplicht (geen random fallback)
• gunicorn i.p.v. Flask dev server
• datetime.utcnow() → datetime.now(timezone.utc)

Laag:

• Duplicate bestanden in root verwijderd
• SQLite WAL mode + busy_timeout
• TLS certs: ed25519 i.p.v. RSA 2048

Kritiek/Hoog: - Race condition claim: BEGIN IMMEDIATE + IntegrityError handling - Race condition verify: atomic status update (pending→provisioning→verified) - SSH key injection: strip newlines, max 8KB, reject command= opties - App als root: privilege-separated provision.sh via sudo helper - Rate limiting: nginx limit_req + pending per IP + emails per uur - Agate vs Molly Brown: Molly Brown config verwijderd, alleen Agate Medium: - HTTPS in nginx config + security headers + CSP - X-Forwarded-For: gebruik X-Real-IP, overschrijf header in nginx - Cleanup expired pending registraties bij startup + check - Path traversal defense-in-depth check - SECRET_KEY verplicht (geen random fallback) - gunicorn i.p.v. Flask dev server - datetime.utcnow() → datetime.now(timezone.utc) Laag: - Duplicate bestanden in root verwijderd - SQLite WAL mode + busy_timeout - TLS certs: ed25519 i.p.v. RSA 2048

forgejo added 1 commit 2026-03-27 23:16:57 +01:00

security: alle review bevindingen opgelost ... 67b23cb792

Kritiek/Hoog:
- Race condition claim: BEGIN IMMEDIATE + IntegrityError handling
- Race condition verify: atomic status update (pending→provisioning→verified)
- SSH key injection: strip newlines, max 8KB, reject command= opties
- App als root: privilege-separated provision.sh via sudo helper
- Rate limiting: nginx limit_req + pending per IP + emails per uur
- Agate vs Molly Brown: Molly Brown config verwijderd, alleen Agate

Medium:
- HTTPS in nginx config + security headers + CSP
- X-Forwarded-For: gebruik X-Real-IP, overschrijf header in nginx
- Cleanup expired pending registraties bij startup + check
- Path traversal defense-in-depth check
- SECRET_KEY verplicht (geen random fallback)
- gunicorn i.p.v. Flask dev server
- datetime.utcnow() → datetime.now(timezone.utc)

Laag:
- Duplicate bestanden in root verwijderd
- SQLite WAL mode + busy_timeout
- TLS certs: ed25519 i.p.v. RSA 2048

forgejo merged commit f8829eb0ac into main 2026-03-27 23:17:02 +01:00

forgejo referenced this pull request from a commit 2026-03-27 23:17:04 +01:00

Merge pull request 'security: alle review bevindingen opgelost' (#1) from security-fixes into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

claude/debster!1

No description provided.