Commit Graph

325 Commits

Author SHA1 Message Date
El RIDO f04043a399
address Scrutinizer issues 2021-06-13 11:02:53 +02:00
El RIDO 1f2dddd9d8
address Codacy issues 2021-06-13 10:53:01 +02:00
El RIDO 93135e0abf
improving code coverage 2021-06-13 10:44:26 +02:00
El RIDO e294145a2b
ip-lib doesn't except on the matches interfaces 2021-06-13 08:26:05 +02:00
Mark van Holsteijn 1b88eef356 improved implementation of GoogleStorageBucket 2021-06-10 21:39:15 +02:00
El RIDO 5af069b4f0
Merge pull request #810 from binxio/persistence-into-data
added purgeValues function
2021-06-10 08:22:10 +02:00
Mark van Holsteijn 1232717334 added purgeValues to GCS 2021-06-09 22:27:34 +02:00
El RIDO 7b2f0ff302
apply StyleCI recommendation 2021-06-09 19:16:22 +02:00
El RIDO a203e6322b
implementing key/value store of Persistance in Database storage 2021-06-09 07:47:40 +02:00
El RIDO 7901ec74a7
folding Persistance\ServerSalt into Data\Filesystem 2021-06-08 22:01:29 +02:00
El RIDO b5a6ce323e
folding Persistance\TrafficLimiter into Data\Filesystem 2021-06-08 07:49:22 +02:00
El RIDO 3429d293d3
remove configurable dir for traffic & purge limiters 2021-06-08 06:37:27 +02:00
El RIDO ae486d651b
folding Persistance\PurgeLimiter into Data\Filesystem 2021-06-07 21:53:42 +02:00
Mark van Holsteijn 55efc858b5 simplest implementation of kv support on gcs 2021-06-07 09:11:24 +02:00
El RIDO 7bdcc2ae15
conclude scaffolding of AbstractData key/value storage, missing implementation 2021-06-07 07:02:47 +02:00
El RIDO 1a7d0799c0
scaffolding interface for AbstractData key/value storage, folding Persistance\DataStore into Data\Filesystem 2021-06-07 06:53:15 +02:00
El RIDO de8f40ac1a
kudos @StyleCI 2021-06-06 19:35:31 +02:00
El RIDO c758eca0a4
removed automatic .ini configuration file migration, closes #808 2021-06-06 17:53:08 +02:00
El RIDO 2bc54caa07
fix never matched condition, kudos @ShiftLeftSecurity, found via #807 2021-06-05 10:33:01 +02:00
El RIDO abb2b90e9b
make StyleCI happy 2021-06-05 05:52:13 +02:00
El RIDO edb8e5e078
handle edge cases with file locking: file needs to exist before it can be locked, fixes #803 2021-06-05 05:48:17 +02:00
Mark van Holsteijn 342270d6dd added Google Cloud Storage support 2021-05-28 22:39:50 +02:00
El RIDO b6460616ba
address Scrutinizer issues 2021-05-22 11:30:17 +02:00
El RIDO 91c8f9f23c
use namespaces 2021-05-22 11:02:54 +02:00
El RIDO 3dd01b1f70
testing IP exemption, handle corner cases found in testing 2021-05-22 10:59:47 +02:00
rodehoed af5a14afc3 Optimized the canPass() functions 2021-05-19 09:01:45 +02:00
rodehoed 5812a6bb68 Optimized the canPass() functions 2021-05-19 08:47:35 +02:00
Rodehoed 502bb5fa15 Put the ip-matching function in a private function 2021-05-06 12:18:44 +02:00
Rodehoed 89bdc92451 Put the ip-matching function in a private function 2021-05-06 12:13:03 +02:00
LinQhost Managed hosting 63d6816c7c Merge branch 'api-ip-exempt' of https://github.com/rodehoed/PrivateBin into api-ip-exempt 2021-05-05 08:43:32 +02:00
rodehoed a806a6455e
QA 2021-05-04 11:20:24 +02:00
rodehoed 4296b43832
QA 2021-05-04 11:19:34 +02:00
rodehoed c3ad4a4b4d
QA 2021-05-04 11:18:06 +02:00
rodehoed 805eb288d9
QA 2021-05-04 11:14:11 +02:00
rodehoed b21efd8336
Code quality 2021-05-04 11:01:46 +02:00
LinQhost Managed hosting 7d82c82fd9 Make it possible to exempt ips from the rate-limiter 2021-05-04 10:29:25 +02:00
El RIDO fcb6422663
re-adding CSP directive sandbox allow-forms, it is needed for the password input form to work on the JS side 2021-04-18 21:05:32 +02:00
rugk 3ca01024fd
feat: disallow form submission alltogether
Following the tests and HTTP Observatory, I think we can disable forms altogether.

Fixes https://github.com/PrivateBin/PrivateBin/issues/778
2021-04-18 14:16:39 +02:00
rugk 5809a7cfa7
feat: add form-action CSP restriction
This follows a suggestion from HTTP Observatory:
> Restricts where <form> contents may be submitted by using form-action 'none', form-action 'self', or specific URIs

Fixes #778
2021-04-18 14:14:46 +02:00
El RIDO 9b893f09d7
Merge branch 'master' into floc 2021-04-17 08:35:21 +02:00
El RIDO 7b7a32c0a7
apply StyleCI recommendation 2021-04-17 08:20:08 +02:00
rugk fd7d05e862
Add base URL as default CSP restriction
This follows an [HTTP Observatory recommendation](https://observatory.mozilla.org/analyze/privatebin.net):
> Restricts use of the <base> tag by using base-uri 'none', base-uri 'self', or specific origins.

Given we don't use that anywhere, this safe should be safe. (not tested practically though)
2021-04-16 22:04:28 +02:00
El RIDO 6f3bb25b09
disable Google FloC 2021-04-16 20:25:50 +02:00
El RIDO 1dc8b24665
transmit cookie only over HTTPS, fixes #472 2021-04-16 20:15:12 +02:00
El RIDO 9e6eb50ced
adding new security headers, fixes #765 2021-04-16 19:19:11 +02:00
El RIDO 175d14224e
set plurals for and credit Estonian translation 2021-04-16 18:27:12 +02:00
El RIDO 458ebcb321
incrementing version 2021-04-05 17:05:14 +02:00
El RIDO da0896fe42
set plurals for and credit Catalan translation 2021-04-02 09:00:27 +02:00
El RIDO 5a9bcea3a9
set plurals for and credit Indonesian translation 2021-03-09 05:54:06 +01:00
El RIDO b38ebc503e
plural rules and documenting newly added languages 2021-01-07 21:16:03 +01:00