Fix SSRF redirect bypass, identity permissions, error leakage, and DB connection leaks
- SSRF: disable automatic redirects, manually follow up to 5 hops with IP re-validation at each step to prevent redirect-to-localhost bypass - Identity file: enforce 0600 permissions on tinyweb_identity at load and creation to prevent other users from reading the private key - Error messages: replace raw exception strings with generic messages to avoid leaking internal paths/hostnames to the UI - DB connections: wrap all get_db() usage in try/finally to guarantee close() even when handlers throw mid-operation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Derick Phan
parent
d5f2d01651
commit
c10aa7955c
3 changed files with 310 additions and 256 deletions
5
app.py
5
app.py
|
|
@ -15,9 +15,14 @@ IDENTITY_FILE = "tinyweb_identity"
|
|||
|
||||
def load_or_create_identity():
|
||||
if os.path.isfile(IDENTITY_FILE):
|
||||
# Ensure identity file is only readable by owner
|
||||
current = os.stat(IDENTITY_FILE).st_mode & 0o777
|
||||
if current != 0o600:
|
||||
os.chmod(IDENTITY_FILE, 0o600)
|
||||
return RNS.Identity.from_file(IDENTITY_FILE)
|
||||
identity = RNS.Identity()
|
||||
identity.to_file(IDENTITY_FILE)
|
||||
os.chmod(IDENTITY_FILE, 0o600)
|
||||
return identity
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue