lichenblankie/tinyweb
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases 1 Packages Wiki Activity Actions
No description
19 commits 1 branch 1 tag 4.6 MiB
Find a file
Derick Phan c10aa7955c
Fix SSRF redirect bypass, identity permissions, error leakage, and DB connection leaks 
- SSRF: disable automatic redirects, manually follow up to 5 hops with
  IP re-validation at each step to prevent redirect-to-localhost bypass
- Identity file: enforce 0600 permissions on tinyweb_identity at load
  and creation to prevent other users from reading the private key
- Error messages: replace raw exception strings with generic messages
  to avoid leaking internal paths/hostnames to the UI
- DB connections: wrap all get_db() usage in try/finally to guarantee
  close() even when handlers throw mid-operation

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-26 11:18:47 -07:00
themes Add themes folder with kodama template and gitignore index.db 2026-03-26 10:11:32 -07:00
.gitignore Add themes folder with kodama template and gitignore index.db 2026-03-26 10:11:32 -07:00
app.py Fix SSRF redirect bypass, identity permissions, error leakage, and DB connection leaks 2026-03-26 11:18:47 -07:00
CLAUDE.md Add CLAUDE.md with project architecture and conventions 2026-03-26 08:17:38 -07:00
db.py Fix SSRF redirect bypass, identity permissions, error leakage, and DB connection leaks 2026-03-26 11:18:47 -07:00
gateway.py Harden security: bookmark auth, CSP headers, per-session CSRF, and more 2026-03-26 11:10:37 -07:00
handlers.py Fix SSRF redirect bypass, identity permissions, error leakage, and DB connection leaks 2026-03-26 11:18:47 -07:00
README.md first commit 2026-03-24 20:35:10 -07:00
requirements.txt Migrate TinyWeb to Reticulum mesh network 2026-03-25 22:18:24 -07:00
rns_client.py Add Reticulum-native subscriptions and sync-based distributed search 2026-03-25 22:51:22 -07:00
templates.py Fix custom template rendering and ensure customize page uses default layout 2026-03-26 09:45:42 -07:00

README.md