fix(security): add expiry and size limits to anonymous share records#961
Open
anshul23102 wants to merge 5 commits into
Open
fix(security): add expiry and size limits to anonymous share records#961anshul23102 wants to merge 5 commits into
anshul23102 wants to merge 5 commits into
Conversation
- Add _required_env() helper function to enforce mandatory configuration - Update jwt_secret to use _required_env() instead of fallback to default - Application now fails fast at startup if JWT_SECRET is not set - Prevents token forgery attacks from known default secrets Closes imDarshanGK#707
- Import get_current_user dependency from security module - Add authentication requirement to all history endpoints - Filter history records by current_user.id to prevent cross-user access - Ensure users can only access their own analysis history - Save user_id when storing new history entries Closes imDarshanGK#708
- Add TRUST_PROXY_HEADERS environment variable to control proxy header trust - Only use X-Forwarded-For if explicitly enabled via TRUST_PROXY_HEADERS=true - Default to disabled (uses direct connection IP) for security - Use rightmost IP in X-Forwarded-For chain (most recent hop) - Prevents trivial per-IP rate limit bypass from spoofed headers - Improves rate limiting accuracy in production deployments Closes imDarshanGK#709
…tacks - Move file size validation to occur AFTER decompression - Use actual decompressed size (len(raw)) instead of spoofable central directory header - Add per-file size limit (2MB) to catch individual bomb files - Track cumulative decompressed size and enforce total limit - Abort extraction if any limit exceeded during decompression - Prevents ZIP bombs that report small compressed size but expand to gigabytes Closes imDarshanGK#710
- Add MAX_SHARE_CODE_BYTES (50KB) limit to prevent unlimited storage - Add SHARE_EXPIRY_DAYS (30) constant for share lifetime - Add expiry_at timestamp to track when shares should be deleted - Implement _cleanup_expired_shares() function to purge old records - Call cleanup on both POST and GET to maintain database size - Validate code size before accepting new shares - Delete expired records on retrieval attempt - Prevents database bloat from accumulated anonymous shares Closes imDarshanGK#711
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR fixes the unbounded storage issue in anonymous shares by implementing expiry dates and size limits. Share records now automatically expire after 30 days and are cleaned up from the database.
Problem
Anonymous share records accumulate indefinitely with no lifecycle management:
Solution
Changes
Database Schema Changes
The SharedSnippet model needs new fields:
Security Impact
Testing
Related Issue
Closes #711
This contribution is part of GSSoC 2026. Please consider adding the gssoc-approved label when reviewed.