alee/fieldwitness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
792254699c
fieldwitness/frontends/web
History
Aaron D. Lee 0d8c94bf82 Fix 6 security issues from post-FR audit 
- Fix 3 missing CSRF tokens on admin user delete/reset and account
  key delete forms (were broken — CSRFProtect rejected submissions)
- Fix trust store path traversal: untrust_key() now validates
  fingerprint format ([0-9a-f]{32}) and checks resolved path
- Fix chain key rotation: old key is now revoked after rotation
  record, preventing compromised old keys from appending records
- Fix SSRF in deadman webhook: block private/internal IP targets
- Fix logout CSRF: /logout is now POST-only with CSRF token,
  preventing cross-site forced logout via img tags

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 19:44:15 -04:00
..
blueprints Implement 14 power-user feature requests for field deployment 2026-04-01 19:35:36 -04:00
static Wire up auth, stego routes, and full web UI with login flow 2026-03-31 15:53:58 -04:00
templates Fix 6 security issues from post-FR audit 2026-04-01 19:44:15 -04:00
__init__.py Add core modules, web frontend, CLI, keystore, and fieldkit 2026-03-31 14:30:13 -04:00
app.py Fix 6 security issues from post-FR audit 2026-04-01 19:44:15 -04:00
auth.py Consolidate stegasoo and verisoo into soosef monorepo 2026-04-01 19:06:14 -04:00
ssl_utils.py Wire up auth, stego routes, and full web UI with login flow 2026-03-31 15:53:58 -04:00
stego_routes.py Consolidate stegasoo and verisoo into soosef monorepo 2026-04-01 19:06:14 -04:00
stego_worker.py Consolidate stegasoo and verisoo into soosef monorepo 2026-04-01 19:06:14 -04:00
subprocess_stego.py Wire up auth, stego routes, and full web UI with login flow 2026-03-31 15:53:58 -04:00
temp_storage.py Fix 14 bugs and add features from power-user security audit 2026-04-01 17:06:33 -04:00