TISbackup

k3nny/TISbackup

Fork 0

Commit Graph

Author	SHA1	Message	Date
k3nny	2533b56549	feat(security): modernize SSH key algorithm support with Ed25519 Replace deprecated DSA key support with modern SSH key algorithms, prioritizing Ed25519 as the most secure option. Changes: - Add load_ssh_private_key() helper function in common.py - Support Ed25519 (preferred), ECDSA, and RSA key types - Remove deprecated and insecure DSA key support - Update all SSH key loading across backup drivers: * common.py: do_preexec, do_postexec, run_remote_command * backup_mysql.py * backup_pgsql.py * backup_sqlserver.py * backup_oracle.py * backup_samba4.py - Add ssh_port parameter to preexec/postexec connections - Update README.md with SSH key generation instructions - Document supported algorithms and migration path Algorithm priority: 1. Ed25519 (most secure, modern, fast, timing-attack resistant) 2. ECDSA (secure, widely supported) 3. RSA (legacy support, requires 2048+ bits) Security improvements: - Eliminates vulnerable DSA algorithm (1024-bit limit, FIPS deprecated) - Prioritizes elliptic curve cryptography (Ed25519, ECDSA) - Provides clear error messages for unsupported key types - Maintains backward compatibility with existing RSA keys Documentation: - Add SSH key generation examples to README.md - Update expected directory structure to show Ed25519 keys - Add migration notes in SECURITY_IMPROVEMENTS.md - Include key generation commands for all supported types Breaking change: - DSA keys are no longer supported and will fail with clear error message - Users must migrate to Ed25519, ECDSA, or RSA (4096-bit recommended) Migration: ```bash # Generate new Ed25519 key ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 # Copy to remote servers ssh-copy-id -i ~/.ssh/id_ed25519.pub user@remote ``` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-05 01:39:17 +02:00
k3nny	68ff4238e0	fix(security): remove hardcoded Flask secret key Replace hardcoded Flask secret key with environment variable to prevent session hijacking and CSRF attacks. Changes: - Load secret key from TISBACKUP_SECRET_KEY environment variable - Fall back to cryptographically secure random key using secrets module - Log warning when random key is used (sessions won't persist) - Add environment variable example to README.md Docker Compose config - Add setup instructions in Configuration section Security improvements: - Eliminates hardcoded secret in source code - Uses secrets.token_hex(32) for cryptographically strong random generation - Sessions remain secure even without env var (though won't persist) - Prevents session hijacking and CSRF bypass attacks Documentation: - Update README.md with TISBACKUP_SECRET_KEY setup instructions - Include command to generate secure random key - Update SECURITY_IMPROVEMENTS.md with implementation details - Mark hardcoded secret key issue as resolved Setup: ```bash # Generate secure key python3 -c "import secrets; print(secrets.token_hex(32))" # Set in environment export TISBACKUP_SECRET_KEY=your-key-here ``` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-05 01:29:16 +02:00
k3nny	debc753f13	fix(security): replace os.popen/os.system with subprocess for command injection prevention Replace all deprecated and unsafe command execution methods with secure subprocess.run() calls using list arguments. Changes: - Replace os.popen() with subprocess.run() in tisbackup_gui.py - Replace os.system() with subprocess.run() in tasks.py and backup_xva.py - Add input validation for device/partition names (regex-based) - Fix file operations to use context managers (with statement) - Remove wildcard import from shutil - Add timeout protection to all subprocess calls (5-30s) - Improve error handling with proper try/except blocks Security improvements: - Prevent command injection vulnerabilities in USB disk operations - Validate device paths with regex before system calls - Use list arguments instead of shell=True to prevent injection - Add proper error handling instead of silent failures Code quality improvements: - Replace deprecated os.popen() (deprecated since Python 2.6) - Use context managers for file operations - Remove wildcard imports for cleaner namespace - Add comprehensive error handling and logging Documentation: - Add SECURITY_IMPROVEMENTS.md documenting all changes - Document remaining security issues and recommendations - Include testing recommendations and migration notes BREAKING CHANGE: None - all changes are backward compatible 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-10-05 01:23:53 +02:00

Author

SHA1

Message

Date

k3nny

2533b56549

feat(security): modernize SSH key algorithm support with Ed25519

Replace deprecated DSA key support with modern SSH key algorithms,
prioritizing Ed25519 as the most secure option.

Changes:
- Add load_ssh_private_key() helper function in common.py
- Support Ed25519 (preferred), ECDSA, and RSA key types
- Remove deprecated and insecure DSA key support
- Update all SSH key loading across backup drivers:
  * common.py: do_preexec, do_postexec, run_remote_command
  * backup_mysql.py
  * backup_pgsql.py
  * backup_sqlserver.py
  * backup_oracle.py
  * backup_samba4.py
- Add ssh_port parameter to preexec/postexec connections
- Update README.md with SSH key generation instructions
- Document supported algorithms and migration path

Algorithm priority:
1. Ed25519 (most secure, modern, fast, timing-attack resistant)
2. ECDSA (secure, widely supported)
3. RSA (legacy support, requires 2048+ bits)

Security improvements:
- Eliminates vulnerable DSA algorithm (1024-bit limit, FIPS deprecated)
- Prioritizes elliptic curve cryptography (Ed25519, ECDSA)
- Provides clear error messages for unsupported key types
- Maintains backward compatibility with existing RSA keys

Documentation:
- Add SSH key generation examples to README.md
- Update expected directory structure to show Ed25519 keys
- Add migration notes in SECURITY_IMPROVEMENTS.md
- Include key generation commands for all supported types

Breaking change:
- DSA keys are no longer supported and will fail with clear error message
- Users must migrate to Ed25519, ECDSA, or RSA (4096-bit recommended)

Migration:
```bash
# Generate new Ed25519 key
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519

# Copy to remote servers
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@remote
```

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-05 01:39:17 +02:00

k3nny

68ff4238e0

fix(security): remove hardcoded Flask secret key

Replace hardcoded Flask secret key with environment variable to
prevent session hijacking and CSRF attacks.

Changes:
- Load secret key from TISBACKUP_SECRET_KEY environment variable
- Fall back to cryptographically secure random key using secrets module
- Log warning when random key is used (sessions won't persist)
- Add environment variable example to README.md Docker Compose config
- Add setup instructions in Configuration section

Security improvements:
- Eliminates hardcoded secret in source code
- Uses secrets.token_hex(32) for cryptographically strong random generation
- Sessions remain secure even without env var (though won't persist)
- Prevents session hijacking and CSRF bypass attacks

Documentation:
- Update README.md with TISBACKUP_SECRET_KEY setup instructions
- Include command to generate secure random key
- Update SECURITY_IMPROVEMENTS.md with implementation details
- Mark hardcoded secret key issue as resolved

Setup:
```bash
# Generate secure key
python3 -c "import secrets; print(secrets.token_hex(32))"

# Set in environment
export TISBACKUP_SECRET_KEY=your-key-here
```

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-05 01:29:16 +02:00

k3nny

debc753f13

fix(security): replace os.popen/os.system with subprocess for command injection prevention

Replace all deprecated and unsafe command execution methods with
secure subprocess.run() calls using list arguments.

Changes:
- Replace os.popen() with subprocess.run() in tisbackup_gui.py
- Replace os.system() with subprocess.run() in tasks.py and backup_xva.py
- Add input validation for device/partition names (regex-based)
- Fix file operations to use context managers (with statement)
- Remove wildcard import from shutil
- Add timeout protection to all subprocess calls (5-30s)
- Improve error handling with proper try/except blocks

Security improvements:
- Prevent command injection vulnerabilities in USB disk operations
- Validate device paths with regex before system calls
- Use list arguments instead of shell=True to prevent injection
- Add proper error handling instead of silent failures

Code quality improvements:
- Replace deprecated os.popen() (deprecated since Python 2.6)
- Use context managers for file operations
- Remove wildcard imports for cleaner namespace
- Add comprehensive error handling and logging

Documentation:
- Add SECURITY_IMPROVEMENTS.md documenting all changes
- Document remaining security issues and recommendations
- Include testing recommendations and migration notes

BREAKING CHANGE: None - all changes are backward compatible

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-10-05 01:23:53 +02:00

3 Commits