fugacious / fugacious Goto Github PK
View Code? Open in Web Editor NEWOSSSM (awesome). Open source short-term secure messaging
Home Page: https://fugacio.us
License: Other
OSSSM (awesome). Open source short-term secure messaging
Home Page: https://fugacio.us
License: Other
Waldo Jaquith (CHO) [10:00 AM]
[redacted] has sent me a [redacted] license URL via Fugacious. There’s some odd character encoding going on, and hyphens (presumably) in the URL are turning into a sequence of a half-dozen Unicode characters, including 2 unprintable ones. The upshot is that I cannot download the license file to use [redacted]
I'm seeing the string For your own security, please this message once it is no longer needed.
and I assume that there's supposed to be a word, possibly “delete”, between “this” and “message”.
i18n support for headers, buttons, and basic copy.
As far as I can tell, the whenever gem writes to the crontab and doesn't directly schedule work itself. That means it's not going to work with paas environments like cloud foundry or heroku, which don't expose cron to tenant apps. We should use a paas-friendly scheduler instead--i.e., a scheduler that doesn't depend on cron. Since we're already using sidekiq, an extension like sidekiq-cron might make sense.
But while we're talking about this, I wonder if we can also improve on the way we're expiring messages. The current daily cron task schedules one sidekiq job for each message in the database, whether it's expired or not. Then, for each sidekiq job, we load the message record again, check whether it's expired, and delete if so. Why load each record twice? It seems like we should be able to express this job in a single query, like delete from messages where created_at + hours > now()
. This isn't quite correctly, but you get the idea.
Options:
Currently, messages will remain in the database beyond their expiration if an attempted view is not made after expiry. Create a scheduled task or some other sort of service to ensure that stale data does not remain in the database beyond its prescribed lifespan.
When trying to run the app locally, I get this error:
Unexpected error while processing request: Default policy not yet supplied
/Users/jessieayoung/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/secure_headers-3.6.1/lib/secure_headers/configuration.rb:44:in `get'
/Users/jessieayoung/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/secure_headers-3.6.1/lib/secure_headers.rb:227:in `config_for'
/Users/jessieayoung/.rbenv/versions/2.3.1/lib/ruby/gems/2.3.0/gems/secure_headers-3.6.1/lib/secure_headers/middleware.rb:14:in `call'
I assume there is a config somewhere not in git for this? Can we add something to go to make it work?
Use a library to parse the expiry time so that it is easier to specify when the message expires
In the case of fugacious, URLs should be treated as sensitive since knowing the URL would allow someone to access the secret stored (assuming it was accessed within the TTL of the secret).
If running fugacious behind an http server like apache or nginx, often these have a default configuration to log all requests, including URLs, to file or stdout. Most PaaS, like Heroku or Cloud Foundry are configured this way, too. Operators of fugacious should take this into consideration when setting up their app, otherwise, they will potentially be disclosing sensitive information to their hosting providers.
We can include a note about how to avoid this disclosure of sensitive information and maybe even include suggested apache or nginx configuration files as examples.
Add an Instructions
section to the readme to help users provision fugacious with Chef.
from https://www.owasp.org/index.php?title=Transport_Layer_Protection_Cheat_Sheet
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
Add the following to installation instructions:
===
Add to your local Gemfile.
source 'https://rubygems.org'
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
ruby '2.3.3'
This sources github repos via https and will remove https warnings
===
Provide methods for the user to verify the identity of the recipient. This could be KBA, email, or social login. This will help prevent scrapers (perhaps an email monitor appliance that follows links, slack used to follow links) from viewing the content.
and perhaps limit it to 10-15 lines max.
https://hakiri.io/github/jgrevich/fugacious/dev
The self-destruct message says "and" but should be "or"
When I share a link in Slack, the number of views is incremented when the link expanding bot views my message unexpectedly.
create a simple CLI script to access the fugacious API
$fug -m 'this is only a test'
=> https://fugacio.us/m/G2mGz8ysLnJjur5yRgL66Qj8oUCTZg8z
Include more opengraph metadata
Submit to Google webmaster tools, bing, etc
Choose an analytics provider to track progress
Please enable coveralls.io for fugacious/fugacious
In order to improve relations with fellow devs; we need to include simple instructions to get from git checkout
to rails s
. This encourages outside contributions and eases the level of effort to dig in to our codebase.
Travis is enabled for jgrevich/fugacious and not fugacious/fugacious. Please enable.
we should list similar projects to fugacious in our readme or somewhere in our repo: https://github.com/gophergala2016/sendto and https://github.com/micahflee/onionshare
GitHub
gophergala2016/sendto
sendto - 🔒 Sendto lets people send you encrypted files and folders without fussing with keysGitHub
micahflee/onionshare
onionshare - Securely and anonymously share a file of any size
Let's say I'm trying to tell someone their password is "insecure"?:<>-*&^
. Right now, there's no intuitive way to delimit the password, and they'd see something like:
Your password is "insecure"?:<>-*&^ and you should change it soon.
I think the easiest delimiter would be blank lines, so that the message could be:
Your password is:
"insecure"?:<>-*&^
and you should change it soon.
Explicit support for ways to mark elements as code would fix this too, but I assume they'd be harder.
For power users, I'm thinking something like
$ echo $SOMETHING | curl -d @- https://fugacio.us/
https://fugacio.us/m/...
When you are viewing a message which has already been destroyed, there is conflicting messaging as to the state of your message. The red box alert is clear that the secret is no longer available, but the second message suggests that it may still exist until the time expires.
The destroy
link is also not available in the message, so it can likely be omitted completely.
For your own security, please this message once it is no longer needed.
Just a thought. You could encrypt messages inside the database, each with its own random key. The encryption key could become part of the URL; the server would throw it out. This would secure people's messages against someone hacking into the database and downloading it (hello Patreon!). Although the combination of the database and the web server logs could still be used to decrypt things (since the key is in the url), so the logs would need to be deleted or anonymized promptly to get full protection out of this.
Creation of a message:
Accessing a message:
What if someone modifies part of the encryption key? Then the web page would display gibberish?
As a user of fugacious, I want to know that the deployed version is up to date (and it sounds like it isn't right now). Fugacious should be deployed automatically--e.g., on each tagged commit to master.
Add ability to track current Fugacious use:
Hakiri reports several security issues related to Rails 4.2.0. Updating Rails would avoid such issues.
For example, it would be great to be able to distinguish between a capital letter O and a zero
A user should be able to hide the alert boxes using keyboard commands (ESC or X).
Fix any deprecation warnings. See:
This would enable access to the secret only when the sender literally has the tab open in fugacious where they entered it.
The data would never be stored in fugacious' database, and it would never be transmitted through fugacious' servers. Instead, fugacious' JavaScript would be responsible for establishing the peer-to-peer connection and transferring the data directly from the sender to the receiver.
This is a non-trivial feature addition, but I wanted to get it down while I was thinking about it. Because it eliminates the need for a database (at the cost of forcing transfers to be mostly synchronous/coordinated) it might even be a better fit for another tinier app entirely. But if this project is interested in it, it'd be a fun, useful feature.
If max retention hours is 2, the default retention hours in the create form leads to an invalid submission. The default value in the form should be <= the max value.
@jgrevich : There's a very high limit to the # of hours you can set to a message.
Example:
You eventually increase the value to something around the scale of 10000000000000
to throw an error. But that aside, the value should be much lower, for two reasons.
1) Resource Exhaustion: an adversary could create scripting to fill up storage over a period of time, and since the data won't be deleted per the excessive time frame, resource exhaustion beyond capacity planning is possible.
2) Allows for violation of policy / intent: Users may fat finger a value much higher than attended. Example, 722 hours instead of 72 hours.
We'd like a hotfix on this as soon as is reasonable on the fugacious.18f.gov instance at minimum, as it will be a blocker to ATOs on systems that mention fugacious in their SSPs - ie, all of them. 😁
Thank you!
Currently, the message expiration task loads all messages into memory and issues a separate delete for each expired message. We should use a single delete query instead--something like
delete from messages where created_at + interval '1 hour' * hours > now()
That query won't work for all sql flavors. One option here would be to restrict to postgres. If that's a problem, then we could store the expiration time in the messages table instead of the duration to get a portable query like
delete from messages where expires_at > now()
WDYT?
Security issue from Hakiri: REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
upgrade rest-client
travis, hakiri, coveralls
Include the following:
Upgrade rails
Security issue from Hakiri: There is a possible remote code execution vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-2098.Applications that pass unverified user input to the render
method in a controller or a view may be vulnerable to a code injection.Impacted code will look like this:rubyclass TestController < ApplicationController def show render params[:id] endend
An attacker could use the request parameters to coerce the above example to execute arbitrary ruby code.
18F's #products-platforms would like to make our work more public. In order to share our progress with the rest of 18F/TTS we will schedule a bi-weekly sprint review/retrospective and invite all of 18F to the review via post in #general-talk
Deliverables
Schedule bi-weekly meeting for review/retrospective
Drop a reminder in #general-talk on the day of the meeting to invite any interested parties
Add Britta to the invite
Add Karen to the invite
Users may want to leave a message that can only be opened after a specified 'open after' date. Here are a couple of examples.
—Constructing a test or similar transaction where the answer should only be revealed after a period of time.
—"Voting" type applications where everyone wants to submit their preference or opinion before any answers are revealed.
The UI side would be very easy, simply adding a time input field with the pre-filled default set to now.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.