How about a new logo. Here two simple suggestions generated from GNOME icons. One logo and one icon to be used as favicon.

privatebin.zip

With some more extensions to the composer.json we could publish PrivateBin on https://packagist.org/.

However I am not sure whether this is the best place as composer (and packagist) are more used for libraries and not for complete-web projects as PrivateBin AFAIK. (Correct me if I am wrong.)

Published on:

• Packagist - https://packagist.org/packages/privatebin/privatebin
• PHP Pear
• Sandstorm
• Debian
• Ubuntu
• RHEL/CentOS
• Docker - https://hub.docker.com/r/privatebin/nginx-fpm-alpine/
• arkOS
• YunoHost - https://github.com/YunoHost-Apps/zerobin_ynh
• OpenSUSE - https://build.opensuse.org/package/show/home:gladiac:apps/privatebin
• Cloudron - https://www.cloudron.io/button/info.privatebin.cloudronapp.html

see https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/issues/master/files/lib/i18n.php?selectedSecLabels%5B0%5D=20&orderField=path&order=asc&honorSelectedPaths=0#inspectioncomment-31510711

and #41 (comment)

PHP Fatal error: Uncaught exception 'RainTpl_Exception' with message 'Cache directory /tmp doesn't have write permission. Set write permission or set RAINTPL_CHECK_TEMPLATE_UPDATE to false. More details on http://www.raintpl.com/Documentation/Documentation-for-PHP-developers/Configuration/'...

i set that check template update to false. i gave write permision to tmp dir. but still same error. i did git clone with latest version of privatebin. how to fix that im tired. it says extract files, set cfg and done. but not so. make default settings more wisely for new users of this script.

also i need paste script which will work on mobile devices without flash support but this script demo didn't work without flash support. can you develop this script for mobile using also?

@rugk
I think we really need a nicer favicon. The current one is a big dark blue square where you can hardly see the "Z" when it is displayed in a small version.
Especially for the light styles, this favicon does not suit and would have to be much lighter.

@rlex:

Subj. Will be nice to have when you uploading 100mb+ files.

@nitmir:

If I am right, files are base64 encoded (by javascript) in the web page body (href="data:mime;base64,iMS4wIiBlbmNvZGl…). So dealing with big files should not work very well and be really resource greedy.

I realized that if one ever had really large discussions it would slow down opening paste significantly, as currently the paste including all the comments are loaded on every request (including after posting a comment to refresh the list).

The obvious solution is to have a (configurable) page size and support pagination of comments if there ever are more than that amount of them added to one paste.

Not urgent, but I think it would be a nice to have.

@rugk:

It would be nice if I could use Content Security Policy with ZeroBin.
It is actually possible, but to use such a policy without weak settings (unsafe-...) the source code has to meet some criterias:

• no inline JavaScript (also no OnClick or similar things)
• no evalused in JS
• no inline CSS

So if you have CSP compatibility you of course could also send a strong header via PHP.

A CSP would also mitigate elrido/ZeroBin#8 a bit as the website with such a CSP (which can easily be checked in a browsers console) cannot load arbitrary scripts.

BTW for PHP there is also this framework: https://github.com/paragonie/csp-builder

@rugk:

Although I have set discussion = true the discussion button in the UI is always disabled.

Even if I set opendiscussion = true it stays the same.

Version: latest from git

@rugk:

Ah I found it out: (Obviously) when I select "one time text" it cannot have a discussion.
So as you just found out the current behaviour is bad UX.

It has two problems:

1. I only see that the button is disabled when clicking on it or when hovering over the check box (the text is still displayed with a linked button in my case, Firefox here)
2. You might even just leave this button enabled every time and let a user click on it. When they click on it you can automatically deselected the other button.
   This is the way it is currently already done when I have discussion selected and click the other button. However it is not done the other way around.

@rugk:

It would be nice to have a return button in plain-text view, so that you can get the "normal" view back after you clicked on "plain-text".
Alternatively you may also make it possible to use the back button of the browser - this would even be more intuitive.

@nitmir:

But if you add a button, it is no more plain-text. The plain-text view is handy because you can select all (ctrl-a) to get the content of the paste.
Using the back button of the browser would be nice though.

@rugk:

But if you add a button, it is no more plain-text. The plain-text view is handy because you can select all (ctrl-a) to get the content of the paste.

Mhh that's true. But IMO it is not a "real" plain-text view anyway as it still renders markdown e.g. A real, plain-text view would be to show the raw markdown file.

@nitmir:

Ah I never noticed. I agree that plain-text should show the source markdown and not the rendered part.

@rugk:

So what about this issue?

Essentially it seems to be two issue now:

1. Do not render markdown when showing markdown source.
2. Allow browser back button (or a custom button) for switching back

@rugk:

Reproduce:
0. Download the image file attached below. (Sha256: 0b74cc841a9ab82568078b92edb5273594fd74bda0a7a324760271e7ae4675d6)

1. Create a new ZeroBin with this file.
2. Select "one time text" and enter some text.
3. Click on "Send" and upload the file.
4. Copy the URL and paste it into the browser.

What happens:
For some strange reason I'm prompted for a password, although I have not set one.

What should happen:
Just show me the content. 😃

File: abstract_firefox_wallpaper_by_steam10.jpg

Zerobin v0.22, using MySQL as a database

@elrido:

Could you let me know if your server is using Suhosin or a similar security module? What is your PHPs max_post_size setting?

I have found a system were I could reproduce this. On that system it happens independently of the backend with uploads roughly larger then 600 - 800 KiB, when only an attachment is given with an empty text. If both are given, no password is requested, the text is displayed, but the image is still missing. When I debug the $_POST it does not contain the attachment key although it is sent (as checked with wireshark).

I have not been able to pinpoint it definitely, but strongly suspect that Suhosin is messing with the POST variables. It offers suhosin.request.max_value_length and suhosin.post.max_value_length settings which are by default limited to 1000000. Your file is almost 900 kiB and with encryption and base64 encoding the full POST content becomes over 2 MiB, so on my system it would certainly have max_value_lengths over 1000000. Unfortunately I have not yet been able to find a Suhosin configuration that would allow an upload on that system.

I will try to add some code that at least checks if an attachmentname was sent but the attachment is missing, so that we can display an appropriate error message to the users, like "Your file upload did not succeed, your file is too large for this servers settings". Also I should add a check in the JS logic for the configured sizelimit option, so we don't even bother posting too large files (base64 increases the size that is sent by 33-36%) and can again display an appropriate message.

@rugk:

max_post_size should be the default (it does not appear in my php config)

Suhosin

AFAIK not. PHP is installed from the Debian repos.

PHP 5.6.20-0+deb8u1 (cli) (built: Apr 27 2016 18:21:41) 
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

Webserver is nginx BTW.

600 - 800 KiB,

Yes, that's the size I also experienced...

When only an attachment is given with an empty text. If both are given, no password is requested, the text is displayed, but the image is still missing.

In my case I also tried it with both things and always had the same result (password is requested).

Hello.

In conf.ini, those options can be changed :

[formatter_options]
; Set available formatters, their order and their labels
plaintext = "Plain Text"
syntaxhighlighting = "Source Code"
markdown = "Markdown"

But would it be possible to have them translated, as with other texts ?

In French, "Source Code" = "Code source" ;) and "Plain Text" = "Texte brut"

PHP 7 build fails, because of trafficlimiter: https://travis-ci.org/PrivateBin/PrivateBin/jobs/145489445

Currently we use AES in CBC mode. We should switch to GCM mode. It's safer, can be parallelised (so it might be faster, but I am not sure whether this is true in our case) and is authenticated encryption.

Some browsers (Chrome & Firefox) will soon add a new W3C specification called subresource integrity:

This specification defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation.

Here is an example from a Firefox developer blog post:

<script src="https://code.jquery.com/jquery-2.1.4.min.js"
  integrity="sha384-R4/ztc4ZlRqWjqIuvf6RX5yb/v90qNGx6fS48N0tRxiGkqveZETq72KgDVJCp2TC"
crossorigin="anonymous" />

Although so far I see no reason to switch zerobin to CDN usage, simply for the benefits federation offers, it might be worth to add such hashes for our JS libraries.

In a federated scenario, if an attacker can manipulate the JS to compromise the encryption (i.e. by injecting a "master key"), that attacker can also manipulate the integrity hash, so one would not notice this. On the other hand it gives the more security aware visitors some means to check if the library used by a specific zerobin instance matches those from a certain release or not.

Also to consider: Any development change to a JS library will invalidate its hash, so it would be very helpful to have some script to easily regenerate and update the hashes in all templates.

@rugk:

I don't really know how you imagine your "federated scenario"...

As long as the basic index file is always loaded from your own server you can use SRI to protect any other files loaded (from other servers). Currently all files are of course loaded from your own server, but with SRI could could easily change this without weaken security.

And you of course can still use SRI for your own server (in this case you also don't need the CORS header).
Combined with a CSP this would also reduce the user trust to one single file: The index file. So security-minded users could check whether the served index file is correct (hash it with a hash you e.g. provide in the Readme here for all themes). Therefore this would mitigate #8 as users can easily check whether all served files are valid.

When all this is implemented we might of course use this idea and create a JS bookmarklet as it was already done previously. However in the current case we only would have to check the hash of the index file...

Hello,

When I'm launching a Privatebin page I got a very fast message saying the Javascript is required before disapearing
It's not only an issue for my installation, I can see this on other PrivateBin on the directory.

Regards,
Sacha

Well, this one is certainly going to be controversial, but here is the idea, comments highly welcome:

Now that I use ZeroBin more frequently myself I started creating lists of URLs, descriptions and (if I created them myself) delete links on my local machine.

Idea 1: local paste manager

Lets say I am accessing my trusted ZeroBin service (trusted here means: from my personal trusted device to a service I set up myself or trust the admin/crew that runs it). There is a button, i.e. "paste manager". When I click on it (for the first time on this service) I get a message explaining: "The paste manager allows you to store paste URLs on your device. This stores the full paste URLs including the secret that is not sent to the server and the deletion tokens. Are you sure you want to continue? Yes/No"

When clicking on yes I get a sidebar with an empty list. It could provide buttons to "clear the manager" (delete the local store) and "add a paste". Otherwise the manager will start to remember any paste I create on this service, including the delete token.

We could even add remote URLs to our list if we implement CORS headers to allow remote AJAX requests to retrieve these. This would allow us to use remote servers for storage only and to use our trusted install to access these.

Pastes would be marked as "crossed through" when they get deleted or expire. There could be a button to delete all such pastes at once. There could be a tagging system to tag pastes and then only display certain tags or tag combinations, etc.

Note: When you don't trust a server, don't store your pastes in it, as the server could in any way inject malicious code that retrieves the secret part of the URL and the password you typed in for the paste.

In any case I think this feature should not be active by default, but always require the user to request and accept it (and of course server admins should have the option to disable it on their installs).

Idea 2: federation and fostering client-server separation

There are ways to access local storage across domains. In this scenario the paste manager from above could not only store paste URLs of remote servers, it could access the local storage (which is on your own device) for that domain and import any stored missing URLs from that sites paste manager. This would allow migration if I switch from using one service to another (i.e. I get hooked using ZeroBin on some public service, but then later want to use my own installation).

ZeroBin consists of a server part to store and retrieve the data and the client could run completely separate, be that as an angular frontend, that maybe even runs on localhost or as a browser plugin (I think vikstrous was working in this direction) or even as a shell client (like ZeroCli by ziirish). Using the current frontend provided by the server would then simply be the fallback for those without a client and for casual visitors.

@Hexalyse:

I myself think the local paste manager is a very good idea. It's something that I saw on 0bin, and found it very usefull ! The way you see it and want to implement it is even more modulable. Being able to use our own installation of Zerobin (serving HTML/JS files we trust) to retrieve paste data stored on other Zerobin installations (ie. somebody sent us an URL from another Zerobin instance but we don't trust it) is even better and would give me a better security feeling.

I'm not sure about the Idea 2, it could be useful, but I think it shouldn't automatically import URLs from other domains' paste manager, but instead we could have a tab in which you choose to import URLs from such and such domains. In any case, I would use this feature myself, but it can be nice.

Anyway, the separation between client-side and server side (JSON REST API) is a very good idea, because we could imagine "desktop apps", or even mobile apps, that only use the network to retrieve paste data, so you don't have to rely on the statis JS files sent by the server each time. I totally support this new approach, which is way more "modern".

@Draky50110:

About the paste manager : why not, but please make a conf.ini option to enable/disable it ;)
Paranoid peoples are not always wrong :p

@Hexalyse:

Even if it's enabled, it wouldn't store anything unless the user enable it in the front end anyway.

@elrido:

Thanks for your feedback so far. Lets let these ideas ripe for a bit.

@rugk:

I would also be in favour for such a "paste manager",. but don't store the pastes on the server. Just store them in the local storage on your own device. Storing them there does not weaken security as:

1. Usually all browser store accessed URLs in the history, so they are saved on your local disk anyway.
2. A malicious server could read the URLs from local storage and send them to the server, but this needs modified JS (as local storage data is not send to the server by default - in contrast to cookies e.g.). This does not introduce a new danger as servers serving malicious JS are always a danger as discussed in #8.
3. Local storage is separated per website.

Of course it has one disadvantage: Users can only use the paste manager on the same device & browser. But I think this is okay as all other solutions (like storing this data on the server) would weaken the security.
In any case it should however be optional - I think this is for sure.

@mathroc:

I tried ZeroBin with Postgres but it's not working because Postgres does not have a blob type. It could work with a bytea column but its usage is a bit different than a blob in mysql (it require serializing and unserializing the data)

@elrido:

Thanks for bringing this up!

I mainly used to BLOB type to circumvent issues with length limitations when using MySQL and storing larger attachments. The actual contents are always gzipped, encrypted and base64 encoded JSONs as you can see i.e. when looking a paste stored using the flat file model.

I will check what type is better suited for this in PostgreSQL.

I did write to a few server admins after the 0.21 release last weekend and one of them mentioned the lack of a preview as a feature request.

How about the tabs you have here at github (write / preview above the textarea)? We could also move the Format drop down to the right side (were in github the "Markdown supported" label appears), what do you think?

@Hexalyse:

Very good idea, indeed the preview would be great, especially for Markdown, or to preview syntax highlighting (that is sometimes a bit buggy)

hi. i had PrivateBin v .22 and it was working without problem. i wanted to upgrade it for latest fixes and did;
git pull privatebin.
it's not recommended way to update my currently working script? i should delete and git clone privatebin from zero?

i thought git pull would be enough and still thinking so. because both of ways didn't solve this problem. i am copying error message;

[error] PHP Warning: require(~/paste/vendor/symfony/polyfill-mbstring/bootstrap.php): failed to open stream: No such file or directory in ~/paste/vendor/composer/autoload_real.php on line 66

[error] PHP Fatal error: require(): Failed opening required '~/paste/vendor/symfony/polyfill-mbstring/bootstrap.php' (include_path='.:/usr/share/php:/usr/share/pear') in ~/paste/vendor/composer/autoload_real.php on line 66

i'm on debian wheezy and pear is on /usr/share/php/PEAR/ path. not in /usr/share/pear. i wrote right path for the "include_path" in boths /etc/php5/apache2/php.ini and /etc/php5/cli/php.ini config files. and restarted apache. nothing changed.
can you say me this script using cli ini or webserver ini path?

as this problem continued, i did "rm -rf * .*" after took my backups. did git clone privatebin. i had again same problem. so it means to do git pull privatebin wasnt causing the problem for it. also i did same things as on above and other things. nothing solved the error. it shows just white page.

i also tried to give file or dir paths on require $file; and didn't help.

after spent long hours, i fixed the problem by putting // to comment out that 66. line from autoload_real.php to ignore that line. my site works now but im waiting a fix from you or tell me if my solution is enough well ?

fix on line 66:

// require $file;

There are still some parts where SHA-1 is used. Especially somewhere in visual hash? (I though a slightly better hash algorithm could be used here)

So we should investigate how we can replace SHA-1 here.

Continuing elrido/ZeroBin#100

Version overview:

see https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/issues/master/files/lib/RainTPL.php?selectedSecLabels%5B0%5D=24&orderField=path&order=asc&honorSelectedPaths=0#inspectioncomment-32645974

and #44 for a theoretical fix showing what is wrong with the path engine

See https://paragonie.com/blog/2015/07/how-safely-generate-random-strings-and-integers-in-php

So I would propose the following order:

• Sodium::randombytes_uniform()
• random_bytes()
• random_compat? (or current mcrypt_create_iv implementation?)

Maybe we'll switch the first two - probably depending on which is faster.

@marsjaninzmarsa suggests to add IRC colors in #25. Opening issue to keep track of it.

Does anybody now of JS libraries or has seen examples, preferably in webbased IRC clients?

@rugk suggests:
--> https://stackoverflow.com/questions/4503194/parsing-mirc-colors-in-php ?

I think this can be done with https://www.browserstack.com/ e.g., but I don't know exactly how do to this.
So if anyone has experience with such a service, please let us know.

Addresses #20 - 2.10

Options:

• API key in URL (random string)
• Some auth method with CORS headers
• CORS - only same domain instead of *
• OAUTH (?)

Depends on use-case of API. E.g. when the API is used by desktop/mobile applications CORS headers are irrelevant and the desktop/mobile application is assumed to be handle all things securely.
CORS headers are only relevant for applications on websites using PrivateBin API. For this use-case we should look at similar APIs, e.g. how GitHub does it.

Switch to Web Crypto API and provide sjcl only as a fallback.

Browser support is good.

@rugk:

Similar to displaying included image files it would also be nice to display PDF files directly.

Usually you would just need to create an iframe where the PDF file is loaded. Modern browsers do the rendering itself (Firefox e.g. uses PDF.js) or display it with browser plugins.

If you do you might of course sandbox the iframe correctly.

@nitmir:

Or use pdf.js for every one and add a download button for then pdf.js do not render well ?

édith: it's what owncloud do btw

@rugk:

This would also be possible, but I'm not sure whether pdf.js would bloat this too much...

@pozzo-balbi:

I would want to suggest a public delete link on each post. This way there would be no need to complain to the webmaster, that illegal content was published, since anyone could just hit the delete button and solve the problem themselves.

Further I would want to suggest an option to turn on publication of IP on any posting. Wikipedia also records publicly the IP of anyone posting anonymously. This should scare away people that misuse the service and law enforcement would never need to contact the webmaster for anything. They already know the IP of who posted or participated in a discussion.

@elrido:

Personal opinion: Law enforcement would not care about public delete links (at least they don't about those of Facebook i.e.) and would always try to hold the webmaster responsible. Hence the plausible deniabilty of the webmaster due to encrypted pastes. Also a public delete link is an invitation for "griefers" and would make it nearly impossible to publish pastes to a larger audience.

Depending on the laws in the country where the service is hosted, webmasters might be forced to keep webserver access logs for a certain period of time. Users of any TCP based internet service (mail, web, etc.) should be aware of this.

Maybe a question for my understanding: There is the simple rate limiting for posting new pastes implemented since quite early on. And I see that there are quite a few ZeroBin installs out there with cloudflare DDoS protection. On my own site I do not see that much traffic (granted, it's not the coolest URL) and I only ever had one request for a takedown (which was not by law enforcement and it turned out to be for a different site and they had just found me via the link to this project). Hence:

Do you guys receive many takedown notices and do you have issues with the traffic on your sites? For the first we might want to push an "administration interface" and for the latter we could prioritize some performance optimizations.

So currently we use AES. But in which mode is it used? See e.g. how Owncloud did it, which was a problem.

The mode should also be documented in the Readme...

Because PHP does not support AES in GCM mode yet, but GCM has many advantages - the biggest one being that it is authenticated encryption so it cannot be modified.

However there is a method to use GCm mode right now, but it requires libsodium installed on the server. However libsodium is a great cryptographic tool with many features and they have a PHP wrapper.
So we could e.g. even switch to ChaCha20-Poly1305. Libsodium also allows one to use better hashing algorithms, a strong way to generate random numbers and even using the memory securly is possible.

We should evaluate whether/what/how we want to use (it).

We might update sjcl to 1.0.3 or 1.04 if there is such a version.

@Draky50110:

Hello (again)

A simple tool : http://links.kevinvuilleumier.net/?qzwJlQ (zip file in title).

When a paste is expired, the file is still on the server.
This tool deletes expired files/pastes.
It also displays some info (numbers of pastes, of expired pastes, and so).

Of course, it will only work if the "database" is "zerobin_model".

But this might be a good option : when a paste is created, this fonction is ran to clear the system.
Transparent :)
Could be disabled in conf.ini ("runpurgewhencreatingpaste") ?

And maybe possible to adapt it with other database model (mysql/pgsql/etc.)...

@Hexalyse:

This tool shouldn't be run on each paste creation. Imagine a Zerobin with thousands of pastes and dozens of active users, it would ruin your disk I/Os.
We could consider running it at paste creation, if it hasn't been run for X minutes/hours, it would be more modulable and configurable.

@Draky50110:

Ok, in fact I don't know how is it possible to configure it ;) but the tool is here though... :)

@elrido:

I would also rather go with a "softcron" approach as Hexalyse suggests. Ideas could be:

• per triggered "cron" only delete i.e. up to 10 (configurable) outdated pastes to reduce the delay introduced by the operation.
• have a rate limiting mechanism to ensure it only runs (earliest) after certain interval (similar to the traffic limiter)
• the method to find outdated pastes might be different in DBs (where its just another where condition) then in the data file model

@bpvarsity:

As anyone come up with a way to run a cron to delete the outdated pastes yet? Seems odd that the site doesn't delete expired pastes automatically.

@elrido:

Nope, sorry, did not yet look into this.

I made some progress in regards to #60 and plan to get back to work on release 0.23 (which should include this feature) when I am finished migrating all my sites and services to my new infrastructure.

@bpvarsity:

Awesome thanks

Addresses #20 - 4.4

It is a theoretical issue and seems to be not really applicable in our case, but at least we could let server admins decide, whether they ant to use such a compression.

Option: Enable compression of PrivateBins
Default: True

@rugk:

A setting option very similar to the language setting would be preferable to allow users to choose the theme they like and store it in a cookie.

@elrido:

And like with the language, we would also need a setting for those admins that only want one theme to be used.

@rugk:

Yes, and the setting can be very similar to the setting which is available for the language.

RainTPL seems no longer maintained and the RainTPL.com domain, returned by exceptions inside of the library (mentioned in #35), is no longer available. There is also a lot of dead code in the library that we don't use in our templates, as can be seen in the code coverage reports.

Hence I suggest to refactor the library:

• Replace non working URLs with working ones, e.g. by retrieving old content from Archive.org and creating a wiki page to host it.
• remove dead code that is never used in the way we use templates.
• maybe even remove some of the features that are not really needed for our templates. They can always be re-added later if a template really needs it.
• ensure that the "tmp" folder used to store the compiled templates is created inside of PATH instead of in the main PrivateBin folder.

@rugk
There are several code checkers for PHP files. So why not add them?

• Code Climate
• Scrutinizer-Ci
• SensioLabsInside
• Codacy - done

@rugk
For adding this repo to https://insight.sensiolabs.com/ one must be the owner of the repo. Therefore, @elrido you have to do this. It's basically just a few clicks.

@rugk
For https://scrutinizer-ci.com too.

@rugk

In codeclimate.com I cannot change the settings, but at least here is an analysis: https://codeclimate.com/github/elrido/ZeroBin
The score is so bad, because the JS are not excluded from analysis yet.

When adding some code style guides I noticed we do not have any PHP style fixer yet.

I would recommend http://cs.sensiolabs.org/, which can also automatically clean up your files.

So here the remaining issues of the security audit:

• 4.2. urls2links XSS
• 4.5. Is SJCL used correctly?
• 4.6. Possible XSS in tpl/page.html

I mark this issue as "help wanted", so if anyone wants to look into this, feel free to do this. All of them are very theoretical and are therefore not serious.
If any issues may get obsolete (because the underlying system is changed, such as 4.5 when #28 is implemented, please also tick the issue).

I am surprised to see how much MD5 is used in PrivateBin.

Especially why on hell is the the paste id derived from the (presumably) plain text content?
I mean it may be difficult but it basically means that

And also this comment is really ridiculous:

// We just want a small hash to avoid collisions:
// Half-MD5 (64 bits) will do the trick

Wait, no! MD5 is not collision resistant at all and fundamentally broken.

I mean completely irrespective of the security impact of MD5 used there, there should not be a single MD5 hashing in a security product. Even if there would be no impact (which I highly doubt) it is a bad image...

The unit tests related to traffic limiting (trafficlimiterTest::testTrafficGetsLimited() & zerobinTest::testCreateInvalidTimelimit()) fail when tested under HHVM. Since these tests use sleep calls this might be related to #4744 in HHVM.

Disabling hhvm.xenon.period did not resolve the problem, so I have disabled the HHVM testing in travis for now. If anybody has some HHVM experience, please take a look on this and let us know if this is a problem outside of the unit test or how we could improve the tests.

Hi,

I'm running PrivateBin on nginx 1.9.10, php5-fpm (5.6.22) and a MariaDB database running on a remote server.

I'm getting the following error message with the latest commit :

2016/07/12 22:19:45 [error] 9048#9048: *379197 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Call to a member function prepare() on null in /var/www/paste/lib/privatebin/db.php on line 423" while reading response header from upstream, client: 1.1.1.1, server: mydomain.net, request: "POST /paste/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "mydomain.net", referrer: "https://mydomain.net/paste/"

I've pinpointed the origin of the issue to this commit.

@rugk:

I noticed there was a security audit and some issues were fixed. I just fixed another simple documentation issue (2.6.).

So @elrido, your last statement about this was:

Most points referring to server side issues have been addressed (that's 2.1, 2.3, 2.7, 2.8). The rest is still open for debate or resolution.

So were any other issues fixed already?

Current state:

• 2.1. Salt and HMAC Key Generated with mt_rand() - fixed
• 2.2. Fixed Server Salt
• 2.3. Traffic Limiter Race Conditions - fixed
• 2.4. VizHash IP Address Online Guessing - fixed
• 2.5. Relies on .htaccess files, which may not be enabled. - Doc addresses this issue
• 2.6. The robots.txt does not work in a subdomain. - fixed
• 2.7 HMAC Not Compared in Constant Time - fixed
• 2.8. Arbitrary File Unlink - fixed
• 2.9. HMAC Uses SHA1 instead of SHA256 - fixed
• 2.10. No Cross-Site Request Forgery Protection - moved to #39
• 3.1. Always Assume Malice - partially fixed, ignored, minor issue
• 4.1. Secure Code Delivery - known, unsolveable
• 4.2. urls2links XSS - moved to #40
• 4.3. Low Entropy in Browsers Without CSPRNGs - ignored, only affects old clients
• 4.4. Plaintext is Compressed Before Encryption - ignored, not applicable in our case, moved to #38
• 4.5. Is SJCL used correctly? - moved to #40
• 4.6. Possible XSS in tpl/page.html - moved to #40

@elrido:

I revisited the open points. Here is my opinion on it:

2.2 - Could be solved with a per paste salt.

2.4 - Inherent problem by doing any hashing of the IPs. Add an option to turn vizhash off?

2.9 - Could be changed very easily, but would break all existing delete links. We could make this an option and if enabled also use a per paste salt.

2.10 - We could implement a Cookie-to-Header Token.

3.1 - When I added unit testing I tried to add tests for weird and unexpected strings and subsequently had to improve the input handling. I would like to consider this solved, but there might be something I missed.

4.2 - I haven't found a way to trigger an XSS eighter, but that does not mean that there isn't any. Would consider this to be at least still a risky piece of code.

4.3 - We could add the server based randomness as a fallback. It is mainly an issue with older browsers and on Android

4.4 - If we removed this it would break backwards compatibility, so we would need to make it an option (maybe we should just add a single "support old ZeroBin" option ;-) ).

4.5 - Well... We do use it as per their documentation. Maybe we should ask the SJCL devs if they could have a look and if they had any suggestions for improvements in our usage of it?

4.6 - The JSON and the non encrypted options get generated server side. We should check if one could inject JS that gets executed into a validated encrypted part.

@rugk:

2.4 - Maybe just use another value instead of the IP for the visual hashing.. Let's say, ehm... user agent? I doubt this is better, so... What about:

• just using the entered username? (I'd prefer this)
• using a long-living cookie?

Of course making it optional is a good idea too.

2.9 - Yes, please. When used in HMAC SHA-1 is still secure, but I'd rather prefer SHA-256. MQybe switch this with the switch to a new name?

3.1 - As it also only is a potential attack (as the values are hashed and stuff...) I'd tick it here.

4.2. Use (switch?) to a well-tested RegExp for this?

4.3 - I don't think adding server-randomness is a good idea. And as you said it also only affects older browsers. So I#d tick this as it is obsolete.

4.4 - Also implement when switching to a new name?

4.5 - Yeah, maybe.

4.6. - According to elrido/ZeroBin#84 HTML is correctly encoded there.

@elrido:

Ok, I agree, but I really would like to still offer the possibility for easy upgrade to this fork from the old version. How about making it simple and offer a single option for (less safe) backwards compatibility (disabled by default)? Would also simplify the upgrade wiki page.

@rugk:

Yes, I'm all for options. 😃

@elrido committed 0e217a4, resolving points 2.2 & 2.9

I am pulling the latest code from the repo and with only minor changes. But I tried to revert most of them and I cannot get this issue out of the way, even if I use jquery-1.11.3. It simply doesn't matter in this case, it appears. Yet it seems to be indicating some sort of issue with jQuery.

Error:
Could not create paste: server error or not responding

The only thing I see in the Chrome developer console is the following:

I switched from PHP7 to PHP5.6 in lieu of #42 .

Scrutinizer-ci detected 4 potential vulnerabilities:

There is one XSS marked as "critical", one file exposure and two variable injections.

The "Variable Injection" vulnerabilities show detailed paths, so at the first glance they look serious. It is about the language selection. I don't see any escaping done. As Scrutinizer-ci recommend whitelisting would be good.

BTW thanks to @scrutinizer-ci. They offer this security analysis for free for non-commercial open-source projects.

Of course I think self::$_prefix is entirely static and therefore no danger, but for the matter of principle I think it would be a good idea to change it anyway.
Insights reports this 7 times. Always self::$_prefix.

in lib/zerobin/db.php, line 282

If provided by the user, the value of self::$_prefix may allow an SQL injection attack. Avoid concatenating parameters to SQL query strings, and use parameter binding instead.

     * @return void
     */
    public function delete($pasteid)
    {
        self::_exec(
            'DELETE FROM ' . self::$_prefix . 'paste WHERE dataid = ?',
            array($pasteid)
        );
        self::_exec(
            'DELETE FROM ' . self::$_prefix . 'comment WHERE pasteid = ?',
            array($pasteid)

Posted from SensioLabsInsight

@rugk:

It would be nice if you could set link headers for pushing assets to the user. Especially the HTTP/2 server push is an efficient way of doing that and it really speeds up website loadings.

And you have a lot of assets, which are always loaded, so this is a very good scenario for HTTP/2 server push.

You can use it with PHP.

@elrido:

I reviewed the links you posted, but I don't think this applies to Zerobin.

We currently only have one HTTP request that is processed by PHP, which is the call to the index.php (contains HTML and the encrypted paste and file/image). All the other resources are static images, CSS and JS-Scripts. These are cached in your browser automatically after the first load.

So even if we handle all these resources through PHP (slowing these calls down and consuming more resources server-side), it would only affect the first page load.

We would probably gain more loading performance by including fewer resources (i.e. by including all JS-Scripts and CSS into one file / using an image map instead of separate images for the classic page design). Currently we do (only when calling a given domain for the first time) 16 requests. By combining files belonging together we could reduce this to 4. The trade-off would be that the paste takes longer to render, since it can only start after the single JS has fully finished loading.

@rugk:

Well... This is about server push. So of course you do not have to serve the files via PHP somehow.

You just have to serve the necessary headers when the index page is requested, so that it serves the files which are likely requested afterwards. Of course these are static files, but that's exactly what matters.

And when caching works it of course speeds up the first request, but this is still important, because users may e.g. clean caches.

@rugk:

It is possible to copy the URL automatically to clipboard using HTML5 & JavaScript.

@elrido:

Great! Didn't know that.

Raised by @k0nsl:

Hello,

I tried searching for any information on your site and on the repository itself if you had any means to chat, typically something like IRC. However, I couldn't find any clues as to where and on which network you might be.
If you don't have an IRC channel I would be honoured to provide one for you on my own IRC network. Would anyone be interested in that?

You can check out my IRC network by connecting round-robin irc.k0nsl.org . I have very few users and they all hangout in #k0nsl.
At any rate, it was just a thought. Let me know what you think :)

Continuing elrido/ZeroBin#109

We might switch to VizHash.js for more up-to-date implementation of VizHash. Especially as it happens on the client side, it also reduces the things the server has to do and the clients do not need to load an image every time they'll access a bin.