From 66436ce0a55e448af1e0e7070d5d6710621e8a75 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Sun, 19 Apr 2026 04:45:37 +0000 Subject: [PATCH] security: enforce credential complexity and api key entropy checks Agent-Logs-Url: https://github.com/Stalin-143/Keylogger/sessions/cef34b0e-605b-4ab9-8da6-2559d1dd4529 Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com> --- src/keylogger.py | 4 ++-- src/server.py | 43 +++++++++++++++++++++++++++++++++++++++---- 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/src/keylogger.py b/src/keylogger.py index 14537f4..e144b3d 100644 --- a/src/keylogger.py +++ b/src/keylogger.py @@ -228,11 +228,11 @@ def main(): sys.exit(1) if not api_key: - print("Error: LOG_INGEST_API_KEY environment variable is required.") + print("ERROR: LOG_INGEST_API_KEY environment variable is required.") sys.exit(1) if len(api_key) < 24: - print("Error: LOG_INGEST_API_KEY must be at least 24 characters.") + print("ERROR: LOG_INGEST_API_KEY must be at least 24 characters.") sys.exit(1) if args.no_verify_ssl: diff --git a/src/server.py b/src/server.py index a09b2a4..6a346ad 100644 --- a/src/server.py +++ b/src/server.py @@ -9,6 +9,7 @@ import sys import json import secrets import argparse +import string from functools import wraps from flask import Flask, render_template_string, send_file, request, Response @@ -99,6 +100,40 @@ def has_valid_api_key(): return secrets.compare_digest(request_api_key, configured_api_key) +def is_strong_password(password): + """ + Validate password complexity requirements. + + Args: + password (str): Password to validate + + Returns: + bool: True when password meets complexity requirements + """ + has_upper = any(char.isupper() for char in password) + has_lower = any(char.islower() for char in password) + has_digit = any(char.isdigit() for char in password) + has_special = any(char in string.punctuation for char in password) + return has_upper and has_lower and has_digit and has_special + + +def has_sufficient_key_entropy(value): + """ + Basic entropy checks for shared API key quality. + + Args: + value (str): API key value + + Returns: + bool: True when key has enough character variety + """ + if len(set(value)) < 8: + return False + if value.count(value[0]) == len(value): + return False + return True + + # HTML template to display the log contents and provide a download link HTML_TEMPLATE = ''' @@ -333,13 +368,13 @@ def main(): print(" source config/.env") sys.exit(1) - if CONFIG['password'] == 'admin' or len(CONFIG['password']) < 12: + if CONFIG['password'] == 'admin' or len(CONFIG['password']) < 12 or not is_strong_password(CONFIG['password']): print("ERROR: Weak password detected.") - print("Please use a strong password (at least 12 characters).") + print("Please use at least 12 characters with uppercase, lowercase, number, and special character.") sys.exit(1) - if not CONFIG['api_key'] or len(CONFIG['api_key']) < 24: - print("ERROR: LOG_INGEST_API_KEY is required and must be at least 24 characters.") + if not CONFIG['api_key'] or len(CONFIG['api_key']) < 24 or not has_sufficient_key_entropy(CONFIG['api_key']): + print("ERROR: LOG_INGEST_API_KEY is required, must be at least 24 characters, and must have sufficient entropy.") sys.exit(1) # Get server settings