Skip to content

Security: tegal1337/pentest-labs

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
latest Yes

Reporting a Vulnerability

Do NOT open a public issue for security vulnerabilities.

Instead, please report security issues via:

  1. Email: security@pentest-labs.io
  2. GitHub Security Advisories: Create a private advisory

What to Include

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Suggested fix (if any)

Response Timeline

  • Acknowledgment: Within 48 hours
  • Initial Assessment: Within 7 days
  • Fix Release: Within 30 days for critical issues

Security Architecture

This platform runs untrusted code in containers. Security is multi-layered:

Container Isolation

  • No privileged containers
  • All capabilities dropped (cap_drop: ALL)
  • no-new-privileges enforced
  • Seccomp profiles applied
  • No host mounts from user templates
  • No Docker socket access for zone containers

Network Isolation

  • Each zone gets an isolated Docker bridge network
  • No inter-zone communication possible
  • Internet egress denied by default
  • Only declared ingress ports exposed via Traefik

Resource Limits

  • CPU, memory, PID limits per container
  • Disk quotas per zone
  • Zone TTL enforcement (auto-destroy)
  • Maximum concurrent zones per user

API Security

  • JWT authentication with short-lived tokens
  • Rate limiting at Traefik level (auth: 10/min, API: 100/min, AI: 40/hr)
  • Input validation on all endpoints
  • CORS restricted to configured origins

AI Safety

  • Flag values never sent to AI providers
  • Output filtering for flag patterns
  • Rate limiting per user per zone
  • All AI conversations logged for audit

Template Security

  • Schema validation on import
  • Image allowlist enforcement
  • No privileged container declarations allowed
  • No host mount declarations allowed
  • Admin approval required for new templates

Known Limitations

  • Zone containers share the host kernel (container escape is a theoretical risk)
  • Terminal sessions are not encrypted end-to-end (rely on HTTPS transport)
  • AI flag-leak prevention is heuristic-based (not cryptographically guaranteed)

Responsible Disclosure

We follow responsible disclosure practices. Reporters will be credited in the changelog unless they prefer anonymity.

There aren't any published security advisories