Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds ruleset for www.guardian.com SecureDrop instance #7

Merged
merged 3 commits into from
Jun 30, 2020
Merged

Adds ruleset for www.guardian.com SecureDrop instance #7

merged 3 commits into from
Jun 30, 2020

Conversation

kushaldas
Copy link
Contributor

Fixes #6

http[s]?://www.theguardian.securedrop.tor.onion points to
http://33y6fjyhs3phzfjj.onion

redshiftzero
redshiftzero reviewed Jun 16, 2020
View reviewed changes
rulesets/guardian-securedrop-ruleset.xml Outdated
@@ -0,0 +1,5 @@
<ruleset name="The Guardian">
<target host="www.theguardian.securedrop.tor.onion" />
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah.. I'm realizing we have a shortcoming in the sddir.py script and will need to edit it. Basically I wrote the sddir.py script back when we were merely stripping the original TLD and adding the pseudo-TLD, but now we're letting organizations choose a human-readable name (providing it will not collide with another news organization or cause confusion).

As such, I think we need to store in version control both (i) the landing page domain (in this case www.theguardian.com as you correctly have in onboarded.txt) such that we can join with the relevant SD directory API entry, and (ii) the desired rule, since we'll want to use that for the target host and rule from fields when writing this rule in rulesets/. I'm thinking maybe something like making onboarded.txt CSV with fields primary_domain, sd_rewrite_url (one row per organization) and then modifying the sddir.py script to use it. What do you think @kushaldas? Feel free to deviate from this if you have another idea.

@kushaldas
Adds gurdian and updates onboarded.txt format
6c5b221 
Now onboarded.txt is a proper CSV file, with two fields:
primary_domain,sd_rewrite_rule
The file also has the updated entry for The Gurdian.

This enables us to allow the organizations to request the human
readable name (in the sd_rewrite_rule), and add that as the ruleset.
@kushaldas
Copy link
Contributor Author

@redshiftzero Pushed the changes.

@emkll emkll self-requested a review June 29, 2020 14:57
emkll
emkll approved these changes Jun 30, 2020
View reviewed changes
Copy link
Contributor

@emkll emkll left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @kushaldas, your changes look good and I believe the previous reviewer's comments have been addressed.

I have appended 48bb8bb to include the rule merge step as well as the rule signing process described the the README. I have also tested the ruleset by locally modifying my configuration to use https://raw.githubusercontent.com/freedomofpress/securedrop-https-everywhere-ruleset/guardian/ as the Path Prefix, and can confirm both new and existing rules are applied correctly. This is now good to merge/deploy.

@emkll emkll merged commit cf6bb9e into master Jun 30, 2020
@emkll emkll deleted the guardian branch June 30, 2020 21:54
@eloquence eloquence mentioned this pull request Jul 1, 2020
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redshiftzero redshiftzero redshiftzero left review comments

@emkll emkll emkll approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add The Guardian
3 participants
@kushaldas @redshiftzero @emkll