Merge pull request #7 from freedomofpress/guardian

Adds ruleset for www.guardian.com SecureDrop instance
freedomofpress · Jun 30, 2020 · cf6bb9e · cf6bb9e
2 parents b001ca3 + 48bb8bb
commit cf6bb9e
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 10 deletions.
diff --git a/README.md b/README.md
@@ -24,7 +24,7 @@ which will create `test-key.jwk` in your current working directory.
 
 1. Ensure they are in the official SecureDrop directory. If they are not, go through the IVF process with the organization.
 
-2. Add their domain to `onboarded.txt` via PR into this repository. We match the domain based on the landing page of the organization, comparing the `netloc` in a URL with structure `scheme://netloc/path;parameters?query#fragment`.
+2. Add their domain name and the requested URL to the `onboarded.txt` via PR into this repository. We match the domain based on the landing page of the organization, comparing the `netloc` in a URL with structure `scheme://netloc/path;parameters?query#fragment`.
 
 3. Next, perform a ruleset release as described below.
 

diff --git a/default.rulesets.1593528236.gz b/default.rulesets.1593528236.gz
diff --git a/latest-rulesets-timestamp b/latest-rulesets-timestamp
@@ -1 +1 @@
-1588004096
+1593528236
diff --git a/onboarded.txt b/onboarded.txt
@@ -1,2 +1,4 @@
-lucyparsonslabs.com
-theintercept.com
+primary_domain,sd_rewrite_rule
+lucyparsonslabs.com,lucyparsonslabs.securedrop.tor.onion
+theintercept.com,theintercept.securedrop.tor.onion
+www.theguardian.com,theguardian.securedrop.tor.onion
diff --git a/rulesets-signature.1593528236.sha256 b/rulesets-signature.1593528236.sha256
diff --git a/rulesets/guardian-securedrop-ruleset.xml b/rulesets/guardian-securedrop-ruleset.xml
@@ -0,0 +1,5 @@
+<ruleset name="The Guardian">
+	<target host="theguardian.securedrop.tor.onion" />
+	<rule from="^http[s]?://theguardian.securedrop.tor.onion"
+    to="http://33y6fjyhs3phzfjj.onion" />
+</ruleset>
diff --git a/sddir.py b/sddir.py
@@ -1,6 +1,7 @@
 import re
 import requests
 import os
+import csv
 import urllib
 
 from typing import Dict, List
@@ -40,13 +41,13 @@ def get_securedrop_directory() -> Dict:
     return directory_entry_map
 
 
-def write_custom_ruleset(onboarded_org: str, directory_entries: Dict) -> None:
+def write_custom_ruleset(onboarded_org: str, sd_rewrite_rule: str, directory_entries: Dict) -> None:
     directory_entry = directory_entries[onboarded_org]
 
     ruleset = """<ruleset name="{org_name}">\n\t<target host="{securedrop_redirect_url}" />\n\t<rule from="^http[s]?://{securedrop_redirect_url}"
     to="{onion_addr_with_protocol}" />\n</ruleset>\n""".format(
         org_name=directory_entry["title"],
-        securedrop_redirect_url=directory_entry["securedrop_redirect_url"],
+        securedrop_redirect_url=sd_rewrite_rule,
         onion_addr_with_protocol=directory_entry["onion_addr_with_protocol"],
         securedrop_tld=SECUREDROP_ONION_PSEUDO_TLD,
     )
@@ -64,9 +65,11 @@ def write_custom_ruleset(onboarded_org: str, directory_entries: Dict) -> None:
     # do so on an opt-in basis. The following text file contains the homepages
     # of the organizations that have opted in.
     with open('onboarded.txt', 'r') as f:
-        onboarded_orgs = f.readlines()
-    directory_entries = get_securedrop_directory()
-    for org in onboarded_orgs:
-        write_custom_ruleset(org.strip(), directory_entries)
+        reader = csv.DictReader(f)
+        directory_entries = get_securedrop_directory()
+        for row in reader:
+            #write_custom_ruleset(org.strip(), directory_entries)
+            write_custom_ruleset(row["primary_domain"], row["sd_rewrite_rule"], directory_entries)
+
 
     print("✔️ Custom rulesets written to directory: ./{}".format(RULESET_DIR))