Last active
June 2, 2021 16:56
-
-
Save zenmonkeykstop/2bd2ae05e486729743497d0914a6d28e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
# Script by @zenmonkeykstop (based on script by @rmol) to test SecureDrop API /sources/{uuid}/conversation | |
# | |
# 0) create at least 3 sources with files/messages/replies (the script will wipe the conversation for the 2nd one) | |
# 1) copy the file to your Admin workstation | |
# 2) fill in the address and admin account values for your instance | |
# 3) activate the securedrop admin venv with the command `source ~/Persistent/securedrop/admin/.venv3/bin/activate` | |
# 4) install the script dependencies with `torify pip install pyotp requests` | |
# 5) run the script with `python3 wipe-convo.py` | |
import time | |
import pyotp | |
import requests | |
def api_url(path): | |
return "http://localhost:8081/api/v1{}".format(path) | |
def get_all_sources(headers): | |
get_all_sources_response = requests.get(api_url("/sources"), headers=headers) | |
sources = get_all_sources_response.json()["sources"] | |
return sources | |
if __name__ == "__main__": | |
token_data = { | |
"username": "journalist", | |
"passphrase": "correct horse battery staple profanity oil chewy", | |
"one_time_code": pyotp.TOTP("JHCOGO7VCER3EJ4L").now(), | |
} | |
token_response = requests.post(api_url("/token"), json=token_data).json() | |
headers = { | |
"Authorization": "Token {}".format(token_response["token"]) | |
} | |
sources = get_all_sources(headers) | |
if len(sources) >= 3: | |
uuid = sources[1]['uuid'] | |
codename = sources[1]['journalist_designation'] | |
print('Using source with designation {} and uuid {} ...'.format(codename, uuid)) | |
wipe_response = requests.get(api_url("/sources/{}/conversation".format(uuid)), headers=headers) | |
print("GET responds with {}".format(wipe_response.json())) | |
input("\nVerify that the source and messages are still present, then press Enter to continue...") | |
wipe_response = requests.delete(api_url("/sources/{}/conversation".format(uuid)), headers=headers) | |
print("DELETE responds with {}".format(wipe_response.json())) | |
input("\nVerify that the source is still present, but the conversation is wiped, then press Enter to quit.") | |
exit(0) | |
else: | |
print("Add at least 3 sources, then test!") | |
exit(1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment