You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Upload a file or send a message to the source interface
Set up admin account and use the Journalist API to retrieve files:
a. Ensure you aren't using a staging environment or remove Header unset etag directive from /etc/apache2/sites-available/journalist.conf and restart Apache2
b. curl -I <download_url_of_file> and retain the value of header Etag: sha256sum:<SHA256sum goes here>
c. curl -O <download_url_of_file> and sha256sum download. Observe the hash is different from the previous step
d. echo -ne "" | sha256sum and observe the hash is identical to the etags above
Since the hash is computed every time a file is downloaded, it might use significant amount of resources server-side if there are large files that are downloaded at the time time. We should consider hashing the files at creation time, and storing the hash values in the database. This will also allow us to verify file integrity (e.g. when restoring backups)
The text was updated successfully, but these errors were encountered:
Description
Etag header of file download files for Journalist API (https://github.com/freedomofpress/securedrop/blob/develop/securedrop/journalist_app/utils.py#L337) always returns
sha256sum:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
. This the sha256sum of an empty string. This is dueresponse.get_data()
returning an empty object.Steps to Reproduce
a. Ensure you aren't using a staging environment or remove
Header unset etag
directive from/etc/apache2/sites-available/journalist.conf
and restart Apache2b.
curl -I <download_url_of_file>
and retain the value of headerEtag: sha256sum:<SHA256sum goes here>
c.
curl -O <download_url_of_file>
andsha256sum download
. Observe the hash is different from the previous stepd.
echo -ne "" | sha256sum
and observe the hash is identical to the etags aboveExpected Behavior
Actual Behavior
Comments
It makes sense that the response is empty because the file is sent as attachment: https://github.com/freedomofpress/securedrop/blob/develop/securedrop/journalist_app/utils.py#L333
Since the hash is computed every time a file is downloaded, it might use significant amount of resources server-side if there are large files that are downloaded at the time time. We should consider hashing the files at creation time, and storing the hash values in the database. This will also allow us to verify file integrity (e.g. when restoring backups)
The text was updated successfully, but these errors were encountered: