Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avoid accidentally exporting all pub keys #4009

Merged
merged 1 commit into from
Jan 7, 2019
Merged

avoid accidentally exporting all pub keys #4009

merged 1 commit into from
Jan 7, 2019

Conversation

heartsucker
Copy link
Contributor

@heartsucker heartsucker commented Jan 2, 2019
edited
Loading

Status

Ready for review

Description of Changes

Fixes #4005

Avoids exporting all keys when a fingerprint is None.

Testing

make test

Checklist

If you made changes to the server application code:

  • Linting (make ci-lint) and tests (make -C securedrop test) pass in the development container

redshiftzero
redshiftzero suggested changes Jan 2, 2019
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, one comment inline

securedrop/crypto_util.py Outdated Show resolved Hide resolved
@heartsucker
only export single keys
7109aff 
a feature of the `python-gnupg` `list_keys` function of that passing in
`None` will return all keys. if we don't have a key for a source and we
export their key, we would accidentally export all pubkeys in the key
ring. this fixes that.
@heartsucker heartsucker force-pushed the fix-source-key-export branch from 2c676ae to 7109aff Compare January 4, 2019 09:15
@heartsucker heartsucker requested a review from kushaldas as a code owner January 4, 2019 09:15
@heartsucker heartsucker changed the title export key by identifier, not exclusively by fingerprint avoid accidentally exporting all pub keys Jan 4, 2019
redshiftzero
redshiftzero approved these changes Jan 7, 2019
View reviewed changes
Copy link
Contributor

@redshiftzero redshiftzero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good now, thanks!

@redshiftzero redshiftzero merged commit 445aa0a into develop Jan 7, 2019
@redshiftzero redshiftzero deleted the fix-source-key-export branch January 7, 2019 20:38
@emkll emkll mentioned this pull request Feb 19, 2019
Closed
17 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@redshiftzero redshiftzero redshiftzero approved these changes

@kushaldas kushaldas Awaiting requested review from kushaldas

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@heartsucker @redshiftzero