Simplify device parsing. Pre-check devices with udisks and bail early…

… if none inserted. Reject multiple usbs inserted at once.
freedomofpress · Jan 23, 2024 · c584669 · c584669
1 parent 5f659f1
commit c584669
Show file tree

Hide file tree

Showing 7 changed files with 414 additions and 450 deletions.
diff --git a/export/etc/udisks2/tcrypt.conf b/export/etc/udisks2/tcrypt.conf
diff --git a/export/securedrop_export/disk/cli.py b/export/securedrop_export/disk/cli.py
diff --git a/export/securedrop_export/disk/service.py b/export/securedrop_export/disk/service.py
@@ -49,7 +49,9 @@ def export(self) -> Status:
             volume = self.cli.get_volume()
             if isinstance(volume, MountedVolume):
                 logger.debug("Mounted volume detected, exporting files")
-                self.cli.write_data_to_device(volume, self.submission)
+                self.cli.write_data_to_device(
+                    volume, self.submission.tmpdir, self.submission.target_dirname
+                )
                 return Status.SUCCESS_EXPORT
             elif isinstance(volume, Volume):
                 logger.debug("Volume is locked, unlocking")
@@ -59,7 +61,9 @@ def export(self) -> Status:
                     # Exports then locks the drive.
                     # If the export succeeds but the drive is in use, will raise
                     # exception.
-                    self.cli.write_data_to_device(mv, self.submission)
+                    self.cli.write_data_to_device(
+                        mv, self.submission.tmpdir, self.submission.target_dirname
+                    )
                     return Status.SUCCESS_EXPORT
                 else:
                     raise ExportException(sdstatus=Status.ERROR_UNLOCK_GENERIC)

diff --git a/export/securedrop_export/disk/status.py b/export/securedrop_export/disk/status.py
@@ -3,9 +3,12 @@
 
 class Status(BaseStatus):
     NO_DEVICE_DETECTED = "NO_DEVICE_DETECTED"
-    INVALID_DEVICE_DETECTED = "INVALID_DEVICE_DETECTED"  # Not encrypted, too many encrypted partitions, too nested partition scheme, etc
+
+    INVALID_DEVICE_DETECTED = (
+        "INVALID_DEVICE_DETECTED"  # Not encrypted, or partitions too many/too nested
+    )
+
     MULTI_DEVICE_DETECTED = "MULTI_DEVICE_DETECTED"  # Not currently supported
-    UNKNOWN_DEVICE_DETECTED = "UNKNOWN_DEVICE_DETECTED"  # Badly-formatted USB (or locked VeraCrypt/TC - currently not supported)
 
     DEVICE_LOCKED = "DEVICE_LOCKED"  # One valid device detected, and it's locked
     DEVICE_WRITABLE = (