alee/fieldwitness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
FieldWitness -- an attestation and chain of custody toolkit.
22 Commits 1 Branch 2 Tags 39 MiB
Python 79.4%
HTML 16%
JavaScript 4.1%
Dockerfile 0.2%
Shell 0.2%
0d8c94bf82
Go to file
Aaron D. Lee 0d8c94bf82 Fix 6 security issues from post-FR audit 
- Fix 3 missing CSRF tokens on admin user delete/reset and account
  key delete forms (were broken — CSRFProtect rejected submissions)
- Fix trust store path traversal: untrust_key() now validates
  fingerprint format ([0-9a-f]{32}) and checks resolved path
- Fix chain key rotation: old key is now revoked after rotation
  record, preventing compromised old keys from appending records
- Fix SSRF in deadman webhook: block private/internal IP targets
- Fix logout CSRF: /logout is now POST-only with CSRF token,
  preventing cross-site forced logout via img tags

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 19:44:15 -04:00
.gitea/workflows Disable test job in CI until stegasoo/verisoo are migrated 2026-04-01 18:38:14 -04:00
docker Fix Docker healthcheck hanging gunicorn workers 2026-03-31 19:46:04 -04:00
frontends Fix 6 security issues from post-FR audit 2026-04-01 19:44:15 -04:00
src/soosef Fix 6 security issues from post-FR audit 2026-04-01 19:44:15 -04:00
test_data Consolidate stegasoo and verisoo into soosef monorepo 2026-04-01 19:06:14 -04:00
tests Implement 14 power-user feature requests for field deployment 2026-04-01 19:35:36 -04:00
.gitignore Add vendor assets, fix CLI imports, make web UI bootable 2026-03-31 14:48:18 -04:00
CLAUDE.md Initial repo skeleton with pyproject.toml and project guide 2026-03-31 14:21:30 -04:00
pyproject.toml Implement 14 power-user feature requests for field deployment 2026-04-01 19:35:36 -04:00
README.md Add vendor assets, fix CLI imports, make web UI bootable 2026-03-31 14:48:18 -04:00

README.md

SooSeF — Soo Security Fieldkit

Offline-first security toolkit for journalists, NGOs, and at-risk organizations.

Part of the Soo Suite:

  • Stegasoo — hide encrypted messages in media (steganography)
  • Verisoo — prove image provenance and authenticity (attestation)
  • SooSeF — unified fieldkit with killswitch, dead man's switch, and key management

Status

Pre-alpha. Phase 1 scaffolding complete.

Install (development)

pip install -e /path/to/stegasoo[web,dct,audio,cli]
pip install -e /path/to/verisoo[cli]
pip install -e ".[web,cli]"

Quick Start

soosef init      # Generate identity + channel key, create ~/.soosef/
soosef serve     # Start the web UI