securedrop-client

securedrop-client copied to clipboard

Issues creating and SDKSubmission and SDKReply

2

# Description There should be a clear API for creating SDK objects. What's needed when you want to fetch a reply, message, or file? The code makes it look like...

sssoleileraaa

ci: use restore_cache for server container to speed up job

2

it can take _quite_ a while for the server docker container to spin up for testing against the latest version of the API, we could cache the docker image layers...

redshiftzero

In https://github.com/freedomofpress/securedrop-sdk/pull/92 we added support for first name / last name for the API endpoint that gets details about the current user. We also have first names and last names...

redshiftzero

When we submit an unencrypted reply to the SecureDrop server, it returns error `400` with a proper message, from proxy and then in sdk we should make sure that the...

kushaldas

We should make it a must step to regenerate test data for `test_apiproxy.py` method in a Qubes VM for any change in SDK or proxy. This will help us to...

kushaldas

Sync times out with 1000 sources

8

# Description Sync times out when there are 1000 sources. # STR 1. run the client (in Qubes preferrably) after you've populated your server with 1000 sources (see https://github.com/freedomofpress/securedrop-client/issues/1007#issuecomment-605218219) 2....

sssoleileraaa

# Description Once https://github.com/freedomofpress/securedrop-client/issues/648 is done, we will want to have a way to pass the request timeout to api calls instead of setting it on the api object directly,...

sssoleileraaa

# Description The SDK can make it difficult to debug if we change the types of errors that we get back from the server, see https://github.com/freedomofpress/securedrop-client/pull/1165#pullrequestreview-529168096, for example, where BAD_REQUEST...

sssoleileraaa

Corresponding proxy issue: https://github.com/freedomofpress/securedrop-proxy/issues/148 Informational finding `TOB-SDW-014` from the [2020 SecureDrop Workstation audit (PDF)](https://media.securedrop.org/media/documents/Trail_of_Bits_SecureDrop_Workstation_Audit_2020.pdf) recommends explicitly checking for and rejecting duplicate JSON keys: > This can be done by passing...

eloquence

Because the client is able to sync and decrypt messages from the server after they are submitted, it provides an opportunity to perform additional spam mitigation techniques that are not...

nathandyer