securedrop-client
securedrop-client copied to clipboard
a Qt-based GUI for SecureDrop journalists 📰🗞️
# Description There should be a clear API for creating SDK objects. What's needed when you want to fetch a reply, message, or file? The code makes it look like...
it can take _quite_ a while for the server docker container to spin up for testing against the latest version of the API, we could cache the docker image layers...
In https://github.com/freedomofpress/securedrop-sdk/pull/92 we added support for first name / last name for the API endpoint that gets details about the current user. We also have first names and last names...
When we submit an unencrypted reply to the SecureDrop server, it returns error `400` with a proper message, from proxy and then in sdk we should make sure that the...
We should make it a must step to regenerate test data for `test_apiproxy.py` method in a Qubes VM for any change in SDK or proxy. This will help us to...
# Description Sync times out when there are 1000 sources. # STR 1. run the client (in Qubes preferrably) after you've populated your server with 1000 sources (see https://github.com/freedomofpress/securedrop-client/issues/1007#issuecomment-605218219) 2....
# Description Once https://github.com/freedomofpress/securedrop-client/issues/648 is done, we will want to have a way to pass the request timeout to api calls instead of setting it on the api object directly,...
# Description The SDK can make it difficult to debug if we change the types of errors that we get back from the server, see https://github.com/freedomofpress/securedrop-client/pull/1165#pullrequestreview-529168096, for example, where BAD_REQUEST...
Corresponding proxy issue: https://github.com/freedomofpress/securedrop-proxy/issues/148 Informational finding `TOB-SDW-014` from the [2020 SecureDrop Workstation audit (PDF)](https://media.securedrop.org/media/documents/Trail_of_Bits_SecureDrop_Workstation_Audit_2020.pdf) recommends explicitly checking for and rejecting duplicate JSON keys: > This can be done by passing...
Because the client is able to sync and decrypt messages from the server after they are submitted, it provides an opportunity to perform additional spam mitigation techniques that are not...