Skip to main content

Python client API to access SecureDrop Journalist REST API

Project description

Python SDK for SecureDrop

CircleCI

This SDK provides a convenient Python interface to the SecureDrop Journalist Interface API. The development of the SDK was primarily motivated by the creation of the SecureDrop Workstation based on Qubes OS.

The SDK is currently used by the SecureDrop Client that is a component of the SecureDrop Workstation. When used in Qubes OS, the SDK uses the securedrop-proxy service, as the VM which runs the client does not have network access by design.

Development

Quick Start

virtualenv --python=python3 .venv
source .venv/bin/activate
pip install --require-hashes -r dev-requirements.txt
make test

We cover all the API calls supported by the SecureDrop Journalist Interface API.

To install the SDK into your virtualenv for testing purposes:

pip uninstall securedrop-sdk
pip install git+https://github.com/freedomofpress/securedrop-sdk@my_branch#egg=securedrop-sdk

Testing

The tests are located in the tests directory. This project uses vcrpy to record and then reply the API calls so that developers will have repeatable results so that they may work offline. vcrpy stores YAML recordings of the API calls in the data directory.

To run all the test cases, use the following command.

make test

To run a single test, use this following command, replace the test case name at the end.

make test TESTS=tests/test_api.py::TestAPI::test_error_unencrypted_reply

To test against a live development server, you will need to run the SecureDrop developent container from the main SecureDrop repository on your host. This can be done via NUM_SOURCES=5 make -C securedrop dev.

In this repo, comment out the @vcr decorator of the setUp method in test_api.py and execute which ever tests you want to run. If you want to re-run all tests against the API, remove all the .yml files in the data directory.

Generating test data for APIProxy

To test or to generate new test data file for the APIProxy class in test_apiproxy.py file, you will have to setup QubesOS system.

There should be one VM (let us call it sd-journalist), where we can run latest securedrop server code from the development branch using NUM_SOURCES=5 make -C securedrop dev command. The same VM should also have securedrop-proxy project installed, either from the source by hand or using the latest Debian package from the FPF repository.

Below is an example configuration for proxy /etc/sd-proxy.yaml:

host: 127.0.0.1
scheme: http
port: 8081
target_vm: sd-svs
dev: False

Then we can create our second developent VM called sd-svs, in which we can checkout/develop the securedrop-sdk project. The required configuration file is at /etc/sd-sdk.conf

[proxy]
name=sd-journalist

We should also add a corresponding entry in /etc/qubes-rpc/policy/securedrop.Proxy file in dom0.

sd-svs sd-journalist allow
@anyvm @anyvm deny

The above mentioned setup can also be created using securedrop-workstation project.

Now, delete any related JSON file under data/ directory, or remove all of them, and then execute make test TEST=tests/test_apiproxy.py. This is command will generate the new data files, which can be used in CI or any other system.

Note: Remember that file download checks don't read actual file path in the APIProxy tests as it requires QubesOS setup. You can manually uncomment those lines to execute them on QubesOS setup.

Releasing

To make a release, you should:

  1. Create a branch named release/$new_version_number
  2. Update CHANGELOG.md and setup.py
  3. Commit the changes.
  4. Create a PR and get the PR reviewed and merged into master.
  5. git tag $new_version_number and push the new tag.
  6. Checkout the new tag locally.
  7. Push the new release source tarball to the PSF's PyPI following this documentation. Do not upload the wheel (by deleting it from your dist/ directory prior to upload).
  8. If you want to publish the new SDK release to the FPF PyPI mirror, Hop over to the the securedrop-debian-packaging repo and follow the build-a-package instructions to push the package up to our PyPI mirror: https://pypi.org/simple

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

License

The Python SecureDrop SDK is licensed in the GPLv3. See LICENSE for more details.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

securedrop-sdk-0.1.0.tar.gz (24.1 kB view details)

Uploaded Source

File details

Details for the file securedrop-sdk-0.1.0.tar.gz.

File metadata

  • Download URL: securedrop-sdk-0.1.0.tar.gz
  • Upload date:
  • Size: 24.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.4.0 requests-toolbelt/0.9.1 tqdm/4.32.1 CPython/3.7.6

File hashes

Hashes for securedrop-sdk-0.1.0.tar.gz
Algorithm Hash digest
SHA256 970fde25e6238e1808ac120951ee972549f4cd7952966dfe29f731bb308cc0d8
MD5 7609234e66bf2f760707d158462304b8
BLAKE2b-256 70d07975420c143f970a90b98199c408d584e9ed60e3561628138a28addc3fca

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page