diff --git a/.gitignore b/.gitignore index 80de146937..dc3b0c0138 100644 --- a/.gitignore +++ b/.gitignore @@ -156,7 +156,7 @@ raw-test-output/ # molecule .molecule -#Used in CI for parsing out tor nightly version +#Used in CI for parsing out Tor nightly version .tor_version # Ignore visual studio code folder diff --git a/Vagrantfile b/Vagrantfile index 000e2e65eb..f9b5891db9 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -11,7 +11,7 @@ Vagrant.configure("2") do |config| # so the key insertion feature should be disabled. config.ssh.insert_key = false - # The staging hosts are just like production but allow non-tor access + # The staging hosts are just like production but allow non-Tor access # for the web interfaces and ssh. config.vm.define 'mon-staging', autostart: false do |staging| if ENV['SECUREDROP_SSH_OVER_TOR'] diff --git a/admin/bootstrap.py b/admin/bootstrap.py index ee50f30656..f95bf23007 100755 --- a/admin/bootstrap.py +++ b/admin/bootstrap.py @@ -166,7 +166,7 @@ def envsetup(args, virtualenv_dir=VENV_DIR): Ansible is available to the Admin on subsequent boots without requiring installation of packages again. """ - # clean up tails 3.x venv when migrating to tails 4.x + # clean up Tails 3.x venv when migrating to Tails 4.x clean_up_tails3_venv(virtualenv_dir) # virtualenv doesnt exist? Install dependencies and create @@ -175,7 +175,7 @@ def envsetup(args, virtualenv_dir=VENV_DIR): install_apt_dependencies(args) # Technically you can create a virtualenv from within python - # but pip can only be run over tor on tails, and debugging that + # but pip can only be run over Tor on Tails, and debugging that # along with instaling a third-party dependency is not worth # the effort here. sdlog.info("Setting up virtualenv") diff --git a/admin/securedrop_admin/__init__.py b/admin/securedrop_admin/__init__.py index 4d2e298035..b0f3687d98 100755 --- a/admin/securedrop_admin/__init__.py +++ b/admin/securedrop_admin/__init__.py @@ -720,9 +720,9 @@ def find_or_generate_new_torv3_keys(args): # No old keys, generate and store them first app_journalist_public_key, \ app_journalist_private_key = generate_new_v3_keys() - # For app ssh service + # For app SSH service app_ssh_public_key, app_ssh_private_key = generate_new_v3_keys() - # For mon ssh service + # For mon SSH service mon_ssh_public_key, mon_ssh_private_key = generate_new_v3_keys() tor_v3_service_info = { "app_journalist_public_key": app_journalist_public_key, diff --git a/ansible.cfg b/ansible.cfg index 0cde66131d..0bb2e20ff6 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -8,9 +8,9 @@ timeout=60 callback_whitelist = profile_tasks [ssh_connection] -# These options are required to be able to run the playbook over tor and -# with the ssh iptables rules rate-limiting. Removing this file or changing these -# options could break being able to run the playbook over tor +# These options are required to be able to run the playbook over Tor and +# with the SSH iptables rules rate-limiting. Removing this file or changing these +# options could break being able to run the playbook over Tor scp_if_ssh=True ssh_args = -o ControlMaster=auto -o ControlPersist=600s -o ConnectTimeout=60 pipelining=True diff --git a/changelog.md b/changelog.md index 57fe58f025..de8c1c666e 100644 --- a/changelog.md +++ b/changelog.md @@ -318,7 +318,7 @@ ### Developer Workflow -* Updated functional tests to run against the Tor Browser (#4347) +* Updated functional tests to run against Tor Browser (#4347) * Consolidated CI lint Makefile targets (#4435) * Added 0.12.2 boxes for use with the Molecule upgrade scenario (#4393) * Added deb tests to builder image update (#4388) @@ -539,7 +539,7 @@ https://github.com/freedomofpress/securedrop/milestone/47 ### Operations * Updated the grsecurity-hardened Linux Kernels to 4.4.144 for app and mon servers (#3662) -* Updated tor to version 0.3.3.9 (#3624) +* Updated Tor to version 0.3.3.9 (#3624) * Updated Flask to 1.0.2 and Werkzeug to 0.14.1 (#3741) * Updated securedrop-keyring package to 0.1.2 (#3752) @@ -1058,8 +1058,8 @@ This release contains fixes for issues described in the most recent security aud * Ensure correct permissions for Tor hidden service directories so new installs won't break (#1052) * Clarify server setup steps in the install documentation (#1027, #1061) * Clarify that Tor ATHS setup is now automatic and does not require manual changes (#1030) -* Explain that you can only download files to the "Tor Browser" folder on Tails as of Tails 1.3, due to the addition of AppArmor confinement for the Tor Browser (#1036, #1062). -* Explain that you must use the Unsafe Browser to configure the network firewall because the Tor Browser will be blocked from accessing LAN addresses starting in Tails 1.5 (#1050) +* Explain that you can only download files to the "Tor Browser" folder on Tails as of Tails 1.3, due to the addition of AppArmor confinement for Tor Browser (#1036, #1062). +* Explain that you must use the Unsafe Browser to configure the network firewall because Tor Browser will be blocked from accessing LAN addresses starting in Tails 1.5 (#1050) * Fix "gotcha" in network firewall configuration where pfSense guesses the wrong CIDR subnet (#1060) * Update the upgrade docs to refer to the latest version of the 0.3.x release series instead of a specific version that would need to be updated every time (#1063) @@ -1144,7 +1144,7 @@ to minimize metadata that could be used for correlation ### Environment * Add egress host firewall rules -* Add google-authenticator apache module and basic auth for access to +* Add google-authenticator Apache module and basic auth for access to document interface * Encrypt bodies of OSSEC email alerts (add postfix+procmail to monitor server) diff --git a/docs/backup_and_restore.rst b/docs/backup_and_restore.rst index c4296c1932..0e99c6c39a 100644 --- a/docs/backup_and_restore.rst +++ b/docs/backup_and_restore.rst @@ -167,7 +167,7 @@ to update the corresponding files on the *Admin Workstation*: * ``app-journalist-aths`` * ``app-ssh-aths`` -Once ssh access to the servers has been established (or if using ssh over +Once SSH access to the servers has been established (or if using SSH over local network), Onion URLs for the *Source Interface* and *Journalist Interfaces* can be fetched using the installer: diff --git a/docs/create_admin_account.rst b/docs/create_admin_account.rst index 30a313653f..3f2ef4a32f 100644 --- a/docs/create_admin_account.rst +++ b/docs/create_admin_account.rst @@ -50,7 +50,7 @@ output like this: Passphrases include the spaces between the words, but not leading or trailing whitespace. Be sure to save this passphrase in the appropriate KeePassXC database. -Once that's done, you should open the Tor Browser |TorBrowser| and +Once that's done, you should open Tor Browser |TorBrowser| and navigate to the *Journalist Interface*'s .onion address. Verify that you can log in to the *Journalist Interface* with the admin account you just created. diff --git a/docs/deployment/landing_page.rst b/docs/deployment/landing_page.rst index 966e7396dd..a912fbbc81 100644 --- a/docs/deployment/landing_page.rst +++ b/docs/deployment/landing_page.rst @@ -120,7 +120,7 @@ services intercept requests between a potential source and the SecureDrop Do Not Hyperlink .onion Addresses --------------------------------- -Because a visitor to your *Landing Page* may not be using the Tor browser yet, +Because a visitor to your *Landing Page* may not be using Tor Browser yet, clicking a link to your SecureDrop instance or to any other .onion address may result in an error message. Worse, depending on the browser and network configuration, it may cause lookups that an adversary can use to identify @@ -134,7 +134,7 @@ Avoid Direct Links to SecureDrop.org We appreciate that you may want to link to `the SecureDrop website `__ to give *Landing Page* visitors more information about the system. Unfortunately, -if a visitor visits these links without using the Tor browser, this generates +if a visitor visits these links without using Tor Browser, this generates traffic that an adversary may be able to use to identify SecureDrop-related behavior, regardless of the use of HTTPS. @@ -345,7 +345,7 @@ identity. Instead, use public wifi networks and devices you control. Once you are connected to a public network at a cafe or library, download and install the `Tor Browser `_. -Launch the Tor Browser. Visit our organization’s unique SecureDrop URL at +Launch Tor Browser. Visit our organization’s unique SecureDrop URL at **http://our-unique-URL.onion/**. Follow the instructions you find on our source page to send us materials and messages. diff --git a/docs/deployment/whole_site_changes.rst b/docs/deployment/whole_site_changes.rst index c7a9d1c2c7..d0edee15f8 100644 --- a/docs/deployment/whole_site_changes.rst +++ b/docs/deployment/whole_site_changes.rst @@ -29,5 +29,5 @@ Suggested - For publicly advertised SecureDrop instances display the Source Interface's Onion Service onion address on all of the organization public pages. -- Mirror the Tor Browser and Tails so sources do not have to +- Mirror Tor Browser and Tails so sources do not have to visit `torproject.org `__ to download it. diff --git a/docs/development/release_management.rst b/docs/development/release_management.rst index f3436112d6..e5d8f861ef 100644 --- a/docs/development/release_management.rst +++ b/docs/development/release_management.rst @@ -48,7 +48,7 @@ Pre-Release playbook.yml>`_ and open a PR. b. Run ``make fetch-tor-packages`` to download the new debs. The script uses - apt under the hood, so the Release file on the tor packages is verified according + apt under the hood, so the Release file on the Tor packages is verified according to Tor's signature, ensuring package integrity. c. Copy the downloaded packages into the ``securedrop-dev-packages-lfs`` repo, diff --git a/docs/development/tips_and_tricks.rst b/docs/development/tips_and_tricks.rst index 9e68ad5eee..9f3451f6d5 100644 --- a/docs/development/tips_and_tricks.rst +++ b/docs/development/tips_and_tricks.rst @@ -4,7 +4,7 @@ Tips & Tricks Using Tor Browser with the Development Environment -------------------------------------------------- -We strongly encourage sources to use the Tor Browser when they access +We strongly encourage sources to use Tor Browser when they access the Source Interface. Tor Browser is the easiest way for the average person to use Tor without making potentially catastrophic mistakes, makes disabling JavaScript easy via the handy NoScript icon in the diff --git a/docs/journalist.rst b/docs/journalist.rst index 5d39cdc72c..1c135dd7c3 100644 --- a/docs/journalist.rst +++ b/docs/journalist.rst @@ -47,7 +47,7 @@ Workstation*, ask your administrator for assistance before continuing. you will become increasingly comfortable with the process. To use the *Journalist Interface*, you will visit a Tor Onion Service address -in the Tor Browser. By design, this Onion Service address is only accessible +in Tor Browser. By design, this Onion Service address is only accessible from your *Journalist Workstation*; it will not work in Tor Browser on another computer, unless explicitly configured with an access token. diff --git a/docs/network_firewall.rst b/docs/network_firewall.rst index 29bea5fa15..4c87417687 100644 --- a/docs/network_firewall.rst +++ b/docs/network_firewall.rst @@ -181,7 +181,7 @@ Connect to the pfSense WebGUI #. After a few seconds, the Unsafe Browser should launch. The window has a bright red border to remind you to be careful when using it. You should close it once you're done configuring the firewall - and use the Tor Browser for any other web browsing you might do on + and use Tor Browser for any other web browsing you might do on the *Admin Workstation*. |Unsafe Browser Homepage| @@ -834,7 +834,7 @@ described as follows: * Allow UDP NTP from *Application Server* and *Monitor Server* to all * Allow TCP any port from *Application Server* and *Monitor Server* to all (this is needed for making connections to the Tor network) * Allow TCP 80/443 from *Admin Workstation* to all (in case there is a need to access the web interface of the firewall) -* Allow TCP ssh from *Admin Workstation* to *Application Server* and *Monitor Server* +* Allow TCP SSH from *Admin Workstation* to *Application Server* and *Monitor Server* * Allow TCP any port from *Admin Workstation* to all This can be implemented with iptables, Cisco IOS etc. if you have the necessary diff --git a/docs/rebuild_admin.rst b/docs/rebuild_admin.rst index 95772a4102..cd26eafd15 100644 --- a/docs/rebuild_admin.rst +++ b/docs/rebuild_admin.rst @@ -397,7 +397,7 @@ Once the ``./securedrop-admin tailsconfig`` command is complete: the servers using ``ssh app`` and ``ssh mon``, accepting the host verification prompt if necessary, - and verify that the desktop shortcuts for the *Source* and *Journalist Interfaces* - work correctly, opening their respective homepages in the Tor Browser. + work correctly, opening their respective homepages in Tor Browser. Next, back up the servers by running the following command in the terminal: diff --git a/docs/servers.rst b/docs/servers.rst index 1315e32e89..4d1ad08be4 100644 --- a/docs/servers.rst +++ b/docs/servers.rst @@ -31,7 +31,7 @@ The installation media and the files required to verify it are available on the * `SHA256SUMS`_ * `SHA256SUMS.gpg`_ -If you're reading this documentation in the Tor Browser on the *Admin +If you're reading this documentation in Tor Browser on the *Admin Workstation*, you can just click the links above and follow the prompts to save them to your Admin Workstation. We recommend saving them to the ``/home/amnesia/Persistent/Tor Browser`` directory on the *Admin Workstation*, diff --git a/docs/source.rst b/docs/source.rst index e05b2f601c..89d8e4affc 100644 --- a/docs/source.rst +++ b/docs/source.rst @@ -26,7 +26,7 @@ USB flash drive, using cash. In any case you must then find a busy coworking place or cyber cafe you don't regularly go to and sit at a place with your back to a wall to avoid cameras capturing information on your screen or keystrokes. -Get the Tor Browser +Get Tor Browser ------------------- Each SecureDrop instance has a publicly available *Source Interface:* a website @@ -40,20 +40,20 @@ for anybody observing the network to associate a user's identity (e.g., their computer's IP address) with their activity (e.g., uploading information to SecureDrop). -The easiest and most secure way to use Tor is to download the Tor Browser from +The easiest and most secure way to use Tor is to download Tor Browser from the `Tor Project website`_. The Tor Browser is a modified version of the Firefox web browser. It was designed to protect your security and anonymity while -using Tor. If there is a chance that downloading the Tor Browser raises +using Tor. If there is a chance that downloading Tor Browser raises suspicion, you have a few alternatives, for example: * If your mail provider is less likely to be monitored, you can send a mail to gettor@torproject.org with the text "linux", "windows" or "osx" in the body (for your preferred operating system) and a bot will answer with instructions. -* You can download a copy of the Tor Browser for your operating system from the +* You can download a copy of Tor Browser for your operating system from the `GitLab mirror `__. maintained by the Tor team. -While using the Tor Browser on your personal computer helps hide your activity +While using Tor Browser on your personal computer helps hide your activity on the network, it leaves traces of its own installation on your local machine. Your operating system may keep additional logs, for example, of the last time you used Tor Browser. @@ -108,7 +108,7 @@ main website's homepage (for news organizations, typically under sections called accepting submissions through SecureDrop in the `SecureDrop Directory`_ maintained by Freedom of the Press Foundation. -Using the Tor Browser, find the ".onion" address for the *Source Interface* of +Using Tor Browser, find the ".onion" address for the *Source Interface* of the organization that you wish to submit to. .. tip:: @@ -119,7 +119,7 @@ the organization that you wish to submit to. If the two addresses don't match, please do not submit to this organization yet. Instead, please `contact us `__ - through the SecureDrop Website, using the Tor Browser. For additional + through the SecureDrop Website, using Tor Browser. For additional security, you can use our .onion service address in Tor: ``secrdrop5wyphb5x.onion/report-an-error`` @@ -134,14 +134,14 @@ Browser to visit the organization's *Source Interface*. Making Your First Submission ---------------------------- -Open the Tor Browser and navigate to the .onion address for the SecureDrop +Open Tor Browser and navigate to the .onion address for the SecureDrop *Source Interface* you wish to make a submission to. The page should look similar to the screenshot below, although it will probably have a logo specific to the organization you are submitting to: |Source Interface with Javascript Disabled| -If this is the first time you're using the Tor Browser, it's likely that you +If this is the first time you're using Tor Browser, it's likely that you have JavaScript enabled and that the Tor Browser's security level is set to "Low". In this case, there will be a purple warning banner at the top of the page that encourages you to disable JavaScript and change the security diff --git a/docs/test_the_installation.rst b/docs/test_the_installation.rst index 428a074a5f..41665f9eff 100644 --- a/docs/test_the_installation.rst +++ b/docs/test_the_installation.rst @@ -7,8 +7,8 @@ Test Connectivity SSH to Both Servers Over Tor ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Assuming you haven't disabled ssh over tor, SSH access will be -restricted to the tor network. +Assuming you haven't disabled SSH over Tor, SSH access will be +restricted to the Tor network. On the *Admin Workstation*, you should be able to SSH to the *Application Server* and the *Monitor Server*. :: @@ -60,7 +60,7 @@ Test the Web Interfaces #. Make sure the *Source Interface* is available, and that you can make a submission. - - Open the *Source Interface* in the Tor Browser by clicking on its desktop + - Open the *Source Interface* in Tor Browser by clicking on its desktop shortcut. Proceed through the codename generation (copy this down somewhere) and submit a test message or file. @@ -70,7 +70,7 @@ Test the Web Interfaces #. Test that you can access the *Journalist Interface*, and that you can log in as the admin user you just created. - - Open the *Journalist Interface* in the Tor Browser by clicking on its desktop + - Open the *Journalist Interface* in Tor Browser by clicking on its desktop shortcut. Enter your passphrase and two-factor code to log in. - If you have problems logging in to the *Admin/Journalist Interface*, SSH to the *Application Server* and restart the ntp daemon to synchronize diff --git a/docs/threat_model/mitigations.rst b/docs/threat_model/mitigations.rst index fdf1c8a2d8..fe628a3c41 100644 --- a/docs/threat_model/mitigations.rst +++ b/docs/threat_model/mitigations.rst @@ -58,7 +58,7 @@ Countermeasures on both *Source* and *Journalist Interfaces* - All source submissions are encrypted with GPG at rest using the airgapped *Submission Key* - *Interface* sessions are invalidated after a user logs out or inactivity over 120 minutes - Session control on *Interface* includes CSRF token in Flask Framework -- All *Interface* session data (except language and locale selection) is discarded at logout, and fully deleted upon exiting the Tor Browser +- All *Interface* session data (except language and locale selection) is discarded at logout, and fully deleted upon exiting Tor Browser - A number of mitigations are in place as protection against malicious input vulnerabilities on the Source and Journalist Interfaces: - X-XSS-PROTECTION is enabled diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst index 7d5d951480..1cf243aa91 100644 --- a/docs/threat_model/threat_model.rst +++ b/docs/threat_model/threat_model.rst @@ -31,12 +31,12 @@ submissions or messages. | Recurring source | * Submit another document or message | | | * Read replies | +------------------+------------------------------------------------------------+ -| Journalist | * Download *all* gpg-encrypted documents from *all* sources| -| | * Download *all* gpg-encrypted messages from *all* sources | +| Journalist | * Download *all* GPG-encrypted documents from *all* sources| +| | * Download *all* GPG-encrypted messages from *all* sources | | | * Reply to *all* sources | +------------------+------------------------------------------------------------+ -| Admin | * Download *all* gpg-encrypted documents from *all* sources| -| | * Download *all* gpg-encrypted messages from *all* sources | +| Admin | * Download *all* GPG-encrypted documents from *all* sources| +| | * Download *all* GPG-encrypted messages from *all* sources | | | * Reply to *all* sources | | | * Change the SecureDrop instance logo | | | * SSH and root privileges on `app` and `mon` servers | @@ -115,7 +115,7 @@ Assumptions About the Source - The source acts reasonably and in good faith, e.g. if the source were to give their credentials or private key material to the attacker that would be unreasonable. - The source would like to remain anonymous, even against a forensic attacker. -- The source obtains an authentic copy of Tails and the Tor Browser. +- The source obtains an authentic copy of Tails and Tor Browser. - The source follows our :doc:`guidelines <../source>` for using SecureDrop. - The source is accessing an authentic SecureDrop site. @@ -146,7 +146,7 @@ Assumptions About the Person Installing SecureDrop Assumptions About the Source's Computer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- The computer correctly executes Tails or the Tor Browser. +- The computer correctly executes Tails or Tor Browser. - The computer is not compromised by malware. Assumptions About the *Admin Workstation* and the *Journalist Workstation* @@ -305,7 +305,7 @@ What a Compromise of the Workstations Can Surrender What a Compromise of the Source's Property Can Surrender ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- Use of `the Tor Browser will leave +- Use of `Tor Browser will leave traces `__ that can be discovered through a forensic analysis of the source's property following either a compromise or physical seizure. Unless diff --git a/docs/what_makes_securedrop_unique.rst b/docs/what_makes_securedrop_unique.rst index 74a635c0aa..2ecccc5c35 100644 --- a/docs/what_makes_securedrop_unique.rst +++ b/docs/what_makes_securedrop_unique.rst @@ -42,7 +42,7 @@ Even if a government serves a court order directly to a news organization to compel the disclosure of information, SecureDrop logs much less information than email providers or phone companies do. -The source can only log into SecureDrop through the Tor Browser, which masks the +The source can only log into SecureDrop through Tor Browser, which masks the source’s IP address to begin with, so there is no indication who the source is (unless they disclose it) and where they are sending information from. The Tor IP address, the computer, and the browser type that the source is using is not logged diff --git a/molecule/fetch-tor-packages/playbook.yml b/molecule/fetch-tor-packages/playbook.yml index c7cfeecc81..301c9d2659 100644 --- a/molecule/fetch-tor-packages/playbook.yml +++ b/molecule/fetch-tor-packages/playbook.yml @@ -30,7 +30,7 @@ state: directory path: "{{ tor_download_dir }}" - - name: Download tor debs + - name: Download Tor debs command: apt-get download "{{ item }}={{ tor_version }}" args: chdir: "{{ tor_download_dir }}" @@ -40,7 +40,7 @@ tags: skip_ansible_lint with_items: "{{ tor_debs }}" - - name: Find downloaded tor debs + - name: Find downloaded Tor debs find: paths: - "{{ tor_download_dir }}" @@ -48,7 +48,7 @@ - '*.deb' register: _find_tor_debs_result - - name: Fetch downloaded tor debs back to submodule + - name: Fetch downloaded Tor debs back to submodule fetch: flat: yes src: "{{ item.path }}" diff --git a/molecule/shared/sd_clone.yml b/molecule/shared/sd_clone.yml index a9df85cdf0..a9bedc0939 100755 --- a/molecule/shared/sd_clone.yml +++ b/molecule/shared/sd_clone.yml @@ -28,7 +28,7 @@ # Required for mutual compatibility during Ansible 2.7.x -> 2.9.x transition # We moved to 2.9.x in v1.3.0, so don't run if historical version is >= to 1.3.0. - - name: Patch tor handler + - name: Patch Tor handler lineinfile: dest: "{{ molecule_ephemeral_directory }}/{{ sd_clone_dir }}/{{ sd_ansible_roles }}/tor-hidden-services/handlers/main.yml" regexp: '^ include:' diff --git a/molecule/testinfra/staging/app/apache/test_apache_journalist_interface.py b/molecule/testinfra/staging/app/apache/test_apache_journalist_interface.py index 11446b7bf1..fff726ffc2 100644 --- a/molecule/testinfra/staging/app/apache/test_apache_journalist_interface.py +++ b/molecule/testinfra/staging/app/apache/test_apache_journalist_interface.py @@ -86,7 +86,7 @@ def test_apache_headers_journalist_interface(host, header): securedrop_code=securedrop_test_vars.securedrop_code) -# declare journalist-specific apache configs +# declare journalist-specific Apache configs @pytest.mark.parametrize("apache_opt", [ "".format( securedrop_test_vars.apache_listening_address), diff --git a/molecule/testinfra/staging/app/test_apparmor.py b/molecule/testinfra/staging/app/test_apparmor.py index 9adf184852..d5c2d1d439 100644 --- a/molecule/testinfra/staging/app/test_apparmor.py +++ b/molecule/testinfra/staging/app/test_apparmor.py @@ -45,13 +45,13 @@ def test_apparmor_apache_exact_capabilities(host): @pytest.mark.parametrize('cap', tor_capabilities) def test_apparmor_tor_capabilities(host, cap): - """ check for exact list of expected app-armor capabilities for tor """ + """ check for exact list of expected app-armor capabilities for Tor """ c = host.run(r"perl -nE '/^\s+capability\s+(\w+),$/ && say $1' /etc/apparmor.d/usr.sbin.tor") assert cap in c.stdout def test_apparmor_tor_exact_capabilities(host): - """ ensure no extra capabilities are defined for tor """ + """ ensure no extra capabilities are defined for Tor """ c = host.check_output("grep -ic capability " "/etc/apparmor.d/usr.sbin.tor") assert str(len(tor_capabilities)) == c diff --git a/molecule/testinfra/staging/app/test_tor_config.py b/molecule/testinfra/staging/app/test_tor_config.py index 423aaef9aa..d8a13e1b2a 100644 --- a/molecule/testinfra/staging/app/test_tor_config.py +++ b/molecule/testinfra/staging/app/test_tor_config.py @@ -19,7 +19,7 @@ def test_tor_packages(host, package): def test_tor_service_running(host): """ - Ensure tor is running and enabled. Tor is required for SSH access, + Ensure Tor is running and enabled. Tor is required for SSH access, so it must be enabled to start on boot. Checks systemd-style services, used by Xenial. """ diff --git a/molecule/testinfra/staging/app/test_tor_hidden_services.py b/molecule/testinfra/staging/app/test_tor_hidden_services.py index 82466601e6..9a1f628ef2 100644 --- a/molecule/testinfra/staging/app/test_tor_hidden_services.py +++ b/molecule/testinfra/staging/app/test_tor_hidden_services.py @@ -22,7 +22,7 @@ def test_tor_service_directories(host, tor_service): @pytest.mark.parametrize('tor_service', sdvars.tor_services) def test_tor_service_hostnames(host, tor_service): """ - Check contents of tor service hostname file. For normal onion services, + Check contents of Tor service hostname file. For normal onion services, the file should contain only hostname (.onion URL). For authenticated onion services, it should also contain the HidServAuth cookie. """ diff --git a/molecule/upgrade/playbook.yml b/molecule/upgrade/playbook.yml index 68f90ab591..c028ec6ac2 100644 --- a/molecule/upgrade/playbook.yml +++ b/molecule/upgrade/playbook.yml @@ -25,7 +25,7 @@ msg: "No local debs found, run 'make build-debs'" when: not QA_APTTEST -- name: Re-run original tor role +- name: Re-run original Tor role hosts: securedrop max_fail_percentage: 0 any_errors_fatal: yes @@ -68,7 +68,7 @@ - role: ossec tags: ossec post_tasks: - - name: Ensure tor is running + - name: Ensure Tor is running service: name: tor state: started @@ -83,7 +83,7 @@ hosts: localhost gather_facts: false tasks: - - name: Spit out tor details + - name: Spit out Tor details debug: msg: - "V2 Source interface available at {{ lookup('file', molecule_ephemeral_directory+'/sd-orig/'+source_ths_path) }}" diff --git a/molecule/vagrant-packager/playbook.yml b/molecule/vagrant-packager/playbook.yml index 7b12d60625..a1afdfc8dc 100644 --- a/molecule/vagrant-packager/playbook.yml +++ b/molecule/vagrant-packager/playbook.yml @@ -45,7 +45,7 @@ - { role: app, tags: app } become: yes - # This section will put the ssh and iptables rules in place + # This section will put the SSH and iptables rules in place # It will then add any staging exemptions required # at the end of each host section is when the handlers are run. # So iptables will not be reloaded until the exemptions are applied diff --git a/molecule/vagrant-packager/side_effect.yml b/molecule/vagrant-packager/side_effect.yml index e1e7a35f9e..982ddf9e1d 100644 --- a/molecule/vagrant-packager/side_effect.yml +++ b/molecule/vagrant-packager/side_effect.yml @@ -11,7 +11,7 @@ hosts: securedrop become: yes tasks: - - name: Delete tor related keys + - name: Delete Tor related keys file: state: absent path: "/var/lib/tor/services/{{ item }}" diff --git a/securedrop/bin/dev-deps b/securedrop/bin/dev-deps index 079990f6d8..465433f811 100755 --- a/securedrop/bin/dev-deps +++ b/securedrop/bin/dev-deps @@ -54,7 +54,7 @@ function run_sass() { } function reset_demo() { - # Set up gpg keys directory structure. + # Set up GPG keys directory structure. sudo mkdir -p /var/lib/securedrop/{store,keys,tmp} sudo chown -R "$(id -u)" /var/lib/securedrop cp ./tests/files/test_journalist_key.pub /var/lib/securedrop/keys @@ -68,7 +68,7 @@ function reset_demo() { # Note that we should avoid `gpgconf --kill gpg-agent` since the pkill command will # handle killing multiple gpg-agent processes if they exist (this is what we want). - # Set permissions on gpg-related directories/files. + # Set permissions on GPG-related directories/files. sudo chown -R "$(id -gn)" /var/lib/securedrop/keys chmod 700 /var/lib/securedrop/keys chmod 600 /var/lib/securedrop/keys/* diff --git a/securedrop/crypto_util.py b/securedrop/crypto_util.py index 1517c4a388..0cda8e8608 100644 --- a/securedrop/crypto_util.py +++ b/securedrop/crypto_util.py @@ -26,7 +26,7 @@ from typing import Dict, List, Text # noqa: F401 -# to fix gpg error #78 on production +# to fix GPG error #78 on production os.environ['USERNAME'] = 'www-data' # SystemRandom sources from the system rand (e.g. urandom, CryptGenRandom, etc) @@ -105,8 +105,8 @@ def __init__(self, self.do_runtime_tests() - # --pinentry-mode, required for SecureDrop on gpg 2.1.x+, was - # added in gpg 2.1. + # --pinentry-mode, required for SecureDrop on GPG 2.1.x+, was + # added in GPG 2.1. self.gpg_key_dir = gpg_key_dir gpg_binary = gnupg.GPG(binary='gpg2', homedir=self.gpg_key_dir) if StrictVersion(gpg_binary.binary_version) >= StrictVersion('2.1'): diff --git a/securedrop/source_templates/index.html b/securedrop/source_templates/index.html index cd014eef52..12b4fad33c 100644 --- a/securedrop/source_templates/index.html +++ b/securedrop/source_templates/index.html @@ -14,7 +14,7 @@
warning icon  {{ gettext('Your Tor Browser\'s Security Level is too low. Use the shield icon  button in your browser’s toolbar to change it.').format(icon=url_for("static", filename="i/font-awesome/white/guard.svg")) }}
-
{{ gettext('It is recommended to use the Tor Browser to access SecureDrop: Learn how to install it, or ignore this warning to continue.').format(tor_browser_url=url_for('info.recommend_tor_browser')) }}
+
{{ gettext('It is recommended to use Tor Browser to access SecureDrop: Learn how to install it, or ignore this warning to continue.').format(tor_browser_url=url_for('info.recommend_tor_browser')) }}
{{ gettext('It is recommended you use the desktop version of Tor Browser to access SecureDrop, as Orfox does not provide the same level of security and anonymity as the desktop version. Learn how to install it, or ignore this warning to continue.').format(tor_browser_url=url_for('info.recommend_tor_browser')) }}
{% include 'banner_warning_flashed.html' %} diff --git a/securedrop/static/js/source.js b/securedrop/static/js/source.js index c7f2f0dd0a..3a9da766ab 100644 --- a/securedrop/static/js/source.js +++ b/securedrop/static/js/source.js @@ -84,7 +84,7 @@ function looksLikeOrfox() { /** If the source is using Tor Browser, encourage them to turn Tor - Browser's Security Setting to "Safest". + Browser's Security Level to "Safest". */ function showTorSuggestions() { show("#js-warning"); @@ -113,7 +113,7 @@ function showOrfoxSuggestions() { } /** - If the user is not using a Tor browser, suggest it. + If the user is not using a Tor Browser, suggest it. */ function suggestTor() { hide(".hide-if-not-tor-browser"); diff --git a/securedrop/tests/conftest.py b/securedrop/tests/conftest.py index 9347a397ea..043b77bef2 100644 --- a/securedrop/tests/conftest.py +++ b/securedrop/tests/conftest.py @@ -91,7 +91,7 @@ def config(tmpdir): tmp = data.mkdir('tmp') sqlite = data.join('db.sqlite') - # gpg 2.1+ requires gpg-agent, see #4013 + # GPG 2.1+ requires gpg-agent, see #4013 gpg_agent_config = str(keys.join('gpg-agent.conf')) with open(gpg_agent_config, 'w+') as f: f.write('allow-loopback-pinentry') diff --git a/securedrop/tests/functional/test_source_warnings.py b/securedrop/tests/functional/test_source_warnings.py index 1db0658a71..e69333ac68 100644 --- a/securedrop/tests/functional/test_source_warnings.py +++ b/securedrop/tests/functional/test_source_warnings.py @@ -17,7 +17,7 @@ def test_warning_appears_if_tor_browser_not_in_use(self): warning_banner = self.driver.find_element_by_id("use-tor-browser") - assert "It is recommended to use the Tor Browser" in warning_banner.text + assert "It is recommended to use Tor Browser" in warning_banner.text # User should be able to dismiss the warning warning_dismiss_button = self.driver.find_element_by_id("use-tor-browser-close") diff --git a/securedrop/tests/test_integration.py b/securedrop/tests/test_integration.py index 9528f0644a..e65c2ef680 100644 --- a/securedrop/tests/test_integration.py +++ b/securedrop/tests/test_integration.py @@ -421,7 +421,7 @@ def _can_decrypt_with_key(journalist_app, msg, passphrase=None): Test that the given GPG message can be decrypted. """ - # For gpg 2.1+, a non null passphrase _must_ be passed to decrypt() + # For GPG 2.1+, a non null passphrase _must_ be passed to decrypt() using_gpg_2_1 = StrictVersion( journalist_app.crypto_util.gpg.binary_version) >= StrictVersion('2.1') diff --git a/securedrop/tests/utils/env.py b/securedrop/tests/utils/env.py index 803eae33df..cf3221085e 100644 --- a/securedrop/tests/utils/env.py +++ b/securedrop/tests/utils/env.py @@ -44,7 +44,7 @@ def init_gpg(): testing. """ - # gpg 2.1+ requires gpg-agent, see #4013 + # GPG 2.1+ requires gpg-agent, see #4013 gpg_agent_config = os.path.join(config.GPG_KEY_DIR, 'gpg-agent.conf') with open(gpg_agent_config, 'w+') as f: f.write('allow-loopback-pinentry')