secure-fs

By contributing to this project, you agree to abide by our Code of Conduct.

An open-source library that ensures restrictive file permissions and safe paths when creating and working with files and directories.

The development of secure-fs is primarily motivated by the creation of the SecureDrop Workstation based on Qubes OS. It is used by the SecureDrop Workstation components: SecureDrop Client and securedrop-export.

Quick Start

To run tests, semgrep, bandit, safety, mypy, and all other linters:

make venv
source .venv/bin/activate
make check

To use this library in your project's virtualenv for testing purposes:

pip uninstall secure-fs
pip install git+https://github.com/freedomofpress/secure-fs@main#egg=secure-fs

To update dev dependencies:

make update-pip-dependencies

To make a release, you should:

Create a branch named release/$new_version_number
Update CHANGELOG.md and setup.py
Commit the changes.
Create a PR and get the PR reviewed and merged into main.
git tag $new_version_number and push the new tag.
Checkout the new tag locally.
Delete the wheel from your dist/ directory to make sure it's not uploaded in the next step.
Push the new release source tarball to the PSF's PyPI following this documentation.
If you want to publish a new release to the FPF PyPI mirror, hop over to the the securedrop-debian-packaging repo and follow the build-a-package instructions to push the package up to our PyPI mirror: https://pypi.org/simple

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.circleci		.circleci
.semgrep		.semgrep
requirements		requirements
secure_fs		secure_fs
tests		tests
.converagerc		.converagerc
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
Makefile		Makefile
README.md		README.md
pyproject.toml		pyproject.toml
setup.cfg		setup.cfg
setup.py		setup.py