freedomofpress · emkll · May 19, 2021 · May 7, 2021 · May 7, 2021 · May 17, 2021
diff --git a/Makefile b/Makefile
@@ -3,6 +3,14 @@
 .PHONY: all
 all: help
 
+.PHONY: venv
+venv:
+	python3 -m venv .venv
+	## Good idea to upgrade pip and wheel when you create a new virtual environment.
+	## Or you could use the virtualenv command instead.
+	.venv/bin/pip install --upgrade pip wheel
+	.venv/bin/pip install --require-hashes -r "dev-requirements.txt"
+
 .PHONY: bandit
 bandit: ## Run bandit with medium level excluding test-related folders
 	pip install --upgrade pip && \
@@ -20,7 +28,7 @@ safety: ## Runs `safety check` to check python dependencies for vulnerabilities
 		done
 
 .PHONY: lint
-lint: isort black ## Run isort, black and flake8
+lint: isort-check black-check ## Run isort, black and flake8
 	@flake8 securedrop_proxy tests
 
 .PHONY: mypy
@@ -29,15 +37,23 @@ mypy: ## Run mypy static type checker
 
 .PHONY: black
 black: ## Run black for file formatting
-	@black --config ./blackconfig/pyproject.toml --check securedrop_proxy tests
+	@black securedrop_proxy tests
+
+.PHONY: black-check
+black-check: ## Check Python source code formatting with black
+	@black --check --diff securedrop_proxy tests
 
 .PHONY: isort
 isort: ## Run isort for file formatting
-	@isort -c -w 100 securedrop_proxy/*.py tests/*.py --diff
+	@isort securedrop_proxy/*.py tests/*.py
+
+.PHONY: isort-check
+isort-check: ## Check isort for file formatting
+	@isort --check-only --diff securedrop_proxy/*.py tests/*.py
 
 .PHONY: update-pip-requirements
 update-pip-requirements: ## Updates all Python requirements files via pip-compile.
-	pip-compile --allow-unsafe --generate-hashes --output-file dev-requirements.txt dev-requirements.in requirements.in
+	pip-compile --generate-hashes --allow-unsafe --upgrade --output-file dev-requirements.txt dev-requirements.in requirements.in
 	pip-compile --generate-hashes --output-file requirements.txt requirements.in
 
 .PHONY: test

diff --git a/blackconfig/pyproject.toml b/blackconfig/pyproject.toml
diff --git a/dev-requirements.in b/dev-requirements.in
@@ -1,15 +1,15 @@
-black==19.10b0
-coverage==5.0
-flake8==3.6.0
-isort==4.3.21
-mccabe==0.6.1
-multidict==4.4.2
-mypy==0.761
-mypy-extensions==0.4.3
-pip-tools>=5.0.0
-pycodestyle==2.4.0
-pyflakes==2.0.0
-six==1.11.0
-vcrpy==2.0.1
-wrapt==1.10.11
-yarl==1.2.6
+black
+coverage
+flake8
+isort
+mccabe
+multidict
+mypy
+mypy-extensions
+pip-tools
+pycodestyle
+pyflakes
+six
+vcrpy
+wrapt
+yarl
diff --git a/dev-requirements.txt b/dev-requirements.txt
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,5 @@
+[tool.black]
+line-length = 100
+
+[tool.isort]
+line_length = 100
diff --git a/requirements.txt b/requirements.txt
@@ -6,24 +6,32 @@
 #
 certifi==2018.10.15 \
     --hash=sha256:339dc09518b07e2fa7eda5450740925974815557727d6bd35d319c1524a04a4c \
-    --hash=sha256:6d58c986d22b038c8c0df30d639f23a3e6d172a05c3583e766f4c0b785c0986a \
-    # via -r requirements.in, requests
+    --hash=sha256:6d58c986d22b038c8c0df30d639f23a3e6d172a05c3583e766f4c0b785c0986a
+    # via
+    #   -r requirements.in
+    #   requests
 chardet==3.0.4 \
     --hash=sha256:84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae \
-    --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 \
-    # via -r requirements.in, requests
+    --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691
+    # via
+    #   -r requirements.in
+    #   requests
 furl==2.0.0 \
     --hash=sha256:f7e90e9f85ef3f2e64485f04c2a80b50af6133942812fd87a44d45305b079018 \
-    --hash=sha256:fdcaedc1fb19a63d7d875b0105b0a5b496dd0989330d454a42bcb401fa5454ec \
+    --hash=sha256:fdcaedc1fb19a63d7d875b0105b0a5b496dd0989330d454a42bcb401fa5454ec
     # via -r requirements.in
 idna==2.7 \
     --hash=sha256:156a6814fb5ac1fc6850fb002e0852d56c0c8d2531923a51032d1b70760e186e \
-    --hash=sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16 \
-    # via -r requirements.in, requests
+    --hash=sha256:684a38a6f903c1d71d6d5fac066b58d7768af4de2b832e426ec79c30daa94a16
+    # via
+    #   -r requirements.in
+    #   requests
 orderedmultidict==1.0 \
     --hash=sha256:24e3b730cf84e4a6a68be5cc760864905cf66abc89851e724bd5b4e849eaa96b \
-    --hash=sha256:b89895ba6438038d0bdf88020ceff876cf3eae0d5c66a69b526fab31125db2c5 \
-    # via -r requirements.in, furl
+    --hash=sha256:b89895ba6438038d0bdf88020ceff876cf3eae0d5c66a69b526fab31125db2c5
+    # via
+    #   -r requirements.in
+    #   furl
 pyyaml==5.4.1 \
     --hash=sha256:08682f6b72c722394747bddaf0aa62277e02557c0fd1c42cb853016a38f8dedf \
     --hash=sha256:0f5f5786c0e09baddcd8b4b45f20a7b5d61a7e7e99846e3c799b05c7c53fa696 \
@@ -45,21 +53,26 @@ pyyaml==5.4.1 \
     --hash=sha256:dd5de0646207f053eb0d6c74ae45ba98c3395a571a2891858e87df7c9b9bd51b \
     --hash=sha256:e1d4970ea66be07ae37a3c2e48b5ec63f7ba6804bdddfdbd3cfd954d25a82e63 \
     --hash=sha256:e4fac90784481d221a8e4b1162afa7c47ed953be40d31ab4629ae917510051df \
-    --hash=sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc \
+    --hash=sha256:fa5ae20527d8e831e8230cbffd9f8fe952815b2b7dae6ffec25318803a7528fc
     # via -r requirements.in
 requests==2.22.0 \
     --hash=sha256:11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4 \
-    --hash=sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31 \
+    --hash=sha256:9cf5292fcd0f598c671cfc1e0d7d1a7f13bb8085e9a590f48c010551dc6c4b31
     # via -r requirements.in
 six==1.11.0 \
     --hash=sha256:70e8a77beed4562e7f14fe23a786b54f6296e34344c23bc42f07b15018ff98e9 \
-    --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb \
-    # via -r requirements.in, furl, orderedmultidict
+    --hash=sha256:832dc0e10feb1aa2c68dcc57dbb658f1c7e65b9b61af69048abc87a2db00a0eb
+    # via
+    #   -r requirements.in
+    #   furl
+    #   orderedmultidict
 urllib3==1.25.10 \
     --hash=sha256:91056c15fa70756691db97756772bb1eb9678fa585d9184f24534b100dc60f4a \
-    --hash=sha256:e7983572181f5e1522d9c98453462384ee92a0be7fac5f1413a1e35c56cc0461 \
-    # via -r requirements.in, requests
+    --hash=sha256:e7983572181f5e1522d9c98453462384ee92a0be7fac5f1413a1e35c56cc0461
+    # via
+    #   -r requirements.in
+    #   requests
 werkzeug==0.16.0 \
     --hash=sha256:7280924747b5733b246fe23972186c6b348f9ae29724135a6dfc1e53cea433e7 \
-    --hash=sha256:e5f4a1f98b52b18a93da705a7458e55afb26f32bff83ff5d19189f92462d65c4 \
+    --hash=sha256:e5f4a1f98b52b18a93da705a7458e55afb26f32bff83ff5d19189f92462d65c4
     # via -r requirements.in
diff --git a/securedrop_proxy/proxy.py b/securedrop_proxy/proxy.py
@@ -9,7 +9,7 @@
 from tempfile import _TemporaryFileWrapper  # type: ignore
 from typing import Dict, Optional
 
-import furl
+import furl  # type: ignore
 import requests
 import werkzeug
 import yaml
@@ -32,14 +32,14 @@ def __init__(self) -> None:
         self.method = ""
         self.path_query = ""
         self.body = ""
-        self.headers: Dict[str, str] = {}
+        self.headers = {}  # type: Dict[str, str]
 
 
 class Response:
     def __init__(self, status: int) -> None:
         self.status = status
         self.body = ""
-        self.headers: Dict[str, str] = {}
+        self.headers = {}  # type: Dict[str, str]
         self.version = version.version
 
 
@@ -48,10 +48,10 @@ def __init__(self, conf_path: str, req: Req = Req(), timeout: float = 10.0) -> N
         self.read_conf(conf_path)
 
         self.req = req
-        self.res: Optional[Response] = None
+        self.res = None  # type: Optional[Response]
         self.timeout = float(timeout)
 
-        self._prepared_request: Optional[Req] = None
+        self._prepared_request = None  # type: Optional[requests.PreparedRequest]
 
     def on_done(self) -> None:
         print(json.dumps(self.res.__dict__))
@@ -79,12 +79,14 @@ def read_conf(self, conf_path: str) -> None:
                 conf_in = yaml.safe_load(fh)
         except yaml.YAMLError:
             self.simple_error(
-                500, "YAML syntax error while reading configuration file {}".format(conf_path),
+                500,
+                "YAML syntax error while reading configuration file {}".format(conf_path),
             )
             self.err_on_done()
         except Exception:
             self.simple_error(
-                500, "Error while opening or reading configuration file {}".format(conf_path),
+                500,
+                "Error while opening or reading configuration file {}".format(conf_path),
             )
             self.err_on_done()
 
@@ -186,7 +188,7 @@ def handle_json_response(self) -> None:
 
         res = Response(self._presp.status_code)
 
-        res.headers = self._presp.headers
+        res.headers = dict(self._presp.headers)
         res.body = self._presp.content.decode()
 
         self.res = res
@@ -204,7 +206,7 @@ def handle_non_json_response(self) -> None:
 
         fh.close()
 
-        res.headers = self._presp.headers
+        res.headers = dict(self._presp.headers)
 
         self.on_save(fh, res)
 
@@ -259,7 +261,8 @@ def proxy(self) -> None:
             logger.error(e)
             try:
                 self.simple_error(
-                    e.response.status_code, http.HTTPStatus(e.response.status_code).phrase.lower(),
+                    e.response.status_code,
+                    http.HTTPStatus(e.response.status_code).phrase.lower(),
                 )
             except ValueError:
                 # Return a generic error message when the response