diff --git a/.codegpt/head b/.codegpt/head new file mode 100644 index 00000000..0004e58a --- /dev/null +++ b/.codegpt/head @@ -0,0 +1 @@ +41ed0914-4a61-45d8-8f86-aff4a86782cf \ No newline at end of file diff --git a/presentation.md b/presentation.md index 8ca7b1de..85b46da9 100644 --- a/presentation.md +++ b/presentation.md @@ -12,33 +12,32 @@ Mandatory requirements: Onionshare is a application that lets users securely and anonymously share files, host websites and chat using the tor network. This can be done both trough a downloadable application aswell by using a CLI application written in python, this being the version we focused our work on. ### What is its purpose? What does it aim to accomplish? -WRITE MORE:::::::______________ - -Same as above??? + The purpose oif the project is to make secure file sharing and chatting widely available with a limited amount of knowledge in an easy to use enviornment. ### Provide an overview of the requirements and specifications. The code needs to be able to: - Connect to the tor network -- And Securely: - -- Send messages -- Send files -- Revieve files -- Host websites +- **Securely do the following:** + - Send messages + - Send files + - Revieve files + - Host websites ### Stakeholders, risks, evaluation, etc. -Stakeholders: Community? -Risks: The connection gets compromised? -Evaluation: What? +Main stakeholders are Journalists and Whistleblowers. Their privacy is paramount to be able to do their jobs. This is why applications like these are neccesary. +Secondary stakeholders include the general public. Any individuals who value privacy are bound to try limiting the acces originasations have to their private conversations. This project sets a low acces bar into extreme privacy. + +The main risks are the discoveries of new attacks or vulnerabilities that come to light in the software. Since the security is of the utmost importance several audits of the software are conducted irregularly. ### The past, present, and future development of the project. #### Past: - The past development on the github repository cant be seen, all that can be seen is from 2015, which mainly consists of bug fixes and minor changes. +- When Onionshare was audited by Radically Open Security (ROS), the main contributers fixed the security issues and added ways to circumvent censorship. #### Present: @@ -50,13 +49,11 @@ While the future as mentioned seems to just consist of security and language upd ### The current testing strategy, the kinds of tests being performed, and how the testing is reported on. -The testing is currently made with python test, around 250 of them. -ADD MORE? +The current testing is comprehensive, with pentesting being done by the before mentioned ROS. They also have an array of automated unit tests set up. They also use the Github actions to do continuous integration ensuring code integrity. ### What tools are used? How do they handle bugs? -Automated test -ADD MORE +Bugs are reported in the github issues tab and then assigned to the main developers to fix, by first being reproduced and being given a severity. ### Document your testing performed. @@ -67,11 +64,11 @@ Thus we remade the test's, to instead of looking for a tor file in a specific fo ### Exploratory testing is optional, what kind of structured testing will you do? -What? +The Exploratory testing we did included looking at the network traffic to see if the Tor connections was set up properly. When testing this we found the Tor connection was set up correctly even though tests for the correct location for the Tor instalation where failing. Thus we decided to create an automated test that will try to actually connect to the Tor network instead of simulating it in an local enviornment. ### What did you do and what did you find? -WIRESHARK???? FLORRIS +We found out by using our newly implemented structured test that the Tor connection gets set up correctly, even when the files aren't necessarily in the right position for the earlier mention tests to pass. We did this by connecting to the tor network the same way the application would and then trying to acces a webadress on the Tor network. after receiving a response we check if it contains the response indicating we a re correctly connected. ### Document the pre-existing tests and their results.