Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github.com/IBM/ibm-cos-sdk-go
This package allows Go developers to write software that interacts with IBM
Cloud Object Storage. It is a fork of the AWS SDK for Go
library and can stand as a drop-in replacement if the application needs to connect to object storage using an S3-like API and does not make use of other AWS services.
IBM has added a Language Support Policy. Language versions will be deprecated on the published schedule without additional notice.
For release notes, see the CHANGELOG.
You'll need:
Writer
permissions.These values can be found in the IBM Cloud Console by generating a 'service credential'.
You can automatically archive objects after a specified length of time or after a specified date. Once archived, a temporary copy of an object can be restored for access as needed. Restore time may take up to 15 hours.
An archive policy is set at the bucket level by calling the PutBucketLifecycleConfiguration
method on a client instance. A newly added or modified archive policy applies to new objects uploaded and does not affect existing objects. For more detail, see the documentation.
Users can configure buckets with an Immutable Object Storage policy to prevent objects from being modified or deleted for a defined period of time. The retention period can be specified on a per-object basis, or objects can inherit a default retention period set on the bucket. It is also possible to set open-ended and permanent retention periods. Immutable Object Storage meets the rules set forth by the SEC governing record retention, and IBM Cloud administrators are unable to bypass these restrictions. For more detail, see the IBM Cloud documentation.
Note: Immutable Object Storage does not support Aspera transfers via the SDK to upload objects or directories at this stage.
Users can set an archive rule that would allow data restore from an archive in 2 hours or 12 hours.
Use go build to add the SDK to your project's Go module dependencies. The SDK requires a minimum version of Go 1.12.
go build ./...
Create a file main.go
, replacing your own values for API key, instance ID, and bucket name:
package main
import (
"fmt"
"github.com/IBM/ibm-cos-sdk-go/aws"
"github.com/IBM/ibm-cos-sdk-go/aws/credentials/ibmiam"
"github.com/IBM/ibm-cos-sdk-go/aws/session"
"github.com/IBM/ibm-cos-sdk-go/service/s3"
)
const (
apiKey = "<API_KEY>"
serviceInstanceID = "<RESOURCE_INSTANCE_ID>"
authEndpoint = "https://iam.cloud.ibm.com/identity/token"
serviceEndpoint = "https://s3-api.us-geo.objectstorage.softlayer.net"
)
func main() {
newBucket := "new-bucketee"
newColdBucket := "new-cold-bucketee"
conf := aws.NewConfig().
WithEndpoint(serviceEndpoint).
WithCredentials(ibmiam.NewStaticCredentials(aws.NewConfig(),
authEndpoint, apiKey, serviceInstanceID)).
WithS3ForcePathStyle(true)
sess := session.Must(session.NewSession())
client := s3.New(sess, conf)
input := &s3.CreateBucketInput{
Bucket: aws.String(newBucket),
}
client.CreateBucket(input)
input2 := &s3.CreateBucketInput{
Bucket: aws.String(newColdBucket),
CreateBucketConfiguration: &s3.CreateBucketConfiguration{
LocationConstraint: aws.String("us-cold"),
},
}
client.CreateBucket(input2)
d, _ := client.ListBuckets(&s3.ListBucketsInput{})
fmt.Println(d)
}
From the command line, run go run main.go
. You should see a list of your buckets.
Feel free to use GitHub issues for tracking bugs and feature requests, but for help please use one of the following resources:
ibm
and object-storage
.IBM supports current public releases. IBM will deprecate language versions 90 days after a version reaches end-of-life. All clients will need to upgrade to a supported version before the end of the grace period.
This SDK is distributed under the Apache License, Version 2.0, see LICENSE.txt and NOTICE.txt for more information.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.