Research
Security News
Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
0x-web3 is a temporary fork of web3. It adds primitive support for ABI tuples, which is needed in order to facilitate calling the 0x smart contracts. The fork’s changes to web3.py are visible in an open PR, and when that PR (or something analogous) is merged, this package will be taken down.
A Python implementation of web3.js
Read more in the documentation on ReadTheDocs. View the change log on Github.
import json
import web3
from web3 import Web3, HTTPProvider, TestRPCProvider
from solc import compile_source
from web3.contract import ConciseContract
# Solidity source code
contract_source_code = '''
pragma solidity ^0.4.0;
contract Greeter {
string public greeting;
function Greeter() {
greeting = 'Hello';
}
function setGreeting(string _greeting) public {
greeting = _greeting;
}
function greet() constant returns (string) {
return greeting;
}
}
'''
compiled_sol = compile_source(contract_source_code) # Compiled source code
contract_interface = compiled_sol['<stdin>:Greeter']
# web3.py instance
w3 = Web3(TestRPCProvider())
# Instantiate and deploy contract
contract = w3.eth.contract(abi=contract_interface['abi'], bytecode=contract_interface['bin'])
# Get transaction hash from deployed contract
tx_hash = contract.deploy(transaction={'from': w3.eth.accounts[0], 'gas': 410000})
# Get tx receipt to get contract address
tx_receipt = w3.eth.getTransactionReceipt(tx_hash)
contract_address = tx_receipt['contractAddress']
# Contract instance in concise mode
abi = contract_interface['abi']
contract_instance = w3.eth.contract(address=contract_address, abi=abi,ContractFactoryClass=ConciseContract)
# Getters + Setters for web3.eth.contract object
print('Contract value: {}'.format(contract_instance.greet()))
contract_instance.setGreeting('Nihao', transact={'from': w3.eth.accounts[0]})
print('Setting value to: Nihao')
print('Contract value: {}'.format(contract_instance.greet()))
git clone git@github.com:ethereum/web3.py.git
cd web3.py
Please see OS-specific instructions for:
Then run these install commands:
virtualenv venv
. venv/bin/activate
pip install -e .[dev]
For different environments, you can set up multiple virtualenv
. For example, if you want to create a venvdocs
, then you do the following:
virtualenv venvdocs
. venvdocs/bin/activate
pip install -e .[docs]
pip install -e .
If you would like to develop and test inside a Docker environment, use the sandbox container provided in the docker-compose.yml file.
To start up the test environment, run:
docker-compose up -d
This will build a Docker container set up with an environment to run the Python test code.
Note: This container does not have go-ethereum
installed, so you cannot run the go-ethereum test suite.
To run the Python tests from your local machine:
docker-compose exec sandbox bash -c 'pytest -n 4 -f -k "not goethereum"'
You can run arbitrary commands inside the Docker container by using the bash -c
prefix.
docker-compose exec sandbox bash -c ''
Or, if you would like to just open a session to the container, run:
docker-compose exec sandbox bash
During development, you might like to have tests run on every file save.
Show flake8 errors on file change:
# Test flake8
when-changed -v -s -r -1 web3/ tests/ ens/ -c "clear; flake8 web3 tests ens && echo 'flake8 success' || echo 'error'"
You can use pytest-watch
, running one for every Python environment:
pip install pytest-watch
cd venv
ptw --onfail "notify-send -t 5000 'Test failure ⚠⚠⚠⚠⚠' 'python 3 test on web3.py failed'" ../tests ../web3
Or, you can run multi-process tests in one command, but without color:
# in the project root:
pytest --numprocesses=4 --looponfail --maxfail=1
# the same thing, succinctly:
pytest -n 4 -f --maxfail=1
Execute tox
for the tests
There are multiple components of the tests. You can run test to against specific component. For example:
# Run Tests for the Core component (for Python 3.5):
tox -e py35-core
# Run Tests for the Core component (for Python 3.6):
tox -e py36-core
If for some reason it is not working, add --recreate
params.
tox
is good for testing against the full set of build targets. But if you want to run the tests individually, py.test
is better for development workflow. For example, to run only the tests in one file:
py.test tests/core/gas-strategies/test_time_based_gas_price_strategy.py
For Debian-like systems:
apt install pandoc
To release a new version:
make release bump=$$VERSION_PART_TO_BUMP$$
The version format for this repo is {major}.{minor}.{patch}
for stable, and
{major}.{minor}.{patch}-{stage}.{devnum}
for unstable (stage
can be alpha or beta).
To issue the next version in line, specify which part to bump,
like make release bump=minor
or make release bump=devnum
.
If you are in a beta version, make release bump=stage
will switch to a stable.
To issue an unstable version when the current version is stable, specify the
new version explicitly, like make release bump="--new-version 4.0.0-alpha.1 devnum"
FAQs
Web3.py
We found that 0x-web3 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.