Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
ABle (Allthenticate's Bluetooth Low Energy (Library)) is a platform agnostic python framework for communication with centrals as a BLE Peripheral with simple yet powerful 'BLE Sockets'
Able stands for Allthenticate's BLE Peripheral Library. It serves the purpose of enabling the abstraction of using a BLE Peripheral on Ubuntu, MacOs and Windows based systems without having to adapt your software to have platform specific support.
Note that this project is still undergoing work by the development team, the main things we are working on are:
To get started just run get_started.sh
. This will install poetry and all of the project's dependencies, and drop you into the projects virtual environment.
bash get_started.sh
Whenever you pull new updates we recommend running a quick poetry install
to get any updates. From there, please check out our examples to get started with the project!
It may be the case that the current version of your Poetry package is outdated. Run scripts/check_poetry.sh
to check if there is a newer version of the poetry installer.
bash scripts/check_poetry.sh
We follow the Sphinx docstring format for our docstrings, see the following site on the complete specification, but the general docstring will look like:
"""
[Summary]
:param [ParamName]: [ParamDescription], defaults to [DefaultParamVal]
:type [ParamName]: [ParamType](, optional)
...
:raises [ErrorType]: [ErrorDescription]
...
:return: [ReturnDescription]
:rtype: [ReturnType]
"""
To generate the docs for local use you should just have to run the following inside of the poetry shell:
make html
Then open the html produced by Sphinx.
If you want to have docs magically update as you are writing them, run the following command:
sphinx-autobuild source/ build/html/
Running tests are easy, you need to only do a few things as a developer. First track down the IP of the companion you plan to be using, we recommend a raspberry pi. Once you have that IP, export it as an environment variable as so:
export ABLE_CENTRAL_IP="<IP>"
Now, we can run the tests with the following command:
poetry install && poetry run pytest tests
If you want to do more rigorous testing over a long period of time and check for flaky tests, you will
have to modify the pyproject.toml
. We already have the dependencies you need to run tests multiple times
to detect flakiness, all you need to do is modify the following line:
addopts = "--flake-finder --flake-runs=1 --reruns 5 --reruns-delay 5"
Into:
addopts = "--flake-finder --flake-runs=10 --reruns 5 --reruns-delay 5"
This will run each test 10 times, you can even modify it to be greater should you choose. You can also
modify the reruns
and reruns-delay
parameters to change how much time you should wait between failed tests,
maybe to let things simmer and how many reruns you will accept.
Our dependencies include pytest-fast-first
which will locally track which tests are quicker and will use AI and
deep learning (a json dictionary of times) to track and run tests that go faster first! Neat!
We are hoping to have unit tests coming soon for Able but right now are relying solely on hardware in the loop tests to get things off the ground. Eventually we will detect if you have a companion set and if not, we will only run the unit tests.
If you have any questions on the use of this library feel free to reach out the head maintainer bernie@allthenticate.com or submit an issue on the repository.
Contributing is not currently enabled but once the repository is licensed we will be opening the project up for public contributions.
This project was inspired by the great work done by the developer team for Bleak which is a fantastic platform agnostic bluetooth framework for a BLE client/central we would highly reccomend!
We also took notes from the work done by Kevin Car with his companion library Bless, who made a great server supplement to Bleak whose work saved us from countless hours from fighting dbus and pyobjc!
FAQs
ABle (Allthenticate's Bluetooth Low Energy (Library)) is a platform agnostic python framework for communication with centrals as a BLE Peripheral with simple yet powerful 'BLE Sockets'
We found that able demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.