Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
appmap-python
is a Python package for recording
AppMaps of your code. "AppMap" is a data format
which records code structure (modules, classes, and methods), code execution events
(function calls and returns), and code metadata (repo name, repo URL, commit SHA, labels,
etc). It's more granular than a performance profile, but it's less granular than a full
debug trace. It's designed to be optimal for understanding the design intent and structure
of code and key data flows.
Visit the AppMap for Python reference page on AppLand.com for a complete reference guide.
Clone the repo to begin development.
% git clone https://github.com/applandinc/appmap-python.git
Cloning into 'appmap-python'...
remote: Enumerating objects: 167, done.
remote: Counting objects: 100% (167/167), done.
remote: Compressing objects: 100% (100/100), done.
remote: Total 962 (delta 95), reused 116 (delta 61), pack-reused 795
Receiving objects: 100% (962/962), 217.31 KiB | 4.62 MiB/s, done.
Resolving deltas: 100% (653/653), done.
As a package intended to be installed in as many environments as possible, appmap-python
needs to avoid using features of Python or the standard library that were added after the
oldest version currently supported (see the
supported versions).
poetry for dependency management:
% brew install poetry
% cd appmap-python
% poetry install
The one dependency that is not managed using poetry
is wrapt
. Because it's possible that
projects that use appmap
may also need an unmodified version of wrapt
(e.g. pylint
depends on
astroid
, which in turn depends on wrapt
), we use
vendoring to vendor wrapt
.
To update wrapt
, use tox
(described below) to run the vendoring
environment.
pylint for linting:
% cd appmap-python
% poetry run pylint appmap
--------------------------------------------------------------------
Your code has been rated at 10.00/10 (previous run: 10.00/10, +0.00)
[Note that the current configuration has a threshold set which must be met for the Travis build to pass. To make this easier to achieve, a number of checks have both been disabled. They should be reenabled as soon as possible.]
Note that you must install the dependencies contained in requirements-dev.txt before running tests. See the explanation in pyproject.toml for details.
Additionally, the tests currently require that you set APPMAP=true
and
APPMAP_DISPLAY_PARAMS=true
.
pytest for testing:
% cd appmap-python
% pip install -r requirements-test.txt
% APPMAP=true APPMAP_DISPLAY_PARAMS=true poetry run pytest
Additionally, the tox
configuration provides the ability to run the tests for all
supported versions of Python and Django.
tox
requires that all the correct versions of Python to be available to create
the test environments. pyenv is an easy way to manage
multiple versions of Python, and the xxenv-latest
plugin can help get all the latest versions.
% brew install pyenv
% git clone https://github.com/momo-lab/xxenv-latest.git "$(pyenv root)"/plugins/xxenv-latest
% cd appmap-python
% pyenv latest local 3.{9,6,7,8}
% for v in 3.{9,6,7,8}; do pyenv latest install $v; done
% poetry run tox
coverage for coverage:
% cd appmap-python
% poetry run coverage run -m pytest
% poetry run coverage html
% open htmlcov/index.html
FAQs
Create AppMap files by recording a Python application.
We found that appmap demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.