Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
配置读写(基于json格式进行简化)、ioc、以及其他工具代码。a json-base file format's read and write code by python, and codes to read and product object from configure file in such format(ioc), and other tool codes
1,在json格式基础上加了点东西,让配置文件写起来更简单,模块在buildz.xf下
2,基于xf格式写了个ioc控制反转配置文件读取的程序,模块在buildz.ioc下
3,其他工具模块:
buildz.fz: 文件夹查找
buildz.pyz: 简化python __import__调用
buildz.argx: 按格式读命令行参数
buildz.tz: 加些工具,目前只有myerse diff字符串比较算法
buildz.demo: 使用参考,运行"python -m buildz"会用这个模块
buildz.db: sql集成工具,自用,里面import了其他sql库,使用运行"python -m buildz.db 配置文件路径"
buildz.base: 封装了一个基础类,继承它可以少写一些代码
buildz.html: xml(html)内容读取和解析
buildz.auto: 自动化操作(主要是做自动化测试方便些,如果不怕写一堆配置文件的话)
代码关系:
buildz.xf, buildz.pyz, buildz.argx, buildz.fz, buildz.tz都是独立的模块
buildz.ioc需要buildz.xf和buildz.pyz
buildz.db需要buildz.xf
buildz.demo需要其他全部模块
运行python -m buildz查看帮助
持续更新中。。。
2024/11/11:
新增buildz.tz.xfind,对json做查询用的,功能类似jsonpath,自己实现的原因是好玩,以及不想为了用jsonpath去学对应的语法
2024/10/08:
增强auto配置功能,在auto增加数据库使用的封装,后续考虑出文档。。。如果有时间
2024/09/25:
修复bug,增强html的搜索功能,增强auto配置功能
auto里加了个request的demo,里面用的requests库,可以直接配置来进行http调用
2024/09/24:
增加模块html:html页面解析
增加模块auto:自动化调用
2024/09/09
ioc:
加修饰器
加配置refs
PS: 对比了下json.loads(修改了下json的scanner.py,让它在纯python下运行,不然json.loads会更快)和目前的xf.loads(buildz.xf.readz.loads)的速度,xf.loads比json.loads慢7倍,可能是读字符串更频繁,方法调用更多(为了代码更结构化和容易修改),其实有一版更慢(buildz.xf.read.loads,废弃代码,后面看情况删掉),慢100倍,因为只考虑结构化,没考虑列表增减开销(获得的经验教训是别直接用python的列表list当堆栈做append和pop,特别慢!)
1, a profile file format base on json, make it easy to write profile file, module is in buildz.xf
2, a ioc profile file read function base on xf format, module is in buildz.ioc
3, other tools module:
buildz.fz: file search
buildz.pyz: make it easier to use python's __import__ function
buildz.argx: read command argument in special format
buildz.demo: example codes to use buildz, run "python -m buildz" will use this module
code relationship:
buildz.xf, buildz.pyz, buildz.argx, buildz.fz, buildz.tz is independent
buildz.ioc use buildz.xf and buildz.pyz
buildz.tz: some tools, only contains "myerse diff algorithm" now
buildz.demo use all other modules
run python -m buildz to see help
continue updating...
PS: testing speed on json.loads(has modified scanner.py in json module to make it purely run on Python, which make it run slower) and xf.loads(real func is buildz.xf.readz.loads), xf.loads takes 7 times longer than json.loads, it may cost by more func calls and more string cutting and reading(to make codes more structuring and easier to update)
FAQs
配置读写(基于json格式进行简化)、ioc、以及其他工具代码。a json-base file format's read and write code by python, and codes to read and product object from configure file in such format(ioc), and other tool codes
We found that buildz demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.