Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Singer tap that extracts data from a PostgreSQL database and produces JSON-formatted data following the Singer spec.
The recommended method of running this tap is to use it with Macrometa data connectors. If you want to run this Singer Tap independently please read further.
First, make sure Python 3 is installed on your system or follow these installation instructions for Mac or Ubuntu .
It's recommended to use a virtualenv:
python3 -m venv venv
pip install c8-source-postgres
or
make venv
{
"host": "localhost",
"port": 5432,
"user": "postgres",
"password": "secret",
"dbname": "db"
}
These are the same basic configuration properties used by the PostgreSQL command-line client (psql
).
Full list of options in config.json
:
Property | Type | Required? | Description |
---|---|---|---|
host | String | Yes | PostgreSQL host |
port | Integer | Yes | PostgreSQL port |
user | String | Yes | PostgreSQL user |
password | String | Yes | PostgreSQL password |
dbname | String | Yes | PostgreSQL database name |
filter_schemas | String | No | Comma separated schema names to scan only the required schemas to improve the performance of data extraction. (Default: None) |
ssl | String | No | If set to "true" then use SSL via postgres sslmode require option. If the server does not accept SSL connections or the client certificate is not recognized the connection will fail. (Default: None) |
logical_poll_total_seconds | Integer | No | Stop running the tap when no data received from wal after certain number of seconds. (Default: 10800) |
break_at_end_lsn | Boolean | No | Stop running the tap if the newly received lsn is after the max lsn that was detected when the tap started. (Default: true) |
max_run_seconds | Integer | No | Stop running the tap after certain number of seconds. (Default: 43200) |
debug_lsn | String | No | If set to "true" then add _sdc_lsn property to the singer messages to debug postgres LSN position in the WAL stream. (Default: None) |
tap_id | String | No | ID of the pipeline/tap (Default: None) |
itersize | Integer | No | Size of PG cursor iterator when doing INCREMENTAL or FULL_TABLE (Default: 20000) |
default_replication_method | String | No | Default replication method to use when no one is provided in the catalog (Values: LOG_BASED , INCREMENTAL or FULL_TABLE ) (Default: None) |
use_secondary | Boolean | No | Use a database replica for INCREMENTAL and FULL_TABLE replication (Default : False) |
secondary_host | String | No | PostgreSQL Replica host (required if use_secondary is True ) |
secondary_port | Integer | No | PostgreSQL Replica port (required if use_secondary is True ) |
c8-source-postgres --config config.json --discover # Should dump a Catalog to stdout
c8-source-postgres --config config.json --discover > catalog.json # Capture the Catalog
Each entry under the Catalog's "stream" key will need the following metadata:
{
"streams": [
{
"stream_name": "my_topic"
"metadata": [{
"breadcrumb": [],
"metadata": {
"selected": true,
"replication-method": "LOG_BASED",
}
}]
}
]
}
The replication method can be one of FULL_TABLE
, INCREMENTAL
or LOG_BASED
.
Note: Log based replication requires a few adjustments in the source postgres database, please read further for more information.
c8-source-postgres --config config.json --catalog catalog.json
The tap will write bookmarks to stdout which can be captured and passed as an optional --state state.json
parameter
to the tap for the next sync.
PostgreSQL database's running PostgreSQL versions 9.4.x or greater. To avoid a critical PostgreSQL bug, use at least one of the following minor versions:
A connection to the master instance. Log-based replication will only work by connecting to the master instance.
wal2json plugin: To use Log Based for your PostgreSQL integration, you must install the wal2json plugin. The wal2json plugin outputs JSON objects for logical decoding, which the tap then uses to perform Log-based Replication. Steps for installing the plugin vary depending on your operating system. Instructions for each operating system type are in the wal2json’s GitHub repository:
postgres config file: Locate the database configuration file (usually postgresql.conf
) and define
the parameters as follows:
wal_level=logical
max_replication_slots=5
max_wal_senders=5
Restart your PostgreSQL service to ensure the changes take effect.
Note: For max_replication_slots
and max_wal_senders
, we’re defaulting to a value of 5.
This should be sufficient unless you have a large number of read replicas connected to the master instance.
Existing replication slot: Log based replication requires a dedicated logical replication slot. In PostgreSQL, a logical replication slot represents a stream of database changes that can then be replayed to a client in the order they were made on the original server. Each slot streams a sequence of changes from a single database.
Login to the master instance as a superuser and using the wal2json
plugin, create a logical replication slot:
SELECT *
FROM pg_create_logical_replication_slot('macrometa_<database_name>', 'wal2json');
Note: Replication slots are specific to a given database in a cluster. If you want to connect multiple databases - whether in one integration or several - you’ll need to create a replication slot for each database.
make venv
export C8_SOURCE_POSTGRES_HOST=<postgres-host>
export C8_SOURCE_POSTGRES_PORT=<postgres-port>
export C8_SOURCE_POSTGRES_SECONDARY_HOST=<postgres-replica-host>
export C8_SOURCE_POSTGRES_SECONDARY_PORT=<postgres-replica-port>
export C8_SOURCE_POSTGRES_USER=<postgres-user>
export C8_SOURCE_POSTGRES_PASSWORD=<postgres-password>
You can make use of the local docker-compose to spin up a test database by running make start_db
Test objects will be created in the postgres
database.
make test
make venv
make pylint
FAQs
C8 Source for extracting data from PostgresSQL.
We found that c8-source-postgres demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.