
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Implements a sigv4 authentication plugin for the open-source Datastax Python Driver for Apache Cassandra
The current version is 4.0.2. Please see the changelog for details on version history.
This package implements an authentication plugin for the open-source Datastax Python Driver for Apache Cassandra. The driver enables you to add authentication information to your API requests using the AWS Signature Version 4 Process (SigV4). Using the plugin, you can provide users and applications short-term credentials to access Amazon Keyspaces (for Apache Cassandra) using AWS Identity and Access Management (IAM) users and roles.
The plugin depends on the AWS SDK for Python (Boto3). It uses boto3.Session
to obtain credentials.
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.load_verify_locations('./AmazonRootCA1.pem')
ssl_context.verify_mode = CERT_REQUIRED
boto_session = boto3.Session(aws_access_key_id="AKIAIOSFODNN7EXAMPLE",
aws_secret_access_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
aws_session_token="AQoDYXdzEJr...<remainder of token>",
region_name="us-east-2")
auth_provider = SigV4AuthProvider(boto_session)
cluster = Cluster(['cassandra.us-east-2.amazonaws.com'], ssl_context=ssl_context, auth_provider=auth_provider,
port=9142)
session = cluster.connect()
r = session.execute('select * from system_schema.keyspaces')
print(r.current_rows)
The following sections describe how to use the authentication plugin for the open-source DataStax Python Driver for Cassandra to access Amazon Keyspaces.
The first step is to get an Amazon digital certificate to encrypt your connections using Transport Layer Security (TLS). The DataStax Python driver must use an SSL CA certificate so that the client SSL engine can validate the Amazon Keyspaces certificate on connection.
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.load_verify_locations('./AmazonRootCA1.pem')
ssl_context.verify_mode = CERT_REQUIRED
Before you can start using the plugin, you must configure the AWS Region that the plugin will use when authenticating.
This is required because SigV4 signatures are Region-specific. For example, if you are connecting to the cassandra.us-east-2.amazonaws.com
endpoint,
the Region must be us-east-2
. For a list of available AWS Regions and endpoints, see Service Endpoints for Amazon Keyspaces.
You can specify the Region using one of the following four methods:
You can use the AWS_REGION
environment variable to match the endpoint that you are
communicating with by setting it as part of your application start-up, as follows.
$ export AWS_REGION=us-east-1
You can either provide the constructor for SigV4AuthProvider
with a boto3 session, aws credentials and a region,
or a parameterless constructor to follow the default boto3 credential discovery path.
pip install cassandra-sigv4
Note that if a session is provided, all other arguments for the constructor are ignored.
boto_session = boto3.Session(aws_access_key_id="AKIAIOSFODNN7EXAMPLE",
aws_secret_access_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
aws_session_token="AQoDYXdzEJr...<remainder of token>",
region_name="us-east-2")
auth_provider = SigV4AuthProvider(boto_session)
cluster = Cluster(['cassandra.us-east-2.amazonaws.com'], ssl_context=ssl_context, auth_provider=auth_provider,
port=9142)
auth_provider = SigV4AuthProvider(aws_access_key_id="AKIAIOSFODNN7EXAMPLE",
aws_secret_access_key="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
aws_session_token="AQoDYXdzEJr...<remainder of token>",
region_name="us-east-2")
cluster = Cluster(['cassandra.us-east-2.amazonaws.com'], ssl_context=ssl_context, auth_provider=auth_provider,
port=9142)
FAQs
Implements a sigv4 authentication plugin for the open-source Datastax Python Driver for Apache Cassandra
We found that cassandra-sigv4 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.