Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This is an AWS CDK construct library which allows you to get a feed of Twitter search results into an SQS queue. It works by periodically polling the freely available Twitter Standard Search API and sending all new tweets to an SQS queue.
Inspired by @jlhood's aws-serverless-twitter-event-source
To issue a Twitter search request, you will need to apply for a Twitter developer account, and obtain API keys through by defining a new application.
The Twitter API keys are read by the poller from an AWS Secrets
Manager entry. The entry must contain
the following attributes: consumer_key
, consumer_secret
, access_token_key
and access_token_secret
(exact names).
Use npm
to install the module in your CDK project. This will also add it to
your package.json
file.
$ npm install cdk-tweet-queue
Add a TweetQueue
to your CDK stack:
import { TweetQueue } from 'cdk-tweet-queue';
const queue = new TweetQueue(this, 'TweetStream', {
// this is the ARN of the secret you stored
secretArn: 'arn:aws:secretsmanager:us-east-1:1234567891234:secret:xxxxxxxxx'
// twitter search query
// see https://developer.twitter.com/en/docs/tweets/search/guides/standard-operators
query: '#awscdk',
// optional properties
intervalMin: 60, // optional: polling interval in minutes
retentionPeriodSec: 60, // optional: queue retention period
visibilityTimeoutSec: 60, // optional: queue visilibity timeout
});
Now, queue
is an sqs.Queue
object and can be used anywhere a queue is
accepted. For example, you could process the queue messages using an AWS Lambda
function by setting up an SQS event source mapping.
The project is managed by projen and offers the following commands:
yarn projen
- Synthesize the project configuration.yarn compile
- Compile all source code.yarn test
- Run all tests.yarn build
- Complie, test, and package the module.There is also an integration test that can be executed by running the following commands. You will need to set the TWEET_QUEUE_SECRET_ARN
environment variable in order for the test to be able to use your Twitter API keys.
$ yarn integ:deploy
Don't forget to destroy:
$ yarn integ:destroy
You can also run any cdk command on the integration test application by running:
yarn integ <command>
Apache-2.0
FAQs
Defines an SQS queue with tweet stream from a search
We found that cdk-tweet-queue demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.