Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Official low-level client for Elasticsearch. Its goal is to provide common ground for all Elasticsearch-related code in Python; because of this it tries to be opinion-free and very extendable.
For a more high level client library with more limited scope, have a look at
elasticsearch-dsl
_ - a more pythonic library sitting on top of
elasticsearch-py
.
It provides a more convenient and idiomatic way to write and manipulate
queries
_. It stays close to the Elasticsearch JSON DSL, mirroring its
terminology and structure while exposing the whole range of the DSL from Python
either directly using defined classes or a queryset-like expressions.
It also provides an optional persistence layer
_ for working with documents as
Python objects in an ORM-like fashion: defining mappings, retrieving and saving
documents, wrapping the document data in user-defined classes.
.. _elasticsearch-dsl: https://elasticsearch-dsl.readthedocs.io/ .. _queries: https://elasticsearch-dsl.readthedocs.io/en/latest/search_dsl.html .. _persistence layer: https://elasticsearch-dsl.readthedocs.io/en/latest/persistence.html#doctype
The library is compatible with all Elasticsearch versions since 0.90.x
but you
have to use a matching major version:
For Elasticsearch 6.0 and later, use the major version 6 (6.x.y
) of the
library.
For Elasticsearch 5.0 and later, use the major version 5 (5.x.y
) of the
library.
For Elasticsearch 2.0 and later, use the major version 2 (2.x.y
) of the
library, and so on.
The recommended way to set your requirements in your setup.py
or
requirements.txt
is::
# Elasticsearch 6.x
elasticsearch>=6.0.0,<7.0.0
# Elasticsearch 5.x
elasticsearch>=5.0.0,<6.0.0
# Elasticsearch 2.x
elasticsearch>=2.0.0,<3.0.0
If you have a need to have multiple versions installed at the same time older
versions are also released as elasticsearch2
, elasticsearch5
and elasticsearch6
.
Install the elasticsearch
package for Elasticsearch 6.x with pip <https://pypi.python.org/pypi/elasticsearch>
_::
pip install "elasticsearch>=6,<7"
Simple use-case::
>>> from datetime import datetime
>>> from elasticsearch import Elasticsearch
# by default we connect to localhost:9200
>>> es = Elasticsearch()
# create an index in elasticsearch, ignore status code 400 (index already exists)
>>> es.indices.create(index='my-index', ignore=400)
{u'acknowledged': True}
# datetimes will be serialized
>>> es.index(index="my-index", doc_type="test-type", id=42, body={"any": "data", "timestamp": datetime.now()})
{u'_id': u'42', u'_index': u'my-index', u'_type': u'test-type', u'_version': 1, u'ok': True}
# but not deserialized
>>> es.get(index="my-index", doc_type="test-type", id=42)['_source']
{u'any': u'data', u'timestamp': u'2013-05-12T19:45:31.804229'}
Full documentation
_.
.. _Full documentation: https://elasticsearch-py.readthedocs.io/
Elastic Cloud (and SSL) use-case::
>>> from elasticsearch import Elasticsearch
>>> es = Elasticsearch("https://elasticsearch.url:port", http_auth=('elastic','yourpassword'))
>>> es.info()
Using SSL Context with a self-signed cert use-case::
>>> from elasticsearch import Elasticsearch
>>> from ssl import create_default_context
>>> context = create_default_context(cafile="path/to/cafile.pem")
>>> es = Elasticsearch("https://elasticsearch.url:port", ssl_context=context, http_auth=('elastic','yourpassword'))
>>> es.info()
The client's features include:
Copyright 2017 Elasticsearch
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
.. image:: https://readthedocs.org/projects/elasticsearch-py/badge/?version=latest&style=flat :target: https://elasticsearch-py.readthedocs.io/en/master/
.. image:: https://clients-ci.elastic.co/job/elastic+elasticsearch-py+master/badge/icon :target: https://clients-ci.elastic.co/job/elastic+elasticsearch-py+master/
FAQs
Python client for Elasticsearch
We found that elasticsearch6 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.