Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
This package provides a utility to validate pydantic request models and also serialize db object using pydantic models.
Flask-Dantic is a Python package that would enable users to use Pydantic models for validations and serialization, thus making it easy to link Flask with Pydantic. It can validate the request params, query args and path args.
Also, the package provides a serializer that serializes the database objects using the pydantic models. This comes handy if you are using pydantic models for request and response in Flask.
A single serialize call will take care of validating the returned response as well as serializing it. There are options to include or exclude certain fields or exclude/include fields with null values.
This package is compatible with Python >= 3.6
Install with pip:
pip install flask-dantic
# Using the Pydantic model for request.
from typing import Optional
from flask import current_app as flask_app, request
from pydantic import BaseModel
from flask_dantic import pydantic_validator
class UserCreateModel(BaseModel):
username: str
age: Optional[int] = None
phone: Optional[str] = None
@flask_app.route("/user/create", methods=["POST"])
@pydantic_validator(body=UserCreateModel) # Pass the model against body kwarg.
def create_user():
"""
Request Json to create user that will be validated against UserModel
{
"username": "Foo",
"age": 42,
"phone": "123-456-7890"
}
"""
user_model = request.body_model
print(user_model.username, user_model.age, user_model.phone)
@flask_app.route("/user/create", methods=["POST"])
# Changing the default validation error status code from default 422 to 400
@pydantic_validator(body=UserCreateModel, validation_error_status_code=400)
def create_user():
"""
Request Json to create user that will be validated against UserModel
{
"username": "Foo",
"age": 42,
"phone": "123-456-7890"
}
"""
user_model = request.body_model
print(user_model.username, user_model.age, user_model.phone)
# Using the Pydantic model for request.
from typing import Optional
from flask import current_app as flask_app, request
from pydantic import BaseModel
from flask_dantic import pydantic_validator
# Sample url - https://localhost:5000/user/get?username=Foo&age=42
# Here username and foo are pass are query args
class UserQueryModel(BaseModel):
username: str
age: Optional[int] = None
@flask_app.route("/user/get", methods=["GET"])
@pydantic_validator(query=UserQueryModel) # Pass the model against query kwarg
def get_user():
user_query_model = request.query_model
print(user_query_model.username, user_query_model.age)
# Using the Pydantic model for request.
from flask import current_app as flask_app, request
from pydantic import BaseModel, Field
from flask_dantic import pydantic_validator
# Sample url - https://localhost:5000/user/get/c55926d3-cbd0-4eea-963b-0bcfc5c40d46
# Here the uuid is the dynamic path param.
UUID_REGEX = "[0-9a-f]{8}(?:-[0-9a-f]{4}){3}-[0-9a-f]{12}"
class UserPathParamModel(BaseModel):
user_id: str = Field(..., regex=UUID_REGEX, description="ID of the user")
@flask_app.route("/user/get/<string:user_id>", methods=["GET"])
@pydantic_validator(path_params=UserPathParamModel) # Pass the model against path_params
def get_user(user_id):
path_param_model = request.path_param_model
print(path_param_model.user_id)
from sqlalchemy import create_engine
from sqlalchemy.orm import Session
db_engine = create_engine(DB_CONNECT_STRING) # DB connection string, ex "sqlite:///my_app.db"
db = Session(db_engine)
from http import HTTPStatus
from typing import Optional
from flask import current_app as flask_app, jsonify
from pydantic import BaseModel
from flask_dantic import serialize, pydantic_validator
class UserResponseModel(BaseModel): # Define the pydantic model for serialization.
username: str
age: Optional[int] = None
phone: Optional[str] = None
@flask_app.route("/user/list", methods=["GET"])
def get_all_users():
users = get_all_users_from_db()
# Pass the db records and pydantic model to serialize method. Set many as True if there are multiple records.
serialized_users = serialize(users, UserResponseModel, many=True) # Serialize call
return jsonify(serialized_users), HTTPStatus.OK
@flask_app.route("/user/get/<string:user_id>", methods=["GET"])
@pydantic_validator(path_params=UserPathParamModel) # Pass the model against path_params
def get_user(user_id):
user = get_single_user_by_id(user_id)
# Pass the db record and pydantic model to serialize method. Many is set to False by default.
user = serialize(user, UserResponseModel) # Serialize call
return jsonify(user), HTTPStatus.OK
from flask_dantic import serialize
# Taking the same example from above. Modifying the serialize call.
@flask_app.route("/user/get/<string:user_id>", methods=["GET"])
@pydantic_validator(path_params=UserPathParamModel) # Pass the model against path_params
def get_user(user_id):
user = get_single_user_by_id(user_id)
# Pass the db record and pydantic model to serialize method. Many is set to False by default.
# Serialize call
return serialize(user, UserResponseModel, json_dump=True), HTTPStatus.OK
Run tests:
pytest
Flask-Dantic is released under the MIT License. See the bundled LICENSE
file
for details.
FAQs
This package provides a utility to validate pydantic request models and also serialize db object using pydantic models.
We found that flask-dantic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.