Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
GHGA Event Schemas: A package that collects schemas used for events exchanged between GHGA service.
GHGA Event Schemas: A package that collects schemas used for events exchanged between GHGA service.
This package contains a collection of Pydantic-based models used to provide type-checked and validated event schemas.
We recommend using the provided Docker container.
A pre-build version is available at docker hub:
docker pull ghga/ghga-event-schemas:3.3.1
Or you can build the container yourself from the ./Dockerfile
:
# Execute in the repo's root dir:
docker build -t ghga/ghga-event-schemas:3.3.1 .
For production-ready deployment, we recommend using Kubernetes, however, for simple use cases, you could execute the service using docker on a single server:
# The entrypoint is preconfigured:
docker run -p 8080:8080 ghga/ghga-event-schemas:3.3.1 --help
If you prefer not to use containers, you may install the service from source:
# Execute in the repo's root dir:
pip install .
# To run the service:
ghga_event_schemas --help
The service requires the following configuration parameters:
log_level
(string): The minimum log level to capture. Must be one of: ["CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG", "TRACE"]
. Default: "INFO"
.
service_name
(string): Short name of this service. Default: "my_microservice"
.
service_instance_id
(string): A string that uniquely identifies this instance across all instances of this service. This is included in log messages.
Examples:
"germany-bw-instance-001"
log_format
: If set, will replace JSON formatting with the specified string format. If not set, has no effect. In addition to the standard attributes, the following can also be specified: timestamp, service, instance, level, correlation_id, and details. Default: null
.
Any of
string
null
Examples:
"%(timestamp)s - %(service)s - %(level)s - %(message)s"
"%(asctime)s - Severity: %(levelno)s - %(msg)s"
host
(string): IP of the host. Default: "127.0.0.1"
.
port
(integer): Port to expose the server on the specified host. Default: 8080
.
auto_reload
(boolean): A development feature. Set to True
to automatically reload the server upon code changes. Default: false
.
workers
(integer): Number of workers processes to run. Default: 1
.
api_root_path
(string): Root path at which the API is reachable. This is relative to the specified host and port. Default: ""
.
openapi_url
(string): Path to get the openapi specification in JSON format. This is relative to the specified host and port. Default: "/openapi.json"
.
docs_url
(string): Path to host the swagger documentation. This is relative to the specified host and port. Default: "/docs"
.
cors_allowed_origins
: A list of origins that should be permitted to make cross-origin requests. By default, cross-origin requests are not allowed. You can use ['*'] to allow any origin. Default: null
.
Any of
array
null
Examples:
[
"https://example.org",
"https://www.example.org"
]
cors_allow_credentials
: Indicate that cookies should be supported for cross-origin requests. Defaults to False. Also, cors_allowed_origins cannot be set to ['*'] for credentials to be allowed. The origins must be explicitly specified. Default: null
.
Any of
boolean
null
Examples:
[
"https://example.org",
"https://www.example.org"
]
cors_allowed_methods
: A list of HTTP methods that should be allowed for cross-origin requests. Defaults to ['GET']. You can use ['*'] to allow all standard methods. Default: null
.
Any of
array
null
Examples:
[
"*"
]
cors_allowed_headers
: A list of HTTP request headers that should be supported for cross-origin requests. Defaults to []. You can use ['*'] to allow all headers. The Accept, Accept-Language, Content-Language and Content-Type headers are always allowed for CORS requests. Default: null
.
Any of
array
null
Examples:
[]
generate_correlation_id
(boolean): A flag, which, if False, will result in an error when inbound requests don't possess a correlation ID. If True, requests without a correlation ID will be assigned a newly generated ID in the correlation ID middleware function. Default: true
.
Examples:
true
false
language
(string): The language. Must be one of: ["Greek", "Croatian", "French", "German"]
. Default: "Croatian"
.
A template YAML for configurating the service can be found at
./example-config.yaml
.
Please adapt it, rename it to .ghga_event_schemas.yaml
, and place it into one of the following locations:
./.ghga_event_schemas.yaml
)~/.ghga_event_schemas.yaml
)The config yaml will be automatically parsed by the service.
Important: If you are using containers, the locations refer to paths within the container.
All parameters mentioned in the ./example-config.yaml
could also be set using environment variables or file secrets.
For naming the environment variables, just prefix the parameter name with ghga_event_schemas_
,
e.g. for the host
set an environment variable named ghga_event_schemas_host
(you may use both upper or lower cases, however, it is standard to define all env
variables in upper cases).
To using file secrets please refer to the corresponding section of the pydantic documentation.
This is a Python-based service following the Triple Hexagonal Architecture pattern. It uses protocol/provider pairs and dependency injection mechanisms provided by the hexkit library.
For setting up the development environment, we rely on the devcontainer feature of VS Code in combination with Docker Compose.
To use it, you have to have Docker Compose as well as VS Code with its "Remote - Containers"
extension (ms-vscode-remote.remote-containers
) installed.
Then open this repository in VS Code and run the command
Remote-Containers: Reopen in Container
from the VS Code "Command Palette".
This will give you a full-fledged, pre-configured development environment including:
Moreover, inside the devcontainer, a convenience commands dev_install
is available.
It installs the service with all development dependencies, installs pre-commit.
The installation is performed automatically when you build the devcontainer. However,
if you update dependencies in the ./pyproject.toml
or the
./requirements-dev.txt
, please run it again.
This repository is free to use and modify according to the Apache 2.0 License.
This README file is auto-generated, please see readme_generation.md
for details.
FAQs
GHGA Event Schemas: A package that collects schemas used for events exchanged between GHGA service.
We found that ghga-event-schemas demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.