Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
This framework provides a mechanism to write Function-as-a-Service style code in Python for handling HTTP events, including CloudEvents delivered via HTTP.
This framework is primarily intended to work with Knative, but also works to provide a generic server for handling CloudEvents over HTTP (e.g. from Kubernetes or on a local machine).
The framework uses reflection to find a suitable function to wrap; it should not be necessary to import any of the following modules in your own code unless you want (e.g. for type definitions):
frameork
(this module; on PyPi as http-containerize
)flask
cloudevents
Instead, simply ensure that you have a single non-_
prefixed function which
uses some combination of the following:
req
, request
, body
, headers
or of the
flask.Request
type)event
, payload
, data
, attributes
or of the
cloudevents.sdk.event.v1.Event
type)Usage:
import logging
from typing import Any
counter = 0
def DoEvent(data: Any, attributes: dict, req: Any):
global counter
counter = counter + 1
logging.info(f"Got data: {data}")
logging.info(f"From {req.origin}, my {counter}th request!")
attributes["type"] = "com.example.reply"
attributes["datacontenttype"] = "text/plain"
return attributes, "It's a demo"
You can use the packeto buildpacks if you add http-containerize>=0.4.0
to your requirements.txt
:
pack build pytestapp --buildpack ekanderson/pyfun:0.1.1 --builder paketobuildpacks/builder:base
You can then invoke it via:
docker run --rm -p 8080:8080 -e 8080 pytestapp
FAQs
Unknown package
We found that http-containerize demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.