An assertive security library.
3.5 >= Python <= 3.10
pip install nosorog
cd /path/to/lib/
python3 -m unittest discover
| Exception | Default message |
|---|---|
NosorogMangledNameError | "Use method`s dunder name instead." |
NosorogWrongPlaceCallError (1) | "Protected method can be called from specified methods only." |
NosorogWrongPlaceCallError (2) | "Protected method can not be called from other object, use self instead." |
NosorogWentWrongError | "Something broken." |
NosorogTypeError | child of TypeError. No especial message provided. |
It is possible to use a concatenation of predefined and custom messages:
raise NosorogMangledNameError("Method __get accessible with _MangledName__get() call.")
# NosorogMangledNameError: "Use method`s dunder name instead. Method __get accessible with _MangledName__get() call."
But it is one exclusion:
NosorogWrongPlaceCallError uses the message "Protected method can be called from specified methods only." by default
and or other instead:
from nosorog.exceptions.mixins.nosorog_exception_messages import NosorogExceptionMessages
raise NosorogWrongPlaceCallError(NosorogExceptionMessages.use_self)
# NosorogExceptionMessages: "Protected method can not be called from other object, use self instead."
It is not concatenated.
| Attribute | Message |
|---|---|
protected_from_not_private_call | "This method protected from not private call." |
method_protected | "This method protected." |
wrong_place | "Protected method can be called from specified places only." |
use_self | "Protected method can not be called from other object, use self instead." |
mangled_call_blocked | "Use method`s dunder name instead." |
To import class based decorators use:
from nosorog.decorators import protect_private, copy_dicts, silent
| Decorator | Description |
|---|---|
@silent | intercepts all the exceptions of Nosorog and returns None instead. |
@silent.include(exceptions) | same as above and list of provided exceptions to. |
| --- | --- |
@protect_private.block_mangled_call | protect of name mangling usage. |
@protect_private.one_obj | decorated method accessible with self usage only. |
@protect_private.one_method("method_name") | decorated method accessible from one method only. |
@protect_private.call_from(methods) | decorated method accessible from the methods provided in list only. |
| --- | --- |
@copy_dicts | makes shallow copy of all the dicts in args and kwargs |
@copy_dicts.deep_args | makes deep copy of all the dicts in args |
@copy_dicts.deep_kwargs | makes deep copy of all the dicts in kwargs |
@copy_dicts.deep_all | makes deep copy of all the dicts in args and kwargs |
@copy_dicts.shallow_args | makes shallow copy of all the dicts in args |
@copy_dicts.shallow_kwargs | makes shallow copy of all the dicts in kwargs |
@copy_dicts.shallow_all | makes shallow copy of all the dicts in args and kwargs |
To import function based decorators use:
from nosorog.decorators.function_based_decorators import protect_private, copy_dicts, protect_ids, protected_call
| Decorator | Description |
|---|---|
@protect_private(allowed_list=list) | make a call with _Class__private_method() impossible. allowed_list it is str names of method which you can call the private method from. also support 'self' (str) for calls from same object only. |
@protected_call(from_method=str, from_file=str) | make the attack by the file injection impossible. |
@copy_dicts(deep_copy=bool) | make a copy of dicts in args and kwargs. |
@protect_ids(id_names=[str]) | trying to convert id to int or throw Exception. |
This explanation written for the function based decorators. Class based decorators works the same way with some differences in the syntax. Read the full documentation on https://nosorog.readthedocs.io.
Usage of dunder methods ( __method() ) protects the code avoiding direct access to the method.
class Example:
def __get_data(self):
return 1
>>> Example().__get_data() # AttributeError: 'Example' object has no attribute '__get_data'
But it is possible to use the name mangling.
>>> Example()._Example__get_data() # 1
Nosorog provides simple and pushy way to protect the dunder method.
class Example:
@protect_private(allowed_list=['trusted_func'])
def __get_data(self):
return 1
class Trusted:
@staticmethod
def trusted_func():
return Example()._Example__get_data()
>>> Example().__get_data() # AttributeError: 'Example' object has no attribute '__get_data'
>>> Example()._Example__get_data() # Exception: This method protected from not private call.
>>> Trusted()._Example__get_data() # 1
Also, str 'self' can be used as a list item to make impossible to call without self.
class Example:
@protect_private(allowed_list=['trusted_func', 'self'])
def __get_data(self):
return 1
def trusted_func(self):
return self.__get_data()
class Trusted:
@staticmethod
def trusted_func():
return Example()._Example__get_data()
>>> Example().trusted_func() # 1
>>> Trusted().trusted_func() # Exception: This method can not be called from other object, use self instead.
Python does not provide an easy way to limit where the method can be called from. This makes it possible to conduct an
attack by File Injection. With the help of the Nosorog library it is possible to specify the places from which the
method can be called.
class Example:
@protected_call(from_method='safe_method', from_file=os.path.abspath(__file__))
def __get_data(self):
return 1
class Trusted:
# Place it to the same file as described in the decorator usage.
def safe_method():
return Example()._Example__get_data() # 1
This is just a variation of the previous decorator.
In the projects where the undefined number of dicts can be passed in args and kwargs, it is possible to make a deep copy
of each if needed.
class Example:
@copy_dicts(deep_copy=False)
def some_method(self, *args, **kwargs):
# now dicts are shallow copies
pass
Use @copy_dicts(deep_copy=True) to make deep copies.
This method has been added just for fun.
It is converts all the ids in the list if possible or throws the TypeError.
class Example:
@protect_ids(id_names=['user_id', 'pk'])
def some_method(user_id=None, pk=None)
pass
Possible Exceptions
@protect_ids(id_names=['user_id', dict()])
>>> Example().some_method(user_id='1') # TypeError: Wrong format of id_names in decorator. Must be list of str.
@protect_ids(id_names=['user_id', 'pk'])
>>> Example().some_method(user_id=1.234, pk='text_id') # TypeError: Received the ids of wrong type.
FAQs
An assertive security library.
We found that nosorog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.