Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
.. image:: https://badge.fury.io/py/requests-unixsocket.svg :target: https://badge.fury.io/py/requests-unixsocket :alt: Latest Version on PyPI
.. image:: https://github.com/msabramo/requests-unixsocket/actions/workflows/tests.yml/badge.svg :target: https://github.com/msabramo/requests-unixsocket/actions/workflows/tests.yml
Use requests <http://docs.python-requests.org/>
_ to talk HTTP via a UNIX domain socket
Explicit ++++++++
You can use it by instantiating a special Session
object:
.. code-block:: python
import json
import requests_unixsocket
session = requests_unixsocket.Session()
r = session.get('http+unix://%2Fvar%2Frun%2Fdocker.sock/info')
registry_config = r.json()['RegistryConfig']
print(json.dumps(registry_config, indent=4))
Implicit (monkeypatching) +++++++++++++++++++++++++
Monkeypatching allows you to use the functionality in this module, while making
minimal changes to your code. Note that in the above example we had to
instantiate a special requests_unixsocket.Session
object and call the
get
method on that object. Calling requests.get(url)
(the easiest way
to use requests and probably very common), would not work. But we can make it
work by doing monkeypatching.
You can monkeypatch globally:
.. code-block:: python
import requests_unixsocket
requests_unixsocket.monkeypatch()
r = requests.get('http+unix://%2Fvar%2Frun%2Fdocker.sock/info')
assert r.status_code == 200
or you can do it temporarily using a context manager:
.. code-block:: python
import requests_unixsocket
with requests_unixsocket.monkeypatch():
r = requests.get('http+unix://%2Fvar%2Frun%2Fdocker.sock/info')
assert r.status_code == 200
Abstract namespace sockets ++++++++++++++++++++++++++
To connect to an abstract namespace socket <https://utcc.utoronto.ca/~cks/space/blog/python/AbstractUnixSocketsAndPeercred>
_
(Linux only), prefix the name with a NULL byte (i.e.: \0
) - e.g.:
.. code-block:: python
import requests_unixsocket
session = requests_unixsocket.Session()
res = session.get('http+unix://\0test_socket/get')
print(res.text)
For an example program that illustrates this, see
examples/abstract_namespace.py
in the git repo. Since abstract namespace
sockets are specific to Linux, the program will only work on Linux.
HTTPie <https://httpie.org/>
_ that allows you to interact with UNIX domain socketsFAQs
Use requests to talk HTTP via a UNIX domain socket
We found that requests-unixsocket demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.