Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
SAQ (Simple Async Queue) is a simple and performant job queueing framework built on top of asyncio and redis or postgres. It can be used for processing background jobs with workers. For example, you could use SAQ to schedule emails, execute long queries, or do expensive data analysis.
It uses redis-py >= 4.2.
It is similar to RQ and heavily inspired by ARQ. Unlike RQ, it is async and thus significantly faster if your jobs are async. Even if they are not, SAQ is still considerably faster due to lower overhead.
SAQ optionally comes with a simple UI for monitor workers and jobs.
# minimal install for redis
pip install saq[redis]
# minimal install for postgres
pip install saq[postgres]
# web + hiredis
pip install saq[web,hiredis]
usage: saq [-h] [--workers WORKERS] [--verbose] [--web]
[--extra-web-settings EXTRA_WEB_SETTINGS]
[--port PORT] [--check]
settings
Start Simple Async Queue Worker
positional arguments:
settings Namespaced variable containing
worker settings eg: eg
module_a.settings
options:
-h, --help show this help message and exit
--workers WORKERS Number of worker processes
--verbose, -v Logging level: 0: ERROR, 1: INFO,
2: DEBUG
--web Start web app. By default, this
only monitors the current
worker's queue. To monitor
multiple queues, see '--extra-
web-settings'
--extra-web-settings EXTRA_WEB_SETTINGS, -e EXTRA_WEB_SETTINGS
Additional worker settings to
monitor in the web app
--port PORT Web app port, defaults to 8080
--check Perform a health check
environment variables:
AUTH_USER basic auth user, defaults to admin
AUTH_PASSWORD basic auth password, if not specified, no auth will be used
import asyncio
from saq import CronJob, Queue
# all functions take in context dict and kwargs
async def test(ctx, *, a):
await asyncio.sleep(0.5)
# result should be json serializable
# custom serializers and deserializers can be used through Queue(dump=,load=)
return {"x": a}
async def cron(ctx):
print("i am a cron job")
async def startup(ctx):
ctx["db"] = await create_db()
async def shutdown(ctx):
await ctx["db"].disconnect()
async def before_process(ctx):
print(ctx["job"], ctx["db"])
async def after_process(ctx):
pass
queue = Queue.from_url("redis://localhost")
settings = {
"queue": queue,
"functions": [test],
"concurrency": 10,
"cron_jobs": [CronJob(cron, cron="* * * * * */5")], # run every 5 seconds
"startup": startup,
"shutdown": shutdown,
"before_process": before_process,
"after_process": after_process,
}
To start the worker, assuming the previous is available in the python path
saq module.file.settings
Note:
module.file.settings
can also be a callable returning the settings dictionary.
To enqueue jobs
# schedule a job normally
job = await queue.enqueue("test", a=1)
# wait 1 second for the job to complete
await job.refresh(1)
print(job.results)
# run a job and return the result
print(await queue.apply("test", a=2))
# Run multiple jobs concurrently and collect the results into a list
print(await queue.map("test", [{"a": 3}, {"a": 4}]))
# schedule a job in 10 seconds
await queue.enqueue("test", a=1, scheduled=time.time() + 10)
Start the worker
python -m saq examples.simple.settings --web
Navigate to the web ui
Enqueue jobs
python examples/simple.py
SAQ is heavily inspired by ARQ but has several enhancements.
python -m venv env
source env/bin/activate
pip install -e ".[dev,web]"
docker run -d -p 6379:6379 redis
docker run -d -p 5432:5432 -e POSTGRES_HOST_AUTH_METHOD=trust postgres
make style test
FAQs
Distributed Python job queue with asyncio and redis
We found that saq demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.