Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Scute is a small Dependency Injection Container for Python 3.6+, ported from PHP's Pimple, that consists of just one file and one class (about 100 lines of code).
The test suite, and even this README file, are basically a copy-n-paste of Pimple's ones, with only a light adaptation to Python and some Pythonic additions like injections management through decorators.
So all kudos go to Fabien Potencier and to Pimple contributors!
Install it from PyPi:
$ pip install scute
Then import it in your code, and you're good to go:
from scute import Container
Creating a container is a matter of instating the Container
class:
container = Container()
As many other dependency injection containers, Scute is able to manage two different kind of data: services and parameters.
(note that a quick look at the test suite can also give you a pretty good overview of this module features)
Defining a parameter is as simple as using the Scute instance as an array:
# define some parameters
container['cookie_name'] = 'SESSION_ID'
container['session_storage_class'] = 'SessionStorage'
A service is an object that does something as part of a larger system. Examples of services: Database connection, templating engine, mailer. Almost any object could be a service.
Services are defined by callables (lambda, functions or callable classes) that return an instance of an object:
#define some services
def session_storage(c: Container):
session_storage_class_ref = getattr(importlib.import_module('app'), c['session_storage_class'])
return session_storage_class_ref(c['cookie_name'])
container['session_storage'] = session_storage
container['session'] = labmda c: new Session(c['session_storage'])
Notice that the function has access to the current container instance, allowing references to other services or parameters.
As objects are only created when you get them, the order of the definitions does not matter, and there is no performance penalty.
Using the defined services is also very easy:
# get the session object
session = container['session']
# the above call is roughly equivalent to the following code:
# storage = app.SessionStorage('SESSION_ID')
# session = Session(storage)
By default, each time you get a service, Scute returns the same instance of it.
If you want a different instance to be returned for all calls, wrap your callable with the factory()
method:
container['session'] = container.factory(lambda c: new Session(c['session_storage'])
Now, each call to container['session']
returns a new instance of the session.
Because Scute sees callables as service definitions, you need to
wrap anonymous functions with the protect()
method to store them as
parameter:
container['random'] = container.protect(lambda: randrange(10000))
In some cases you may want to modify a service definition after it has been
defined. You can use the extend()
method to define additional code to
be run on your service just after it is created:
container['mail'] = lambda c: MailjetApi(user = c['email.user'], password = ['email.password'])
def extended_email(mail, c: Container):
mail.set_from(c['mail.default_from'])
return mail
container.extend('mail', extended_email)
The first argument is the name of the object, the second is a callable that gets access to the object instance and the container. The return value is a service definition, so you need to re-assign it on the container.
When you access an object, Scute automatically calls the callable (function, lambda, callable class...)
that you defined, which creates the service object for you. If you want to get
raw access to this function, you can use the raw()
method:
session_function = container.raw('session')
You can also manage a callable dependencies with a decorator, by using the bind_callable()
method
and setting the dependencies to inject via a tuple of dependencies ids:
@container.bind_callable(('mailer', 'signal')) # 'mailer' and 'signal' are injections defined somewhere else on this Container
def send_email(mailer: Mailer, email_sent_signal: Signal):
mailer.send_email(config)
email_sent_signal.send()
But if you add the injection_id
parameter, this callable will also be a service itself!
@container.bind_callable(('config', 'mailer', 'signal'), injection_id='app_mailer')
def app_mailer(config: tuple, mailer: Mailer, signal: Signal):
mailer.add_config(config)
mailer.set_signal(signal)
return mailer
# your container now has a new 'app_mailer' service, that can be injected into other services :-)
FAQs
A small Dependency Injection Container, ported from PHP's Pimple
We found that scute demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.