
Research
Security News
The Growing Risk of Malicious Browser Extensions
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
sftppathlib uses pathlib_abc and paramiko to create a pathlib API for SFTP clients.
The documentation is the same as the standard pathlib library, with some differences.
The methods expanduser(), readlink(), hardlink_to, replace(), owner(), group(), from_uri, as_uri() are not supported. Subsequently, any method in pathlib_abc which relies on these will also fail. For some of them, it's because they don't have any meaning on SFTP clients, others because I don't trust myself to implement them correctly.
The methods stat, symlink_to, chmod have their respective parameters follow_symlinks, target_is_directory, follow_symlinks ignored, since Paramiko's SFTPClient does not support them.
Some of Paramiko's SFTPClient methods would return status codes like SFTP_OK
; these are ignored.
The sftppathlib relies on an instance of an SFTPClient to be used. This can be either be created in the background using the default setup, or manually and passing it to the __init__ constructor.
The default connection will use Paramiko's SSHClient to connect. If you are only connecting to one SFTP server, it's recommended to create a config file in the application directory:
~/AppData/Roaming/sftppathlib/config.yaml
~/.local/share/sftppathlib/config.yaml
~/Library/Application Support/sftppathlib/config.yaml
The file should be the parameters passed to SSHClient.connect().
hostname: sftp.<domain>
port: 22
username: <username>
password: <password>
It will also use the key defined in ~/.ssh/known_hosts
. This will typically include an entry starting with [sftp.<domain>]:22
.
After this, sftppathlib.SFTPPath can be used like pathlib.Path:
from sftppathlib import SFTPPath
root = SFTPPath("www/")
path = root / "hello.txt"
path.write_text("hello world", encoding="utf-8")
print(path.read_text(encoding="utf-8"))
for child in root.iterdir():
print(child)
Note: The CREDENTIALS
variable should be imported from another file or a module; never include secrets in code.
import paramiko
from sftppathlib import SFTPPath
CREDENTIALS = {
"hostname": "sftp.<domain>",
"port": 22,
"username": "<username>",
"password": "<password>",
}
ssh_client = paramiko.SSHClient()
ssh_client.load_system_host_keys()
ssh_client.connect(**CREDENTIALS)
sftp_client = paramiko.sftp_client.SFTPClient.from_transport(
ssh_client.get_transport())
root = SFTPPath("www/", accessor=sftp_client)
...
If many instances are needed, it can be beneficial to subclass SFTPClient
and create a Path
method:
...
class SFTPPathClient(paramiko.sftp_client.SFTPClient):
def Path(self, path, *paths):
return SFTPPath(path, *paths, accessor=self)
sftp_path_client = SFTPPathClient.from_transport(
ssh_client.get_transport())
root = sftp_path_client.SFTPPath("www/")
...
It is assumed that you want to keep the connections open during the duration of the program. If not, please use SFTPClient.close()
and SSHClient.close()
.
Thanks to the paramiko/contributors and the pathlib-abc/contributors. This extends to anyone involved with the standard pathlib library, but I cannot find the list.
FAQs
A Pathlib API for SFTP drive
We found that sftppathlib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
Research
Security News
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.
Security News
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.