pysectools

Release 0.5.2

A package of security-related Python functions. Dropping privileges, entering sandboxes, generating random numbers, asking for passwords...

Homepage PyPI Python

Keywords
security, pinentry, getpass, capsicum, random, rng, arc4random, python, unix
License
Unlicense
Install
pip install pysectools==0.5.2

Documentation

on PyPI Unlicense

pysectools

A small Python library that contains various security things.

Usage

import pysectools

Prevent secrets from leaking out of your process's memory:

pysectools.disallow_swap()
pysectools.disallow_core_dumps()

Drop privileges:

pysectools.drop_privileges('username', 'groupname')

Securely erase a secret from memory (only on CPython):

password = 'correct horse battery staple'
pysectools.zero(password)
# password == '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
# \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

Enter a Capsicum sandbox (works out of the box on FreeBSD 10.0 and newer):

b = open('before.txt', 'w')
pysectools.cap_enter()
b.write('hello from the sandbox!') # ok
open('after.txt', 'w').write('new file!') # IOError: [Errno 94] Not permitted in capability mode: 'after.txt'

Get a password safely using pinentry (usually comes with GnuPG) or getpass if there's no pinentry:

from pysectools.pinentry import Pinentry
pinentry = Pinentry(pinentry_path="/usr/local/bin/pinentry",
                    fallback_to_getpass=True)
# all parameters are optional
pass = pinentry.ask(prompt="Enter your passphrase: ",
                    description="Launching the nuclear rocket",
                    validator=lambda x: x.startswith("correct horse"))
pinentry.close()
rocket.authorize(pass)
pysectools.zero(pass)
rocket.launch()

Generate a cryptographically secure pseudorandom byte string (tries /dev/urandom/CryptGenRandom then libcrypto (LibreSSL) arc4random then libc arc4random):

pysectools.goodrandom(32) # size in bytes
# check the return value! it's False if there's something wrong

Resources

License

This is free and unencumbered software released into the public domain.
For more information, please refer to the UNLICENSE file or unlicense.org.

Stats

Dependencies
0
Dependent packages
3
Dependent repositories
2
Total releases
9
Latest release
First release
Stars
13
Forks
3
Watchers
2
Contributors
3
Repository size
24.4 KB
SourceRank
8

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.5.2
0.5.1
0.5.0
0.4.2
0.4.1
0.4.0
0.3.0
0.2.0
0.1.0

Contributors

Val Packett Vince Broz Dylan Grafmyre


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2023-12-02 17:54:51 UTC

Login to resync this project