A simple library for interacting with Amazon S3.

Jacobi Petrucciani

Last update: Oct 3, 2022

Related tags

Third-party APIs Wrappers python aws s3 boto3 boto for-humans amazon-s3

Overview

BucketStore is a very simple Amazon S3 client, written in Python. It aims to be much more straight-forward to use than boto3, and specializes only in Amazon S3, ignoring the rest of the AWS ecosystem.

Features

Treats S3 Buckets as Key/Value stores.
Automatic support for AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_DEFAULT_REGION environment variables.
Easily make keys (or entire buckets) publically accessable.
Easily get the public URL for a given key.
Generates temporary URLs for a given key.
Use S3 in a pythonic way!

Usage

Installation

$ pip install bucketstore

Get (or create) a bucket, easily:

import bucketstore

# Create the bucket if it doesn't exist.
bucket = bucketstore.get('bucketstore-playground', create=True)

Treat the bucket like a key/value store:

>>> bucket
<S3Bucket name='bucketstore-playground'>

# get/set using array syntax
>>> bucket['foo'] = 'bar'
>>> bucket['foo']
bar

# get/set using methods
>>> bucket.set('foo2', 'bar2')
>>> bucket.get('foo2')
bar2

# list keys
>>> bucket.list()
[u'foo', u'foo2']

# all keys
>>> bucket.all()
[<S3Key name=u'foo' bucket='bucketstore-playground'>, <S3Key name=u'foo2' bucket='bucketstore-playground'>]

# check if a key exists in the bucket
>>> 'foo' in bucket
True

# delete keys in the bucket
>>> del bucket['foo2']
{}

Interact with S3 keys:

>>> bucket.key('foo')
<S3Key bucket='bucketstore-playground' name=u'foo'>

>>> foo = _
>>> foo.set('new value')

# Generate a temporary share URL.
>>> foo.temp_url(duration=1200)
u'https://bucketstore-playground.s3.amazonaws.com/foo?AWSAccessKeyId=AKIAI2RVFNXIW7WS66QQ&Expires=1485493909&Signature=L3gD9avwQZQO1i11dIJXUiZ7Nx8%3D'

# Make key publically accessable.
>>> foo.make_public()
>>> foo.url
'https://s3.amazonaws.com/bucketstore-playground/foo'

# Get / set metadata for key.
>>> foo.meta = {'foo': 'bar'}
>>> foo.meta
{'foo': 'bar}

# Rename key to 'foo3'.
>>> foo.rename('foo3')

# Delete the key.
>>> foo.delete()

# Create a key with a content type
>>> foo = bucket.key('foo.html')
>>> foo.set('<h1>bar</h1>', content_type='text/html')

# upload to key
>>> bucket.key('test.py').upload('/tmp/test.py')

# or upload with a file-like object! (make sure it's open in binary mode)
>>> with open('/tmp/test.py', 'rb') as file:
>>>     bucket.key('test.py').upload(file)

# download to file
>>> bucket.key('test.py').download('/tmp/test.py')

# or download to a file-like object! (make sure it's open in binary mode)
>>> with open('/tmp/test.py', 'wb') as file:
>>>     bucket.key('test.py').download(file)

# size of key
>>> bucket.key('test.py').size()
>>> len(bucket.key('test.py'))
15

Other methods include bucketstore.login(access_key_id, secret_access_key), bucketstore.list(), and bucketstore.get(bucket_name, create=False).

Tests

Tests are run through Tox.

# Run tests against all environments.
$ tox
# Run against a specific version.
$ tox -e py36
# Run with pytest arguments.
$ tox -- --pdb

✨ 🍰 ✨

Comments

Tests

Have there been any plans for testing the library? Do you have a testing framework preference? If not, I'd love to take a stab at it using tox, pytest and vcrpy, which mocks boto 3 really well.

opened by eligundry 4
Subclass from MutableMapping?

What do you think about making the interface more consistent with dict (eg, keys instead of list and items instead of all) and subclassing from abc.MutableMapping?

opened by brianjpetersen 4
Can't set Content-Type

I'm allowed to set custom metadata, but there's no way to set the actual Content-Type for S3. I'll try to submit a pull request with an update when I get a chance, as it should be pretty straightforward.

opened by spbrien 3
It's too dangerous to use same method delete for both file and whole bucket

https://github.com/kennethreitz/bucketstore/blob/master/bucketstore.py#L80

It's realy realy dangerous, let's imagine about some lost control cases, key=None, then whole bucket gonna go away. I think you should separate it to 2 methods for deleting file and deleting bucket.

Cheers.

opened by xuta 2
Bump rsa from 4.0 to 4.7
Bumps rsa from 4.0 to 4.7.

Changelog

Sourced from rsa's changelog.

Version 4.7 - released 2021-01-10

Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code

Add padding length check as described by PKCS#1 v1.5 (Fixes #164)

Reuse of blinding factors to speed up blinding operations. Fixes #162.

Declare & test support for Python 3.9

Version 4.4 & 4.6 - released 2020-06-12

Version 4.4 and 4.6 are almost a re-tagged release of version 4.2. It requires Python 3.5+. To avoid older Python installations from trying to upgrade to RSA 4.4, this is now made explicit in the python_requires argument in setup.py. There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.4 as 4.6 as well.

No functional changes compared to version 4.2.

Version 4.3 & 4.5 - released 2020-06-12

Version 4.3 and 4.5 are almost a re-tagged release of version 4.0. It is the last to support Python 2.7. This is now made explicit in the python_requires argument in setup.py. Python 3.4 is not supported by this release. There was a mistake releasing 4.4 as "3.5+ only", which made it necessary to retag 4.3 as 4.5 as well.

Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes.

Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.

Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Carnil for pointing this out.

Version 4.2 - released 2020-06-10

Rolled back the switch to Poetry, and reverted back to using Pipenv + setup.py for dependency management. There apparently is an issue no-binary installs of packages build with Poetry. This fixes #148

Limited SHA3 support to those Python versions (3.6+) that support it natively. The third-party library that adds support for this to Python 3.5 is a binary package, and thus breaks the pure-Python nature of Python-RSA. This should fix #147.

... (truncated)

Commits

fa3282a Bumped version to 4.7

a364e82 Marked version 4.7 as released

539c54a Fix #170: mistake in examples of documentation

b81e317 Declare support for and test Python 3.9

06ec1ea Fix #162: Blinding uses slow algorithm

341e5c4 Directly raise DecryptionError when crypto length is bad

f254895 Use bytes.find() instead of bytes.index()

240b0d8 Add link to changelog

f878c37 Fix #164: Add padding length check as described by PKCS#1 v1.5

dae8ce0 Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump py from 1.8.0 to 1.10.0
Bumps py from 1.8.0 to 1.10.0.

Changelog

Sourced from py's changelog.

1.10.0 (2020-12-12)

Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651)

Update vendored apipkg: 1.4 => 1.5

Update vendored iniconfig: 1.0.0 => 1.1.1

1.9.0 (2020-06-24)

Add type annotation stubs for the following modules:

py.error

py.iniconfig

py.path (not including SVN paths)

py.io

py.xml

There are no plans to type other modules at this time.

The type annotations are provided in external .pyi files, not inline in the code, and may therefore contain small errors or omissions. If you use py in conjunction with a type checker, and encounter any type errors you believe should be accepted, please report it in an issue.

1.8.2 (2020-06-15)

On Windows, py.path.locals which differ only in case now have the same Python hash value. Previously, such paths were considered equal but had different hashes, which is not allowed and breaks the assumptions made by dicts, sets and other users of hashes.

1.8.1 (2019-12-27)

Handle FileNotFoundError when trying to import pathlib in path.common on Python 3.4 (#207).

py.path.local.samefile now works correctly in Python 3 on Windows when dealing with symlinks.

Commits

e5ff378 Update CHANGELOG for 1.10.0

94cf44f Update vendored libs

5e8ded5 testing: comment out an assert which fails on Python 3.9 for now

afdffcc Rename HOWTORELEASE.rst to RELEASING.rst

2de53a6 Merge pull request #266 from nicoddemus/gh-actions

fa1b32e Merge pull request #264 from hugovk/patch-2

887d6b8 Skip test_samefile_symlink on pypy3 on Windows

e94e670 Fix test_comments() in test_source

fef9a32 Adapt test

4a694b0 Add GitHub Actions badge to README

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump pyyaml from 5.1.1 to 5.4
Bumps pyyaml from 5.1.1 to 5.4.

Changelog

Sourced from pyyaml's changelog.

5.4 (2021-01-19)

yaml/pyyaml#407 -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA

yaml/pyyaml#472 -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader

yaml/pyyaml#441 -- Fix memory leak in implicit resolver setup

yaml/pyyaml#392 -- Fix py2 copy support for timezone objects

yaml/pyyaml#378 -- Fix compatibility with Jython

5.3.1 (2020-03-18)

yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

yaml/pyyaml#290 -- Use is instead of equality for comparing with None

yaml/pyyaml#270 -- Fix typos and stylistic nit

yaml/pyyaml#309 -- Fix up small typo

yaml/pyyaml#161 -- Fix handling of slots

yaml/pyyaml#358 -- Allow calling add_multi_constructor with None

yaml/pyyaml#285 -- Add use of safe_load() function in README

yaml/pyyaml#351 -- Fix reader for Unicode code points over 0xFFFF

yaml/pyyaml#360 -- Enable certain unicode tests when maxunicode not > 0xffff

yaml/pyyaml#359 -- Use full_load in yaml-highlight example

yaml/pyyaml#244 -- Document that PyYAML is implemented with Cython

yaml/pyyaml#329 -- Fix for Python 3.10

yaml/pyyaml#310 -- Increase size of index, line, and column fields

yaml/pyyaml#260 -- Remove some unused imports

yaml/pyyaml#163 -- Create timezone-aware datetimes when parsed as such

yaml/pyyaml#363 -- Add tests for timezone

5.2 (2019-12-02)

Repair incompatibilities introduced with 5.1. The default Loader was changed, but several methods like add_constructor still used the old default yaml/pyyaml#279 -- A more flexible fix for custom tag constructors yaml/pyyaml#287 -- Change default loader for yaml.add_constructor yaml/pyyaml#305 -- Change default loader for add_implicit_resolver, add_path_resolver

Make FullLoader safer by removing python/object/apply from the default FullLoader yaml/pyyaml#347 -- Move constructor for object/apply to UnsafeConstructor

Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff yaml/pyyaml#276 -- Fix logic for quoting special characters

Other PRs: yaml/pyyaml#280 -- Update CHANGES for 5.1

5.1.2 (2019-07-30)

Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+

Commits

58d0cb7 5.4 release

a60f7a1 Fix compatibility with Jython

ee98abd Run CI on PR base branch changes

ddf2033 constructor.timezone: _copy & deepcopy

fc914d5 Avoid repeatedly appending to yaml_implicit_resolvers

a001f27 Fix for CVE-2020-14343

fe15062 Add 3.9 to appveyor file for completeness sake

1e1c7fb Add a newline character to end of pyproject.toml

0b6b7d6 Start sentences and phrases for capital letters

c976915 Shell code improvements

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump rsa from 4.0 to 4.1
Bumps rsa from 4.0 to 4.1.

Changelog

Sourced from rsa's changelog.

Version 4.1 - released 2020-06-10

Added support for Python 3.8.

Dropped support for Python 2 and 3.4.

Added type annotations to the source code. This will make Python-RSA easier to use in your IDE, and allows better type checking.

Added static type checking via MyPy.

Fix #129 Installing from source gives UnicodeDecodeError.

Switched to using Poetry for package management.

Added support for SHA3 hashing: SHA3-256, SHA3-384, SHA3-512. This is natively supported by Python 3.6+ and supported via a third-party library on Python 3.5.

Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.

Reject cyphertexts (when decrypting) and signatures (when verifying) that have been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks Adelapie for pointing this out.

Commits

c6731b1 Bumped version to 4.1

80f0e9d Marked version 4.1 as released

65ab5b5 Add support for Python 3.8

9ecf340 Fixed credit for report

93af6f2 Fix CVE-2020-13757: detect cyphertext modifications by prepending zero bytes

ae1a906 Add more type hints

1473cb8 Drop character encoding markers for Python 2.x

8ed5071 Choose blinding factor relatively prime to N

1659432 Updated Code Climate badge in README.md

96e13dd Configured CodeClimate

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump jinja2 from 2.10.1 to 2.11.3
Bumps jinja2 from 2.10.1 to 2.11.3.

Release notes

Sourced from jinja2's releases.

2.11.3

This contains a fix for a speed issue with the urlize filter. urlize is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to urlize in general, not just the specific input cases.

PyPI: https://pypi.org/project/Jinja2/2.11.3/

Changes: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-3

2.11.2

Changelog: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-2

2.11.1

This fixes an issue in async environment when indexing the result of an attribute lookup, like {{ data.items[1:] }}.

Changes: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-1

2.11.0

Changes: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0

Blog: https://palletsprojects.com/blog/jinja-2-11-0-released/

Twitter: https://twitter.com/PalletsTeam/status/1221883554537230336

This is the last version to support Python 2.7 and 3.5. The next version will be Jinja 3.0 and will support Python 3.6 and newer.

2.10.3

Changes: http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-3

2.10.2

Changes: http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-2

Changelog

Sourced from jinja2's changelog.

Version 2.11.3

Released 2021-01-31

Improve the speed of the urlize filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. :pr:1343

Version 2.11.2

Released 2020-04-13

Fix a bug that caused callable objects with __getattr__, like :class:~unittest.mock.Mock to be treated as a :func:contextfunction. :issue:1145

Update wordcount filter to trigger :class:Undefined methods by wrapping the input in :func:soft_str. :pr:1160

Fix a hang when displaying tracebacks on Python 32-bit. :issue:1162

Showing an undefined error for an object that raises AttributeError on access doesn't cause a recursion error. :issue:1177

Revert changes to :class:~loaders.PackageLoader from 2.10 which removed the dependency on setuptools and pkg_resources, and added limited support for namespace packages. The changes caused issues when using Pytest. Due to the difficulty in supporting Python 2 and :pep:451 simultaneously, the changes are reverted until 3.0. :pr:1182

Fix line numbers in error messages when newlines are stripped. :pr:1178

The special namespace() assignment object in templates works in async environments. :issue:1180

Fix whitespace being removed before tags in the middle of lines when lstrip_blocks is enabled. :issue:1138

:class:~nativetypes.NativeEnvironment doesn't evaluate intermediate strings during rendering. This prevents early evaluation which could change the value of an expression. :issue:1186

Version 2.11.1

Released 2020-01-30

Fix a bug that prevented looking up a key after an attribute ({{ data.items[1:] }}) in an async template. :issue:1141

... (truncated)

Commits

cf21539 release version 2.11.3

15ef8f0 Merge pull request #1343 from pallets/urlize-speedup

ef658dc speed up urlize matching

eeca0fe Merge pull request #1207 from mhansen/patch-1

2dd7691 Merge pull request #1209 from mhansen/patch-3

4892940 do_dictsort: update example ready to copy/paste

7db7d33 api.rst: bugfix in docs, import PackageLoader

9ec465b fix changelog header

737a4cd release version 2.11.2

179df6b Merge pull request #1190 from pallets/native-eval

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump cryptography from 2.7 to 3.2
Bumps cryptography from 2.7 to 3.2.

Changelog

Sourced from cryptography's changelog.

3.2 - 2020-10-25

* **SECURITY ISSUE:** Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to **Hubert Kario** for reporting the issue. *CVE-2020-25659* * Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade. * Added basic support for PKCS7 signing (including SMIME) via :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`. .. _v3-1-1:
3.1.1 - 2020-09-22

Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1h.

.. _v3-1:

3.1 - 2020-08-26

* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by the OpenSSL project. The next version of ``cryptography`` will drop support for it. * Deprecated support for Python 3.5. This version sees very little use and will be removed in the next release. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. .. _v3-0:
3.0 - 2020-07-20 </tr></table>

... (truncated)

Commits

c9e6522 3.2 release (#5508)

58494b4 Attempt to mitigate Bleichenbacher attacks on RSA decryption (#5507)

cf9bd6a move blinding to init on both RSA public and private (#5506)

bf4b962 be more verbose in the 102 deprecation notice (#5505)

ada53e7 make the regexes for branches more strict (#5504)

8be1d4b Stop using @master for GH actions (#5503)

08a97cc Bump actions/upload-artifact from v1 to v2.2.0 (#5502)

52a0e44 Add a dependabot configuration to bump our github actions (#5501)

611c4a3 PKCS7SignatureBuilder now supports new option NoCerts when signing (#5500)

836a92a chunking didn't actually work (#5499)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Bump ecdsa from 0.13.2 to 0.13.3
Bumps ecdsa from 0.13.2 to 0.13.3.

Release notes

Sourced from ecdsa's releases.

ecdsa 0.13.3

Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding

Also harden key decoding from string and DER encodings.

Changelog

Sourced from ecdsa's changelog.

Release 0.13.3 (07 Oct 2019)

Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding and signature malleability.

Also harden key decoding from string and DER encodings.

Release 0.13.2 (17 Apr 2019)

Restore compatibility of setup.py with Python 2.6 and 2.7.

Release 0.13.1 (17 Apr 2019)

Fix the PyPI wheel - the old version included .pyc files.

Release 0.13 (07 Feb 2015)

Fix the argument order for Curve constructor (put openssl_name= at the end, with a default value) to unbreak compatibility with external callers who used the 0.11 convention.

Release 0.12 (06 Feb 2015)

Switch to Versioneer for version-string management (fixing the broken ecdsa.__version__ attribute). Add Curve.openssl_name property. Mention secp256k1 in README, test against OpenSSL. Produce "wheel" distributions. Add py3.4 and pypy3 compatibility testing. Other minor fixes.

Release 0.11 (10 Mar 2014)

Add signature-encoding functions "sigencode_{strings,string,der}_canonize" which canonicalize the S value (using the smaller of the two possible values). Add "validate_point=" argument to VerifyingKey.from_string() constructor (defaults to True) which can be used to disable time-consuming point validation when importing a pre-validated verifying key. Drop python2.5 support (untested but not explicitly broken yet), update trove classifiers.

Release 0.10 (23 Oct 2013)

Make the secp256k1 available in init.py too (thanks to Scott Bannert).

Release 0.9 (01 Oct 2013)

Add secp256k1 curve (thanks to Benjamin Dauvergne). Add deterministic (no entropy needed) signatures (thanks to slush). Added py3.2/py3.3 compatibility (thanks to Elizabeth Myers).

Release 0.8 (04 Oct 2011)

Small API addition: accept a hashfunc= argument in the constructors for
... (truncated)

Commits

7add221 update NEWS file for 0.13.3

5c4c74a Merge pull request #124 from tomato42/backport-sig-decode

1eb2c04 update README with error handling of from_string() and from_der()

b95be03 execute also new tests in Travis

99c907d harden also key decoding

3427fa2 ensure that the encoding is actually the minimal one for length and integer

563d2ee make variable names in remove_integer more aproppriate

14abfe0 explicitly specify the distro to get py26 and py33

9080d1d fix length decoding

897178c give the same handling to string encoded signatures as to DER

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1

type hinting causes warning

def get(self, key: str) -> str:
    """get the contents of the given key"""
    selected_key = self.key(key)
    return selected_key.get()

bucket = bucketstore.get(Config().bucket)
content = bucket.get('folder/fileName.txt')
# b"Hello I'm your file 'folder/fileName.txt' content."
content.decode('utf-8') # is possible
content.encode('utf-8') # is not possible

This might be a bit confusing when trying to encode/decode a string/bytes. Sorry for beeing nit picky or if i missed something.

PS: Awesome repo :+1: 😃

opened by arrrrrmin 0

Support custom endpoint_url
The boto3 library allows settings a custom endpoint:

resource = boto3.resource( service_name='s3', endpoint_url='http://localhost', )

Supporting this would allow use of bucketstore with other s3 like services, e.g. localstack, Alibaba Cloud Object Storage Service (OSS)
opened by Jafnee 1
support file-like protocol

It would be great to pickle object directly to S3. Something like this would be helpful.

import bucketstore bucket = bucketstore.get('bucketstore-playground', create=True)

import pickle a = {'hello': 'world'}

with open( bucket['foo11'], 'wb') as handle: pickle.dump(a, handle, protocol=pickle.HIGHEST_PROTOCOL)

opened by shantanuo 11

Releases(0.2.2)

0.2.2(Aug 17, 2022)
This release adds:

Support for alternate s3 endpoints via #25 (thanks @fbkopp !)

Updated docs

Updated python support list

and removes:

Support for python 3.5

Source code(tar.gz)
Source code(zip)
0.2.1(Oct 1, 2019)
This release adds some useful new tools for S3Key:

S3Key.download() for downloading to a file path or a file-like object

S3Key.upload() for uploading to a key from a file path or a file-like object

S3Key.size() or len(S3Key) for getting the size of the object at the given key

as well as adding:

100% coverage (minus one line of raising an Exception on other boto Errors)

more examples in the readme

python 3.8 testing on Travis-CI

Source code(tar.gz)
Source code(zip)
0.2.0(Jul 19, 2019)
This release updates some of the internals of this library. It adds:

Type annotations

in operator on S3Bucket

del operator on S3Bucket[key]

more documentation

and removes:

old python version support

Source code(tar.gz)
Source code(zip)