Pyramid Security: announcing our Pyramid framework support for Python
We are pleased to announce the support of Pyramid in the Sqreen Python agent version 1.0.1. (An annoying last minute regression forced us to release a v1.0.1…) It comes with the most popular SQL drivers, Jinja2 support for templating and our authentication SDK for suspicious user monitoring.
Pyramid comes from the legacy of Zope and Pylons and is the third Python framework supported on Sqreen after Django and Flask. Pyramid is used by a wide range of applications, but the most exciting public project using Pyramid is probably the new PyPI which is already available in a pre-production environment here. It goes without saying that the Python agent has been tested with this awesome project and works without an issue.
On the technical side, the Python agent dynamically inserts a tween which looks more like a WSGI middleware than a Django or Flask middleware. The pyramid tween code is very simple:
The tween looks like a lot any other decorator or WSGI middleware, where callbacks can be executed before and after a request is completed. It can also trigger an error callback if it catches an Exception.
This piece of code contains two special conditions: Redirects and HTTP errors, which can be either returned or raised in Pyramid (see the documentation). Sqreen usually processes these responses in post callbacks hence the instance check.
Another interesting point here is when the agent detects a security threat and raises an AttackBlocked event. The exception needs to be converted to a 500 Response if it’s running under uwsgi, otherwise, it will break the connection. We discovered the same issue with gunicorn and gevent workers before it was fixed in gevent 1.1.2.
If you encounter such a bug, you’ll be happy to have a big suite of integration tests that validate the agent behavior across 180 different combinations of Python version, Framework version, and WSGI server. See more information about that in a future article.
With this latest update, Sqreen will take care of your Pyramid application security. By installing Sqreen, your application will be protected against attacks at runtime. Sqreen prevents SQL injections, XSS attacks, code injections, etc. Even fraudulent or suspicious user activities are flagged to detect attackers early.
Signup today for your free trial to protect your Pyramid applications from security threats.