Python Data Science Jobs & Interviews
@DataScienceQ
20.3K subscribers
187 photos
4 videos
25 files
325 links
Your go-to hub for Python and Data Science—featuring questions, answers, quizzes, and interview tips to sharpen your skills and boost your career in the data-driven world.

Admin: @Hussein_Sheikho
Download Telegram
About
Blog
Apps
Platform
Join
Python Data Science Jobs & Interviews
20.3K subscribers
Python Data Science Jobs & Interviews
How can you implement a secure, encrypted, and scalable key-value store in Python using cryptography and redis that supports atomic operations, automatic encryption/decryption of data, concurrent access control, and seamless integration with distributed systems? Provide a concise yet comprehensive code example demonstrating advanced features such as AES-GCM encryption, transactional updates, rate limiting, and cluster-aware failover.

import redis
import asyncio
import json
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
import os
import time
from typing import Dict, Any, Optional

# Configuration
REDIS_URL = "redis://localhost:6379/0"
SECRET_KEY = b"your-secure-secret-key-here-1234567890"  # Use environment variable in production
KEY_LENGTH = 32

class SecureKeyValueStore:
    def __init__(self, redis_url: str, secret_key: bytes):
        self.redis_client = redis.from_url(redis_url)
        self.fernet = Fernet(secret_key)
        self._lock = asyncio.Lock()
        self.rate_limit = {}
        
    async def _encrypt(self, data: Any) -> str:
        """Encrypt data using Fernet."""
        json_data = json.dumps(data).encode('utf-8')
        return self.fernet.encrypt(json_data).decode('utf-8')
    
    async def _decrypt(self, encrypted_data: str) -> Any:
        """Decrypt data using Fernet."""
        try:
            decrypted = self.fernet.decrypt(encrypted_data.encode('utf-8'))
            return json.loads(decrypted.decode('utf-8'))
        except Exception as e:
            logger.error(f"Decryption failed: {e}")
            return None
    
    async def set(self, key: str, value: Any, ttl: int = 300):
        """Set key-value pair with encryption and TTL."""
        encrypted_value = await self._encrypt(value)
        async with self._lock:
            await self.redis_client.setex(key, ttl, encrypted_value)
            
    async def get(self, key: str) -> Optional[Any]:
        """Get and decrypt value."""
        raw_value = await self.redis_client.get(key)
        if raw_value:
            return await self._decrypt(raw_value)
        return None
    
    async def atomic_transaction(self, operations: List[Dict]):
        """Execute atomic operations using Redis transactions."""
        pipe = self.redis_client.pipeline()
        for op in operations:
            if op['type'] == 'set':
                encrypted = await self._encrypt(op['value'])
                pipe.setex(op['key'], op.get('ttl', 300), encrypted)
            elif op['type'] == 'delete':
                pipe.delete(op['key'])
        await pipe.execute()
    
    async def rate_limited_set(self, key: str, value: Any, rate_limit: int = 10):
        """Rate-limited set operation."""
        now = time.time()
        if key not in self.rate_limit:
            self.rate_limit[key] = []
        self.rate_limit[key] = [t for t in self.rate_limit[key] if t > now - 60]
        
        if len(self.rate_limit[key]) >= rate_limit:
            raise Exception("Rate limit exceeded")
        
        self.rate_limit[key].append(now)
        await self.set(key, value)

# Example usage
async def main():
    store = SecureKeyValueStore(REDIS_URL, SECRET_KEY)
    await store.set("user:1", {"name": "John", "age": 30})
    data = await store.get("user:1")
    print(data)
    await store.atomic_transaction([
        {"type": "set", "key": "counter:1", "value": 1},
        {"type": "set", "key": "counter:2", "value": 2}
    ])
    await store.rate_limited_set("api_call", {"count": 1}, rate_limit=5)

# Run the example
asyncio.run(main())


#Python #Security #Encryption #Redis #KeyvalueStore #AtomicOperations #Concurrency #DistributedSystems #Scalability #Cryptography #AsyncIO

By: @DataScienceQ 🚀
Please open Telegram to view this post
VIEW IN TELEGRAM
1
216 viewsedited  
Python Data Science Jobs & Interviews
Question:
How can you securely execute a dynamic shell command in Python using os module while preventing shell injection, handling environment variables, and ensuring the process is isolated with limited privileges? Provide a detailed example demonstrating all these aspects.

---

import os
import subprocess
import tempfile
import shutil
import sys
from pathlib import Path

# Secure execution of dynamic shell commands
def secure_execute(cmd: str, cwd: str = None, env: dict = None):
    # Validate input to prevent shell injection
    if not isinstance(cmd, str) or not cmd.strip():
        raise ValueError("Command must be a non-empty string.")
    
    # Split command into safe components (avoid shell=True)
    try:
        args = cmd.split()
        if not args:
            raise ValueError("Invalid command format.")
        
        # Sanitize arguments to avoid path traversal or injection
        for arg in args:
            if any(c in arg for c in [';', '&', '|', '>', '<', '`', '$']):
                raise ValueError(f"Malicious character detected in command: {arg}")
        
        # Use temporary directory for isolation
        temp_dir = tempfile.mkdtemp(prefix="secure_exec_")
        try:
            # Set minimal environment
            safe_env = {
                'PATH': '/usr/bin:/bin',
                'HOME': temp_dir,
                'USER': 'sandbox_user',
            }
            if env:
                safe_env.update(env)
            
            # Run command with restricted privileges
            result = subprocess.run(
                args,
                cwd=cwd,
                env=safe_env,
                stdout=subprocess.PIPE,
                stderr=subprocess.PIPE,
                timeout=30,
                preexec_fn=os.setuid(1000),  # Drop to unprivileged user
                universal_newlines=True,
                check=False
            )
            
            return {
                'stdout': result.stdout,
                'stderr': result.stderr,
                'returncode': result.returncode,
                'success': result.returncode == 0
            }
        finally:
            shutil.rmtree(temp_dir, ignore_errors=True)
            
    except Exception as e:
        return {'error': str(e)}

# Example usage
if __name__ == "__main__":
    # Simulate a dynamic command from user input
    user_input = "ls -la /tmp"
    result = secure_execute(user_input, cwd="/")
    print(result)

Answer:
The above code demonstrates secure execution of dynamic shell commands by avoiding shell=True, splitting the command safely, validating input to prevent injection, isolating execution via a temporary directory, dropping privileges using os.setuid(), and restricting environment variables. This approach prevents common vulnerabilities like shell injection and privilege escalation.

#Python #OSModule #Security #ShellInjection #Subprocess #Sandboxing #SecureCode #AdvancedPython

By: @DataScienceQ 🚀
3
410 viewsedited