I'm accessing the Coinbase PRO API and it needs three things, the API public key, the API secret, and the API password. I am able to successfully save the key and password because they are only strings with alphabetic characters. However, the API secret is something like this: "uoahdsgoaogdso=="
It appears that the equals signs at the end are preventing the system from recognizing the variable.
In python I use the following command to print each environment variable (replacing key with each parameter above):
print(os.getenv('key'))
When I run the above, I can successfully print the public key and password but when I attempt to print the API secret, it gives me an empty string. Any thoughts on why it won't save a string which contains ==
Another note, I am using the Ubuntu, the linux subsystem for windows
There is nothing special about the string == as far as environment variables are concerned. An ASCII equal-sign char is no different from any other printable character; e.g., the ASCII letter u. You can see that this is true by a simple experiment:
$ bash
==== Hello from .bashrc ====
bash-5.0$ export KEY=abc=
bash-5.0$ env | grep KEY
KEY=abc=
bash-5.0$ bash -c 'echo "|$KEY|"'
|abc=|
bash-5.0$
Trailing equal-sign chars are special, however, in specific contexts such as printable base64 encoded RSA keys where they are used for padding to ensure a valid base64 string. See, for example, Why does a base64 encoded string have an = sign at the end.
Also, by "conda" are you referring to the Anaconda platform for Python based numerical analysis? If yes I am perplexed by your question. The use of Anaconda to run a Python program will have absolutely no effect on the behavior of environment variables.
Related
This question already has answers here:
Why do backslashes appear twice?
(2 answers)
Closed last month.
I'm currently trying to debug a problem where Python 3 keeps escaping backslashes in a variable.
Situation
I have a Kubernetes Secret configured and I can see it as env variable called SECRET inside my debian-based container using env | grep SECRET. The Secret contains a Password that consists of alphabetical characters and multiple single backslashes *e.g. "h\ell\o". I now want to use that secret in my python code. I want to read it from an env variable so I don't have to write it in my code in plain text.
I use secret=os.getenv("SECRET") to reference the env variable and initialize a variable containing the secret. Using the python interactive shell calling secret directly shows, that it contains "h\\ell\\o" because Python is automatically escaping the backslashes. Calling print(secret) returns "h\ell\o" as print is interpreting the double backslashes as escaped backslashes.
I now cannot use the variable SECRET to insert the password, since it always inserts it containing double backslashes, which is the wrong password.
Image showing the described situation
Question
Is there a way to disable auto escaping, or to replace the escaped backslashes? I tried several methods using codecs.encode() or codecs.decode(). I also tried using string.replace()
I cannot change the password.
You can use repr() to get the exact representation of your string.
An example for your use-case may look something like this:
>>> secret = "h\\ell\\o"
>>> print(secret)
h\ell\o
>>> print(repr(secret))
'h\\ell\\o'
>>> fixed_secret = repr(secret).replace("'", "") # Remove added ' ' before and after your secret since ' ' only represent the string's quotes
>>> print(fixed_secret)
h\\ell\\o
>>>
>>> # Just to make sure that both, secret and fixed_secret, are of type string
>>> type(secret)
<class 'str'>
>>> type(fixed_secret)
<class 'str'>
>>>
I want to set a parameter for a python script by using the parameter field in PyCharm.
My config:
But the command in the Run console is:
python3 path_to_script.py '{app_id: picoballoon_network, dev_id: ferdinand_8c ... and so on
and not:
python3 path_to_script.py '{"app_id": "picoballoon_network", "dev_id": "ferdinand_8c" ... and so on
Basically, it deletes all " in the parameter.
Does anyone know how to turn this off?
My PyCharm version is:
PyCharm 2020.3.1 (Professional Edition)
Build #PY-203.6682.86, built on January 4, 2021
Runtime version: 11.0.9.1+11-b1145.37 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Windows 10 10.0
To avoid the quotation marks being deleted notice the rules to writing parameters that contain quotation marks.
Run/Debug Configuration: Python
Configuration tab
When specifying the script parameters, follow these rules:
Use spaces to separate individual script parameters.
Script parameters containing spaces should be delimited with double quotes, for example, some" "param or "some param".
If script parameter includes double quotes, escape the double quotes with backslashes, for example:
-s"main.snap_source_dirs=[\"pcomponents/src/main/python\"]" -s"http.cc_port=8189"
-s"backdoor.port=9189"
-s"main.metadata={\"location\": \"B\", \"language\": \"python\", \"platform\": \"unix\"}"
The case in the question would be a single parameter, lets apply the rules to the example:
'{"app_id": "picoballoon_network", "dev_id": "ferdinand_8c"'
Because it's a single parameter containing spaces it has to be surounded by quotation marks.
Since the content of the parameter also contains quotation marks they must be escaped using a backslash \. So applying the parameter formatting rules gives:
"'{\"app_id\": \"picoballoon_network\", \"dev_id\": \"ferdinand_8c\"}'"
(Side note): In the example the parameter was surrounded by Apostrophes, this may be unnecessary and will probably have to be stripped later in your Python code (the below example uses the strip method).
You can test it with this simple script:
import sys
import ast
your_dictionary = ast.literal_eval(sys.argv[1].strip("'"))
(Side note): Your example parameter is a string containing a Python dictionary, there are several ways to convert it, in the example I included the highest voted answer from this question: "Convert a String representation of a Dictionary to a dictionary?"
A screenshot showing the parameter and test code in use:
I was trying to write a script to add users into a MySQL database. I finally get all of the users into the database, but then the login of my app won't authorize them. I try a bunch of different solutions and then I notice the older user's passwords start with "$2a" and the ones I've added are "$2b". So I insert the code below.
password = bcrypt.hashpw(password.encode("UTF-8"), bcrypt.gensalt(11))
password = password.decode("UTF-8")
password = password[:2] + "a" + password[3:] #Why does this work??
Suddenly I can login no problem. So why would having "$2a" work and not "$2b"? The web app isn't mine and I can't find the code where it checks the password. If it helps, the webapp was made in Java and uses spring for validation.
Here's Wikipedia on Bcrypt:
$2$ (1999)
The original Bcrypt specification defined a prefix of $2$. This follows the Modular Crypt Format [...]
$2a$
The original specification did not define how to handle non-ASCII character, nor how to handle a null terminator. The specification was revised to specify that when hashing strings:
the string must be UTF-8 encoded
the null terminator must be included
With this change, the version was changed to $2a$
$2b$ (February 2014)
A bug was discovered in the OpenBSD implementation of bcrypt. They were storing the length of their strings in an unsigned char (i.e. 8-bit Byte). If a password was longer than 255 characters, it would overflow and wrap at 255.
You are adding the new format, while the program only supports validating the old format.
Since the new and old format are compatible for passwords < 255 chars, switching the header works. However, if you ever try to add a password >= 256 chars this way, it'll be rejected as invalid.
I'm trying to port my Vim 8.0 configuration (~/.vimrc) to Python. That is, I'm setting Vim options as fields on vim.options mapping:
import vim
# set wildmenu
vim.options['wildmenu'] = True
# set wildcharm=<C-Z>
vim.options['wildcharm'] = ord('^Z') # [Literal ^Z (ASCII 26), CTRL-V CTRL-Z]
# set wildchar=<F10>
vim.options['wildchar'] = -15211 # extracted from Vim
The wildchar and wildcharm Vim options are of type "number". As far as I understand, they expect a kind of a keycode (at least in simple cases it is the ASCII code of the character in question).
In Vimscript, when you say something like set wildchar=<F10>, Vim translates the Vim-specific textual representation into a numeric keycode.
In Python, this is not the case (vim.options['wildchar'] = '<F10>' gives a TypeError).
For simple cases, it is possible to use ord() on a string containing the literally typed control character (see above with Ctrl-Z). However, a key like F10 produces multiple characters, so I can't use ord() on it.
In the end, I want to be able to do something like this:
vim.options['wildchar'] = magic('<F10>')
Does this magic() function exist?
Edit: I'm not asking how to invoke Vimscript code from Python (i. e. vim.command(...)). I understand that the encompassing problem can be trivially solved this way, but I'm asking a different question here.
:python vim.command("set wildchar=<F10>")
See the vim.command documentation for more explanation.
I'm creating a python script that logs into a website (in this case, it's the url to update your IPv4 endpoint for Tunnelbroker.net), and it uses a hashed username and password.
My question is this. If I use echo mypassword | md5sum it gives me a different hash than a python script that I found (using hashlib and hashdigest to accomplish the task).
For example, if "mypass" is robots, echo robots | md5sum gives me 2cf61812c352ec4fd0dae8f52874701d but if I run it through the python script, I get 27f5e15b6af3223f1176293cd015771d
the script that I'm using is found at http://wiki.python.org/moin/Md5Passwords
My question is simply this: Will the website be able to decrypt either of those and get "robots"? I ask this, because I want to include a variation of the python script for hashing the password (in case the end user is on Windows or another operating system that can't generate a MD5 hash).
Thanks in advance, and have a great day:)
Patrick.
md5 and passwords in the same sentence gives me chills.. md5 is a type of one-way hash function, which mean there should be no way to "decrypt" once hashed. It is not an encryption function. However, with rainbow table (and possibly other ways), you can recover some common strings from a md5 hash, which makes the idea of using md5 to encrypt password even worse.
But anyway, here is the answer:
No, the Python script's answer is the correct one. If you use echo -n "robots" | md5sum you will see they are the same: 27f5e15b6af3223f1176293cd015771d
The reason is echo will append a newline character at the end of the string it's echoing (surprise!), adding -n will not print the newline char and hence give you the right result.
Alternatively, you can simply use md5sum -s "robots" or md5 -s "robots" to generate the hash without using echo.
Reference for echo:
The echo utility writes any specified operands, separated
by single blank (' ') characters and followed by a newline (\n) character,
to the standard output.
What password hashing algorithm to use?
the MD5 of the string "robots\n" is 2cf61812c352ec4fd0dae8f52874701d
the MD5 of the string "robots" is 27f5e15b6af3223f1176293cd015771d
What does md5sum robots give you?