The Contrast Python agent provides runtime protection of Django, Flask and Pyramid web applications.
The Python agent is a WSGI- and framework-specific middleware that's compatible with the most-popular web application frameworks. The agent's goal is to be fully WSGI compatible along with other web frameworks.
From its position within the middleware stack, the Python agent inspects HTTP requests to identify potentially harmful input vectors. During the request, the agent inspects database queries, file writes and other potentially damaging actions resulting from the request. At the end of the request, the agent inspects the rendered output for successful attacks, and can block a successful attack from being forwarded to the application user. The service sends the details of the attack to the Contrast application, which then sends you an alert and displays attack details in the interface.
To start protecting your application, download the Python agent and service, and create a configuration file as described in Python Agent Installation. The Python agent is installed as a standard Python package, and communicates with a standalone Contrast Service that runs outside your application.
The Python agent supports Python versions 2.7+ and 3.5 to 3.7. Framework support is currently for:
Note: The Python agent is meant to be WSGI compatible. It may be compatible to other WSGI applications as long as the guidelines are followed.
The Python Agent has database support for:
The Python Agent has NoSQL support for:
The Python Agent has ORM support for:
Agent testing is done on 64-bit OSX and 64-bit Linux. The agent has no C dependencies, and may work in other operating system environments.
To install the Contrast agent into your Python application, you must complete the following steps.
The contrast-python-agent-[version].tar.gz is a standard packaged Python library that you can add to the application's requirements.txt.
To use Contrast, add this line to your application's requirements.txt after downloading the agent:
After editing the requirements.txt you can install normally with:
pip install -r requirements.txt
To install the Contrast agent manually, download the contrast-python-agent-[version].tar.gz file to a local directory and run:
pip install ./path/to/contrast-python-agent-[version].tar.gz
To hook into incoming requests and outbound responses, you need to add a middleware to your application. To add the middleware to your application, use the appropriate guidance for your framework.
For Django 1.10+ and 2.0+, add the following in your settings.py file:
MIDDLEWARE = [ # OTHER MIDDLEWARE, 'contrast.agent.middlewares.django_middleware.DjangoMiddleware' ]
Older versions of Django have a different architecture for middlewares. For Django 1.6 to 1.9, add the following in your settings.py file:
MIDDLEWARE_CLASSES = [ # OTHER MIDDLEWARE, 'contrast.agent.middlewares.legacy_django_middleware.DjangoMiddleware' ]
import Flask from contrast.agent.middlewares.flask_middleware import FlaskMiddleware as ContrastMiddleware app = Flask(__name__) app.wsgi_app = ContrastMiddleware(app) @app.route('/') def index(): return render_template('index.html') if __name__ == '__main__': app.run(...)
from pyramid.config import Configurator config = Configurator() config.add_tween('contrast.agent.middlewares.pyramid_middleware.PyramidMiddleware')
from contrast.agent.middlewares.wsgi_middleware import WSGIMiddleware as ContrastMiddleware # other app code app = get_wsgi_application() app = ContrastMiddleware(app)
Once the installation process is complete, you can update the agent's configuration file.