yaoyi2008 / owasp-esapi-python Goto Github PK

Requirements:
    **If you have setuptools installed, you should be able to install all except KeyCzar and Visual C++ 2008 by doing 'easy_install <packagename>' in a shell or command prompt.**

    PyCrypto 2.01 - http://www.amk.ca/python/code/crypto
        PyCrypto requires a C Compiler. Windows users can us Visual C++ 2008 Express Edition - http://www.microsoft.com/express/vc/#webInstall
    KeyCzar 0.6b - http://www.keyczar.org/
        KeyCzar requires PyASN1 - http://pypi.python.org/pypi/pyasn1
        and simplejson, which is standard in 2.6 - http://pypi.python.org/pypi/simplejson
    PyLint 0.18.1 - Only needed for static analysis. - http://pypi.python.org/pypi/pylint
    Coverage module by Ned Batchelder v3.0.1 - Only needed if you want coverage analysis - http://pypi.python.org/pypi/coverage/3.0.1
    Nose 0.11.1 - Only needed if you want to run unit tests together and combine it with coverage analysis - http://pypi.python.org/pypi/nose/0.11.1

Installation:
    * Install any of the missing dependencies listed above.
    * Extract the ESAPI on Python package.
    * Add the extracted folder to your Python path. One way to do this is to create a text file, such as 'esapi.pth', in your Python installation's Lib\site-packages folder. Copy the path of the folder you extracted into this text file. The path should have the 'esapi' folder inside.
    * Start a new interactive Python console and enter 'import esapi'. If you get no output, it ran successfully and you can move on to the next step. If you got "ImportError: No module named esapi", double check the step above.
    * By default, ESAPI is set up for Linux. If you are running ESAPI on Windows or wish to change these paths, you will need to modify the Encryptor_KeysLocation and Executor_WorkingDirectory settings in esapi/conf/settings.py AND esapi/test/conf/settings.py. You should use forward slashes in the paths.
    * See "To set up a crypto keyring" to generate the keys necessary for crypto.
    * Run the unit tests by opening a shell or command prompt in esapi/test and running runTests.bat or runTests.sh, depending on your platform. If you get around 7 errors relating to crypto, please ensure you have followed the steps under "To set up a crypto keyring".
    Note: Running all tests may appear to block or pause, particularly on Windows. This may be be due to exhaustion of the entropy pool. If it blocks, try moving the mouse, typing, or generating some disk activity to help regenerate the entropy pool.

To adapt and integrate with your project:
    You can use as much or as little of ESAPI as you would like. You'll want to do a 'from esapi.core import ESAPI' and use the methods that class provides.

To set up a crypto keyring:
    Select a root directory for your keyring, like /esapi/keyring/, and set Encryptor_KeysLocation in BOTH settings.py files to this string if you have not already.

    Open a python interactive shell and execute:
        from esapi.core import ESAPI
        ESAPI.encryptor().gen_keys()
    
    Modify esapi/conf/settings.py according to the output by replacing the Encryptor_MasterSalt line with the one given.

Why there are two conf directories:
    One conf directory, esapi/conf, is used for the running application. This file ships with very conservative defaults.
    
    The other conf directory, esapi/test/conf, is used only for unit tests. It should never be used with any app because it is insecure by default. It contains specific configuration elements that are tied to the unit tests.

To enable internationalization:
    Set the 'LANGUAGE' environment variable with your locale
    On *nix: export LANGUAGE=en_US
    On Windows: set LANGUAGE=en_US
    
    Please note that as of this writing, no translation files are available. A GNU gettext .pot file is available in esapi/conf/locale .