search

DataDog / guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
https://securitylabs.datadoghq.com/articles/guarddog-identify-malicious-pypi-packages/
Apache License 2.0
611 stars 44 forks source link

"failed to run rule potentially_compromised_email_domain: can't compare offset-naive and offset-aware datetimes" #387

Closed cedricvanrompay-datadog closed 4 months ago

cedricvanrompay-datadog commented 4 months ago

Example:

➜  guarddog git:(v1.10.0) poetry run guarddog pypi scan --version=1.56.0 grpcio-tools
Found 2 potentially malicious indicators in grpcio-tools

code-execution: found 2 source code matches
  * This package is executing OS commands in the setup.py file at grpcio-tools-1.56.0/setup.py:91
        cpp_test = subprocess.Popen([cxx, '-x', 'c++', '-std=c++14', '-'],
                                    stdin=PIPE,
                                    stdout=PIPE,
                                    stderr=PIPE)
  * This package is executing OS commands in the setup.py file at grpcio-tools-1.56.0/setup.py:100
        cpp_test = subprocess.Popen(
            [cxx, '-x', 'c++', '-std=c++14', '-', '-latomic'],
            stdin=PIPE,
            stdout=PIPE,
            stderr=PIPE)

Some rules failed to run while scanning grpcio-tools:

* potentially_compromised_email_domain: failed to run rule potentially_compromised_email_domain: can't compare offset-naive and offset-aware datetimes
* repository_integrity_mismatch: failed to run rule repository_integrity_mismatch: Error while cloning repository authentication required but no callback set with github url https://github.com/grpc/grpc

(I will create a separate issue for the "Error while cloning repository" error)

Note that on v1.9.0 I get the same error for another rule (unclaimed_maintainer_email_domain):

➜  guarddog git:(v1.9.0) poetry run guarddog pypi scan --version=1.56.0 grpcio-tools
Found 2 potentially malicious indicators in grpcio-tools

code-execution: found 2 source code matches
  * This package is executing OS commands in the setup.py file at grpcio-tools-1.56.0/setup.py:91
        cpp_test = subprocess.Popen([cxx, '-x', 'c++', '-std=c++14', '-'],
                                    stdin=PIPE,
                                    stdout=PIPE,
                                    stderr=PIPE)
  * This package is executing OS commands in the setup.py file at grpcio-tools-1.56.0/setup.py:100
        cpp_test = subprocess.Popen(
            [cxx, '-x', 'c++', '-std=c++14', '-', '-latomic'],
            stdin=PIPE,
            stdout=PIPE,
            stderr=PIPE)

Some rules failed to run while scanning grpcio-tools:

* potentially_compromised_email_domain: failed to run rule potentially_compromised_email_domain: can't compare offset-naive and offset-aware datetimes
* unclaimed_maintainer_email_domain: failed to run rule unclaimed_maintainer_email_domain: can't compare offset-naive and offset-aware datetimes
* repository_integrity_mismatch: failed to run rule repository_integrity_mismatch: Error while cloning repository authentication required but no callback set with github url https://github.com/grpc/grpc