search

DataDog / guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
https://securitylabs.datadoghq.com/articles/guarddog-identify-malicious-pypi-packages/
Apache License 2.0
585 stars 43 forks source link

Simplify local target checks #419

Closed ikretz closed 1 month ago

ikretz commented 1 month ago

This PR makes three principal changes:

  1. It simplifies the conditions under which Guarddog will decide to perform a local scan: whenever the target is a directory or a regular file in the local filesystem. It also eliminates as much as possible duplicate checks related to local targets

  2. It adds functions in guarddog/utils/archives.py for checking whether a file extension is for a supported archive format and uses them pervasively

  3. Closes #411

sobregosodd commented 1 month ago

Approved with a couple of nits

datadog-datadog-prod-us1[bot] commented 1 month ago

Library Vulnerabilities

:white_check_mark: No library vulnerabilities found (scanned 854d8f5).