search

DataDog / guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
https://securitylabs.datadoghq.com/articles/guarddog-identify-malicious-pypi-packages/
Apache License 2.0
585 stars 43 forks source link

Bugfix: Adding permissions to traverse extracted files and folders #421

Closed sobregosodd closed 1 month ago

sobregosodd commented 1 month ago

We observed that several packages are archived with a file permission set, that results in read error at scan time.

image

This PR, ensures read and traverse permission are proper for the scan to work