search

DataDog / guarddog

:snake: :mag: GuardDog is a CLI tool to Identify malicious PyPI and npm packages
https://securitylabs.datadoghq.com/articles/guarddog-identify-malicious-pypi-packages/
Apache License 2.0
629 stars 44 forks source link

Bugfix: Adding permissions to traverse extracted files and folders #421

Closed sobregosodd closed 4 months ago

sobregosodd commented 4 months ago

We observed that several packages are archived with a file permission set, that results in read error at scan time.

image

This PR, ensures read and traverse permission are proper for the scan to work