tarekziade / molotov

Load Testing Tool
Apache License 2.0
454 stars 31 forks source link

PyPI possible watering hole attack using `molotov<2.4` package #143

Open rakovskij-stanislav opened 2 years ago

rakovskij-stanislav commented 2 years ago

I found that in molotov<2.4 was a dependency on aiomeasures package.

I did a little research and found out that earlier versions of molotov are still downloadable and may be a dependency of other packages. I got bugquery-public-data.pypi stats on molotov package.

Bigquery request: SELECT file.version FROM `bigquery-public-data.pypi.file_downloads` WHERE DATE(timestamp) > "2022-06-06" and project = "molotov"

image

The intruder can create aiomeasures package to reach his goals.

rakovskij-stanislav commented 2 years ago

Also intruder can create aiomeasures package with malicious code AND another typosquatted package (e.g. eequests). He can set for eequests in requirements.txt dependency on legitmately looking molotov==2.3 - and make his bad things using something similar with supply chain attack.

n1ngu commented 2 years ago

Some background: https://github.com/loads/molotov/issues/138

~The 2.X series should be safe because no actual import aiomeasures instruction is ever issued, the dependency was vestigial metadata.~

rakovskij-stanislav commented 2 years ago

The 2.X series should be safe because no actual import aiomeasures instruction is ever issued, the dependency was vestigial metadata.

Actually intruder can add malicious code in setup.py of aiomeasures - this way he can use molotov as proxy to make bad things

rakovskij-stanislav commented 2 years ago

Fm, another "use case" is add molotov==2.3 to some open-source package. Molotov luckily is a package for making highload tests, this way usage of molotov in outer package seems legitimate.

tarekziade commented 2 years ago

I am not sure to fully understand the problem, I am not a security expert. Old packages are usually never removed from PyPI. What mitigation do you propose on my side?

n1ngu commented 2 years ago

I think all versions of molotov depending on aiomesures (that is between 1.4 and 2.3) should be yanked from pypi so that nobody accidentally resolves those versions. Nobody can install them anyway because of #138

Yanking will not utterly remove the packages: somebody handcrafting an install featuring an archived aiomeasures could still reproduce a legitimate installation.

rakovskij-stanislav commented 2 years ago

Hi, @tarekziade, @n1ngu

Yanking is not a solution. You can ask pypi admins to remove those packages - or ban aiomeasures from creating. It's a common solution that used in similar cases: https://github.com/spulec/moto/issues/5357 - prohibiting non-existent library from creating https://github.com/flyingcircusio/pycountry/issues/128 - deleting old releases https://github.com/dmwm/WMCore/issues/11188 - deleting old packages