Open rakovskij-stanislav opened 2 years ago
Also intruder can create aiomeasures
package with malicious code AND another typosquatted package (e.g. eequests
). He can set for eequests
in requirements.txt
dependency on legitmately looking molotov==2.3
- and make his bad things using something similar with supply chain attack.
Some background: https://github.com/loads/molotov/issues/138
~The 2.X series should be safe because no actual import aiomeasures
instruction is ever issued, the dependency was vestigial metadata.~
The 2.X series should be safe because no actual
import aiomeasures
instruction is ever issued, the dependency was vestigial metadata.
Actually intruder can add malicious code in setup.py
of aiomeasures
- this way he can use molotov
as proxy to make bad things
Fm, another "use case" is add molotov==2.3
to some open-source package. Molotov luckily is a package for making highload tests, this way usage of molotov in outer package seems legitimate.
I am not sure to fully understand the problem, I am not a security expert. Old packages are usually never removed from PyPI. What mitigation do you propose on my side?
I think all versions of molotov depending on aiomesures (that is between 1.4 and 2.3) should be yanked from pypi so that nobody accidentally resolves those versions. Nobody can install them anyway because of #138
Yanking will not utterly remove the packages: somebody handcrafting an install featuring an archived aiomeasures could still reproduce a legitimate installation.
Hi, @tarekziade, @n1ngu
Yanking is not a solution. You can ask pypi admins to remove those packages - or ban aiomeasures
from creating. It's a common solution that used in similar cases:
https://github.com/spulec/moto/issues/5357 - prohibiting non-existent library from creating
https://github.com/flyingcircusio/pycountry/issues/128 - deleting old releases
https://github.com/dmwm/WMCore/issues/11188 - deleting old packages
I found that in
molotov<2.4
was a dependency onaiomeasures
package.I did a little research and found out that earlier versions of molotov are still downloadable and may be a dependency of other packages. I got bugquery-public-data.pypi stats on molotov package.
Bigquery request:
SELECT file.version FROM `bigquery-public-data.pypi.file_downloads` WHERE DATE(timestamp) > "2022-06-06" and project = "molotov"
The intruder can create
aiomeasures
package to reach his goals.