Skip to content

Commit 120a959

Browse files
ashishbijlaniashishbijlani
committed
Rules and placeholder for more upcoming checks
Signed-off-by: Ashish Bijlani <ashish.bijlani@gmail.com>
1 parent d07994a commit 120a959

File tree

2 files changed

+57
-3
lines changed

2 files changed

+57
-3
lines changed

.packj.yaml

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,15 +31,22 @@ audit:
3131
cryptominer:
3232
- reason: package is a cryptominer
3333
- enabled: true
34+
3435
#
3536
# alert category: suspicious packages (potentially malicious)
3637
#
3738
suspicious:
3839
inconsistent with repo source:
39-
- reason: package code inconsistent with the public repo source code
40+
- reason: package code differs from public repo source code, indicating malicious intention
4041
- enabled: true
4142
overwrites system binaries:
42-
- reason: package code inconsistent with the public repo source code
43+
- reason: overwriting system binaries such as /bin/ls suggests malware persistence
44+
- enabled: true
45+
risky API sequence:
46+
- reason: package code uses risky API sequence such as decode() followed by exec() or eval()
47+
- enabled: true
48+
anomalous dependency version:
49+
- reason: a anomalously high dependency version could indicate confusion attack
4350
- enabled: true
4451

4552
#
@@ -106,6 +113,14 @@ audit:
106113
- reason: custom installation hooks may download or execute malicious code
107114
- enabled: true
108115

116+
contains executable or other binary blobs:
117+
- reason: binary blobs cannot be analyzed accurately and are used to hide malware
118+
- enabled: true
119+
120+
noisy package:
121+
- reason: package is a typo-guard, placeholder, dummy, empty, or troll package
122+
- enabled: true
123+
109124
#
110125
# type: repo stats
111126
#

packj/audit/main.py

Lines changed: 40 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -210,6 +210,16 @@ def analyze_deps(pm_proxy, pkg_name, ver_str, pkg_info, ver_info, risks, report)
210210
finally:
211211
return risks, report
212212

213+
def analyze_install_hooks(pm_proxy, pkg_name, pkg_info, risks, report):
214+
try:
215+
msg_info('Checking for install-time hooks...', end='', flush=True)
216+
# TODO
217+
msg_warn('Coming soon!')
218+
except Exception as e:
219+
msg_fail(str(e))
220+
finally:
221+
return risks, report
222+
213223
def analyze_typosquatting(pm_proxy, pkg_name, pkg_info, risks, report):
214224
try:
215225
msg_info('Checking for typo-squatting...', end='', flush=True)
@@ -512,7 +522,12 @@ def analyze_composition(pm_name, pkg_name, ver_str, filepath, risks, report):
512522
language=LanguageEnum.ruby
513523
else:
514524
raise Exception(f'Package manager {pm_name} is not supported!')
525+
except Exception as e:
526+
msg_fail(str(e))
527+
return risks, report
515528

529+
# analyze package composition
530+
try:
516531
num_files, lang_files, num_funcs, total_loc = parse_package_composition(
517532
pkg_name,
518533
ver_str,
@@ -534,10 +549,28 @@ def analyze_composition(pm_name, pkg_name, ver_str, filepath, risks, report):
534549
}
535550
except Exception as e:
536551
msg_fail(str(e))
552+
553+
# check if this package contains executables or other binary blobs and alert the user
554+
try:
555+
msg_info('Checking for exe/binary blobs...', end='', flush=True, indent=1)
556+
# TODO
557+
msg_warn('Coming soon!')
558+
except Exception as e:
559+
msg_fail(str(e))
560+
561+
#
562+
# check if this package is a noisy package:
563+
# i.e., typo-guard, placeholder, dummy, empty, or troll package
564+
#
565+
try:
566+
msg_info('Checking if a noisy package...', end='', flush=True, indent=1)
567+
# TODO
568+
msg_warn('Coming soon!')
569+
except Exception as e:
570+
msg_fail(str(e))
537571
finally:
538572
return risks, report
539573

540-
541574
class Risk(tuple, Enum):
542575
FILE_IO = 'accesses files and dirs', 'file'
543576
USER_IO = 'reads user input', None # should this really be None?
@@ -587,7 +620,12 @@ def analyze_apis(pm_name, pkg_name, ver_str, filepath, risks, report):
587620
system = 'ruby'
588621
else:
589622
raise Exception(f'Package manager {pm_name} is not supported!')
623+
except Exception as e:
624+
msg_fail(str(e))
625+
return risks, report
590626

627+
# analyze code for APIs
628+
try:
591629
static = get_static_proxy_for_language(language=language)
592630
try:
593631
static.astgen(inpath=filepath, outfile=filepath+'.out', root=None, configpath=configpath,
@@ -720,6 +758,7 @@ def audit(pm_args, pkg_name, ver_str, report_dir, extra_args):
720758
risks, report = analyze_readme(pm_proxy, pkg_name, ver_str, pkg_info, risks, report)
721759
risks, report = analyze_homepage(pm_proxy, pkg_name, ver_str, pkg_info, risks, report)
722760
risks, report = analyze_downloads(pm_proxy, pkg_name, pkg_info, risks, report)
761+
risks, report = analyze_install_hooks(pm_proxy, pkg_name, pkg_info, risks, report)
723762
risks, report = analyze_typosquatting(pm_proxy, pkg_name, pkg_info, risks, report)
724763
risks, report = analyze_dep_confusion(pm_proxy, pkg_name, pkg_info, risks, report)
725764
risks, report = analyze_repo_url(pm_proxy, pkg_name, ver_str, pkg_info, ver_info, risks, report)

0 commit comments

Comments
 (0)