Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

devel / comp.lang.python / Re: Panoptisch - A way to understand your project's dependencies and find malicious packages

SubjectAuthor
* Re: Panoptisch - A way to understand your project's dependencies andAxy
`- Re: Panoptisch - A way to understand your project's dependencies andDan Kolis

1
Re: Panoptisch - A way to understand your project's dependencies and find malicious packages

<mailman.1119.1670558214.20444.python-list@python.org>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=25007&group=comp.lang.python#25007

  copy link   Newsgroups: comp.lang.python
Path: i2pn2.org!i2pn.org!news.swapon.de!fu-berlin.de!uni-berlin.de!not-for-mail
From: axy@declassed.art (Axy)
Newsgroups: comp.lang.python
Subject: Re: Panoptisch - A way to understand your project's dependencies and
find malicious packages
Date: Fri, 9 Dec 2022 03:49:58 +0000
Lines: 21
Message-ID: <mailman.1119.1670558214.20444.python-list@python.org>
References: <CAGKp6MyQYVrxmYr4gNzuSNx53v=XU1uEOaJV65f2qAGN6GgoQw@mail.gmail.com>
<146e747f-bb2b-29e6-b8df-93698495c46a@declassed.art>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: news.uni-berlin.de x2ElWz35ILEOcxH5FCQwqQ3hZfdUUgHXe87LLXJoyReA==
Return-Path: <axy@declassed.art>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
Authentication-Results: mail.python.org; dkim=pass
reason="2048-bit key; unprotected key"
header.d=declassed.art header.i=@declassed.art header.b=huihrWGq;
dkim-adsp=pass; dkim-atps=neutral
X-Spam-Status: OK 0.022
X-Spam-Evidence: '*H*': 0.96; '*S*': 0.00; 'url-ip:140.82/16': 0.03;
'ast': 0.09; 'subject:packages': 0.09; 'url:master': 0.09;
'url:github': 0.14; 'import': 0.15; 'url-ip:140/8': 0.15;
'subject:dependencies': 0.16; 'subject:malicious': 0.16;
'subject:way': 0.16; 'wrote:': 0.16; 'implement': 0.19; 'to:addr
:python-list': 0.20; 'all,': 0.20; "i've": 0.22; 'first,': 0.22;
'code': 0.23; 'list,': 0.24; 'header:User-Agent:1': 0.30; 'work.':
0.34; 'header:In-Reply-To:1': 0.34; 'source': 0.36; 'couple':
0.37; 'file': 0.38; 'added': 0.39; 'on.': 0.39; 'share': 0.63;
'your': 0.64; 'tool': 0.65; 'analysis': 0.69; 'addition': 0.71;
'watch': 0.76; 'subject:your': 0.83; 'opened,': 0.84; 'subject: \n
': 0.84
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.4.2
Content-Language: en-US
In-Reply-To: <CAGKp6MyQYVrxmYr4gNzuSNx53v=XU1uEOaJV65f2qAGN6GgoQw@mail.gmail.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=declassed.art;
i=@declassed.art; q=dns/txt; s=20210603; t=1670557805; h=message-id :
date : mime-version : subject : to : references : from : in-reply-to :
content-type : content-transfer-encoding : from;
bh=DZT9+F4naBY29PO/+WlYH8h0BLQH7tWdv8JZVusvLXI=;
b=huihrWGqhfQ2djiFANuAKn9SXxuWYAaz+8b9LWPh7XeuLbiHiBPZdBX1+ITYLPDNCAiB6
AVOTvmZdCOljrN04JEf4xva0y5/7qSy8GWV7pUjItsAViMolW5kKgAvOyukj0/7VVztMdcL
QeB7vQV6NIJMquxLw+J5L/eBtDnE6uQ85Fa2bR7TJd0O7UgQN0G3S2VhMgvfwbtIV/YtmuS
X3xeXORtW3sQrNW1mq31PTUix+mBRcEEZPTk1jGmLe4ozRyqo10U/nFDhWUsEHPmf0W8aPz
Liqcg4J4bfUMRXOP5W/5EHiYgNdE2HHb1X8tISgd200+lj29S6wnFHt/fqmQ==
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: General discussion list for the Python programming language
<python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>,
<mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <https://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>,
<mailto:python-list-request@python.org?subject=subscribe>
X-Mailman-Original-Message-ID: <146e747f-bb2b-29e6-b8df-93698495c46a@declassed.art>
X-Mailman-Original-References: <CAGKp6MyQYVrxmYr4gNzuSNx53v=XU1uEOaJV65f2qAGN6GgoQw@mail.gmail.com>
 by: Axy - Fri, 9 Dec 2022 03:49 UTC

On 08/12/2022 17:52, Aarnav Mahavir Bos wrote:
> Hello all,
>
> I would like to share Panoptisch, a FOSS(Free and Open Source Software)
> tool I've been working on.

Hi there,

I added your project to my watch list, keep on your work.

A couple of points:

First, I glanced at the code and in the very first file I opened,
https://github.com/R9295/panoptisch/blob/master/panoptisch/__init__.py,
I see main(). I usually place such a code in __main__.py

Second, in addition to AST analysis it would be nice to implement a
sandbox with import hooks.

Axy.

Re: Panoptisch - A way to understand your project's dependencies and find malicious packages

<8903c97c-26a0-486b-a1b8-f4330659f2a3n@googlegroups.com>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=25010&group=comp.lang.python#25010

  copy link   Newsgroups: comp.lang.python
X-Received: by 2002:a05:620a:10a3:b0:6fa:156e:44c0 with SMTP id h3-20020a05620a10a300b006fa156e44c0mr68123299qkk.293.1670600338498;
Fri, 09 Dec 2022 07:38:58 -0800 (PST)
X-Received: by 2002:a05:6808:207:b0:35c:400f:85cd with SMTP id
l7-20020a056808020700b0035c400f85cdmr8569751oie.47.1670600338239; Fri, 09 Dec
2022 07:38:58 -0800 (PST)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.lang.python
Date: Fri, 9 Dec 2022 07:38:57 -0800 (PST)
In-Reply-To: <mailman.1119.1670558214.20444.python-list@python.org>
Injection-Info: google-groups.googlegroups.com; posting-host=207.35.121.189; posting-account=K4UY1goAAACCW5yvjXFUpSbFKUPyE41h
NNTP-Posting-Host: 207.35.121.189
References: <146e747f-bb2b-29e6-b8df-93698495c46a@declassed.art>
<CAGKp6MyQYVrxmYr4gNzuSNx53v=XU1uEOaJV65f2qAGN6GgoQw@mail.gmail.com> <mailman.1119.1670558214.20444.python-list@python.org>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <8903c97c-26a0-486b-a1b8-f4330659f2a3n@googlegroups.com>
Subject: Re: Panoptisch - A way to understand your project's dependencies and
find malicious packages
From: dankolis@gmail.com (Dan Kolis)
Injection-Date: Fri, 09 Dec 2022 15:38:58 +0000
Content-Type: text/plain; charset="UTF-8"
X-Received-Bytes: 1480
 by: Dan Kolis - Fri, 9 Dec 2022 15:38 UTC

I think it needs a built in viewer or at least a human readable output, or nobody will go through the trouble to use it.

Other that that, maybe a pretty good idea, sure

devel / comp.lang.python / Re: Panoptisch - A way to understand your project's dependencies and find malicious packages

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor