Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[new check] executable files #78

Open
2 tasks done
jameslamb opened this issue Oct 24, 2022 · 2 comments
Open
2 tasks done

[new check] executable files #78

jameslamb opened this issue Oct 24, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@jameslamb
Copy link
Owner

What should be checked?

By default, pydistcheck should warn on the presence of executable files found in Python distributions.

I expect most Python distributions to be code that is loaded at runtime in a Python process, and to therefore not need to contain executable files.

This check would probably be most useful as a part of a security-scanning process (to detect downloads of executable files from package repositories).

NOTE: this should use the mode of the files in the distribution (e.g. https://docs.python.org/3/library/tarfile.html#tarfile.TarInfo.mode), not heuristics based on file extensions like .exe (that type of heuristic is captured in a separate check, #55 ).

What should the name of this check be?

found-executable-files

Will this check introduce any additional configuration?

no

Details on additional configuration required.

No response

Distribution type

  • source (e.g. .tar.gz)
  • built (e.g. .whl)

Notes

No response
@jameslamb jameslamb added the enhancement New feature or request label Oct 24, 2022
@jameslamb jameslamb mentioned this issue Oct 24, 2022
Merged
@jameslamb
Copy link
Owner Author

jameslamb commented Dec 22, 2022
edited
Loading

some references:

Related project (one of many that scans Python packages for know vulnerabilities): https://pypi.org/project/safety/

jameslamb added a commit that referenced this issue Dec 22, 2022
@jameslamb
add check that distribution does not contain executable files (fixes #78
587f34c 
)
This was referenced Dec 22, 2022
Closed
Merged
@jameslamb
Copy link
Owner Author

Somewhat related: https://stackoverflow.com/questions/43886777/is-there-a-tool-to-check-python-distribution-sdist-files

... we released a Python source distribution (sdist) file on PyPI, and there was an issue that was only noticed after making the release. Namely for some files, the permissions were set to not allow read by all, and then in some cases those files couldn't be read on user machines after they installed the package with sudo.

We're considering starting our own script to check an sdist for this issue and to run it before uploading to PyPI.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

WIP: add check that distribution does not contain executable files (fixes #78) jameslamb/pydistcheck
1 participant
@jameslamb