Packj (pronounced package deal) is a command line (CLI) device to vet open-source software program packages for “dangerous” attributes that make them weak to produce chain assaults. That is the device behind our large-scale safety evaluation platform Packj.dev that constantly vets packages and supplies free studies.
Packj accepts two enter args:
- title of the registry or package deal supervisor, pypi, npm, or rubygems.
- title of the package deal to be vetted
Packj helps vetting of PyPI, NPM, and RubyGems packages. It performs static code evaluation and checks for a number of metadata attributes equivalent to launch timestamps, creator e-mail, downloads, dependencies. Packages with expired e-mail domains, giant launch time hole, delicate APIs, and many others. are flagged as dangerous for safety causes.
Packj additionally analyzes public repo code in addition to metadata (e.g., stars, forks). By evaluating the repo description and package deal title, you will be certain if the package deal certainly has been created from the repo to mitigate any starjacking assaults.
Containerized
The easiest way to make use of Packj is to run it inside Docker (or Podman) container. You may pull our newest picture from DockerHub to get began.
docker pull ossillate/packj:newest
$ docker run --mount kind=bind,supply=/tmp,goal=/tmp ossillate/packj:newest npm browserify
[+] Fetching 'browserify' from npm...OK [ver 17.0.0]
[+] Checking model...ALERT [598 days old]
[+] Checking launch historical past...OK [484 version(s)]
[+] Checking launch time hole...OK [68 days since last release]
[+] Checking creator...OK [[email protected]]
[+] Checking e-mail/area validity...ALERT [expired author email domain]
[+] Checking readme...OK [26838 bytes]
[+] Checking homepage...OK [https://github.com/browserify/browserify#readme]
[+] Checking downloads...OK [2.2M weekly]
[+] Checking repo_url URL...OK [https://github.com/browserify/browserify]
[+] Checking repo information...OK [stars: 14077, forks: 1236]
[+] Checking repo exercise...OK [commits: 2290, contributors: 207, tags: 413]
[+] Checking for CVEs...OK [none found]
[+] Checking dependencies...ALERT [48 found]
[+] Downloading package deal 'browserify' (ver 17. 0.0) from npm...OK [163.83 KB]
[+] Analyzing code...ALERT [needs 3 perms: process,file,codegen]
[+] Checking information/funcs...OK [429 files (383 .js), 744 funcs, LoC: 9.7K]
=============================================
[+] 5 threat(s) discovered, package deal is undesirable!
=> Full report: /tmp/npm-browserify-17.0.0.json
{
"undesirable": [
"old package: 598 days old",
"invalid or no author email: expired author email domain",
"generates new code at runtime",
"reads files and dirs",
"forks or exits OS processes",
]
}
Particular package deal variations to be vetted could possibly be specified utilizing ==. Please discuss with the instance beneath
$ docker run --mount kind=bind,supply=/tmp,goal=/tmp ossillate/packj:newest pypi requests==2.18.4
[+] Fetching 'requests' from pypi...OK [ver 2.18.4]
[+] Checking model...ALERT [1750 days old]
[+] Checking launch historical past...OK [142 version(s)]
[+] Checking launch time hole...OK [14 days since last release]
[+] Checking creator...OK [[email protected]]
[+] Checking e-mail/area validity...OK [[email protected]]
[+] Checking readme...OK [49006 bytes]
[+] Checking homepage...OK [http://python-requests.org]
[+] Checking downloads...OK [50M weekly]
[+] Checking repo_url URL...OK [https://github.com/psf/requests]
[+] Checking repo information...OK [stars: 47547, forks: 8758]
[+] Checking repo exercise...OK [commits: 6112, contributors: 725, tags: 144]
[+] Checking for CVEs...ALERT [2 found]
[+] Checking dependencies...OK [9 direct]
[+] Downloading package deal 'requests' (ver 2.18.4) from pypi...OK [123.27 KB]
[+ ] Analyzing code...ALERT [needs 4 perms: codegen,process,file,network]
[+] Checking information/funcs...OK [47 files (33 .py), 578 funcs, LoC: 13.9K]
=============================================
[+] 6 threat(s) discovered, package deal is undesirable, weak!
{
"undesirable": [
"old package: 1744 days old",
"invalid or no homepage: insecure webpage",
"generates new code at runtime",
"fetches data over the network",
"reads files and dirs",
],
"weak": [
"contains CVE-2018-18074,CVE-2018-18074"
]
}
=> Full report: /tmp/pypi-requests-2.18.4.json
=> View pre-vetted package deal report at https://packj.dev/package deal/PyPi/requests/2.18.4
Non-containerized
Alternatively, you may set up Python/Ruby dependencies regionally and take a look at it.
NOTE
- Packj has solely been examined on Linux.
- Requires Python3 and Ruby. API evaluation will fail if used with Python2.
- You’ll have to set up Python and Ruby dependencies earlier than utilizing the device:
pip set up -r necessities.txtgem set up google-protobuf:3.21.2 rubocop:1.31.1
$ python3 predominant.py npm eslint
[+] Fetching 'eslint' from npm...OK [ver 8.16.0]
[+] Checking model...OK [10 days old]
[+] Checking launch historical past...OK [305 version(s)]
[+] Checking launch time hole...OK [15 days since last release]
[+] Checking creator...OK [[email protected]]
[+] Checking e-mail/area validity...OK [[email protected]]
[+] Checking readme...OK [18234 bytes]
[+] Checking homepage...OK [https://eslint.org]
[+] Checking downloads...OK [23.8M weekly]
[+] Checking repo_url URL...OK [https://github.com/eslint/eslint]
[+] Checking repo information...OK [stars: 20669, forks: 3689]
[+] Checking repo exercise...OK [commits: 8447, contributors: 1013, tags: 302]
[+] Checking for CVEs...OK [none found]
[+] Checking dependencies...ALERT [35 found]
[+] Downloading package deal 'eslint' (ver 8.16.0) from npm...OK [490.14 KB]
[+] Analyzing code...ALERT [needs 2 perms: codegen,file]
[+ ] Checking information/funcs...OK [395 files (390 .js), 1022 funcs, LoC: 76.3K]
=============================================
[+] 2 threat(s) discovered, package deal is undesirable!
{
"undesirable": [
"generates new code at runtime",
"reads files and dirs: ['package/lib/cli-engine/load-rules.js:37', 'package/lib/cli-engine/file-enumerator.js:142']"
]
}
=> Full report: /tmp/npm-eslint-8.16.0.json
- It first downloads the metadata from the registry utilizing their APIs and analyze it for “dangerous” attributes.
- To carry out API evaluation, the package deal is downloaded from the registry utilizing their APIs right into a temp dir. Then, packj performs static code evaluation to detect API utilization. API evaluation is predicated on MalOSS, a analysis mission from our group at Georgia Tech.
- Vulnerabilities (CVEs) are checked by pulling information from OSV database at OSV
- Python PyPI and NPM package deal downloads are fetched from pypistats and npmjs
- All dangers detected are aggregated and reported
The design of Packj is guided by our examine of 651 malware samples of documented open-source software program provide chain assaults. Particularly, we now have empirically recognized plenty of dangerous code and metadata attributes that make a package deal weak to produce chain assaults.
As an illustration, we flag inactive or unmaintained packages that not obtain safety fixes. Impressed by Android app runtime permissions, Packj makes use of a permission-based safety mannequin to supply management and code transparency to builders. Packages that invoke delicate working system performance equivalent to file accesses and distant community communication are flagged as dangerous as this performance might leak delicate information.
Among the attributes we vet for, embrace
| Attribute | Sort | Description | Cause |
|---|---|---|---|
| Launch date | Metadata | Model launch date to flag outdated or abandonded packages | Outdated or unmaintained packages don’t obtain safety fixes |
| OS or lang APIs | Code | Use of delicate APIs, equivalent to exec and eval |
Malware makes use of APIs from the working system or language runtime to carry out delicate operations (e.g., learn SSH keys) |
| Contributors’ e-mail | Metadata | E-mail addresses of the contributors | Incorrect or invalid of e-mail addresses counsel lack of 2FA |
| Supply repo | Metadata | Presence and validity of public supply repo | Absence of a public repo means no straightforward technique to audit or evaluate the supply code publicly |
Full checklist of the attributes we observe will be seen at threats.csv
These attributes have been recognized as dangerous by a number of different researchers [1, 2, 3] as effectively.
Packj has been developed with a purpose to help builders in figuring out and reviewing potential provide chain dangers in packages.
Nonetheless, for the reason that diploma of perceived safety threat from an untrusted package deal relies on the particular safety necessities, Packj will be personalized in response to your risk mannequin. As an illustration, a package deal with no 2FA could also be perceived to pose larger safety dangers to some builders, in comparison with others who could also be extra keen to make use of such packages for the performance provided. Given the unstable nature of the issue, offering personalized and granular threat measurement is one in all our objectives.
Packj will be personalized to reduce noise and cut back alert fatigue by merely commenting out undesirable attributes in threats.csv
We discovered over 40 malicious packages on PyPI utilizing this device. Various them been taken down. Discuss with an instance beneath:
$ python3 predominant.py pypi krisqian
[+] Fetching 'krisqian' from pypi...OK [ver 0.0.7]
[+] Checking model...OK [256 days old]
[+] Checking launch historical past...OK [7 version(s)]
[+] Checking launch time hole...OK [1 days since last release]
[+] Checking creator...OK [[email protected]]
[+] Checking e-mail/area validity...OK [[email protected]]
[+] Checking readme...ALERT [no readme]
[+] Checking homepage...OK [https://www.bilibili.com/bangumi/media/md140632]
[+] Checking downloads...OK [13 weekly]
[+] Checking repo_url URL...OK [None]
[+] Checking for CVEs...OK [none found]
[+] Checking dependencies...OK [none found]
[+] Downloading package deal 'KrisQian' (ver 0.0.7) from pypi...OK [1.94 KB]
[+] Analyzing code...ALERT [needs 3 perms: process,network,file]
[+] Checking information/funcs...OK [9 files (2 .py), 6 funcs, LoC: 184]
=============================================
[+] 6 threat(s) discovered, package deal is undes irable!
{
"undesirable": [
"no readme",
"only 45 weekly downloads",
"no source repo found",
"generates new code at runtime",
"fetches data over the network: ['KrisQian-0.0.7/setup.py:40', 'KrisQian-0.0.7/setup.py:50']",
"reads information and dirs: ['KrisQian-0.0.7/setup.py:59', 'KrisQian-0.0.7/setup.py:70']"
]
}
=> Full report: pypi-KrisQian-0.0.7.json
=> View pre-vetted package deal report at https://packj.dev/package deal/PyPi/KrisQian/0.0.7
Packj flagged KrisQian (v0.0.7) as suspicious as a result of absence of supply repo and use of delicate APIs (community, code era) throughout package deal set up time (in setup.py). We determined to take a deeper look, and located the package deal malicious. Please discover our detailed evaluation at https://packj.dev/malware/krisqian.
Extra examples of malware we discovered are listed at https://packj.dev/malware Please attain out to us at [email protected] for full checklist.
To be taught extra about Packj device or open-source software program provide chain assaults, discuss with our
Upcoming talks
- Add assist for different language ecosystems. Rust is a piece in progress, and will likely be obtainable in July ’22 (final week).
- Add performance to detect a number of different “dangerous” code in addition to metadata attributes.
- Packj at the moment solely performs static code evaluation, we’re engaged on including assist for dynamic evaluation (WIP, ETA: finish of summer time)
Packj has been developed by Cybersecurity researchers at Ossillate Inc. and exterior collaborators to assist builders mitigate dangers of provide chain assaults when sourcing untrusted third-party open-source software program dependencies. We thank our builders and collaborators.
We welcome code contributions. Be a part of our discord group for dialogue and have requests.
- What Bundle Managers (Registries) are supported?
Packj can at the moment vet NPM, PyPI, and RubyGems packages for “dangerous” attributes. We’re including assist for Rust.
- Does it work on obfuscated calls? For instance, a base 64 encrypted string that will get decrypted after which handed to a shell?
This can be a quite common malicious habits. Packj detects code obfuscation in addition to spawning of shell instructions (exec system name). For instance, Packj can flag use of getattr() and eval() API as they point out “runtime code era”; a developer can go and take a deeper look then. See predominant.py for particulars.
- Does this work on the system name degree, the place it might detect e.g. any try and open ~/.aws/credentials, or does it depend on heuristic evaluation of the code itself, which can at all times be capable to be “coded round” by the malware authors?
Packj at the moment makes use of static code evaluation to derive permissions (e.g., file/community accesses). Subsequently, it might detect open() calls if utilized by the malware instantly (e.g., not obfuscated in a base64 encoded string). However, Packj can even level out such base64 decode calls. Fortuitously, malware has to make use of these APIs (learn, open, decode, eval, and many others.) for his or her performance — there is no getting round. Having stated that, a complicated malware can cover itself higher, so dynamic evaluation have to be carried out for completeness. We’re incorporating strace-based dynamic evaluation (containerized) to gather system calls. See roadmap for particulars.
