Skip to content

noisy/parse_setup.py

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
example_files
example_files
 
 
script
script
 
 
.editorconfig
.editorconfig
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
parse.sh
parse.sh
 
 

Repository files navigation

parse_setup.py

Simple script, which parse setup.py file in secure docker container in order to extract requirements.

Malicious setup.py like this:

from setuptools import setup
import shutil

setup(
    install_requires=[
        shutil.rmtree('/'),  # very dangerous!
        'django',
    ],
)

should not be pass to exec function. Regular expressions are also not a solution for every kind of setup.py file. Fortunately there is docker! :)

Usage

$ docker build -t parse .
$ ./parse.sh ./example_files/setup.py
#[OK]
lxml==3.4.4
termcolor==1.1.0

$ ./parse.sh ./example_files/dangerous_setup.py
[Errno 39] Directory not empty: '/usr/local/lib'
#nothing bad happend :)

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages