Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-38887: d8s-python

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.

CVE
#backdoor

Project description

Democritus Python

Democritus functions[1] for working with Python data (code and ASTs).

[1] Democritus functions are simple, effective, modular, well-tested, and well-documented Python functions.

We use d8s (pronounced “dee-eights”) as an abbreviation for democritus (you can read more about this here).

Installation

pip install d8s-python

Usage

You import the library like:

from d8s_python import *

Once imported, you can use any of the functions listed below.

Functions

  • def python_functions_signatures( code_text: str, *, ignore_private_functions: bool = False, ignore_nested_functions: bool = False, keep_function_name: bool = False, ) -> List[str]: “""Return the function signatures for all of the functions in the given code_text.""”

  • def python_todos(code_text: str, todo_regex: str = ‘TODO:.*’) -> List[str]: “""Return all todos in the given code_text that match the given todo_regex.""”

  • def python_make_pythonic(name: str) -> str: """Make the name pythonic.

    (e.g. ‘fooBar’ => 'foo_bar’, ‘foo-bar’ => 'foo_bar’, ‘foo bar’ => 'foo_bar’, ‘Foo Bar’ => ‘foo_bar’)."""

  • def python_namespace_has_argument(namespace: argparse.Namespace, argument_name: str) -> bool: “"".""”

  • def python_traceback_prettify(traceback: str) -> str: “""Return a string with the given traceback pretty-printed.""”

  • def python_traceback_pretty_print(traceback: str) -> None: “""Return a string with the given traceback pretty-printed.""”

  • def python_clean(code_text: str) -> str: “""Clean python code as it is often found in documentation and snippets.""”

  • def python_function_blocks( code_text: str, *, ignore_private_functions: bool = False, ignore_nested_functions: bool = False ) -> List[str]: “""Find the code (as a string) for every function in the given code_text.""”

  • def python_line_count(python_code: str, *, ignore_empty_lines: bool = True) -> int: “""Return the number of lines in the given function_text.""”

  • def python_function_lengths(code_text: str) -> List[int]: “""Find the lengths of each function in the given code_text.""”

  • def python_version() -> str: “""Return the python version of the current environment.""”

  • def python_is_version_2() -> bool: “""Return whether or not the python version of the current environment is v2.x.""”

  • def python_is_version_3() -> bool: “""Return whether or not the python version of the current environment is v3.x.""”

  • def python_files_using_function(function_name: str, search_path: str) -> List[str]: “""Find where the given function is used in the given search path.""”

  • def python_keywords() -> List[str]: “""Get a list of the python keywords.""”

  • def python_object_properties_enumerate( python_object: Any, *, run_methods: bool = True, internal_properties: bool = True ) -> None: “""Enumerate and print out the properties of the given object.""”

  • def python_copy_deep(python_object: Any) -> Any: “""Return a deep (complete, recursive) copy of the given python object.""”

  • def python_copy_shallow(python_object: Any) -> Any: “""Return shallow copy of the given python object.""”

  • def python_file_names(path: str, *, exclude_tests: bool = False) -> List[str]: “""Find all python files in the given directory.""”

  • def python_fstrings(code_text: str, *, include_braces: bool = False) -> Iterator[str]: “""Find all of the python formatted string literals in the given text. See https://realpython.com/python-f-strings/ for more details about f-strings.""”

  • def python_code_details(code_text: str): “""Get details about the given code_text. This is a wrapper for `dis.code_info`""”

  • def python_disassemble(code_text: str): “""Disassemble the python code_text. This is a wrapper for `dis.dis`""”

  • def python_stack_local_data(): “""Get local data in the current python environment.""”

  • def python_object_doc_string(python_object: Any) -> Union[str, None]: “""Get the doc string for the given python object (e.g. module, function, or class).""”

  • def python_object_source_file(python_object: Any) -> str: “""Get the source file for the given python object (e.g. module, function, or class).""”

  • def python_object_module(python_object: Any) -> str: “""Get the module for the given python object (e.g. function or class).""”

  • def python_object_source_code(python_object: Any) -> str: “""Get the source code for the given python object (e.g. module, function, or class).""”

  • def python_object_signature(python_object: Any) -> str: “""Get the argument signature for the given python object (e.g. module, function, or class).""”

  • def python_sort_type_list_by_name(python_type_list: List[type], **kwargs) -> List[type]: “"".""”

  • def python_type_name(python_type: type) -> str: “""Return the common name of the given type.""”

  • def python_object_type_to_word(python_object: Any) -> str: “""Convert the given python type to a string.""”

  • def python_ast_raise_name(node: ast.Raise) -> Optional[str]: “""Get the name of the exception raise by the given ast.Raise object.""”

  • def python_ast_exception_handler_exceptions_handled(handler: ast.ExceptHandler) -> Optional[Iterable[str]]: “""Return all of the exceptions handled by the given exception handler.""”

  • def python_ast_exception_handler_exceptions_raised(handler: ast.ExceptHandler) -> Optional[Iterable[str]]: “""Return the exception raised by the given exception handler.""”

  • def python_exceptions_handled(code_text: str) -> Iterable[str]: “""Return a list of all exceptions handled in the given code.""”

  • def python_exceptions_raised(code_text: str) -> Iterable[str]: “""Return a list of all exceptions raised in the given code.""”

  • def python_functions_as_import_string(code_text: str, module_name: str) -> str: “"".""”

  • def python_ast_object_line_number(ast_object: object) -> Optional[int]: “"".""”

  • def python_ast_object_line_numbers(ast_object: object) -> Tuple[int, int]: “"".""”

  • def python_ast_objects_of_type( code_text_or_ast_object: Union[str, object], ast_type: type, *, recursive_search: bool = True ) -> Iterable[object]: “""Return all of the ast objects of the given ast_type in the code_text_or_ast_object.""”

  • def python_ast_objects_not_of_type(code_text_or_ast_object: Union[str, object], ast_type: type) -> Iterable[object]: “""Return all of the ast objects which are not of the given ast_type in the code_text_or_ast_object.""”

  • def python_ast_parse(code_text: str) -> ast.Module: “"".""”

  • def python_ast_function_defs(code_text: str, recursive_search: bool = True) -> Iterable[ast.FunctionDef]: “"".""”

  • def python_function_arguments(function_text: str) -> List[ast.arg]: “"".""”

  • def python_function_argument_names(function_text: str) -> Iterable[str]: “"".""”

  • def python_function_argument_defaults(function_text: str) -> List[str]: “"".""”

  • def python_function_argument_annotations(function_text: str) -> List[str]: “"".""”

  • def python_function_names( code_text: str, *, ignore_private_functions: bool = False, ignore_nested_functions: bool = False ) -> List[str]: “"".""”

  • def python_function_docstrings( code_text: str, *, ignore_private_functions: bool = False, ignore_nested_functions: bool = False ) -> List[str]: “""Get docstrings for all of the functions in the given text.""”

  • def python_variable_names(code_text: str) -> List[str]: “""Get all of the variables names in the code_text.""”

  • def python_constants(code_text: str) -> List[str]: “""Get all constants in the code_text.""”

Development

👋 If you want to get involved in this project, we have some short, helpful guides below:

  • contribute to this project 🥇
  • test it 🧪
  • lint it 🧹
  • explore it 🔭

If you have any questions or there is anything we did not cover, please raise an issue and we’ll be happy to help.

Credits

This package was created with Cookiecutter and Floyd Hightower’s Python project template.

Download files

Download the file for your platform. If you’re not sure which to choose, learn more about installing packages.

Source Distribution****Built Distribution

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907