Headline
CVE-2022-38885: d8s-netstrings
The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
Project description
Democritus Netstrings
Democritus functions[1] for working with Netstrings.
[1] Democritus functions are simple, effective, modular, well-tested, and well-documented Python functions.
We use d8s as an abbreviation for democritus (you can read more about this here).
Functions
def string_to_netstring_ascii(string: str, *args): “""Convert the given string to a netstring (and return it’s ascii representation).""”
def string_to_netstring_hex(string: str, *args): “""Convert the given string to a netstring (and return it’s hex representation).""”
def netstring_ascii_to_netstring_hex(netstring_ascii: str): “""Convert a netstring (represented as ascii) to its hex representation.""”
def netstring_hex_to_netstring_ascii(netstring_hex: str): “""Convert a netstring (represented as hex) to its ascii representation.""”
def netstring_ascii_to_string(netstring_ascii: str): “""Get the string portion of the given netstring (represented as ascii).""”
def netstring_hex_to_string(netstring_hex: str): “""Get the string portion of the given netstring (represented as hex).""”
Development
👋 If you want to get involved in this project, we have some short, helpful guides below:
- contribute to this project 🥇
- test it 🧪
- lint it 🧹
- explore it 🔭
If you have any questions or there is anything we did not cover, please raise an issue and we’ll be happy to help.
Credits
This package was created with Cookiecutter and Floyd Hightower’s Python project template.
Download files
Download the file for your platform. If you’re not sure which to choose, learn more about installing packages.
Source Distribution****Built Distribution