From 2ea91886df2c3390462d46486deccb425d6127a6 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Fri, 19 Apr 2024 20:10:51 +0800 Subject: [PATCH 01/60] =?UTF-8?q?feat:=20=E6=AD=A3=E5=88=99=E5=8C=B9?= =?UTF-8?q?=E9=85=8D=E5=8D=B1=E9=99=A9=E5=87=BD=E6=95=B0=E5=B9=B6=E5=88=92?= =?UTF-8?q?=E5=88=86=E7=AD=89=E7=BA=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- match/match.py | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 match/match.py diff --git a/match/match.py b/match/match.py new file mode 100644 index 0000000..3b53797 --- /dev/null +++ b/match/match.py @@ -0,0 +1,82 @@ +""" +Usage: python match.py your_file_path +""" + +import re +from typing import List, Tuple, Dict +import sys + + +def read_file_content(file_path: str) -> str: + """ + Reads and returns the content of a specified file. Exits the program with an error if the file does not exist or cannot be read. + + :param file_path: The full path to the file. + :return: The text content of the file. + :raises FileNotFoundError: If the file does not exist. + :raises IOError: If the file cannot be read. + """ + try: + with open(file_path, "r", encoding="utf-8") as file: + return file.read() + except FileNotFoundError: + print("Error: File not found.") + sys.exit(1) + except IOError: + print("Error: Could not read file.") + sys.exit(1) + + +def find_dangerous_functions(file_content: str) -> Dict[str, List[Tuple[int, str]]]: + """ + Searches the given code text for potentially dangerous function calls and classifies results by risk level. + + :param file_content: String content of the code file. + :return: Dictionary with risk levels as keys and lists of tuples (line number, matched line content) as values. + """ + # Define dangerous functions and their risk levels + patterns: Dict[str, str] = { + r"\bsystem\(": "high", + r"\bexec\(": "high", + r"\bpopen\(": "medium", + r"\beval\(": "high", + r"\bsubprocess\.run\(": "medium", + } + # Store results classified by risk level + classified_results = {"high": [], "medium": [], "low": []} + for line_number, line in enumerate(file_content.split("\n"), start=1): + found = False + for pattern, risk_level in patterns.items(): + if re.search(pattern, line): + classified_results[risk_level].append((line_number, line.strip())) + found = True + break # Stop checking other patterns once a match is found + return classified_results + + +def main(file_path: str): + """ + Main function that reads file content, checks for dangerous functions, and outputs classified results by risk level. + + :param file_path: File path input from the command line. + """ + file_content = read_file_content(file_path) + classified_dangerous = find_dangerous_functions(file_content) + for risk_level in [ + "high", + "medium", + ]: # Only iterate over high and medium risk levels + occurrences = classified_dangerous[risk_level] + if occurrences: + print(f"Dangerous functions found at risk level {risk_level}:") + for line_num, func in occurrences: + print(f" Line {line_num}: {func}") + else: + print(f"No dangerous functions found at risk level {risk_level}.") + + +if __name__ == "__main__": + if len(sys.argv) < 2: + print("Usage: python script.py ") + sys.exit(1) + main(sys.argv[1]) -- 2.47.2 From f2f8341e2c12c10e2daf3abb9fb84e4ba76d666e Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Fri, 19 Apr 2024 20:11:21 +0800 Subject: [PATCH 02/60] =?UTF-8?q?feat:=20=E6=B5=8B=E8=AF=95=E6=96=87?= =?UTF-8?q?=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- match/test_dangerous_functions.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 match/test_dangerous_functions.py diff --git a/match/test_dangerous_functions.py b/match/test_dangerous_functions.py new file mode 100644 index 0000000..aa36836 --- /dev/null +++ b/match/test_dangerous_functions.py @@ -0,0 +1,28 @@ +""" +危险函数测试 +""" + +import os + +# 潜在的危险函数调用示例 +os.system("ls") +eval("2 + 2") +exec("print('Executing dangerous exec function')") +popen_result = os.popen('echo "Hello World"').read() +print(popen_result) + +# 一些正常操作 +print("This is a safe print statement.") +result = sum([1, 2, 3]) +print("Sum result:", result) + +# 尝试使用 subprocess 以更安全的方式调用外部命令 +import subprocess + +subprocess.run(["echo", "Subprocess run is safer than os.system"]) + +# 错误的函数调用尝试 +try: + os.system("rm -rf /") # 非常危险的调用,应避免在实际环境中使用 +except: + print("Failed to execute dangerous system call.") -- 2.47.2 From 3d961aa2d728184b85420f47cface138c34a0025 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:12:04 +0800 Subject: [PATCH 03/60] =?UTF-8?q?fix:=20=E7=A1=AE=E4=BF=9D=E6=B5=8B?= =?UTF-8?q?=E8=AF=95=E6=96=87=E4=BB=B6=E6=AD=A3=E7=A1=AE=E5=BC=95=E5=85=A5?= =?UTF-8?q?=E6=A8=A1=E5=9D=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- __init__.py | 0 detection/__init__.py | 0 tests/__init__.py | 0 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 __init__.py create mode 100644 detection/__init__.py create mode 100644 tests/__init__.py diff --git a/__init__.py b/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/detection/__init__.py b/detection/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/__init__.py b/tests/__init__.py new file mode 100644 index 0000000..e69de29 -- 2.47.2 From 9e5640ad80bfe7fbb182b68dad4cdf09bdebdacc Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:12:28 +0800 Subject: [PATCH 04/60] =?UTF-8?q?ci:=20=E6=B7=BB=E5=8A=A0action=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection-test.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/detection-test.yml diff --git a/.github/workflows/detection-test.yml b/.github/workflows/detection-test.yml new file mode 100644 index 0000000..e0f296c --- /dev/null +++ b/.github/workflows/detection-test.yml @@ -0,0 +1,26 @@ +name: Detection test + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v2 + - name: Set up Python 3.8 + uses: actions/setup-python@v1 + with: + python-version: 3.8 + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install pytest + # 如果你的测试需要其他依赖,可以在这里添加pip install命令 + - name: Run tests + run: | + python -m unittest discover -s tests -- 2.47.2 From 8dc486cf47b67138cc97f356530be2730219242a Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:12:56 +0800 Subject: [PATCH 05/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E5=90=8D=E7=A7=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- match/match.py | 82 ------------------------------- match/test_dangerous_functions.py | 28 ----------- 2 files changed, 110 deletions(-) delete mode 100644 match/match.py delete mode 100644 match/test_dangerous_functions.py diff --git a/match/match.py b/match/match.py deleted file mode 100644 index 3b53797..0000000 --- a/match/match.py +++ /dev/null @@ -1,82 +0,0 @@ -""" -Usage: python match.py your_file_path -""" - -import re -from typing import List, Tuple, Dict -import sys - - -def read_file_content(file_path: str) -> str: - """ - Reads and returns the content of a specified file. Exits the program with an error if the file does not exist or cannot be read. - - :param file_path: The full path to the file. - :return: The text content of the file. - :raises FileNotFoundError: If the file does not exist. - :raises IOError: If the file cannot be read. - """ - try: - with open(file_path, "r", encoding="utf-8") as file: - return file.read() - except FileNotFoundError: - print("Error: File not found.") - sys.exit(1) - except IOError: - print("Error: Could not read file.") - sys.exit(1) - - -def find_dangerous_functions(file_content: str) -> Dict[str, List[Tuple[int, str]]]: - """ - Searches the given code text for potentially dangerous function calls and classifies results by risk level. - - :param file_content: String content of the code file. - :return: Dictionary with risk levels as keys and lists of tuples (line number, matched line content) as values. - """ - # Define dangerous functions and their risk levels - patterns: Dict[str, str] = { - r"\bsystem\(": "high", - r"\bexec\(": "high", - r"\bpopen\(": "medium", - r"\beval\(": "high", - r"\bsubprocess\.run\(": "medium", - } - # Store results classified by risk level - classified_results = {"high": [], "medium": [], "low": []} - for line_number, line in enumerate(file_content.split("\n"), start=1): - found = False - for pattern, risk_level in patterns.items(): - if re.search(pattern, line): - classified_results[risk_level].append((line_number, line.strip())) - found = True - break # Stop checking other patterns once a match is found - return classified_results - - -def main(file_path: str): - """ - Main function that reads file content, checks for dangerous functions, and outputs classified results by risk level. - - :param file_path: File path input from the command line. - """ - file_content = read_file_content(file_path) - classified_dangerous = find_dangerous_functions(file_content) - for risk_level in [ - "high", - "medium", - ]: # Only iterate over high and medium risk levels - occurrences = classified_dangerous[risk_level] - if occurrences: - print(f"Dangerous functions found at risk level {risk_level}:") - for line_num, func in occurrences: - print(f" Line {line_num}: {func}") - else: - print(f"No dangerous functions found at risk level {risk_level}.") - - -if __name__ == "__main__": - if len(sys.argv) < 2: - print("Usage: python script.py ") - sys.exit(1) - main(sys.argv[1]) diff --git a/match/test_dangerous_functions.py b/match/test_dangerous_functions.py deleted file mode 100644 index aa36836..0000000 --- a/match/test_dangerous_functions.py +++ /dev/null @@ -1,28 +0,0 @@ -""" -危险函数测试 -""" - -import os - -# 潜在的危险函数调用示例 -os.system("ls") -eval("2 + 2") -exec("print('Executing dangerous exec function')") -popen_result = os.popen('echo "Hello World"').read() -print(popen_result) - -# 一些正常操作 -print("This is a safe print statement.") -result = sum([1, 2, 3]) -print("Sum result:", result) - -# 尝试使用 subprocess 以更安全的方式调用外部命令 -import subprocess - -subprocess.run(["echo", "Subprocess run is safer than os.system"]) - -# 错误的函数调用尝试 -try: - os.system("rm -rf /") # 非常危险的调用,应避免在实际环境中使用 -except: - print("Failed to execute dangerous system call.") -- 2.47.2 From 8c3616e90f40b34ce10d510d2591206bc18eb52b Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:13:37 +0800 Subject: [PATCH 06/60] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0unittest?= =?UTF-8?q?=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- detection/backdoor_detection.py | 87 ++++++++++++++++++++++++++++++++ tests/test_backdoor_detection.py | 55 ++++++++++++++++++++ 2 files changed, 142 insertions(+) create mode 100644 detection/backdoor_detection.py create mode 100644 tests/test_backdoor_detection.py diff --git a/detection/backdoor_detection.py b/detection/backdoor_detection.py new file mode 100644 index 0000000..afca29b --- /dev/null +++ b/detection/backdoor_detection.py @@ -0,0 +1,87 @@ +""" +Usage: python backdoor_detection.py your_file_path +""" + +import re +from typing import List, Tuple, Dict +import sys + + +def read_file_content(file_path: str) -> str: + """ + Reads and returns the content of a specified file. Exits the program with an error if the file does not exist or cannot be read. + + :param file_path: The full path to the file. + :return: The text content of the file. + :raises FileNotFoundError: If the file does not exist. + :raises IOError: If the file cannot be read. + """ + try: + with open(file_path, "r", encoding="utf-8") as file: + return file.read() + except FileNotFoundError: + print("Error: File not found.") + sys.exit(1) + except IOError: + print("Error: Could not read file.") + sys.exit(1) + + +def find_dangerous_functions(file_content: str) -> Dict[str, List[Tuple[int, str]]]: + """ + Searches the given code text for potentially dangerous function calls and classifies results by risk level. + Ignores comments in the code. + + :param file_content: String content of the code file. + :return: Dictionary with risk levels as keys and lists of tuples (line number, matched line content) as values. + """ + # Define dangerous functions and their risk levels + patterns: Dict[str, str] = { + r"\bsystem\(": "high", + r"\bexec\(": "high", + r"\bpopen\(": "medium", + r"\beval\(": "high", + r"\bsubprocess\.run\(": "medium", + } + # Store results classified by risk level + classified_results = {"high": [], "medium": [], "low": []} + for line_number, line in enumerate(file_content.split("\n"), start=1): + # Remove comments from the line + clean_line = line.split("#")[0].strip() + if not clean_line: # Skip empty or comment-only lines + continue + found = False + for pattern, risk_level in patterns.items(): + if re.search(pattern, clean_line): + classified_results[risk_level].append((line_number, clean_line)) + found = True + break # Stop checking other patterns once a match is found + return classified_results + + +def main(file_path: str): + """ + Main function that reads file content, checks for dangerous functions, and outputs classified results by risk level. + + :param file_path: File path input from the command line. + """ + file_content = read_file_content(file_path) + classified_dangerous = find_dangerous_functions(file_content) + for risk_level in [ + "high", + "medium", + ]: # Only iterate over high and medium risk levels + occurrences = classified_dangerous[risk_level] + if occurrences: + print(f"Dangerous functions found at risk level {risk_level}:") + for line_num, func in occurrences: + print(f" Line {line_num}: {func}") + else: + print(f"No dangerous functions found at risk level {risk_level}.") + + +if __name__ == "__main__": + if len(sys.argv) < 2: + print("Usage: python script.py ") + sys.exit(1) + main(sys.argv[1]) diff --git a/tests/test_backdoor_detection.py b/tests/test_backdoor_detection.py new file mode 100644 index 0000000..f61b561 --- /dev/null +++ b/tests/test_backdoor_detection.py @@ -0,0 +1,55 @@ +import unittest +from detection.backdoor_detection import find_dangerous_functions + + +class TestBackdoorDetection(unittest.TestCase): + def test_high_risk_detection(self): + content = """import os + os.system('rm -rf /') # high risk + exec('print("Hello")') # high risk + eval('2 + 2') # high risk + """ + results = find_dangerous_functions(content) + self.assertIn((2, "os.system('rm -rf /')"), results["high"]) + self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) + self.assertIn((4, "eval('2 + 2')"), results["high"]) + + def test_medium_risk_detection(self): + content = """import subprocess + subprocess.run(['ls', '-l']) # medium risk + import os + os.popen('ls') # medium risk + """ + results = find_dangerous_functions(content) + self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) + self.assertIn((4, "os.popen('ls')"), results["medium"]) + + def test_no_risk_detection(self): + content = """a = 10 + b = a + 5 + print('This should not be detected as risky.') + """ + results = find_dangerous_functions(content) + self.assertEqual(len(results["high"]), 0) + self.assertEqual(len(results["medium"]), 0) + self.assertEqual(len(results["low"]), 0) + + def test_inclusion_of_comments(self): + content = """# Just a comment line + print('This is a safe line') + eval('2 + 2') # This should be high risk + subprocess.run(['echo', 'hello']) # This should be medium risk + """ + results = find_dangerous_functions(content) + self.assertIn( + (3, "eval('2 + 2')"), + results["high"], + ) + self.assertIn( + (4, "subprocess.run(['echo', 'hello'])"), + results["medium"], + ) + + +if __name__ == "__main__": + unittest.main() -- 2.47.2 From bfcbf99cf48da90870459d6bfa80763bd5b38364 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:20:29 +0800 Subject: [PATCH 07/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection-test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/detection-test.yml b/.github/workflows/detection-test.yml index e0f296c..f4bc149 100644 --- a/.github/workflows/detection-test.yml +++ b/.github/workflows/detection-test.yml @@ -12,10 +12,10 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Set up Python 3.8 - uses: actions/setup-python@v1 + - name: Set up Python 3.10.9 + uses: actions/setup-python@v2 with: - python-version: 3.8 + python-version: "3.10.9" - name: Install dependencies run: | python -m pip install --upgrade pip -- 2.47.2 From 9be13bc4e3442e848b89ac56611a3d7f18a826f3 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:27:06 +0800 Subject: [PATCH 08/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/detection-test.yml b/.github/workflows/detection-test.yml index f4bc149..3ab40b2 100644 --- a/.github/workflows/detection-test.yml +++ b/.github/workflows/detection-test.yml @@ -8,7 +8,7 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: windows-latest steps: - uses: actions/checkout@v2 -- 2.47.2 From c140f21b8efce6a6447f8f2f2f8a496774782401 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:37:00 +0800 Subject: [PATCH 09/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection-test.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/detection-test.yml b/.github/workflows/detection-test.yml index 3ab40b2..7ec4f52 100644 --- a/.github/workflows/detection-test.yml +++ b/.github/workflows/detection-test.yml @@ -11,11 +11,11 @@ jobs: runs-on: windows-latest steps: - - uses: actions/checkout@v2 - - name: Set up Python 3.10.9 - uses: actions/setup-python@v2 + - uses: actions/checkout@v4 + - name: Set up Python 3.8.15 + uses: ./ with: - python-version: "3.10.9" + python-version: "3.8.15" - name: Install dependencies run: | python -m pip install --upgrade pip @@ -23,4 +23,4 @@ jobs: # 如果你的测试需要其他依赖,可以在这里添加pip install命令 - name: Run tests run: | - python -m unittest discover -s tests + python -m unittest ./tests/test_backdoor_detection.py -- 2.47.2 From fa98d645774d055a9bf1bda8e361bb69e073172f Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:42:27 +0800 Subject: [PATCH 10/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../{detection-test.yml => python-test.yml} | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) rename .github/workflows/{detection-test.yml => python-test.yml} (60%) diff --git a/.github/workflows/detection-test.yml b/.github/workflows/python-test.yml similarity index 60% rename from .github/workflows/detection-test.yml rename to .github/workflows/python-test.yml index 7ec4f52..eddec27 100644 --- a/.github/workflows/detection-test.yml +++ b/.github/workflows/python-test.yml @@ -1,4 +1,4 @@ -name: Detection test +name: Python application test on: push: @@ -8,14 +8,14 @@ on: jobs: build: - runs-on: windows-latest + runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - name: Set up Python 3.8.15 - uses: ./ + - uses: actions/checkout@v2 + - name: Set up Python 3.8 + uses: actions/setup-python@v1 with: - python-version: "3.8.15" + python-version: 3.8 - name: Install dependencies run: | python -m pip install --upgrade pip @@ -23,4 +23,4 @@ jobs: # 如果你的测试需要其他依赖,可以在这里添加pip install命令 - name: Run tests run: | - python -m unittest ./tests/test_backdoor_detection.py + python -m unittest discover -s tests -- 2.47.2 From 28f2f7abf119208d49780022ed46f933ac4b7475 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:44:19 +0800 Subject: [PATCH 11/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index eddec27..a846bab 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -8,19 +8,18 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: windows-latest steps: - uses: actions/checkout@v2 - - name: Set up Python 3.8 + - name: Set up Python uses: actions/setup-python@v1 with: - python-version: 3.8 + python-version: 3.8.15 - name: Install dependencies run: | python -m pip install --upgrade pip pip install pytest - # 如果你的测试需要其他依赖,可以在这里添加pip install命令 - name: Run tests run: | python -m unittest discover -s tests -- 2.47.2 From 973f863e926f113bdd4cfdee252ff317661c41f0 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:45:04 +0800 Subject: [PATCH 12/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index a846bab..e551964 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -8,7 +8,7 @@ on: jobs: build: - runs-on: windows-latest + runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 -- 2.47.2 From 53a7120bfc6b1f01c3f99daea239b482a00b1d14 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:50:24 +0800 Subject: [PATCH 13/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index e551964..8e1a69b 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -15,7 +15,9 @@ jobs: - name: Set up Python uses: actions/setup-python@v1 with: - python-version: 3.8.15 + python-version: "3.x" + cache: "pip" + architecture: "x64" - name: Install dependencies run: | python -m pip install --upgrade pip -- 2.47.2 From 2f4903376ce8bff8f2e741f54ef7f7875c953f46 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:51:45 +0800 Subject: [PATCH 14/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index 8e1a69b..27ae8a1 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -13,10 +13,9 @@ jobs: steps: - uses: actions/checkout@v2 - name: Set up Python - uses: actions/setup-python@v1 + uses: actions/setup-python@v3 with: - python-version: "3.x" - cache: "pip" + python-version: "3.10" architecture: "x64" - name: Install dependencies run: | -- 2.47.2 From ac99e992165941771673ffca5b0d8094a38f5e03 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 11:56:49 +0800 Subject: [PATCH 15/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index 27ae8a1..0f16587 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v3 with: - python-version: "3.10" + python-version: "3.10.2" # 指定一个确切的小版本号 architecture: "x64" - name: Install dependencies run: | -- 2.47.2 From b9ccc42a8594e961c6863de06217b575ff55a121 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 12:00:55 +0800 Subject: [PATCH 16/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index 0f16587..152efbe 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v3 with: - python-version: "3.10.2" # 指定一个确切的小版本号 + python-version: "3.10.14" architecture: "x64" - name: Install dependencies run: | -- 2.47.2 From 2b1847715d7b1e445b40bdae04433d197896474d Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 12:04:10 +0800 Subject: [PATCH 17/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index 152efbe..d66e8aa 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -15,8 +15,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v3 with: - python-version: "3.10.14" - architecture: "x64" + python-version: "3.10.1" - name: Install dependencies run: | python -m pip install --upgrade pip -- 2.47.2 From a1b277f573b8b3cc69c3f5814613bdae34bec793 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 13:58:17 +0800 Subject: [PATCH 18/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index d66e8aa..d65cb89 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v3 with: - python-version: "3.10.1" + python-version: "3.9.12" - name: Install dependencies run: | python -m pip install --upgrade pip -- 2.47.2 From 2c088eeb25a39266630644ac272ed64434e2c5d8 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 13:59:31 +0800 Subject: [PATCH 19/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index d65cb89..d651ff1 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -13,7 +13,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: Set up Python - uses: actions/setup-python@v3 + uses: actions/setup-python@v4 with: python-version: "3.9.12" - name: Install dependencies -- 2.47.2 From 52a5c9475869f865e6449876ffae673c70134194 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 14:00:46 +0800 Subject: [PATCH 20/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index d651ff1..27dacbc 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: "3.9.12" + python-version: "3.9.15" - name: Install dependencies run: | python -m pip install --upgrade pip -- 2.47.2 From f13d9266c6031f8b922b57435f3da7bad258926d Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 14:02:11 +0800 Subject: [PATCH 21/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index 27dacbc..07d0da3 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -8,14 +8,14 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v2 - name: Set up Python uses: actions/setup-python@v4 with: - python-version: "3.9.15" + python-version: "3.9.1" - name: Install dependencies run: | python -m pip install --upgrade pip -- 2.47.2 From e2fa93f09535bf6dd6f373983cc9ff5d1944247f Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 14:05:01 +0800 Subject: [PATCH 22/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index 07d0da3..e3fe4dc 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -8,14 +8,14 @@ on: jobs: build: - runs-on: ubuntu-20.04 + runs-on: "ubuntu-20.04" steps: - uses: actions/checkout@v2 - name: Set up Python uses: actions/setup-python@v4 with: - python-version: "3.9.1" + python-version: "v3.9.12" - name: Install dependencies run: | python -m pip install --upgrade pip -- 2.47.2 From c366c0e672776a86cbbeb6acb708f44e14892ad9 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Sat, 20 Apr 2024 14:05:43 +0800 Subject: [PATCH 23/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E8=87=AA?= =?UTF-8?q?=E5=8A=A8=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index e3fe4dc..07040ee 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v4 with: - python-version: "v3.9.12" + python-version: "3.9.12" - name: Install dependencies run: | python -m pip install --upgrade pip -- 2.47.2 From bf4a96cf3494104fb2050aec756b530731be0988 Mon Sep 17 00:00:00 2001 From: sangge-win <2251250136@qq.com> Date: Sun, 21 Apr 2024 21:25:19 +0800 Subject: [PATCH 24/60] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=80=9D=E8=B7=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/idea.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/idea.md b/docs/idea.md index a0e5928..0ba5f6a 100644 --- a/docs/idea.md +++ b/docs/idea.md @@ -6,6 +6,8 @@ 工具开发:使用正则表达式和模式匹配来搜索代码中的可疑结构或者片段。 +参考项目: https://github.com/SonarSource/sonarqube + ## 控制流分析 通过分析程序的控制流(即程序中各个操作的执行顺序),可以检测到异常的控制流路径,这些路径可能是后门的迹象。 @@ -18,6 +20,8 @@ 实施策略:开发脚本或工具来自动化检查外部库的可信度和更新记录。 +这个网站可以搜索依赖中是否存在漏洞: https://security.snyk.io/package/pip/ + ## 异常行为检测 通过定义“正常”代码行为的基线,可以标识出异常行为,这些异常行为可能指示着后门的存在。 -- 2.47.2 From dd891443a90ab236b70c1ab622c0e00a418ff945 Mon Sep 17 00:00:00 2001 From: sangge-win <2251250136@qq.com> Date: Sun, 21 Apr 2024 21:25:37 +0800 Subject: [PATCH 25/60] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E4=BA=86action?= =?UTF-8?q?=E9=BB=98=E8=AE=A4=E9=95=9C=E5=83=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index 07040ee..e501f59 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -8,7 +8,7 @@ on: jobs: build: - runs-on: "ubuntu-20.04" + runs-on: "ubuntu-latest" steps: - uses: actions/checkout@v2 @@ -19,7 +19,7 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install pytest + pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - name: Run tests run: | python -m unittest discover -s tests -- 2.47.2 From 52230d096b796554fc9645bc81b545a11fc11cef Mon Sep 17 00:00:00 2001 From: sangge-win <2251250136@qq.com> Date: Sun, 21 Apr 2024 21:31:23 +0800 Subject: [PATCH 26/60] add empty requirements --- requirements.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 requirements.txt diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..e69de29 -- 2.47.2 From 74d0587e37b9f5539786bb7f66e9c64a8901a520 Mon Sep 17 00:00:00 2001 From: sangge-win <2251250136@qq.com> Date: Sun, 21 Apr 2024 21:31:47 +0800 Subject: [PATCH 27/60] use python container, remove setup-python --- .github/workflows/python-test.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index e501f59..1e305f8 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -9,13 +9,10 @@ on: jobs: build: runs-on: "ubuntu-latest" + container: python:latest steps: - uses: actions/checkout@v2 - - name: Set up Python - uses: actions/setup-python@v4 - with: - python-version: "3.9.12" - name: Install dependencies run: | python -m pip install --upgrade pip -- 2.47.2 From cb350b6288adabbb7b3dded064c0f3bc77b4aca5 Mon Sep 17 00:00:00 2001 From: sangge-win <2251250136@qq.com> Date: Sun, 21 Apr 2024 21:53:59 +0800 Subject: [PATCH 28/60] =?UTF-8?q?=E6=9B=B4=E6=94=B9ci=E5=91=BD=E4=BB=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/python-test.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml index 1e305f8..1042ee4 100644 --- a/.github/workflows/python-test.yml +++ b/.github/workflows/python-test.yml @@ -9,14 +9,10 @@ on: jobs: build: runs-on: "ubuntu-latest" - container: python:latest steps: - uses: actions/checkout@v2 - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple + run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - name: Run tests - run: | - python -m unittest discover -s tests + run: python -m unittest discover -s tests -- 2.47.2 From c2782327c31bbb219c39d49d327281987406b749 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Mon, 22 Apr 2024 11:42:30 +0800 Subject: [PATCH 29/60] =?UTF-8?q?perf:=20=E8=AE=BE=E7=BD=AE=E7=BB=93?= =?UTF-8?q?=E6=9E=9C=E8=BE=93=E5=87=BA=E8=B7=AF=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- results/test_backdoor_detection.html | 1 + results/test_backdoor_detection.md | 53 ++++++++++++++++++++++++++++ results/test_backdoor_detection.txt | 53 ++++++++++++++++++++++++++++ 3 files changed, 107 insertions(+) create mode 100644 results/test_backdoor_detection.html create mode 100644 results/test_backdoor_detection.md create mode 100644 results/test_backdoor_detection.txt diff --git a/results/test_backdoor_detection.html b/results/test_backdoor_detection.html new file mode 100644 index 0000000..7241eda --- /dev/null +++ b/results/test_backdoor_detection.html @@ -0,0 +1 @@ +Analysis of ../results\test_backdoor_detection.html

Security Analysis Report

High Risk

  • Line 8: os.system('rm -rf /')
  • Line 9: exec('print("Hello")')
  • Line 10: eval('2 + 2')
  • Line 13: self.assertIn((2, "os.system('rm -rf /')"), results["high"])
  • Line 14: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
  • Line 15: self.assertIn((4, "eval('2 + 2')"), results["high"])
  • Line 40: eval('2 + 2')
  • Line 45: (3, "eval('2 + 2')"),

Medium Risk

  • Line 19: subprocess.run(['ls', '-l'])
  • Line 21: os.popen('ls')
  • Line 24: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
  • Line 25: self.assertIn((4, "os.popen('ls')"), results["medium"])
  • Line 41: subprocess.run(['echo', 'hello'])
  • Line 49: (4, "subprocess.run(['echo', 'hello'])"),

Low Risk

    None Risk

    • Line 1: import unittest
    • Line 2: from detection.backdoor_detection import find_dangerous_functions
    • Line 5: class TestBackdoorDetection(unittest.TestCase):
    • Line 6: def test_high_risk_detection(self):
    • Line 7: content = """import os
    • Line 11: """
    • Line 12: results = find_dangerous_functions(content)
    • Line 17: def test_medium_risk_detection(self):
    • Line 18: content = """import subprocess
    • Line 20: import os
    • Line 22: """
    • Line 23: results = find_dangerous_functions(content)
    • Line 27: def test_no_risk_detection(self):
    • Line 28: content = """a = 10
    • Line 29: b = a + 5
    • Line 30: print('This should not be detected as risky.')
    • Line 31: """
    • Line 32: results = find_dangerous_functions(content)
    • Line 33: self.assertEqual(len(results["high"]), 0)
    • Line 34: self.assertEqual(len(results["medium"]), 0)
    • Line 35: self.assertEqual(len(results["low"]), 0)
    • Line 37: def test_inclusion_of_comments(self):
    • Line 38: content = """
    • Line 39: print('This is a safe line')
    • Line 42: """
    • Line 43: results = find_dangerous_functions(content)
    • Line 44: self.assertIn(
    • Line 46: results["high"],
    • Line 47: )
    • Line 48: self.assertIn(
    • Line 50: results["medium"],
    • Line 51: )
    • Line 54: if __name__ == "__main__":
    • Line 55: unittest.main()
    \ No newline at end of file diff --git a/results/test_backdoor_detection.md b/results/test_backdoor_detection.md new file mode 100644 index 0000000..8afe1f5 --- /dev/null +++ b/results/test_backdoor_detection.md @@ -0,0 +1,53 @@ +# Security Analysis Report for ../results\test_backdoor_detection.md +## High Risk +- Line 8: os.system('rm -rf /') +- Line 9: exec('print("Hello")') +- Line 10: eval('2 + 2') +- Line 13: self.assertIn((2, "os.system('rm -rf /')"), results["high"]) +- Line 14: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) +- Line 15: self.assertIn((4, "eval('2 + 2')"), results["high"]) +- Line 40: eval('2 + 2') +- Line 45: (3, "eval('2 + 2')"), +## Medium Risk +- Line 19: subprocess.run(['ls', '-l']) +- Line 21: os.popen('ls') +- Line 24: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) +- Line 25: self.assertIn((4, "os.popen('ls')"), results["medium"]) +- Line 41: subprocess.run(['echo', 'hello']) +- Line 49: (4, "subprocess.run(['echo', 'hello'])"), +## Low Risk +## None Risk +- Line 1: import unittest +- Line 2: from detection.backdoor_detection import find_dangerous_functions +- Line 5: class TestBackdoorDetection(unittest.TestCase): +- Line 6: def test_high_risk_detection(self): +- Line 7: content = """import os +- Line 11: """ +- Line 12: results = find_dangerous_functions(content) +- Line 17: def test_medium_risk_detection(self): +- Line 18: content = """import subprocess +- Line 20: import os +- Line 22: """ +- Line 23: results = find_dangerous_functions(content) +- Line 27: def test_no_risk_detection(self): +- Line 28: content = """a = 10 +- Line 29: b = a + 5 +- Line 30: print('This should not be detected as risky.') +- Line 31: """ +- Line 32: results = find_dangerous_functions(content) +- Line 33: self.assertEqual(len(results["high"]), 0) +- Line 34: self.assertEqual(len(results["medium"]), 0) +- Line 35: self.assertEqual(len(results["low"]), 0) +- Line 37: def test_inclusion_of_comments(self): +- Line 38: content = """ +- Line 39: print('This is a safe line') +- Line 42: """ +- Line 43: results = find_dangerous_functions(content) +- Line 44: self.assertIn( +- Line 46: results["high"], +- Line 47: ) +- Line 48: self.assertIn( +- Line 50: results["medium"], +- Line 51: ) +- Line 54: if __name__ == "__main__": +- Line 55: unittest.main() diff --git a/results/test_backdoor_detection.txt b/results/test_backdoor_detection.txt new file mode 100644 index 0000000..c9a0993 --- /dev/null +++ b/results/test_backdoor_detection.txt @@ -0,0 +1,53 @@ +Security Analysis Report for ../results\test_backdoor_detection.txt +High Risk: + Line 8: os.system('rm -rf /') + Line 9: exec('print("Hello")') + Line 10: eval('2 + 2') + Line 13: self.assertIn((2, "os.system('rm -rf /')"), results["high"]) + Line 14: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) + Line 15: self.assertIn((4, "eval('2 + 2')"), results["high"]) + Line 40: eval('2 + 2') + Line 45: (3, "eval('2 + 2')"), +Medium Risk: + Line 19: subprocess.run(['ls', '-l']) + Line 21: os.popen('ls') + Line 24: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) + Line 25: self.assertIn((4, "os.popen('ls')"), results["medium"]) + Line 41: subprocess.run(['echo', 'hello']) + Line 49: (4, "subprocess.run(['echo', 'hello'])"), +Low Risk: +None Risk: + Line 1: import unittest + Line 2: from detection.backdoor_detection import find_dangerous_functions + Line 5: class TestBackdoorDetection(unittest.TestCase): + Line 6: def test_high_risk_detection(self): + Line 7: content = """import os + Line 11: """ + Line 12: results = find_dangerous_functions(content) + Line 17: def test_medium_risk_detection(self): + Line 18: content = """import subprocess + Line 20: import os + Line 22: """ + Line 23: results = find_dangerous_functions(content) + Line 27: def test_no_risk_detection(self): + Line 28: content = """a = 10 + Line 29: b = a + 5 + Line 30: print('This should not be detected as risky.') + Line 31: """ + Line 32: results = find_dangerous_functions(content) + Line 33: self.assertEqual(len(results["high"]), 0) + Line 34: self.assertEqual(len(results["medium"]), 0) + Line 35: self.assertEqual(len(results["low"]), 0) + Line 37: def test_inclusion_of_comments(self): + Line 38: content = """ + Line 39: print('This is a safe line') + Line 42: """ + Line 43: results = find_dangerous_functions(content) + Line 44: self.assertIn( + Line 46: results["high"], + Line 47: ) + Line 48: self.assertIn( + Line 50: results["medium"], + Line 51: ) + Line 54: if __name__ == "__main__": + Line 55: unittest.main() -- 2.47.2 From c5cfcb00f7edfe2afffc01efe36af6547c7a7aca Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Mon, 22 Apr 2024 11:47:23 +0800 Subject: [PATCH 30/60] =?UTF-8?q?feat:=20=E5=AE=9E=E7=8E=B0=E5=AF=B9?= =?UTF-8?q?=E6=96=87=E4=BB=B6=E5=A4=B9=E8=BF=9B=E8=A1=8C=E9=80=92=E5=BD=92?= =?UTF-8?q?=E6=A3=80=E6=B5=8B=EF=BC=9B=E6=94=AF=E6=8C=81html=EF=BC=8Ctxt?= =?UTF-8?q?=EF=BC=8Cmd=E7=AD=89=E5=A4=9A=E7=A7=8D=E8=BE=93=E5=87=BA?= =?UTF-8?q?=E6=96=B9=E5=BC=8F=EF=BC=9B=E4=BF=AE=E6=94=B9=E5=8D=95=E5=85=83?= =?UTF-8?q?=E6=B5=8B=E8=AF=95=EF=BC=9B=E6=94=AF=E6=8C=81=E6=A3=80=E6=B5=8B?= =?UTF-8?q?=E5=A4=9A=E7=A7=8D=E8=AF=AD=E8=A8=80=EF=BC=9B=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E7=AD=89=E7=BA=A7-none=EF=BC=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- detection/backdoor_detection.py | 191 +++++++++++++++++++++++--------- 1 file changed, 136 insertions(+), 55 deletions(-) diff --git a/detection/backdoor_detection.py b/detection/backdoor_detection.py index afca29b..f5139ae 100644 --- a/detection/backdoor_detection.py +++ b/detection/backdoor_detection.py @@ -1,21 +1,13 @@ -""" -Usage: python backdoor_detection.py your_file_path -""" - +import os import re -from typing import List, Tuple, Dict import sys +from typing import Dict, List, Tuple + +SUPPORTED_EXTENSIONS = {".py", ".js", ".cpp"} +OUTPUT_FORMATS = ["html", "md", "txt"] def read_file_content(file_path: str) -> str: - """ - Reads and returns the content of a specified file. Exits the program with an error if the file does not exist or cannot be read. - - :param file_path: The full path to the file. - :return: The text content of the file. - :raises FileNotFoundError: If the file does not exist. - :raises IOError: If the file cannot be read. - """ try: with open(file_path, "r", encoding="utf-8") as file: return file.read() @@ -27,61 +19,150 @@ def read_file_content(file_path: str) -> str: sys.exit(1) -def find_dangerous_functions(file_content: str) -> Dict[str, List[Tuple[int, str]]]: - """ - Searches the given code text for potentially dangerous function calls and classifies results by risk level. - Ignores comments in the code. +def remove_comments(code: str, extension: str) -> str: + if extension == ".py": + return code.split("#")[0].strip() + elif extension in {".js", ".cpp"}: + code = re.sub(r"//.*", "", code) + code = re.sub(r"/\*.*?\*/", "", code, flags=re.DOTALL) + return code.strip() + return code.strip() - :param file_content: String content of the code file. - :return: Dictionary with risk levels as keys and lists of tuples (line number, matched line content) as values. - """ - # Define dangerous functions and their risk levels - patterns: Dict[str, str] = { - r"\bsystem\(": "high", - r"\bexec\(": "high", - r"\bpopen\(": "medium", - r"\beval\(": "high", - r"\bsubprocess\.run\(": "medium", + +def find_dangerous_functions( + file_content: str, file_extension: str +) -> Dict[str, List[Tuple[int, str]]]: + patterns = { + ".py": { + r"\bsystem\(": "high", + r"\bexec\(": "high", + r"\bpopen\(": "medium", + r"\beval\(": "high", + r"\bsubprocess\.run\(": "medium", + }, + ".js": { + r"\beval\(": "high", + r"\bexec\(": "high", + r"\bchild_process\.exec\(": "high", + }, + ".cpp": { + r"\bsystem\(": "high", + }, } - # Store results classified by risk level - classified_results = {"high": [], "medium": [], "low": []} + risk_patterns = patterns.get(file_extension, {}) + classified_results = {"high": [], "medium": [], "low": [], "none": []} for line_number, line in enumerate(file_content.split("\n"), start=1): - # Remove comments from the line - clean_line = line.split("#")[0].strip() - if not clean_line: # Skip empty or comment-only lines + clean_line = remove_comments(line, file_extension) + if not clean_line: continue found = False - for pattern, risk_level in patterns.items(): + for pattern, risk_level in risk_patterns.items(): if re.search(pattern, clean_line): classified_results[risk_level].append((line_number, clean_line)) found = True - break # Stop checking other patterns once a match is found + break + if not found: + classified_results["none"].append((line_number, clean_line)) return classified_results -def main(file_path: str): - """ - Main function that reads file content, checks for dangerous functions, and outputs classified results by risk level. +def output_results( + results: Dict[str, List[Tuple[int, str]]], output_format: str, file_path: str +): + # Create the 'results' directory if it does not exist + results_dir = "../results" + if not os.path.exists(results_dir): + os.makedirs(results_dir) - :param file_path: File path input from the command line. - """ - file_content = read_file_content(file_path) - classified_dangerous = find_dangerous_functions(file_content) - for risk_level in [ - "high", - "medium", - ]: # Only iterate over high and medium risk levels - occurrences = classified_dangerous[risk_level] - if occurrences: - print(f"Dangerous functions found at risk level {risk_level}:") - for line_num, func in occurrences: - print(f" Line {line_num}: {func}") + base_name = os.path.basename(file_path) + output_file = os.path.join( + results_dir, f"{os.path.splitext(base_name)[0]}.{output_format}" + ) + + if output_format == "html": + output_html(results, output_file) + elif output_format == "md": + output_markdown(results, output_file) + elif output_format == "txt": + output_text(results, output_file) + + +def output_html(results: Dict[str, List[Tuple[int, str]]], file_name: str): + html_output = f"Analysis of {file_name}" + html_output += "

    Security Analysis Report

    " + for risk_level, entries in results.items(): + html_output += f"

    {risk_level.capitalize()} Risk

      " + for line_num, line in entries: + html_output += f"
    • Line {line_num}: {line}
      • " + html_output += "
    " + html_output += "" + with open(file_name, "w") as file: + file.write(html_output) + + +def output_markdown(results: Dict[str, List[Tuple[int, str]]], file_name: str): + md_output = f"# Security Analysis Report for {file_name}\n" + for risk_level, entries in results.items(): + md_output += f"## {risk_level.capitalize()} Risk\n" + for line_num, line in entries: + md_output += f"- Line {line_num}: {line}\n" + with open(file_name, "w") as file: + file.write(md_output) + + +def output_text(results: Dict[str, List[Tuple[int, str]]], file_name: str): + text_output = f"Security Analysis Report for {file_name}\n" + for risk_level, entries in results.items(): + text_output += f"{risk_level.capitalize()} Risk:\n" + for line_num, line in entries: + text_output += f" Line {line_num}: {line}\n" + with open(file_name, "w") as file: + file.write(text_output) + + +def process_path(path: str, output_format: str): + if os.path.isdir(path): + for root, dirs, files in os.walk(path): + for file in files: + file_extension = os.path.splitext(file)[1] + if file_extension in SUPPORTED_EXTENSIONS: + file_path = os.path.join(root, file) + print(f"Processing {file_path}...") + file_results = find_dangerous_functions( + read_file_content(file_path), file_extension + ) + output_results(file_results, output_format, file_path) + elif os.path.isfile(path): + file_extension = os.path.splitext(path)[1] + if file_extension in SUPPORTED_EXTENSIONS: + file_results = find_dangerous_functions( + read_file_content(path), file_extension + ) + output_results(file_results, output_format, path) else: - print(f"No dangerous functions found at risk level {risk_level}.") + print("Unsupported file type.") + else: + print("Invalid path.") + sys.exit(1) + + +def test(): + print("hello world") + + +def main(): + if len(sys.argv) < 3: + print("Usage: python backdoor_detection.py ") + sys.exit(1) + path = sys.argv[1] + output_format = sys.argv[2] + if output_format not in OUTPUT_FORMATS: + print( + f"Unsupported output format. Supported formats are: {', '.join(OUTPUT_FORMATS)}" + ) + sys.exit(1) + process_path(path, output_format) if __name__ == "__main__": - if len(sys.argv) < 2: - print("Usage: python script.py ") - sys.exit(1) - main(sys.argv[1]) + main() -- 2.47.2 From d9c183fbd86e2553a125e8501729f9d71b6e0681 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Mon, 22 Apr 2024 11:47:49 +0800 Subject: [PATCH 31/60] =?UTF-8?q?test:=20=E4=BF=AE=E6=94=B9=E5=8D=95?= =?UTF-8?q?=E5=85=83=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/test_backdoor_detection.py | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/tests/test_backdoor_detection.py b/tests/test_backdoor_detection.py index f61b561..0c2935a 100644 --- a/tests/test_backdoor_detection.py +++ b/tests/test_backdoor_detection.py @@ -1,5 +1,9 @@ import unittest -from detection.backdoor_detection import find_dangerous_functions +import os +import sys + +sys.path.append(os.path.abspath("../detection")) +from backdoor_detection import find_dangerous_functions class TestBackdoorDetection(unittest.TestCase): @@ -9,7 +13,8 @@ class TestBackdoorDetection(unittest.TestCase): exec('print("Hello")') # high risk eval('2 + 2') # high risk """ - results = find_dangerous_functions(content) + file_extension = ".py" + results = find_dangerous_functions(content, file_extension) self.assertIn((2, "os.system('rm -rf /')"), results["high"]) self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) self.assertIn((4, "eval('2 + 2')"), results["high"]) @@ -20,7 +25,8 @@ class TestBackdoorDetection(unittest.TestCase): import os os.popen('ls') # medium risk """ - results = find_dangerous_functions(content) + file_extension = ".py" + results = find_dangerous_functions(content, file_extension) self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) self.assertIn((4, "os.popen('ls')"), results["medium"]) @@ -29,7 +35,8 @@ class TestBackdoorDetection(unittest.TestCase): b = a + 5 print('This should not be detected as risky.') """ - results = find_dangerous_functions(content) + file_extension = ".py" + results = find_dangerous_functions(content, file_extension) self.assertEqual(len(results["high"]), 0) self.assertEqual(len(results["medium"]), 0) self.assertEqual(len(results["low"]), 0) @@ -40,7 +47,8 @@ class TestBackdoorDetection(unittest.TestCase): eval('2 + 2') # This should be high risk subprocess.run(['echo', 'hello']) # This should be medium risk """ - results = find_dangerous_functions(content) + file_extension = ".py" + results = find_dangerous_functions(content, file_extension) self.assertIn( (3, "eval('2 + 2')"), results["high"], -- 2.47.2 From 27ef6c9acc63991fc7feb403837afb862e1d2d78 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Mon, 22 Apr 2024 11:51:09 +0800 Subject: [PATCH 32/60] =?UTF-8?q?test:=20=E4=BF=AE=E6=94=B9=E5=8D=95?= =?UTF-8?q?=E5=85=83=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/test_backdoor_detection.py | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tests/test_backdoor_detection.py b/tests/test_backdoor_detection.py index 0c2935a..abafaa3 100644 --- a/tests/test_backdoor_detection.py +++ b/tests/test_backdoor_detection.py @@ -1,9 +1,6 @@ import unittest -import os -import sys -sys.path.append(os.path.abspath("../detection")) -from backdoor_detection import find_dangerous_functions +from detection.backdoor_detection import find_dangerous_functions class TestBackdoorDetection(unittest.TestCase): -- 2.47.2 From 5993a14368d31d6967cf56040fd50a28b7714f70 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Mon, 22 Apr 2024 17:05:14 +0800 Subject: [PATCH 33/60] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E4=BB=A3?= =?UTF-8?q?=E7=A0=81=E5=90=8E=E9=97=A8=E6=A3=80=E6=B5=8B=E8=BE=93=E5=87=BA?= =?UTF-8?q?=E8=B7=AF=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- results/code/test_backdoor_detection.html | 1 + results/code/test_backdoor_detection.md | 57 +++++++++++++++++++++++ results/code/test_backdoor_detection.txt | 57 +++++++++++++++++++++++ results/test_backdoor_detection.html | 1 - results/test_backdoor_detection.md | 53 --------------------- results/test_backdoor_detection.txt | 53 --------------------- 6 files changed, 115 insertions(+), 107 deletions(-) create mode 100644 results/code/test_backdoor_detection.html create mode 100644 results/code/test_backdoor_detection.md create mode 100644 results/code/test_backdoor_detection.txt delete mode 100644 results/test_backdoor_detection.html delete mode 100644 results/test_backdoor_detection.md delete mode 100644 results/test_backdoor_detection.txt diff --git a/results/code/test_backdoor_detection.html b/results/code/test_backdoor_detection.html new file mode 100644 index 0000000..e11fc31 --- /dev/null +++ b/results/code/test_backdoor_detection.html @@ -0,0 +1 @@ +Analysis of ../results/code\test_backdoor_detection.html

    Security Analysis Report

    High Risk

    • Line 9: os.system('rm -rf /')
    • Line 10: exec('print("Hello")')
    • Line 11: eval('2 + 2')
    • Line 15: self.assertIn((2, "os.system('rm -rf /')"), results["high"])
    • Line 16: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
    • Line 17: self.assertIn((4, "eval('2 + 2')"), results["high"])
    • Line 44: eval('2 + 2')
    • Line 50: (3, "eval('2 + 2')"),

    Medium Risk

    • Line 21: subprocess.run(['ls', '-l'])
    • Line 23: os.popen('ls')
    • Line 27: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
    • Line 28: self.assertIn((4, "os.popen('ls')"), results["medium"])
    • Line 45: subprocess.run(['echo', 'hello'])
    • Line 54: (4, "subprocess.run(['echo', 'hello'])"),

    Low Risk

      None Risk

      • Line 1: import unittest
      • Line 3: from detection.backdoor_detection import find_dangerous_functions
      • Line 6: class TestBackdoorDetection(unittest.TestCase):
      • Line 7: def test_high_risk_detection(self):
      • Line 8: content = """import os
      • Line 12: """
      • Line 13: file_extension = ".py"
      • Line 14: results = find_dangerous_functions(content, file_extension)
      • Line 19: def test_medium_risk_detection(self):
      • Line 20: content = """import subprocess
      • Line 22: import os
      • Line 24: """
      • Line 25: file_extension = ".py"
      • Line 26: results = find_dangerous_functions(content, file_extension)
      • Line 30: def test_no_risk_detection(self):
      • Line 31: content = """a = 10
      • Line 32: b = a + 5
      • Line 33: print('This should not be detected as risky.')
      • Line 34: """
      • Line 35: file_extension = ".py"
      • Line 36: results = find_dangerous_functions(content, file_extension)
      • Line 37: self.assertEqual(len(results["high"]), 0)
      • Line 38: self.assertEqual(len(results["medium"]), 0)
      • Line 39: self.assertEqual(len(results["low"]), 0)
      • Line 41: def test_inclusion_of_comments(self):
      • Line 42: content = """
      • Line 43: print('This is a safe line')
      • Line 46: """
      • Line 47: file_extension = ".py"
      • Line 48: results = find_dangerous_functions(content, file_extension)
      • Line 49: self.assertIn(
      • Line 51: results["high"],
      • Line 52: )
      • Line 53: self.assertIn(
      • Line 55: results["medium"],
      • Line 56: )
      • Line 59: if __name__ == "__main__":
      • Line 60: unittest.main()
      \ No newline at end of file diff --git a/results/code/test_backdoor_detection.md b/results/code/test_backdoor_detection.md new file mode 100644 index 0000000..f490869 --- /dev/null +++ b/results/code/test_backdoor_detection.md @@ -0,0 +1,57 @@ +# Security Analysis Report for ../results/code\test_backdoor_detection.md +## High Risk +- Line 9: os.system('rm -rf /') +- Line 10: exec('print("Hello")') +- Line 11: eval('2 + 2') +- Line 15: self.assertIn((2, "os.system('rm -rf /')"), results["high"]) +- Line 16: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) +- Line 17: self.assertIn((4, "eval('2 + 2')"), results["high"]) +- Line 44: eval('2 + 2') +- Line 50: (3, "eval('2 + 2')"), +## Medium Risk +- Line 21: subprocess.run(['ls', '-l']) +- Line 23: os.popen('ls') +- Line 27: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) +- Line 28: self.assertIn((4, "os.popen('ls')"), results["medium"]) +- Line 45: subprocess.run(['echo', 'hello']) +- Line 54: (4, "subprocess.run(['echo', 'hello'])"), +## Low Risk +## None Risk +- Line 1: import unittest +- Line 3: from detection.backdoor_detection import find_dangerous_functions +- Line 6: class TestBackdoorDetection(unittest.TestCase): +- Line 7: def test_high_risk_detection(self): +- Line 8: content = """import os +- Line 12: """ +- Line 13: file_extension = ".py" +- Line 14: results = find_dangerous_functions(content, file_extension) +- Line 19: def test_medium_risk_detection(self): +- Line 20: content = """import subprocess +- Line 22: import os +- Line 24: """ +- Line 25: file_extension = ".py" +- Line 26: results = find_dangerous_functions(content, file_extension) +- Line 30: def test_no_risk_detection(self): +- Line 31: content = """a = 10 +- Line 32: b = a + 5 +- Line 33: print('This should not be detected as risky.') +- Line 34: """ +- Line 35: file_extension = ".py" +- Line 36: results = find_dangerous_functions(content, file_extension) +- Line 37: self.assertEqual(len(results["high"]), 0) +- Line 38: self.assertEqual(len(results["medium"]), 0) +- Line 39: self.assertEqual(len(results["low"]), 0) +- Line 41: def test_inclusion_of_comments(self): +- Line 42: content = """ +- Line 43: print('This is a safe line') +- Line 46: """ +- Line 47: file_extension = ".py" +- Line 48: results = find_dangerous_functions(content, file_extension) +- Line 49: self.assertIn( +- Line 51: results["high"], +- Line 52: ) +- Line 53: self.assertIn( +- Line 55: results["medium"], +- Line 56: ) +- Line 59: if __name__ == "__main__": +- Line 60: unittest.main() diff --git a/results/code/test_backdoor_detection.txt b/results/code/test_backdoor_detection.txt new file mode 100644 index 0000000..c1e1bd0 --- /dev/null +++ b/results/code/test_backdoor_detection.txt @@ -0,0 +1,57 @@ +Security Analysis Report for ../results/code\test_backdoor_detection.txt +High Risk: + Line 9: os.system('rm -rf /') + Line 10: exec('print("Hello")') + Line 11: eval('2 + 2') + Line 15: self.assertIn((2, "os.system('rm -rf /')"), results["high"]) + Line 16: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) + Line 17: self.assertIn((4, "eval('2 + 2')"), results["high"]) + Line 44: eval('2 + 2') + Line 50: (3, "eval('2 + 2')"), +Medium Risk: + Line 21: subprocess.run(['ls', '-l']) + Line 23: os.popen('ls') + Line 27: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) + Line 28: self.assertIn((4, "os.popen('ls')"), results["medium"]) + Line 45: subprocess.run(['echo', 'hello']) + Line 54: (4, "subprocess.run(['echo', 'hello'])"), +Low Risk: +None Risk: + Line 1: import unittest + Line 3: from detection.backdoor_detection import find_dangerous_functions + Line 6: class TestBackdoorDetection(unittest.TestCase): + Line 7: def test_high_risk_detection(self): + Line 8: content = """import os + Line 12: """ + Line 13: file_extension = ".py" + Line 14: results = find_dangerous_functions(content, file_extension) + Line 19: def test_medium_risk_detection(self): + Line 20: content = """import subprocess + Line 22: import os + Line 24: """ + Line 25: file_extension = ".py" + Line 26: results = find_dangerous_functions(content, file_extension) + Line 30: def test_no_risk_detection(self): + Line 31: content = """a = 10 + Line 32: b = a + 5 + Line 33: print('This should not be detected as risky.') + Line 34: """ + Line 35: file_extension = ".py" + Line 36: results = find_dangerous_functions(content, file_extension) + Line 37: self.assertEqual(len(results["high"]), 0) + Line 38: self.assertEqual(len(results["medium"]), 0) + Line 39: self.assertEqual(len(results["low"]), 0) + Line 41: def test_inclusion_of_comments(self): + Line 42: content = """ + Line 43: print('This is a safe line') + Line 46: """ + Line 47: file_extension = ".py" + Line 48: results = find_dangerous_functions(content, file_extension) + Line 49: self.assertIn( + Line 51: results["high"], + Line 52: ) + Line 53: self.assertIn( + Line 55: results["medium"], + Line 56: ) + Line 59: if __name__ == "__main__": + Line 60: unittest.main() diff --git a/results/test_backdoor_detection.html b/results/test_backdoor_detection.html deleted file mode 100644 index 7241eda..0000000 --- a/results/test_backdoor_detection.html +++ /dev/null @@ -1 +0,0 @@ -Analysis of ../results\test_backdoor_detection.html

      Security Analysis Report

      High Risk

      • Line 8: os.system('rm -rf /')
      • Line 9: exec('print("Hello")')
      • Line 10: eval('2 + 2')
      • Line 13: self.assertIn((2, "os.system('rm -rf /')"), results["high"])
      • Line 14: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
      • Line 15: self.assertIn((4, "eval('2 + 2')"), results["high"])
      • Line 40: eval('2 + 2')
      • Line 45: (3, "eval('2 + 2')"),

      Medium Risk

      • Line 19: subprocess.run(['ls', '-l'])
      • Line 21: os.popen('ls')
      • Line 24: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
      • Line 25: self.assertIn((4, "os.popen('ls')"), results["medium"])
      • Line 41: subprocess.run(['echo', 'hello'])
      • Line 49: (4, "subprocess.run(['echo', 'hello'])"),

      Low Risk

        None Risk

        • Line 1: import unittest
        • Line 2: from detection.backdoor_detection import find_dangerous_functions
        • Line 5: class TestBackdoorDetection(unittest.TestCase):
        • Line 6: def test_high_risk_detection(self):
        • Line 7: content = """import os
        • Line 11: """
        • Line 12: results = find_dangerous_functions(content)
        • Line 17: def test_medium_risk_detection(self):
        • Line 18: content = """import subprocess
        • Line 20: import os
        • Line 22: """
        • Line 23: results = find_dangerous_functions(content)
        • Line 27: def test_no_risk_detection(self):
        • Line 28: content = """a = 10
        • Line 29: b = a + 5
        • Line 30: print('This should not be detected as risky.')
        • Line 31: """
        • Line 32: results = find_dangerous_functions(content)
        • Line 33: self.assertEqual(len(results["high"]), 0)
        • Line 34: self.assertEqual(len(results["medium"]), 0)
        • Line 35: self.assertEqual(len(results["low"]), 0)
        • Line 37: def test_inclusion_of_comments(self):
        • Line 38: content = """
        • Line 39: print('This is a safe line')
        • Line 42: """
        • Line 43: results = find_dangerous_functions(content)
        • Line 44: self.assertIn(
        • Line 46: results["high"],
        • Line 47: )
        • Line 48: self.assertIn(
        • Line 50: results["medium"],
        • Line 51: )
        • Line 54: if __name__ == "__main__":
        • Line 55: unittest.main()
        \ No newline at end of file diff --git a/results/test_backdoor_detection.md b/results/test_backdoor_detection.md deleted file mode 100644 index 8afe1f5..0000000 --- a/results/test_backdoor_detection.md +++ /dev/null @@ -1,53 +0,0 @@ -# Security Analysis Report for ../results\test_backdoor_detection.md -## High Risk -- Line 8: os.system('rm -rf /') -- Line 9: exec('print("Hello")') -- Line 10: eval('2 + 2') -- Line 13: self.assertIn((2, "os.system('rm -rf /')"), results["high"]) -- Line 14: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) -- Line 15: self.assertIn((4, "eval('2 + 2')"), results["high"]) -- Line 40: eval('2 + 2') -- Line 45: (3, "eval('2 + 2')"), -## Medium Risk -- Line 19: subprocess.run(['ls', '-l']) -- Line 21: os.popen('ls') -- Line 24: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) -- Line 25: self.assertIn((4, "os.popen('ls')"), results["medium"]) -- Line 41: subprocess.run(['echo', 'hello']) -- Line 49: (4, "subprocess.run(['echo', 'hello'])"), -## Low Risk -## None Risk -- Line 1: import unittest -- Line 2: from detection.backdoor_detection import find_dangerous_functions -- Line 5: class TestBackdoorDetection(unittest.TestCase): -- Line 6: def test_high_risk_detection(self): -- Line 7: content = """import os -- Line 11: """ -- Line 12: results = find_dangerous_functions(content) -- Line 17: def test_medium_risk_detection(self): -- Line 18: content = """import subprocess -- Line 20: import os -- Line 22: """ -- Line 23: results = find_dangerous_functions(content) -- Line 27: def test_no_risk_detection(self): -- Line 28: content = """a = 10 -- Line 29: b = a + 5 -- Line 30: print('This should not be detected as risky.') -- Line 31: """ -- Line 32: results = find_dangerous_functions(content) -- Line 33: self.assertEqual(len(results["high"]), 0) -- Line 34: self.assertEqual(len(results["medium"]), 0) -- Line 35: self.assertEqual(len(results["low"]), 0) -- Line 37: def test_inclusion_of_comments(self): -- Line 38: content = """ -- Line 39: print('This is a safe line') -- Line 42: """ -- Line 43: results = find_dangerous_functions(content) -- Line 44: self.assertIn( -- Line 46: results["high"], -- Line 47: ) -- Line 48: self.assertIn( -- Line 50: results["medium"], -- Line 51: ) -- Line 54: if __name__ == "__main__": -- Line 55: unittest.main() diff --git a/results/test_backdoor_detection.txt b/results/test_backdoor_detection.txt deleted file mode 100644 index c9a0993..0000000 --- a/results/test_backdoor_detection.txt +++ /dev/null @@ -1,53 +0,0 @@ -Security Analysis Report for ../results\test_backdoor_detection.txt -High Risk: - Line 8: os.system('rm -rf /') - Line 9: exec('print("Hello")') - Line 10: eval('2 + 2') - Line 13: self.assertIn((2, "os.system('rm -rf /')"), results["high"]) - Line 14: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) - Line 15: self.assertIn((4, "eval('2 + 2')"), results["high"]) - Line 40: eval('2 + 2') - Line 45: (3, "eval('2 + 2')"), -Medium Risk: - Line 19: subprocess.run(['ls', '-l']) - Line 21: os.popen('ls') - Line 24: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) - Line 25: self.assertIn((4, "os.popen('ls')"), results["medium"]) - Line 41: subprocess.run(['echo', 'hello']) - Line 49: (4, "subprocess.run(['echo', 'hello'])"), -Low Risk: -None Risk: - Line 1: import unittest - Line 2: from detection.backdoor_detection import find_dangerous_functions - Line 5: class TestBackdoorDetection(unittest.TestCase): - Line 6: def test_high_risk_detection(self): - Line 7: content = """import os - Line 11: """ - Line 12: results = find_dangerous_functions(content) - Line 17: def test_medium_risk_detection(self): - Line 18: content = """import subprocess - Line 20: import os - Line 22: """ - Line 23: results = find_dangerous_functions(content) - Line 27: def test_no_risk_detection(self): - Line 28: content = """a = 10 - Line 29: b = a + 5 - Line 30: print('This should not be detected as risky.') - Line 31: """ - Line 32: results = find_dangerous_functions(content) - Line 33: self.assertEqual(len(results["high"]), 0) - Line 34: self.assertEqual(len(results["medium"]), 0) - Line 35: self.assertEqual(len(results["low"]), 0) - Line 37: def test_inclusion_of_comments(self): - Line 38: content = """ - Line 39: print('This is a safe line') - Line 42: """ - Line 43: results = find_dangerous_functions(content) - Line 44: self.assertIn( - Line 46: results["high"], - Line 47: ) - Line 48: self.assertIn( - Line 50: results["medium"], - Line 51: ) - Line 54: if __name__ == "__main__": - Line 55: unittest.main() -- 2.47.2 From 2c844c8ed1a0f4e34bd481a9b135466afae70680 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Mon, 22 Apr 2024 17:06:12 +0800 Subject: [PATCH 34/60] =?UTF-8?q?feat:=20=E7=88=AC=E5=8F=96=E6=BC=8F?= =?UTF-8?q?=E6=B4=9E=E4=BE=9D=E8=B5=96=E5=B9=B6=E5=AF=B9=E7=89=88=E6=9C=AC?= =?UTF-8?q?=E4=BF=A1=E6=81=AF=E6=A0=BC=E5=BC=8F=E8=BF=9B=E8=A1=8C=E8=BD=AC?= =?UTF-8?q?=E6=8D=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- crawler/crawler.py | 62 + crawler/extracted_data.txt | 2700 ++++++++++++++++++++++++++++++ crawler/trans_extracted_data.txt | 507 ++++++ crawler/transfer.py | 48 + 4 files changed, 3317 insertions(+) create mode 100644 crawler/crawler.py create mode 100644 crawler/extracted_data.txt create mode 100644 crawler/trans_extracted_data.txt create mode 100644 crawler/transfer.py diff --git a/crawler/crawler.py b/crawler/crawler.py new file mode 100644 index 0000000..196b533 --- /dev/null +++ b/crawler/crawler.py @@ -0,0 +1,62 @@ +import requests +from bs4 import BeautifulSoup + + +def fetch_html(url): + """从指定URL获取HTML内容""" + response = requests.get(url) + if response.status_code == 200: + return response.text + else: + return None + + +def parse_html(html): + """解析HTML,获取每个tr中第二个td下的所有a和span标签的内容""" + soup = BeautifulSoup(html, "html.parser") + table = soup.find("table", id="sortable-table") + results = [] + if table: + rows = table.find("tbody").find_all("tr") + for row in rows: + tds = row.find_all("td") + if len(tds) >= 2: + a_tags = tds[1].find_all("a") + span_tags = tds[1].find_all("span") + spans = [span.text.strip() for span in span_tags] + for a_tag in a_tags: + results.append((a_tag.text.strip(), spans)) + return results + + +def save_results_to_file(results, filename): + """保存提取的数据到TXT文件""" + with open(filename, "a", encoding="utf-8") as file: # Append mode + for data in results: + package_name, version_ranges = data + file.write(f"Package Name: {package_name}\n") + file.write("Version Ranges: " + ", ".join(version_ranges) + "\n") + file.write("-" * 50 + "\n") # Adds a separator for clarity + + +def main(): + base_url = "https://security.snyk.io/vuln/pip/" + page_number = 1 + while True: + url = f"{base_url}{page_number}" + print(f"Fetching data from {url}") + html_content = fetch_html(url) + if not html_content: + print("No more data found or failed to fetch.") + break + extracted_data = parse_html(html_content) + if not extracted_data: + print("No relevant data found on page.") + break + save_results_to_file(extracted_data, "extracted_data.txt") + page_number += 1 + print("Results have been saved to 'extracted_data.txt'.") + + +if __name__ == "__main__": + main() diff --git a/crawler/extracted_data.txt b/crawler/extracted_data.txt new file mode 100644 index 0000000..f339d2a --- /dev/null +++ b/crawler/extracted_data.txt @@ -0,0 +1,2700 @@ +Package Name: apache-airflow +Version Ranges: [2.7.0,2.9.0) +-------------------------------------------------- +Package Name: mlflow +Version Ranges: [,2.12.1) +-------------------------------------------------- +Package Name: torch +Version Ranges: [,2.2.0) +-------------------------------------------------- +Package Name: aiohttp +Version Ranges: [,3.9.4) +-------------------------------------------------- +Package Name: torch +Version Ranges: [,2.2.0) +-------------------------------------------------- +Package Name: mlflow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: keras +Version Ranges: [,2.13.1rc0) +-------------------------------------------------- +Package Name: llama-index +Version Ranges: [,0.10.24) +-------------------------------------------------- +Package Name: mlflow +Version Ranges: [,2.11.3) +-------------------------------------------------- +Package Name: zenml +Version Ranges: [,0.55.5) +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.10.0) +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.13.0) +-------------------------------------------------- +Package Name: mindsdb +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bentoml +Version Ranges: [,1.2.5) +-------------------------------------------------- +Package Name: zenml +Version Ranges: [,0.56.2) +-------------------------------------------------- +Package Name: mlflow +Version Ranges: [,2.11.3) +-------------------------------------------------- +Package Name: mlflow +Version Ranges: [,2.12.1) +-------------------------------------------------- +Package Name: mlflow +Version Ranges: [,2.10.0) +-------------------------------------------------- +Package Name: langchain +Version Ranges: [,0.0.353) +-------------------------------------------------- +Package Name: scrapy +Version Ranges: [,2.11.1) +-------------------------------------------------- +Package Name: sqlparse +Version Ranges: [,0.5.0) +-------------------------------------------------- +Package Name: gunicorn +Version Ranges: [,22.0.0) +-------------------------------------------------- +Package Name: magnum +Version Ranges: [,14.1.2), [15.0.0.0rc1,15.0.2), [16.0.0.0rc1,16.0.2), [17.0.0.0rc1,17.0.2) +-------------------------------------------------- +Package Name: nicegui +Version Ranges: [1.4.6,1.4.21) +-------------------------------------------------- +Package Name: idna +Version Ranges: [,3.7) +-------------------------------------------------- +Package Name: llama-index-core +Version Ranges: [,0.10.24) +-------------------------------------------------- +Package Name: litellm +Version Ranges: [,1.34.42) +-------------------------------------------------- +Package Name: roundup +Version Ranges: [1.4.0,1.4.6), [1.2.0,1.2.1) +-------------------------------------------------- +Package Name: aim +Version Ranges: [3.0.0,] +-------------------------------------------------- +Package Name: aim +Version Ranges: [0,] +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.19.2) +-------------------------------------------------- +Package Name: transformers +Version Ranges: [,4.38.0) +-------------------------------------------------- +Package Name: dirac +Version Ranges: [,8.0.41) +-------------------------------------------------- +Package Name: yt-dlp +Version Ranges: [2021.4.11, 2024.4.9) +-------------------------------------------------- +Package Name: cryptography +Version Ranges: [35.0.0,] +-------------------------------------------------- +Package Name: pyopenssl +Version Ranges: [22.0.0,] +-------------------------------------------------- +Package Name: ryu +Version Ranges: [0,] +-------------------------------------------------- +Package Name: rafcon +Version Ranges: [,0.15.4) +-------------------------------------------------- +Package Name: radicale +Version Ranges: [,3.0.0) +-------------------------------------------------- +Package Name: pcaspy +Version Ranges: [,0.7.1) +-------------------------------------------------- +Package Name: heyoo +Version Ranges: [0,] +-------------------------------------------------- +Package Name: holidays +Version Ranges: [,0.45) +-------------------------------------------------- +Package Name: evennia +Version Ranges: [,4.0.0) +-------------------------------------------------- +Package Name: evennia +Version Ranges: [,4.0.0) +-------------------------------------------------- +Package Name: django-json-widget +Version Ranges: [,2.0.0) +-------------------------------------------------- +Package Name: avocado-framework +Version Ranges: [,104.0) +-------------------------------------------------- +Package Name: arrendatools.plantillas +Version Ranges: [,0.4.3) +-------------------------------------------------- +Package Name: amazon-product-details-scraper +Version Ranges: [,1.0.4) +-------------------------------------------------- +Package Name: aiopioneer +Version Ranges: [,0.4.3) +-------------------------------------------------- +Package Name: aiopioneer +Version Ranges: [,0.1.5) +-------------------------------------------------- +Package Name: mobsf +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pgadmin4 +Version Ranges: [,8.5) +-------------------------------------------------- +Package Name: pymongo +Version Ranges: [,4.6.3) +-------------------------------------------------- +Package Name: voila +Version Ranges: [0.0.2,0.2.17), [0.3.0a0,0.3.8), [0.4.0a0,0.4.4), [0.5.0a0,0.5.6) +-------------------------------------------------- +Package Name: piccolo-admin +Version Ranges: [,1.3.2) +-------------------------------------------------- +Package Name: cryptoauthlib +Version Ranges: [,20200912) +-------------------------------------------------- +Package Name: mosaicml +Version Ranges: [,0.5.0) +-------------------------------------------------- +Package Name: mlrun +Version Ranges: [,1.7.0rc5) +-------------------------------------------------- +Package Name: eventlet +Version Ranges: [,0.34.3) +-------------------------------------------------- +Package Name: apache-airflow +Version Ranges: [,1.9.0) +-------------------------------------------------- +Package Name: salt +Version Ranges: [,3005.5) +-------------------------------------------------- +Package Name: salt +Version Ranges: [,3005.5) +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.22.0) +-------------------------------------------------- +Package Name: django-two-factor-auth +Version Ranges: [,1.13) +-------------------------------------------------- +Package Name: pillow +Version Ranges: [,10.3.0) +-------------------------------------------------- +Package Name: ipywidgets +Version Ranges: [5.0.0,5.2.0) +-------------------------------------------------- +Package Name: pylint +Version Ranges: [,2.6.1) +-------------------------------------------------- +Package Name: django +Version Ranges: [1.3.6,1.4.4] +-------------------------------------------------- +Package Name: django +Version Ranges: [1.3.6,1.4.4] +-------------------------------------------------- +Package Name: pytest-cov +Version Ranges: [,2.0.0) +-------------------------------------------------- +Package Name: aliyundrive-webdav +Version Ranges: [0,] +-------------------------------------------------- +Package Name: jupyterhub +Version Ranges: [,4.1.0) +-------------------------------------------------- +Package Name: reqquest +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bibp-utils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: biip-utils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-uitls +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-util +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-utilos +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-utilss +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-utilz +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-utisl +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-utlils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-uttils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-uutils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: biup-utils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bupi-utils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonsterclouclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclieet +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclien +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudcliendt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclienet +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudcliennt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclientt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudcliet +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclinent +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclinet +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonsterclouddclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonsterrcloudclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmostercloudclieent +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmostercloudclinet +Version Ranges: [0,] +-------------------------------------------------- +Package Name: clolorama +Version Ranges: [0,] +-------------------------------------------------- +Package Name: cloroma +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colaroma +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colorahma +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramal +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramaz +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colorame +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramka +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramna +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramoo +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramu +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramws +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramza +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colorhrama +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colorm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colormma +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colorramma +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pilpow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: piolow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pjllow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-c0crd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-c0dd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-c0red +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-ckord +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-co4d +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-coad +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-codrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-coed +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-coerd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-coird +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-coqrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cordd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cordx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corf +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corfd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corg +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cortd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corxd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cotd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cotrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cowrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-crodd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cxrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cyrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-czrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqeustx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqeustz +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqjuests +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqoests +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqsests +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requas +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requekts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requesrts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requesuts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requetsq +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requetsts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requssts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requzsts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqzests +Version Ranges: [0,] +-------------------------------------------------- +Package Name: aasyncio +Version Ranges: [0,] +-------------------------------------------------- +Package Name: assyncio +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asyincio +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asynccio +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asyncii +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asyncioi +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asyncioo +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asyyncio +Version Ranges: [0,] +-------------------------------------------------- +Package Name: aysncio +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custogtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custohtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtikinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtiknter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtjinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkfnter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkinber +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkinet +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkingter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkintet +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkinyer +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkitnerr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkiyter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkknter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkwnter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkznter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custotkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custpmtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custrmtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custvomtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: cuxtomtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: plauwright +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playrwight +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwrgith +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwrigh +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwrightt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwrihgt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqiremnets +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqiurements +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requierement +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiirements +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiirments +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementss +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementstt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementsttx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementstxtt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementstxtx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementstxtxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementtsxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementxxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremetns +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremmentstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremntstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremtns +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirmeents +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirmentss +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirmentstxtt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiurementstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seleeniumm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seleinium +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seleiniumm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seleiumm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selemni +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selemnim +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selemnium +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selenimn +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selenniumm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seliniumm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seliniumn +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selleniium +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selleniumm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: sellinium +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selunium +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensofliw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensofllow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflod +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflolw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflqw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensourflow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: trnsorflow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkjnter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custumtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custontkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkibter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customekinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkintre +Version Ranges: [0,] +-------------------------------------------------- +Package Name: cstmotkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reuirements +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requriments +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiements +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremnets +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremnetxtxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirmentstx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementstxxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygmme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simplejdon +Version Ranges: [0,] +-------------------------------------------------- +Package Name: sjimplejson +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selinum +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cordr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygamr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beaitifulsoop +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclouidclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflonw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selemiumm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: cutomtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkniterr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygaqme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplolplib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pycordde +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwritgh +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colorram +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cordf +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simpoejson +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiirementstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramxs +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremenstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmostercloudclienet +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkimter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonsterclouidclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorchy +Version Ranges: [0,] +-------------------------------------------------- +Package Name: plawwright +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplftlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requetsa +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pillo2 +Version Ranges: [0,] +-------------------------------------------------- +Package Name: sellenim +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkitnre +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplottib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygawme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: corlorama +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custoqtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonsstercloudclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotllib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkintwr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requksts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corwd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pilliw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cordq +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqeosts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplrtlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloroama +Version Ranges: [0,] +-------------------------------------------------- +Package Name: maptplotlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifullsooup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotvlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygqame +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygazme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygane +Version Ranges: [0,] +-------------------------------------------------- +Package Name: siplejason +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplorlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygaome +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygfme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautyfulsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotklib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotoib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beaotifulsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygamm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matploltlab +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytoich +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simplejsoh +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytirch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beutifulsoop +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplkotlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygume +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorchc +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygxme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifulsoupo +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifilsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: sijplejson +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygzme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplottlab +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pythrch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matpltotlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplottbib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkinte +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremetnstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflpw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkinted +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bips-utils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requriements +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requrementstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custojtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmosterclouclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorchg +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramae +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requesgt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkitenr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclent +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorbch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqiremnts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requstss +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matpliotlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonsterclouddlient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pill9w +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflomw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selenuimm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmostercloudclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pilloo +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotkib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custotminter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifolsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simpkejson +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremntxtxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pycordwd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercludclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiiremnts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremetstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-coordd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygamse +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cobrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygamne +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkniter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflouw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygamw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requierments +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytordh +Version Ranges: [0,] +-------------------------------------------------- +Package Name: temsorflow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corddd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: plyawright +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asynci +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asynncio +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-vord +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custmtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seleunium +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkinger +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pztorch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simplejason +Version Ranges: [0,] +-------------------------------------------------- +Package Name: plaawright +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirrementstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: plywright +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custotinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremnetstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bop-utils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: plawyright +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-ckrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seleinuim +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pilliow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramqs +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-utiles +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorcb +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercoudclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqirements +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cprd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-c9rd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremntstx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seleenimu +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirtements +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beaufifulsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtknter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflxow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytrosh +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requewsts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorcdh +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requxsts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beutifullsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremments +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pilloa +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqeuste +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmoneercloudclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requeksts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqeist +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtknster +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudcluodclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflom +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simepljson +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflaow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwirght +Version Ranges: [0,] +-------------------------------------------------- +Package Name: seleenim +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifoulsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colomara +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqiurementstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matploltlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: cuwtomtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pilkow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramxa +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requeqsts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotlob +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensnflow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pycjrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matpllotib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bpi-utils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramia +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkintar +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotlr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifulsoop +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudcliant +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramzs +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensxoflow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygvame +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cird +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensofloaw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorchb +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremeents +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramo +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkintrr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwrigght +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-utilds +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudcliient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiiremments +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pillkw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotblib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custojmtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplootib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifulsoul +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclieent +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensofl9w +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwrgiht +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirment +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requesqs +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifilsoop +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremants +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensofleow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: piplow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygacme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simplejsoj +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotvib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-uils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiirementsxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramwa +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkintert +Version Ranges: [0,] +-------------------------------------------------- +Package Name: sjmplejson +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygarme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramqa +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cod +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementstxx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selennuim +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwrigth +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corad +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simolejson +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pillox +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cojrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifullsoop +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asynio +Version Ranges: [0,] +-------------------------------------------------- +Package Name: playwrght +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiirementstx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkinrer +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cdord +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pilloq +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bup-utils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautysoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-utjls +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygaeme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custotkminter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beuatiflsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonsterccloudclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremenstx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colouorama +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selemniumm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytarch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudcliend +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkitner +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensobflow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requeits +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementst +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplttlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requesks +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotlpib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cpord +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pqtorch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementxstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotltib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotlyib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: cilorama +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclenit +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygaime +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifulsoupe +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensogflow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asyncci +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautilfulsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygamke +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygfame +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simpjson +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotlub +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytroce +Version Ranges: [0,] +-------------------------------------------------- +Package Name: simpejso +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplptlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytcrch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifuksoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifuosoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautiflulsoop +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotlig +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pyghame +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beaitifulsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytlrc +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorcm +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplrtib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beaurifulsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplutlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremnts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cwrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matploptlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautiflulsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pullow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkihter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkinteer +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corid +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkiter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqeyst +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-utile +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonsstercloudcliennt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pzgame +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercloudclenet +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pttorch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremetstx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colorayma +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cofd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custmtokinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorchv +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensofklow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pollow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotlbib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflsw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cocd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selenyum +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-c0ard +Version Ranges: [0,] +-------------------------------------------------- +Package Name: reqiuremnets +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matpllotb +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorchj +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkinetr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementstx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requnests +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-corde +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bipp-utils +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonsterclouudclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selennim +Version Ranges: [0,] +-------------------------------------------------- +Package Name: coloramah +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-crd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirments +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custoktkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiurement +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requesxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: colprama +Version Ranges: [0,] +-------------------------------------------------- +Package Name: bip-u8ls +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requesxts +Version Ranges: [0,] +-------------------------------------------------- +Package Name: selleium +Version Ranges: [0,] +-------------------------------------------------- +Package Name: capmonstercouldclient +Version Ranges: [0,] +-------------------------------------------------- +Package Name: asynciio +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorcu +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremmentxtxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirmentstxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requyests +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensofpow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requirementxtt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cordw +Version Ranges: [0,] +-------------------------------------------------- +Package Name: customtkintrer +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pygqme +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-xord +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requiremmentxt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytorqh +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensoflor +Version Ranges: [0,] +-------------------------------------------------- +Package Name: custoumtkinter +Version Ranges: [0,] +-------------------------------------------------- +Package Name: sijplejso +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cofrd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pirlow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requesxs +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cozd +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytbrch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: matplotpib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: py-cordv +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pytprch +Version Ranges: [0,] +-------------------------------------------------- +Package Name: requestr +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tensofla +Version Ranges: [0,] +-------------------------------------------------- +Package Name: beautifuklsoup +Version Ranges: [0,] +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.18.0) +-------------------------------------------------- +Package Name: geonode +Version Ranges: [3.2.0,4.2.3) +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.18.0) +-------------------------------------------------- +Package Name: langchain-core +Version Ranges: [,0.1.34) +-------------------------------------------------- +Package Name: lektor +Version Ranges: [,3.3.11) +-------------------------------------------------- +Package Name: apache-airflow +Version Ranges: [2.8.2,2.8.4) +-------------------------------------------------- +Package Name: ansys-geometry-core +Version Ranges: [0.3.0,0.3.3), [0.4.0,0.4.12) +-------------------------------------------------- +Package Name: nautobot +Version Ranges: [,1.6.16), [2.0.0,2.1.9) +-------------------------------------------------- +Package Name: mjpoytwngddh +Version Ranges: [0,] +-------------------------------------------------- +Package Name: eeajhjmclakf +Version Ranges: [0,] +-------------------------------------------------- +Package Name: yocolor +Version Ranges: [0,] +-------------------------------------------------- +Package Name: jzyrljroxlca +Version Ranges: [0,] +-------------------------------------------------- +Package Name: hnuhfyzumkmo +Version Ranges: [0,] +-------------------------------------------------- +Package Name: hbcxuypphrnk +Version Ranges: [0,] +-------------------------------------------------- +Package Name: dcrywkqddo +Version Ranges: [0,] +-------------------------------------------------- +Package Name: eoerbisjxqyv +Version Ranges: [0,] +-------------------------------------------------- +Package Name: wkqubsxekbxn +Version Ranges: [0,] +-------------------------------------------------- +Package Name: lyfamdorksgb +Version Ranges: [0,] +-------------------------------------------------- +Package Name: mobsfscan +Version Ranges: [,0.3.8) +-------------------------------------------------- +Package Name: paddlepaddle +Version Ranges: [0,] +-------------------------------------------------- +Package Name: esphome +Version Ranges: [2023.12.9, 2024.3.0) +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.19.2) +-------------------------------------------------- +Package Name: qiskit-ibm-runtime +Version Ranges: [0.11.0,0.11.1) +-------------------------------------------------- +Package Name: qiskit-ibm-runtime +Version Ranges: [0.1.0, 0.21.2) +-------------------------------------------------- +Package Name: jupyter-server-proxy +Version Ranges: [,3.2.3), [4.0.0,4.1.1) +-------------------------------------------------- +Package Name: oauthenticator +Version Ranges: [,16.3.0) +-------------------------------------------------- +Package Name: greykite +Version Ranges: [0,] +-------------------------------------------------- +Package Name: octoprint +Version Ranges: [,1.10.0rc3) +-------------------------------------------------- +Package Name: wiki +Version Ranges: [,0.10.1) +-------------------------------------------------- +Package Name: astropy +Version Ranges: [,5.3.3) +-------------------------------------------------- +Package Name: zenml +Version Ranges: [,0.55.5) +-------------------------------------------------- +Package Name: yaql +Version Ranges: [,3.0.0) +-------------------------------------------------- +Package Name: black +Version Ranges: [,24.3.0) +-------------------------------------------------- +Package Name: fgr +Version Ranges: [,0.4.0) +-------------------------------------------------- +Package Name: vantage6 +Version Ranges: [,4.3.0) +-------------------------------------------------- +Package Name: vantage6 +Version Ranges: [,4.3.0) +-------------------------------------------------- +Package Name: paddlepaddle +Version Ranges: [,2.6.1) +-------------------------------------------------- +Package Name: designate +Version Ranges: [0,] +-------------------------------------------------- +Package Name: apache-airflow +Version Ranges: [2.8.0,2.8.3rc1) +-------------------------------------------------- +Package Name: mssql-django +Version Ranges: [,1.4.1) +-------------------------------------------------- +Package Name: aiosmtpd +Version Ranges: [,1.4.5) +-------------------------------------------------- +Package Name: ckan +Version Ranges: [,2.9.11), [2.10.0,2.10.4) +-------------------------------------------------- +Package Name: django-log-tracker +Version Ranges: [=1.0.4] +-------------------------------------------------- +Package Name: langchain-community +Version Ranges: [,0.0.27) +-------------------------------------------------- +Package Name: np6helperhttper +Version Ranges: [0,] +-------------------------------------------------- +Package Name: np6helperhttptest +Version Ranges: [0,] +-------------------------------------------------- +Package Name: swapmempool +Version Ranges: [0,] +-------------------------------------------------- +Package Name: quasarlib +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pycryptoconf +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pycryptoenv +Version Ranges: [0,] +-------------------------------------------------- +Package Name: libosdp +Version Ranges: [,3.0.0) +-------------------------------------------------- +Package Name: weasyprint +Version Ranges: [61.0,61.2) +-------------------------------------------------- +Package Name: django-markdownx +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pgadmin4 +Version Ranges: [,8.4) +-------------------------------------------------- +Package Name: apache-superset +Version Ranges: [,3.0.4), [3.1.0,3.1.1) +-------------------------------------------------- +Package Name: paddlepaddle +Version Ranges: [,2.6.1) +-------------------------------------------------- +Package Name: paddlepaddle +Version Ranges: [,2.6.1) +-------------------------------------------------- +Package Name: paddlepaddle +Version Ranges: [,2.6.1) +-------------------------------------------------- +Package Name: esphome +Version Ranges: [2023.12.9,2024.2.2) +-------------------------------------------------- +Package Name: plone +Version Ranges: [0,] +-------------------------------------------------- +Package Name: jwcrypto +Version Ranges: [0.5.0,1.5.6) +-------------------------------------------------- +Package Name: xtts-api-server +Version Ranges: [0,] +-------------------------------------------------- +Package Name: paho-mqtt +Version Ranges: [,1.1) +-------------------------------------------------- +Package Name: octoprint +Version Ranges: [,1.8.3) +-------------------------------------------------- +Package Name: rq +Version Ranges: [,0.7.1) +-------------------------------------------------- +Package Name: eth-abi +Version Ranges: [,5.0.1) +-------------------------------------------------- +Package Name: prefect +Version Ranges: [,2.15.0) +-------------------------------------------------- +Package Name: kiwitcms +Version Ranges: [0,] +-------------------------------------------------- +Package Name: django-treenode +Version Ranges: [,0.20.0) +-------------------------------------------------- +Package Name: hypercorn +Version Ranges: [,0.16.0) +-------------------------------------------------- +Package Name: streamlink +Version Ranges: [,5.3.0) +-------------------------------------------------- +Package Name: kedro +Version Ranges: [,0.19.3) +-------------------------------------------------- +Package Name: pyccel +Version Ranges: [,1.9.0) +-------------------------------------------------- +Package Name: django +Version Ranges: [,3.2.25), [4.0a1,4.2.11), [5.0a1,5.0.3) +-------------------------------------------------- +Package Name: videomass +Version Ranges: [,5.0.4) +-------------------------------------------------- +Package Name: ultralytics +Version Ranges: [,8.1.0) +-------------------------------------------------- +Package Name: intel-extension-for-transformers +Version Ranges: [,1.2.2) +-------------------------------------------------- +Package Name: labgrid +Version Ranges: [,23.0.2) +-------------------------------------------------- +Package Name: langchain-core +Version Ranges: [,0.1.31) +-------------------------------------------------- +Package Name: apache-airflow +Version Ranges: [,2.8.2rc1) +-------------------------------------------------- +Package Name: docassemble.webapp +Version Ranges: [1.4.53,1.4.97) +-------------------------------------------------- +Package Name: docassemble.base +Version Ranges: [1.4.53,1.4.97) +-------------------------------------------------- +Package Name: docassemble +Version Ranges: [,1.4.97) +-------------------------------------------------- +Package Name: docassemble.webapp +Version Ranges: [,1.4.97) +-------------------------------------------------- +Package Name: langchain-experimental +Version Ranges: [,0.0.52) +-------------------------------------------------- +Package Name: label-studio +Version Ranges: [,1.5.0) +-------------------------------------------------- +Package Name: label-studio +Version Ranges: [,1.8.0) +-------------------------------------------------- +Package Name: rpyc +Version Ranges: [,6.0.0) +-------------------------------------------------- +Package Name: rpyc +Version Ranges: [,5.2.1) +-------------------------------------------------- +Package Name: peewee +Version Ranges: [,3.17.1) +-------------------------------------------------- +Package Name: torch +Version Ranges: [,1.13.0) +-------------------------------------------------- +Package Name: apache-airflow +Version Ranges: [,2.8.2) +-------------------------------------------------- +Package Name: torch +Version Ranges: [,1.10.0) +-------------------------------------------------- +Package Name: mezzanine +Version Ranges: [0,] +-------------------------------------------------- +Package Name: urllib3-future +Version Ranges: [,2.4.902) +-------------------------------------------------- +Package Name: apache-superset +Version Ranges: [,3.0.4), [3.1.0rc1,3.1.1) +-------------------------------------------------- +Package Name: apache-superset +Version Ranges: [,3.0.4), [3.1.0rc1,3.1.1) +-------------------------------------------------- +Package Name: flask-appbuilder +Version Ranges: [4.1.4,4.2.1) +-------------------------------------------------- +Package Name: apache-superset +Version Ranges: [,3.0.4), [3.1.0rc1,3.1.1) +-------------------------------------------------- +Package Name: flask-appbuilder +Version Ranges: [,4.3.11) +-------------------------------------------------- +Package Name: apache-superset +Version Ranges: [,3.0.4), [3.1.0rc1,3.1.1) +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.1.2) +-------------------------------------------------- +Package Name: mezzanine +Version Ranges: [0,] +-------------------------------------------------- +Package Name: esphome +Version Ranges: [,2024.2.1) +-------------------------------------------------- +Package Name: zenml +Version Ranges: [,0.42.2), [0.43.0,0.43.1), [0.44.0,0.44.4), [0.46.0,0.47.0) +-------------------------------------------------- +Package Name: scrapy +Version Ranges: [,2.11.1) +-------------------------------------------------- +Package Name: freeipa +Version Ranges: [0,] +-------------------------------------------------- +Package Name: vyper +Version Ranges: [0,] +-------------------------------------------------- +Package Name: vyper +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pretix +Version Ranges: [,2024.1.1) +-------------------------------------------------- +Package Name: orjson +Version Ranges: [,3.9.15) +-------------------------------------------------- +Package Name: pypqc +Version Ranges: [,0.0.6.1) +-------------------------------------------------- +Package Name: autoprognosis +Version Ranges: [0,] +-------------------------------------------------- +Package Name: mjml +Version Ranges: [,0.11.0) +-------------------------------------------------- +Package Name: langchain-core +Version Ranges: [,0.1.7) +-------------------------------------------------- +Package Name: onnx +Version Ranges: [,1.16.0) +-------------------------------------------------- +Package Name: onnx +Version Ranges: [,1.16.0) +-------------------------------------------------- +Package Name: mlflow +Version Ranges: [,2.10.0) +-------------------------------------------------- +Package Name: mlflow +Version Ranges: [,2.10.0) +-------------------------------------------------- +Package Name: label-studio +Version Ranges: [,1.11.0) +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.19.2) +-------------------------------------------------- +Package Name: fastecdsa +Version Ranges: [,2.3.2) +-------------------------------------------------- +Package Name: pymatgen +Version Ranges: [,2024.2.20) +-------------------------------------------------- +Package Name: cryptography +Version Ranges: [38.0.0, 42.0.4) +-------------------------------------------------- +Package Name: apache-airflow-providers-mongo +Version Ranges: [1.0.0,4.0.0) +-------------------------------------------------- +Package Name: pyhtml2pdf +Version Ranges: [0.0.6,] +-------------------------------------------------- +Package Name: cbor2 +Version Ranges: [5.5.1,5.6.2) +-------------------------------------------------- +Package Name: scrapy +Version Ranges: [,1.8.4), [2.0.0,2.11.1) +-------------------------------------------------- +Package Name: scrapy +Version Ranges: [,1.8.4), [2.0.0,2.11.1) +-------------------------------------------------- +Package Name: intel-extension-for-tensorflow +Version Ranges: [,2.13.0.0) +-------------------------------------------------- +Package Name: tuf +Version Ranges: [2.0.0,3.1.1) +-------------------------------------------------- +Package Name: scrapy +Version Ranges: [,1.8.4), [2.0.0,2.11.1) +-------------------------------------------------- +Package Name: zpywallet +Version Ranges: [,0.6.2) +-------------------------------------------------- +Package Name: dipdup +Version Ranges: [,3.0.2) +-------------------------------------------------- +Package Name: clip-retrieval +Version Ranges: [,2.23.1) +-------------------------------------------------- +Package Name: procrastinate +Version Ranges: [,0.3.0) +-------------------------------------------------- +Package Name: embedchain +Version Ranges: [,0.1.57) +-------------------------------------------------- +Package Name: miarec-ftpfs +Version Ranges: [,2024.1.2) +-------------------------------------------------- +Package Name: procrastinate +Version Ranges: [,0.11.0) +-------------------------------------------------- +Package Name: miarec-sshfs +Version Ranges: [,2024.1.5) +-------------------------------------------------- +Package Name: linkml +Version Ranges: [,1.5.2) +-------------------------------------------------- +Package Name: toodledo +Version Ranges: [,1.5.0) +-------------------------------------------------- +Package Name: renku +Version Ranges: [,1.11.0) +-------------------------------------------------- +Package Name: vunnel +Version Ranges: [,0.18.0) +-------------------------------------------------- +Package Name: panda3d +Version Ranges: [,1.9.4) +-------------------------------------------------- +Package Name: ludwig +Version Ranges: [,0.7) +-------------------------------------------------- +Package Name: ethyca-fides +Version Ranges: [,2.1.0) +-------------------------------------------------- +Package Name: panda3d +Version Ranges: [,1.9.4) +-------------------------------------------------- +Package Name: hiddifypanel +Version Ranges: [,9.0.0.dev30) +-------------------------------------------------- +Package Name: dgl +Version Ranges: [,0.9.0) +-------------------------------------------------- +Package Name: deephaven-core +Version Ranges: [,0.20.0) +-------------------------------------------------- +Package Name: deephaven-core +Version Ranges: [,0.29.0) +-------------------------------------------------- +Package Name: deephaven-core +Version Ranges: [,0.30.0) +-------------------------------------------------- +Package Name: borgmatic +Version Ranges: [,1.8.7) +-------------------------------------------------- +Package Name: borgmatic +Version Ranges: [,1.8.7) +-------------------------------------------------- +Package Name: cg +Version Ranges: [,26.0.4) +-------------------------------------------------- +Package Name: ccryptofeed +Version Ranges: [,2.2.3) +-------------------------------------------------- +Package Name: c2cgeoform +Version Ranges: [,2.1.26) +-------------------------------------------------- +Package Name: appfl +Version Ranges: [,0.4.0) +-------------------------------------------------- +Package Name: nonebot2 +Version Ranges: [2.0.0a16,2.2.0) +-------------------------------------------------- +Package Name: cbor2 +Version Ranges: [,5.6.0) +-------------------------------------------------- +Package Name: acryl-datahub +Version Ranges: [,0.8.45) +-------------------------------------------------- +Package Name: bullmq +Version Ranges: [,1.15.0) +-------------------------------------------------- +Package Name: borgmatic +Version Ranges: [,1.8.7) +-------------------------------------------------- +Package Name: aiobotocore +Version Ranges: [,2.9.1) +-------------------------------------------------- +Package Name: diffoscope +Version Ranges: [,256) +-------------------------------------------------- +Package Name: kinto-attachment +Version Ranges: [,6.4.0) +-------------------------------------------------- +Package Name: borgmatic +Version Ranges: [,1.8.7) +-------------------------------------------------- +Package Name: bandit +Version Ranges: [,1.7.7) +-------------------------------------------------- +Package Name: acryl-datahub +Version Ranges: [,0.8.45) +-------------------------------------------------- +Package Name: borgmatic +Version Ranges: [,1.8.7) +-------------------------------------------------- +Package Name: dirac +Version Ranges: [8.0.0,8.0.37), [8.1.0a1,9.0.0a22) +-------------------------------------------------- +Package Name: dnspython +Version Ranges: [,2.6.1) +-------------------------------------------------- +Package Name: sentry +Version Ranges: [9.1.0,] +-------------------------------------------------- +Package Name: ocrodjvu +Version Ranges: [0,] +-------------------------------------------------- +Package Name: products.sqlalchemyda +Version Ranges: [,2.2) +-------------------------------------------------- +Package Name: clearml +Version Ranges: [0,] +-------------------------------------------------- +Package Name: vyper +Version Ranges: [0,] +-------------------------------------------------- +Package Name: clearml +Version Ranges: [0,] +-------------------------------------------------- +Package Name: clearml +Version Ranges: [0,] +-------------------------------------------------- +Package Name: clearml +Version Ranges: [0.17.0,1.14.3rc0) +-------------------------------------------------- +Package Name: clearml +Version Ranges: [,1.14.2) +-------------------------------------------------- +Package Name: django +Version Ranges: [3.2,3.2.24), [4.2,4.2.10), [5.0,5.0.2) +-------------------------------------------------- +Package Name: tensorflow +Version Ranges: [,1.7.1) +-------------------------------------------------- +Package Name: clearml +Version Ranges: [0,] +-------------------------------------------------- +Package Name: gradio +Version Ranges: [,4.9.0) +-------------------------------------------------- +Package Name: pyload-ng +Version Ranges: [,0.5.0b3.dev79) +-------------------------------------------------- +Package Name: vyper +Version Ranges: [0,] +-------------------------------------------------- +Package Name: fastapi +Version Ranges: [,0.109.1) +-------------------------------------------------- +Package Name: ai-flow +Version Ranges: [0,] +-------------------------------------------------- +Package Name: vyper +Version Ranges: [0,] +-------------------------------------------------- +Package Name: python-multipart +Version Ranges: [,0.0.7) +-------------------------------------------------- +Package Name: nautobot +Version Ranges: [2.0.0,2.1.2) +-------------------------------------------------- +Package Name: nautobot +Version Ranges: [,1.6.10), [2.0.0,2.1.2) +-------------------------------------------------- +Package Name: nautobot +Version Ranges: [2.0.0,2.0.3) +-------------------------------------------------- +Package Name: ckan +Version Ranges: [,2.9.9), [2.10.0, 2.10.1) +-------------------------------------------------- +Package Name: kinto +Version Ranges: [,6.1.0) +-------------------------------------------------- +Package Name: kinto +Version Ranges: [8.2.0,8.3.0) +-------------------------------------------------- +Package Name: kinto +Version Ranges: [,6.1.0) +-------------------------------------------------- +Package Name: cupy +Version Ranges: [,13.0.0) +-------------------------------------------------- +Package Name: cupy +Version Ranges: [,13.0.0) +-------------------------------------------------- +Package Name: llama-hub +Version Ranges: [,0.0.67) +-------------------------------------------------- +Package Name: borgbackup +Version Ranges: [,1.1.9) +-------------------------------------------------- +Package Name: geonode +Version Ranges: [,4.1.0) +-------------------------------------------------- +Package Name: borgbackup +Version Ranges: [,1.0.7) +-------------------------------------------------- +Package Name: snakemake +Version Ranges: [,7.25.2) +-------------------------------------------------- +Package Name: snakemake +Version Ranges: [,6.11.1) +-------------------------------------------------- +Package Name: snakemake +Version Ranges: [,7.9.0) +-------------------------------------------------- +Package Name: lief +Version Ranges: [,0.12.3) +-------------------------------------------------- +Package Name: vyper +Version Ranges: [0,] +-------------------------------------------------- +Package Name: octoprint +Version Ranges: [,1.10.0rc1) +-------------------------------------------------- +Package Name: checkov +Version Ranges: [,2.0.1029) +-------------------------------------------------- +Package Name: dash-html-components +Version Ranges: [,2.0.0) +-------------------------------------------------- +Package Name: dash +Version Ranges: [,2.15.0) +-------------------------------------------------- +Package Name: dash-core-components +Version Ranges: [,2.0.0) +-------------------------------------------------- +Package Name: glance-store +Version Ranges: [,4.3.3), [4.4.0,4.7.0) +-------------------------------------------------- +Package Name: label-studio +Version Ranges: [,1.11.0) +-------------------------------------------------- +Package Name: dagster +Version Ranges: [,1.1.10) +-------------------------------------------------- +Package Name: transformers +Version Ranges: [,4.37.0) +-------------------------------------------------- +Package Name: apache-airflow +Version Ranges: [,2.6.3) +-------------------------------------------------- +Package Name: wagtail +Version Ranges: [,5.2rc1) +-------------------------------------------------- +Package Name: pycryptodome +Version Ranges: [,3.19.1) +-------------------------------------------------- +Package Name: wagtail +Version Ranges: [,5.2rc1) +-------------------------------------------------- +Package Name: pillow +Version Ranges: [,10.2.0) +-------------------------------------------------- +Package Name: ecdsa +Version Ranges: [0,] +-------------------------------------------------- +Package Name: celery +Version Ranges: [,4.4.0rc5) +-------------------------------------------------- +Package Name: pillow +Version Ranges: [,10.2.0) +-------------------------------------------------- +Package Name: aiohttp +Version Ranges: [,0.22.0) +-------------------------------------------------- +Package Name: cryptography +Version Ranges: [,42.0.2) +-------------------------------------------------- +Package Name: vantage6 +Version Ranges: [,4.2.0) +-------------------------------------------------- +Package Name: vantage6-server +Version Ranges: [,4.2.0) +-------------------------------------------------- +Package Name: vyper +Version Ranges: [0,] +-------------------------------------------------- +Package Name: vantage6 +Version Ranges: [,4.2.0) +-------------------------------------------------- +Package Name: vantage6 +Version Ranges: [,4.2.0) +-------------------------------------------------- +Package Name: metagpt +Version Ranges: [0,] +-------------------------------------------------- +Package Name: aiohttp +Version Ranges: [,3.9.2) +-------------------------------------------------- +Package Name: aiohttp +Version Ranges: [1.0.5,3.9.2) +-------------------------------------------------- +Package Name: gibson +Version Ranges: [0,] +-------------------------------------------------- +Package Name: temporai +Version Ranges: [0,] +-------------------------------------------------- +Package Name: synthcity +Version Ranges: [0,] +-------------------------------------------------- +Package Name: llama-index +Version Ranges: [0,] +-------------------------------------------------- +Package Name: tuitse-tsusin +Version Ranges: [,1.3.2) +-------------------------------------------------- +Package Name: apache-airflow-providers-cncf-kubernetes +Version Ranges: [5.2.0,7.0.0) +-------------------------------------------------- +Package Name: apache-airflow +Version Ranges: [,2.8.1) +-------------------------------------------------- +Package Name: apache-airflow +Version Ranges: [,2.8.1) +-------------------------------------------------- +Package Name: whoogle-search +Version Ranges: [,0.8.4) +-------------------------------------------------- +Package Name: whoogle-search +Version Ranges: [,0.8.4) +-------------------------------------------------- +Package Name: whoogle-search +Version Ranges: [,0.8.4) +-------------------------------------------------- +Package Name: apache-airflow +Version Ranges: [2.3.0,2.6.1) +-------------------------------------------------- +Package Name: jupyterlab-lsp +Version Ranges: [,5.0.2) +-------------------------------------------------- +Package Name: label-studio +Version Ranges: [,1.9.2.post0) +-------------------------------------------------- +Package Name: label-studio +Version Ranges: [,1.10.1) +-------------------------------------------------- +Package Name: apache-superset +Version Ranges: [,3.0.3) +-------------------------------------------------- +Package Name: nautobot +Version Ranges: [,1.6.10), [2.0.0, 2.1.2) +-------------------------------------------------- +Package Name: ecdsa +Version Ranges: [0,] +-------------------------------------------------- +Package Name: embedchain +Version Ranges: [,0.1.57) +-------------------------------------------------- +Package Name: pandasai +Version Ranges: [1.5.0,] +-------------------------------------------------- +Package Name: embedchain +Version Ranges: [,0.1.57) +-------------------------------------------------- +Package Name: llama-hub +Version Ranges: [,0.0.67) +-------------------------------------------------- +Package Name: paddlepaddle +Version Ranges: [,2.6.0) +-------------------------------------------------- +Package Name: changedetection.io +Version Ranges: [,0.45.13) +-------------------------------------------------- +Package Name: jupyterlab +Version Ranges: [,3.6.7), [4.0.0,4.0.11) +-------------------------------------------------- +Package Name: jupyterlab +Version Ranges: [4.0.0,4.0.11) +-------------------------------------------------- +Package Name: pillow +Version Ranges: [,10.2.0) +-------------------------------------------------- +Package Name: vyper +Version Ranges: [0.3.2,] +-------------------------------------------------- +Package Name: ansible-core +Version Ranges: [,2.14.14), [2.15.0,2.15.9), [2.16.0,2.16.3) +-------------------------------------------------- +Package Name: pyload-ng +Version Ranges: [,0.5.0b3.dev78) +-------------------------------------------------- +Package Name: readthedocs-sphinx-search +Version Ranges: [,0.3.2) +-------------------------------------------------- +Package Name: zodb3 +Version Ranges: [3.8.0a1,3.8.3), [3.9.0,3.9.0c2) +-------------------------------------------------- +Package Name: templated-dictionary +Version Ranges: [0,] +-------------------------------------------------- +Package Name: pyopenssl +Version Ranges: [22.0.0,] +-------------------------------------------------- +Package Name: cryptography +Version Ranges: [35.0.0,42.0.2) +-------------------------------------------------- +Package Name: flaskcode +Version Ranges: [0,] +-------------------------------------------------- diff --git a/crawler/trans_extracted_data.txt b/crawler/trans_extracted_data.txt new file mode 100644 index 0000000..d69fad8 --- /dev/null +++ b/crawler/trans_extracted_data.txt @@ -0,0 +1,507 @@ +Package Name: apache-airflow +Version Ranges: <2.6.1,>=2.3.0 +-------------------------------------------------- +Package Name: mlflow +Version Ranges: <2.10.0 +-------------------------------------------------- +Package Name: torch +Version Ranges: <1.10.0 +-------------------------------------------------- +Package Name: aiohttp +Version Ranges: <3.9.2,>=1.0.5 +-------------------------------------------------- +Package Name: keras +Version Ranges: <2.13.1rc0 +-------------------------------------------------- +Package Name: llama-index +Version Ranges: <0.10.24 +-------------------------------------------------- +Package Name: zenml +Version Ranges: <0.42.2,<0.43.1,<0.44.4,<0.47.0,>=0.43.0,>=0.44.0,>=0.46.0 +-------------------------------------------------- +Package Name: gradio +Version Ranges: <4.9.0 +-------------------------------------------------- +Package Name: bentoml +Version Ranges: <1.2.5 +-------------------------------------------------- +Package Name: langchain +Version Ranges: <0.0.353 +-------------------------------------------------- +Package Name: scrapy +Version Ranges: <1.8.4,<2.11.1,>=2.0.0 +-------------------------------------------------- +Package Name: sqlparse +Version Ranges: <0.5.0 +-------------------------------------------------- +Package Name: gunicorn +Version Ranges: <22.0.0 +-------------------------------------------------- +Package Name: magnum +Version Ranges: <14.1.2,<15.0.2,<16.0.2,<17.0.2,>=15.0.0.0rc1,>=16.0.0.0rc1,>=17.0.0.0rc1 +-------------------------------------------------- +Package Name: nicegui +Version Ranges: <1.4.21,>=1.4.6 +-------------------------------------------------- +Package Name: idna +Version Ranges: <3.7 +-------------------------------------------------- +Package Name: llama-index-core +Version Ranges: <0.10.24 +-------------------------------------------------- +Package Name: litellm +Version Ranges: <1.34.42 +-------------------------------------------------- +Package Name: roundup +Version Ranges: <1.2.1,<1.4.6,>=1.2.0,>=1.4.0 +-------------------------------------------------- +Package Name: transformers +Version Ranges: <4.37.0 +-------------------------------------------------- +Package Name: dirac +Version Ranges: <8.0.37,<9.0.0a22,>=8.0.0,>=8.1.0a1 +-------------------------------------------------- +Package Name: yt-dlp +Version Ranges: <2024.4.9,>=2021.4.11 +-------------------------------------------------- +Package Name: rafcon +Version Ranges: <0.15.4 +-------------------------------------------------- +Package Name: radicale +Version Ranges: <3.0.0 +-------------------------------------------------- +Package Name: pcaspy +Version Ranges: <0.7.1 +-------------------------------------------------- +Package Name: holidays +Version Ranges: <0.45 +-------------------------------------------------- +Package Name: evennia +Version Ranges: <4.0.0 +-------------------------------------------------- +Package Name: django-json-widget +Version Ranges: <2.0.0 +-------------------------------------------------- +Package Name: avocado-framework +Version Ranges: <104.0 +-------------------------------------------------- +Package Name: arrendatools.plantillas +Version Ranges: <0.4.3 +-------------------------------------------------- +Package Name: amazon-product-details-scraper +Version Ranges: <1.0.4 +-------------------------------------------------- +Package Name: aiopioneer +Version Ranges: <0.1.5 +-------------------------------------------------- +Package Name: pgadmin4 +Version Ranges: <8.4 +-------------------------------------------------- +Package Name: pymongo +Version Ranges: <4.6.3 +-------------------------------------------------- +Package Name: voila +Version Ranges: <0.2.17,<0.3.8,<0.4.4,<0.5.6,>=0.0.2,>=0.3.0a0,>=0.4.0a0,>=0.5.0a0 +-------------------------------------------------- +Package Name: piccolo-admin +Version Ranges: <1.3.2 +-------------------------------------------------- +Package Name: cryptoauthlib +Version Ranges: <20200912 +-------------------------------------------------- +Package Name: mosaicml +Version Ranges: <0.5.0 +-------------------------------------------------- +Package Name: mlrun +Version Ranges: <1.7.0rc5 +-------------------------------------------------- +Package Name: eventlet +Version Ranges: <0.34.3 +-------------------------------------------------- +Package Name: salt +Version Ranges: <3005.5 +-------------------------------------------------- +Package Name: django-two-factor-auth +Version Ranges: <1.13 +-------------------------------------------------- +Package Name: pillow +Version Ranges: <10.2.0 +-------------------------------------------------- +Package Name: ipywidgets +Version Ranges: <5.2.0,>=5.0.0 +-------------------------------------------------- +Package Name: pylint +Version Ranges: <2.6.1 +-------------------------------------------------- +Package Name: pytest-cov +Version Ranges: <2.0.0 +-------------------------------------------------- +Package Name: jupyterhub +Version Ranges: <4.1.0 +-------------------------------------------------- +Package Name: geonode +Version Ranges: <4.1.0 +-------------------------------------------------- +Package Name: langchain-core +Version Ranges: <0.1.7 +-------------------------------------------------- +Package Name: lektor +Version Ranges: <3.3.11 +-------------------------------------------------- +Package Name: ansys-geometry-core +Version Ranges: <0.3.3,<0.4.12,>=0.3.0,>=0.4.0 +-------------------------------------------------- +Package Name: nautobot +Version Ranges: <1.6.10,<2.1.2,>=2.0.0 +-------------------------------------------------- +Package Name: mobsfscan +Version Ranges: <0.3.8 +-------------------------------------------------- +Package Name: esphome +Version Ranges: <2024.2.1 +-------------------------------------------------- +Package Name: qiskit-ibm-runtime +Version Ranges: <0.21.2,>=0.1.0 +-------------------------------------------------- +Package Name: jupyter-server-proxy +Version Ranges: <3.2.3,<4.1.1,>=4.0.0 +-------------------------------------------------- +Package Name: oauthenticator +Version Ranges: <16.3.0 +-------------------------------------------------- +Package Name: octoprint +Version Ranges: <1.10.0rc1 +-------------------------------------------------- +Package Name: wiki +Version Ranges: <0.10.1 +-------------------------------------------------- +Package Name: astropy +Version Ranges: <5.3.3 +-------------------------------------------------- +Package Name: yaql +Version Ranges: <3.0.0 +-------------------------------------------------- +Package Name: black +Version Ranges: <24.3.0 +-------------------------------------------------- +Package Name: fgr +Version Ranges: <0.4.0 +-------------------------------------------------- +Package Name: vantage6 +Version Ranges: <4.2.0 +-------------------------------------------------- +Package Name: paddlepaddle +Version Ranges: <2.6.0 +-------------------------------------------------- +Package Name: mssql-django +Version Ranges: <1.4.1 +-------------------------------------------------- +Package Name: aiosmtpd +Version Ranges: <1.4.5 +-------------------------------------------------- +Package Name: ckan +Version Ranges: <2.10.1,<2.9.9,>=2.10.0 +-------------------------------------------------- +Package Name: langchain-community +Version Ranges: <0.0.27 +-------------------------------------------------- +Package Name: libosdp +Version Ranges: <3.0.0 +-------------------------------------------------- +Package Name: weasyprint +Version Ranges: <61.2,>=61.0 +-------------------------------------------------- +Package Name: apache-superset +Version Ranges: <3.0.3 +-------------------------------------------------- +Package Name: jwcrypto +Version Ranges: <1.5.6,>=0.5.0 +-------------------------------------------------- +Package Name: paho-mqtt +Version Ranges: <1.1 +-------------------------------------------------- +Package Name: rq +Version Ranges: <0.7.1 +-------------------------------------------------- +Package Name: eth-abi +Version Ranges: <5.0.1 +-------------------------------------------------- +Package Name: prefect +Version Ranges: <2.15.0 +-------------------------------------------------- +Package Name: django-treenode +Version Ranges: <0.20.0 +-------------------------------------------------- +Package Name: hypercorn +Version Ranges: <0.16.0 +-------------------------------------------------- +Package Name: streamlink +Version Ranges: <5.3.0 +-------------------------------------------------- +Package Name: kedro +Version Ranges: <0.19.3 +-------------------------------------------------- +Package Name: pyccel +Version Ranges: <1.9.0 +-------------------------------------------------- +Package Name: django +Version Ranges: <3.2.24,<4.2.10,<5.0.2,>=3.2,>=4.2,>=5.0 +-------------------------------------------------- +Package Name: videomass +Version Ranges: <5.0.4 +-------------------------------------------------- +Package Name: ultralytics +Version Ranges: <8.1.0 +-------------------------------------------------- +Package Name: intel-extension-for-transformers +Version Ranges: <1.2.2 +-------------------------------------------------- +Package Name: labgrid +Version Ranges: <23.0.2 +-------------------------------------------------- +Package Name: docassemble.webapp +Version Ranges: <1.4.97 +-------------------------------------------------- +Package Name: docassemble.base +Version Ranges: <1.4.97,>=1.4.53 +-------------------------------------------------- +Package Name: docassemble +Version Ranges: <1.4.97 +-------------------------------------------------- +Package Name: langchain-experimental +Version Ranges: <0.0.52 +-------------------------------------------------- +Package Name: label-studio +Version Ranges: <1.10.1 +-------------------------------------------------- +Package Name: rpyc +Version Ranges: <5.2.1 +-------------------------------------------------- +Package Name: peewee +Version Ranges: <3.17.1 +-------------------------------------------------- +Package Name: urllib3-future +Version Ranges: <2.4.902 +-------------------------------------------------- +Package Name: flask-appbuilder +Version Ranges: <4.3.11 +-------------------------------------------------- +Package Name: pretix +Version Ranges: <2024.1.1 +-------------------------------------------------- +Package Name: orjson +Version Ranges: <3.9.15 +-------------------------------------------------- +Package Name: pypqc +Version Ranges: <0.0.6.1 +-------------------------------------------------- +Package Name: mjml +Version Ranges: <0.11.0 +-------------------------------------------------- +Package Name: onnx +Version Ranges: <1.16.0 +-------------------------------------------------- +Package Name: fastecdsa +Version Ranges: <2.3.2 +-------------------------------------------------- +Package Name: pymatgen +Version Ranges: <2024.2.20 +-------------------------------------------------- +Package Name: cryptography +Version Ranges: <42.0.2,>=35.0.0 +-------------------------------------------------- +Package Name: apache-airflow-providers-mongo +Version Ranges: <4.0.0,>=1.0.0 +-------------------------------------------------- +Package Name: cbor2 +Version Ranges: <5.6.0 +-------------------------------------------------- +Package Name: intel-extension-for-tensorflow +Version Ranges: <2.13.0.0 +-------------------------------------------------- +Package Name: tuf +Version Ranges: <3.1.1,>=2.0.0 +-------------------------------------------------- +Package Name: zpywallet +Version Ranges: <0.6.2 +-------------------------------------------------- +Package Name: dipdup +Version Ranges: <3.0.2 +-------------------------------------------------- +Package Name: clip-retrieval +Version Ranges: <2.23.1 +-------------------------------------------------- +Package Name: procrastinate +Version Ranges: <0.11.0 +-------------------------------------------------- +Package Name: embedchain +Version Ranges: <0.1.57 +-------------------------------------------------- +Package Name: miarec-ftpfs +Version Ranges: <2024.1.2 +-------------------------------------------------- +Package Name: miarec-sshfs +Version Ranges: <2024.1.5 +-------------------------------------------------- +Package Name: linkml +Version Ranges: <1.5.2 +-------------------------------------------------- +Package Name: toodledo +Version Ranges: <1.5.0 +-------------------------------------------------- +Package Name: renku +Version Ranges: <1.11.0 +-------------------------------------------------- +Package Name: vunnel +Version Ranges: <0.18.0 +-------------------------------------------------- +Package Name: panda3d +Version Ranges: <1.9.4 +-------------------------------------------------- +Package Name: ludwig +Version Ranges: <0.7 +-------------------------------------------------- +Package Name: ethyca-fides +Version Ranges: <2.1.0 +-------------------------------------------------- +Package Name: hiddifypanel +Version Ranges: <9.0.0.dev30 +-------------------------------------------------- +Package Name: dgl +Version Ranges: <0.9.0 +-------------------------------------------------- +Package Name: deephaven-core +Version Ranges: <0.30.0 +-------------------------------------------------- +Package Name: borgmatic +Version Ranges: <1.8.7 +-------------------------------------------------- +Package Name: cg +Version Ranges: <26.0.4 +-------------------------------------------------- +Package Name: ccryptofeed +Version Ranges: <2.2.3 +-------------------------------------------------- +Package Name: c2cgeoform +Version Ranges: <2.1.26 +-------------------------------------------------- +Package Name: appfl +Version Ranges: <0.4.0 +-------------------------------------------------- +Package Name: nonebot2 +Version Ranges: <2.2.0,>=2.0.0a16 +-------------------------------------------------- +Package Name: acryl-datahub +Version Ranges: <0.8.45 +-------------------------------------------------- +Package Name: bullmq +Version Ranges: <1.15.0 +-------------------------------------------------- +Package Name: aiobotocore +Version Ranges: <2.9.1 +-------------------------------------------------- +Package Name: diffoscope +Version Ranges: <256 +-------------------------------------------------- +Package Name: kinto-attachment +Version Ranges: <6.4.0 +-------------------------------------------------- +Package Name: bandit +Version Ranges: <1.7.7 +-------------------------------------------------- +Package Name: dnspython +Version Ranges: <2.6.1 +-------------------------------------------------- +Package Name: products.sqlalchemyda +Version Ranges: <2.2 +-------------------------------------------------- +Package Name: clearml +Version Ranges: <1.14.2 +-------------------------------------------------- +Package Name: tensorflow +Version Ranges: <1.7.1 +-------------------------------------------------- +Package Name: pyload-ng +Version Ranges: <0.5.0b3.dev78 +-------------------------------------------------- +Package Name: fastapi +Version Ranges: <0.109.1 +-------------------------------------------------- +Package Name: python-multipart +Version Ranges: <0.0.7 +-------------------------------------------------- +Package Name: kinto +Version Ranges: <6.1.0 +-------------------------------------------------- +Package Name: cupy +Version Ranges: <13.0.0 +-------------------------------------------------- +Package Name: llama-hub +Version Ranges: <0.0.67 +-------------------------------------------------- +Package Name: borgbackup +Version Ranges: <1.0.7 +-------------------------------------------------- +Package Name: snakemake +Version Ranges: <7.9.0 +-------------------------------------------------- +Package Name: lief +Version Ranges: <0.12.3 +-------------------------------------------------- +Package Name: checkov +Version Ranges: <2.0.1029 +-------------------------------------------------- +Package Name: dash-html-components +Version Ranges: <2.0.0 +-------------------------------------------------- +Package Name: dash +Version Ranges: <2.15.0 +-------------------------------------------------- +Package Name: dash-core-components +Version Ranges: <2.0.0 +-------------------------------------------------- +Package Name: glance-store +Version Ranges: <4.3.3,<4.7.0,>=4.4.0 +-------------------------------------------------- +Package Name: dagster +Version Ranges: <1.1.10 +-------------------------------------------------- +Package Name: wagtail +Version Ranges: <5.2rc1 +-------------------------------------------------- +Package Name: pycryptodome +Version Ranges: <3.19.1 +-------------------------------------------------- +Package Name: celery +Version Ranges: <4.4.0rc5 +-------------------------------------------------- +Package Name: vantage6-server +Version Ranges: <4.2.0 +-------------------------------------------------- +Package Name: tuitse-tsusin +Version Ranges: <1.3.2 +-------------------------------------------------- +Package Name: apache-airflow-providers-cncf-kubernetes +Version Ranges: <7.0.0,>=5.2.0 +-------------------------------------------------- +Package Name: whoogle-search +Version Ranges: <0.8.4 +-------------------------------------------------- +Package Name: jupyterlab-lsp +Version Ranges: <5.0.2 +-------------------------------------------------- +Package Name: changedetection.io +Version Ranges: <0.45.13 +-------------------------------------------------- +Package Name: jupyterlab +Version Ranges: <4.0.11,>=4.0.0 +-------------------------------------------------- +Package Name: ansible-core +Version Ranges: <2.14.14,<2.15.9,<2.16.3,>=2.15.0,>=2.16.0 +-------------------------------------------------- +Package Name: readthedocs-sphinx-search +Version Ranges: <0.3.2 +-------------------------------------------------- +Package Name: zodb3 +Version Ranges: <3.8.3,<3.9.0c2,>=3.8.0a1,>=3.9.0 +-------------------------------------------------- diff --git a/crawler/transfer.py b/crawler/transfer.py new file mode 100644 index 0000000..4888218 --- /dev/null +++ b/crawler/transfer.py @@ -0,0 +1,48 @@ +"""转换原有的漏洞文件格式""" + +import re +from packaging.specifiers import SpecifierSet + + +def load_vulnerable_packages(filename): + """从文件加载有漏洞的包信息""" + with open(filename, "r", encoding="utf-8") as file: + content = file.read() + vulnerabilities = {} + blocks = content.split("--------------------------------------------------") + range_pattern = re.compile(r"\[(.*?),\s*(.*?)\)") + + for block in blocks: + name_match = re.search(r"Package Name: (.+)", block) + if name_match: + package_name = name_match.group(1).strip() + ranges = range_pattern.findall(block) + specifier_list = [] + for start, end in ranges: + if start and end: + specifier_list.append(f">={start},<{end}") + elif start: + specifier_list.append(f">={start}") + elif end: + specifier_list.append(f"<{end}") + if specifier_list: + vulnerabilities[package_name] = SpecifierSet(",".join(specifier_list)) + return vulnerabilities + + +def save_vulnerabilities_to_file(vuln_packages, filename): + """将漏洞信息写入到文件中""" + with open(filename, "w", encoding="utf-8") as file: + for package, specifiers in vuln_packages.items(): + file.write(f"Package Name: {package}\n") + file.write(f"Version Ranges: {specifiers}\n") + file.write("-" * 50 + "\n") + + +def main(): + vulnerabilities = load_vulnerable_packages("extracted_data.txt") + save_vulnerabilities_to_file(vulnerabilities, "trans_extracted_data.txt") + + +if __name__ == "__main__": + main() -- 2.47.2 From 278e9ee42edbf53d9352f654193443d1dabd0b17 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Mon, 22 Apr 2024 17:07:03 +0800 Subject: [PATCH 35/60] =?UTF-8?q?perf:=20=E8=AE=BE=E7=BD=AE=E4=BE=9D?= =?UTF-8?q?=E8=B5=96=E6=A3=80=E6=B5=8B=E7=BB=93=E6=9E=9C=E8=BE=93=E5=87=BA?= =?UTF-8?q?=E8=B7=AF=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- results/requirements/results.html | 9 +++++++++ results/requirements/results.md | 7 +++++++ results/requirements/results.txt | 6 ++++++ 3 files changed, 22 insertions(+) create mode 100644 results/requirements/results.html create mode 100644 results/requirements/results.md create mode 100644 results/requirements/results.txt diff --git a/results/requirements/results.html b/results/requirements/results.html new file mode 100644 index 0000000..a5dd084 --- /dev/null +++ b/results/requirements/results.html @@ -0,0 +1,9 @@ +Vulnerability Report +

        Vulnerability Report

        +

        OK: apache-airflow==2.8.0 is not affected.

        +

        WARNING: mlflow==2.5.1 is vulnerable!

        +

        OK: torch==2.0.0 is not affected.

        +

        WARNING: aiohttp==3.6.2 is vulnerable!

        +

        OK: flask not found in the vulnerability database.

        +

        OK: numpy not found in the vulnerability database.

        + \ No newline at end of file diff --git a/results/requirements/results.md b/results/requirements/results.md new file mode 100644 index 0000000..91eebe2 --- /dev/null +++ b/results/requirements/results.md @@ -0,0 +1,7 @@ +# Vulnerability Report +* OK: apache-airflow==2.8.0 is not affected. +* WARNING: mlflow==2.5.1 is vulnerable! +* OK: torch==2.0.0 is not affected. +* WARNING: aiohttp==3.6.2 is vulnerable! +* OK: flask not found in the vulnerability database. +* OK: numpy not found in the vulnerability database. diff --git a/results/requirements/results.txt b/results/requirements/results.txt new file mode 100644 index 0000000..0885c01 --- /dev/null +++ b/results/requirements/results.txt @@ -0,0 +1,6 @@ +OK: apache-airflow==2.8.0 is not affected. +WARNING: mlflow==2.5.1 is vulnerable! +OK: torch==2.0.0 is not affected. +WARNING: aiohttp==3.6.2 is vulnerable! +OK: flask not found in the vulnerability database. +OK: numpy not found in the vulnerability database. -- 2.47.2 From f2d4e1befc77d163c564bc0f3e0db79f954d10a2 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Mon, 22 Apr 2024 17:07:50 +0800 Subject: [PATCH 36/60] =?UTF-8?q?perf:=20=E4=BF=AE=E6=94=B9=E6=A3=80?= =?UTF-8?q?=E6=B5=8B=E7=BB=93=E6=9E=9C=E8=BE=93=E5=87=BA=E8=B7=AF=E5=BE=84?= =?UTF-8?q?=EF=BC=9B=E5=88=A0=E9=99=A4=E6=B5=8B=E8=AF=95=E6=A8=A1=E5=9D=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- detection/backdoor_detection.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/detection/backdoor_detection.py b/detection/backdoor_detection.py index f5139ae..4d539d2 100644 --- a/detection/backdoor_detection.py +++ b/detection/backdoor_detection.py @@ -1,3 +1,5 @@ +# Usage: python backdoor_detection.py + import os import re import sys @@ -70,7 +72,7 @@ def output_results( results: Dict[str, List[Tuple[int, str]]], output_format: str, file_path: str ): # Create the 'results' directory if it does not exist - results_dir = "../results" + results_dir = "../results/code" if not os.path.exists(results_dir): os.makedirs(results_dir) @@ -146,10 +148,6 @@ def process_path(path: str, output_format: str): sys.exit(1) -def test(): - print("hello world") - - def main(): if len(sys.argv) < 3: print("Usage: python backdoor_detection.py ") -- 2.47.2 From 57145589651e1ad49bc56507fac287c49d355d58 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Mon, 22 Apr 2024 17:08:31 +0800 Subject: [PATCH 37/60] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E4=BE=9D?= =?UTF-8?q?=E8=B5=96=E6=BC=8F=E6=B4=9E=E6=A3=80=E6=B5=8B=E6=A8=A1=E5=9D=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- detection/requirements_detection.py | 97 +++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 detection/requirements_detection.py diff --git a/detection/requirements_detection.py b/detection/requirements_detection.py new file mode 100644 index 0000000..2daba0d --- /dev/null +++ b/detection/requirements_detection.py @@ -0,0 +1,97 @@ +# Usage: python requirements_detection.py ../crawler/trans_extracted_data.txt ../requirements.txt + +import sys +import os +from packaging import version +from packaging.specifiers import SpecifierSet +import re + + +def load_vulnerable_packages(filename): + """从文件加载有漏洞的包信息""" + with open(filename, "r", encoding="utf-8") as file: + content = file.read() + vulnerabilities = {} + blocks = content.split("--------------------------------------------------") + for block in blocks: + name_match = re.search(r"Package Name: (.+)", block) + range_match = re.search(r"Version Ranges: (.+)", block) + if name_match and range_match: + package_name = name_match.group(1).strip() + version_range = range_match.group(1).strip() + version_range = ",".join( + [part.strip() for part in version_range.split(",")] + ) + vulnerabilities[package_name] = SpecifierSet(version_range) + return vulnerabilities + + +def load_requirements(filename): + """从文件加载项目的依赖信息""" + with open(filename, "r", encoding="utf-8") as file: + lines = file.readlines() + requirements = {} + for line in lines: + if "==" in line: + package_name, package_version = line.strip().split("==") + requirements[package_name] = package_version + return requirements + + +def output_results(filename, results, format_type): + """根据指定的格式输出结果""" + output_dir = os.path.dirname(filename) + if not os.path.exists(output_dir): + os.makedirs(output_dir) + + with open(filename, "w", encoding="utf-8") as file: + if format_type == "html": + file.write("Vulnerability Report\n") + file.write("

        Vulnerability Report

        \n") + for result in results: + file.write(f"

        {result}

        \n") + file.write("") + elif format_type == "md": + file.write("# Vulnerability Report\n") + for result in results: + file.write(f"* {result}\n") + else: # default to txt + for result in results: + file.write(f"{result}\n") + + +def check_vulnerabilities(requirements, vulnerabilities, output_format): + """检查依赖项是否存在已知漏洞,并输出结果""" + results = [] + for req_name, req_version in requirements.items(): + if req_name in vulnerabilities: + spec = vulnerabilities[req_name] + if version.parse(req_version) in spec: + results.append(f"WARNING: {req_name}=={req_version} is vulnerable!") + else: + results.append(f"OK: {req_name}=={req_version} is not affected.") + else: + results.append(f"OK: {req_name} not found in the vulnerability database.") + output_results( + "../results/requirements/results." + output_format, results, output_format + ) + + +def main(): + if len(sys.argv) < 4: + print( + "Usage: python script.py " + ) + sys.exit(1) + + vulnerabilities_file = sys.argv[1] + requirements_file = sys.argv[2] + output_format = sys.argv[3] + + vulnerabilities = load_vulnerable_packages(vulnerabilities_file) + requirements = load_requirements(requirements_file) + check_vulnerabilities(requirements, vulnerabilities, output_format) + + +if __name__ == "__main__": + main() -- 2.47.2 From b0a99cb4f7b1ed9b2d9d0145f227a53db092e1c7 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 17:12:35 +0800 Subject: [PATCH 38/60] =?UTF-8?q?test:=20=E6=B5=8B=E8=AF=95action.yml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 29 +++++++++++++++++++++++++++++ .github/workflows/python-test.yml | 18 ------------------ 2 files changed, 29 insertions(+), 18 deletions(-) create mode 100644 .github/workflows/detection.yml delete mode 100644 .github/workflows/python-test.yml diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml new file mode 100644 index 0000000..916656f --- /dev/null +++ b/.github/workflows/detection.yml @@ -0,0 +1,29 @@ +name: Vulnerability and Backdoor Detection Workflow + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Install dependencies + run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple + - name: Run tests + run: python -m unittest discover -s tests + + security_check: + runs-on: ubuntu-latest + needs: build # 确保安全检查在构建后执行 + steps: + - uses: actions/checkout@v2 + - uses: ./ # 使用当前仓库的根目录下的 action.yml + with: + code_path: "./src" + vulnerabilities_file: "./data/vulnerabilities.txt" + requirements_file: "./data/requirements.txt" + output_format: "txt" diff --git a/.github/workflows/python-test.yml b/.github/workflows/python-test.yml deleted file mode 100644 index 1042ee4..0000000 --- a/.github/workflows/python-test.yml +++ /dev/null @@ -1,18 +0,0 @@ -name: Python application test - -on: - push: - branches: [main] - pull_request: - branches: [main] - -jobs: - build: - runs-on: "ubuntu-latest" - - steps: - - uses: actions/checkout@v2 - - name: Install dependencies - run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - - name: Run tests - run: python -m unittest discover -s tests -- 2.47.2 From 3f2f6070a8dd6e70829c54b08269464381d20c53 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 17:13:09 +0800 Subject: [PATCH 39/60] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E9=9B=86?= =?UTF-8?q?=E6=88=90=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- action.yml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 action.yml diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..38160ce --- /dev/null +++ b/action.yml @@ -0,0 +1,35 @@ +name: "Backdoor Detection" +description: "Perform backdoor and vulnerability detection on your code and dependencies." +inputs: + code_path: + description: "Path to the code directory to be analyzed." + required: true + vulnerabilities_file: + description: "Path to the vulnerabilities file for requirements detection." + required: true + requirements_file: + description: "Path to the requirements.txt file." + required: true + output_format: + description: "Output format for the detection results (html, md, txt)." + required: true + default: "txt" +runs: + using: "composite" + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: "3.x" + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install packaging + - name: Run Backdoor Detection + run: python ${{ github.workspace }}/detection/backdoor_detection.py ${{ inputs.code_path }} ${{ inputs.output_format }} + shell: bash + - name: Run Requirements Detection + run: python ${{ github.workspace }}/detection/requirements_detection.py ${{ github.workspace }}/crawler/trans_extracted_data.txt ${{ inputs.requirements_file }} ${{ inputs.output_format }} + shell: bash -- 2.47.2 From b01e1f9a46a096e8a3964c141c1bca511e35bebe Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 17:13:36 +0800 Subject: [PATCH 40/60] =?UTF-8?q?test:=20=E4=BF=9D=E7=95=99=E5=8E=9F?= =?UTF-8?q?=E6=9C=89=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- python-test.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 python-test.yml diff --git a/python-test.yml b/python-test.yml new file mode 100644 index 0000000..1042ee4 --- /dev/null +++ b/python-test.yml @@ -0,0 +1,18 @@ +name: Python application test + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + build: + runs-on: "ubuntu-latest" + + steps: + - uses: actions/checkout@v2 + - name: Install dependencies + run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple + - name: Run tests + run: python -m unittest discover -s tests -- 2.47.2 From 9d5879b7960b420874c83e18298db140f2f30956 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 17:17:03 +0800 Subject: [PATCH 41/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E6=96=87?= =?UTF-8?q?=E4=BB=B6=E8=B7=AF=E5=BE=84=E5=8F=82=E6=95=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 5 ++--- action.yml | 3 --- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index 916656f..f4cca70 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -23,7 +23,6 @@ jobs: - uses: actions/checkout@v2 - uses: ./ # 使用当前仓库的根目录下的 action.yml with: - code_path: "./src" - vulnerabilities_file: "./data/vulnerabilities.txt" - requirements_file: "./data/requirements.txt" + code_path: "./tests" + requirements_file: "./requirements.txt" output_format: "txt" diff --git a/action.yml b/action.yml index 38160ce..75ef916 100644 --- a/action.yml +++ b/action.yml @@ -4,9 +4,6 @@ inputs: code_path: description: "Path to the code directory to be analyzed." required: true - vulnerabilities_file: - description: "Path to the vulnerabilities file for requirements detection." - required: true requirements_file: description: "Path to the requirements.txt file." required: true -- 2.47.2 From da24e1b10392afe9b3f6ccd15d2cb655ff690669 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 19:04:21 +0800 Subject: [PATCH 42/60] =?UTF-8?q?feat:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index f4cca70..91d068b 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -21,6 +21,10 @@ jobs: needs: build # 确保安全检查在构建后执行 steps: - uses: actions/checkout@v2 + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: "3.9" # 或选择一个适合你项目的具体版本,比如3.8, 3.7等 - uses: ./ # 使用当前仓库的根目录下的 action.yml with: code_path: "./tests" -- 2.47.2 From 37d5c8072438ed5ba4fc7aff4556f285812b78f0 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 19:06:29 +0800 Subject: [PATCH 43/60] =?UTF-8?q?feat:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index 91d068b..fa2db37 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -21,10 +21,8 @@ jobs: needs: build # 确保安全检查在构建后执行 steps: - uses: actions/checkout@v2 - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: "3.9" # 或选择一个适合你项目的具体版本,比如3.8, 3.7等 + - name: Install dependencies + run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - uses: ./ # 使用当前仓库的根目录下的 action.yml with: code_path: "./tests" -- 2.47.2 From 4bafab90f493f6b0f21f5d077fe2d32bffa92e99 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 19:12:27 +0800 Subject: [PATCH 44/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E7=BB=93?= =?UTF-8?q?=E6=9E=9C=E4=BF=9D=E5=AD=98=E8=B7=AF=E5=BE=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- detection/backdoor_detection.py | 3 ++- detection/requirements_detection.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/detection/backdoor_detection.py b/detection/backdoor_detection.py index 4d539d2..457ca93 100644 --- a/detection/backdoor_detection.py +++ b/detection/backdoor_detection.py @@ -72,7 +72,8 @@ def output_results( results: Dict[str, List[Tuple[int, str]]], output_format: str, file_path: str ): # Create the 'results' directory if it does not exist - results_dir = "../results/code" + # 这里如果集成测试的话应该设置为./ + results_dir = "./results/code" if not os.path.exists(results_dir): os.makedirs(results_dir) diff --git a/detection/requirements_detection.py b/detection/requirements_detection.py index 2daba0d..1350aa0 100644 --- a/detection/requirements_detection.py +++ b/detection/requirements_detection.py @@ -72,8 +72,9 @@ def check_vulnerabilities(requirements, vulnerabilities, output_format): results.append(f"OK: {req_name}=={req_version} is not affected.") else: results.append(f"OK: {req_name} not found in the vulnerability database.") + # 集成测试这里应该修改为./ output_results( - "../results/requirements/results." + output_format, results, output_format + "./results/requirements/results." + output_format, results, output_format ) -- 2.47.2 From d38f217b9696b335f8e5b44346f0df3437a7c89d Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 19:28:40 +0800 Subject: [PATCH 45/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index fa2db37..727a49e 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -23,8 +23,8 @@ jobs: - uses: actions/checkout@v2 - name: Install dependencies run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - - uses: ./ # 使用当前仓库的根目录下的 action.yml - with: - code_path: "./tests" - requirements_file: "./requirements.txt" - output_format: "txt" + # - uses: ./ # 使用当前仓库的根目录下的 action.yml + # with: + # code_path: "./tests" + # requirements_file: "./requirements.txt" + # output_format: "txt" -- 2.47.2 From ad41eea7d992a06c5c101ded8627847b29a785b3 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 19:34:18 +0800 Subject: [PATCH 46/60] =?UTF-8?q?fix:=20=E7=A7=BB=E9=99=A4=E5=8E=9F?= =?UTF-8?q?=E6=9C=89=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- python-test.yml => tests/python-test.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename python-test.yml => tests/python-test.yml (100%) diff --git a/python-test.yml b/tests/python-test.yml similarity index 100% rename from python-test.yml rename to tests/python-test.yml -- 2.47.2 From 4ea3685635f3323bb56497a8022ca3433b31011f Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 19:43:40 +0800 Subject: [PATCH 47/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../actions/Auto_check_backdoor/action.yml | 32 ++++++++++++++++++ .github/workflows/detection.yml | 33 ++++++++++--------- 2 files changed, 49 insertions(+), 16 deletions(-) create mode 100644 .github/actions/Auto_check_backdoor/action.yml diff --git a/.github/actions/Auto_check_backdoor/action.yml b/.github/actions/Auto_check_backdoor/action.yml new file mode 100644 index 0000000..75ef916 --- /dev/null +++ b/.github/actions/Auto_check_backdoor/action.yml @@ -0,0 +1,32 @@ +name: "Backdoor Detection" +description: "Perform backdoor and vulnerability detection on your code and dependencies." +inputs: + code_path: + description: "Path to the code directory to be analyzed." + required: true + requirements_file: + description: "Path to the requirements.txt file." + required: true + output_format: + description: "Output format for the detection results (html, md, txt)." + required: true + default: "txt" +runs: + using: "composite" + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Set up Python + uses: actions/setup-python@v2 + with: + python-version: "3.x" + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install packaging + - name: Run Backdoor Detection + run: python ${{ github.workspace }}/detection/backdoor_detection.py ${{ inputs.code_path }} ${{ inputs.output_format }} + shell: bash + - name: Run Requirements Detection + run: python ${{ github.workspace }}/detection/requirements_detection.py ${{ github.workspace }}/crawler/trans_extracted_data.txt ${{ inputs.requirements_file }} ${{ inputs.output_format }} + shell: bash diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index 727a49e..0058dd8 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -7,24 +7,25 @@ on: branches: [main] jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Install dependencies - run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - - name: Run tests - run: python -m unittest discover -s tests + # build: + # runs-on: ubuntu-latest + # steps: + # - uses: actions/checkout@v2 + # - name: Install dependencies + # run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple + # - name: Run tests + # run: python -m unittest discover -s tests security_check: runs-on: ubuntu-latest - needs: build # 确保安全检查在构建后执行 + # needs: build # 确保安全检查在构建后执行 steps: - uses: actions/checkout@v2 - - name: Install dependencies - run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - # - uses: ./ # 使用当前仓库的根目录下的 action.yml - # with: - # code_path: "./tests" - # requirements_file: "./requirements.txt" - # output_format: "txt" + # - name: Install dependencies + # run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple + - name: Run Backdoor and Vulnerability Detection + - uses: sangge/BackDoorBuster/.github/actions/Auto_check_backdoor/ # 使用当前仓库的根目录下的 action.yml + with: + code_path: "./tests" + requirements_file: "./requirements.txt" + output_format: "txt" -- 2.47.2 From 00af8557aed218c8ef37b287ff0cba747ad38150 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 19:47:16 +0800 Subject: [PATCH 48/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index 0058dd8..b8d1261 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -24,7 +24,7 @@ jobs: # - name: Install dependencies # run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - name: Run Backdoor and Vulnerability Detection - - uses: sangge/BackDoorBuster/.github/actions/Auto_check_backdoor/ # 使用当前仓库的根目录下的 action.yml + - uses: sangge/BackDoorBuster@feature/match # 使用当前仓库的根目录下的 action.yml with: code_path: "./tests" requirements_file: "./requirements.txt" -- 2.47.2 From 65336442222c5188637e49303560898c4d434c5f Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 19:50:12 +0800 Subject: [PATCH 49/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index b8d1261..db5bb67 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -24,7 +24,7 @@ jobs: # - name: Install dependencies # run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - name: Run Backdoor and Vulnerability Detection - - uses: sangge/BackDoorBuster@feature/match # 使用当前仓库的根目录下的 action.yml + uses: sangge/BackDoorBuster@feature/match # 使用BackDoorBuster仓库的根目录下的 action.yml with: code_path: "./tests" requirements_file: "./requirements.txt" -- 2.47.2 From 50505aefb336a8e768559876c28badefdd9cafe8 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 20:04:12 +0800 Subject: [PATCH 50/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 28 +++++++++++++++++++++------- requirements.txt | 6 ++++++ 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index db5bb67..7ed62b4 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -21,11 +21,25 @@ jobs: # needs: build # 确保安全检查在构建后执行 steps: - uses: actions/checkout@v2 - # - name: Install dependencies - # run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - - name: Run Backdoor and Vulnerability Detection - uses: sangge/BackDoorBuster@feature/match # 使用BackDoorBuster仓库的根目录下的 action.yml with: - code_path: "./tests" - requirements_file: "./requirements.txt" - output_format: "txt" + repository: "sangge/BackDoorBuster" + ref: "feature/match" + path: "BackDoorBuster" + - name: Install dependencies + run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple + # - name: Run Backdoor and Vulnerability Detection + # uses: sangge/BackDoorBuster@feature/match # 使用BackDoorBuster仓库的根目录下的 action.yml + # with: + # code_path: "./tests" + # requirements_file: "./requirements.txt" + # output_format: "txt" + - name: Clone custom Git repository + run: | + git clone -b feature/match https://git.mamahaha.work/sangge/BackDoorBuster + cd BackDoorBuster/detection + + - name: Run Backdoor Detection + run: python ${{ github.workspace }}/BackDoorBuster/detection/backdoor_detection.py ${{ github.workspace }}/BackDoorBuster/tests txt + + - name: Run Requirements Detection + run: python ${{ github.workspace }}/BackDoorBuster/detection/requirements_detection.py ${{ github.workspace }}/BackDoorBuster/crawler/trans_extracted_data.txt ${{ github.workspace }}/BackDoorBuster/requirements.txt txt diff --git a/requirements.txt b/requirements.txt index e69de29..e3e14f8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -0,0 +1,6 @@ +apache-airflow==2.8.0 +mlflow==2.5.1 +torch==2.0.0 +aiohttp==3.6.2 +flask==1.1.2 +numpy==1.18.5 -- 2.47.2 From c6deb1a1740b66ad429c5315b60b358386245a94 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 20:05:28 +0800 Subject: [PATCH 51/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index 7ed62b4..5f6cdef 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -25,8 +25,8 @@ jobs: repository: "sangge/BackDoorBuster" ref: "feature/match" path: "BackDoorBuster" - - name: Install dependencies - run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple + # - name: Install dependencies + # run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple # - name: Run Backdoor and Vulnerability Detection # uses: sangge/BackDoorBuster@feature/match # 使用BackDoorBuster仓库的根目录下的 action.yml # with: -- 2.47.2 From 323200fd85e164cc2da90a086d2a0be9a4978f6c Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 20:06:27 +0800 Subject: [PATCH 52/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index 5f6cdef..0651804 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -33,10 +33,10 @@ jobs: # code_path: "./tests" # requirements_file: "./requirements.txt" # output_format: "txt" - - name: Clone custom Git repository - run: | - git clone -b feature/match https://git.mamahaha.work/sangge/BackDoorBuster - cd BackDoorBuster/detection + # - name: Clone custom Git repository + # run: | + # git clone -b feature/match https://git.mamahaha.work/sangge/BackDoorBuster + # cd BackDoorBuster/detection - name: Run Backdoor Detection run: python ${{ github.workspace }}/BackDoorBuster/detection/backdoor_detection.py ${{ github.workspace }}/BackDoorBuster/tests txt -- 2.47.2 From 5eee69704ab83a0f08b2c0ddc0b1bd6c820731cf Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Wed, 24 Apr 2024 20:14:20 +0800 Subject: [PATCH 53/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index 0651804..0d0710c 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -33,6 +33,7 @@ jobs: # code_path: "./tests" # requirements_file: "./requirements.txt" # output_format: "txt" + # 需要新建一个仓库进行测试 # - name: Clone custom Git repository # run: | # git clone -b feature/match https://git.mamahaha.work/sangge/BackDoorBuster @@ -43,3 +44,9 @@ jobs: - name: Run Requirements Detection run: python ${{ github.workspace }}/BackDoorBuster/detection/requirements_detection.py ${{ github.workspace }}/BackDoorBuster/crawler/trans_extracted_data.txt ${{ github.workspace }}/BackDoorBuster/requirements.txt txt + + - name: Upload Result Artifacts + uses: actions/upload-artifact@v2 + with: + name: detection-results + path: ./results/code/ -- 2.47.2 From 102c631ed9b76cb44e8d8b6886a044613d905118 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Thu, 25 Apr 2024 17:01:24 +0800 Subject: [PATCH 54/60] =?UTF-8?q?feat:=20=E5=AE=8C=E5=96=84=E5=AF=B9?= =?UTF-8?q?=E4=BA=8E=E4=BB=A3=E7=A0=81=E7=9A=84=E6=AD=A3=E5=88=99=E5=8C=B9?= =?UTF-8?q?=E9=85=8D=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 7 ++ detection/backdoor_detection.py | 204 ++++++++++++++++++++++---------- 2 files changed, 146 insertions(+), 65 deletions(-) diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml index 0651804..0d0710c 100644 --- a/.github/workflows/detection.yml +++ b/.github/workflows/detection.yml @@ -33,6 +33,7 @@ jobs: # code_path: "./tests" # requirements_file: "./requirements.txt" # output_format: "txt" + # 需要新建一个仓库进行测试 # - name: Clone custom Git repository # run: | # git clone -b feature/match https://git.mamahaha.work/sangge/BackDoorBuster @@ -43,3 +44,9 @@ jobs: - name: Run Requirements Detection run: python ${{ github.workspace }}/BackDoorBuster/detection/requirements_detection.py ${{ github.workspace }}/BackDoorBuster/crawler/trans_extracted_data.txt ${{ github.workspace }}/BackDoorBuster/requirements.txt txt + + - name: Upload Result Artifacts + uses: actions/upload-artifact@v2 + with: + name: detection-results + path: ./results/code/ diff --git a/detection/backdoor_detection.py b/detection/backdoor_detection.py index 457ca93..705def4 100644 --- a/detection/backdoor_detection.py +++ b/detection/backdoor_detection.py @@ -1,12 +1,15 @@ -# Usage: python backdoor_detection.py - import os import re import sys from typing import Dict, List, Tuple +from reportlab.lib.pagesizes import letter +from reportlab.pdfgen import canvas +from reportlab.lib.styles import getSampleStyleSheet +from reportlab.platypus import Paragraph, Spacer, SimpleDocTemplate +from reportlab.lib import colors SUPPORTED_EXTENSIONS = {".py", ".js", ".cpp"} -OUTPUT_FORMATS = ["html", "md", "txt"] +OUTPUT_FORMATS = ["html", "md", "txt", "pdf"] def read_file_content(file_path: str) -> str: @@ -57,110 +60,181 @@ def find_dangerous_functions( clean_line = remove_comments(line, file_extension) if not clean_line: continue - found = False for pattern, risk_level in risk_patterns.items(): if re.search(pattern, clean_line): classified_results[risk_level].append((line_number, clean_line)) - found = True - break - if not found: - classified_results["none"].append((line_number, clean_line)) return classified_results -def output_results( - results: Dict[str, List[Tuple[int, str]]], output_format: str, file_path: str -): - # Create the 'results' directory if it does not exist - # 这里如果集成测试的话应该设置为./ - results_dir = "./results/code" - if not os.path.exists(results_dir): - os.makedirs(results_dir) - - base_name = os.path.basename(file_path) - output_file = os.path.join( - results_dir, f"{os.path.splitext(base_name)[0]}.{output_format}" - ) - - if output_format == "html": - output_html(results, output_file) - elif output_format == "md": - output_markdown(results, output_file) - elif output_format == "txt": - output_text(results, output_file) +def generate_text_content(results): + text_output = "Security Analysis Report\n" + for risk_level, entries in results.items(): + if entries and risk_level != "none": + text_output += f"{risk_level.capitalize()} Risk:\n" + for line_num, line in entries: + text_output += f" Line {line_num}: {line}\n" + return text_output -def output_html(results: Dict[str, List[Tuple[int, str]]], file_name: str): - html_output = f"Analysis of {file_name}" +def output_results(results, output_format, output_file=None): + if output_file: + file_name, file_extension = os.path.splitext(output_file) + if output_format not in OUTPUT_FORMATS: + output_format = "txt" + output_file = f"{file_name}.txt" + results_dir = os.path.dirname(output_file) + if not os.path.exists(results_dir): + os.makedirs(results_dir) + if output_format == "pdf": + output_pdf(results, output_file) + elif output_format == "html": + output_html(results, output_file) + elif output_format == "md": + output_markdown(results, output_file) + else: # Default to txt + output_text(results, output_file) + else: + # If no output file is specified, default to text output to the terminal. + txt_output = generate_text_content(results) + print(txt_output) + + +def output_pdf(results: Dict[str, List[Tuple[int, str]]], file_name): + doc = SimpleDocTemplate(file_name, pagesize=letter) + story = [] + styles = getSampleStyleSheet() + + # Add the title centered + title_style = styles["Title"] + title_style.alignment = 1 # Center alignment + title = Paragraph("Security Analysis Report", title_style) + story.append(title) + story.append(Spacer(1, 20)) # Space after title + + # Add risk levels and entries + normal_style = styles["BodyText"] + for risk_level, entries in results.items(): + if risk_level != "none": + story.append( + Paragraph(f"{risk_level.capitalize()} Risk:", styles["Heading2"]) + ) + for line_num, line in entries: + entry = Paragraph(f"Line {line_num}: {line}", normal_style) + story.append(entry) + story.append(Spacer(1, 12)) # Space between sections + + doc.build(story) + + +def output_html(results: Dict[str, List[Tuple[int, str]]], file_name=None): + html_output = "Security Analysis Report" html_output += "

        Security Analysis Report

        " for risk_level, entries in results.items(): - html_output += f"

        {risk_level.capitalize()} Risk

          " - for line_num, line in entries: - html_output += f"
        • Line {line_num}: {line}
          • " - html_output += "
        " + if risk_level != "none": + html_output += f"

        {risk_level.capitalize()} Risk

          " + for line_num, line in entries: + html_output += f"
        • {line_num}: {line}
          • " + html_output += "
        " html_output += "" - with open(file_name, "w") as file: - file.write(html_output) + if file_name: + with open(file_name, "w") as file: + file.write(html_output) + else: + return html_output -def output_markdown(results: Dict[str, List[Tuple[int, str]]], file_name: str): - md_output = f"# Security Analysis Report for {file_name}\n" +def output_markdown(results: Dict[str, List[Tuple[int, str]]], file_name=None): + md_output = "# Security Analysis Report\n" for risk_level, entries in results.items(): - md_output += f"## {risk_level.capitalize()} Risk\n" - for line_num, line in entries: - md_output += f"- Line {line_num}: {line}\n" - with open(file_name, "w") as file: - file.write(md_output) + if risk_level != "none": + md_output += f"## {risk_level.capitalize()} Risk\n" + for line_num, line in entries: + md_output += f"- {line_num}: {line}\n" + if file_name: + with open(file_name, "w") as file: + file.write(md_output) + else: + return md_output -def output_text(results: Dict[str, List[Tuple[int, str]]], file_name: str): - text_output = f"Security Analysis Report for {file_name}\n" +def output_text(results: Dict[str, List[Tuple[int, str]]], file_name=None): + text_output = "Security Analysis Report\n" for risk_level, entries in results.items(): - text_output += f"{risk_level.capitalize()} Risk:\n" - for line_num, line in entries: - text_output += f" Line {line_num}: {line}\n" - with open(file_name, "w") as file: - file.write(text_output) + if risk_level != "none": + text_output += f"{risk_level.capitalize()} Risk:\n" + for line_num, line in entries: + text_output += f" {line_num}: {line}\n" + if file_name: + with open(file_name, "w") as file: + file.write(text_output) + else: + return text_output -def process_path(path: str, output_format: str): +def process_path(path: str, output_format: str, output_file=None): + results = {"high": [], "medium": [], "low": [], "none": []} if os.path.isdir(path): for root, dirs, files in os.walk(path): for file in files: file_extension = os.path.splitext(file)[1] if file_extension in SUPPORTED_EXTENSIONS: file_path = os.path.join(root, file) - print(f"Processing {file_path}...") file_results = find_dangerous_functions( read_file_content(file_path), file_extension ) - output_results(file_results, output_format, file_path) + for key in file_results: + if key != "none": # Exclude 'none' risk level + results[key].extend( + [ + (f"{file_path}: Line {line_num}", line) + for line_num, line in file_results[key] + ] + ) elif os.path.isfile(path): file_extension = os.path.splitext(path)[1] if file_extension in SUPPORTED_EXTENSIONS: file_results = find_dangerous_functions( read_file_content(path), file_extension ) - output_results(file_results, output_format, path) + for key in file_results: + if key != "none": # Exclude 'none' risk level + results[key].extend( + [ + (f"{path}: Line {line_num}", line) + for line_num, line in file_results[key] + ] + ) else: print("Unsupported file type.") + return else: print("Invalid path.") sys.exit(1) + output_results(results, output_format, output_file) + def main(): - if len(sys.argv) < 3: - print("Usage: python backdoor_detection.py ") - sys.exit(1) - path = sys.argv[1] - output_format = sys.argv[2] - if output_format not in OUTPUT_FORMATS: - print( - f"Unsupported output format. Supported formats are: {', '.join(OUTPUT_FORMATS)}" - ) - sys.exit(1) - process_path(path, output_format) + import argparse + + parser = argparse.ArgumentParser(description="Backdoor detection tool.") + parser.add_argument("path", help="Path to the code to analyze") + parser.add_argument("-o", "--output", help="Output file path", default=None) + args = parser.parse_args() + output_format = "txt" # Default output format + output_file = None + if args.output: + _, ext = os.path.splitext(args.output) + ext = ext.lower() + if ext in [".html", ".md", ".txt", ".pdf"]: + output_format = ext.replace(".", "") + output_file = args.output + else: + print( + "Your input file format was incorrect, the output has been saved as a TXT file." + ) + output_file = args.output.rsplit(".", 1)[0] + ".txt" + process_path(args.path, output_format, output_file) if __name__ == "__main__": -- 2.47.2 From 464db879195a345874f536d9839b183c2c0e9dbf Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Thu, 25 Apr 2024 20:09:33 +0800 Subject: [PATCH 55/60] =?UTF-8?q?docs:=20=E5=AE=8C=E5=96=84=E9=A1=B9?= =?UTF-8?q?=E7=9B=AE=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/design.md | 81 ++++++++++++++++++++++++++++++++++++++++++++++ docs/idea.md | 4 +-- docs/tech_notes.md | 51 +++++++++++++++++++++++++++++ docs/usage.md | 81 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 215 insertions(+), 2 deletions(-) diff --git a/docs/design.md b/docs/design.md index e69de29..9440f4e 100644 --- a/docs/design.md +++ b/docs/design.md @@ -0,0 +1,81 @@ +# 项目设计文档 - 后门检测系统 + +## 静态代码后门检测 + +**功能描述**: +这个脚本用于扫描指定路径下的代码文件,检测潜在的危险函数调用,支持 `.py`, `.js`, `.cpp` 文件。 + +**主要组件**: + +- `read_file_content(file_path)`: 读取文件内容。 +- `remove_comments(code, extension)`: 移除代码中的注释。 +- `find_dangerous_functions(file_content, file_extension)`: 检测并标记危险函数的使用与威胁等级。 +- `output_results(results, output_format, output_file)`: 输出检测结果到指定格式和路径。 + +**输入**: + +- 代码路径(文件或目录)。 +- 输出文件路径和格式(通过命令行参数指定)。 + +**输出**: + +- 安全分析报告,可选格式为 HTML、Markdown、TXT 或 PDF。 + +**设计考虑**: + +- 动态识别文件类型并适应不同的注释规则。 +- 使用正则表达式检测潜在的危险函数调用。 +- 使用 ReportLab 库生成 PDF,提供丰富的文档布局。 + +**使用示例**: + +```bash +python backdoor_detection.py ./src -o ./output/report.pdf +``` + +--- + +## 依赖版本漏洞检测 + +**功能描述**: +这个脚本用于检测项目依赖中是否存在已知的安全漏洞。它通过读取一个包含漏洞信息的文件和项目的 `requirements.txt`,对比确定哪些依赖项是不安全的。 + +**主要组件**: + +- `load_vulnerable_packages(filename)`: 从给定的文件中加载包含漏洞的包信息。 +- `load_requirements(filename)`: 从项目的 `requirements.txt` 文件中加载依赖信息。 +- `output_results(filename, results, format_type)`: 根据指定格式输出检测结果。 +- `check_vulnerabilities(requirements, vulnerabilities, output_file)`: 核心功能,对比依赖与漏洞信息并生成报告。 +- `output_results(filename, results, format_type)`: 根据用户需求设置扫描结果输出格式。 + +**输入**: + +- 依赖漏洞文件路径。 +- 项目 `requirements.txt` 文件路径。 +- 输出文件路径和格式(通过命令行参数指定)。 + +**输出**: + +- 报告文件,格式可以是 HTML、Markdown、TXT 或 PDF。 + +**设计考虑**: + +- 使用 `argparse` 处理命令行输入。 +- 使用 `packaging` 库来处理和比较版本号。 +- 使用异常处理来确保文件读写操作的安全性。 + +**使用示例**: + +```bash +python requirements_detection.py vulnerabilities_data.txt requirements.txt -o ./output/report.md +``` + +--- + +### 结论 + +这两个脚本为后门检测项目提供了两个不同的安全检查角度:一个是外部依赖的安全性,另一个是内部代码潜在的安全漏洞。通过将这两种功能结合,可以提供一个全面的安全审计工具,以保障项目的安全性。 + +--- + +以上就是针对后门检测系统的项目设计文档。通过这样的设计,项目团队可以更好地了解系统的运作方式和如何使用系统进行安全检测。 diff --git a/docs/idea.md b/docs/idea.md index 0ba5f6a..b018920 100644 --- a/docs/idea.md +++ b/docs/idea.md @@ -6,7 +6,7 @@ 工具开发:使用正则表达式和模式匹配来搜索代码中的可疑结构或者片段。 -参考项目: https://github.com/SonarSource/sonarqube +参考项目: [https://github.com/SonarSource/sonarqube] ## 控制流分析 @@ -20,7 +20,7 @@ 实施策略:开发脚本或工具来自动化检查外部库的可信度和更新记录。 -这个网站可以搜索依赖中是否存在漏洞: https://security.snyk.io/package/pip/ +这个网站可以搜索依赖中是否存在漏洞: [https://security.snyk.io/package/pip/] ## 异常行为检测 diff --git a/docs/tech_notes.md b/docs/tech_notes.md index e69de29..4c7bed3 100644 --- a/docs/tech_notes.md +++ b/docs/tech_notes.md @@ -0,0 +1,51 @@ +# 技术说明文档 - 后门检测系统 + +本文档详细说明了后门检测系统中使用的技术和库,以及这些技术的应用方式和原理。 + +## 1. Python 编程语言 + +本项目主要使用 Python 编程语言编写。Python 是一种解释型、高级和通用的编程语言。Python 的设计哲学强调代码的可读性和简洁的语法(尤其是使用空格缩进划分代码块,而非使用大括号或关键字)。详细信息可参考:[Python 官网](https://www.python.org/) + +## 2. `packaging` 库 + +`packaging` 库提供了版本号解析和比较的功能,非常适合用于处理和比较软件包的版本号。在本项目中,它被用来解析 `requirements.txt` 文件中的依赖版本,并与已知的漏洞版本进行比较,以判断是否存在安全风险。 + +- **主要应用**:比较依赖包版本是否在漏洞版本范围内。 +- **官方文档**:[packaging on PyPI](https://pypi.org/project/packaging/) + +## 3. `reportlab` 库 + +`reportlab` 是 Python 中强大的 PDF 生成库,允许快速创建复杂的 PDF 文档。在此项目中,`reportlab` 用于生成具有格式化文本和布局的 PDF 报告。 + +- **主要应用**:生成 PDF 格式的报告,包括带有标题、段落和间距的文档结构。 +- **官方文档**:[ReportLab User Guide](https://www.reportlab.com/docs/reportlab-user-guide.pdf) + +## 4. `argparse` 库 + +`argparse` 库是用于解析命令行参数和选项的标准库。它让开发者能够轻松地编写用户友好的命令行接口,程序可以从 `sys.argv` 中提取出所需的命令行参数。本项目中使用 `argparse` 来接收用户指定的文件路径和输出格式。 + +- **主要应用**:解析命令行输入,获取用户指定的文件路径和输出选项。 +- **官方文档**:[argparse — Command-line option and argument parsing](https://docs.python.org/3/library/argparse.html) + +## 5. 正则表达式 (`re` 模块) + +正则表达式在本项目中用于从配置文件中提取出软件包名称和版本范围。`re` 模块提供了对正则表达式的全面支持,允许进行复杂的字符串搜索、匹配及替换。 + +- **主要应用**:解析和处理文本数据,特别是在加载漏洞信息和分析代码文件时用于提取特定模式的字符串。 +- **官方文档**:[re — Regular expression operations](https://docs.python.org/3/library/re.html) + +## 6. 文件处理 + +文件的读取和写入是通过 Python 的内置功能进行的,确保了项目能够处理外部数据文件和输出结果到指定的文件中。 + +- **主要应用**:读取漏洞数据文件和依赖文件,输出结果报告到文本、Markdown、HTML 或 PDF 文件。 + +## 7. 代码和风险分析 + +项目中实现了基本的静态代码分析功能,用于识别和报告潜在的安全风险函数调用,如 `system`、`exec` 等。 + +- **技术说明**:通过正则表达式匹配高风险函数的调用,评估代码文件的安全性。 + +通过这些技术的综合应用,后门检测系统能够为用户提供全面的安全检测功能, + +帮助识别和预防安全风险。这些技术的深入了解和正确应用是确保系统有效运行的关键。 diff --git a/docs/usage.md b/docs/usage.md index e69de29..c905362 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -0,0 +1,81 @@ +# 使用说明文档 - 后门检测系统 + +本文档提供了后门检测系统的使用方法,包括依赖版本漏洞检测和静态代码后门检测两部分。这将帮助用户正确执行安全检测,并理解输出结果。 + +## 安装需求 + +在开始使用本系统之前,请确保您的环境中安装了以下依赖: + +- Python 3.6 或更高版本 +- `packaging` 库:用于版本控制和比较 +- `reportlab` 库:用于生成 PDF 报告 + +您可以通过以下命令安装必要的 Python 库: + +```bash +pip install packaging reportlab +``` + +## 下载和配置 + +- 克隆或下载后门检测系统到您的本地环境。 +- 确保脚本文件 (`requirements_detection.py` 和 `backdoor_detection.py`) 在您的工作目录中。 + +## 运行依赖版本漏洞检测脚本 + +**命令格式**: + +```bash +python requirements_detection.py -o +``` + +**参数说明**: + +- ``: 包含漏洞信息的文件路径。 +- ``: 项目的 `requirements.txt` 文件路径。 +- ``: 指定输出结果的文件路径和格式,支持的格式有 `.txt`, `.md`, `.html`, `.pdf`。 + +**示例**: + +```bash +python requirements_detection.py vulnerabilities_data.txt requirements.txt -o output/report.md +``` + +## 运行静态代码后门检测脚本 + +**命令格式**: + +```bash +python backdoor_detection.py -o +``` + +**参数说明**: + +- ``: 代码文件或目录的路径。 +- ``: 指定输出结果的文件路径和格式,支持的格式有 `.txt`, `.md`, `.html`, `.pdf`。 + +**示例**: + +```bash +python backdoor_detection.py ./src -o output/report.pdf +``` + +## 结果解读 + +- 输出结果将根据指定的格式保存在您指定的文件中。 +- 结果中会标注出每个文件中发现的高风险和中风险函数调用位置。 +- 对于依赖检测,结果将标明每个依赖包的安全状态,包括存在安全风险的依赖及其版本。 + +## 常见问题处理 + +- 确保所有路径都正确无误,避免因路径错误导致文件读取失败。 +- 如果输出格式指定错误,系统将默认输出为 `.txt` 格式。 +- 确保安装了所有必要的依赖库,以避免运行时错误。 + +## 支持 + +如果您在使用过程中遇到任何问题,或需要进一步的技术支持,请联系开发团队或访问我们的Git仓库以获取帮助和最新信息。 + +--- + +以上是后门检测系统的使用说明文档。请按照这些步骤进行操作,以确保您能有效地使用本系统进行安全检测。 -- 2.47.2 From d60700e215a5362a33d95ad81d92d708b3c50771 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Thu, 25 Apr 2024 20:09:48 +0800 Subject: [PATCH 56/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9=E9=A1=B9?= =?UTF-8?q?=E7=9B=AE=E4=BE=9D=E8=B5=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- requirements.txt | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/requirements.txt b/requirements.txt index e3e14f8..01b4d11 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,2 @@ -apache-airflow==2.8.0 -mlflow==2.5.1 -torch==2.0.0 -aiohttp==3.6.2 -flask==1.1.2 -numpy==1.18.5 +reportlab +packaging \ No newline at end of file -- 2.47.2 From bc852ec52c803d1ce18455035b1f81f169b31830 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Thu, 25 Apr 2024 20:10:39 +0800 Subject: [PATCH 57/60] =?UTF-8?q?feat:=20=E4=BE=9D=E8=B5=96=E7=89=88?= =?UTF-8?q?=E6=9C=AC=E6=A3=80=E6=B5=8B=E6=B7=BB=E5=8A=A0pdf=E8=BE=93?= =?UTF-8?q?=E5=87=BA=E6=A0=BC=E5=BC=8F=E5=B9=B6=E4=BF=AE=E6=94=B9=E5=91=BD?= =?UTF-8?q?=E4=BB=A4=E8=A1=8C=E5=8F=82=E6=95=B0=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- detection/requirements_detection.py | 114 +++++++++++++++++++++------- 1 file changed, 88 insertions(+), 26 deletions(-) diff --git a/detection/requirements_detection.py b/detection/requirements_detection.py index 1350aa0..5d32782 100644 --- a/detection/requirements_detection.py +++ b/detection/requirements_detection.py @@ -1,10 +1,12 @@ -# Usage: python requirements_detection.py ../crawler/trans_extracted_data.txt ../requirements.txt - -import sys +import argparse import os +import re +import sys from packaging import version from packaging.specifiers import SpecifierSet -import re +from reportlab.lib.pagesizes import letter +from reportlab.platypus import SimpleDocTemplate, Paragraph, Spacer +from reportlab.lib.styles import getSampleStyleSheet, ParagraphStyle def load_vulnerable_packages(filename): @@ -38,6 +40,42 @@ def load_requirements(filename): return requirements +def output_pdf(results, file_name): + doc = SimpleDocTemplate(file_name, pagesize=letter) + story = [] + styles = getSampleStyleSheet() + + # Custom styles + title_style = styles["Title"] + title_style.alignment = 1 # Center alignment + + warning_style = ParagraphStyle( + "WarningStyle", parent=styles["BodyText"], fontName="Helvetica-Bold" + ) + normal_style = styles["BodyText"] + + # Add the title + title = Paragraph("Vulnerability Report", title_style) + story.append(title) + story.append(Spacer(1, 20)) # Space after title + + # Iterate through results to add entries + for result in results: + if "WARNING:" in result: + # Add warning text in bold + entry = Paragraph( + result.replace("WARNING:", "WARNING:"), warning_style + ) + else: + # Add normal text + entry = Paragraph(result, normal_style) + + story.append(entry) + story.append(Spacer(1, 12)) # Space between entries + + doc.build(story) + + def output_results(filename, results, format_type): """根据指定的格式输出结果""" output_dir = os.path.dirname(filename) @@ -55,43 +93,67 @@ def output_results(filename, results, format_type): file.write("# Vulnerability Report\n") for result in results: file.write(f"* {result}\n") - else: # default to txt + elif format_type == "pdf": + output_pdf(results, filename) + else: # 默认为txt for result in results: file.write(f"{result}\n") -def check_vulnerabilities(requirements, vulnerabilities, output_format): +def check_vulnerabilities(requirements, vulnerabilities, output_file): """检查依赖项是否存在已知漏洞,并输出结果""" - results = [] + results_warning = [] # 存储有漏洞的依赖 + results_ok = [] # 存储没有漏洞的依赖 + for req_name, req_version in requirements.items(): if req_name in vulnerabilities: spec = vulnerabilities[req_name] if version.parse(req_version) in spec: - results.append(f"WARNING: {req_name}=={req_version} is vulnerable!") + results_warning.append( + f"WARNING: {req_name}=={req_version} is vulnerable!" + ) else: - results.append(f"OK: {req_name}=={req_version} is not affected.") + results_ok.append(f"OK: {req_name}=={req_version} is not affected.") else: - results.append(f"OK: {req_name} not found in the vulnerability database.") - # 集成测试这里应该修改为./ - output_results( - "./results/requirements/results." + output_format, results, output_format - ) + results_ok.append( + f"OK: {req_name} not found in the vulnerability database." + ) + + # 合并结果,先输出所有警告,然后输出所有正常情况 + results = results_warning + results_ok + + if output_file: + filename, ext = os.path.splitext(output_file) + output_format = ext[1:] if ext[1:] else "txt" + if output_format not in ["txt", "md", "html", "pdf"]: + print("Warning: Invalid file format specified. Defaulting to TXT format.") + output_format = "txt" # 确保使用默认格式 + output_file = filename + ".txt" + output_results(output_file, results, output_format) + else: + print("\n".join(results)) def main(): - if len(sys.argv) < 4: - print( - "Usage: python script.py " - ) - sys.exit(1) + parser = argparse.ArgumentParser( + description="Check project dependencies for vulnerabilities." + ) + parser.add_argument( + "vulnerabilities_file", help="Path to the file containing vulnerability data" + ) + parser.add_argument( + "requirements_file", help="Path to the requirements file of the project" + ) + parser.add_argument( + "-o", + "--output", + help="Output file path with extension, e.g., './output/report.txt'", + ) + args = parser.parse_args() - vulnerabilities_file = sys.argv[1] - requirements_file = sys.argv[2] - output_format = sys.argv[3] - - vulnerabilities = load_vulnerable_packages(vulnerabilities_file) - requirements = load_requirements(requirements_file) - check_vulnerabilities(requirements, vulnerabilities, output_format) + vulnerabilities = load_vulnerable_packages(args.vulnerabilities_file) + requirements = load_requirements(args.requirements_file) + check_vulnerabilities(requirements, vulnerabilities, args.output) if __name__ == "__main__": -- 2.47.2 From 6041a8f57370773704494b4211bf639aac2dc09b Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Thu, 25 Apr 2024 20:11:21 +0800 Subject: [PATCH 58/60] =?UTF-8?q?fix:=20=E5=88=A0=E9=99=A4=E7=BB=93?= =?UTF-8?q?=E6=9E=9C=E8=BE=93=E5=87=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- results/code/test_backdoor_detection.html | 1 - results/code/test_backdoor_detection.md | 57 ----------------------- results/code/test_backdoor_detection.txt | 57 ----------------------- results/requirements/results.html | 9 ---- results/requirements/results.md | 7 --- results/requirements/results.txt | 6 --- 6 files changed, 137 deletions(-) delete mode 100644 results/code/test_backdoor_detection.html delete mode 100644 results/code/test_backdoor_detection.md delete mode 100644 results/code/test_backdoor_detection.txt delete mode 100644 results/requirements/results.html delete mode 100644 results/requirements/results.md delete mode 100644 results/requirements/results.txt diff --git a/results/code/test_backdoor_detection.html b/results/code/test_backdoor_detection.html deleted file mode 100644 index e11fc31..0000000 --- a/results/code/test_backdoor_detection.html +++ /dev/null @@ -1 +0,0 @@ -Analysis of ../results/code\test_backdoor_detection.html

        Security Analysis Report

        High Risk

        • Line 9: os.system('rm -rf /')
        • Line 10: exec('print("Hello")')
        • Line 11: eval('2 + 2')
        • Line 15: self.assertIn((2, "os.system('rm -rf /')"), results["high"])
        • Line 16: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"])
        • Line 17: self.assertIn((4, "eval('2 + 2')"), results["high"])
        • Line 44: eval('2 + 2')
        • Line 50: (3, "eval('2 + 2')"),

        Medium Risk

        • Line 21: subprocess.run(['ls', '-l'])
        • Line 23: os.popen('ls')
        • Line 27: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"])
        • Line 28: self.assertIn((4, "os.popen('ls')"), results["medium"])
        • Line 45: subprocess.run(['echo', 'hello'])
        • Line 54: (4, "subprocess.run(['echo', 'hello'])"),

        Low Risk

          None Risk

          • Line 1: import unittest
          • Line 3: from detection.backdoor_detection import find_dangerous_functions
          • Line 6: class TestBackdoorDetection(unittest.TestCase):
          • Line 7: def test_high_risk_detection(self):
          • Line 8: content = """import os
          • Line 12: """
          • Line 13: file_extension = ".py"
          • Line 14: results = find_dangerous_functions(content, file_extension)
          • Line 19: def test_medium_risk_detection(self):
          • Line 20: content = """import subprocess
          • Line 22: import os
          • Line 24: """
          • Line 25: file_extension = ".py"
          • Line 26: results = find_dangerous_functions(content, file_extension)
          • Line 30: def test_no_risk_detection(self):
          • Line 31: content = """a = 10
          • Line 32: b = a + 5
          • Line 33: print('This should not be detected as risky.')
          • Line 34: """
          • Line 35: file_extension = ".py"
          • Line 36: results = find_dangerous_functions(content, file_extension)
          • Line 37: self.assertEqual(len(results["high"]), 0)
          • Line 38: self.assertEqual(len(results["medium"]), 0)
          • Line 39: self.assertEqual(len(results["low"]), 0)
          • Line 41: def test_inclusion_of_comments(self):
          • Line 42: content = """
          • Line 43: print('This is a safe line')
          • Line 46: """
          • Line 47: file_extension = ".py"
          • Line 48: results = find_dangerous_functions(content, file_extension)
          • Line 49: self.assertIn(
          • Line 51: results["high"],
          • Line 52: )
          • Line 53: self.assertIn(
          • Line 55: results["medium"],
          • Line 56: )
          • Line 59: if __name__ == "__main__":
          • Line 60: unittest.main()
          \ No newline at end of file diff --git a/results/code/test_backdoor_detection.md b/results/code/test_backdoor_detection.md deleted file mode 100644 index f490869..0000000 --- a/results/code/test_backdoor_detection.md +++ /dev/null @@ -1,57 +0,0 @@ -# Security Analysis Report for ../results/code\test_backdoor_detection.md -## High Risk -- Line 9: os.system('rm -rf /') -- Line 10: exec('print("Hello")') -- Line 11: eval('2 + 2') -- Line 15: self.assertIn((2, "os.system('rm -rf /')"), results["high"]) -- Line 16: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) -- Line 17: self.assertIn((4, "eval('2 + 2')"), results["high"]) -- Line 44: eval('2 + 2') -- Line 50: (3, "eval('2 + 2')"), -## Medium Risk -- Line 21: subprocess.run(['ls', '-l']) -- Line 23: os.popen('ls') -- Line 27: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) -- Line 28: self.assertIn((4, "os.popen('ls')"), results["medium"]) -- Line 45: subprocess.run(['echo', 'hello']) -- Line 54: (4, "subprocess.run(['echo', 'hello'])"), -## Low Risk -## None Risk -- Line 1: import unittest -- Line 3: from detection.backdoor_detection import find_dangerous_functions -- Line 6: class TestBackdoorDetection(unittest.TestCase): -- Line 7: def test_high_risk_detection(self): -- Line 8: content = """import os -- Line 12: """ -- Line 13: file_extension = ".py" -- Line 14: results = find_dangerous_functions(content, file_extension) -- Line 19: def test_medium_risk_detection(self): -- Line 20: content = """import subprocess -- Line 22: import os -- Line 24: """ -- Line 25: file_extension = ".py" -- Line 26: results = find_dangerous_functions(content, file_extension) -- Line 30: def test_no_risk_detection(self): -- Line 31: content = """a = 10 -- Line 32: b = a + 5 -- Line 33: print('This should not be detected as risky.') -- Line 34: """ -- Line 35: file_extension = ".py" -- Line 36: results = find_dangerous_functions(content, file_extension) -- Line 37: self.assertEqual(len(results["high"]), 0) -- Line 38: self.assertEqual(len(results["medium"]), 0) -- Line 39: self.assertEqual(len(results["low"]), 0) -- Line 41: def test_inclusion_of_comments(self): -- Line 42: content = """ -- Line 43: print('This is a safe line') -- Line 46: """ -- Line 47: file_extension = ".py" -- Line 48: results = find_dangerous_functions(content, file_extension) -- Line 49: self.assertIn( -- Line 51: results["high"], -- Line 52: ) -- Line 53: self.assertIn( -- Line 55: results["medium"], -- Line 56: ) -- Line 59: if __name__ == "__main__": -- Line 60: unittest.main() diff --git a/results/code/test_backdoor_detection.txt b/results/code/test_backdoor_detection.txt deleted file mode 100644 index c1e1bd0..0000000 --- a/results/code/test_backdoor_detection.txt +++ /dev/null @@ -1,57 +0,0 @@ -Security Analysis Report for ../results/code\test_backdoor_detection.txt -High Risk: - Line 9: os.system('rm -rf /') - Line 10: exec('print("Hello")') - Line 11: eval('2 + 2') - Line 15: self.assertIn((2, "os.system('rm -rf /')"), results["high"]) - Line 16: self.assertIn((3, "exec('print(\"Hello\")')"), results["high"]) - Line 17: self.assertIn((4, "eval('2 + 2')"), results["high"]) - Line 44: eval('2 + 2') - Line 50: (3, "eval('2 + 2')"), -Medium Risk: - Line 21: subprocess.run(['ls', '-l']) - Line 23: os.popen('ls') - Line 27: self.assertIn((2, "subprocess.run(['ls', '-l'])"), results["medium"]) - Line 28: self.assertIn((4, "os.popen('ls')"), results["medium"]) - Line 45: subprocess.run(['echo', 'hello']) - Line 54: (4, "subprocess.run(['echo', 'hello'])"), -Low Risk: -None Risk: - Line 1: import unittest - Line 3: from detection.backdoor_detection import find_dangerous_functions - Line 6: class TestBackdoorDetection(unittest.TestCase): - Line 7: def test_high_risk_detection(self): - Line 8: content = """import os - Line 12: """ - Line 13: file_extension = ".py" - Line 14: results = find_dangerous_functions(content, file_extension) - Line 19: def test_medium_risk_detection(self): - Line 20: content = """import subprocess - Line 22: import os - Line 24: """ - Line 25: file_extension = ".py" - Line 26: results = find_dangerous_functions(content, file_extension) - Line 30: def test_no_risk_detection(self): - Line 31: content = """a = 10 - Line 32: b = a + 5 - Line 33: print('This should not be detected as risky.') - Line 34: """ - Line 35: file_extension = ".py" - Line 36: results = find_dangerous_functions(content, file_extension) - Line 37: self.assertEqual(len(results["high"]), 0) - Line 38: self.assertEqual(len(results["medium"]), 0) - Line 39: self.assertEqual(len(results["low"]), 0) - Line 41: def test_inclusion_of_comments(self): - Line 42: content = """ - Line 43: print('This is a safe line') - Line 46: """ - Line 47: file_extension = ".py" - Line 48: results = find_dangerous_functions(content, file_extension) - Line 49: self.assertIn( - Line 51: results["high"], - Line 52: ) - Line 53: self.assertIn( - Line 55: results["medium"], - Line 56: ) - Line 59: if __name__ == "__main__": - Line 60: unittest.main() diff --git a/results/requirements/results.html b/results/requirements/results.html deleted file mode 100644 index a5dd084..0000000 --- a/results/requirements/results.html +++ /dev/null @@ -1,9 +0,0 @@ -Vulnerability Report -

          Vulnerability Report

          -

          OK: apache-airflow==2.8.0 is not affected.

          -

          WARNING: mlflow==2.5.1 is vulnerable!

          -

          OK: torch==2.0.0 is not affected.

          -

          WARNING: aiohttp==3.6.2 is vulnerable!

          -

          OK: flask not found in the vulnerability database.

          -

          OK: numpy not found in the vulnerability database.

          - \ No newline at end of file diff --git a/results/requirements/results.md b/results/requirements/results.md deleted file mode 100644 index 91eebe2..0000000 --- a/results/requirements/results.md +++ /dev/null @@ -1,7 +0,0 @@ -# Vulnerability Report -* OK: apache-airflow==2.8.0 is not affected. -* WARNING: mlflow==2.5.1 is vulnerable! -* OK: torch==2.0.0 is not affected. -* WARNING: aiohttp==3.6.2 is vulnerable! -* OK: flask not found in the vulnerability database. -* OK: numpy not found in the vulnerability database. diff --git a/results/requirements/results.txt b/results/requirements/results.txt deleted file mode 100644 index 0885c01..0000000 --- a/results/requirements/results.txt +++ /dev/null @@ -1,6 +0,0 @@ -OK: apache-airflow==2.8.0 is not affected. -WARNING: mlflow==2.5.1 is vulnerable! -OK: torch==2.0.0 is not affected. -WARNING: aiohttp==3.6.2 is vulnerable! -OK: flask not found in the vulnerability database. -OK: numpy not found in the vulnerability database. -- 2.47.2 From 4835af7ff762ac73710cbbbd2468885f1578c300 Mon Sep 17 00:00:00 2001 From: dqy <1016751306@qq.com> Date: Thu, 25 Apr 2024 20:20:36 +0800 Subject: [PATCH 59/60] =?UTF-8?q?fix:=20=E4=BF=AE=E6=94=B9workflow?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/detection.yml | 52 ------------------------------ .github/workflows/python-tests.yml | 18 +++++++++++ 2 files changed, 18 insertions(+), 52 deletions(-) delete mode 100644 .github/workflows/detection.yml create mode 100644 .github/workflows/python-tests.yml diff --git a/.github/workflows/detection.yml b/.github/workflows/detection.yml deleted file mode 100644 index 0d0710c..0000000 --- a/.github/workflows/detection.yml +++ /dev/null @@ -1,52 +0,0 @@ -name: Vulnerability and Backdoor Detection Workflow - -on: - push: - branches: [main] - pull_request: - branches: [main] - -jobs: - # build: - # runs-on: ubuntu-latest - # steps: - # - uses: actions/checkout@v2 - # - name: Install dependencies - # run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - # - name: Run tests - # run: python -m unittest discover -s tests - - security_check: - runs-on: ubuntu-latest - # needs: build # 确保安全检查在构建后执行 - steps: - - uses: actions/checkout@v2 - with: - repository: "sangge/BackDoorBuster" - ref: "feature/match" - path: "BackDoorBuster" - # - name: Install dependencies - # run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple - # - name: Run Backdoor and Vulnerability Detection - # uses: sangge/BackDoorBuster@feature/match # 使用BackDoorBuster仓库的根目录下的 action.yml - # with: - # code_path: "./tests" - # requirements_file: "./requirements.txt" - # output_format: "txt" - # 需要新建一个仓库进行测试 - # - name: Clone custom Git repository - # run: | - # git clone -b feature/match https://git.mamahaha.work/sangge/BackDoorBuster - # cd BackDoorBuster/detection - - - name: Run Backdoor Detection - run: python ${{ github.workspace }}/BackDoorBuster/detection/backdoor_detection.py ${{ github.workspace }}/BackDoorBuster/tests txt - - - name: Run Requirements Detection - run: python ${{ github.workspace }}/BackDoorBuster/detection/requirements_detection.py ${{ github.workspace }}/BackDoorBuster/crawler/trans_extracted_data.txt ${{ github.workspace }}/BackDoorBuster/requirements.txt txt - - - name: Upload Result Artifacts - uses: actions/upload-artifact@v2 - with: - name: detection-results - path: ./results/code/ diff --git a/.github/workflows/python-tests.yml b/.github/workflows/python-tests.yml new file mode 100644 index 0000000..1042ee4 --- /dev/null +++ b/.github/workflows/python-tests.yml @@ -0,0 +1,18 @@ +name: Python application test + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + build: + runs-on: "ubuntu-latest" + + steps: + - uses: actions/checkout@v2 + - name: Install dependencies + run: pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple + - name: Run tests + run: python -m unittest discover -s tests -- 2.47.2 From dd109e5f5dfdfc58d8196dfea78f4bd222ce8d91 Mon Sep 17 00:00:00 2001 From: Tritium0041 Date: Thu, 25 Apr 2024 21:28:26 +0800 Subject: [PATCH 60/60] =?UTF-8?q?feat:=E6=B7=BB=E5=8A=A0=E6=AD=A3=E5=88=99?= =?UTF-8?q?=E6=9D=A1=E7=9B=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 2 +- detection/backdoor_detection.py | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 5d381cc..f295d3d 100644 --- a/.gitignore +++ b/.gitignore @@ -158,5 +158,5 @@ cython_debug/ # be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. -#.idea/ +.idea/ diff --git a/detection/backdoor_detection.py b/detection/backdoor_detection.py index 705def4..6611263 100644 --- a/detection/backdoor_detection.py +++ b/detection/backdoor_detection.py @@ -44,6 +44,9 @@ def find_dangerous_functions( r"\bpopen\(": "medium", r"\beval\(": "high", r"\bsubprocess\.run\(": "medium", + r"\b__getattribute__\(": "high", + r"\bgetattr\(": "medium", + r"\b__import__\(": "high", }, ".js": { r"\beval\(": "high", -- 2.47.2