Shulou(Shulou.com)06/01 Report--

Python is on guard against the example analysis of malicious modules disguised as well-known software packages. in view of this problem, this article introduces the corresponding analysis and solutions in detail, hoping to help more partners who want to solve this problem to find a simpler and easier way.

Earlier this week, two Python third-party modules containing malicious code were removed from the official software library PyPI. The two malicious packages confuse installers by using very similar names.

They are disguised as dateutil and jellyfish software packages (the former is used to deal with date time, the latter is used for string approximate calculation, etc.), disguised as python-dateutil and jeIlyfish, if you are not familiar with these modules when installing the package, and do not read the official documentation, it is very likely to be caught.

Look, some people don't even know it's a fake and use it as a tutorial.

After installation, python-dateutil and jeIlyfish behave exactly the same as the original package, but they secretly upload personal data to the server. However, normal users may not be able to detect these behaviors of malicious modules.

Python libraries are usually divided into two types, one is the standard library that comes with the Python runtime, and the other is a third-party package hosted on PyPI, and when uploading third-party packages to PyPI, most of the packages will not be audited. This causes you to install a malicious module if you accidentally type the wrong word when you install pip.

This leads to a headache for many open source software communities today: how to enable people to contribute their code to a general repository (such as PyPI) without being used by malicious people.

It is said that the Python Software Foundation has a plan to protect PyPI from abuse, but it will take some time to fully implement the plan. In addition, the working group responsible for encapsulation in the Python Software Foundation has received funding from Facebook Research to develop the ability to automatically detect malicious uploads of third-party packages.

However, these precautions are still a long way from being online, and when we choose to use a third-party module, we must pay attention to whether your command pip install is a real module, not a fake, so as to minimize the risk.

This is the answer to the question about Python's vigilance against malicious module analysis disguised as a famous software package. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.