maco 1.2.6__py3-none-any.whl → 1.2.8__py3-none-any.whl

maco/cli.py

@@ -123,10 +123,15 @@ def process_filesystem(
         logger.error(f"not file or folder: {path_samples}")
         exit(2)
     try:
-        for path, dirs, files in walker:
+        base_directory = os.path.abspath(path_samples)
+        for path, _, files in walker:
             for file in files:
                 num_analysed += 1
-                path_file = os.path.join(path, file)
+                path_file = os.path.abspath(os.path.join(path, file))
+                if not path_file.startswith(base_directory):
+                    logger.error(f"Attempted path traversal detected: {path_file}")
+                    continue
+
                 try:
                     with open(path_file, "rb") as stream:
                         resp = process_file(

maco/utils.py

@@ -407,14 +407,24 @@ def import_extractors(
     create_venv: bool,
     logger: Logger,
     python_version: str = f"{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}",
+    skip_install: bool = False,
 ):
     extractor_dirs, extractor_files = scan_for_extractors(root_directory, scanner, logger)
 
     logger.info(f"Extractor files found based on scanner ({len(extractor_files)}).")
     logger.debug(extractor_files)
 
-    # Install packages into the current environment or dynamically created virtual environments
-    venvs = _install_required_packages(create_venv, extractor_dirs, python_version, logger)
+    if not skip_install:
+        # Install packages into the current environment or dynamically created virtual environments
+        venvs = _install_required_packages(create_venv, extractor_dirs, python_version, logger)
+    else:
+        # Look for pre-existing virtual environments, if any
+        logger.info("Checking for pre-existing virtual environment(s)..")
+        venvs = [
+            os.path.join(root, VENV_DIRECTORY_NAME)
+            for root, dirs, _ in os.walk(root_directory)
+            if VENV_DIRECTORY_NAME in dirs
+        ]
 
     # With the environment prepared, we can now hunt for the extractors and register them
     logger.info("Registering extractors..")

{maco-1.2.6.dist-info → maco-1.2.8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: maco
-Version: 1.2.6
+Version: 1.2.8
 Author: sl-govau
 Maintainer: cccs-rs
 License: MIT License

{maco-1.2.6.dist-info → maco-1.2.8.dist-info}/RECORD

@@ -9,19 +9,19 @@ demo_extractors/complex/complex.py,sha256=tXrzj_zWIXbTOwj7Lezapk-qkrM-lfwcyjd5m-
 demo_extractors/complex/complex_utils.py,sha256=aec8kJsYUrMPo-waihkVLt-0QpiOPkw7dDqfT9MNuHk,123
 maco/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 maco/base_test.py,sha256=cjGLEy2c69wl9sjn74QFz7X-VxWOfdin4W8MvYsXc4Q,2718
-maco/cli.py,sha256=NTzV8eu9V0qQNttRo592j-Rdzac7q1NAMraqJF2h_6k,8171
+maco/cli.py,sha256=pPS8euWaLV-6csBCCzT1Mtc7GwP7a_RikDjfUYxoxU8,8415
 maco/collector.py,sha256=LraWYlCA72FCmQP0dHWc-ekd7R1SxR6h6rMD95_6mMs,7077
 maco/extractor.py,sha256=uGSGiCQ4jd8jFmfw2T99BGcY5iQJzXHcG_RoTIxClTE,2802
-maco/utils.py,sha256=vo8zGSoFP0k2APUlQXmLssdrVrknjS2YcpvbRM78J68,20480
+maco/utils.py,sha256=RbG36i04iWoe5gBUxbnbJ_lDvYY5OkYtiy0EdXF9OHw,20870
 maco/yara.py,sha256=8RVaGyeUWY5f8_wfQ25lDX1bcXsb_VoSja85ZC2SqGw,2913
 maco/model/__init__.py,sha256=ULdyHx8R5D2ICHZo3VoCk1YTlewTok36TYIpwx__pNY,45
 maco/model/model.py,sha256=4uY88WphbP3iu-L2WjuYwtgZCS_wNul_hr0bAVuTpvc,23740
 model_setup/maco/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 model_setup/maco/base_test.py,sha256=cjGLEy2c69wl9sjn74QFz7X-VxWOfdin4W8MvYsXc4Q,2718
-model_setup/maco/cli.py,sha256=NTzV8eu9V0qQNttRo592j-Rdzac7q1NAMraqJF2h_6k,8171
+model_setup/maco/cli.py,sha256=pPS8euWaLV-6csBCCzT1Mtc7GwP7a_RikDjfUYxoxU8,8415
 model_setup/maco/collector.py,sha256=LraWYlCA72FCmQP0dHWc-ekd7R1SxR6h6rMD95_6mMs,7077
 model_setup/maco/extractor.py,sha256=uGSGiCQ4jd8jFmfw2T99BGcY5iQJzXHcG_RoTIxClTE,2802
-model_setup/maco/utils.py,sha256=vo8zGSoFP0k2APUlQXmLssdrVrknjS2YcpvbRM78J68,20480
+model_setup/maco/utils.py,sha256=RbG36i04iWoe5gBUxbnbJ_lDvYY5OkYtiy0EdXF9OHw,20870
 model_setup/maco/yara.py,sha256=8RVaGyeUWY5f8_wfQ25lDX1bcXsb_VoSja85ZC2SqGw,2913
 model_setup/maco/model/__init__.py,sha256=ULdyHx8R5D2ICHZo3VoCk1YTlewTok36TYIpwx__pNY,45
 model_setup/maco/model/model.py,sha256=4uY88WphbP3iu-L2WjuYwtgZCS_wNul_hr0bAVuTpvc,23740
@@ -36,9 +36,9 @@ tests/extractors/basic_longer.py,sha256=1ClU2QD-Y0TOl_loNFvEqIEpTR5TSVJ6zg9ZmC-E
 tests/extractors/test_basic.py,sha256=FLKekfSGM69HaiF7Vu_7D7KDXHZko-9hZkMO8_DoyYA,697
 tests/extractors/bob/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tests/extractors/bob/bob.py,sha256=G5aOoz58J0ZQK2_lA7HRxAzeLzBxssWxBTZcv1pSbi8,176
-maco-1.2.6.dist-info/LICENSE.md,sha256=gMSjshPhXvV_F1qxmeNkKdBqGWkd__fEJf4glS504bM,1478
-maco-1.2.6.dist-info/METADATA,sha256=-ZxVnBbAHn-iGDizJJa8knrTf4DUArPzANp-SVqDzZ4,15855
-maco-1.2.6.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
-maco-1.2.6.dist-info/entry_points.txt,sha256=TpcwG1gedIg8Y7a9ZOv8aQpuwEUftCefDrAjzeP-o6U,39
-maco-1.2.6.dist-info/top_level.txt,sha256=iMRwuzmrHA3zSwiSeMIl6FWhzRpn_st-I4fAv-kw5_o,49
-maco-1.2.6.dist-info/RECORD,,
+maco-1.2.8.dist-info/LICENSE.md,sha256=gMSjshPhXvV_F1qxmeNkKdBqGWkd__fEJf4glS504bM,1478
+maco-1.2.8.dist-info/METADATA,sha256=b4CSO15F8ybyH1oxBZnmL1NaDhZ7ONSRahUsVh4qKiM,15855
+maco-1.2.8.dist-info/WHEEL,sha256=PZUExdf71Ui_so67QXpySuHtCi3-J3wvF4ORK6k_S8U,91
+maco-1.2.8.dist-info/entry_points.txt,sha256=TpcwG1gedIg8Y7a9ZOv8aQpuwEUftCefDrAjzeP-o6U,39
+maco-1.2.8.dist-info/top_level.txt,sha256=iMRwuzmrHA3zSwiSeMIl6FWhzRpn_st-I4fAv-kw5_o,49
+maco-1.2.8.dist-info/RECORD,,

model_setup/maco/cli.py

@@ -123,10 +123,15 @@ def process_filesystem(
         logger.error(f"not file or folder: {path_samples}")
         exit(2)
     try:
-        for path, dirs, files in walker:
+        base_directory = os.path.abspath(path_samples)
+        for path, _, files in walker:
             for file in files:
                 num_analysed += 1
-                path_file = os.path.join(path, file)
+                path_file = os.path.abspath(os.path.join(path, file))
+                if not path_file.startswith(base_directory):
+                    logger.error(f"Attempted path traversal detected: {path_file}")
+                    continue
+
                 try:
                     with open(path_file, "rb") as stream:
                         resp = process_file(

model_setup/maco/utils.py

@@ -407,14 +407,24 @@ def import_extractors(
     create_venv: bool,
     logger: Logger,
     python_version: str = f"{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}",
+    skip_install: bool = False,
 ):
     extractor_dirs, extractor_files = scan_for_extractors(root_directory, scanner, logger)
 
     logger.info(f"Extractor files found based on scanner ({len(extractor_files)}).")
     logger.debug(extractor_files)
 
-    # Install packages into the current environment or dynamically created virtual environments
-    venvs = _install_required_packages(create_venv, extractor_dirs, python_version, logger)
+    if not skip_install:
+        # Install packages into the current environment or dynamically created virtual environments
+        venvs = _install_required_packages(create_venv, extractor_dirs, python_version, logger)
+    else:
+        # Look for pre-existing virtual environments, if any
+        logger.info("Checking for pre-existing virtual environment(s)..")
+        venvs = [
+            os.path.join(root, VENV_DIRECTORY_NAME)
+            for root, dirs, _ in os.walk(root_directory)
+            if VENV_DIRECTORY_NAME in dirs
+        ]
 
     # With the environment prepared, we can now hunt for the extractors and register them
     logger.info("Registering extractors..")