PyPI - maco - Versions diffs - 1.2.7__tar.gz → 1.2.8__tar.gz - Mend - Supply Chain Defender

maco 1.2.7tar.gz → 1.2.8tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

{maco-1.2.7/maco.egg-info → maco-1.2.8}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: maco
-Version: 1.2.7
+Version: 1.2.8
 Author: sl-govau
 Maintainer: cccs-rs
 License: MIT License

{maco-1.2.7/model_setup → maco-1.2.8}/maco/cli.py RENAMED Viewed

@@ -123,10 +123,15 @@ def process_filesystem(
         logger.error(f"not file or folder: {path_samples}")
         exit(2)
     try:
-        for path, dirs, files in walker:
+        base_directory = os.path.abspath(path_samples)
+        for path, _, files in walker:
             for file in files:
                 num_analysed += 1
-                path_file = os.path.join(path, file)
+                path_file = os.path.abspath(os.path.join(path, file))
+                if not path_file.startswith(base_directory):
+                    logger.error(f"Attempted path traversal detected: {path_file}")
+                    continue
                 try:
                     with open(path_file, "rb") as stream:
                         resp = process_file(

{maco-1.2.7 → maco-1.2.8/maco.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: maco
-Version: 1.2.7
+Version: 1.2.8
 Author: sl-govau
 Maintainer: cccs-rs
 License: MIT License

{maco-1.2.7 → maco-1.2.8/model_setup}/maco/cli.py RENAMED Viewed

@@ -123,10 +123,15 @@ def process_filesystem(
         logger.error(f"not file or folder: {path_samples}")
         exit(2)
     try:
-        for path, dirs, files in walker:
+        base_directory = os.path.abspath(path_samples)
+        for path, _, files in walker:
             for file in files:
                 num_analysed += 1
-                path_file = os.path.join(path, file)
+                path_file = os.path.abspath(os.path.join(path, file))
+                if not path_file.startswith(base_directory):
+                    logger.error(f"Attempted path traversal detected: {path_file}")
+                    continue
                 try:
                     with open(path_file, "rb") as stream:
                         resp = process_file(

{maco-1.2.7 → maco-1.2.8}/.gitignore RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/.vscode/settings.json RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/LICENSE.md RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/README.md RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/demo_extractors/__init__.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/demo_extractors/complex/__init__.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/demo_extractors/complex/complex.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/demo_extractors/complex/complex_utils.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/demo_extractors/elfy.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/demo_extractors/limit_other.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/demo_extractors/nothing.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/demo_extractors/requirements.txt RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/demo_extractors/shared.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco/__init__.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco/base_test.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco/collector.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco/extractor.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco/model/__init__.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco/model/model.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco/utils.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco/yara.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco.egg-info/SOURCES.txt RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco.egg-info/dependency_links.txt RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco.egg-info/entry_points.txt RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco.egg-info/requires.txt RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/maco.egg-info/top_level.txt RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/LICENSE.md RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/README.md RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/maco/__init__.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/maco/base_test.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/maco/collector.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/maco/extractor.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/maco/model/__init__.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/maco/model/model.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/maco/utils.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/maco/yara.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/pyproject.toml RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/model_setup/setup.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/pipelines/publish.yaml RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/pipelines/test.yaml RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/pyproject.toml RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/requirements.txt RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/setup.cfg RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/benchmark.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/data/example.txt.cart RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/data/trigger_complex.txt RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/data/trigger_complex.txt.cart RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/extractors/__init__.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/extractors/basic.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/extractors/basic_longer.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/extractors/bob/__init__.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/extractors/bob/bob.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/extractors/test_basic.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/pytest.ini RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/requirements.txt RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/test_base_test.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/test_cli.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/test_demo_extractors.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/test_detection.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/test_extractor.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/test_helpers.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tests/test_model.py RENAMED Viewed

File without changes

{maco-1.2.7 → maco-1.2.8}/tox.ini RENAMED Viewed

File without changes