pip-cve-gate 0.1.0__tar.gz

pip_cve_gate-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Sharky
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

pip_cve_gate-0.1.0/PKG-INFO

@@ -0,0 +1,148 @@
+Metadata-Version: 2.4
+Name: pip-cve-gate
+Version: 0.1.0
+Summary: Pre-install CVE gate for pip — blocks vulnerable and freshly published packages before install
+Author-email: Sharky <sharky@augatho.com>
+License-Expression: MIT
+Keywords: pip,security,supply-chain,cve,vulnerability
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Build Tools
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.31
+Requires-Dist: packaging>=23
+Provides-Extra: dev
+Requires-Dist: pytest>=8; extra == "dev"
+Requires-Dist: pytest-httpserver>=1.0; extra == "dev"
+Requires-Dist: responses>=0.25; extra == "dev"
+Requires-Dist: ruff>=0.4; extra == "dev"
+Dynamic: license-file
+
+# pip-cve-gate
+
+**Pre-install CVE gate for pip.** Blocks vulnerable and freshly published packages *before* any code runs on your machine.
+
+```
+safe-pip install flask requests django
+# [pip-cve-gate] Scanning 3 package(s)…
+# [pip-cve-gate] Resolved 27 package(s) (incl. transitive deps)
+# [pip-cve-gate] All clear — delegating to pip
+```
+
+If a package is blocked:
+
+```
+safe-pip install somelib
+# [pip-cve-gate] BLOCKED — install aborted
+#   [CVE] 'somelib==1.2.3' has known vulnerabilities: GHSA-xxxx-yyyy-zzzz
+#   [FRESH_HOLD] 'dep==0.0.1' was published 1d ago (hold: 3d). Use --skip-fresh-hold to override.
+```
+
+Exit code `0` = clean, `1` = blocked, `2` = error.
+
+---
+
+## Why
+
+Post-install tools (pip-audit, safety) run *after* pip has already downloaded and potentially executed install scripts. By then it's too late for zero-hour supply chain attacks.
+
+pip has no native plugin hook for pre-install scanning. pip-cve-gate fills that gap with a wrapper that resolves the full dependency tree, scans every package against three independent feeds, and only delegates to real pip when everything is clean.
+
+The closest prior art — [pipask](https://github.com/feynmanix/pipask) — checks PyPI advisories but lacks freshness hold and OSSF malicious package coverage. pip-cve-gate covers all three.
+
+---
+
+## What it checks
+
+| Signal | Source | Fail behaviour |
+|--------|--------|----------------|
+| Known CVEs / advisories | [OSV.dev](https://osv.dev) + PyPI Advisory DB | Block |
+| OSSF malicious packages | [ossf/malicious-packages](https://github.com/ossf/malicious-packages) | Block |
+| Freshness hold (default 3d) | PyPI upload timestamp | Block (overridable) |
+
+Network failures **fail open** — a broken feed never blocks your CI.
+
+---
+
+## Install
+
+```bash
+pip install pip-cve-gate
+```
+
+Or run directly from the repo without installing:
+
+```bash
+git clone https://github.com/sharkyger/pip-cve-gate
+cd pip-cve-gate
+python bin/safe-pip install flask
+```
+
+---
+
+## Usage
+
+`safe-pip` accepts the same arguments as `pip install`:
+
+```bash
+safe-pip install flask
+safe-pip install "django>=4.2" "celery==5.3.6"
+safe-pip install flask --skip-fresh-hold   # bypass freshness hold
+```
+
+Non-install subcommands are passed through unchanged:
+
+```bash
+safe-pip list
+safe-pip show flask
+safe-pip uninstall flask
+```
+
+### Configuration
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `PIP_CVE_GATE_FRESH_HOLD_DAYS` | `3` | Days a new release must age before install |
+| `PIP_CVE_GATE_TIMEOUT` | `10` | HTTP timeout in seconds |
+| `PIP_CVE_GATE_MAX_DEPTH` | `5` | Max transitive dependency depth |
+| `PIP_CVE_GATE_PIP_BIN` | `pip` | Path to real pip binary |
+
+---
+
+## Part of the safe-install fleet
+
+pip-cve-gate is part of a pre-install CVE gate fleet for different package ecosystems:
+
+| Ecosystem | Tool |
+|-----------|------|
+| Homebrew | [homebrew-safe-upgrade](https://github.com/sharkyger/homebrew-safe-upgrade) |
+| Composer (PHP) | [composer-cve-gate](https://github.com/sharkyger/composer-cve-gate) |
+| pip (Python) | **pip-cve-gate** ← you are here |
+
+---
+
+## Development
+
+```bash
+git clone https://github.com/sharkyger/pip-cve-gate
+cd pip-cve-gate
+python -m venv .venv && source .venv/bin/activate
+pip install -e ".[dev]"
+pytest -v
+ruff check src/ tests/
+```
+
+---
+
+## License
+
+MIT — see [LICENSE](LICENSE).

pip_cve_gate-0.1.0/README.md

@@ -0,0 +1,119 @@
+# pip-cve-gate
+
+**Pre-install CVE gate for pip.** Blocks vulnerable and freshly published packages *before* any code runs on your machine.
+
+```
+safe-pip install flask requests django
+# [pip-cve-gate] Scanning 3 package(s)…
+# [pip-cve-gate] Resolved 27 package(s) (incl. transitive deps)
+# [pip-cve-gate] All clear — delegating to pip
+```
+
+If a package is blocked:
+
+```
+safe-pip install somelib
+# [pip-cve-gate] BLOCKED — install aborted
+#   [CVE] 'somelib==1.2.3' has known vulnerabilities: GHSA-xxxx-yyyy-zzzz
+#   [FRESH_HOLD] 'dep==0.0.1' was published 1d ago (hold: 3d). Use --skip-fresh-hold to override.
+```
+
+Exit code `0` = clean, `1` = blocked, `2` = error.
+
+---
+
+## Why
+
+Post-install tools (pip-audit, safety) run *after* pip has already downloaded and potentially executed install scripts. By then it's too late for zero-hour supply chain attacks.
+
+pip has no native plugin hook for pre-install scanning. pip-cve-gate fills that gap with a wrapper that resolves the full dependency tree, scans every package against three independent feeds, and only delegates to real pip when everything is clean.
+
+The closest prior art — [pipask](https://github.com/feynmanix/pipask) — checks PyPI advisories but lacks freshness hold and OSSF malicious package coverage. pip-cve-gate covers all three.
+
+---
+
+## What it checks
+
+| Signal | Source | Fail behaviour |
+|--------|--------|----------------|
+| Known CVEs / advisories | [OSV.dev](https://osv.dev) + PyPI Advisory DB | Block |
+| OSSF malicious packages | [ossf/malicious-packages](https://github.com/ossf/malicious-packages) | Block |
+| Freshness hold (default 3d) | PyPI upload timestamp | Block (overridable) |
+
+Network failures **fail open** — a broken feed never blocks your CI.
+
+---
+
+## Install
+
+```bash
+pip install pip-cve-gate
+```
+
+Or run directly from the repo without installing:
+
+```bash
+git clone https://github.com/sharkyger/pip-cve-gate
+cd pip-cve-gate
+python bin/safe-pip install flask
+```
+
+---
+
+## Usage
+
+`safe-pip` accepts the same arguments as `pip install`:
+
+```bash
+safe-pip install flask
+safe-pip install "django>=4.2" "celery==5.3.6"
+safe-pip install flask --skip-fresh-hold   # bypass freshness hold
+```
+
+Non-install subcommands are passed through unchanged:
+
+```bash
+safe-pip list
+safe-pip show flask
+safe-pip uninstall flask
+```
+
+### Configuration
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `PIP_CVE_GATE_FRESH_HOLD_DAYS` | `3` | Days a new release must age before install |
+| `PIP_CVE_GATE_TIMEOUT` | `10` | HTTP timeout in seconds |
+| `PIP_CVE_GATE_MAX_DEPTH` | `5` | Max transitive dependency depth |
+| `PIP_CVE_GATE_PIP_BIN` | `pip` | Path to real pip binary |
+
+---
+
+## Part of the safe-install fleet
+
+pip-cve-gate is part of a pre-install CVE gate fleet for different package ecosystems:
+
+| Ecosystem | Tool |
+|-----------|------|
+| Homebrew | [homebrew-safe-upgrade](https://github.com/sharkyger/homebrew-safe-upgrade) |
+| Composer (PHP) | [composer-cve-gate](https://github.com/sharkyger/composer-cve-gate) |
+| pip (Python) | **pip-cve-gate** ← you are here |
+
+---
+
+## Development
+
+```bash
+git clone https://github.com/sharkyger/pip-cve-gate
+cd pip-cve-gate
+python -m venv .venv && source .venv/bin/activate
+pip install -e ".[dev]"
+pytest -v
+ruff check src/ tests/
+```
+
+---
+
+## License
+
+MIT — see [LICENSE](LICENSE).

pip_cve_gate-0.1.0/pyproject.toml

@@ -0,0 +1,54 @@
+[build-system]
+requires = ["setuptools>=68", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "pip-cve-gate"
+version = "0.1.0"
+description = "Pre-install CVE gate for pip — blocks vulnerable and freshly published packages before install"
+readme = "README.md"
+license = "MIT"
+requires-python = ">=3.9"
+authors = [{name = "Sharky", email = "sharky@augatho.com"}]
+keywords = ["pip", "security", "supply-chain", "cve", "vulnerability"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Environment :: Console",
+    "Intended Audience :: Developers",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Security",
+    "Topic :: Software Development :: Build Tools",
+]
+dependencies = [
+    "requests>=2.31",
+    "packaging>=23",
+]
+
+[project.scripts]
+safe-pip = "pip_cve_gate.cli:main"
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=8",
+    "pytest-httpserver>=1.0",
+    "responses>=0.25",
+    "ruff>=0.4",
+]
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+pythonpath = ["src"]
+
+[tool.ruff]
+line-length = 100
+target-version = "py39"
+
+[tool.ruff.lint]
+select = ["E", "F", "W", "I"]

pip_cve_gate-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

pip_cve_gate-0.1.0/src/pip_cve_gate/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.0"

pip_cve_gate-0.1.0/src/pip_cve_gate/cli.py

@@ -0,0 +1,127 @@
+"""safe-pip CLI entry point.
+
+Usage mirrors pip install:
+    safe-pip install flask requests
+    safe-pip install -r requirements.txt
+    safe-pip install flask --skip-fresh-hold
+
+Non-install subcommands are passed through to real pip unchanged.
+"""
+
+from __future__ import annotations
+
+import os
+import subprocess
+import sys
+
+from pip_cve_gate import __version__
+from pip_cve_gate.resolver import resolve
+from pip_cve_gate.scanner import scan
+
+EXIT_CLEAN = 0
+EXIT_BLOCKED = 1
+EXIT_ERROR = 2
+
+
+def _real_pip() -> str:
+    return os.getenv("PIP_CVE_GATE_PIP_BIN", "pip")
+
+
+def _passthrough(args: list[str]) -> int:
+    return subprocess.call([_real_pip()] + args)
+
+
+def _extract_packages(args: list[str]) -> tuple[list[str], list[str]]:
+    """Split install args into package specs and pip flags.
+
+    Returns (specs, pip_flags).  Requirements files (-r) are not resolved
+    in Phase 1 — they pass through after a warning.
+    """
+    specs: list[str] = []
+    flags: list[str] = []
+    skip_next = False
+    has_req_file = False
+
+    for i, arg in enumerate(args):
+        if skip_next:
+            skip_next = False
+            flags.append(arg)
+            continue
+        if arg in ("-r", "--requirement"):
+            has_req_file = True
+            flags.append(arg)
+            skip_next = True
+        elif arg.startswith("-"):
+            flags.append(arg)
+        else:
+            specs.append(arg)
+
+    if has_req_file:
+        print(
+            "[pip-cve-gate] WARNING: -r/--requirement not yet scanned. Passing through to pip.",
+            file=sys.stderr,
+        )
+
+    return specs, flags
+
+
+def _print_block(blocks: list) -> None:
+    print("\n\x1b[31m[pip-cve-gate] BLOCKED — install aborted\x1b[0m", file=sys.stderr)
+    for b in blocks:
+        print(f"  [{b.reason}] {b.detail}", file=sys.stderr)
+    print(file=sys.stderr)
+
+
+def main(argv: list[str] | None = None) -> int:
+    args = argv if argv is not None else sys.argv[1:]
+
+    if not args or args[0] in ("-h", "--help"):
+        print(f"safe-pip {__version__} — CVE gate wrapper for pip")
+        print("Usage: safe-pip install [pip-options] <packages>")
+        print("       safe-pip <any-other-pip-command>  (passed through)")
+        return EXIT_CLEAN
+
+    if args[0] in ("-V", "--version"):
+        print(f"safe-pip {__version__}")
+        return EXIT_CLEAN
+
+    if args[0] != "install":
+        return _passthrough(args)
+
+    install_args = args[1:]
+    skip_fresh_hold = "--skip-fresh-hold" in install_args
+    if skip_fresh_hold:
+        install_args = [a for a in install_args if a != "--skip-fresh-hold"]
+        os.environ["PIP_CVE_GATE_FRESH_HOLD_DAYS"] = "0"
+
+    specs, pip_flags = _extract_packages(install_args)
+
+    if not specs:
+        # No packages to scan (e.g. safe-pip install --upgrade pip).
+        return _passthrough(["install"] + install_args)
+
+    print(f"[pip-cve-gate] Scanning {len(specs)} package(s)…", file=sys.stderr)
+
+    try:
+        packages = resolve(specs)
+    except (ValueError, RuntimeError) as exc:
+        print(f"[pip-cve-gate] ERROR: {exc}", file=sys.stderr)
+        return EXIT_ERROR
+
+    print(
+        f"[pip-cve-gate] Resolved {len(packages)} package(s) (incl. transitive deps)",
+        file=sys.stderr,
+    )
+
+    blocks = scan(packages)
+
+    if blocks:
+        _print_block(blocks)
+        return EXIT_BLOCKED
+
+    print("[pip-cve-gate] All clear — delegating to pip", file=sys.stderr)
+    return _passthrough(["install"] + pip_flags + specs)
+
+
+if __name__ == "__main__":
+    sys.exit(main())

pip_cve_gate-0.1.0/src/pip_cve_gate/config.py

@@ -0,0 +1,14 @@
+import os
+
+FRESH_HOLD_DAYS: int = int(os.getenv("PIP_CVE_GATE_FRESH_HOLD_DAYS", "3"))
+REQUEST_TIMEOUT: int = int(os.getenv("PIP_CVE_GATE_TIMEOUT", "10"))
+MAX_TRANSITIVE_DEPTH: int = int(os.getenv("PIP_CVE_GATE_MAX_DEPTH", "5"))
+
+# OSV batch endpoint
+OSV_BATCH_URL = "https://api.osv.dev/v1/querybatch"
+
+# PyPI JSON API
+PYPI_JSON_URL = "https://pypi.org/pypi/{package}/json"
+
+# OSSF malicious packages dataset (GitHub raw — daily snapshot)
+OSSF_MALICIOUS_URL = "https://raw.githubusercontent.com/ossf/malicious-packages/main/osv/malicious/pypi/MAL-2024-1.json"

pip_cve_gate-0.1.0/src/pip_cve_gate/feeds/ossf.py

@@ -0,0 +1,46 @@
+"""OSSF Malicious Packages feed for PyPI.
+
+Fetches the OSSF malicious-packages OSV index and returns a set of
+package names known to be malicious.  The index is a directory of
+per-package OSV JSON files; we use the GitHub API to list them and
+cache the result in-process for the lifetime of the scan.
+"""
+
+from __future__ import annotations
+
+import functools
+
+import requests
+
+from pip_cve_gate.config import REQUEST_TIMEOUT
+
+_OSSF_INDEX_API = "https://api.github.com/repos/ossf/malicious-packages/git/trees/main?recursive=1"
+
+
+@functools.lru_cache(maxsize=1)
+def _fetch_malicious_names() -> frozenset[str]:
+    """Return normalised package names listed in the OSSF malicious-packages repo."""
+    try:
+        resp = requests.get(_OSSF_INDEX_API, timeout=REQUEST_TIMEOUT)
+        resp.raise_for_status()
+    except requests.RequestException:
+        # Fail open — don't block installs if OSSF is unreachable.
+        return frozenset()
+
+    names: set[str] = set()
+    for item in resp.json().get("tree", []):
+        path: str = item.get("path", "")
+        # Paths look like: osv/malicious/pypi/<name>/MAL-YYYY-NNN.json
+        parts = path.split("/")
+        if len(parts) >= 4 and parts[0] == "osv" and parts[1] == "malicious" and parts[2] == "pypi":
+            names.add(_normalise(parts[3]))
+
+    return frozenset(names)
+
+
+def _normalise(name: str) -> str:
+    return name.lower().replace("-", "_").replace(".", "_")
+
+
+def is_malicious(name: str) -> bool:
+    return _normalise(name) in _fetch_malicious_names()

pip_cve_gate-0.1.0/src/pip_cve_gate/feeds/osv.py

@@ -0,0 +1,5 @@
+"""OSV.dev feed — re-exports pypi_advisory for direct OSV usage."""
+
+from pip_cve_gate.feeds.pypi_advisory import query_batch
+
+__all__ = ["query_batch"]

pip_cve_gate-0.1.0/src/pip_cve_gate/feeds/pypi_advisory.py

@@ -0,0 +1,43 @@
+"""PyPI Advisory Database feed via OSV.dev (ecosystem=PyPI)."""
+
+from __future__ import annotations
+
+import requests
+
+from pip_cve_gate.config import OSV_BATCH_URL, REQUEST_TIMEOUT
+
+
+def query_batch(packages: list[tuple[str, str]]) -> dict[str, list[dict]]:
+    """Query OSV for PyPI advisories.
+
+    Args:
+        packages: list of (name, version) tuples
+
+    Returns:
+        dict mapping "name==version" to list of OSV vuln dicts
+    """
+    if not packages:
+        return {}
+
+    queries = [
+        {"package": {"name": name, "ecosystem": "PyPI"}, "version": version}
+        for name, version in packages
+    ]
+
+    try:
+        resp = requests.post(
+            OSV_BATCH_URL,
+            json={"queries": queries},
+            timeout=REQUEST_TIMEOUT,
+        )
+        resp.raise_for_status()
+    except requests.RequestException as exc:
+        raise RuntimeError(f"OSV batch query failed: {exc}") from exc
+
+    results: dict[str, list[dict]] = {}
+    for (name, version), result in zip(packages, resp.json().get("results", [])):
+        vulns = result.get("vulns", [])
+        if vulns:
+            results[f"{name}=={version}"] = vulns
+
+    return results

pip_cve_gate-0.1.0/src/pip_cve_gate/resolver.py

@@ -0,0 +1,105 @@
+"""Dependency resolver using the PyPI JSON API.
+
+Resolves a list of package specs to (name, version) pairs including
+transitive dependencies up to MAX_TRANSITIVE_DEPTH levels deep.
+Uses PyPI's latest-version metadata — not a full SAT solver, but
+sufficient for pre-install CVE scanning of the most likely candidates.
+"""
+
+from __future__ import annotations
+
+from datetime import datetime, timezone
+
+import requests
+from packaging.requirements import Requirement
+from packaging.version import Version
+
+from pip_cve_gate.config import MAX_TRANSITIVE_DEPTH, PYPI_JSON_URL, REQUEST_TIMEOUT
+
+
+class PyPIPackage:
+    def __init__(self, name: str, version: str, upload_time: datetime) -> None:
+        self.name = name
+        self.version = version
+        self.upload_time = upload_time
+
+
+def _fetch_pypi(name: str) -> dict:
+    url = PYPI_JSON_URL.format(package=name)
+    try:
+        resp = requests.get(url, timeout=REQUEST_TIMEOUT)
+        resp.raise_for_status()
+        return resp.json()
+    except requests.HTTPError as exc:
+        if exc.response is not None and exc.response.status_code == 404:
+            raise ValueError(f"Package '{name}' not found on PyPI") from exc
+        raise RuntimeError(f"PyPI API error for '{name}': {exc}") from exc
+    except requests.RequestException as exc:
+        raise RuntimeError(f"PyPI API unreachable for '{name}': {exc}") from exc
+
+
+def _parse_upload_time(ts: str) -> datetime:
+    return datetime.fromisoformat(ts.rstrip("Z")).replace(tzinfo=timezone.utc)
+
+
+def resolve(specs: list[str]) -> list[PyPIPackage]:
+    """Resolve specs to concrete packages including transitive deps.
+
+    Args:
+        specs: e.g. ["flask", "requests>=2.28", "django==4.2.1"]
+
+    Returns:
+        Deduplicated list of PyPIPackage for all packages that would be installed.
+    """
+    seen: dict[str, PyPIPackage] = {}
+    queue: list[str] = list(specs)
+    depth = 0
+
+    while queue and depth < MAX_TRANSITIVE_DEPTH:
+        next_queue: list[str] = []
+        for spec in queue:
+            req = Requirement(spec)
+            name_key = req.name.lower().replace("-", "_")
+            if name_key in seen:
+                continue
+
+            data = _fetch_pypi(req.name)
+            info = data["info"]
+            latest_version = info["version"]
+
+            # If a specific version is pinned, honour it; otherwise use latest.
+            if req.specifier:
+                candidates = [
+                    Version(v) for v in data["releases"] if list(req.specifier.filter([v]))
+                ]
+                if not candidates:
+                    raise ValueError(f"No matching version for '{spec}' on PyPI")
+                resolved_version = str(max(candidates))
+            else:
+                resolved_version = latest_version
+
+            # Upload time for freshness check.
+            release_files = data["releases"].get(resolved_version, [])
+            upload_time_str = (
+                release_files[0]["upload_time"] if release_files else "1970-01-01T00:00:00"
+            )
+            upload_time = _parse_upload_time(upload_time_str)
+
+            pkg = PyPIPackage(req.name, resolved_version, upload_time)
+            seen[name_key] = pkg
+
+            # Queue direct deps for next depth level.
+            requires_dist = info.get("requires_dist") or []
+            for dep_str in requires_dist:
+                try:
+                    dep = Requirement(dep_str)
+                    # Skip extras and environment markers for Phase 1.
+                    if dep.marker is None:
+                        next_queue.append(str(dep))
+                except Exception:
+                    pass
+
+        queue = next_queue
+        depth += 1
+
+    return list(seen.values())

pip_cve_gate-0.1.0/src/pip_cve_gate/scanner.py

@@ -0,0 +1,82 @@
+"""CVE + freshness scanner.
+
+Coordinates all feeds and returns a list of BlockReason objects.
+Exit is clean (empty list) or blocked (non-empty list).
+"""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from datetime import datetime, timezone
+
+from pip_cve_gate.config import FRESH_HOLD_DAYS
+from pip_cve_gate.feeds import ossf, pypi_advisory
+from pip_cve_gate.resolver import PyPIPackage
+
+
+@dataclass
+class BlockReason:
+    package: str
+    version: str
+    reason: str
+    detail: str
+
+
+def scan(packages: list[PyPIPackage]) -> list[BlockReason]:
+    """Scan resolved packages for CVEs, malicious listings, and freshness holds.
+
+    Returns a list of BlockReason — empty means all clear.
+    """
+    blocks: list[BlockReason] = []
+
+    # --- OSSF malicious packages (per-package, no batch API) ---
+    for pkg in packages:
+        if ossf.is_malicious(pkg.name):
+            blocks.append(
+                BlockReason(
+                    package=pkg.name,
+                    version=pkg.version,
+                    reason="OSSF_MALICIOUS",
+                    detail=f"'{pkg.name}' is listed in the OSSF Malicious Packages dataset.",
+                )
+            )
+
+    # --- Freshness hold ---
+    now = datetime.now(tz=timezone.utc)
+    for pkg in packages:
+        age_days = (now - pkg.upload_time).days
+        if age_days < FRESH_HOLD_DAYS:
+            blocks.append(
+                BlockReason(
+                    package=pkg.name,
+                    version=pkg.version,
+                    reason="FRESH_HOLD",
+                    detail=(
+                        f"'{pkg.name}=={pkg.version}' was published {age_days}d ago "
+                        f"(hold: {FRESH_HOLD_DAYS}d). Use --skip-fresh-hold to override."
+                    ),
+                )
+            )
+
+    # --- OSV / PyPI Advisory DB (batch) ---
+    tuples = [(pkg.name, pkg.version) for pkg in packages]
+    try:
+        vuln_map = pypi_advisory.query_batch(tuples)
+    except RuntimeError as exc:
+        # Fail open on network error — log and continue.
+        print(f"[pip-cve-gate] WARNING: OSV query failed: {exc}")
+        vuln_map = {}
+
+    for key, vulns in vuln_map.items():
+        name, _, version = key.partition("==")
+        ids = ", ".join(v.get("id", "?") for v in vulns)
+        blocks.append(
+            BlockReason(
+                package=name,
+                version=version,
+                reason="CVE",
+                detail=f"'{key}' has known vulnerabilities: {ids}",
+            )
+        )
+
+    return blocks

pip_cve_gate-0.1.0/src/pip_cve_gate.egg-info/PKG-INFO

@@ -0,0 +1,148 @@
+Metadata-Version: 2.4
+Name: pip-cve-gate
+Version: 0.1.0
+Summary: Pre-install CVE gate for pip — blocks vulnerable and freshly published packages before install
+Author-email: Sharky <sharky@augatho.com>
+License-Expression: MIT
+Keywords: pip,security,supply-chain,cve,vulnerability
+Classifier: Development Status :: 3 - Alpha
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Build Tools
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests>=2.31
+Requires-Dist: packaging>=23
+Provides-Extra: dev
+Requires-Dist: pytest>=8; extra == "dev"
+Requires-Dist: pytest-httpserver>=1.0; extra == "dev"
+Requires-Dist: responses>=0.25; extra == "dev"
+Requires-Dist: ruff>=0.4; extra == "dev"
+Dynamic: license-file
+
+# pip-cve-gate
+
+**Pre-install CVE gate for pip.** Blocks vulnerable and freshly published packages *before* any code runs on your machine.
+
+```
+safe-pip install flask requests django
+# [pip-cve-gate] Scanning 3 package(s)…
+# [pip-cve-gate] Resolved 27 package(s) (incl. transitive deps)
+# [pip-cve-gate] All clear — delegating to pip
+```
+
+If a package is blocked:
+
+```
+safe-pip install somelib
+# [pip-cve-gate] BLOCKED — install aborted
+#   [CVE] 'somelib==1.2.3' has known vulnerabilities: GHSA-xxxx-yyyy-zzzz
+#   [FRESH_HOLD] 'dep==0.0.1' was published 1d ago (hold: 3d). Use --skip-fresh-hold to override.
+```
+
+Exit code `0` = clean, `1` = blocked, `2` = error.
+
+---
+
+## Why
+
+Post-install tools (pip-audit, safety) run *after* pip has already downloaded and potentially executed install scripts. By then it's too late for zero-hour supply chain attacks.
+
+pip has no native plugin hook for pre-install scanning. pip-cve-gate fills that gap with a wrapper that resolves the full dependency tree, scans every package against three independent feeds, and only delegates to real pip when everything is clean.
+
+The closest prior art — [pipask](https://github.com/feynmanix/pipask) — checks PyPI advisories but lacks freshness hold and OSSF malicious package coverage. pip-cve-gate covers all three.
+
+---
+
+## What it checks
+
+| Signal | Source | Fail behaviour |
+|--------|--------|----------------|
+| Known CVEs / advisories | [OSV.dev](https://osv.dev) + PyPI Advisory DB | Block |
+| OSSF malicious packages | [ossf/malicious-packages](https://github.com/ossf/malicious-packages) | Block |
+| Freshness hold (default 3d) | PyPI upload timestamp | Block (overridable) |
+
+Network failures **fail open** — a broken feed never blocks your CI.
+
+---
+
+## Install
+
+```bash
+pip install pip-cve-gate
+```
+
+Or run directly from the repo without installing:
+
+```bash
+git clone https://github.com/sharkyger/pip-cve-gate
+cd pip-cve-gate
+python bin/safe-pip install flask
+```
+
+---
+
+## Usage
+
+`safe-pip` accepts the same arguments as `pip install`:
+
+```bash
+safe-pip install flask
+safe-pip install "django>=4.2" "celery==5.3.6"
+safe-pip install flask --skip-fresh-hold   # bypass freshness hold
+```
+
+Non-install subcommands are passed through unchanged:
+
+```bash
+safe-pip list
+safe-pip show flask
+safe-pip uninstall flask
+```
+
+### Configuration
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `PIP_CVE_GATE_FRESH_HOLD_DAYS` | `3` | Days a new release must age before install |
+| `PIP_CVE_GATE_TIMEOUT` | `10` | HTTP timeout in seconds |
+| `PIP_CVE_GATE_MAX_DEPTH` | `5` | Max transitive dependency depth |
+| `PIP_CVE_GATE_PIP_BIN` | `pip` | Path to real pip binary |
+
+---
+
+## Part of the safe-install fleet
+
+pip-cve-gate is part of a pre-install CVE gate fleet for different package ecosystems:
+
+| Ecosystem | Tool |
+|-----------|------|
+| Homebrew | [homebrew-safe-upgrade](https://github.com/sharkyger/homebrew-safe-upgrade) |
+| Composer (PHP) | [composer-cve-gate](https://github.com/sharkyger/composer-cve-gate) |
+| pip (Python) | **pip-cve-gate** ← you are here |
+
+---
+
+## Development
+
+```bash
+git clone https://github.com/sharkyger/pip-cve-gate
+cd pip-cve-gate
+python -m venv .venv && source .venv/bin/activate
+pip install -e ".[dev]"
+pytest -v
+ruff check src/ tests/
+```
+
+---
+
+## License
+
+MIT — see [LICENSE](LICENSE).

pip_cve_gate-0.1.0/src/pip_cve_gate.egg-info/SOURCES.txt

@@ -0,0 +1,21 @@
+LICENSE
+README.md
+pyproject.toml
+src/pip_cve_gate/__init__.py
+src/pip_cve_gate/cli.py
+src/pip_cve_gate/config.py
+src/pip_cve_gate/resolver.py
+src/pip_cve_gate/scanner.py
+src/pip_cve_gate.egg-info/PKG-INFO
+src/pip_cve_gate.egg-info/SOURCES.txt
+src/pip_cve_gate.egg-info/dependency_links.txt
+src/pip_cve_gate.egg-info/entry_points.txt
+src/pip_cve_gate.egg-info/requires.txt
+src/pip_cve_gate.egg-info/top_level.txt
+src/pip_cve_gate/feeds/__init__.py
+src/pip_cve_gate/feeds/ossf.py
+src/pip_cve_gate/feeds/osv.py
+src/pip_cve_gate/feeds/pypi_advisory.py
+tests/test_cli.py
+tests/test_resolver.py
+tests/test_scanner.py

pip_cve_gate-0.1.0/src/pip_cve_gate.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

pip_cve_gate-0.1.0/src/pip_cve_gate.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+safe-pip = pip_cve_gate.cli:main

pip_cve_gate-0.1.0/src/pip_cve_gate.egg-info/requires.txt

@@ -0,0 +1,8 @@
+requests>=2.31
+packaging>=23
+
+[dev]
+pytest>=8
+pytest-httpserver>=1.0
+responses>=0.25
+ruff>=0.4

pip_cve_gate-0.1.0/src/pip_cve_gate.egg-info/top_level.txt

@@ -0,0 +1 @@
+pip_cve_gate

pip_cve_gate-0.1.0/tests/test_cli.py

@@ -0,0 +1,72 @@
+"""Tests for the CLI entry point."""
+
+from __future__ import annotations
+
+from datetime import datetime, timedelta, timezone
+from unittest.mock import patch
+
+from pip_cve_gate.cli import EXIT_BLOCKED, EXIT_CLEAN, EXIT_ERROR, main
+from pip_cve_gate.resolver import PyPIPackage
+from pip_cve_gate.scanner import BlockReason
+
+
+def _pkg(name="requests", version="2.31.0", days_old=30):
+    return PyPIPackage(name, version, datetime.now(tz=timezone.utc) - timedelta(days=days_old))
+
+
+def test_no_args_prints_usage(capsys):
+    rc = main([])
+    assert rc == EXIT_CLEAN
+    out = capsys.readouterr().out
+    assert "safe-pip" in out
+
+
+def test_version_flag(capsys):
+    rc = main(["--version"])
+    assert rc == EXIT_CLEAN
+    assert "safe-pip" in capsys.readouterr().out
+
+
+def test_non_install_passthrough():
+    with patch("pip_cve_gate.cli._passthrough", return_value=0) as mock:
+        rc = main(["list"])
+    mock.assert_called_once_with(["list"])
+    assert rc == EXIT_CLEAN
+
+
+def test_clean_install_delegates_to_pip():
+    pkg = _pkg()
+    with (
+        patch("pip_cve_gate.cli.resolve", return_value=[pkg]),
+        patch("pip_cve_gate.cli.scan", return_value=[]),
+        patch("pip_cve_gate.cli._passthrough", return_value=0) as mock_pip,
+    ):
+        rc = main(["install", "requests"])
+    assert rc == EXIT_CLEAN
+    mock_pip.assert_called_once()
+
+
+def test_blocked_install_does_not_call_pip():
+    pkg = _pkg()
+    block = BlockReason("requests", "2.31.0", "CVE", "has known vulns")
+    with (
+        patch("pip_cve_gate.cli.resolve", return_value=[pkg]),
+        patch("pip_cve_gate.cli.scan", return_value=[block]),
+        patch("pip_cve_gate.cli._passthrough") as mock_pip,
+    ):
+        rc = main(["install", "requests"])
+    assert rc == EXIT_BLOCKED
+    mock_pip.assert_not_called()
+
+
+def test_resolver_error_returns_exit_error():
+    with patch("pip_cve_gate.cli.resolve", side_effect=ValueError("not found")):
+        rc = main(["install", "nonexistent-xyz-123"])
+    assert rc == EXIT_ERROR
+
+
+def test_no_packages_passthrough():
+    with patch("pip_cve_gate.cli._passthrough", return_value=0) as mock:
+        rc = main(["install", "--upgrade", "pip"])
+    mock.assert_called_once()
+    assert rc == EXIT_CLEAN

pip_cve_gate-0.1.0/tests/test_resolver.py

@@ -0,0 +1,71 @@
+"""Tests for the PyPI resolver."""
+
+from __future__ import annotations
+
+from datetime import timezone
+from unittest.mock import patch
+
+import pytest
+
+from pip_cve_gate.resolver import _parse_upload_time, resolve
+
+
+def _fake_pypi_response(name: str, version: str, upload_time: str, requires_dist=None):
+    return {
+        "info": {
+            "name": name,
+            "version": version,
+            "requires_dist": requires_dist or [],
+        },
+        "releases": {
+            version: [{"upload_time": upload_time}],
+        },
+    }
+
+
+def test_parse_upload_time_utc():
+    dt = _parse_upload_time("2024-01-15T10:30:00")
+    assert dt.tzinfo == timezone.utc
+    assert dt.year == 2024
+
+
+def test_resolve_single_package():
+    fake = _fake_pypi_response("requests", "2.31.0", "2023-05-22T14:00:00")
+    with patch("pip_cve_gate.resolver._fetch_pypi", return_value=fake):
+        pkgs = resolve(["requests"])
+    assert len(pkgs) == 1
+    assert pkgs[0].name == "requests"
+    assert pkgs[0].version == "2.31.0"
+
+
+def test_resolve_deduplicates():
+    fake = _fake_pypi_response("requests", "2.31.0", "2023-05-22T14:00:00")
+    with patch("pip_cve_gate.resolver._fetch_pypi", return_value=fake):
+        pkgs = resolve(["requests", "requests"])
+    assert len(pkgs) == 1
+
+
+def test_resolve_not_found_raises():
+
+    with patch("pip_cve_gate.resolver._fetch_pypi") as mock:
+        resp_mock = type("R", (), {"status_code": 404})()
+        mock.side_effect = ValueError("Package 'nonexistent' not found on PyPI")
+        with pytest.raises(ValueError, match="not found on PyPI"):
+            resolve(["nonexistent"])
+
+
+def test_resolve_transitive_deps():
+    flask_resp = _fake_pypi_response(
+        "flask", "3.0.0", "2023-09-30T00:00:00", requires_dist=["werkzeug>=3.0"]
+    )
+    werkzeug_resp = _fake_pypi_response("werkzeug", "3.0.1", "2023-10-01T00:00:00")
+
+    def fake_fetch(name):
+        return flask_resp if name.lower() == "flask" else werkzeug_resp
+
+    with patch("pip_cve_gate.resolver._fetch_pypi", side_effect=fake_fetch):
+        pkgs = resolve(["flask"])
+
+    names = {p.name.lower() for p in pkgs}
+    assert "flask" in names
+    assert "werkzeug" in names

pip_cve_gate-0.1.0/tests/test_scanner.py

@@ -0,0 +1,86 @@
+"""Tests for the scanner."""
+
+from __future__ import annotations
+
+from datetime import datetime, timedelta, timezone
+from unittest.mock import patch
+
+from pip_cve_gate.resolver import PyPIPackage
+from pip_cve_gate.scanner import scan
+
+
+def _pkg(name: str, version: str, days_old: int = 30) -> PyPIPackage:
+    upload_time = datetime.now(tz=timezone.utc) - timedelta(days=days_old)
+    return PyPIPackage(name, version, upload_time)
+
+
+def test_clean_package_returns_empty():
+    pkg = _pkg("requests", "2.31.0", days_old=30)
+    with (
+        patch("pip_cve_gate.scanner.ossf.is_malicious", return_value=False),
+        patch("pip_cve_gate.scanner.pypi_advisory.query_batch", return_value={}),
+    ):
+        assert scan([pkg]) == []
+
+
+def test_fresh_hold_blocks():
+    pkg = _pkg("newpkg", "1.0.0", days_old=0)
+    with (
+        patch("pip_cve_gate.scanner.ossf.is_malicious", return_value=False),
+        patch("pip_cve_gate.scanner.pypi_advisory.query_batch", return_value={}),
+    ):
+        blocks = scan([pkg])
+    assert len(blocks) == 1
+    assert blocks[0].reason == "FRESH_HOLD"
+    assert blocks[0].package == "newpkg"
+
+
+def test_ossf_malicious_blocks():
+    pkg = _pkg("evilpkg", "0.1.0", days_old=10)
+    with (
+        patch("pip_cve_gate.scanner.ossf.is_malicious", return_value=True),
+        patch("pip_cve_gate.scanner.pypi_advisory.query_batch", return_value={}),
+    ):
+        blocks = scan([pkg])
+    reasons = {b.reason for b in blocks}
+    assert "OSSF_MALICIOUS" in reasons
+
+
+def test_cve_blocks():
+    pkg = _pkg("vulnerable", "1.0.0", days_old=30)
+    vuln_map = {"vulnerable==1.0.0": [{"id": "GHSA-xxxx-yyyy-zzzz"}]}
+    with (
+        patch("pip_cve_gate.scanner.ossf.is_malicious", return_value=False),
+        patch("pip_cve_gate.scanner.pypi_advisory.query_batch", return_value=vuln_map),
+    ):
+        blocks = scan([pkg])
+    reasons = {b.reason for b in blocks}
+    assert "CVE" in reasons
+    assert "GHSA-xxxx-yyyy-zzzz" in blocks[-1].detail
+
+
+def test_multiple_packages_multiple_blocks():
+    pkgs = [
+        _pkg("fresh", "1.0.0", days_old=0),
+        _pkg("clean", "2.0.0", days_old=30),
+    ]
+    with (
+        patch("pip_cve_gate.scanner.ossf.is_malicious", return_value=False),
+        patch("pip_cve_gate.scanner.pypi_advisory.query_batch", return_value={}),
+    ):
+        blocks = scan(pkgs)
+    assert any(b.package == "fresh" for b in blocks)
+    assert not any(b.package == "clean" for b in blocks)
+
+
+def test_osv_network_failure_does_not_block():
+    pkg = _pkg("requests", "2.31.0", days_old=30)
+    with (
+        patch("pip_cve_gate.scanner.ossf.is_malicious", return_value=False),
+        patch(
+            "pip_cve_gate.scanner.pypi_advisory.query_batch",
+            side_effect=RuntimeError("network timeout"),
+        ),
+    ):
+        blocks = scan([pkg])
+    assert blocks == []