From 78ad08dfc66862a7d8433a912e878a099216dd93 Mon Sep 17 00:00:00 2001 From: Astariul Date: Tue, 10 Jan 2023 18:14:53 +0900 Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=93=9D=20Add=20warning=20in=20the=20R?= =?UTF-8?q?EADME=20about=20supply=20chain=20attacks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index dde670b..8147a8d 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Make all your private packages accessible in one place
with this github-hoste Get StartedModify indexed packagesFAQ • + A word about supply chain attacksContributeReferences

@@ -177,6 +178,24 @@ RUN --mount=type=secret,id=gh_auth,dst=/root/.netrc pip install - **_If you have any questions or ideas to improve this FAQ, please open a PR / blank issue !_** +## A word about supply chain attacks + +In the past months, several companies were compromised through PyPi supply chain attacks. Because this repository is a PyPi index, this is very much spot on. + +--- + +As you saw earlier, this github-hosted PyPi index rely on the `pip` feature `--extra-index-url`. Because of how this feature works, it is vulnerable to supply chain attacks. + +For example, let's say you have a package named `fbi_package` version `2.8.3` hosted on your private PyPi index. + +An attacker could create a malicious package with the same name (`fbi_package`) and a higher version (for example `99.0.0`). Then, when you run `pip install fbi_package --extra-index-url my_pypi_index.com`, `pip` will take the latest version of the package, which is the malicious package ! + +--- + +While this repository makes it very convenient to have your own PyPi index, be aware that the page is public, therefore anyone can see which package name you're using and create a malicious package with this same name... + +Please be careful out there ! + ## Contribute Issues and PR are welcome ! From 5f788cfee2989f1fe891a0e4b43c6840d1acf1af Mon Sep 17 00:00:00 2001 From: Astariul Date: Tue, 10 Jan 2023 19:07:14 +0900 Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=93=9D=20Add=20link=20in=20the=20FAQ?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 8147a8d..6cd5bc5 100644 --- a/README.md +++ b/README.md @@ -140,7 +140,9 @@ Then from `python`, you can just do : import tensorflow ``` -_Note : While it's possible to do like this, it's better to have a unique name for your package, to avoid confusion._ +--- + +**But be careful about this !** While it's possible to handle it like this, it's always better to have a unique name for your package, to avoid confusion but also for [security](#a-word-about-supply-chain-attacks) ! #### Q. How to download private package from Docker ? @@ -180,15 +182,11 @@ RUN --mount=type=secret,id=gh_auth,dst=/root/.netrc pip install - ## A word about supply chain attacks -In the past months, several companies were compromised through PyPi supply chain attacks. Because this repository is a PyPi index, this is very much spot on. - ---- - As you saw earlier, this github-hosted PyPi index rely on the `pip` feature `--extra-index-url`. Because of how this feature works, it is vulnerable to supply chain attacks. For example, let's say you have a package named `fbi_package` version `2.8.3` hosted on your private PyPi index. -An attacker could create a malicious package with the same name (`fbi_package`) and a higher version (for example `99.0.0`). Then, when you run `pip install fbi_package --extra-index-url my_pypi_index.com`, `pip` will take the latest version of the package, which is the malicious package ! +An attacker could create a malicious package with the same name (`fbi_package`) and a higher version (for example `99.0.0`). When you run `pip install fbi_package --extra-index-url my_pypi_index.com`, under the hood `pip` will download the latest version of the package, which is the malicious package ! --- From 7677d0be243760c5b330047c3b82c50ec6c83ff7 Mon Sep 17 00:00:00 2001 From: Astariul Date: Tue, 10 Jan 2023 19:08:43 +0900 Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=9A=A8=20Format=20README?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6cd5bc5..52ac59d 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,8 @@ As you saw earlier, this github-hosted PyPi index rely on the `pip` feature `--e For example, let's say you have a package named `fbi_package` version `2.8.3` hosted on your private PyPi index. -An attacker could create a malicious package with the same name (`fbi_package`) and a higher version (for example `99.0.0`). When you run `pip install fbi_package --extra-index-url my_pypi_index.com`, under the hood `pip` will download the latest version of the package, which is the malicious package ! +An attacker could create a malicious package with the same name (`fbi_package`) and a higher version (for example `99.0.0`). +When you run `pip install fbi_package --extra-index-url my_pypi_index.com`, under the hood `pip` will download the latest version of the package, which is the malicious package ! ---