Indawo yokugcina izinto zePyPI iqulethe ikhowudi enokubakho engakhuselekanga

Darkcrizt

Imizuzu ye4

Abaphandi abavela kwiDyunivesithi yaseTurku (Finlend) yaziwe kutshanje iziphumo zohlalutyo Benze iipakeji kwindawo yokugcina izinto yiPyPI Ukusetyenziswa kolwakhiwo olunokuba yingozi olunokubangela ubungozi. Kuhlalutyo olo zimalunga ne-197.000 iipakeji ezenziweyo kunye ne-749.000 yeengxaki zokhuseleko ezichongiweyo.

Ngamanye amagama, iipesenti ezingama-46 zeepakethe ubuncinci kwezi ngxaki, phakathi kwezona ngxaki zixhaphakileyo zezo zinento yokwenza nokuphathwa ngaphandle nokusetyenziswa kwekhowudi endaweni yekhowudi.

Kwiingxaki ezingamawaka angama-749 ezichongiweyo, zingama-442 amawaka (41%) bamakishwa njengabantwanaI-227 lamawaka (30%) enobungozi ngokuphakathi kunye nama-80 amawaka (11%) anobungozi.

Idathasethi isekwe kumfanekiso osisiseko wazo zonke iipakeji ezigcinwe kwiPakethe yePhakheji yePython (PyPI) ...

Ngokweentlobo zeengxaki, njengokuphathwa ngokungafaniyo kunye neenaliti zekhowudi ezahlukeneyo ziyeyona ngxaki ixhaphakileyo. Ngale ndlela, imodyuli yemisonto ime ngaphandle. Ukujonga ubungakanani beepakethi ezincinci ezincinci, ubungakanani beemetwork zesoftware abalixeli kwangaphambili inani lemicimbi etyhilwe ngohlalutyo. 

Ezinye iipakeji zingaqhelekanga kwaye ziqulathe amawaka eengxakiUmzekelo, kuye kwafunyanwa iingxaki ezingama-2589 kwiphakheji yePyGGI, ikakhulu enxulumene nokusetyenziswa kolwakhiwo lwe "try-except-pass", kwaye iingxaki ezingama-2356 zafunyanwa kwi-appengine-sdk package. Zininzi iingxaki kwi-genie.libs.ops, pbcore, kunye genie.libs.parser package.

Kufuneka kuqatshelwe ukuba iziphumo zifunyenwe ngesiseko sohlalutyo oluzenzekelayo, olungathatheli ngqalelo imeko yokusetyenziswa kwezakhiwo ezithile.

Umphuhlisi weBandit, owayesetyenziselwa ukuskena ikhowudi, wacebisa ngenxa yenani elikhulu leempembelelo zobuxoki, lIziphumo zokuskena azinakuthathelwa ingqalelo ukuba sesichengeni ngokuthe ngqo ngaphandle koqwalaselo olongezelelekileyo lwengxaki nganye.

Umzekelo, isikhombisi sijonga ukusetyenziswa kwejenreyitha yenani elingenakuthenjwa kunye ne-hashing algorithms ezinje nge-MD5 njengenkxalabo kwezokhuseleko, ngelixa kwikhowudi ezo algorithms zinokusetyenziselwa iinjongo ezingachaphazeli ukhuseleko.

Isicazululi sijonga ukuba kukho nakuphi na ukuqhubekeka kwedatha yangaphandle kwimisebenzi engakhuselekanga efana nokukha, i-yaml.load, inkqubo encinci kunye ne-eval yingxaki, kodwa olu setyenziso alunxulumananga nokuba sesichengeni kwaye, enyanisweni, ukusetyenziswa kwale misebenzi kunokuba yingxaki yokuphunyezwa ngaphandle kwesoyikiso kukhuseleko.

Phakathi kolawulo olusetyenzisiweyo kuphononongo:

  • Ukusetyenziswa kwemisebenzi enokungakhuselekanga yokwenza, mktemp, eval, mark_safe, njl.
  • Uqwalaselo olungakhuselekanga lwamalungelo okufikelela kwifayile.
  • Qhagamshela iplagi yenethiwekhi kuzo zonke iindlela zonxibelelwano.
  • Ukusetyenziswa kwephasiwedi kunye nezitshixo ezifihliweyo.
  • Sebenzisa isikhombisi esichazwe kwangaphambili.
  • Sebenzisa ipasi kwaye uqhubeke ekubambeni-kuzo zonke iintlobo zokuphatha.
  • Qalisa usetyenziso lwewebhu ngokusekwe kwisakhelo sewebhu seFlask ngemowudi yokulungisa imeko enikwe amandla.
  • Sebenzisa iindlela zokungazithembi ukwenza idatha ingafuneki.
  • Sebenzisa i-MD2, MD4, MD5 kunye nemisebenzi ye-SHA1 hash.
  • Ukusetyenziswa kwe-DES cipher kunye neendlela zokubhala.
  • Sebenzisa ukumiselwa kokungakhuseleki kwe-HTTPSConnection kwezinye iinguqulelo zePython.
  • Ukucacisa ifayile: // schema kwi-urlopen.
  • Sebenzisa i-pseudo-random generators xa usenza imisebenzi yokubhala.
  • Sebenzisa umthetho olandelwayo weTelnet.
  • Sebenzisa iiperser zeXML ezingakhuselekanga.

Ukongeza, ukufunyanwa kweephakeji ezinobungozi ezisibhozo kwisikhokelo sePyPI kuyakhankanywa. Iiphakheji zengxaki zakhutshelwa ngaphezulu kwamaxesha angama-8 ngaphambi kokuba zisuswe. Ukufihla isenzo esibi kunye nokuthintela izilumkiso ezilula ze-static kwiipakeji, sisebenzise i-block encoding kunye nekhowudi sisebenzisa ifomathi ye-Base30 kwaye salungiselela ukwenziwa kwayo emva kokucacisa ngokubiza eval.

Ikhowudi efunyenwe kwi-noblesse, genesisbot, are, suff, noblesse2 kunye noblessev2 iipakeji zokufumana amanani ekhadi letyala kunye neephasiwedi ezigcinwe kwizikhangeli ze-Chrome kunye ne-Edge, kunye nokudlulisela iithokheni zeakhawunti kwisicelo seDiscord kwaye uthumele idatha evela kwinkqubo, kubandakanya neescreen Umxholo wesikrini. … Iipytagora kunye neepytagora2 zephakeji zibandakanya ukukhuphela kunye nokusebenzisa ikhowudi yomntu wesithathu ephumezekayo.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.