Advisories for Pypi/Guarddog package

GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs. Create a file whose name contains \x1b[2J. Feed a semgrep-style result referencing that file into Analyzer._format_semgrep_response(). Render the result with HumanReadableReporter.print_scan_results(). The output string contains the raw escape bytes, which a terminal may …

The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and capture the GH_TOKEN used by GuardDog. Start an HTTP listener on 127.0.0.1:18081 that logs the request path and Authorization header. Set GIT_USERNAME=alice and GH_TOKEN=supersecret. Call PypiRequirementsScanner().scan_remote("http://github@127.0.0.1:18081/owner/repo", "main", "requirements.txt"). Observe …

GuardDog's safe_extract() function does not validate decompressed file sizes when extracting ZIP archives (wheels, eggs), allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabytes of disk space from a few megabytes of compressed data.

A path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)

Unsafe extracting using shutil.unpack_archive() from a remotely retrieved tarball may lead to writing the extracted file to an unintended destination.

This advisory duplicates another.

Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed. This is due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. See also https://docs.python.org/3/library/tarfile.html#tarfile.TarFile.extractall

This advisory duplicates another.