Ensuring the Security of PyPI Packages

Abstract

Developers often use open-source code libraries in order to achieve desired functionalities without needing to re-implement existing code. Python developers are no exceptions here, and frequently use the Python Package Index, PyPI, to download the specific code packages they want to use. However, PyPI has few restrictions on what can be uploaded, making certain attacks on its ecosystem relatively simple. This thesis seeks to analyse potential vulnerabilities of PyPI, discuss threats posed to the system and its users, and propose potential countermeasures. Countermeasures can be looked at from two sides; the side of PyPI service providers, and the side of PyPI users. In this thesis work, a threat model of PyPI is created, in which different entry points, assets, and potential threats are identified, ranked and categorised. Also, a number of different user-side tools for discovering malicious packages are discussed, and a small proof-of-concept program utilising those tools is created, after which the tools are evaluated. These are tools related to, for example, information gathering (e.g. the GitHub API or Safety DB), pattern-matching (regular expressions), and containerisation (Docker).

While the threat model is limited, several potential threats, as well as a number of respective countermeasures, are found and discussed. One example is the easy-toperform typosquatting attack; there currently is no protection against such attacks in the PyPI system. Implementing some sort of community reporting feature could make the discovery of such packages easier. As for the user-side tools that we evaluate, they probably cannot detect malicious packages on their own. However, using a combination of multiple tools would likely decrease the chances of installing malicious code packages.