Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Project dependencies may have API risk issues #60

Open
PyDeps opened this issue Oct 26, 2022 · 0 comments
Open

Project dependencies may have API risk issues #60

PyDeps opened this issue Oct 26, 2022 · 0 comments

Comments

@PyDeps
Copy link

PyDeps commented Oct 26, 2022

Hi, In munin, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

colorama>=0.3.9
future>=0.16.0
requests>=2.20.0
configparser>=3.5.0
pymisp>=2.4.123
flask>=1.0
flask_caching
cfscrape
pyzipper
dnspython
IPy

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency colorama can be changed to ==0.1.
The version constraint of dependency colorama can be changed to >=0.1.3,<=0.1.6.
The version constraint of dependency colorama can be changed to ==0.1.10.
The version constraint of dependency colorama can be changed to >=0.1.13,<=0.1.14.
The version constraint of dependency colorama can be changed to >=0.1.16,<=0.4.5.
The version constraint of dependency requests can be changed to >=2.4.0,<=2.15.1.
The version constraint of dependency configparser can be changed to ==3.5.0b1.
The version constraint of dependency configparser can be changed to >=3.5.1,<=3.5.2.
The version constraint of dependency configparser can be changed to >=3.7.2,<=5.2.0.
The version constraint of dependency pymisp can be changed to >=1.1,<=2.4.79.
The version constraint of dependency flask can be changed to >=0.11,<=0.12.5.
The version constraint of dependency cfscrape can be changed to >=1.3,<=1.4.1.
The version constraint of dependency cfscrape can be changed to >=1.4.3,<=1.6.1.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the colorama 
colorama.init
The calling methods from the requests 
requests.packages.urllib3.disable_warnings
requests.get
requests.post
The calling methods from the configparser 
configparser.ConfigParser
The calling methods from the pymisp 
pymisp.PyMISP
pymisp.PyMISP.search
The calling methods from the flask 
json.dumps
flask.Flask
json.load
json.loads
flask.Flask.run
flask.Flask.route
The calling methods from the cfscrape 
cfscrape.create_scraper
The calling methods from the all methods 
line.replace.replace
fh.readlines.append
field.str.replace
line.format.ljust
configparser.ConfigParser.has_section
is_ip
args.s.split
IPy.IP
socket.gethostbyname
ord
IP
__VERSION__.__AUTHOR__.ljust
io.BytesIO.close
getEmptyInfo.update
os.path.abspath
saveCache
open
lib.munin_vt.rescanVTSample
isinstance
line.hash.format.re.sub.strip.split
is_private
r.path.split
os.path.basename
getMalwareBazarInfo
hashlib.md5
f.write
getHashlookup
fh_results.write
cache.append
is_resolvable
ljust
sample_info.datetime.utcfromtimestamp.strftime
math.log
lib.munin_stdout.printHighlighted
logging.getLogger.setLevel
info.append
printPeInfo
processVirustotalSampleInfo.update
domain.split
virus_names.append
json.load
os.makedirs
urllib.request.urlopen
json.loads
getIntezerInfo
max
fetchHash
io.BytesIO.write
hashlib.sha256.update
lib.helper.generateResultFilename
hashlib.sha256.hexdigest
info.update
lib.munin_stdout.printKeyLine
sys.stdout.write
str
flask.Flask
colorama.init
f.read
processLines.append
pycurl.Curl.perform
header_line.decode.split
re.compile
printSeparator
x.upper
input
colorer.sub.replace
int
list.append
response_dict_code.content.decode
path.replace
input.startswith
hashlib.sha256
downloadMalwareBazarSample
argparse.ArgumentParser
argparse.ArgumentParser.parse_args
ssl.create_default_context
name.lower.strip
flask.Flask.run
flask_caching.Cache.init_app
pymisp.PyMISP
k.upper
round
outString.append
map
IP.iptype
configparser.ConfigParser.get
is_pingable
platformChecks
domains.append
join
getURLhaus
contents.append
lib.munin_vt.getVTInfo
requests.get
datetime.datetime.now.strftime
open.write
requests.packages.urllib3.disable_warnings
open.close
fh.write
logging.getLogger
peChecks
pymisp.PyMISP.search
flask_caching.Cache.set
gzip.decompress
generateHashes
urllib.parse.urlparse
lib.munin_vt.commentVTSample
sample_info.items
lib.connections.PROXY.preparedURL.requests.get.json
ctx.parameters.urllib.parse.urlencode.cat.URLS.urllib.request.urlopen.read
str.upper
rating.title.total.count.format.ljust
ast.literal_eval
lib.munin_vt.getRetrohuntResults
getValhalla
pycurl.Curl.setopt
sorted
getEmptyInfo.append
getEmptyInfo
header_line.decode.decode
pycurl.Curl
colorer.sub.startswith
printHighlighted
line.rstrip.rstrip
re.match
getMalShareInfo
name.lower.lower
lib.connections.PROXY.preparedURL.requests.get.json.json
lib.munin_csv.CSV_FIELDS.items
getFileData
header_raw.splitlines
process_lines
process_lines.append
resolutions.append
convertSize
re.compile.sub
files.append
rating.title
loadCache
requests.post
getEmptyInfo.remove
processLines
time.sleep
subprocess.check_output
lib.munin_csv.writeCSVHeader
getCAPE
io.BytesIO.getvalue
deactivated_features.append
os.path.splitext
json.loads.get
configparser.ConfigParser
flask_caching.Cache
hashlib.md5.hexdigest
codecs.open
os.path.exists
fh_input.readlines
searchVirustotalComments
cfscrape.create_scraper.get
any
value.strip.strip
misp_events.append
info.encode
platform.system.lower
math.pow
get_crossplatfrom_basename
field.str.replace.replace
enumerate
tags.append
hashlib.md5.update
re.sub
processVirustotalSampleInfo
input.rstrip
h_url.format
signal.signal
lib.connections.setProxy
datetime.datetime.now
info.join.replace
r_code_comments.content.decode
IPy.IP.iptype
lib.munin_stdout.printResult
fh.read
format
datetime.datetime.utcfromtimestamp
processLine
flask_caching.Cache.get
re.findall
inCache
dns.resolver.query
getHybridAnalysisInfo
print_highlighted
is_valid_tld
urllib.parse.urlencode
download_url
list
urls.append
len
process_elements
lib.munin_csv.writeCSV
header_function
targets.append
argparse.ArgumentParser.add_argument
os.walk
traceback.print_exc
hashlib.sha1
hashlib.sha1.hexdigest
f.setpassword
pycurl.Curl.getinfo
cfscrape.create_scraper
getHashlookup.append
float
sys.exit
fh.readlines
os.path.dirname
flask.Flask.route
json.dumps
getMISPInfo.append
getEmptyInfo.insert
set
os.path.join
platform.system
fetch_ip_and_domains
main
time.time
mal_samples.append
getVirusBayInfo
downloadHybridAnalysisSample
io.BytesIO
hashlib.sha1.update
samples.append
requests.post.json
line.hash.format.re.sub.strip
removeNonAsciiDrop
print
getMISPInfo
info.split
configparser.ConfigParser.read
r.path.lstrip
pyzipper.AESZipFile
math.floor
argparse.ArgumentParser.print_help

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PyDeps