infrastructure/extensions-website
4
8
Fork 10
Code Issues 20 Pull Requests 2 Projects Releases Wiki Activity
20240826-100937
extensions-website/requirements.txt
Oleg Komarov c975e8cb95 File scanning: validate wheel digests against pypi.org (#199) 
This PR adds a new check to background file scans:
wheel digests are verified using PyPI json API
https://warehouse.pypa.io/api-reference/json.html

This check should flag uploads that try to ship code not published on PyPI.
Although the fact that something is published on PyPI is not a guarantee
that the code is safe to load, this additional step should introduce at least
some barriers to uploading malicious code.

We can potentially improve on this further by e.g. integrating with
https://docs.virustotal.com/docs/api-overview

Reviewed-on: #199
Reviewed-by: Anna Sirota <annasirota@noreply.localhost>
2024-07-11 10:45:22 +02:00

56 lines
1.3 KiB
Plaintext
Raw Permalink Blame History

aiohttp==3.8.1
aiosignal==1.2.0
asgiref==3.8.1
async-timeout==4.0.2
attrs==21.4.0
backports.zoneinfo==0.2.1;python_version<"3.9"
bleach==5.0.1
blender-id-oauth-client @ git+https://projects.blender.org/infrastructure/blender-id-oauth-client.git@cca32643e5118f050b504d803c9ae79dc3fdf350
certifi==2022.6.15
clamd==1.0.2
charset-normalizer==2.1.0
click==8.1.3
colorhash==1.0.4
Django==4.2.11
dj-database-url==1.0.0
django-activity-stream==2.0.0
django-admin-rangefilter==0.8.5
django-background-tasks-updated @ git+https://projects.blender.org/infrastructure/django-background-tasks.git@1.2.9
django-compat==1.0.15
django-extended-choices==1.3.3
django-loginas==0.3.10
django-pipeline==2.0.8
django-taggit==3.0.0
django-waffle==4.1.0
djangorestframework==3.14.0
drf-spectacular==0.27.1
drf-spectacular-sidecar==2024.2.1
frozenlist==1.3.0
geoip2==4.6.0
h11==0.13.0
idna==3.3
Jinja2==3.1.2
jsmin==3.0.1
libsass==0.21.0
libsasscompiler==0.1.9
lxml==4.9.1
MarkupSafe==2.1.1
maxminddb==2.2.0
mistune==2.0.4
multidict==6.0.2
oauthlib==3.2.0
packaging==24.1
Pillow==9.2.0
python-ffmpeg==2.0.12
python-magic==0.4.27
requests==2.28.1
requests-oauthlib==1.3.1
semantic-version==2.10.0
sentry-sdk==1.9.5
six==1.16.0
sqlparse==0.4.2
toml==0.10.2
urllib3==1.26.11
webencodings==0.5.1
yarl==1.7.2
Reference in New Issue View Git Blame Copy Permalink