PyPI feature automatically executes code after Python package download

In another finding that could put developers at increased risk of a supply chain attack, it emerged that almost a third of PyPI’s packages, the Python Package Index, trigger automatic code execution when of their download.

“A disturbing feature of pip/PyPI allows code to run automatically when developers simply download a package,” said Yehuda Gelb, researcher at Checkmarx. said in a technical report published this week.

“Furthermore, this feature is alarming because a large portion of the malicious packages we find in the wild use this code execution feature upon installation to achieve higher infection rates.”

One of the ways packages can be installed for Python is by running the “install pip“, which, in turn, calls a file called “” that comes with the module.

cyber security

“”, as its name suggests, is a setup script which is used to specify metadata associated with the package, including its dependencies.

While threat actors have resorted to embedding malicious code in the file, Checkmarx found that adversaries could achieve the same goals by executing what is known as a “pip download” ordered.

“pip download performs the same resolve and download as pip install, but instead of installing dependencies, it collects downloaded distributions from the provided directory (by default from the current directory),” the documentation says.

PyPi Code Execution

In other words, the command can be used to download a Python package without having to install it on the system. But it turns out that running the download command also runs the aforementioned “” script, causing the malicious code it contains to execute.

However, it should be noted that the problem only occurs when the package contains a tar.gz file instead of a wheel (.whl) file, which “cuts the execution of ‘’ from the equation”.

“Developers who choose to download, instead of install packages, reasonably expect that no code will run on the machine while downloading the files,” Gelb noted, calling him a design problem rather than a bug.

Although pip defaults to using wheels instead of tar.gz files, an attacker could take advantage of this behavior to intentionally release python packages without a .whl file, leading to the execution of malicious code present in the setup script.

cyber security

“When a user downloads a python package from PyPi, pip will preferably use the .whl file, but fall back to the tar.gz file if the .whl file is missing,” Gelb said.

The findings come as the US National Security Agency (NSA), along with the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (ODNI), published guidance to secure the software supply chain.

“As the cyber threat continues to grow more sophisticated, adversaries have begun attacking the software supply chain, rather than relying on publicly known vulnerabilities,” the agency said. said. “Until all DevOps are DevSecOps, the software development lifecycle will be at risk.”

Comments are closed.