Spectra Assure

warningRisk: Hardening

Scanned:

pywin32

Artifact:

latest

Top 1k

Python for Window Extensions

License: unknown

Published:

Visit GitHub

See on PyPI

SAFE Assessment

Compliance

Licenses

No license compliance issues

Secrets

No sensitive information found

Security

Vulnerabilities

No known vulnerabilities detected

Hardening

135 misconfigured toolchains detected

Threats

Tampering

No evidence of software tampering

Malware

No evidence of malware inclusion

List of software quality issues with the number of affected components.

Policies

Info

Problem

Security Development Lifecycle (SDL) is a group of enhanced compile-time checks that report common coding mistakes as errors. These checks prevent the use of hard-to-secure string manipulation functions. They enforce static memory access checks, and allow only the use of range-verified string parsing functions. While these checks do not prevent every memory corruption issue by themselves, they do help reduce the likelihood.

Prevalence in PyPI community

10 packages

found in

Top 100

45 packages

found in

Top 1k

247 packages

found in

Top 10k

4.13k packages

in community

Next steps

It's highly recommended to enable these checks for all software components used at security boundaries, or those that process user controlled inputs.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Security Development Lifecycle (SDL) is a group of enhanced compile-time checks that report common coding mistakes as errors, preventing them from reaching production. These checks minimize the number of security issues by enforcing strict memory access checks. They also prevent the use of hard-to-secure string and memory manipulation functions. To prove the binary has been compiled with these checks enabled, the compiler emits a special debug object. Removing the debug table eliminates this proof. Therefore, this check only applies to binaries that still have their debug tables.

Prevalence in PyPI community

12 packages

found in

Top 100

63 packages

found in

Top 1k

326 packages

found in

Top 10k

7.08k packages

in community

Next steps

You should keep the debug table to prove that the SDL process has been followed.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Security Development Lifecycle (SDL) is a group of enhanced compile-time checks that report common coding mistakes as errors. These checks prevent the use of hard-to-secure memory manipulation functions. They enforce static memory access checks, and allow only the use of range-verified memory access functions. While these checks do not prevent every memory corruption issue by themselves, they do help reduce the likelihood.

Prevalence in PyPI community

4 packages

found in

Top 100

45 packages

found in

Top 1k

242 packages

found in

Top 10k

5.25k packages

in community

Next steps

It's highly recommended to enable these checks for all software components used at security boundaries, or those that process user controlled inputs.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Software components contain executable code that performs actions implemented during its development. These actions are called behaviors. In the analysis report, behaviors are presented as human-readable descriptions that best match the underlying code intent. While most behaviors are benign, some are commonly abused by malicious software with the intent to cause harm. When a software package shares behavior traits with malicious software, it may become flagged by security solutions. Any detection from security solutions can cause friction for the end-users during software deployment. While the behavior is likely intended by the developer, there is a small chance this detection is true positive, and an early indication of a software supply chain attack.

Prevalence in PyPI community

20 packages

found in

Top 100

92 packages

found in

Top 1k

907 packages

found in

Top 10k

43.88k packages

in community

Next steps

Investigate reported detections.

If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.

You should delay the software release until the investigation is completed, or until the issue is risk accepted.

Consider rewriting the flagged code without using the marked behaviors.

Problem

Control Flow Guard (CFG/CFI) protects the code flow integrity by ensuring that dynamic calls are made only to vetted functions. Trusted execution paths rely on the ability of the operating system to build a list of valid function targets. Certain functions can intentionally be disallowed to prevent malicious code from deactivating vulnerability mitigation features. A list of such invalid function targets can include publicly exported symbols. Applications that enhance control flow integrity through export suppression rely on libraries to mark their publicly visible symbols as suppressed. This is done for all symbols that are considered to be sensitive functions, and to which access should be restricted. It is considered dangerous to mix applications that perform export suppression with libraries that do not.

Prevalence in PyPI community

30 packages

found in

Top 100

143 packages

found in

Top 1k

833 packages

found in

Top 10k

15.19k packages

in community

Next steps

To enable this mitigation on library code, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable CFG mitigation by passing the /guard:cf parameter to the compiler and linker.

Problem

Control Flow Guard (CFG/CFI) protects the code flow integrity by ensuring that indirect calls are made only to vetted functions. This mitigation protects dynamically resolved function targets by instrumenting the code responsible for transferring execution control. Higher-level programming languages implement structured exception handling by managing their own code flow execution paths. As such, they are subject to code flow hijacking during runtime. Language-specific exception handling mitigation enforces execution integrity by instrumenting calls to manage execution context switching. Any deviation from the known and trusted code flow paths will cause the application to terminate. This makes malicious code less likely to execute.

Prevalence in PyPI community

36 packages

found in

Top 100

164 packages

found in

Top 1k

932 packages

found in

Top 10k

17.86k packages

in community

Next steps

It's highly recommended to enable this option for all software components used at security boundaries, or those that process user controlled inputs.

To enable this mitigation, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable CFG mitigation by passing the /guard:cf parameter to the compiler and linker.

Problem

Control Flow Guard (CFG/CFI) protects the code flow integrity by ensuring that indirect calls are made only to vetted functions. This mitigation protects dynamically resolved function targets by instrumenting the code responsible for transferring execution control. Function pointers that get resolved through import and delayed import address tables do not need to be monitored during application runtime. Instead, it is expected that modern programming language toolchains place those pointers in read-only memory locations. However, the delayed import functions are resolved as they are needed during runtime. To ensure the function pointers remain read-only, the operating system must be made aware if it is safe to re-protect the memory pages that hold them. Modern toolchains typically separate import data from other application regions for this very reason.

Prevalence in PyPI community

1 packages

found in

Top 100

4 packages

found in

Top 1k

38 packages

found in

Top 10k

468 packages

in community

Next steps

To enable this mitigation, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable CFG mitigation by passing the /guard:cf parameter to the compiler and linker.

Problem

Operating systems allow multiple user accounts to coexist on a single computer system. Each registered user has identity information associated with their account. At the very least, user accounts consist of a user name and an optional password. In some cases, user account data may also include personally identifiable information. Extended personal information may include user's given and last name, their email and mailing address, personal photo and their telephone number. Financially motivated attackers may seek to collect personal information for purposes of selling the private data to a third-party. Malicious code that typically exhibits these behavior traits is commonly referred to as an information stealer. While the presence of code that accesses identity information does not necessarily imply malicious intent, all of its uses in a software package should be documented and approved. Accessing identity information is a very common behavior for software packages. One example of acceptable use for such functions is verifying that the active user has purchased a software license that allows them to run the application.

Prevalence in PyPI community

16 packages

found in

Top 100

113 packages

found in

Top 1k

669 packages

found in

Top 10k

19.67k packages

in community

Next steps

Investigate reported detections as indicators of software tampering.

Consult Mitre ATT&CK documentation: T1033 - System Owner/User Discovery.

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.

List of software quality issues with the number of affected components.

Policies

Info

Problem

Prevalence in PyPI community

10 packages

found in

Top 100

45 packages

found in

Top 1k

247 packages

found in

Top 10k

4.13k packages

in community

Next steps

It's highly recommended to enable these checks for all software components used at security boundaries, or those that process user controlled inputs.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Prevalence in PyPI community

12 packages

found in

Top 100

63 packages

found in

Top 1k

326 packages

found in

Top 10k

7.08k packages

in community

Next steps

You should keep the debug table to prove that the SDL process has been followed.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Prevalence in PyPI community

4 packages

found in

Top 100

45 packages

found in

Top 1k

242 packages

found in

Top 10k

5.25k packages

in community

Next steps

It's highly recommended to enable these checks for all software components used at security boundaries, or those that process user controlled inputs.

To enable these checks, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable this feature by setting the compiler option /SDL to ON.

Problem

Prevalence in PyPI community

20 packages

found in

Top 100

92 packages

found in

Top 1k

907 packages

found in

Top 10k

43.88k packages

in community

Next steps

Investigate reported detections.

If the software intent does not relate to the reported behavior, investigate your build and release environment for software supply chain compromise.

You should delay the software release until the investigation is completed, or until the issue is risk accepted.

Consider rewriting the flagged code without using the marked behaviors.

Problem

Prevalence in PyPI community

30 packages

found in

Top 100

143 packages

found in

Top 1k

833 packages

found in

Top 10k

15.19k packages

in community

Next steps

To enable this mitigation on library code, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable CFG mitigation by passing the /guard:cf parameter to the compiler and linker.

Problem

Prevalence in PyPI community

36 packages

found in

Top 100

164 packages

found in

Top 1k

932 packages

found in

Top 10k

17.86k packages

in community

Next steps

It's highly recommended to enable this option for all software components used at security boundaries, or those that process user controlled inputs.

To enable this mitigation, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable CFG mitigation by passing the /guard:cf parameter to the compiler and linker.

Problem

Control Flow Guard (CFG/CFI) protects the code flow integrity by ensuring that indirect calls are made only to vetted functions. This mitigation protects dynamically resolved function targets by instrumenting the code responsible for transferring execution control. Function pointers that get resolved through import and delayed import address tables do not need to be monitored during application runtime. Instead, it is expected that modern programming language toolchains place those pointers in read-only memory locations. However, the delayed import functions are resolved as they are needed during runtime. To ensure the function pointers remain read-only, the operating system must be made aware if it is safe to re-protect the memory pages that hold them. Modern toolchains typically separate import data from other application regions for this very reason.

Prevalence in PyPI community

1 packages

found in

Top 100

4 packages

found in

Top 1k

38 packages

found in

Top 10k

468 packages

in community

Next steps

To enable this mitigation, refer to your programming language toolchain documentation.

In Microsoft VisualStudio, you can enable CFG mitigation by passing the /guard:cf parameter to the compiler and linker.

Problem

Prevalence in PyPI community

16 packages

found in

Top 100

113 packages

found in

Top 1k

669 packages

found in

Top 10k

19.67k packages

in community

Next steps

Investigate reported detections as indicators of software tampering.

Consult Mitre ATT&CK documentation: T1033 - System Owner/User Discovery.

pywin32

SAFE Assessment

Compliance

Security

Threats

SQ14140Detected Windows executable files compiled without following the SDL best practices while using banned string functions.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in PyPI community

Next steps

SQ14138Detected Windows executable files that were compiled without following the recommended SDL process.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in PyPI community

Next steps

SQ14139Detected Windows executable files compiled without following the SDL best practices while using banned memory functions.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in PyPI community

Next steps

TH15103Detected presence of files with behaviors commonly used by malicious software.hunting

Problem

Prevalence in PyPI community

Next steps

SQ14125Detected Windows shared library files that do not suppress exports which reduces CFG vulnerability mitigation protection effectiveness.Causes risk: low priority mitigations absenthardening

Problem

Prevalence in PyPI community

Next steps

SQ14127Detected Windows executable files that do not implement long jump control flow vulnerability mitigation protection.Causes risk: low priority mitigations absenthardening

Problem

Prevalence in PyPI community

Next steps

SQ14128Detected Windows executable files that do not implement delayed import function hijacking mitigation protection.Causes risk: low priority mitigations absenthardening

Problem

Prevalence in PyPI community

Next steps

TH16126Detected presence of software components that can access user identity information.hunting

Problem

Prevalence in PyPI community

Next steps

Did you know...

SQ14140Detected Windows executable files compiled without following the SDL best practices while using banned string functions.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in PyPI community

Next steps

SQ14138Detected Windows executable files that were compiled without following the recommended SDL process.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in PyPI community

Next steps

SQ14139Detected Windows executable files compiled without following the SDL best practices while using banned memory functions.Causes risk: misconfigured toolchains detectedhardening

Problem

Prevalence in PyPI community

Next steps

TH15103Detected presence of files with behaviors commonly used by malicious software.hunting

Problem

Prevalence in PyPI community

Next steps

SQ14125Detected Windows shared library files that do not suppress exports which reduces CFG vulnerability mitigation protection effectiveness.Causes risk: low priority mitigations absenthardening

Problem

Prevalence in PyPI community

Next steps

SQ14127Detected Windows executable files that do not implement long jump control flow vulnerability mitigation protection.Causes risk: low priority mitigations absenthardening

Problem

Prevalence in PyPI community

Next steps

SQ14128Detected Windows executable files that do not implement delayed import function hijacking mitigation protection.Causes risk: low priority mitigations absenthardening

Problem

Prevalence in PyPI community

Next steps

TH16126Detected presence of software components that can access user identity information.hunting

Problem

Prevalence in PyPI community

Next steps