Skip to content

python-magic

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

python-magic

README.md

Python-Magic

Supported features

Extracting PyInstaller executables

Extracts the content of PyInstaller executables using pyinstxtractor-ng, and by default try to avoid extracting common files like linked libraries, additional packages, built-ins, PyInstaller hooks etc.

Submission params:

  • extract_all: Extract all files from the PyInstaller executable (default: False, the same as performing a deep scan)
  • extract_pyz_content: Extract the content of the PYZ archives (default: False)

Service config:

  • MAX_EXTRACTED - limit the number of extracted files; the effective value is a limit of this and the system provided value.

Detecting overwriting popular packages paths

Service contains a list of installation paths used by more or less popular PyPI packages. If the package declares an installation that may overwrite one of these paths, it will be reported as suspicious.

As it may cause false positives (e.g. for packages with plugins or with source code distributions, where determining paths is not trivial), there are two ways to control the behaviour:

  • Add the directory to the POPULAR_PATHS_TO_IGNORE config option to ignore it completely.
  • Add the signature generated by the service to the safelist. Signatures are dynamically generated and included each time the heuristic is triggered. They look like PythonMagic.override_popular_path.<DIR>.<PACKAGE>, e.g. PythonMagic.override_popular_path.google.examplepkg; once safelisted, it will ignore the given directory for the given package.

Submission params:

  • check_conflicting_package_directories - whether to check for conflicting package directories (default: False)

Service config:

  • POPULAR_PATHS_TO_IGNORE - directories that should be ignored when checking for conflicting package directories.
  • MIN_DOWNLOADS_TO_WARN - when analysing directories, warn only if potentially overwriting a directory from a package with at least this many downloads. Note that download stats are not regularly updated.

Decompyling Python bytecode

Note

This feature has been removed as the official Extract service now supports decompiling Python bytecode. It may come back to decompile marshalled Python bytecode in the future.

Decompyling Python bytecode (.pyc) using Decompyle++