Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Project dependencies may have API risk issues #11

Open
PyDeps opened this issue Oct 26, 2022 · 0 comments
Open

Project dependencies may have API risk issues #11

PyDeps opened this issue Oct 26, 2022 · 0 comments

Comments

@PyDeps
Copy link

PyDeps commented Oct 26, 2022

Hi, In msdat, inappropriate dependency versioning constraints can cause risks.

Below are the dependencies and version constraints that the project is using

cython
colorlog
termcolor
pymssql
argparse
python-libnmap
argcomplete

The version constraint == will introduce the risk of dependency conflicts because the scope of dependencies is too strict.
The version constraint No Upper Bound and * will introduce the risk of the missing API Error because the latest version of the dependencies may remove some APIs.

After further analysis, in this project,
The version constraint of dependency cython can be changed to ==3.0.0a10.
The version constraint of dependency colorlog can be changed to >=0.1,<=0.4.
The version constraint of dependency colorlog can be changed to >=1.4,<=1.8.
The version constraint of dependency colorlog can be changed to >=6.3.0a1,<=6.6.0.
The version constraint of dependency argparse can be changed to >=1.2.1,<=1.4.0.
The version constraint of dependency argcomplete can be changed to >=0.1.7,<=0.7.1.

The above modification suggestions can reduce the dependency conflicts as much as possible,
and introduce the latest version as much as possible without calling Error in the projects.

The invocation of the current project includes all the following methods.

The calling methods from the cython
queue.Queue
The calling methods from the colorlog
colorlog.ColoredFormatter
The calling methods from the argparse
argparse.ArgumentParser
argparse.ArgumentParser.parse_args
argparse.HelpFormatter
argparse.ArgumentParser.add_subparsers
The calling methods from the argcomplete
argcomplete.autocomplete
The calling methods from the all methods
iw.r.update
self.__saveThisLoginInFileIfNotExist__
self.args.close
Xpcmdshell.testAll
functools.reduce
next
LAST_RUN_OUTCOME.items
self.readFile
self.useThisDB
map
productVersion.append
self.tryToCaptureASmbAuthentication
search.searchInColumnNames.add_rows
argparse.ArgumentParser.testAll
self.nb.get
self.header
R_SHELL_COMMAND_POWERSHELL_PAYLOAD.format
marked_width.m.rjust
socket.socket.connect
MssqlInfo.__getRemoteVersionThroughSQLServerBrowser__
TrustworthyPE.testAll
os.popen.read.split
Jobs.getInteractiveReverseShell
self.REQ_EXEC_SYS_CMD.format
aRawData.base64.b64encode.decode.remoteFilePath.PS_CMD_WRITE_CREATE.format.replace.replace
Search
self.captureSMBAuthenticationViaXpDirtree
accounts.append
pymssql.connect
self.fd.write
join
Passwordstealer
self.getUsernamesViaSuserName
getHostsFromFile.append
self._splitit
self.REQ_OPENROWSET_REMOTE_CONNECTION.format
ScanPorts.scanAPort
socket.inet_aton
base64.b64encode
re.findall
bulkOpen.searchValideAccounts.append
self.reset
TrustworthyPE.TrustworthyPE.connect
BulkOpen.readFileViaOpenRowSet
self.REQ_READ_FILE.format
BulkOpen.remoteConnectionWithOpenrowset
self.__getUsernames__
Jobs.Jobs.testAll
Utils.generateUniqueName
math.ceil
self.writeFileBinary
_thread.exit
OleAutomation.putFile
bytes.fromhex
os.walk
usern.lower
hasattr
self.__getAnExampleOfValueForAColumn__
anAccount.startswith
threading.Thread.start
ports.split.append
self.set_chars
cells.append
self.args.execute
data.str.split
self.REQ_SMB_AUTHENTICATION_VIA_XP_FILEEXIST.format
self.isFileExistViaXpFileexist
XpDirectory.listFilesViaXpDirtree
logging.getLogger.setLevel
signal.signal
self.execSP
self.waitSomeSecs
self._check_align
XpDirectory.isFileExistViaXpFileexist
datetime.datetime.now.strftime
range
self.REQ_GET_COLUMNS_IN_TABLES.format
argparse.HelpFormatter
SMBAuthenticationCapture.captureSMBAuthenticationViaXpGetFileDetails
self.update
maxvalue.ETA.Bar.Percentage.ProgressBar.start
queue.Queue
repr
UsernameLikePassword.tryUsernameLikePassword
args.badNews
os.path.join
BulkOpen.closeConnection
isinstance
search.searchInColumnNames.draw
self.getJobs
self._compute_cols_width
Search.searchInColumnNames
PS_CMD_WRITE_CREATE.format
re.compile.match
usern.upper
self.REQ_USE_THIS_DB.format
marked_width.m.ljust
Jobs.testAll
XpDirectory.closeConnection
self.__getRemoteVersionThroughTDSResponse__
ScanPorts.scanAPort.start
currentFile.lower.endswith
threading.Thread.__init__
argparse.ArgumentParser.parse_args
re.compile.sub.extend
dict.badNews
Jobs.createAndExecuteJob
Utils.getStandardBarStarted
e.replace
argparse.ArgumentParser
self._has_border
logging.StreamHandler
Search.closeConnection
NC_CMD.format
self.marker.update
OleAutomation.OleAutomation
OleAutomation.getFile
self.stealHashedPasswords
self._format_marker
BulkOpen.readFileViaBulkinsert
strg.replace.replace
logging.StreamHandler.setFormatter
type
self.getCompleteVersion
os.popen
resultsToTable.append
ArraySizeError
self._hline
XpDirectory.testAll
anAccountIsGiven
fcntl.ioctl
getScreenSize
parser.parse_args.func
oleAutomation.putFile.encode
sorted
search.searchInColumnNames.count
runBulkInsertForGet
self.listDrivesViaXpAvailableMedia
datetime.datetime.now
runBulkInsertForRead
checkOptionsGivenByTheUser
BulkOpen
Utils.getPSReverseShellCodeEncoded
Passwordstealer.printPasswords
self.listDirectoriesViaXpSubdirs
self._build_hline
logging.info
Xpcmdshell.uploadFileWithPowershell
BulkOpen.searchValideAccounts
aRawData.base64.b64encode.decode
XpDirectory.createSubDiViaXpCreateSubdir
PasswordGuesser.searchValideAccounts
self.REQ_EXEC_SP_FOR_PE.format
max
ValueError
self.deleteSP
self._rows.append
self.__createJob__
self.readFileViaOpenRowSet
socket.socket.sendall
configureLogging
self.REQ_EXEC_JOB.format
OleAutomation.readFile
threading.Thread
UsernameLikePassword
argparse.ArgumentParser.add_subparsers
strg.replace
self.createAndExecuteJob
self._has_vlines.join
self.remoteConnectionWithOpenrowset
main
R_SHELL_COMMAND_POWERSHELL.format
MssqlInfo.returnPrintableStringFromDict
Percentage
ansi_keep.pop
self.__setJob__
self._has_hlines
parser.add_subparsers.add_parser
self._format_line
self.handle_resize
self.executeRequest
self.allUsernames.append
Search.isEmptyTable
re.compile.sub
Passwordstealer.stealHashedPasswords
self.__getJobStatusValue__
cleanString
pbar.percentage
time.time
format
Jobs.getJobStatus
argcomplete.autocomplete
BulkOpen.scanPortsWithOpenrowset
Jobs.printJobs
self._has_header
selectData.append
self.executeCmd
socket.socket
self.args.fetchall
Xpcmdshell.Xpcmdshell.testAll
struct.pack
self.tryPE
results.insert
self._len_cell
Utils.getScreenSize
range.append
Xpcmdshell.enableXpcmdshell
self.REQ_DROP_TABLE.format
texttable.Texttable.add_rows
getHostsFromFile
self.REQ_WRITE_FILE.format
OleAutomation.connect
enumerate
BulkOpen.getFileViaOpenRowSet
self.queueLock.acquire
self._check_row_size
OleAutomation.getInteractiveReverseShell
TrustworthyPE.TrustworthyPE
os.remove
self.OUTPUT_FORMAT_XP_DIRTREE.format
aHost.cleanString.split
self.VERSIONS.items
Passwordstealer.testAll
dict.bigTitle
self.__getAccounts__
self.nb.get.put
BulkOpen.disableAdHocDistributedQueries
self.getStandardBarStarted
anAccount.hex
print
self.args.title
Passwordstealer.closeConnection
self.__dropSysadminPriv__
self.captureSMBAuthenticationViaXpFileexist
texttable.Texttable.set_deco
self.isThe2005Version
pbar.update
SMBAuthenticationCapture.SMBAuthenticationCapture
strg.replace.replace.replace
re.compile
Xpcmdshell.closeConnection
socket.gethostbyname
utf16LEPayloadBytes.base64.b64encode.decode
MssqlInfo
list
self.getJobStatus
termcolor.colored
array.array
subparsers.add_parser.set_defaults
Mssql.Mssql
R_SHELL_COMMAND_POWERSHELL_PAYLOAD.format.encode
sys.exit
self.portStatusQueue.put
libnmap.parser.NmapParser.parse_fromfile
iter
runAllModules
self.output.printOSCmdOutput
PS_CMD_WRITE_APPEND.format
Mssql.Mssql.connect
Jobs
self.REQ_GET_COLUMNS_IN_VIEWS.format
values.append
self.REQ_XPCMDSHELL_CMD.format
open.write
self.__askToTheUserIfNeedToContinue__
UsernameLikePassword.runUsernameLikePassword
zip
line_wrapped.append
passwords.append
self.REQ_BULK_INSERT.format
anOperationHasBeenChosen
XpDirectory
runPasswordGuesserModuleOnAHost
Xpcmdshell.connect
str
Utils.ipOrNameServerHasBeenGiven
aRawData.base64.b64encode.decode.remoteFilePath.PS_CMD_WRITE_CREATE.format.replace
open
connectionInformation.keys
os.path.dirname
XpDirectory.connect
sys.stderr.write
Passwordstealer.Passwordstealer.testAll
TrustworthyPE.cleanPE
self.accounts.append
Exception.__init__
float
self.disableXpcmdshell
Jobs.Jobs
w.update
OleAutomation
Utils.databaseHasBeenGiven
OleAutomation.OleAutomation.testAll
Xpcmdshell.getInteractiveShell
texttable.Texttable
self.REQ_WRITE_FILE_BINARY.format
self.getRemoteDatabaseVersion
len
Utils.cleanString
Passwordstealer.Passwordstealer
self._str
dict
anAccount.endswith
self.REQ_XP_FILEEXIST.format
self.__dropTable__
args.title
Xpcmdshell.disableXpcmdshell
self.enableAdHocDistributedQueries
logging.getLogger
logging.critical
SMBAuthenticationCapture.captureSMBAuthenticationViaXpDirtree
SMBAuthenticationCapture.testAll
self.readFileViaBulkinsert
itertools.zip_longest
self.REQ_DROP_PRIV.format
OleAutomation.writeFile
portsQueue.join
int
SMBAuthenticationCapture.tryToCaptureASmbAuthentication
optik.textwrap.wrap
databases.append
currentFile.lower
Search.connect
args.goodNews
validAccountsList.items
r.append
Xpcmdshell.Xpcmdshell
time.strftime
ProgressBar
self.queueLock.release
self.__getRemoteVersionThroughSQLServerBrowser__
self.OUTPUT_MEDIA.format
self.isThe2012Version
open.read
self.REQ_STEP_JOB.format
input
self.disableAdHocDistributedQueries
PasswordGuesser.PasswordGuesser.searchValideAccounts
self.__searchPatternInColumnNamesOfViews__
SMBAuthenticationCapture
SMBAuthenticationCapture.SMBAuthenticationCapture.testAll
self.portsQueue.empty
input.lower
self.__searchPatternInColumnNamesOfTables__
OleAutomation.disableOLEAutomationProcedures
XpDirectory.XpDirectory
validAccounts.append
self.nb.put
socket.socket.recv
self.__createStoredProcToPE__
self.isCurrentUserSysadmin
self.format_time
self.__getPasswords__
TrustworthyPE.TrustworthyPE.testAll
argparse.ArgumentParser.add_argument
self.captureSMBAuthenticationViaXpGetFileDetails
self.createSubDiViaXpCreateSubdir
search.searchInColumnNames.set_deco
self._format_widgets
XpDirectory.listDrivesViaXpAvailableMedia
self.REQ_XP_CREATE_SUBDIR.format
self.__addJob__
OleAutomation.closeConnection
self.getCurrentUser
self.__isFileNotExist__
time.sleep
socket.socket.settimeout
OleAutomation.testAll
self.pbar.update
self.isThe2008Version
self.scannerObject.remoteConnectionWithOpenrowset
ScanPorts.ScanPorts.printScanPortResults
self.__execJob__
Utils.getBinaryDataFromFile
args.subtitle
BulkOpen.BulkOpen.testAll
self.REQ_CREATE_TABLE.format
runBulkInsertForGet.encode
socket.socket.sendto
ports.split
self.executeSysCmd
re.compile.sub.split
self.REQ_ADD_JOB.format
l.replace.replace.replace
self.__loadCompleteVersionIfNeed__
status.str.replace
BulkOpen.testAll
Xpcmdshell
args.unknownNews
portsQueue.put
l.cleanString.split
mssqlRawData.rfind
self._splitit.split
TrustworthyPE.isCurrentUserSysadmin
Utils.putDataToFile
self.__delJob__
hfill_inds.append
aRawData.base64.b64encode.decode.remoteFilePath.PS_CMD_WRITE_APPEND.format.replace
SMBAuthenticationCapture.captureSMBAuthenticationViaXpFileexist
self.REQ_GET_VALUE_IN_COLUMN.format
self.percentage
OleAutomation.executeSysCmd
PasswordGuesser.getHostsFromFile
self.__loadAllUsernames__
Output.Output
self.REQ_SMB_AUTHENTICATION_VIA_XP_GETFILEDETAILS.format
self.REQ_CREATE_JOB.format
self.add_row
open.readlines
self._hline_header
self.__getTrustworthyDBs__
aService.service.lower
Passwordstealer.connect
self.enableXpcmdshell
open.close
XpDirectory.listDrivesViaXpFixedDrives
ScanPorts.ScanPorts.scanTcpPorts
self._draw_line
BulkOpen.BulkOpen.closeConnection
threading.Lock
BulkOpen.enableAdHocDistributedQueries
self.REQ_SMB_AUTHENTICATION_VIA_XP_DIRTREE.format
self._format_widgets.join.ljust
self.args.cursor
self.REQ_XP_SUBDIRS.format
Bar
Utils.checkOptionsGivenByTheUser
logging.Formatter
self.args.unknownNews
OleAutomation.enableOLEAutomationProcedures
time.gmtime
validUsers.append
SMBAuthenticationCapture.connect
Utils.getCredentialsFormated
Jobs.connect
ScanPorts.ScanPorts
self.OUTPUT_DRIVES.format
self.__createTable__
self._need_update
struct.unpack
self.__getJobStatus__
database.connectionInformation.append
BulkOpen.BulkOpen
self.writeFile
UsernameLikePassword.connect
os.path.isfile
os.path.isdir
ansi_keep.append
self.REQ_XP_DIRTREE.format
dict.title
self.REQ_STORED_PROC_TO_SYSADMIN.format
dict.goodNews
logging.debug
self.args.badNews
MssqlInfo.__getRemoteVersionThroughTDSResponse__
os.path.abspath
self.isThe2000Version
self.REQ_GET_STATUS.format
dict.items
self.REQ_OPENROWSET.format
ipOrNameServerHasBeenGiven
XpDirectory.listDirectoriesViaXpSubdirs
BulkOpen.connect
certificateBasedSQLServerLogins.append
l.replace.replace
pbar.finish
self.REQ_READ_LINES.format
self.cleanPE
TrustworthyPE.tryPE
ports.isdigit
os.mkdir
self.isThe2014Version
self._has_vlines
self.enableOLEAutomationProcedures
Utils.cleanString.replace
runOpenRowSetForGet
self.listDrivesViaXpFixedDrives
Utils.ErrorClass
self.REQ_IS_A_VALID_USERNAME.format
logging.getLogger.addHandler
TrustworthyPE.connect
TrustworthyPE
input.replace
ETA
parser.parse_args._get_kwargs
self.REQ_DEL_PROC.format
f.read.encode
self.REQ_DEL_JOB.format
random.randrange
list.extend
self.args.autocommit
cleanList.append
self.args.goodNews
aDictionary.items
aRawData.base64.b64encode.decode.remoteFilePath.PS_CMD_WRITE_APPEND.format.replace.replace
logging.warning
self.listFilesViaXpDirtree
self.args.subtitle
self.portsQueue.get
self.__getProductNameFromVersion__
BulkOpen.getFileViaBulkinsert
PasswordGuesser
self.REQ_GET_USERNAME.format
x.encode
askToContinue
colorlog.ColoredFormatter
SMBAuthenticationCapture.closeConnection
logging.error
iterable.__len__
Mssql.Mssql.__init__
runOpenRowSetForRead
PasswordGuesser.PasswordGuesser
self.portsQueue.task_done
os.popen.read
Mssql.Mssql.closeConnection
Passwordstealer.credentialsAreEmpty
texttable.Texttable.draw
usernames.append
subprocess.call

@developer
Could please help me check this issue?
May I pull a request to fix it?
Thank you very much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant