A tool for checking if release assets were modified after publication.
Project description
release_auditor
A tool for checking if GitHub release assets were modified after publication.
For more information, please read our blog post here.
Requirements
Python 3 is required and you can find all required modules in the requirements.txt file. Only tested on Python 3.7 but should work on other 3.x releases.
Installation
You can install this via PIP as follows:
pip install release_auditor
release_auditor --version
To download and run manually, do the following:
git clone https://github.com/nightwatchcybersecurity/release_auditor.git
cd release_auditor
pip install -r requirements.txt
python -m release_auditor.cli
How to use
This utility is intended to check if a GitHub release was modified afer publication. This utility will not check source code archives included with a release because they are immutable. It does two checks on release assets:
- Whether the asset was created/modified by someone else other than the release author.
- Whether the asset was created/modified after initial publication.
By default, the 5 most recent releases are checked and the time interval checked is 24 hours. You can override both via the "--max" and "--hours" options.
A non-zero error code will be returned after execution if any issues are found.
Additional options
By default, this utility accesses GitHub anonymously, which can result in API rate limiting. Consider running this less often or pass in a GitHub username/password/access token via the "--login_or_token" and "--password" parameters.
You can use this with self-hosted GitHub instances by passing the instance URL via the "--base-url" parameter. However, this has not been tested.
The "--verbose" option shows additional information during checking.
Example use
Run as following:
release_auditor github nightwatchcybersecurity/truegaze
The following results will be returned:
Retrieving repository and release information
Checking the first 5 releases
Checking release: Version 0.1.7 released
Checking release: Version 0.1.6 released
Checking release: Version 0.1.5 released
Checking release: Version 0.1.4 released
Checking release: Version 0.1.3 released
Development Information
Reporting bugs and feature requests
Please use the GitHub issue tracker to report issues or suggest features: https://github.com/nightwatchcybersecurity/release_auditor
You can also send emai to research /at/ nightwatchcybersecurity [dot] com
Wishlist
- Add unit tests
- TBD
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for release_auditor-0.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b61b6809a20424a2be4f03542ee3d80aef72d2b621dc51214d7d26088708664a |
|
| MD5 | aa6192873236ab237ad17398c27a37eb |
|
| BLAKE2b-256 | 72729e75398b7147380d2b09f7198814d9c6814d6605af97cb85b7d7838b32ad |
