Headline
CVE-2022-41380: d8s-yaml
The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
Project description
Democritus Yaml
Democritus functions[1] for working with YAML.
[1] Democritus functions are simple, effective, modular, well-tested, and well-documented Python functions.
We use d8s (pronounced “dee-eights”) as an abbreviation for democritus (you can read more about this here).
Installation
pip install d8s-yaml
Usage
You import the library like:
from d8s_yaml import *
Once imported, you can use any of the functions listed below.
Functions
def yaml_files(path, *, include_yml_extensions: bool = False): “"".""”
def yaml_read(yaml_data: str): “"".""”
def is_yaml(possible_yaml_data: str) -> bool: “"".""”
def yaml_write(data: Json, **kwargs) -> str: “"".""”
def yaml_clean(yaml_data: str) -> str: “""Standardize the given yaml data.""”
def yaml_standardize(yaml_data: str) -> str: “""Standardize the given yaml data by reading and writing it.""”
def yaml_sort(yaml_data: str) -> str: “"".""”
Development
👋 If you want to get involved in this project, we have some short, helpful guides below:
- contribute to this project 🥇
- test it 🧪
- lint it 🧹
- explore it 🔭
If you have any questions or there is anything we did not cover, please raise an issue and we’ll be happy to help.
Credits
This package was created with Cookiecutter and Floyd Hightower’s Python project template.
Download files
Download the file for your platform. If you’re not sure which to choose, learn more about installing packages.
Source Distribution****Built Distribution