guarddog icon indicating copy to clipboard operation
guarddog copied to clipboard
verified publisher icon DataDog

Identify suspicious version numbers

Open christophetd opened this issue 1 year ago • 5 comments

Such as 999.9.9, very large numbers (more than 4 digits without a dot)

christophetd avatar Dec 18 '24 14:12 christophetd

This would match year-based versioning, no? 2024.12?

Taiki-San avatar Dec 18 '24 14:12 Taiki-San

I'm not so sure about this one, I don't see how this could determine if a package is malicious or risky based on this

sobregosodd avatar Dec 18 '24 15:12 sobregosodd

Probably 5-6 digits then. Need to check the data, but I doubt we have a lot of legit packages with a single version numbered 9999999999

christophetd avatar Dec 18 '24 15:12 christophetd

Let's look at the data first, I've seen several legit packages with date-like versioning, and non other semver approaches. If we consider it makes sense, we should replace release_zero

sobregosodd avatar Dec 19 '24 08:12 sobregosodd

If the concern is the FP Lets run query against our DB and check the result.

netcode avatar Dec 23 '24 08:12 netcode