package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard
verified publisher icon ossf

Support Python packages that aren't on PyPI

Open maxfisher-g opened this issue 2 years ago • 2 comments

Packages such as https://github.com/ytisf/PyExfil have not been updated on PyPI and the current installation instructions recommend cloning from GitHub and running pip setup.py install. It would be nice if we could support analysis of Python packages with this kind of installation flow.

It's also released as a .zip file with a nonstandard structure

maxfisher-g avatar Jun 08 '23 00:06 maxfisher-g

pip setup.py install is not a valid command. Usually pip install git+https://github.com/ytisf/PyExfil.git should work if the package needs to be installed from GitHub. This command will install it directly without needing to clone and run install commands manually.

dukecat0 avatar Jun 20 '23 06:06 dukecat0

Good point @dukecat0. I guess in general it would be nice to be able to override the install command in certain cases. This will be enabled by #301 (i.e. copying the analyze script into the sandbox at runtime rather than embedding it into the sandbox image)

maxfisher-g avatar Jun 20 '23 06:06 maxfisher-g