access-moppy

v1.3.0b0 suspicious
6.0
Medium Risk

ACCESS Model Output Post-Processor, maps raw model output to CMIP-style defined variables and produce post-processed output using CMOR3

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks due to its use of shell commands and dynamic code evaluation, raising suspicion about its true intentions. While there is no clear evidence of malicious activity, the overall pattern of behavior is concerning.

  • High shell risk due to file operations and command executions
  • Obfuscation through eval() usage, potentially allowing for code injection
Per-check LLM notes
  • Network: The network calls are likely related to fetching data from external sources and may be part of the package's intended functionality.
  • Shell: The shell execution patterns raise concerns as they involve copying files and running system commands which could indicate unintended behavior or potential security risks.
  • Obfuscation: The use of eval() with dynamically generated variables is highly suspicious and suggests an attempt to obfuscate code execution.
  • Credentials: No clear evidence of credential harvesting was found, but the presence of eval() calls could potentially be exploited for such purposes.
  • Metadata: The maintainer's information is incomplete and the absence of a Git repository is concerning.

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • with requests.get(URL, stream=True) as response: r
  • s_moppy") response = requests.get(_PYPI_URL, timeout=5) response.raise_for_status()
  • ] ] response = requests.get(tmp[0][1]) versionHistory = json.loads(response.text)
  • request_object = requests.get(CITATION_DATA_SOURCE.format(source_id)) # If re
  • id.json", ] ] response = requests.get(tmp[0][1]) vars()[tmp[0][0]] = json.loads(response.text) exp
⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • e_id"]: dictToClean = eval(jsonName) # for key, value in dictToClean.iteritems(
  • se.text) vars()[target] = eval(target).get(jsonName) # Fudge to extract duplicate level
  • Test for updates # print(eval(target)) # print(eval(jsonName)) # print('---')
  • int(eval(target)) # print(eval(jsonName)) # print('---') # print(platform.python_ve
  • vars()[testVal] = not (eval(target) == eval(jsonName)) # Py3 # print(platform.p
  • stVal] = not (eval(target) == eval(jsonName)) # Py3 # print(platform.python_version())
⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • cnt, timeTaken) # os.system("cp 220220_CMIP6-CMIP_metaData.json dupe.json")
  • """ try: result = subprocess.run( # noqa: S603 # nosec B603 ["qstat", "-fx", st
  • try: tail = subprocess.run( # noqa: S603 # nosec B603 ["tail", "-20",
  • satisfy security scanners subprocess.Popen( # noqa: S603 # nosec B603 [ STREAMLIT
  • ity scanners result = subprocess.run( # noqa: S603 # nosec B603 [QSUB_EXECUTABLE, s
  • result = subprocess.run( # noqa: S603 # nosec B603 [
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: anu.edu.au>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

No GitHub repository linked

  • No GitHub repository link found
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with access-moppy 
Create a climate data analysis tool that leverages the 'access-moppy' Python package to process and analyze raw climate model outputs. Your application should enable users to upload raw model outputs, select specific variables of interest, and apply post-processing techniques to generate CMIP6-compliant datasets. Here’s a detailed breakdown of the requirements:

1. **User Interface**: Develop a simple web-based UI where users can upload their raw climate model outputs. The interface should also allow them to specify which variables they want to focus on from the uploaded data.
2. **Data Processing**: Utilize 'access-moppy' to map these raw outputs into CMIP6-defined variables. This involves understanding the structure of the raw data and translating it according to CMOR3 standards.
3. **Post-Processing**: Implement various post-processing methods such as bias correction, re-gridding, and normalization using functionalities provided by 'access-moppy'. These processes should enhance the quality and usability of the climate data.
4. **Visualization**: Integrate a visualization component that allows users to explore the processed data through interactive charts and maps. Users should be able to see changes over time, geographical distributions, etc.
5. **Export Functionality**: Provide an option for users to download the processed data in standard formats like NetCDF or CSV.

Suggested Features:
- Support for multiple climate models and their respective raw data formats.
- Detailed documentation explaining each step of the processing pipeline.
- Integration with cloud storage services for large datasets.
- Real-time feedback during the processing phase to inform users about progress.

Your task is to design and implement this application in a way that showcases the power and flexibility of 'access-moppy', making complex climate data more accessible and understandable.