autoboya

v0.1.5 suspicious
7.0
High Risk

北航博雅 WebVPN 命令行工具,支持课程缓存、自主签到课程自动选课、签到与签退

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits several concerning behaviors including network risks, shell execution capabilities, obfuscation techniques, and potential credential harvesting, indicating a high level of suspicion.

  • network risk due to HTTP client usage
  • shell execution capability via subprocess.Popen
  • potential credential harvesting using keyring
Per-check LLM notes
  • Network: The package uses HTTP clients with options to follow redirects and potentially use a VPN, which could be used for legitimate purposes but also raises concerns about data exfiltration.
  • Shell: The presence of subprocess.Popen indicates the ability to execute shell commands, which can be a red flag for potential backdoor activities or unauthorized command execution.
  • Obfuscation: The use of AES encryption and Base64 encoding suggests an attempt at obfuscation or secure data handling, but the incomplete and suspicious context raises concerns.
  • Credentials: The import of 'keyring' and attempts to retrieve passwords indicate potential credential harvesting, especially given the presence of error handling that could mask failed retrievals.
  • Metadata: The author has only one package, which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 13 test file(s) found

  • Test runner config found: pyproject.toml
  • 13 test file(s) detected (e.g. test_auth.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4791 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 158 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 20 commits in DeNeRATe-cool/AutoBoya
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • self.client = http_client or httpx.Client(timeout=25, follow_redirects=False) self.use_vpn = u
  • self.client = http_client or httpx.Client(timeout=25, follow_redirects=True) self.use_vpn = us
  • ) -> httpx.Client: return httpx.Client( timeout=25, follow_redirects=follow_redirec
  • mp_path), http_client=httpx.Client(transport=httpx.MockTransport(handler)), ) with pyt
  • mp_path), http_client=httpx.Client(transport=httpx.MockTransport(handler), follow_redirects=Fal
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • ads(text) encrypted = base64.b64decode(encoded) decryptor = Cipher(algorithms.AES(self.key)
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ssion"] = True return subprocess.Popen(args, **kwargs) @app.command(help="请求停止后台自动化循环。") def stop
Credential Harvesting score 5.0

Found 2 credential access pattern(s)

  • mport keyring return keyring.get_password("autoboya", username) except Exception: return N
  • ("\n") if password_stdin else getpass.getpass("Password: ") password_ref = "keyring" unsafe = Fals
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository DeNeRATe-cool/AutoBoya appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "DeNeRATe-cool" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with autoboya 
Create a fully-functional mini-application named 'AutoBayaScheduler' using the Python package 'autoboya'. This application will serve as a comprehensive tool for managing student activities through the Beihang University's BoYa WebVPN system. The primary goal of AutoBayaScheduler is to streamline the process of course management, including course selection, attendance tracking, and automatic sign-in and sign-out functionalities. Here’s a detailed breakdown of the steps and features to include:

1. **User Authentication**: Implement a secure login mechanism to authenticate users against the Beihang University's BoYa WebVPN system. Utilize the 'autoboya' package to handle the authentication process.
2. **Course Cache Management**: Integrate the course cache feature from 'autoboya' to allow users to view their cached courses and update them if necessary. Ensure the application can download and display course details such as course name, instructor, and schedule.
3. **Automatic Course Selection**: Develop an automated course selection module that leverages the capabilities of 'autoboya' to select courses based on user preferences or predefined criteria. This feature should prioritize available slots and automatically enroll the user in selected courses.
4. **Attendance Tracking**: Incorporate a feature that tracks attendance for each class using the sign-in and sign-out functionalities provided by 'autoboya'. The application should log attendance records and notify users about missed classes or upcoming deadlines.
5. **Notifications and Reminders**: Set up a notification system within the application to remind users about upcoming classes, due assignments, and important dates. Notifications should be customizable and can be sent via email or push notifications.
6. **User Interface**: Design a clean and intuitive user interface that allows easy navigation through different functionalities. The UI should be responsive and accessible across various devices.
7. **Data Security**: Ensure all data handled by the application, especially user credentials and personal information, is securely stored and transmitted. Use best practices in data security and encryption.
8. **Documentation and Support**: Provide comprehensive documentation for both end-users and developers, explaining how to install, configure, and use the application effectively. Include FAQs and a support channel for users encountering issues.

By following these guidelines, you will create a robust and user-friendly application that significantly enhances the efficiency and convenience of managing academic activities at Beihang University.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!