avisdk

v32.1.1 suspicious
6.0
Medium Risk

Avi python API SDK for Avi Controller REST API with samples and, utilities

🤖 AI Analysis

Final verdict: SUSPICIOUS

The avisdk package exhibits high network and shell execution risks, indicating potential vulnerabilities that could be exploited in a supply-chain attack. Further investigation is necessary to confirm its legitimacy and security practices.

  • Unverified HTTPS connections
  • Execution of shell commands
Per-check LLM notes
  • Network: Unverified HTTPS connections can pose security risks, potentially leading to man-in-the-middle attacks.
  • Shell: Executing shell commands within the package might indicate an attempt to gather system information, which could be used for nefarious purposes.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The use of getpass indicates interaction with user credentials, which could be legitimate but requires further review to ensure proper handling and security practices.
  • Metadata: The author has only one package, which may indicate a new or less active account, but there are no other suspicious flags.

📦 Package Quality Overall: Low (3.0/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
○ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 100 commits in vmware/alb-sdk
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • controller_session = requests.Session() controller_session.verify = False saml_con
  • session idp_session = requests.Session() saml_request_match = re.search(WS1loginSAMLApiSess
  • session idp_session = requests.Session() saml_request_match = re.search(OneloginSAMLApiSess
  • oup(1) idp_session = requests.Session() idp_session.verify = False saml_data = url
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • ated with VM""" ips = subprocess.getoutput('hostname -I') return ips.split(' ') def __get_
Credential Harvesting score 10.0

Found 4 credential access pattern(s)

  • d: password = getpass.getpass('Password for %s@%s:' %
  • password2 = getpass.getpass('Password for %s@%s:' %
  • passphrase = getpass.getpass('Passphrase for cert '
  • sword: password = getpass.getpass('Password for %s@%s:' %
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: avinetworks.com

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository vmware/alb-sdk appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Avi Networks" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with avisdk 
Create a comprehensive mini-application using the 'avisdk' Python package that allows users to manage their Avi Controller services more efficiently. Your application should enable users to perform the following actions:

1. List all virtual services deployed on the Avi Controller.
2. Create a new virtual service with specified parameters such as name, IP address, and port number.
3. Modify an existing virtual service's configuration (e.g., changing its IP address or port).
4. Delete a virtual service from the Avi Controller.
5. Retrieve detailed information about a specific virtual service.
6. Enable or disable a virtual service based on user input.

The application should provide a simple command-line interface where users can select options from a menu to execute these actions. Each action should validate inputs to ensure they are correct and provide appropriate error messages if something goes wrong.

Additionally, include a feature to save and load configurations from a local file for easy management of changes without needing to interact with the Avi Controller directly every time.

Use the 'avisdk' package's core functionalities to interact with the Avi Controller's REST API. This includes using its classes and methods to authenticate with the controller, retrieve information, and send commands to modify services. Ensure your code is well-documented and follows best practices for Python development.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!