Skip to content

[Bug] - [Analysis fails on PyPI package with special file] #1202

New issue
New issue
Closed
#1206
Closed
[Bug] - [Analysis fails on PyPI package with special file]#1202
#1206
Assignees
art1f1c3R
Labels
bugSomething isn't workingmalware analysisThe issues related to malware analysis
@behnazh-w

Description

@behnazh-w
behnazh-w
opened on Oct 7, 2025

Description

When running the mcn_detect_malicious_metadata_1 check using Macaron on the main branch, I encountered an exception during the analysis of the vector-classifier-python package from PyPI. The error appears to be related to the extraction of a special file from the package source.

Steps to Reproduce

  1. Clone the Macaron repository and check out the main branch.
  2. Install Macaron and its dependencies.
  3. Run the analysis command:
macaron --verbose analyze -purl pkg:pypi/vector-classifier-python

Expected Behavior

The tool should successfully analyze the PyPI package, regardless of the presence of unusual or special files inside the package archive.

Actual Behavior

The command fails with a Python exception when trying to extract the source archive, due to a special file named nul in the vector_classifier_python-0.1.0 directory. The error traceback is as follows:

File "[...]/macaron/src/macaron/slsa_analyzer/package_registry/pypi_registry.py", line 269, in download_package_sourcecode
  sourcecode_tar.extractall(temp_dir, filter="data")
File "[...]/.pyenv/versions/3.11.13/lib/python3.11/tarfile.py", line 2303, in extractall
  tarinfo, unfiltered = self._get_extract_tarinfo(
File "[...]/.pyenv/versions/3.11.13/lib/python3.11/tarfile.py", line 2392, in _get_extract_tarinfo
  self._handle_fatal_error(e)
File "[...]/.pyenv/versions/3.11.13/lib/python3.11/tarfile.py", line 2390, in _get_extract_tarinfo
  filtered = filter_function(unfiltered, path)
File "[...]/.pyenv/versions/3.11.13/lib/python3.11/tarfile.py", line 844, in data_filter
  new_attrs = _get_filtered_attrs(member, dest_path, True)
File "[...]/.pyenv/versions/3.11.13/lib/python3.11/tarfile.py", line 801, in _get_filtered_attrs
  raise SpecialFileError(member)
tarfile.SpecialFileError: 'vector_classifier_python-0.1.0/nul' is a special file

Environment Information

To assist with troubleshooting, please provide the following information about your environment:

Operating System: Ubuntu 22.04

CPU architecture information: x86-64

Python: 3.11.13

Macaron version or commit hash: 736dbf8

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingmalware analysisThe issues related to malware analysis

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions