Security concerns from `mypy --install-types` and malicious third-party stubs

[Zac-HD]

Reading the recent blog post announcing --install-types, I was concerned that malicious third parties might create a types-$popular_package package and have it recommended or even installed by mypy.

The docs for this feature don't outline any security considerations. Has the risk of malicious packages been considered? If so, what mitigations are in place? It would be great to document this.

[srittau]

See also pypi/warehouse#4967. This is a serious concern.

[JukkaL]

Mypy ships with information about a various known stub packages and these are the only ones that it will suggest installing, or install using --install-types. All of these originate from typeshed. The typeshed uploader script for packages lives in another repository with restricted write access, and we make sure to only include stub files (not executable code) in the packages that are uploaded.

It makes sense to mention this in the documentation as otherwise users may be hesitant to install these packages without first manually validating them.

Having a dedicated namespace for stub packages would be nice, but it's unclear when this might be supported.

I have plans to claim types-foo for a large number of projects on PyPI for typeshed, by auto-generating stubs and uploading them (assuming typeshed maintainers are okay with this). I think that this would make things less risky.

[srittau]

@JukkaL Sounds like a good plan! Both restricting --install-types to known stub packages as well as auto-generating stubs. I hope we will get namespaces on PyPI at some point, though.

[JukkaL]

Note that --install-types is already restricted to known stub packages, but auto-generating additional stubs won't happen before the 0.900 release (I don't have a concrete timeline yet for it).