• Added dockerfile support for M3 silicon (Apple Macbooks)
• Fixed utils bug that raised error if module name was empty (happens some times because of the way python modules are executed)

• Add warning for --with-dtrace support for python

• Make trace.bt support any path to the python interpreter

• Add info about "Could not resolve symbol" error on Ubuntu to FAQ.md

• https://github.com/avilum/secimport/pull/27

• https://github.com/avilum/secimport/pull/28

• https://github.com/avilum/secimport/pull/29

• Added nsjail support
• Imroved CLI
• Improved documentation
• General bugfixes

• Added nsjail support

Added docker build and push to GH Actions

Blocking the following insecure syscalls by deafult in secimport build:

INSECURE_SYSCALLS = [
    "vfork",
    "clone",
    "access",
    "chdir",
    "creat",
    "dup",
    "dup2",
    "execve",
    "faccessat",
    "fcntl",
    "fdatasync",
    "fork",
    "fstat",
    "fsync",
    "getegid",
    "geteuid",
    "getgid",
    "getgroups",
    "getpid",
    "getppid",
    "getrlimit",
    "getsockname",
    "getsid",
    "getuid",
    "ioctl",
    "link",
    "lseek",
    "lstat",
    "mkdir",
    "mknod",
    "open",
    "openat",
    "pipe",
    "poll",
    "read",
    "readlink",
    "readv",
    "recvfrom",
    "recvmsg",
    "rename",
    "rmdir",
    "select",
    "sendmsg",
    "sendto",
    "setgid",
    "setgroups",
    "setpgid",
    "setpriority",
    "setregid",
    "setreuid",
    "setrlimit",
    "setsid",
    "setsockopt",
    "stat",
    "symlink",
    "truncate",
    "umask",
    "utime",
    "utimes",
    "write",
    "writev",
]

• Added STOP and KILL flags
• Improved documentation
• Docker bugfixes

• Added github actions :)

• Added github actions build and push to pypi on merge to master branch

• Added github deploy action

• Added Stop and Kill options
• Added FastAPI example inside docker
• Improved the CLI
• Improved the README and overall documentation
• Removed unused code / POC leftovers

The new usage I encourage is a follows:

pip install secimport==0.7.0

# Interactive quickstart
secimport interactive

FastAPI example

#!/bin/bash


echo "FastAPI Example"
echo "Tracing the main application, hit CTRL+C/CTRL+D when you are done."
/workspace/Python-3.10.0/python -m secimport.cli trace --entrypoint fastapi_main.py
/workspace/Python-3.10.0/python -m secimport.cli build
/workspace/Python-3.10.0/python -m secimport.cli run --entrypoint fastapi_main.py

Usage:

SecImport - A toolkit for Tracing and Securing Python Runtime using USDT probes and eBPF/DTrace: https://github.com/avilum/secimport/wiki/Command-Line-Usage

    QUICK START:
            >>> secimport interactive

    EXAMPLES:
        1. trace:
            $  secimport trace
            $  secimport trace -h
            $  secimport trace_pid 123
            $  secimport trace_pid -h
        2. build:
            # secimport build
            $ secimport build -h
        3. run:
            $  secimport run
            $  secimport run --entrypoint my_custom_main.py
            $  secimport run --entrypoint my_custom_main.py --stop_on_violation=true
            $  secimport run --entrypoint my_custom_main.py --kill_on_violation=true
            $  secimport run --sandbox_executable /path/to/my_sandbox.bt --pid 2884
            $  secimport run --sandbox_executable /path/to/my_sandbox.bt --sandbox_logfile my_log.log
            $  secimport run -h

• Added bpftrace (ebpf) support
• Added docker for bpftrace
• Added tests

• Fixed unneeded imports that were not inside the dependencies list.

Added pickle examples, improved logging and documentation

• Minor bugfixes in Paths prints
• More docs

Version 0.4.0 adds the ability to generate profile from a YAML template.
For a full usage documentation, visit https://github.com/avilum/secimport/blob/master/docs/YAML_PROFILES.md

• Added syscalls_allowlist argument that enables specifying specific syscalls only.
• Improved examples

 module = secure_import(
            module_name="http",
            syscalls_allowlist="""
                                access
                                exit
                                getentropy
...

Added optional dtrace flag for destructive mode.
When set to False (default is True), the process will be killed but only logged.
destructive (bool, optional): Whether to kill the process with -9 sigkill upon violation of any of the configurations above. Defaults to True