SourceBroken: A large-scale analysis on the (un)reliability of SourceRank in the PyPI ecosystem
Biagio Montaruli, Serena Elisa Ponta, Luca Compagna, Davide Balzarotti
TL;DR
SourceRank aggregates $18$ metrics to rate open-source packages, but this work shows significant reliability gaps under evasion attacks in PyPI. It presents a threat model and identifies URL confusion as a major vector that can affect $5$ of the metrics, enabling malicious packages to masquerade as trustworthy. Empirically, SourceRank poorly distinguishes benign from malicious packages in real-world data due to delayed removal signaling, though it performs well on MalwareBench when removals are reflected; URL confusion can drive high scores (up to $15$) when combined with other evasion tactics. The authors propose mitigations such as periodic removal status checks and robust URL verification, and they discuss extending the analysis to other ecosystems (e.g., npm) and to other scoring systems to improve defense of software supply chains.
Abstract
SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at inflating the score of malicious packages, thereby masquerading them as trustworthy. To fill this gap, we first propose a threat model that identifies potential evasion approaches for each metric, including the URL confusion technique, which can affect 5 out of the 18 metrics by leveraging a URL pointing to a legitimate repository potentially unrelated to the malicious package. Furthermore, we study the reliability of SourceRank in the PyPI ecosystem by analyzing the SourceRank distributions of benign and malicious packages in the state-of-the-art MalwareBench dataset, as well as in a real-world dataset of 122,398 packages. Our analysis reveals that, while historical data suggests a clear distinction between benign and malicious packages, the real-world distributions overlap significantly, mainly due to SourceRank's failure to timely reflect package removals. As a result, SourceRank cannot be reliably used to discriminate between benign and malicious packages in real-world scenarios, nor to select benign packages among those available on PyPI. Finally, our analysis reveals that URL confusion represents an emerging attack vector, with its prevalence increasing from 4.2% in MalwareBench to 7.0% in our real-world dataset. Moreover, this technique is often used alongside other evasion techniques and can significantly inflate the SourceRank metrics of malicious packages.
