Umbhali we-mitmproxy, ithuluzi lokuhlaziya ithrafikhi ye-HTTP/HTTPS, udonsele ukunaka ekubonakaleni kwemfoloko yephrojekthi yakhe kunkomba yePyPI (Python Package Index) yamaphakheji wePython. Imfoloko yasatshalaliswa ngaphansi kwegama elifanayo elithi mitmproxy2 kanye nenguqulo engekho 8.0.1 (i-mitmproxy 7.0.4 yokukhishwa kwamanje) ngokulindela ukuthi abasebenzisi abanganakile bazobona iphakheji njengohlelo olusha lwephrojekthi eyinhloko (typesquatting) futhi bazofuna ukuzama inguqulo entsha.
Ekwakhekeni kwayo, i-mitmproxy2 yayifana ne-mitmproxy, ngaphandle kwezinguquko ngokuqaliswa kokusebenza okunonya. Izinguquko bezihlanganisa ukumisa ukusetha isihloko se-HTTP esithi “X-Frame-Options: DENY”, esivimbela ukucutshungulwa kokuqukethwe ngaphakathi kwe-iframe, ukukhubaza ukuvikelwa ekuhlaselweni kwe-XSRF nokusetha izihloko “Access-Control-Allow-Origin: *”, "Ukulawula-Ukufinyelela- Vumela-Izihloko: *" kanye "Nokufinyelela-Ukulawula-Vumela-Izindlela: THUMELA, THOLA, SUSA, IZINKETHO".
Lezi zinguquko zisuse imikhawulo ekufinyeleleni ku-HTTP API esetshenziselwa ukuphatha i-mitmproxy ngesixhumi esibonakalayo Sewebhu, esivumele noma yimuphi umhlaseli otholakala kunethiwekhi efanayo yendawo ukuthi ahlele ukusetshenziswa kwekhodi yakhe kusistimu yomsebenzisi ngokuthumela isicelo se-HTTP.
Abaphathi bohla lwemibhalo bavumile ukuthi izinguquko ezenziwe zingahunyushwa njengezinonya, futhi iphakheji ngokwalo njengomzamo wokuphromotha omunye umkhiqizo ngaphansi kokucasha kwephrojekthi eyinhloko (incazelo yephakheji iveze ukuthi lena inguqulo entsha ye-mitmproxy, hhayi imfoloko). Ngemva kokukhipha iphakheji kukhathalogi, ngosuku olulandelayo iphakheji elisha, i-mitmproxy-iframe, lathunyelwa ku-PyPI, incazelo yalo nayo ehambisana ngokuphelele nephakheji esemthethweni. Iphakheji ye-mitmproxy-iframe nayo manje isikhishiwe kuhla lwemibhalo lwe-PyPI.
Source: opennet.ru