Open Source Summit Europe 2024

A package’s permissions and capabilities constrain its blast radius if compromised. Analysing and restricting these permissions can thwart potential attack vectors, such as we have recently seen with inserting malicious code into programs via third-party libraries, sometimes by gaining commit access to an existing trusted package.
Security vulnerabilities can also be caused by excessive but well-intended privileges in packages that have unintended scope. Visibility into package permissions can help motivate the principle of least privilege within the ecosystem and increase scrutiny on dangerous capabilities.

Capslock is a CLI tool for analysing Go package imports that works on a callpath-level to look at only the capabilities accessible by the caller (instead of just looking at package imports). This ensures that the signals provided aren’t overly broad or noisy, in order to decrease false positive rates and prevent alert fatigue for users. This model is influenced by mobile phone permissions systems, where users can make decisions on the behaviours that apps require.

Capslock capability results are now available for Go on deps.dev, with support for more languages in development.