Hello - Warning! This post contains profanity!
We just discovered something very disturbing in the installation packages preventing Pro installs of 2.1 - 2.3.x. Running the install as an administrator from the installation package, or running an un-install from control panel on windows 10 machines - both the install and and uninstalls fail in a very disturbing location.
Specifically, the install / uninstall fails at this location during the runtime:
C:\Program Files\ArcGIS\Pro\bin\Python\envs\arcgispro-py3\Lib\site-packages\notebook\static\components\codemirror\mode\brainf**k\brainf**k.js
I'm sure everyone understands what letters the '**' is referring to.
The file is inaccessible through any js or readers like notepad ++, even with admin rights. Regardless, I wouldn't care that the name contains profanity only that this is where install - uninstalls are failing!
First off, what developer would ever name a directory and a js file with that name??!!
Someone at esri needs to look into this ASAP!
Thanks
Solved! Go to Solution.
Thank you for bringing this to our attention. We have been including an open source Python merge module that contains a folder/file named with an offensive English word for multiple releases. Esri apologizes for this. This is not malware and we are not aware of any security vulnerabilities caused by this file at this time.
For more information on this file please see the following. We will release more information as it becomes available.
- David Watkins, ArcGIS Pro Product Manager
perhaps it is the javascript version of BF (a minimalist language with a variety of derivatives.
https://en.wikipedia.org/wiki/JS****
but yes... it shouldn't exist in the install
Kory Kramer could you pass this on … I am sure someone is familiar with BF
Pardon me Dan, but wouldn't you agree that that's total BS, no pun intended . . . . regardless of the mal-name.
moreover, I can certainly see malware programs like McAffee seeing that name as a potential threat and thus fail the installs
I can't even access the file in my cloned environment either. We all have enough threats to deal with so if this was a joke of some sort it's not very funny
Not sure what you mean as the BS. BF has been around for some time. Any of its variants aren't part of the install if is 'malware' or something else is involved, it shouldn't be there either.
In any case, I informed Kory and it is being dealt with.
Have a good weekend
Already did, but let's not jump to any conclusions about malware. We'll have somebody look at the thread here...
Yes please do thanks
Right so ok this is not a hack and yes, the name is legit if 'esoteric' But at the same time, the name violates a label rule in our enterprise McAffee. We are working with our security team to make a specific exception for this pathway. I am editing the title of this post.
Greatest. Post. Ever.
Check out C:\Program Files\ArcGIS\Pro\bin\Python\envs\arcgispro-py3\Lib\site-packages\jupyterlab\staging\yarn.js line 91128, just be glad THAT text isn't part of the EULA!
ESRI has little (no) control over the content/name of the Python Packages that get baked into the install.