pascalwhoop · March 24, 2026 16:10
diff --git a/check-litellm-compromise.sh b/check-litellm-compromise.sh
 #\!/usr/bin/env bash
 # check-litellm-compromise.sh
 # Checks for compromised litellm versions (1.82.7, 1.82.8) in:
 #   - uv cache
 #   - all uv.lock files under a given path (default: $HOME)
 #
 # Usage: ./check-litellm-compromise.sh [search_path]

 set -euo pipefail

 SEARCH_PATH="${1:-$HOME}"
 COMPROMISED_VERSIONS=("1.82.7" "1.82.8")
 FOUND=0

 RED='\033[0;31m'
 GREEN='\033[0;32m'
 YELLOW='\033[1;33m'
 NC='\033[0m'

 echo "============================================"
 echo " LiteLLM Supply Chain Compromise Checker"
 echo " Checking for versions: ${COMPROMISED_VERSIONS[*]}"
 echo "============================================"
 echo ""

 # 1. Check for the malicious .pth file in Python site-packages
 echo "[1/3] Checking for litellm_init.pth in site-packages..."
 PTH_LOCATIONS=$(python3 -c "import site; print('\n'.join(site.getsitepackages()))" 2>/dev/null || true)
 PTH_FOUND=0
 while IFS= read -r site_dir; do
  [[ -z "$site_dir" ]] && continue
  if find "$site_dir" -name "litellm_init.pth" 2>/dev/null | grep -q .; then
    echo -e "  ${RED}DANGER: litellm_init.pth found in $site_dir — rotate ALL credentials on this machine immediately\!${NC}"
    PTH_FOUND=1
    FOUND=1
  fi
 done <<< "$PTH_LOCATIONS"
 [[ $PTH_FOUND -eq 0 ]] && echo -e "  ${GREEN}OK — litellm_init.pth not found${NC}"

 echo ""

 # 2. Check uv cache
 echo "[2/3] Checking uv cache..."
 UV_CACHE_DIRS=("$HOME/.cache/uv" "$HOME/.local/share/uv/cache")
 [[ -n "${UV_CACHE_DIR:-}" ]] && UV_CACHE_DIRS=("$UV_CACHE_DIR")
 CACHE_FOUND=0
 for cache_dir in "${UV_CACHE_DIRS[@]}"; do
  [[ \! -d "$cache_dir" ]] && continue
  for version in "${COMPROMISED_VERSIONS[@]}"; do
    matches=$(find "$cache_dir" -name "litellm-${version}*" 2>/dev/null)
    if [[ -n "$matches" ]]; then
      echo -e "  ${RED}FOUND in cache: $matches${NC}"
      echo -e "  ${YELLOW}Run: uv cache clean litellm${NC}"
      CACHE_FOUND=1
      FOUND=1
    fi
  done
 done
 [[ $CACHE_FOUND -eq 0 ]] && echo -e "  ${GREEN}OK — no compromised versions in uv cache${NC}"

 echo ""

 # 3. Check uv.lock files
 echo "[3/3] Scanning uv.lock files under $SEARCH_PATH ..."
 LOCK_FOUND=0
 while IFS= read -r lockfile; do
  for version in "${COMPROMISED_VERSIONS[@]}"; do
    if grep -q "litellm-${version}" "$lockfile" 2>/dev/null; then
      echo -e "  ${RED}FOUND litellm $version in: $lockfile${NC}"
      LOCK_FOUND=1
      FOUND=1
    fi
  done
 done < <(find "$SEARCH_PATH" -name "uv.lock" 2>/dev/null)
 [[ $LOCK_FOUND -eq 0 ]] && echo -e "  ${GREEN}OK — no compromised versions in any uv.lock${NC}"

 echo ""
 echo "============================================"
 if [[ $FOUND -eq 1 ]]; then
  echo -e "${RED}RESULT: Compromised version(s) detected. See above.${NC}"
  echo ""
  echo "Remediation:"
  echo "  1. uv cache clean litellm"
  echo "  2. Rotate ALL credentials on this machine (SSH keys, cloud creds, API keys)"
  echo "  3. Update uv.lock: pin litellm to <=1.82.6 until PyPI restores the package"
  exit 1
 else
  echo -e "${GREEN}RESULT: No compromised litellm versions found.${NC}"
  exit 0
 fi
	#\!/usr/bin/env bash
	# check-litellm-compromise.sh
	# Checks for compromised litellm versions (1.82.7, 1.82.8) in:
	# - uv cache
	# - all uv.lock files under a given path (default: $HOME)
	#
	# Usage: ./check-litellm-compromise.sh [search_path]

	set -euo pipefail

	SEARCH_PATH="${1:-$HOME}"
	COMPROMISED_VERSIONS=("1.82.7" "1.82.8")
	FOUND=0

	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[1;33m'
	NC='\033[0m'

	echo "============================================"
	echo " LiteLLM Supply Chain Compromise Checker"
	echo " Checking for versions: ${COMPROMISED_VERSIONS[*]}"
	echo "============================================"
	echo ""

	# 1. Check for the malicious .pth file in Python site-packages
	echo "[1/3] Checking for litellm_init.pth in site-packages..."
	PTH_LOCATIONS=$(python3 -c "import site; print('\n'.join(site.getsitepackages()))" 2>/dev/null \|\| true)
	PTH_FOUND=0
	while IFS= read -r site_dir; do
	[[ -z "$site_dir" ]] && continue
	if find "$site_dir" -name "litellm_init.pth" 2>/dev/null \| grep -q .; then
	echo -e " ${RED}DANGER: litellm_init.pth found in $site_dir — rotate ALL credentials on this machine immediately\!${NC}"
	PTH_FOUND=1
	FOUND=1
	fi
	done <<< "$PTH_LOCATIONS"
	[[ $PTH_FOUND -eq 0 ]] && echo -e " ${GREEN}OK — litellm_init.pth not found${NC}"

	echo ""

	# 2. Check uv cache
	echo "[2/3] Checking uv cache..."
	UV_CACHE_DIRS=("$HOME/.cache/uv" "$HOME/.local/share/uv/cache")
	[[ -n "${UV_CACHE_DIR:-}" ]] && UV_CACHE_DIRS=("$UV_CACHE_DIR")
	CACHE_FOUND=0
	for cache_dir in "${UV_CACHE_DIRS[@]}"; do
	[[ \! -d "$cache_dir" ]] && continue
	for version in "${COMPROMISED_VERSIONS[@]}"; do
	matches=$(find "$cache_dir" -name "litellm-${version}*" 2>/dev/null)
	if [[ -n "$matches" ]]; then
	echo -e " ${RED}FOUND in cache: $matches${NC}"
	echo -e " ${YELLOW}Run: uv cache clean litellm${NC}"
	CACHE_FOUND=1
	FOUND=1
	fi
	done
	done
	[[ $CACHE_FOUND -eq 0 ]] && echo -e " ${GREEN}OK — no compromised versions in uv cache${NC}"

	echo ""

	# 3. Check uv.lock files
	echo "[3/3] Scanning uv.lock files under $SEARCH_PATH ..."
	LOCK_FOUND=0
	while IFS= read -r lockfile; do
	for version in "${COMPROMISED_VERSIONS[@]}"; do
	if grep -q "litellm-${version}" "$lockfile" 2>/dev/null; then
	echo -e " ${RED}FOUND litellm $version in: $lockfile${NC}"
	LOCK_FOUND=1
	FOUND=1
	fi
	done
	done < <(find "$SEARCH_PATH" -name "uv.lock" 2>/dev/null)
	[[ $LOCK_FOUND -eq 0 ]] && echo -e " ${GREEN}OK — no compromised versions in any uv.lock${NC}"

	echo ""
	echo "============================================"
	if [[ $FOUND -eq 1 ]]; then
	echo -e "${RED}RESULT: Compromised version(s) detected. See above.${NC}"
	echo ""
	echo "Remediation:"
	echo " 1. uv cache clean litellm"
	echo " 2. Rotate ALL credentials on this machine (SSH keys, cloud creds, API keys)"
	echo " 3. Update uv.lock: pin litellm to <=1.82.6 until PyPI restores the package"
	exit 1
	else
	echo -e "${GREEN}RESULT: No compromised litellm versions found.${NC}"
	exit 0
	fi
No results found