automatic import of python-badfiles

3 files changed, 413 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..4924e5b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/badfiles-0.3.0.tar.gz
diff --git a/python-badfiles.spec b/python-badfiles.spec
new file mode 100644
index 0000000..f6da404
--- /dev/null
+++ b/python-badfiles.spec
@@ -0,0 +1,411 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-badfiles
+Version:	0.3.0
+Release:	1
+Summary:	A malicious file detection engine written with Python and Yara.
+License:	Apache-2.0
+URL:		https://github.com/jeffallan/badfiles
+Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/61/3f/b7a459677b2343503c0634c8994c7a230ab4f499e5a6fe35b272eae9905b/badfiles-0.3.0.tar.gz
+BuildArch:	noarch
+
+Requires:	python3-Gooey
+Requires:	python3-black
+Requires:	python3-flake8
+Requires:	python3-flake8-docstrings
+Requires:	python3-isort
+Requires:	python3-mkdocs
+Requires:	python3-mkdocs-autorefs
+Requires:	python3-mkdocs-include-markdown-plugin
+Requires:	python3-mkdocs-material
+Requires:	python3-mkdocs-material-extensions
+Requires:	python3-mkdocstrings
+Requires:	python3-pip
+Requires:	python3-pre-commit
+Requires:	python3-pytest
+Requires:	python3-pytest-cov
+Requires:	python3-magic
+Requires:	python3-toml
+Requires:	python3-tox
+Requires:	python3-twine
+Requires:	python3-virtualenv
+Requires:	python3-yara-python
+
+%description
+# badfiles
+
+
+<p align="center">
+<a href="https://pypi.python.org/pypi/badfiles">
+    <img src="https://img.shields.io/pypi/v/badfiles.svg"
+        alt = "Release Status">
+</a>
+
+<a href="https://github.com/jeffallan/badfiles/actions">
+    <img src="https://github.com/jeffallan/badfiles/actions/workflows/main.yml/badge.svg?branch=release" alt="CI Status">
+</a>
+
+<!--
+<a href="https://jeffallan.github.io/badfiles/">
+    <img src="https://jeffallan.github.io/badfiles/badge/?version=latest" alt="Documentation Status">
+</a>
+-->
+<!--
+<a href="https://pyup.io/repos/github/jeffallan/badfiles/">
+<img src="https://pyup.io/repos/github/jeffallan/badfiles/shield.svg" alt="Updates">
+</a>
+-->
+</p>
+
+
+A malicious file detection engine written with Python and Yara.
+
+
+* Free software: Apache-2.0
+* Documentation: <https://jeffallan.github.io/badfiles/>
+
+## Introduction
+
+At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector.
+
+The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly.
+
+## Features
+
+Currently, this project focuses on detecting the following:
+
+### Generally Suspicious Files:
+
+:heavy_check_mark: Mime type confusion.
+
+:black_square_button: Files with a root UID or GID (*NIX only).
+
+:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
+
+### CSV Files
+:heavy_check_mark: CSV Injection.
+
+:black_square_button: Files with a root UID or GID (*NIX only).
+
+:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
+
+### Office Documents
+:heavy_check_mark: DDE injection.
+
+:heavy_check_mark: Files with a root UID or GID (*NIX only).
+
+:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
+
+### Zip Files
+:heavy_check_mark: Symlink attacks.
+
+:heavy_check_mark: Zip slips.
+
+:heavy_check_mark: Nested zip bombs.
+
+:heavy_check_mark: Flat zip bombs.
+
+:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
+
+:heavy_check_mark: Files with a root UID or GID (*NIX only).
+
+### Tar Files
+:heavy_check_mark: Files with a root UID or GID (*NIX only).
+
+:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
+
+:black_square_button: Files with absolute paths (*Nix only).
+
+
+
+### Additional Features
+Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details.
+
+## [Getting Started](https://jeffallan.github.io/badfiles/installation/)
+
+## [Usage](https://jeffallan.github.io/badfiles/usage/)
+
+## Credits
+
+This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage)
+
+This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules.
+
+This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads.
+
+### Contributors
+
+<a href = "https://github.com/jeffallan/badfiles/graphs/contributors">
+<img src = "https://contrib.rocks/image?repo=jeffallan/badfiles"/>
+
+
+
+%package -n python3-badfiles
+Summary:	A malicious file detection engine written with Python and Yara.
+Provides:	python-badfiles
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+%description -n python3-badfiles
+# badfiles
+
+
+<p align="center">
+<a href="https://pypi.python.org/pypi/badfiles">
+    <img src="https://img.shields.io/pypi/v/badfiles.svg"
+        alt = "Release Status">
+</a>
+
+<a href="https://github.com/jeffallan/badfiles/actions">
+    <img src="https://github.com/jeffallan/badfiles/actions/workflows/main.yml/badge.svg?branch=release" alt="CI Status">
+</a>
+
+<!--
+<a href="https://jeffallan.github.io/badfiles/">
+    <img src="https://jeffallan.github.io/badfiles/badge/?version=latest" alt="Documentation Status">
+</a>
+-->
+<!--
+<a href="https://pyup.io/repos/github/jeffallan/badfiles/">
+<img src="https://pyup.io/repos/github/jeffallan/badfiles/shield.svg" alt="Updates">
+</a>
+-->
+</p>
+
+
+A malicious file detection engine written with Python and Yara.
+
+
+* Free software: Apache-2.0
+* Documentation: <https://jeffallan.github.io/badfiles/>
+
+## Introduction
+
+At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector.
+
+The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly.
+
+## Features
+
+Currently, this project focuses on detecting the following:
+
+### Generally Suspicious Files:
+
+:heavy_check_mark: Mime type confusion.
+
+:black_square_button: Files with a root UID or GID (*NIX only).
+
+:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
+
+### CSV Files
+:heavy_check_mark: CSV Injection.
+
+:black_square_button: Files with a root UID or GID (*NIX only).
+
+:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
+
+### Office Documents
+:heavy_check_mark: DDE injection.
+
+:heavy_check_mark: Files with a root UID or GID (*NIX only).
+
+:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
+
+### Zip Files
+:heavy_check_mark: Symlink attacks.
+
+:heavy_check_mark: Zip slips.
+
+:heavy_check_mark: Nested zip bombs.
+
+:heavy_check_mark: Flat zip bombs.
+
+:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
+
+:heavy_check_mark: Files with a root UID or GID (*NIX only).
+
+### Tar Files
+:heavy_check_mark: Files with a root UID or GID (*NIX only).
+
+:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
+
+:black_square_button: Files with absolute paths (*Nix only).
+
+
+
+### Additional Features
+Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details.
+
+## [Getting Started](https://jeffallan.github.io/badfiles/installation/)
+
+## [Usage](https://jeffallan.github.io/badfiles/usage/)
+
+## Credits
+
+This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage)
+
+This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules.
+
+This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads.
+
+### Contributors
+
+<a href = "https://github.com/jeffallan/badfiles/graphs/contributors">
+<img src = "https://contrib.rocks/image?repo=jeffallan/badfiles"/>
+
+
+
+%package help
+Summary:	Development documents and examples for badfiles
+Provides:	python3-badfiles-doc
+%description help
+# badfiles
+
+
+<p align="center">
+<a href="https://pypi.python.org/pypi/badfiles">
+    <img src="https://img.shields.io/pypi/v/badfiles.svg"
+        alt = "Release Status">
+</a>
+
+<a href="https://github.com/jeffallan/badfiles/actions">
+    <img src="https://github.com/jeffallan/badfiles/actions/workflows/main.yml/badge.svg?branch=release" alt="CI Status">
+</a>
+
+<!--
+<a href="https://jeffallan.github.io/badfiles/">
+    <img src="https://jeffallan.github.io/badfiles/badge/?version=latest" alt="Documentation Status">
+</a>
+-->
+<!--
+<a href="https://pyup.io/repos/github/jeffallan/badfiles/">
+<img src="https://pyup.io/repos/github/jeffallan/badfiles/shield.svg" alt="Updates">
+</a>
+-->
+</p>
+
+
+A malicious file detection engine written with Python and Yara.
+
+
+* Free software: Apache-2.0
+* Documentation: <https://jeffallan.github.io/badfiles/>
+
+## Introduction
+
+At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector.
+
+The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly.
+
+## Features
+
+Currently, this project focuses on detecting the following:
+
+### Generally Suspicious Files:
+
+:heavy_check_mark: Mime type confusion.
+
+:black_square_button: Files with a root UID or GID (*NIX only).
+
+:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
+
+### CSV Files
+:heavy_check_mark: CSV Injection.
+
+:black_square_button: Files with a root UID or GID (*NIX only).
+
+:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
+
+### Office Documents
+:heavy_check_mark: DDE injection.
+
+:heavy_check_mark: Files with a root UID or GID (*NIX only).
+
+:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
+
+### Zip Files
+:heavy_check_mark: Symlink attacks.
+
+:heavy_check_mark: Zip slips.
+
+:heavy_check_mark: Nested zip bombs.
+
+:heavy_check_mark: Flat zip bombs.
+
+:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
+
+:heavy_check_mark: Files with a root UID or GID (*NIX only).
+
+### Tar Files
+:heavy_check_mark: Files with a root UID or GID (*NIX only).
+
+:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
+
+:black_square_button: Files with absolute paths (*Nix only).
+
+
+
+### Additional Features
+Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details.
+
+## [Getting Started](https://jeffallan.github.io/badfiles/installation/)
+
+## [Usage](https://jeffallan.github.io/badfiles/usage/)
+
+## Credits
+
+This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage)
+
+This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules.
+
+This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads.
+
+### Contributors
+
+<a href = "https://github.com/jeffallan/badfiles/graphs/contributors">
+<img src = "https://contrib.rocks/image?repo=jeffallan/badfiles"/>
+
+
+
+%prep
+%autosetup -n badfiles-0.3.0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-badfiles -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Thu May 18 2023 Python_Bot <Python_Bot@openeuler.org> - 0.3.0-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..37669d9
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+5ce816a32f72936785235cb06888a3a1  badfiles-0.3.0.tar.gz