automatic import of python-appthreat-vulnerability-db

3 files changed, 370 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index e69de29..a57603a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+/appthreat-vulnerability-db-5.1.3.tar.gz
diff --git a/python-appthreat-vulnerability-db.spec b/python-appthreat-vulnerability-db.spec
new file mode 100644
index 0000000..22d56d6
--- /dev/null
+++ b/python-appthreat-vulnerability-db.spec
@@ -0,0 +1,368 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-appthreat-vulnerability-db
+Version:	5.1.3
+Release:	1
+Summary:	AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities.
+License:	MIT License
+URL:		https://github.com/appthreat/vulnerability-db
+Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/e7/7d/4cdcb5fdfdeea236c16a5c33c3313b63455de120c17426d4eed88dd7ad56/appthreat-vulnerability-db-5.1.3.tar.gz
+BuildArch:	noarch
+
+Requires:	python3-httpx[http2]
+Requires:	python3-appdirs
+Requires:	python3-tabulate
+Requires:	python3-msgpack
+Requires:	python3-orjson
+Requires:	python3-semver
+Requires:	python3-packageurl-python
+Requires:	python3-cvss
+
+%description
+# Introduction
+
+This repo is a vulnerability database and package search for sources such as Aqua Security vuln-list, OSV, NVD, GitHub, and NPM. Vulnerability data are downloaded from the sources and stored in a custom file based storage with indexes to allow offline access and quick searches.
+
+## Vulnerability Data sources
+
+- Linux [vuln-list](https://github.com/appthreat/vuln-list) (Forked from AquaSecurity)
+- OSV
+- NVD
+- GitHub
+- NPM
+
+## Linux distros
+
+- AlmaLinux
+- Debian
+- Alpine
+- Amazon Linux
+- Arch Linux
+- RHEL/CentOS
+- Rocky Linux
+- Ubuntu
+- OpenSUSE/SLES
+- Photon
+- Chainguard
+- Wolfi OS
+
+## Installation
+
+```bash
+pip install appthreat-vulnerability-db
+```
+
+## Usage
+
+This package is ideal as a library for managing vulnerabilities. This is used by [dep-scan](http://github.com/AppThreat/dep-scan), a free open-source dependency audit tool. However, there is a limited cli capability available with few features to test this tool directly.
+
+### Download pre-built database
+
+Use the [ORAS cli](https://oras.land/cli/) to download a pre-built database containing all application and OS vulnerabilities.
+
+```
+export VDB_HOME=$HOME/vdb
+oras pull ghcr.io/appthreat/vdb:v5 -o $VDB_HOME
+```
+
+### Cache vulnerability data
+
+Cache application vulnerabilities
+
+```bash
+vdb --cache
+```
+
+Typical size of this database is over 1.1 GB.
+
+Cache application and OS vulnerabilities
+
+```bash
+vdb --cache-os
+```
+
+Note the size of the database with OS vulnerabilities is over 3.1 GB.
+
+Cache from just [OSV](https://osv.dev)
+
+```bash
+vdb --cache --only-osv
+```
+
+It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.
+
+- NVD_START_YEAR - Default: 2018. Supports upto 2002
+- GITHUB_PAGE_COUNT - Default: 2. Supports upto 20
+
+### Periodic sync
+
+To periodically sync the latest vulnerabilities and update the database cache.
+
+```bash
+vdb --sync
+```
+
+### Basic search
+
+It is possible to perform simple search using the cli.
+
+```bash
+vdb --search android:8.0
+
+vdb --search google:android:8.0
+
+vdb --search android:8.0,simplesamlphp:1.14.11
+```
+
+Syntax is package:version,package:version or vendor : package : version (Without space)
+
+
+%package -n python3-appthreat-vulnerability-db
+Summary:	AppThreat's vulnerability database and package search library with a built-in file based storage. OSV, CVE, GitHub, npm are the primary sources of vulnerabilities.
+Provides:	python-appthreat-vulnerability-db
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+%description -n python3-appthreat-vulnerability-db
+# Introduction
+
+This repo is a vulnerability database and package search for sources such as Aqua Security vuln-list, OSV, NVD, GitHub, and NPM. Vulnerability data are downloaded from the sources and stored in a custom file based storage with indexes to allow offline access and quick searches.
+
+## Vulnerability Data sources
+
+- Linux [vuln-list](https://github.com/appthreat/vuln-list) (Forked from AquaSecurity)
+- OSV
+- NVD
+- GitHub
+- NPM
+
+## Linux distros
+
+- AlmaLinux
+- Debian
+- Alpine
+- Amazon Linux
+- Arch Linux
+- RHEL/CentOS
+- Rocky Linux
+- Ubuntu
+- OpenSUSE/SLES
+- Photon
+- Chainguard
+- Wolfi OS
+
+## Installation
+
+```bash
+pip install appthreat-vulnerability-db
+```
+
+## Usage
+
+This package is ideal as a library for managing vulnerabilities. This is used by [dep-scan](http://github.com/AppThreat/dep-scan), a free open-source dependency audit tool. However, there is a limited cli capability available with few features to test this tool directly.
+
+### Download pre-built database
+
+Use the [ORAS cli](https://oras.land/cli/) to download a pre-built database containing all application and OS vulnerabilities.
+
+```
+export VDB_HOME=$HOME/vdb
+oras pull ghcr.io/appthreat/vdb:v5 -o $VDB_HOME
+```
+
+### Cache vulnerability data
+
+Cache application vulnerabilities
+
+```bash
+vdb --cache
+```
+
+Typical size of this database is over 1.1 GB.
+
+Cache application and OS vulnerabilities
+
+```bash
+vdb --cache-os
+```
+
+Note the size of the database with OS vulnerabilities is over 3.1 GB.
+
+Cache from just [OSV](https://osv.dev)
+
+```bash
+vdb --cache --only-osv
+```
+
+It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.
+
+- NVD_START_YEAR - Default: 2018. Supports upto 2002
+- GITHUB_PAGE_COUNT - Default: 2. Supports upto 20
+
+### Periodic sync
+
+To periodically sync the latest vulnerabilities and update the database cache.
+
+```bash
+vdb --sync
+```
+
+### Basic search
+
+It is possible to perform simple search using the cli.
+
+```bash
+vdb --search android:8.0
+
+vdb --search google:android:8.0
+
+vdb --search android:8.0,simplesamlphp:1.14.11
+```
+
+Syntax is package:version,package:version or vendor : package : version (Without space)
+
+
+%package help
+Summary:	Development documents and examples for appthreat-vulnerability-db
+Provides:	python3-appthreat-vulnerability-db-doc
+%description help
+# Introduction
+
+This repo is a vulnerability database and package search for sources such as Aqua Security vuln-list, OSV, NVD, GitHub, and NPM. Vulnerability data are downloaded from the sources and stored in a custom file based storage with indexes to allow offline access and quick searches.
+
+## Vulnerability Data sources
+
+- Linux [vuln-list](https://github.com/appthreat/vuln-list) (Forked from AquaSecurity)
+- OSV
+- NVD
+- GitHub
+- NPM
+
+## Linux distros
+
+- AlmaLinux
+- Debian
+- Alpine
+- Amazon Linux
+- Arch Linux
+- RHEL/CentOS
+- Rocky Linux
+- Ubuntu
+- OpenSUSE/SLES
+- Photon
+- Chainguard
+- Wolfi OS
+
+## Installation
+
+```bash
+pip install appthreat-vulnerability-db
+```
+
+## Usage
+
+This package is ideal as a library for managing vulnerabilities. This is used by [dep-scan](http://github.com/AppThreat/dep-scan), a free open-source dependency audit tool. However, there is a limited cli capability available with few features to test this tool directly.
+
+### Download pre-built database
+
+Use the [ORAS cli](https://oras.land/cli/) to download a pre-built database containing all application and OS vulnerabilities.
+
+```
+export VDB_HOME=$HOME/vdb
+oras pull ghcr.io/appthreat/vdb:v5 -o $VDB_HOME
+```
+
+### Cache vulnerability data
+
+Cache application vulnerabilities
+
+```bash
+vdb --cache
+```
+
+Typical size of this database is over 1.1 GB.
+
+Cache application and OS vulnerabilities
+
+```bash
+vdb --cache-os
+```
+
+Note the size of the database with OS vulnerabilities is over 3.1 GB.
+
+Cache from just [OSV](https://osv.dev)
+
+```bash
+vdb --cache --only-osv
+```
+
+It is possible to customise the cache behaviour by increasing the historic data period to cache by setting the following environment variables.
+
+- NVD_START_YEAR - Default: 2018. Supports upto 2002
+- GITHUB_PAGE_COUNT - Default: 2. Supports upto 20
+
+### Periodic sync
+
+To periodically sync the latest vulnerabilities and update the database cache.
+
+```bash
+vdb --sync
+```
+
+### Basic search
+
+It is possible to perform simple search using the cli.
+
+```bash
+vdb --search android:8.0
+
+vdb --search google:android:8.0
+
+vdb --search android:8.0,simplesamlphp:1.14.11
+```
+
+Syntax is package:version,package:version or vendor : package : version (Without space)
+
+
+%prep
+%autosetup -n appthreat-vulnerability-db-5.1.3
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-appthreat-vulnerability-db -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Wed May 10 2023 Python_Bot <Python_Bot@openeuler.org> - 5.1.3-1
+- Package Spec generated
diff --git a/sources b/sources
new file mode 100644
index 0000000..fea1165
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+c4e8953ec2d3d60b532c3e38af30c793  appthreat-vulnerability-db-5.1.3.tar.gz