diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | python-badfiles.spec | 411 | ||||
| -rw-r--r-- | sources | 1 |
3 files changed, 413 insertions, 0 deletions
@@ -0,0 +1 @@ +/badfiles-0.3.0.tar.gz diff --git a/python-badfiles.spec b/python-badfiles.spec new file mode 100644 index 0000000..f6da404 --- /dev/null +++ b/python-badfiles.spec @@ -0,0 +1,411 @@ +%global _empty_manifest_terminate_build 0 +Name: python-badfiles +Version: 0.3.0 +Release: 1 +Summary: A malicious file detection engine written with Python and Yara. +License: Apache-2.0 +URL: https://github.com/jeffallan/badfiles +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/61/3f/b7a459677b2343503c0634c8994c7a230ab4f499e5a6fe35b272eae9905b/badfiles-0.3.0.tar.gz +BuildArch: noarch + +Requires: python3-Gooey +Requires: python3-black +Requires: python3-flake8 +Requires: python3-flake8-docstrings +Requires: python3-isort +Requires: python3-mkdocs +Requires: python3-mkdocs-autorefs +Requires: python3-mkdocs-include-markdown-plugin +Requires: python3-mkdocs-material +Requires: python3-mkdocs-material-extensions +Requires: python3-mkdocstrings +Requires: python3-pip +Requires: python3-pre-commit +Requires: python3-pytest +Requires: python3-pytest-cov +Requires: python3-magic +Requires: python3-toml +Requires: python3-tox +Requires: python3-twine +Requires: python3-virtualenv +Requires: python3-yara-python + +%description +# badfiles + + +<p align="center"> +<a href="https://pypi.python.org/pypi/badfiles"> + <img src="https://img.shields.io/pypi/v/badfiles.svg" + alt = "Release Status"> +</a> + +<a href="https://github.com/jeffallan/badfiles/actions"> + <img src="https://github.com/jeffallan/badfiles/actions/workflows/main.yml/badge.svg?branch=release" alt="CI Status"> +</a> + +<!-- +<a href="https://jeffallan.github.io/badfiles/"> + <img src="https://jeffallan.github.io/badfiles/badge/?version=latest" alt="Documentation Status"> +</a> +--> +<!-- +<a href="https://pyup.io/repos/github/jeffallan/badfiles/"> +<img src="https://pyup.io/repos/github/jeffallan/badfiles/shield.svg" alt="Updates"> +</a> +--> +</p> + + +A malicious file detection engine written with Python and Yara. + + +* Free software: Apache-2.0 +* Documentation: <https://jeffallan.github.io/badfiles/> + +## Introduction + +At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector. + +The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly. + +## Features + +Currently, this project focuses on detecting the following: + +### Generally Suspicious Files: + +:heavy_check_mark: Mime type confusion. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### CSV Files +:heavy_check_mark: CSV Injection. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### Office Documents +:heavy_check_mark: DDE injection. + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +### Zip Files +:heavy_check_mark: Symlink attacks. + +:heavy_check_mark: Zip slips. + +:heavy_check_mark: Nested zip bombs. + +:heavy_check_mark: Flat zip bombs. + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +### Tar Files +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:black_square_button: Files with absolute paths (*Nix only). + + + +### Additional Features +Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details. + +## [Getting Started](https://jeffallan.github.io/badfiles/installation/) + +## [Usage](https://jeffallan.github.io/badfiles/usage/) + +## Credits + +This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage) + +This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules. + +This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads. + +### Contributors + +<a href = "https://github.com/jeffallan/badfiles/graphs/contributors"> +<img src = "https://contrib.rocks/image?repo=jeffallan/badfiles"/> + + + +%package -n python3-badfiles +Summary: A malicious file detection engine written with Python and Yara. +Provides: python-badfiles +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-badfiles +# badfiles + + +<p align="center"> +<a href="https://pypi.python.org/pypi/badfiles"> + <img src="https://img.shields.io/pypi/v/badfiles.svg" + alt = "Release Status"> +</a> + +<a href="https://github.com/jeffallan/badfiles/actions"> + <img src="https://github.com/jeffallan/badfiles/actions/workflows/main.yml/badge.svg?branch=release" alt="CI Status"> +</a> + +<!-- +<a href="https://jeffallan.github.io/badfiles/"> + <img src="https://jeffallan.github.io/badfiles/badge/?version=latest" alt="Documentation Status"> +</a> +--> +<!-- +<a href="https://pyup.io/repos/github/jeffallan/badfiles/"> +<img src="https://pyup.io/repos/github/jeffallan/badfiles/shield.svg" alt="Updates"> +</a> +--> +</p> + + +A malicious file detection engine written with Python and Yara. + + +* Free software: Apache-2.0 +* Documentation: <https://jeffallan.github.io/badfiles/> + +## Introduction + +At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector. + +The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly. + +## Features + +Currently, this project focuses on detecting the following: + +### Generally Suspicious Files: + +:heavy_check_mark: Mime type confusion. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### CSV Files +:heavy_check_mark: CSV Injection. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### Office Documents +:heavy_check_mark: DDE injection. + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +### Zip Files +:heavy_check_mark: Symlink attacks. + +:heavy_check_mark: Zip slips. + +:heavy_check_mark: Nested zip bombs. + +:heavy_check_mark: Flat zip bombs. + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +### Tar Files +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:black_square_button: Files with absolute paths (*Nix only). + + + +### Additional Features +Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details. + +## [Getting Started](https://jeffallan.github.io/badfiles/installation/) + +## [Usage](https://jeffallan.github.io/badfiles/usage/) + +## Credits + +This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage) + +This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules. + +This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads. + +### Contributors + +<a href = "https://github.com/jeffallan/badfiles/graphs/contributors"> +<img src = "https://contrib.rocks/image?repo=jeffallan/badfiles"/> + + + +%package help +Summary: Development documents and examples for badfiles +Provides: python3-badfiles-doc +%description help +# badfiles + + +<p align="center"> +<a href="https://pypi.python.org/pypi/badfiles"> + <img src="https://img.shields.io/pypi/v/badfiles.svg" + alt = "Release Status"> +</a> + +<a href="https://github.com/jeffallan/badfiles/actions"> + <img src="https://github.com/jeffallan/badfiles/actions/workflows/main.yml/badge.svg?branch=release" alt="CI Status"> +</a> + +<!-- +<a href="https://jeffallan.github.io/badfiles/"> + <img src="https://jeffallan.github.io/badfiles/badge/?version=latest" alt="Documentation Status"> +</a> +--> +<!-- +<a href="https://pyup.io/repos/github/jeffallan/badfiles/"> +<img src="https://pyup.io/repos/github/jeffallan/badfiles/shield.svg" alt="Updates"> +</a> +--> +</p> + + +A malicious file detection engine written with Python and Yara. + + +* Free software: Apache-2.0 +* Documentation: <https://jeffallan.github.io/badfiles/> + +## Introduction + +At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector. + +The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly. + +## Features + +Currently, this project focuses on detecting the following: + +### Generally Suspicious Files: + +:heavy_check_mark: Mime type confusion. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### CSV Files +:heavy_check_mark: CSV Injection. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### Office Documents +:heavy_check_mark: DDE injection. + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +### Zip Files +:heavy_check_mark: Symlink attacks. + +:heavy_check_mark: Zip slips. + +:heavy_check_mark: Nested zip bombs. + +:heavy_check_mark: Flat zip bombs. + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +### Tar Files +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:black_square_button: Files with absolute paths (*Nix only). + + + +### Additional Features +Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details. + +## [Getting Started](https://jeffallan.github.io/badfiles/installation/) + +## [Usage](https://jeffallan.github.io/badfiles/usage/) + +## Credits + +This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage) + +This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules. + +This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads. + +### Contributors + +<a href = "https://github.com/jeffallan/badfiles/graphs/contributors"> +<img src = "https://contrib.rocks/image?repo=jeffallan/badfiles"/> + + + +%prep +%autosetup -n badfiles-0.3.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-badfiles -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Thu May 18 2023 Python_Bot <Python_Bot@openeuler.org> - 0.3.0-1 +- Package Spec generated @@ -0,0 +1 @@ +5ce816a32f72936785235cb06888a3a1 badfiles-0.3.0.tar.gz |