From 219dab1f23c9c9b8647e78aef3e90fc0d2f51f53 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Thu, 18 May 2023 06:09:13 +0000 Subject: automatic import of python-badfiles --- .gitignore | 1 + python-badfiles.spec | 411 +++++++++++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 413 insertions(+) create mode 100644 python-badfiles.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..4924e5b 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/badfiles-0.3.0.tar.gz diff --git a/python-badfiles.spec b/python-badfiles.spec new file mode 100644 index 0000000..f6da404 --- /dev/null +++ b/python-badfiles.spec @@ -0,0 +1,411 @@ +%global _empty_manifest_terminate_build 0 +Name: python-badfiles +Version: 0.3.0 +Release: 1 +Summary: A malicious file detection engine written with Python and Yara. +License: Apache-2.0 +URL: https://github.com/jeffallan/badfiles +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/61/3f/b7a459677b2343503c0634c8994c7a230ab4f499e5a6fe35b272eae9905b/badfiles-0.3.0.tar.gz +BuildArch: noarch + +Requires: python3-Gooey +Requires: python3-black +Requires: python3-flake8 +Requires: python3-flake8-docstrings +Requires: python3-isort +Requires: python3-mkdocs +Requires: python3-mkdocs-autorefs +Requires: python3-mkdocs-include-markdown-plugin +Requires: python3-mkdocs-material +Requires: python3-mkdocs-material-extensions +Requires: python3-mkdocstrings +Requires: python3-pip +Requires: python3-pre-commit +Requires: python3-pytest +Requires: python3-pytest-cov +Requires: python3-magic +Requires: python3-toml +Requires: python3-tox +Requires: python3-twine +Requires: python3-virtualenv +Requires: python3-yara-python + +%description +# badfiles + + +

+ + Release Status + + + + CI Status + + + + +

+ + +A malicious file detection engine written with Python and Yara. + + +* Free software: Apache-2.0 +* Documentation: + +## Introduction + +At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector. + +The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly. + +## Features + +Currently, this project focuses on detecting the following: + +### Generally Suspicious Files: + +:heavy_check_mark: Mime type confusion. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### CSV Files +:heavy_check_mark: CSV Injection. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### Office Documents +:heavy_check_mark: DDE injection. + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +### Zip Files +:heavy_check_mark: Symlink attacks. + +:heavy_check_mark: Zip slips. + +:heavy_check_mark: Nested zip bombs. + +:heavy_check_mark: Flat zip bombs. + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +### Tar Files +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:black_square_button: Files with absolute paths (*Nix only). + + + +### Additional Features +Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details. + +## [Getting Started](https://jeffallan.github.io/badfiles/installation/) + +## [Usage](https://jeffallan.github.io/badfiles/usage/) + +## Credits + +This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage) + +This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules. + +This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads. + +### Contributors + + + + + + +%package -n python3-badfiles +Summary: A malicious file detection engine written with Python and Yara. +Provides: python-badfiles +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-badfiles +# badfiles + + +

+ + Release Status + + + + CI Status + + + + +

+ + +A malicious file detection engine written with Python and Yara. + + +* Free software: Apache-2.0 +* Documentation: + +## Introduction + +At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector. + +The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly. + +## Features + +Currently, this project focuses on detecting the following: + +### Generally Suspicious Files: + +:heavy_check_mark: Mime type confusion. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### CSV Files +:heavy_check_mark: CSV Injection. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### Office Documents +:heavy_check_mark: DDE injection. + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +### Zip Files +:heavy_check_mark: Symlink attacks. + +:heavy_check_mark: Zip slips. + +:heavy_check_mark: Nested zip bombs. + +:heavy_check_mark: Flat zip bombs. + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +### Tar Files +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:black_square_button: Files with absolute paths (*Nix only). + + + +### Additional Features +Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details. + +## [Getting Started](https://jeffallan.github.io/badfiles/installation/) + +## [Usage](https://jeffallan.github.io/badfiles/usage/) + +## Credits + +This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage) + +This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules. + +This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads. + +### Contributors + + + + + + +%package help +Summary: Development documents and examples for badfiles +Provides: python3-badfiles-doc +%description help +# badfiles + + +

+ + Release Status + + + + CI Status + + + + +

+ + +A malicious file detection engine written with Python and Yara. + + +* Free software: Apache-2.0 +* Documentation: + +## Introduction + +At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector. + +The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly. + +## Features + +Currently, this project focuses on detecting the following: + +### Generally Suspicious Files: + +:heavy_check_mark: Mime type confusion. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### CSV Files +:heavy_check_mark: CSV Injection. + +:black_square_button: Files with a root UID or GID (*NIX only). + +:black_square_button: Sticky, setuid, or setgit bit (*NIX only). + +### Office Documents +:heavy_check_mark: DDE injection. + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +### Zip Files +:heavy_check_mark: Symlink attacks. + +:heavy_check_mark: Zip slips. + +:heavy_check_mark: Nested zip bombs. + +:heavy_check_mark: Flat zip bombs. + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +### Tar Files +:heavy_check_mark: Files with a root UID or GID (*NIX only). + +:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only). + +:black_square_button: Files with absolute paths (*Nix only). + + + +### Additional Features +Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details. + +## [Getting Started](https://jeffallan.github.io/badfiles/installation/) + +## [Usage](https://jeffallan.github.io/badfiles/usage/) + +## Credits + +This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage) + +This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules. + +This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads. + +### Contributors + + + + + + +%prep +%autosetup -n badfiles-0.3.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-badfiles -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Thu May 18 2023 Python_Bot - 0.3.0-1 +- Package Spec generated diff --git a/sources b/sources new file mode 100644 index 0000000..37669d9 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +5ce816a32f72936785235cb06888a3a1 badfiles-0.3.0.tar.gz -- cgit v1.2.3