diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | python-cvsslib.spec | 489 | ||||
| -rw-r--r-- | sources | 1 |
3 files changed, 491 insertions, 0 deletions
@@ -0,0 +1 @@ +/cvsslib-1.0.0.tar.gz diff --git a/python-cvsslib.spec b/python-cvsslib.spec new file mode 100644 index 0000000..08f9355 --- /dev/null +++ b/python-cvsslib.spec @@ -0,0 +1,489 @@ +%global _empty_manifest_terminate_build 0 +Name: python-cvsslib +Version: 1.0.0 +Release: 1 +Summary: CVSS 2/3 utilities +License: GPL-3.0-or-later +URL: https://github.com/orf/cvsslib/ +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/c1/8a/1f26cf24ad993dd01c4ce42f3e15d1ed09e5263fdacdaa5776f3e6c43adb/cvsslib-1.0.0.tar.gz +BuildArch: noarch + + +%description +# CVSSlib  + +A Python 3 library for calculating CVSS v2, CVSS v3 and CVSS v3.1 vectors, with tests. Examples on how to use +the library is shown below, and there is some documentation on the internals within the `docs` directory. The library +is designed to be completely extendable, so it is possible to implement your own custom scoring systems (or those of your clients) +and have it work with the same API, and with the same bells and whistles. + +**Python 3 only** + +## API + +It's pretty simple to use. `cvsslib` has a `cvss2`, `cvss3` and `cvss31` sub modules that contains all of the enums +and calculation code. There are also some functions to manipulate vectors that take these cvss modules +as arguments. E.G: + +```python +from cvsslib import cvss2, cvss31, calculate_vector + +vector_v2 = "AV:L/AC:M/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:UR/CDP:N/TD:L/CR:H/IR:H/AR:H" +calculate_vector(vector_v2, cvss2) +>> (5, 3.5, 1.2) + +vector_v3 = "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N" +calculate_vector(vector_v3, cvss31) +>> (5.8, 5.8, 7.1) +``` + +You can access every CVSS enum through the `cvss2`, `cvss3` or `cvss31` modules: + +```python +from cvsslib import cvss2 +# In this case doing from 'cvsslib.cvss2.enums import *' might be less verbose. +value = cvss2.ReportConfidence.CONFIRMED + +if value != cvss2.ReportConfidence.NOT_DEFINED: + do_something() +``` + +There are some powerful mixin functions if you need a class with CVSS members. These functions +take a cvss version and return a base class you can inherit from. This class hassome utility functions like +`to_vector()` and `from_vector()` you can use. + +```python +from cvsslib import cvss3, class_mixin + +BaseClass = class_mixin(cvss3) # Can pass cvss2 module instead + +class SomeObject(BaseClass): + def print_stats(self): + for item, value in self.enums: + print("{0} is {1}".format(item, value) + +state = SomeObject() +print("\n".join(state.debug())) +print(state.calculate()) +state.from_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N") +print("Vector: " + state.to_vector()) + +# Access members: +if state.report_confidence == ReportConfidence.NOT_DEFINED: + do_something() +``` + +It also supports Django models. Requires the `django-enumfields` package. + +```python +from cvsslib.contrib.django_model import django_mixin +from cvsslib import cvss2 +from django.db import models + +CVSSBase = django_mixin(cvss2) + +class CVSSModel(models.Model, metaclass=CVSSBase) + pass + +# CVSSModel now has lots of enum you can use +x = CVSSModel() +x.save() +x.exploitability +``` + +If you want it to work with django Migrations you need to give an attribute name to the `django_mixin` function. This +should match the attribute name it is being assigned to: + +```python +CVSSBase = django_mixin(cvss2, attr_name="CVSSBase") +``` + +And there is a command line tool available: + +```python +> cvss CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:P/RL:U/RC:U/CR:H/IR:L/AR:H/MAV:L/MUI:R/MS:C/MC:N/MI:L/MA:N +Base Score: 5.3 +Temporal: 4.6 +Environment: 1.3 +``` + +## Custom Scoring Systems + +Creating a new scoring system is very simple. First create a Python file with the correct name, e.g `super_scores.py`. +Next create some enums with the correct values for your system: + +```python + from cvsslib.base_enum import BaseEnum + + + class Risk(BaseEnum): + """ + Vector: S + """ + HIGH = 1 + MEDIUM = 2 + LOW = 3 + + class Difficulty(BaseEnum): + """ + Vector: D + """ + DIFFICULT = 1 + MODERATE = 2 + EASY = 3 +``` + +And lastly add a `calculate` function in the module that accepts some vector values and +returns a result of some kind: + +```python + +def calculate(difficulty: Difficulty, risk: Risk): + if difficulty == Difficulty.EASY and risk == Risk.CRITICAL: + return "oh nuts you're screwed" + + return "You're probs ok m8" +``` + +Once you define this you can pass your `super_scores` module to any +cvsslib function like `calculate_vector` or `django_mixin` and it will +all just work. You can even serialize the data to and from a vector +if you define the correct `vector: X` in the enum docstrings. + + +%package -n python3-cvsslib +Summary: CVSS 2/3 utilities +Provides: python-cvsslib +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-cvsslib +# CVSSlib  + +A Python 3 library for calculating CVSS v2, CVSS v3 and CVSS v3.1 vectors, with tests. Examples on how to use +the library is shown below, and there is some documentation on the internals within the `docs` directory. The library +is designed to be completely extendable, so it is possible to implement your own custom scoring systems (or those of your clients) +and have it work with the same API, and with the same bells and whistles. + +**Python 3 only** + +## API + +It's pretty simple to use. `cvsslib` has a `cvss2`, `cvss3` and `cvss31` sub modules that contains all of the enums +and calculation code. There are also some functions to manipulate vectors that take these cvss modules +as arguments. E.G: + +```python +from cvsslib import cvss2, cvss31, calculate_vector + +vector_v2 = "AV:L/AC:M/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:UR/CDP:N/TD:L/CR:H/IR:H/AR:H" +calculate_vector(vector_v2, cvss2) +>> (5, 3.5, 1.2) + +vector_v3 = "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N" +calculate_vector(vector_v3, cvss31) +>> (5.8, 5.8, 7.1) +``` + +You can access every CVSS enum through the `cvss2`, `cvss3` or `cvss31` modules: + +```python +from cvsslib import cvss2 +# In this case doing from 'cvsslib.cvss2.enums import *' might be less verbose. +value = cvss2.ReportConfidence.CONFIRMED + +if value != cvss2.ReportConfidence.NOT_DEFINED: + do_something() +``` + +There are some powerful mixin functions if you need a class with CVSS members. These functions +take a cvss version and return a base class you can inherit from. This class hassome utility functions like +`to_vector()` and `from_vector()` you can use. + +```python +from cvsslib import cvss3, class_mixin + +BaseClass = class_mixin(cvss3) # Can pass cvss2 module instead + +class SomeObject(BaseClass): + def print_stats(self): + for item, value in self.enums: + print("{0} is {1}".format(item, value) + +state = SomeObject() +print("\n".join(state.debug())) +print(state.calculate()) +state.from_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N") +print("Vector: " + state.to_vector()) + +# Access members: +if state.report_confidence == ReportConfidence.NOT_DEFINED: + do_something() +``` + +It also supports Django models. Requires the `django-enumfields` package. + +```python +from cvsslib.contrib.django_model import django_mixin +from cvsslib import cvss2 +from django.db import models + +CVSSBase = django_mixin(cvss2) + +class CVSSModel(models.Model, metaclass=CVSSBase) + pass + +# CVSSModel now has lots of enum you can use +x = CVSSModel() +x.save() +x.exploitability +``` + +If you want it to work with django Migrations you need to give an attribute name to the `django_mixin` function. This +should match the attribute name it is being assigned to: + +```python +CVSSBase = django_mixin(cvss2, attr_name="CVSSBase") +``` + +And there is a command line tool available: + +```python +> cvss CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:P/RL:U/RC:U/CR:H/IR:L/AR:H/MAV:L/MUI:R/MS:C/MC:N/MI:L/MA:N +Base Score: 5.3 +Temporal: 4.6 +Environment: 1.3 +``` + +## Custom Scoring Systems + +Creating a new scoring system is very simple. First create a Python file with the correct name, e.g `super_scores.py`. +Next create some enums with the correct values for your system: + +```python + from cvsslib.base_enum import BaseEnum + + + class Risk(BaseEnum): + """ + Vector: S + """ + HIGH = 1 + MEDIUM = 2 + LOW = 3 + + class Difficulty(BaseEnum): + """ + Vector: D + """ + DIFFICULT = 1 + MODERATE = 2 + EASY = 3 +``` + +And lastly add a `calculate` function in the module that accepts some vector values and +returns a result of some kind: + +```python + +def calculate(difficulty: Difficulty, risk: Risk): + if difficulty == Difficulty.EASY and risk == Risk.CRITICAL: + return "oh nuts you're screwed" + + return "You're probs ok m8" +``` + +Once you define this you can pass your `super_scores` module to any +cvsslib function like `calculate_vector` or `django_mixin` and it will +all just work. You can even serialize the data to and from a vector +if you define the correct `vector: X` in the enum docstrings. + + +%package help +Summary: Development documents and examples for cvsslib +Provides: python3-cvsslib-doc +%description help +# CVSSlib  + +A Python 3 library for calculating CVSS v2, CVSS v3 and CVSS v3.1 vectors, with tests. Examples on how to use +the library is shown below, and there is some documentation on the internals within the `docs` directory. The library +is designed to be completely extendable, so it is possible to implement your own custom scoring systems (or those of your clients) +and have it work with the same API, and with the same bells and whistles. + +**Python 3 only** + +## API + +It's pretty simple to use. `cvsslib` has a `cvss2`, `cvss3` and `cvss31` sub modules that contains all of the enums +and calculation code. There are also some functions to manipulate vectors that take these cvss modules +as arguments. E.G: + +```python +from cvsslib import cvss2, cvss31, calculate_vector + +vector_v2 = "AV:L/AC:M/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:UR/CDP:N/TD:L/CR:H/IR:H/AR:H" +calculate_vector(vector_v2, cvss2) +>> (5, 3.5, 1.2) + +vector_v3 = "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N" +calculate_vector(vector_v3, cvss31) +>> (5.8, 5.8, 7.1) +``` + +You can access every CVSS enum through the `cvss2`, `cvss3` or `cvss31` modules: + +```python +from cvsslib import cvss2 +# In this case doing from 'cvsslib.cvss2.enums import *' might be less verbose. +value = cvss2.ReportConfidence.CONFIRMED + +if value != cvss2.ReportConfidence.NOT_DEFINED: + do_something() +``` + +There are some powerful mixin functions if you need a class with CVSS members. These functions +take a cvss version and return a base class you can inherit from. This class hassome utility functions like +`to_vector()` and `from_vector()` you can use. + +```python +from cvsslib import cvss3, class_mixin + +BaseClass = class_mixin(cvss3) # Can pass cvss2 module instead + +class SomeObject(BaseClass): + def print_stats(self): + for item, value in self.enums: + print("{0} is {1}".format(item, value) + +state = SomeObject() +print("\n".join(state.debug())) +print(state.calculate()) +state.from_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:H/MPR:N") +print("Vector: " + state.to_vector()) + +# Access members: +if state.report_confidence == ReportConfidence.NOT_DEFINED: + do_something() +``` + +It also supports Django models. Requires the `django-enumfields` package. + +```python +from cvsslib.contrib.django_model import django_mixin +from cvsslib import cvss2 +from django.db import models + +CVSSBase = django_mixin(cvss2) + +class CVSSModel(models.Model, metaclass=CVSSBase) + pass + +# CVSSModel now has lots of enum you can use +x = CVSSModel() +x.save() +x.exploitability +``` + +If you want it to work with django Migrations you need to give an attribute name to the `django_mixin` function. This +should match the attribute name it is being assigned to: + +```python +CVSSBase = django_mixin(cvss2, attr_name="CVSSBase") +``` + +And there is a command line tool available: + +```python +> cvss CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:P/RL:U/RC:U/CR:H/IR:L/AR:H/MAV:L/MUI:R/MS:C/MC:N/MI:L/MA:N +Base Score: 5.3 +Temporal: 4.6 +Environment: 1.3 +``` + +## Custom Scoring Systems + +Creating a new scoring system is very simple. First create a Python file with the correct name, e.g `super_scores.py`. +Next create some enums with the correct values for your system: + +```python + from cvsslib.base_enum import BaseEnum + + + class Risk(BaseEnum): + """ + Vector: S + """ + HIGH = 1 + MEDIUM = 2 + LOW = 3 + + class Difficulty(BaseEnum): + """ + Vector: D + """ + DIFFICULT = 1 + MODERATE = 2 + EASY = 3 +``` + +And lastly add a `calculate` function in the module that accepts some vector values and +returns a result of some kind: + +```python + +def calculate(difficulty: Difficulty, risk: Risk): + if difficulty == Difficulty.EASY and risk == Risk.CRITICAL: + return "oh nuts you're screwed" + + return "You're probs ok m8" +``` + +Once you define this you can pass your `super_scores` module to any +cvsslib function like `calculate_vector` or `django_mixin` and it will +all just work. You can even serialize the data to and from a vector +if you define the correct `vector: X` in the enum docstrings. + + +%prep +%autosetup -n cvsslib-1.0.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-cvsslib -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Thu May 18 2023 Python_Bot <Python_Bot@openeuler.org> - 1.0.0-1 +- Package Spec generated @@ -0,0 +1 @@ +e9f45c40fe0fef43d65719177f554fd9 cvsslib-1.0.0.tar.gz |