diff options
Diffstat (limited to 'python-defusedcsv.spec')
| -rw-r--r-- | python-defusedcsv.spec | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/python-defusedcsv.spec b/python-defusedcsv.spec new file mode 100644 index 0000000..daa9dce --- /dev/null +++ b/python-defusedcsv.spec @@ -0,0 +1,93 @@ +%global _empty_manifest_terminate_build 0 +Name: python-defusedcsv +Version: 2.0.0 +Release: 1 +Summary: Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks +License: Apache License 2.0 +URL: https://github.com/raphaelm/defusedcsv +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/09/71/b315ee2dde73f37cc8245c5f31034e790ef72fa31b431f4bd534d9c0a19b/defusedcsv-2.0.0.tar.gz +BuildArch: noarch + + +%description +If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious +payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS +Excel or LibreOffice). +This library tries to mitigate that by prepending all cells starting with ``@``, ``+``, +``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all +``|`` characters in these cells with ``\|``. This will of course change the resulting +CSV files, but Excel will not display the ``'`` character to the user. +Tested with Python 3.8 to 3.10. + +%package -n python3-defusedcsv +Summary: Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks +Provides: python-defusedcsv +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-defusedcsv +If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious +payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS +Excel or LibreOffice). +This library tries to mitigate that by prepending all cells starting with ``@``, ``+``, +``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all +``|`` characters in these cells with ``\|``. This will of course change the resulting +CSV files, but Excel will not display the ``'`` character to the user. +Tested with Python 3.8 to 3.10. + +%package help +Summary: Development documents and examples for defusedcsv +Provides: python3-defusedcsv-doc +%description help +If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious +payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS +Excel or LibreOffice). +This library tries to mitigate that by prepending all cells starting with ``@``, ``+``, +``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all +``|`` characters in these cells with ``\|``. This will of course change the resulting +CSV files, but Excel will not display the ``'`` character to the user. +Tested with Python 3.8 to 3.10. + +%prep +%autosetup -n defusedcsv-2.0.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-defusedcsv -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Wed May 10 2023 Python_Bot <Python_Bot@openeuler.org> - 2.0.0-1 +- Package Spec generated |