path: root/python-defusedcsv.spec

%global _empty_manifest_terminate_build 0
Name:		python-defusedcsv
Version:	2.0.0
Release:	1
Summary:	Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks
License:	Apache License 2.0
URL:		https://github.com/raphaelm/defusedcsv
Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/09/71/b315ee2dde73f37cc8245c5f31034e790ef72fa31b431f4bd534d9c0a19b/defusedcsv-2.0.0.tar.gz
BuildArch:	noarch


%description
If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious
payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS
Excel or LibreOffice).
This library tries to mitigate that by prepending all cells starting with ``@``, ``+``,
``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all
``|`` characters in these cells with ``\|``. This will of course change the resulting
CSV files, but Excel will not display the ``'`` character to the user.
Tested with Python 3.8 to 3.10.

%package -n python3-defusedcsv
Summary:	Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks
Provides:	python-defusedcsv
BuildRequires:	python3-devel
BuildRequires:	python3-setuptools
BuildRequires:	python3-pip
%description -n python3-defusedcsv
If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious
payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS
Excel or LibreOffice).
This library tries to mitigate that by prepending all cells starting with ``@``, ``+``,
``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all
``|`` characters in these cells with ``\|``. This will of course change the resulting
CSV files, but Excel will not display the ``'`` character to the user.
Tested with Python 3.8 to 3.10.

%package help
Summary:	Development documents and examples for defusedcsv
Provides:	python3-defusedcsv-doc
%description help
If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious
payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS
Excel or LibreOffice).
This library tries to mitigate that by prepending all cells starting with ``@``, ``+``,
``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all
``|`` characters in these cells with ``\|``. This will of course change the resulting
CSV files, but Excel will not display the ``'`` character to the user.
Tested with Python 3.8 to 3.10.

%prep
%autosetup -n defusedcsv-2.0.0

%build
%py3_build

%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
	find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
	find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
	find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
	find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
	find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .

%files -n python3-defusedcsv -f filelist.lst
%dir %{python3_sitelib}/*

%files help -f doclist.lst
%{_docdir}/*

%changelog
* Thu Jun 08 2023 Python_Bot <Python_Bot@openeuler.org> - 2.0.0-1
- Package Spec generated