From d8d5f53c13cf1bfa75df170b522d1aefe52d9a57 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Wed, 10 May 2023 04:10:20 +0000 Subject: automatic import of python-django-security --- .gitignore | 1 + python-django-security.spec | 636 ++++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 638 insertions(+) create mode 100644 python-django-security.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..16d726d 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/django-security-0.12.0.tar.gz diff --git a/python-django-security.spec b/python-django-security.spec new file mode 100644 index 0000000..97d02b9 --- /dev/null +++ b/python-django-security.spec @@ -0,0 +1,636 @@ +%global _empty_manifest_terminate_build 0 +Name: python-django-security +Version: 0.12.0 +Release: 1 +Summary: A collection of tools to help secure a Django project. +License: BSD License +URL: https://github.com/sdelements/django-security +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/ee/4e/cd1ee5f8005d87b47d2e9313aed8ed700d1ffcdc24b52a57ac4a1a5971d4/django-security-0.12.0.tar.gz +BuildArch: noarch + + +%description +# Django-Security + +[![Build Status](https://travis-ci.org/sdelements/django-security.svg?branch=master)](https://travis-ci.org/sdelements/django-security) + +This package offers a number of models, views, middlewares and forms to facilitate security hardening of Django applications. + +# Full documentation + +Automatically generated documentation of `django-security` is available on Read The Docs: + +* [Django-security documentation](http://django-security.readthedocs.org/en/latest/) + +# Requirements + +* Python >= 3.6 +* Django >= 1.11 + +For Django < 1.8 use django-security==0.9.4. For Django < 1.11 use django-security==0.11.3. + +Note: For versions prior to 0.10.0, `datetime` objects were being added to the session and required Django's PickleSerializer for (de)serializing. This has now been changed so that the strings of these `datetime`s are being stored instead. If you are still using PickleSerializer for this reason, we suggest switching to Django's default JSONSerializer (default since Django 1.6) for better security. + + +# Installation + +Install from Python packages repository: + + pip install django-security + +If you prefer the latest development version, install from +[django-security](https://github.com/sdelements/django-security) repository on GitHub: + + git clone https://github.com/sdelements/django-security.git + cd django-security + sudo python setup.py install + +Adding to Django application's `settings.py` file: + + INSTALLED_APPS = ( + ... + 'security', + ... + ) + +Pre-Django 1.10, middleware modules can be added to `MIDDLEWARE_CLASSES` list in settings file: + + MIDDLEWARE_CLASSES = ( + ... + 'security.middleware.DoNotTrackMiddleware', + 'security.middleware.ContentNoSniff', + 'security.middleware.XssProtectMiddleware', + 'security.middleware.XFrameOptionsMiddleware', + ) + +After Django 1.10, middleware modules can be added to `MIDDLEWARE` list in settings file: + + MIDDLEWARE = ( + ... + 'security.middleware.DoNotTrackMiddleware', + 'security.middleware.ContentNoSniff', + 'security.middleware.XssProtectMiddleware', + 'security.middleware.XFrameOptionsMiddleware', + ) + + + +Unlike the modules listed above, some other modules **require** configuration settings, +fully described in [django-security documentation](http://django-security.readthedocs.org/en/latest/). +Brief description is provided below. + +## Middleware + +Provided middleware modules will modify web application's output and input and in most cases requires no +or minimum configuration. + + + + + + + + + + + + + + + + + +
Middleware +Description +Configuration +
ClearSiteDataMiddleware +Send Clear-Site-Data header in HTTP response for any page that has been whitelisted. Recommended. +Required. + +
ContentNoSniff +DEPRECATED: Will be removed in future releases, consider django.middleware.security.SecurityMiddleware via SECURE_CONTENT_TYPE_NOSNIFF setting.
Disable possibly insecure autodetection of MIME types in browsers. Recommended. +		None. + +
ContentSecurityPolicyMiddleware +Send Content Security Policy (CSP) header in HTTP response. Recommended, requires careful tuning. +Required. + +
DoNotTrackMiddleware +Read user browser's DoNotTrack preference and pass it to application. Recommended, requires implementation in views and templates. +None. + +
LoginRequiredMiddleware +Requires a user to be authenticated to view any page on the site that hasn't been white listed. +Required. + +
MandatoryPasswordChangeMiddleware +Redirects any request from an authenticated user to the password change form if that user's password has expired. +Required. + +
NoConfidentialCachingMiddleware +Adds No-Cache and No-Store headers to confidential pages. +Required. + +
P3PPolicyMiddleware +DEPRECATED: Will be removed in future releases.
Adds the HTTP header attribute specifying compact P3P policy. +		Required. + +
SessionExpiryPolicyMiddleware +Expire sessions on browser close, and on expiry times stored in the cookie itself. +Required. + +
StrictTransportSecurityMiddleware +DEPRECATED: Will be removed in future releases, consider django.middleware.security.SecurityMiddleware via SECURE_HSTS_SECONDS, SECURE_HSTS_INCLUDE_SUBDOMAINS and SECURE_HSTS_PRELOAD settings.
Enforce SSL/TLS connection and disable plaintext fall-back. Recommended for SSL/TLS sites. +		Optional. + +
XFrameOptionsMiddleware +Disable framing of the website, mitigating Clickjacking attacks. Recommended. +Optional. + +
XssProtectMiddleware +DEPRECATED: Will be removed in future releases, consider django.middleware.security.SecurityMiddleware via SECURE_BROWSER_XSS_FILTER setting.
Enforce browser's Cross Site Scripting protection. Recommended. +		None. + +
+ +## Views + +`csp_report` + +View that allows reception of Content Security Policy violation reports sent by browsers in response +to CSP header set by ``ContentSecurityPolicyMiddleware`. This should be used only if long term, continuous CSP report +analysis is required. For one time CSP setup [CspBuilder](http://cspbuilder.info/) is much simpler. + +This view can be configured to either log received reports or store them in database. +See [documentation](http://django-security.readthedocs.org/en/latest/#security.views.csp_report) for details. + +`require_ajax` + +A view decorator which ensures that the request being processed by view is an AJAX request. Example usage: + + @require_ajax + def myview(request): + ... + +## Models + +`CspReport` + +Content Security Policy violation report object. Only makes sense if `ContentSecurityPolicyMiddleware` and `csp_report` view are used. +With this model, the reports can be then analysed in Django admin site. + +`PasswordExpiry` + +Associate a password expiry date with a user. + +## Logging + +All `django-security` modules send important log messages to `security` facility. The application should configure a handler to receive them: + + LOGGING = { + ... + 'loggers': { + 'security': { + 'handlers': ['console',], + 'level': 'INFO', + 'propagate': False, + 'formatter': 'verbose', + }, + }, + ... + } + +%package -n python3-django-security +Summary: A collection of tools to help secure a Django project. +Provides: python-django-security +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-django-security +# Django-Security + +[![Build Status](https://travis-ci.org/sdelements/django-security.svg?branch=master)](https://travis-ci.org/sdelements/django-security) + +This package offers a number of models, views, middlewares and forms to facilitate security hardening of Django applications. + +# Full documentation + +Automatically generated documentation of `django-security` is available on Read The Docs: + +* [Django-security documentation](http://django-security.readthedocs.org/en/latest/) + +# Requirements + +* Python >= 3.6 +* Django >= 1.11 + +For Django < 1.8 use django-security==0.9.4. For Django < 1.11 use django-security==0.11.3. + +Note: For versions prior to 0.10.0, `datetime` objects were being added to the session and required Django's PickleSerializer for (de)serializing. This has now been changed so that the strings of these `datetime`s are being stored instead. If you are still using PickleSerializer for this reason, we suggest switching to Django's default JSONSerializer (default since Django 1.6) for better security. + + +# Installation + +Install from Python packages repository: + + pip install django-security + +If you prefer the latest development version, install from +[django-security](https://github.com/sdelements/django-security) repository on GitHub: + + git clone https://github.com/sdelements/django-security.git + cd django-security + sudo python setup.py install + +Adding to Django application's `settings.py` file: + + INSTALLED_APPS = ( + ... + 'security', + ... + ) + +Pre-Django 1.10, middleware modules can be added to `MIDDLEWARE_CLASSES` list in settings file: + + MIDDLEWARE_CLASSES = ( + ... + 'security.middleware.DoNotTrackMiddleware', + 'security.middleware.ContentNoSniff', + 'security.middleware.XssProtectMiddleware', + 'security.middleware.XFrameOptionsMiddleware', + ) + +After Django 1.10, middleware modules can be added to `MIDDLEWARE` list in settings file: + + MIDDLEWARE = ( + ... + 'security.middleware.DoNotTrackMiddleware', + 'security.middleware.ContentNoSniff', + 'security.middleware.XssProtectMiddleware', + 'security.middleware.XFrameOptionsMiddleware', + ) + + + +Unlike the modules listed above, some other modules **require** configuration settings, +fully described in [django-security documentation](http://django-security.readthedocs.org/en/latest/). +Brief description is provided below. + +## Middleware + +Provided middleware modules will modify web application's output and input and in most cases requires no +or minimum configuration. + + + + + + + + + + + + + + + + + +
Middleware +Description +Configuration +
ClearSiteDataMiddleware +Send Clear-Site-Data header in HTTP response for any page that has been whitelisted. Recommended. +Required. + +
ContentNoSniff +DEPRECATED: Will be removed in future releases, consider django.middleware.security.SecurityMiddleware via SECURE_CONTENT_TYPE_NOSNIFF setting.
Disable possibly insecure autodetection of MIME types in browsers. Recommended. +		None. + +
ContentSecurityPolicyMiddleware +Send Content Security Policy (CSP) header in HTTP response. Recommended, requires careful tuning. +Required. + +
DoNotTrackMiddleware +Read user browser's DoNotTrack preference and pass it to application. Recommended, requires implementation in views and templates. +None. + +
LoginRequiredMiddleware +Requires a user to be authenticated to view any page on the site that hasn't been white listed. +Required. + +
MandatoryPasswordChangeMiddleware +Redirects any request from an authenticated user to the password change form if that user's password has expired. +Required. + +
NoConfidentialCachingMiddleware +Adds No-Cache and No-Store headers to confidential pages. +Required. + +
P3PPolicyMiddleware +DEPRECATED: Will be removed in future releases.
Adds the HTTP header attribute specifying compact P3P policy. +		Required. + +
SessionExpiryPolicyMiddleware +Expire sessions on browser close, and on expiry times stored in the cookie itself. +Required. + +
StrictTransportSecurityMiddleware +DEPRECATED: Will be removed in future releases, consider django.middleware.security.SecurityMiddleware via SECURE_HSTS_SECONDS, SECURE_HSTS_INCLUDE_SUBDOMAINS and SECURE_HSTS_PRELOAD settings.
Enforce SSL/TLS connection and disable plaintext fall-back. Recommended for SSL/TLS sites. +		Optional. + +
XFrameOptionsMiddleware +Disable framing of the website, mitigating Clickjacking attacks. Recommended. +Optional. + +
XssProtectMiddleware +DEPRECATED: Will be removed in future releases, consider django.middleware.security.SecurityMiddleware via SECURE_BROWSER_XSS_FILTER setting.
Enforce browser's Cross Site Scripting protection. Recommended. +		None. + +
+ +## Views + +`csp_report` + +View that allows reception of Content Security Policy violation reports sent by browsers in response +to CSP header set by ``ContentSecurityPolicyMiddleware`. This should be used only if long term, continuous CSP report +analysis is required. For one time CSP setup [CspBuilder](http://cspbuilder.info/) is much simpler. + +This view can be configured to either log received reports or store them in database. +See [documentation](http://django-security.readthedocs.org/en/latest/#security.views.csp_report) for details. + +`require_ajax` + +A view decorator which ensures that the request being processed by view is an AJAX request. Example usage: + + @require_ajax + def myview(request): + ... + +## Models + +`CspReport` + +Content Security Policy violation report object. Only makes sense if `ContentSecurityPolicyMiddleware` and `csp_report` view are used. +With this model, the reports can be then analysed in Django admin site. + +`PasswordExpiry` + +Associate a password expiry date with a user. + +## Logging + +All `django-security` modules send important log messages to `security` facility. The application should configure a handler to receive them: + + LOGGING = { + ... + 'loggers': { + 'security': { + 'handlers': ['console',], + 'level': 'INFO', + 'propagate': False, + 'formatter': 'verbose', + }, + }, + ... + } + +%package help +Summary: Development documents and examples for django-security +Provides: python3-django-security-doc +%description help +# Django-Security + +[![Build Status](https://travis-ci.org/sdelements/django-security.svg?branch=master)](https://travis-ci.org/sdelements/django-security) + +This package offers a number of models, views, middlewares and forms to facilitate security hardening of Django applications. + +# Full documentation + +Automatically generated documentation of `django-security` is available on Read The Docs: + +* [Django-security documentation](http://django-security.readthedocs.org/en/latest/) + +# Requirements + +* Python >= 3.6 +* Django >= 1.11 + +For Django < 1.8 use django-security==0.9.4. For Django < 1.11 use django-security==0.11.3. + +Note: For versions prior to 0.10.0, `datetime` objects were being added to the session and required Django's PickleSerializer for (de)serializing. This has now been changed so that the strings of these `datetime`s are being stored instead. If you are still using PickleSerializer for this reason, we suggest switching to Django's default JSONSerializer (default since Django 1.6) for better security. + + +# Installation + +Install from Python packages repository: + + pip install django-security + +If you prefer the latest development version, install from +[django-security](https://github.com/sdelements/django-security) repository on GitHub: + + git clone https://github.com/sdelements/django-security.git + cd django-security + sudo python setup.py install + +Adding to Django application's `settings.py` file: + + INSTALLED_APPS = ( + ... + 'security', + ... + ) + +Pre-Django 1.10, middleware modules can be added to `MIDDLEWARE_CLASSES` list in settings file: + + MIDDLEWARE_CLASSES = ( + ... + 'security.middleware.DoNotTrackMiddleware', + 'security.middleware.ContentNoSniff', + 'security.middleware.XssProtectMiddleware', + 'security.middleware.XFrameOptionsMiddleware', + ) + +After Django 1.10, middleware modules can be added to `MIDDLEWARE` list in settings file: + + MIDDLEWARE = ( + ... + 'security.middleware.DoNotTrackMiddleware', + 'security.middleware.ContentNoSniff', + 'security.middleware.XssProtectMiddleware', + 'security.middleware.XFrameOptionsMiddleware', + ) + + + +Unlike the modules listed above, some other modules **require** configuration settings, +fully described in [django-security documentation](http://django-security.readthedocs.org/en/latest/). +Brief description is provided below. + +## Middleware + +Provided middleware modules will modify web application's output and input and in most cases requires no +or minimum configuration. + + + + + + + + + + + + + + + + + +
Middleware +Description +Configuration +
ClearSiteDataMiddleware +Send Clear-Site-Data header in HTTP response for any page that has been whitelisted. Recommended. +Required. + +
ContentNoSniff +DEPRECATED: Will be removed in future releases, consider django.middleware.security.SecurityMiddleware via SECURE_CONTENT_TYPE_NOSNIFF setting.
Disable possibly insecure autodetection of MIME types in browsers. Recommended. +		None. + +
ContentSecurityPolicyMiddleware +Send Content Security Policy (CSP) header in HTTP response. Recommended, requires careful tuning. +Required. + +
DoNotTrackMiddleware +Read user browser's DoNotTrack preference and pass it to application. Recommended, requires implementation in views and templates. +None. + +
LoginRequiredMiddleware +Requires a user to be authenticated to view any page on the site that hasn't been white listed. +Required. + +
MandatoryPasswordChangeMiddleware +Redirects any request from an authenticated user to the password change form if that user's password has expired. +Required. + +
NoConfidentialCachingMiddleware +Adds No-Cache and No-Store headers to confidential pages. +Required. + +
P3PPolicyMiddleware +DEPRECATED: Will be removed in future releases.
Adds the HTTP header attribute specifying compact P3P policy. +		Required. + +
SessionExpiryPolicyMiddleware +Expire sessions on browser close, and on expiry times stored in the cookie itself. +Required. + +
StrictTransportSecurityMiddleware +DEPRECATED: Will be removed in future releases, consider django.middleware.security.SecurityMiddleware via SECURE_HSTS_SECONDS, SECURE_HSTS_INCLUDE_SUBDOMAINS and SECURE_HSTS_PRELOAD settings.
Enforce SSL/TLS connection and disable plaintext fall-back. Recommended for SSL/TLS sites. +		Optional. + +
XFrameOptionsMiddleware +Disable framing of the website, mitigating Clickjacking attacks. Recommended. +Optional. + +
XssProtectMiddleware +DEPRECATED: Will be removed in future releases, consider django.middleware.security.SecurityMiddleware via SECURE_BROWSER_XSS_FILTER setting.
Enforce browser's Cross Site Scripting protection. Recommended. +		None. + +
+ +## Views + +`csp_report` + +View that allows reception of Content Security Policy violation reports sent by browsers in response +to CSP header set by ``ContentSecurityPolicyMiddleware`. This should be used only if long term, continuous CSP report +analysis is required. For one time CSP setup [CspBuilder](http://cspbuilder.info/) is much simpler. + +This view can be configured to either log received reports or store them in database. +See [documentation](http://django-security.readthedocs.org/en/latest/#security.views.csp_report) for details. + +`require_ajax` + +A view decorator which ensures that the request being processed by view is an AJAX request. Example usage: + + @require_ajax + def myview(request): + ... + +## Models + +`CspReport` + +Content Security Policy violation report object. Only makes sense if `ContentSecurityPolicyMiddleware` and `csp_report` view are used. +With this model, the reports can be then analysed in Django admin site. + +`PasswordExpiry` + +Associate a password expiry date with a user. + +## Logging + +All `django-security` modules send important log messages to `security` facility. The application should configure a handler to receive them: + + LOGGING = { + ... + 'loggers': { + 'security': { + 'handlers': ['console',], + 'level': 'INFO', + 'propagate': False, + 'formatter': 'verbose', + }, + }, + ... + } + +%prep +%autosetup -n django-security-0.12.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-django-security -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Wed May 10 2023 Python_Bot - 0.12.0-1 +- Package Spec generated diff --git a/sources b/sources new file mode 100644 index 0000000..c937e98 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +e7eed35d490a00eb626400fb0795cda9 django-security-0.12.0.tar.gz -- cgit v1.2.3