diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | python-malwaretl-stoq-transformer.spec | 143 | ||||
| -rw-r--r-- | sources | 1 |
3 files changed, 145 insertions, 0 deletions
@@ -0,0 +1 @@ +/malwaretl_stoq_transformer-1.0.7.tar.gz diff --git a/python-malwaretl-stoq-transformer.spec b/python-malwaretl-stoq-transformer.spec new file mode 100644 index 0000000..bc7bc42 --- /dev/null +++ b/python-malwaretl-stoq-transformer.spec @@ -0,0 +1,143 @@ +%global _empty_manifest_terminate_build 0 +Name: python-malwaretl-stoq-transformer +Version: 1.0.7 +Release: 1 +Summary: Helper class to build Stoq instances for use in MalwareETL pipelines +License: Apache Software License +URL: https://github.com/g-clef/stoq_transformer +Source0: https://mirrors.aliyun.com/pypi/web/packages/d4/7b/4f4aee8853bbabc6d9ac8217da5f273dd26cbfcba5117a64670e8a4a0105/malwaretl_stoq_transformer-1.0.7.tar.gz +BuildArch: noarch + +Requires: python3-stoq-framework +Requires: python3-lief + +%description +# malwaretl_stoq_transformer +Transform step in malwarETL pipeline for captured files + +This includes a few clustom stoQ plugins: + 1. A custom EMBER-format Lief because I want to make sure the data collected here matches the +EMBER dataset format. The `to_json` LIEF method does not include some values if they're False, empty lists, etc in +the final json, and that is a problem for training since those are values that I want to be able to learn on. Also, +some of the values were strangely different (`len(lief_obj.imported_functions) != len(lief_json["imports}]`) so I could +not be convinced that the json dump was clearly comparable to the EMBER dataset data. + 2. A custom version of the regular Lief plugin, because the lief library is looking for input as a list, rather than as a +straight bytestring, so the default Lief plugin didn't work. + 3. A custom dispatcher that looks at the mimetype of a file, and selectively dispatches files to workers depending on the mimetype. + + +This project is designed to be used in two ways (at the same time): + 1. Collector or Transformer projects import the library, get a stoq instance for their collector, and progressively hand + files to that instance for scanning as they download them. + 2. Collector or Transformer projects use the Docker image generated here as the base image for their images, so that + the stoq requirements are pre-installed in their starting image. + + +The original Stoq plugins that I modified were licensed under the Apache License, and are copyrighted by the +PUNCH Cyber Analytics Group. + + +%package -n python3-malwaretl-stoq-transformer +Summary: Helper class to build Stoq instances for use in MalwareETL pipelines +Provides: python-malwaretl-stoq-transformer +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-malwaretl-stoq-transformer +# malwaretl_stoq_transformer +Transform step in malwarETL pipeline for captured files + +This includes a few clustom stoQ plugins: + 1. A custom EMBER-format Lief because I want to make sure the data collected here matches the +EMBER dataset format. The `to_json` LIEF method does not include some values if they're False, empty lists, etc in +the final json, and that is a problem for training since those are values that I want to be able to learn on. Also, +some of the values were strangely different (`len(lief_obj.imported_functions) != len(lief_json["imports}]`) so I could +not be convinced that the json dump was clearly comparable to the EMBER dataset data. + 2. A custom version of the regular Lief plugin, because the lief library is looking for input as a list, rather than as a +straight bytestring, so the default Lief plugin didn't work. + 3. A custom dispatcher that looks at the mimetype of a file, and selectively dispatches files to workers depending on the mimetype. + + +This project is designed to be used in two ways (at the same time): + 1. Collector or Transformer projects import the library, get a stoq instance for their collector, and progressively hand + files to that instance for scanning as they download them. + 2. Collector or Transformer projects use the Docker image generated here as the base image for their images, so that + the stoq requirements are pre-installed in their starting image. + + +The original Stoq plugins that I modified were licensed under the Apache License, and are copyrighted by the +PUNCH Cyber Analytics Group. + + +%package help +Summary: Development documents and examples for malwaretl-stoq-transformer +Provides: python3-malwaretl-stoq-transformer-doc +%description help +# malwaretl_stoq_transformer +Transform step in malwarETL pipeline for captured files + +This includes a few clustom stoQ plugins: + 1. A custom EMBER-format Lief because I want to make sure the data collected here matches the +EMBER dataset format. The `to_json` LIEF method does not include some values if they're False, empty lists, etc in +the final json, and that is a problem for training since those are values that I want to be able to learn on. Also, +some of the values were strangely different (`len(lief_obj.imported_functions) != len(lief_json["imports}]`) so I could +not be convinced that the json dump was clearly comparable to the EMBER dataset data. + 2. A custom version of the regular Lief plugin, because the lief library is looking for input as a list, rather than as a +straight bytestring, so the default Lief plugin didn't work. + 3. A custom dispatcher that looks at the mimetype of a file, and selectively dispatches files to workers depending on the mimetype. + + +This project is designed to be used in two ways (at the same time): + 1. Collector or Transformer projects import the library, get a stoq instance for their collector, and progressively hand + files to that instance for scanning as they download them. + 2. Collector or Transformer projects use the Docker image generated here as the base image for their images, so that + the stoq requirements are pre-installed in their starting image. + + +The original Stoq plugins that I modified were licensed under the Apache License, and are copyrighted by the +PUNCH Cyber Analytics Group. + + +%prep +%autosetup -n malwaretl_stoq_transformer-1.0.7 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-malwaretl-stoq-transformer -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Tue Jun 20 2023 Python_Bot <Python_Bot@openeuler.org> - 1.0.7-1 +- Package Spec generated @@ -0,0 +1 @@ +62047ea0af435b06ee9e3ebd98e83bc9 malwaretl_stoq_transformer-1.0.7.tar.gz |