1 files changed, 438 insertions, 0 deletions
diff --git a/python-mobsfscan.spec b/python-mobsfscan.spec
new file mode 100644
index 0000000..ede2117
--- /dev/null
+++ b/python-mobsfscan.spec
@@ -0,0 +1,438 @@
+%global _empty_manifest_terminate_build 0
+Name:		python-mobsfscan
+Version:	0.2.0
+Release:	1
+Summary:	mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code.
+License:	GNU Lesser General Public License v3 or later (LGPLv3+)
+URL:		https://github.com/MobSF/mobsfscan
+Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/f1/dc/f00e1956966233c883a6fb71fe8d283d0a06ac0e0727473574f43d351c7e/mobsfscan-0.2.0.tar.gz
+BuildArch:	noarch
+
+Requires:	python3-colorama
+Requires:	python3-libsast
+Requires:	python3-sarif-om
+Requires:	python3-jschema-to-python
+Requires:	python3-tabulate
+Requires:	python3-xmltodict
+
+%description
+- ignore-filenames:
+  - skip.java
+  ignore-paths:
+  - __MACOSX
+  - skip_dir
+  ignore-rules:
+  - android_kotlin_logging
+  - android_safetynet_api
+  - android_prevent_screenshot
+  - android_detect_tapjacking
+  - android_certificate_pinning
+  - android_root_detection
+  - android_certificate_transparency
+  severity-filter:
+  - WARNING
+  - ERROR
+```
+## Suppress Findings
+You can suppress findings from source files by adding the comment `// mobsf-ignore: rule_id1, rule_id2` to the line that trigger the findings.
+Example:
+```java
+String password = "strong password"; // mobsf-ignore: hardcoded_password
+```
+## CI/CD Integrations
+You can enable mobsfscan in your CI/CD or DevSecOps pipelines.
+#### Github Action
+Add the following to the file `.github/workflows/mobsfscan.yml`.
+```yaml
+name: mobsfscan
+on:
+  push:
+    branches: [ master, main ]
+  pull_request:
+    branches: [ master, main ]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: mobsfscan
+      uses: MobSF/mobsfscan@main
+      with:
+        args: '. --json'
+```
+Example: [pivaa with mobsfscan github action](https://github.com/MobSF/pivaa/actions/workflows/mobsfscan.yml)
+#### Github Code Scanning Integration
+Add the following to the file `.github/workflows/mobsfscan_sarif.yml`.
+```yaml
+name: mobsfscan sarif
+on:
+  push:
+    branches: [ master, main ]
+  pull_request:
+    branches: [ master, main ]
+jobs:
+  mobsfscan:
+    runs-on: ubuntu-latest
+    name: mobsfscan code scanning
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v2
+    - name: mobsfscan
+      uses: MobSF/mobsfscan@main
+      with:
+        args: '. --sarif --output results.sarif || true'
+    - name: Upload mobsfscan report
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: results.sarif
+```
+![mobsfscan github code scanning](https://user-images.githubusercontent.com/4301109/118427198-839be300-b681-11eb-8b79-92b916ffe3ef.png)
+#### Gitlab CI/CD
+Add the following to the file `.gitlab-ci.yml`.
+```yaml
+stages:
+    - test
+mobsfscan:
+    image: python
+    before_script:
+        - pip3 install --upgrade mobsfscan
+    script:
+        - mobsfscan .
+```
+Example: 
+#### Travis CI
+Add the following to the file `.travis.yml`.
+```yaml
+language: python
+install:
+    - pip3 install --upgrade mobsfscan
+script:
+    - mobsfscan .
+```
+#### Circle CI
+Add the following to the file `.circleci/config.yaml`
+```yaml
+version: 2.1
+jobs:
+  mobsfscan:
+    docker:
+      - image: cimg/python:3.9.6
+    steps:
+      - checkout
+      - run:
+          name: Install mobsfscan
+          command: pip install --upgrade mobsfscan
+      - run:
+           name: mobsfscan check
+           command: mobsfscan .
+```
+## Docker
+### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/mobsfscan)
+```bash
+docker pull opensecurity/mobsfscan
+docker run -v /path-to-source-dir:/src opensecurity/mobsfscan /src
+```
+### Build Locally
+```
+docker build -t mobsfscan .
+docker run -v /path-to-source-dir:/src mobsfscan /src
+```
+
+%package -n python3-mobsfscan
+Summary:	mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code.
+Provides:	python-mobsfscan
+BuildRequires:	python3-devel
+BuildRequires:	python3-setuptools
+BuildRequires:	python3-pip
+%description -n python3-mobsfscan
+- ignore-filenames:
+  - skip.java
+  ignore-paths:
+  - __MACOSX
+  - skip_dir
+  ignore-rules:
+  - android_kotlin_logging
+  - android_safetynet_api
+  - android_prevent_screenshot
+  - android_detect_tapjacking
+  - android_certificate_pinning
+  - android_root_detection
+  - android_certificate_transparency
+  severity-filter:
+  - WARNING
+  - ERROR
+```
+## Suppress Findings
+You can suppress findings from source files by adding the comment `// mobsf-ignore: rule_id1, rule_id2` to the line that trigger the findings.
+Example:
+```java
+String password = "strong password"; // mobsf-ignore: hardcoded_password
+```
+## CI/CD Integrations
+You can enable mobsfscan in your CI/CD or DevSecOps pipelines.
+#### Github Action
+Add the following to the file `.github/workflows/mobsfscan.yml`.
+```yaml
+name: mobsfscan
+on:
+  push:
+    branches: [ master, main ]
+  pull_request:
+    branches: [ master, main ]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: mobsfscan
+      uses: MobSF/mobsfscan@main
+      with:
+        args: '. --json'
+```
+Example: [pivaa with mobsfscan github action](https://github.com/MobSF/pivaa/actions/workflows/mobsfscan.yml)
+#### Github Code Scanning Integration
+Add the following to the file `.github/workflows/mobsfscan_sarif.yml`.
+```yaml
+name: mobsfscan sarif
+on:
+  push:
+    branches: [ master, main ]
+  pull_request:
+    branches: [ master, main ]
+jobs:
+  mobsfscan:
+    runs-on: ubuntu-latest
+    name: mobsfscan code scanning
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v2
+    - name: mobsfscan
+      uses: MobSF/mobsfscan@main
+      with:
+        args: '. --sarif --output results.sarif || true'
+    - name: Upload mobsfscan report
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: results.sarif
+```
+![mobsfscan github code scanning](https://user-images.githubusercontent.com/4301109/118427198-839be300-b681-11eb-8b79-92b916ffe3ef.png)
+#### Gitlab CI/CD
+Add the following to the file `.gitlab-ci.yml`.
+```yaml
+stages:
+    - test
+mobsfscan:
+    image: python
+    before_script:
+        - pip3 install --upgrade mobsfscan
+    script:
+        - mobsfscan .
+```
+Example: 
+#### Travis CI
+Add the following to the file `.travis.yml`.
+```yaml
+language: python
+install:
+    - pip3 install --upgrade mobsfscan
+script:
+    - mobsfscan .
+```
+#### Circle CI
+Add the following to the file `.circleci/config.yaml`
+```yaml
+version: 2.1
+jobs:
+  mobsfscan:
+    docker:
+      - image: cimg/python:3.9.6
+    steps:
+      - checkout
+      - run:
+          name: Install mobsfscan
+          command: pip install --upgrade mobsfscan
+      - run:
+           name: mobsfscan check
+           command: mobsfscan .
+```
+## Docker
+### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/mobsfscan)
+```bash
+docker pull opensecurity/mobsfscan
+docker run -v /path-to-source-dir:/src opensecurity/mobsfscan /src
+```
+### Build Locally
+```
+docker build -t mobsfscan .
+docker run -v /path-to-source-dir:/src mobsfscan /src
+```
+
+%package help
+Summary:	Development documents and examples for mobsfscan
+Provides:	python3-mobsfscan-doc
+%description help
+- ignore-filenames:
+  - skip.java
+  ignore-paths:
+  - __MACOSX
+  - skip_dir
+  ignore-rules:
+  - android_kotlin_logging
+  - android_safetynet_api
+  - android_prevent_screenshot
+  - android_detect_tapjacking
+  - android_certificate_pinning
+  - android_root_detection
+  - android_certificate_transparency
+  severity-filter:
+  - WARNING
+  - ERROR
+```
+## Suppress Findings
+You can suppress findings from source files by adding the comment `// mobsf-ignore: rule_id1, rule_id2` to the line that trigger the findings.
+Example:
+```java
+String password = "strong password"; // mobsf-ignore: hardcoded_password
+```
+## CI/CD Integrations
+You can enable mobsfscan in your CI/CD or DevSecOps pipelines.
+#### Github Action
+Add the following to the file `.github/workflows/mobsfscan.yml`.
+```yaml
+name: mobsfscan
+on:
+  push:
+    branches: [ master, main ]
+  pull_request:
+    branches: [ master, main ]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: mobsfscan
+      uses: MobSF/mobsfscan@main
+      with:
+        args: '. --json'
+```
+Example: [pivaa with mobsfscan github action](https://github.com/MobSF/pivaa/actions/workflows/mobsfscan.yml)
+#### Github Code Scanning Integration
+Add the following to the file `.github/workflows/mobsfscan_sarif.yml`.
+```yaml
+name: mobsfscan sarif
+on:
+  push:
+    branches: [ master, main ]
+  pull_request:
+    branches: [ master, main ]
+jobs:
+  mobsfscan:
+    runs-on: ubuntu-latest
+    name: mobsfscan code scanning
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v2
+    - name: mobsfscan
+      uses: MobSF/mobsfscan@main
+      with:
+        args: '. --sarif --output results.sarif || true'
+    - name: Upload mobsfscan report
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: results.sarif
+```
+![mobsfscan github code scanning](https://user-images.githubusercontent.com/4301109/118427198-839be300-b681-11eb-8b79-92b916ffe3ef.png)
+#### Gitlab CI/CD
+Add the following to the file `.gitlab-ci.yml`.
+```yaml
+stages:
+    - test
+mobsfscan:
+    image: python
+    before_script:
+        - pip3 install --upgrade mobsfscan
+    script:
+        - mobsfscan .
+```
+Example: 
+#### Travis CI
+Add the following to the file `.travis.yml`.
+```yaml
+language: python
+install:
+    - pip3 install --upgrade mobsfscan
+script:
+    - mobsfscan .
+```
+#### Circle CI
+Add the following to the file `.circleci/config.yaml`
+```yaml
+version: 2.1
+jobs:
+  mobsfscan:
+    docker:
+      - image: cimg/python:3.9.6
+    steps:
+      - checkout
+      - run:
+          name: Install mobsfscan
+          command: pip install --upgrade mobsfscan
+      - run:
+           name: mobsfscan check
+           command: mobsfscan .
+```
+## Docker
+### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/mobsfscan)
+```bash
+docker pull opensecurity/mobsfscan
+docker run -v /path-to-source-dir:/src opensecurity/mobsfscan /src
+```
+### Build Locally
+```
+docker build -t mobsfscan .
+docker run -v /path-to-source-dir:/src mobsfscan /src
+```
+
+%prep
+%autosetup -n mobsfscan-0.2.0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-mobsfscan -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Wed May 10 2023 Python_Bot <Python_Bot@openeuler.org> - 0.2.0-1
+- Package Spec generated