diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | python-ossindex-lib.spec | 233 | ||||
| -rw-r--r-- | sources | 1 |
3 files changed, 235 insertions, 0 deletions
@@ -0,0 +1 @@ +/ossindex-lib-1.1.1.tar.gz diff --git a/python-ossindex-lib.spec b/python-ossindex-lib.spec new file mode 100644 index 0000000..0a5f6c2 --- /dev/null +++ b/python-ossindex-lib.spec @@ -0,0 +1,233 @@ +%global _empty_manifest_terminate_build 0 +Name: python-ossindex-lib +Version: 1.1.1 +Release: 1 +Summary: A library for querying the OSS Index free catalogue of open source components to help developers identify vulnerabilities, understand risk, and keep their software safe. +License: Apache-2.0 +URL: https://github.com/sonatype-nexus-community/ossindex-python +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/44/5c/ed269f7104c6330c4b56e27e1177066901da8f5c4010f7ccc7995a51be67/ossindex-lib-1.1.1.tar.gz +BuildArch: noarch + +Requires: python3-importlib-metadata +Requires: python3-packageurl-python +Requires: python3-PyYAML +Requires: python3-requests +Requires: python3-tinydb +Requires: python3-types-PyYAML +Requires: python3-types-requests +Requires: python3-types-setuptools + +%description +This OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/). +This module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies +and assess them for vulnerabilities against the OSS Index, perhaps you should check out +[Jake](https://github.com/sonatype-nexus-community/jake). +You can of course use this library in your own applications. +## Installation +Install from pypi.org as you would any other Python module: +``` +pip install ossindex-lib +``` +## Usage +First create an instance of `OssIndex`, optionally enabling local caching +``` +o = OssIndex() +``` +Then supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask +OSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake) +(which uses this library) and will do all the hard work for you! +As a quick test, you could run: +``` +o = OssIndex() +results: List[OssIndexComponent] = o.get_component_report(packages=[ + PackageURL.from_string(purl='pkg:pypi/pip@19.2.0') +]) +for r in results: + print("{}: {} known vulnerabilities".format(r.get_coordinates(), len(r.get_vulnerabilities()))) + v: Vulnerability + for v in r.get_vulnerabilities(): + print(' - {}'.format(str(v))) +``` +``` +pkg:pypi/pip@19.2.0: 1 known vulnerabilities + - <Vulnerability id=e4c955a3-2004-472e-920b-783fea46c3cd, name=OSSINDEX-783f-ea46-c3cd, cvss_score=3.6> +``` +## Logging +This library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as +required through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html). +## Todos +1. Support authentication against OSS Index +## Python Support +We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/). +However, some features may not be possible/present in older Python versions due to their lack of support. +## Changelog +See our [CHANGELOG](./CHANGELOG.md). +## The Fine Print +Remember: +It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source +community (read: you!) +* Use this contribution at the risk tolerance that you have +* Do NOT file Sonatype support tickets related to `ossindex-lib` +* DO file issues here on GitHub, so that the community can pitch in +Phew, that was easier than I thought. Last but not least of all - have fun! + +%package -n python3-ossindex-lib +Summary: A library for querying the OSS Index free catalogue of open source components to help developers identify vulnerabilities, understand risk, and keep their software safe. +Provides: python-ossindex-lib +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-ossindex-lib +This OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/). +This module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies +and assess them for vulnerabilities against the OSS Index, perhaps you should check out +[Jake](https://github.com/sonatype-nexus-community/jake). +You can of course use this library in your own applications. +## Installation +Install from pypi.org as you would any other Python module: +``` +pip install ossindex-lib +``` +## Usage +First create an instance of `OssIndex`, optionally enabling local caching +``` +o = OssIndex() +``` +Then supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask +OSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake) +(which uses this library) and will do all the hard work for you! +As a quick test, you could run: +``` +o = OssIndex() +results: List[OssIndexComponent] = o.get_component_report(packages=[ + PackageURL.from_string(purl='pkg:pypi/pip@19.2.0') +]) +for r in results: + print("{}: {} known vulnerabilities".format(r.get_coordinates(), len(r.get_vulnerabilities()))) + v: Vulnerability + for v in r.get_vulnerabilities(): + print(' - {}'.format(str(v))) +``` +``` +pkg:pypi/pip@19.2.0: 1 known vulnerabilities + - <Vulnerability id=e4c955a3-2004-472e-920b-783fea46c3cd, name=OSSINDEX-783f-ea46-c3cd, cvss_score=3.6> +``` +## Logging +This library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as +required through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html). +## Todos +1. Support authentication against OSS Index +## Python Support +We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/). +However, some features may not be possible/present in older Python versions due to their lack of support. +## Changelog +See our [CHANGELOG](./CHANGELOG.md). +## The Fine Print +Remember: +It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source +community (read: you!) +* Use this contribution at the risk tolerance that you have +* Do NOT file Sonatype support tickets related to `ossindex-lib` +* DO file issues here on GitHub, so that the community can pitch in +Phew, that was easier than I thought. Last but not least of all - have fun! + +%package help +Summary: Development documents and examples for ossindex-lib +Provides: python3-ossindex-lib-doc +%description help +This OSSIndex module for Python provides a common interface to querying the [OSS Index](https://ossindex.sonatype.org/). +This module is not designed for standalone use. If you're looking for a tool that can detect your application's dependencies +and assess them for vulnerabilities against the OSS Index, perhaps you should check out +[Jake](https://github.com/sonatype-nexus-community/jake). +You can of course use this library in your own applications. +## Installation +Install from pypi.org as you would any other Python module: +``` +pip install ossindex-lib +``` +## Usage +First create an instance of `OssIndex`, optionally enabling local caching +``` +o = OssIndex() +``` +Then supply a `List` of [PackageURL](https://github.com/package-url/packageurl-python) objects that you want to ask +OSS Index about. If you don't want to care about generating this list yourself, perhaps look to a tool like [Jake](https://github.com/sonatype-nexus-community/jake) +(which uses this library) and will do all the hard work for you! +As a quick test, you could run: +``` +o = OssIndex() +results: List[OssIndexComponent] = o.get_component_report(packages=[ + PackageURL.from_string(purl='pkg:pypi/pip@19.2.0') +]) +for r in results: + print("{}: {} known vulnerabilities".format(r.get_coordinates(), len(r.get_vulnerabilities()))) + v: Vulnerability + for v in r.get_vulnerabilities(): + print(' - {}'.format(str(v))) +``` +``` +pkg:pypi/pip@19.2.0: 1 known vulnerabilities + - <Vulnerability id=e4c955a3-2004-472e-920b-783fea46c3cd, name=OSSINDEX-783f-ea46-c3cd, cvss_score=3.6> +``` +## Logging +This library send log events to a standard Python `logger` named `ossindex`. You can configure the logger to output as +required through the standard [Python logging configuration](https://docs.python.org/3/library/logging.config.html). +## Todos +1. Support authentication against OSS Index +## Python Support +We endeavour to support all functionality for all [current actively supported Python versions](https://www.python.org/downloads/). +However, some features may not be possible/present in older Python versions due to their lack of support. +## Changelog +See our [CHANGELOG](./CHANGELOG.md). +## The Fine Print +Remember: +It is worth noting that this is **NOT SUPPORTED** by Sonatype, and is a contribution of ours to the open source +community (read: you!) +* Use this contribution at the risk tolerance that you have +* Do NOT file Sonatype support tickets related to `ossindex-lib` +* DO file issues here on GitHub, so that the community can pitch in +Phew, that was easier than I thought. Last but not least of all - have fun! + +%prep +%autosetup -n ossindex-lib-1.1.1 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-ossindex-lib -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Mon May 29 2023 Python_Bot <Python_Bot@openeuler.org> - 1.1.1-1 +- Package Spec generated @@ -0,0 +1 @@ +31db8f42767699bd5a06b9c37e80f7e0 ossindex-lib-1.1.1.tar.gz |