diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | python-tartufo.spec | 493 | ||||
| -rw-r--r-- | sources | 1 |
3 files changed, 495 insertions, 0 deletions
@@ -0,0 +1 @@ +/tartufo-4.1.0.tar.gz diff --git a/python-tartufo.spec b/python-tartufo.spec new file mode 100644 index 0000000..76479d6 --- /dev/null +++ b/python-tartufo.spec @@ -0,0 +1,493 @@ +%global _empty_manifest_terminate_build 0 +Name: python-tartufo +Version: 4.1.0 +Release: 1 +Summary: tartufo is a tool for scanning git repositories for secrets/passwords/high-entropy data +License: GPL-2.0-only +URL: https://github.com/godaddy/tartufo/ +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/45/aa/e23fb07026b23e281dfc1f9ad03e2cf56897e7b90bb1bf5423a97547dcb3/tartufo-4.1.0.tar.gz +BuildArch: noarch + +Requires: python3-GitPython +Requires: python3-pygit2 +Requires: python3-pygit2 +Requires: python3-click +Requires: python3-colorama +Requires: python3-tomlkit +Requires: python3-cached-property + +%description +#  + +[](https://www.godaddy.com/engineering/slack/) +[](https://github.com/godaddy/tartufo/actions?query=workflow%3Aci) +[](https://codecov.io/gh/godaddy/tartufo) +[](https://pypi.org/project/tartufo/) +[](https://pypi.org/project/tartufo/) +[](https://pypi.org/project/tartufo/) +[](https://pypi.org/project/tartufo/) +[](https://tartufo.readthedocs.io/en/latest/?badge=latest) +[](https://github.com/godaddy/tartufo/blob/main/LICENSE) + +`tartufo` searches through git repositories for secrets, digging deep into +commit history and branches. This is effective at finding secrets accidentally +committed. `tartufo` also can be used by git pre-commit scripts to screen +changes for secrets before they are committed to the repository. + +This tool will go through the entire commit history of each branch, and check +each diff from each commit, and check for secrets. This is both by regex and by +entropy. For entropy checks, tartufo will evaluate the shannon entropy for both +the base64 char set and hexidecimal char set for every blob of text greater +than 20 characters comprised of those character sets in each diff. If at any +point a high entropy string > 20 characters is detected, it will print to the +screen. + +## Example + + + +## Documentation + +Our main documentation site is hosted by Read The Docs, at +<https://tartufo.readthedocs.io>. + +## Usage + +```bash +Usage: tartufo [OPTIONS] COMMAND [ARGS]... + + Find secrets hidden in the depths of git. + + Tartufo will, by default, scan the entire history of a git repository for + any text which looks like a secret, password, credential, etc. It can also + be made to work in pre-commit mode, for scanning blobs of text as a pre- + commit hook. + +Options: + --default-regexes / --no-default-regexes + Whether to include the default regex list + when configuring search patterns. Only + applicable if --rules is also specified. + [default: default-regexes] + --entropy / --no-entropy Enable entropy checks. [default: entropy] + --regex / --no-regex Enable high signal regexes checks. + [default: regex] + --scan-filenames / --no-scan-filenames + Check the names of files being scanned as + well as their contents. [default: scan- + filenames] + -of, --output-format [json|compact|text|report] + Specify the format in which the output needs + to be generated `--output-format + json/compact/text/report`. Either `json`, + `compact`, `text` or `report` can be + specified. If not provided (default) the + output will be generated in `text` format. + -od, --output-dir DIRECTORY If specified, all issues will be written out + as individual JSON files to a uniquely named + directory under this one. This will help + with keeping the results of individual runs + of tartufo separated. + -td, --temp-dir DIRECTORY If specified, temporary files will be + written to the specified path + --buffer-size INTEGER Maximum number of issue to buffer in memory + before shifting to temporary file buffering + [default: 10000] + --git-rules-repo TEXT A file path, or git URL, pointing to a git + repository containing regex rules to be used + for scanning. By default, all .json files + will be loaded from the root of that + repository. --git-rules-files can be used to + override this behavior and load specific + files. + --git-rules-files TEXT Used in conjunction with --git-rules-repo, + specify glob-style patterns for files from + which to load the regex rules. Can be + specified multiple times. + --config FILE Read configuration from specified file. + [default: tartufo.toml] + --target-config/--no-target-config + Enable or Disable processing of the config file in the + repository or folder being scanned + i.e. config files like tartufo.toml or pyproject.toml + [default: target-config] + -q, --quiet / --no-quiet Quiet mode. No outputs are reported if the + scan is successful and doesn't find any + issues + -v, --verbose Display more verbose output. Specifying this + option multiple times will incrementally + increase the amount of output. + --log-timestamps / --no-log-timestamps + Enable or disable timestamps in logging + messages. [default: log-timestamps] + --entropy-sensitivity INTEGER RANGE + Modify entropy detection sensitivity. This + is expressed as on a scale of 0 to 100, + where 0 means "totally nonrandom" and 100 + means "totally random". Decreasing the + scanner's sensitivity increases the + likelihood that a given string will be + identified as suspicious. [default: 75; + 0<=x<=100] + --color / --no-color Enable or disable terminal color. If not + provided (default), enabled if output is a + terminal (TTY). + -V, --version Show the version and exit. + -h, --help Show this message and exit. + +Commands: + pre-commit Scan staged changes in a pre-commit hook. + scan-remote-repo Automatically clone and scan a remote git repository. + scan-folder Scan a folder. + scan-local-repo Scan a repository already cloned to your local system. +``` + +## Contributing + +All contributors and contributions are welcome! Please see [our contributing +docs] for more information. + +## Attributions + +This project was inspired by and built off of the work done by Dylan Ayrey on +the [truffleHog] project. + +[our contributing docs]: https://tartufo.readthedocs.io/en/latest/CONTRIBUTING.html +[pre-commit]: https://pre-commit.com/ +[truffleHog]: https://github.com/dxa4481/truffleHog + + +%package -n python3-tartufo +Summary: tartufo is a tool for scanning git repositories for secrets/passwords/high-entropy data +Provides: python-tartufo +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-tartufo +#  + +[](https://www.godaddy.com/engineering/slack/) +[](https://github.com/godaddy/tartufo/actions?query=workflow%3Aci) +[](https://codecov.io/gh/godaddy/tartufo) +[](https://pypi.org/project/tartufo/) +[](https://pypi.org/project/tartufo/) +[](https://pypi.org/project/tartufo/) +[](https://pypi.org/project/tartufo/) +[](https://tartufo.readthedocs.io/en/latest/?badge=latest) +[](https://github.com/godaddy/tartufo/blob/main/LICENSE) + +`tartufo` searches through git repositories for secrets, digging deep into +commit history and branches. This is effective at finding secrets accidentally +committed. `tartufo` also can be used by git pre-commit scripts to screen +changes for secrets before they are committed to the repository. + +This tool will go through the entire commit history of each branch, and check +each diff from each commit, and check for secrets. This is both by regex and by +entropy. For entropy checks, tartufo will evaluate the shannon entropy for both +the base64 char set and hexidecimal char set for every blob of text greater +than 20 characters comprised of those character sets in each diff. If at any +point a high entropy string > 20 characters is detected, it will print to the +screen. + +## Example + + + +## Documentation + +Our main documentation site is hosted by Read The Docs, at +<https://tartufo.readthedocs.io>. + +## Usage + +```bash +Usage: tartufo [OPTIONS] COMMAND [ARGS]... + + Find secrets hidden in the depths of git. + + Tartufo will, by default, scan the entire history of a git repository for + any text which looks like a secret, password, credential, etc. It can also + be made to work in pre-commit mode, for scanning blobs of text as a pre- + commit hook. + +Options: + --default-regexes / --no-default-regexes + Whether to include the default regex list + when configuring search patterns. Only + applicable if --rules is also specified. + [default: default-regexes] + --entropy / --no-entropy Enable entropy checks. [default: entropy] + --regex / --no-regex Enable high signal regexes checks. + [default: regex] + --scan-filenames / --no-scan-filenames + Check the names of files being scanned as + well as their contents. [default: scan- + filenames] + -of, --output-format [json|compact|text|report] + Specify the format in which the output needs + to be generated `--output-format + json/compact/text/report`. Either `json`, + `compact`, `text` or `report` can be + specified. If not provided (default) the + output will be generated in `text` format. + -od, --output-dir DIRECTORY If specified, all issues will be written out + as individual JSON files to a uniquely named + directory under this one. This will help + with keeping the results of individual runs + of tartufo separated. + -td, --temp-dir DIRECTORY If specified, temporary files will be + written to the specified path + --buffer-size INTEGER Maximum number of issue to buffer in memory + before shifting to temporary file buffering + [default: 10000] + --git-rules-repo TEXT A file path, or git URL, pointing to a git + repository containing regex rules to be used + for scanning. By default, all .json files + will be loaded from the root of that + repository. --git-rules-files can be used to + override this behavior and load specific + files. + --git-rules-files TEXT Used in conjunction with --git-rules-repo, + specify glob-style patterns for files from + which to load the regex rules. Can be + specified multiple times. + --config FILE Read configuration from specified file. + [default: tartufo.toml] + --target-config/--no-target-config + Enable or Disable processing of the config file in the + repository or folder being scanned + i.e. config files like tartufo.toml or pyproject.toml + [default: target-config] + -q, --quiet / --no-quiet Quiet mode. No outputs are reported if the + scan is successful and doesn't find any + issues + -v, --verbose Display more verbose output. Specifying this + option multiple times will incrementally + increase the amount of output. + --log-timestamps / --no-log-timestamps + Enable or disable timestamps in logging + messages. [default: log-timestamps] + --entropy-sensitivity INTEGER RANGE + Modify entropy detection sensitivity. This + is expressed as on a scale of 0 to 100, + where 0 means "totally nonrandom" and 100 + means "totally random". Decreasing the + scanner's sensitivity increases the + likelihood that a given string will be + identified as suspicious. [default: 75; + 0<=x<=100] + --color / --no-color Enable or disable terminal color. If not + provided (default), enabled if output is a + terminal (TTY). + -V, --version Show the version and exit. + -h, --help Show this message and exit. + +Commands: + pre-commit Scan staged changes in a pre-commit hook. + scan-remote-repo Automatically clone and scan a remote git repository. + scan-folder Scan a folder. + scan-local-repo Scan a repository already cloned to your local system. +``` + +## Contributing + +All contributors and contributions are welcome! Please see [our contributing +docs] for more information. + +## Attributions + +This project was inspired by and built off of the work done by Dylan Ayrey on +the [truffleHog] project. + +[our contributing docs]: https://tartufo.readthedocs.io/en/latest/CONTRIBUTING.html +[pre-commit]: https://pre-commit.com/ +[truffleHog]: https://github.com/dxa4481/truffleHog + + +%package help +Summary: Development documents and examples for tartufo +Provides: python3-tartufo-doc +%description help +#  + +[](https://www.godaddy.com/engineering/slack/) +[](https://github.com/godaddy/tartufo/actions?query=workflow%3Aci) +[](https://codecov.io/gh/godaddy/tartufo) +[](https://pypi.org/project/tartufo/) +[](https://pypi.org/project/tartufo/) +[](https://pypi.org/project/tartufo/) +[](https://pypi.org/project/tartufo/) +[](https://tartufo.readthedocs.io/en/latest/?badge=latest) +[](https://github.com/godaddy/tartufo/blob/main/LICENSE) + +`tartufo` searches through git repositories for secrets, digging deep into +commit history and branches. This is effective at finding secrets accidentally +committed. `tartufo` also can be used by git pre-commit scripts to screen +changes for secrets before they are committed to the repository. + +This tool will go through the entire commit history of each branch, and check +each diff from each commit, and check for secrets. This is both by regex and by +entropy. For entropy checks, tartufo will evaluate the shannon entropy for both +the base64 char set and hexidecimal char set for every blob of text greater +than 20 characters comprised of those character sets in each diff. If at any +point a high entropy string > 20 characters is detected, it will print to the +screen. + +## Example + + + +## Documentation + +Our main documentation site is hosted by Read The Docs, at +<https://tartufo.readthedocs.io>. + +## Usage + +```bash +Usage: tartufo [OPTIONS] COMMAND [ARGS]... + + Find secrets hidden in the depths of git. + + Tartufo will, by default, scan the entire history of a git repository for + any text which looks like a secret, password, credential, etc. It can also + be made to work in pre-commit mode, for scanning blobs of text as a pre- + commit hook. + +Options: + --default-regexes / --no-default-regexes + Whether to include the default regex list + when configuring search patterns. Only + applicable if --rules is also specified. + [default: default-regexes] + --entropy / --no-entropy Enable entropy checks. [default: entropy] + --regex / --no-regex Enable high signal regexes checks. + [default: regex] + --scan-filenames / --no-scan-filenames + Check the names of files being scanned as + well as their contents. [default: scan- + filenames] + -of, --output-format [json|compact|text|report] + Specify the format in which the output needs + to be generated `--output-format + json/compact/text/report`. Either `json`, + `compact`, `text` or `report` can be + specified. If not provided (default) the + output will be generated in `text` format. + -od, --output-dir DIRECTORY If specified, all issues will be written out + as individual JSON files to a uniquely named + directory under this one. This will help + with keeping the results of individual runs + of tartufo separated. + -td, --temp-dir DIRECTORY If specified, temporary files will be + written to the specified path + --buffer-size INTEGER Maximum number of issue to buffer in memory + before shifting to temporary file buffering + [default: 10000] + --git-rules-repo TEXT A file path, or git URL, pointing to a git + repository containing regex rules to be used + for scanning. By default, all .json files + will be loaded from the root of that + repository. --git-rules-files can be used to + override this behavior and load specific + files. + --git-rules-files TEXT Used in conjunction with --git-rules-repo, + specify glob-style patterns for files from + which to load the regex rules. Can be + specified multiple times. + --config FILE Read configuration from specified file. + [default: tartufo.toml] + --target-config/--no-target-config + Enable or Disable processing of the config file in the + repository or folder being scanned + i.e. config files like tartufo.toml or pyproject.toml + [default: target-config] + -q, --quiet / --no-quiet Quiet mode. No outputs are reported if the + scan is successful and doesn't find any + issues + -v, --verbose Display more verbose output. Specifying this + option multiple times will incrementally + increase the amount of output. + --log-timestamps / --no-log-timestamps + Enable or disable timestamps in logging + messages. [default: log-timestamps] + --entropy-sensitivity INTEGER RANGE + Modify entropy detection sensitivity. This + is expressed as on a scale of 0 to 100, + where 0 means "totally nonrandom" and 100 + means "totally random". Decreasing the + scanner's sensitivity increases the + likelihood that a given string will be + identified as suspicious. [default: 75; + 0<=x<=100] + --color / --no-color Enable or disable terminal color. If not + provided (default), enabled if output is a + terminal (TTY). + -V, --version Show the version and exit. + -h, --help Show this message and exit. + +Commands: + pre-commit Scan staged changes in a pre-commit hook. + scan-remote-repo Automatically clone and scan a remote git repository. + scan-folder Scan a folder. + scan-local-repo Scan a repository already cloned to your local system. +``` + +## Contributing + +All contributors and contributions are welcome! Please see [our contributing +docs] for more information. + +## Attributions + +This project was inspired by and built off of the work done by Dylan Ayrey on +the [truffleHog] project. + +[our contributing docs]: https://tartufo.readthedocs.io/en/latest/CONTRIBUTING.html +[pre-commit]: https://pre-commit.com/ +[truffleHog]: https://github.com/dxa4481/truffleHog + + +%prep +%autosetup -n tartufo-4.1.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-tartufo -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Tue Apr 11 2023 Python_Bot <Python_Bot@openeuler.org> - 4.1.0-1 +- Package Spec generated @@ -0,0 +1 @@ +d0c6c8f21e14b3c21a209a9b0e5e132b tartufo-4.1.0.tar.gz |