From 62e6b6dc66629d6912c9a26b4d9da3d0e18a5906 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Tue, 11 Apr 2023 23:27:48 +0000 Subject: automatic import of python-tartufo --- python-tartufo.spec | 493 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 493 insertions(+) create mode 100644 python-tartufo.spec (limited to 'python-tartufo.spec') diff --git a/python-tartufo.spec b/python-tartufo.spec new file mode 100644 index 0000000..76479d6 --- /dev/null +++ b/python-tartufo.spec @@ -0,0 +1,493 @@ +%global _empty_manifest_terminate_build 0 +Name: python-tartufo +Version: 4.1.0 +Release: 1 +Summary: tartufo is a tool for scanning git repositories for secrets/passwords/high-entropy data +License: GPL-2.0-only +URL: https://github.com/godaddy/tartufo/ +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/45/aa/e23fb07026b23e281dfc1f9ad03e2cf56897e7b90bb1bf5423a97547dcb3/tartufo-4.1.0.tar.gz +BuildArch: noarch + +Requires: python3-GitPython +Requires: python3-pygit2 +Requires: python3-pygit2 +Requires: python3-click +Requires: python3-colorama +Requires: python3-tomlkit +Requires: python3-cached-property + +%description +# ![tartufo logo](docs/source/_static/img/tartufo.png) + +[![Join Slack](https://img.shields.io/badge/Join%20us%20on-Slack-e01563.svg)](https://www.godaddy.com/engineering/slack/) +[![ci](https://github.com/godaddy/tartufo/workflows/ci/badge.svg)](https://github.com/godaddy/tartufo/actions?query=workflow%3Aci) +[![Codecov](https://img.shields.io/codecov/c/github/godaddy/tartufo)](https://codecov.io/gh/godaddy/tartufo) +[![PyPI](https://img.shields.io/pypi/v/tartufo)](https://pypi.org/project/tartufo/) +[![PyPI - Status](https://img.shields.io/pypi/status/tartufo)](https://pypi.org/project/tartufo/) +[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/tartufo)](https://pypi.org/project/tartufo/) +[![PyPI - Downloads](https://img.shields.io/pypi/dm/tartufo)](https://pypi.org/project/tartufo/) +[![Documentation Status](https://readthedocs.org/projects/tartufo/badge/?version=latest)](https://tartufo.readthedocs.io/en/latest/?badge=latest) +[![License](https://img.shields.io/github/license/godaddy/tartufo)](https://github.com/godaddy/tartufo/blob/main/LICENSE) + +`tartufo` searches through git repositories for secrets, digging deep into +commit history and branches. This is effective at finding secrets accidentally +committed. `tartufo` also can be used by git pre-commit scripts to screen +changes for secrets before they are committed to the repository. + +This tool will go through the entire commit history of each branch, and check +each diff from each commit, and check for secrets. This is both by regex and by +entropy. For entropy checks, tartufo will evaluate the shannon entropy for both +the base64 char set and hexidecimal char set for every blob of text greater +than 20 characters comprised of those character sets in each diff. If at any +point a high entropy string > 20 characters is detected, it will print to the +screen. + +## Example + +![Example Issue](docs/source/_static/img/example_issue.png) + +## Documentation + +Our main documentation site is hosted by Read The Docs, at +. + +## Usage + +```bash +Usage: tartufo [OPTIONS] COMMAND [ARGS]... + + Find secrets hidden in the depths of git. + + Tartufo will, by default, scan the entire history of a git repository for + any text which looks like a secret, password, credential, etc. It can also + be made to work in pre-commit mode, for scanning blobs of text as a pre- + commit hook. + +Options: + --default-regexes / --no-default-regexes + Whether to include the default regex list + when configuring search patterns. Only + applicable if --rules is also specified. + [default: default-regexes] + --entropy / --no-entropy Enable entropy checks. [default: entropy] + --regex / --no-regex Enable high signal regexes checks. + [default: regex] + --scan-filenames / --no-scan-filenames + Check the names of files being scanned as + well as their contents. [default: scan- + filenames] + -of, --output-format [json|compact|text|report] + Specify the format in which the output needs + to be generated `--output-format + json/compact/text/report`. Either `json`, + `compact`, `text` or `report` can be + specified. If not provided (default) the + output will be generated in `text` format. + -od, --output-dir DIRECTORY If specified, all issues will be written out + as individual JSON files to a uniquely named + directory under this one. This will help + with keeping the results of individual runs + of tartufo separated. + -td, --temp-dir DIRECTORY If specified, temporary files will be + written to the specified path + --buffer-size INTEGER Maximum number of issue to buffer in memory + before shifting to temporary file buffering + [default: 10000] + --git-rules-repo TEXT A file path, or git URL, pointing to a git + repository containing regex rules to be used + for scanning. By default, all .json files + will be loaded from the root of that + repository. --git-rules-files can be used to + override this behavior and load specific + files. + --git-rules-files TEXT Used in conjunction with --git-rules-repo, + specify glob-style patterns for files from + which to load the regex rules. Can be + specified multiple times. + --config FILE Read configuration from specified file. + [default: tartufo.toml] + --target-config/--no-target-config + Enable or Disable processing of the config file in the + repository or folder being scanned + i.e. config files like tartufo.toml or pyproject.toml + [default: target-config] + -q, --quiet / --no-quiet Quiet mode. No outputs are reported if the + scan is successful and doesn't find any + issues + -v, --verbose Display more verbose output. Specifying this + option multiple times will incrementally + increase the amount of output. + --log-timestamps / --no-log-timestamps + Enable or disable timestamps in logging + messages. [default: log-timestamps] + --entropy-sensitivity INTEGER RANGE + Modify entropy detection sensitivity. This + is expressed as on a scale of 0 to 100, + where 0 means "totally nonrandom" and 100 + means "totally random". Decreasing the + scanner's sensitivity increases the + likelihood that a given string will be + identified as suspicious. [default: 75; + 0<=x<=100] + --color / --no-color Enable or disable terminal color. If not + provided (default), enabled if output is a + terminal (TTY). + -V, --version Show the version and exit. + -h, --help Show this message and exit. + +Commands: + pre-commit Scan staged changes in a pre-commit hook. + scan-remote-repo Automatically clone and scan a remote git repository. + scan-folder Scan a folder. + scan-local-repo Scan a repository already cloned to your local system. +``` + +## Contributing + +All contributors and contributions are welcome! Please see [our contributing +docs] for more information. + +## Attributions + +This project was inspired by and built off of the work done by Dylan Ayrey on +the [truffleHog] project. + +[our contributing docs]: https://tartufo.readthedocs.io/en/latest/CONTRIBUTING.html +[pre-commit]: https://pre-commit.com/ +[truffleHog]: https://github.com/dxa4481/truffleHog + + +%package -n python3-tartufo +Summary: tartufo is a tool for scanning git repositories for secrets/passwords/high-entropy data +Provides: python-tartufo +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-tartufo +# ![tartufo logo](docs/source/_static/img/tartufo.png) + +[![Join Slack](https://img.shields.io/badge/Join%20us%20on-Slack-e01563.svg)](https://www.godaddy.com/engineering/slack/) +[![ci](https://github.com/godaddy/tartufo/workflows/ci/badge.svg)](https://github.com/godaddy/tartufo/actions?query=workflow%3Aci) +[![Codecov](https://img.shields.io/codecov/c/github/godaddy/tartufo)](https://codecov.io/gh/godaddy/tartufo) +[![PyPI](https://img.shields.io/pypi/v/tartufo)](https://pypi.org/project/tartufo/) +[![PyPI - Status](https://img.shields.io/pypi/status/tartufo)](https://pypi.org/project/tartufo/) +[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/tartufo)](https://pypi.org/project/tartufo/) +[![PyPI - Downloads](https://img.shields.io/pypi/dm/tartufo)](https://pypi.org/project/tartufo/) +[![Documentation Status](https://readthedocs.org/projects/tartufo/badge/?version=latest)](https://tartufo.readthedocs.io/en/latest/?badge=latest) +[![License](https://img.shields.io/github/license/godaddy/tartufo)](https://github.com/godaddy/tartufo/blob/main/LICENSE) + +`tartufo` searches through git repositories for secrets, digging deep into +commit history and branches. This is effective at finding secrets accidentally +committed. `tartufo` also can be used by git pre-commit scripts to screen +changes for secrets before they are committed to the repository. + +This tool will go through the entire commit history of each branch, and check +each diff from each commit, and check for secrets. This is both by regex and by +entropy. For entropy checks, tartufo will evaluate the shannon entropy for both +the base64 char set and hexidecimal char set for every blob of text greater +than 20 characters comprised of those character sets in each diff. If at any +point a high entropy string > 20 characters is detected, it will print to the +screen. + +## Example + +![Example Issue](docs/source/_static/img/example_issue.png) + +## Documentation + +Our main documentation site is hosted by Read The Docs, at +. + +## Usage + +```bash +Usage: tartufo [OPTIONS] COMMAND [ARGS]... + + Find secrets hidden in the depths of git. + + Tartufo will, by default, scan the entire history of a git repository for + any text which looks like a secret, password, credential, etc. It can also + be made to work in pre-commit mode, for scanning blobs of text as a pre- + commit hook. + +Options: + --default-regexes / --no-default-regexes + Whether to include the default regex list + when configuring search patterns. Only + applicable if --rules is also specified. + [default: default-regexes] + --entropy / --no-entropy Enable entropy checks. [default: entropy] + --regex / --no-regex Enable high signal regexes checks. + [default: regex] + --scan-filenames / --no-scan-filenames + Check the names of files being scanned as + well as their contents. [default: scan- + filenames] + -of, --output-format [json|compact|text|report] + Specify the format in which the output needs + to be generated `--output-format + json/compact/text/report`. Either `json`, + `compact`, `text` or `report` can be + specified. If not provided (default) the + output will be generated in `text` format. + -od, --output-dir DIRECTORY If specified, all issues will be written out + as individual JSON files to a uniquely named + directory under this one. This will help + with keeping the results of individual runs + of tartufo separated. + -td, --temp-dir DIRECTORY If specified, temporary files will be + written to the specified path + --buffer-size INTEGER Maximum number of issue to buffer in memory + before shifting to temporary file buffering + [default: 10000] + --git-rules-repo TEXT A file path, or git URL, pointing to a git + repository containing regex rules to be used + for scanning. By default, all .json files + will be loaded from the root of that + repository. --git-rules-files can be used to + override this behavior and load specific + files. + --git-rules-files TEXT Used in conjunction with --git-rules-repo, + specify glob-style patterns for files from + which to load the regex rules. Can be + specified multiple times. + --config FILE Read configuration from specified file. + [default: tartufo.toml] + --target-config/--no-target-config + Enable or Disable processing of the config file in the + repository or folder being scanned + i.e. config files like tartufo.toml or pyproject.toml + [default: target-config] + -q, --quiet / --no-quiet Quiet mode. No outputs are reported if the + scan is successful and doesn't find any + issues + -v, --verbose Display more verbose output. Specifying this + option multiple times will incrementally + increase the amount of output. + --log-timestamps / --no-log-timestamps + Enable or disable timestamps in logging + messages. [default: log-timestamps] + --entropy-sensitivity INTEGER RANGE + Modify entropy detection sensitivity. This + is expressed as on a scale of 0 to 100, + where 0 means "totally nonrandom" and 100 + means "totally random". Decreasing the + scanner's sensitivity increases the + likelihood that a given string will be + identified as suspicious. [default: 75; + 0<=x<=100] + --color / --no-color Enable or disable terminal color. If not + provided (default), enabled if output is a + terminal (TTY). + -V, --version Show the version and exit. + -h, --help Show this message and exit. + +Commands: + pre-commit Scan staged changes in a pre-commit hook. + scan-remote-repo Automatically clone and scan a remote git repository. + scan-folder Scan a folder. + scan-local-repo Scan a repository already cloned to your local system. +``` + +## Contributing + +All contributors and contributions are welcome! Please see [our contributing +docs] for more information. + +## Attributions + +This project was inspired by and built off of the work done by Dylan Ayrey on +the [truffleHog] project. + +[our contributing docs]: https://tartufo.readthedocs.io/en/latest/CONTRIBUTING.html +[pre-commit]: https://pre-commit.com/ +[truffleHog]: https://github.com/dxa4481/truffleHog + + +%package help +Summary: Development documents and examples for tartufo +Provides: python3-tartufo-doc +%description help +# ![tartufo logo](docs/source/_static/img/tartufo.png) + +[![Join Slack](https://img.shields.io/badge/Join%20us%20on-Slack-e01563.svg)](https://www.godaddy.com/engineering/slack/) +[![ci](https://github.com/godaddy/tartufo/workflows/ci/badge.svg)](https://github.com/godaddy/tartufo/actions?query=workflow%3Aci) +[![Codecov](https://img.shields.io/codecov/c/github/godaddy/tartufo)](https://codecov.io/gh/godaddy/tartufo) +[![PyPI](https://img.shields.io/pypi/v/tartufo)](https://pypi.org/project/tartufo/) +[![PyPI - Status](https://img.shields.io/pypi/status/tartufo)](https://pypi.org/project/tartufo/) +[![PyPI - Python Version](https://img.shields.io/pypi/pyversions/tartufo)](https://pypi.org/project/tartufo/) +[![PyPI - Downloads](https://img.shields.io/pypi/dm/tartufo)](https://pypi.org/project/tartufo/) +[![Documentation Status](https://readthedocs.org/projects/tartufo/badge/?version=latest)](https://tartufo.readthedocs.io/en/latest/?badge=latest) +[![License](https://img.shields.io/github/license/godaddy/tartufo)](https://github.com/godaddy/tartufo/blob/main/LICENSE) + +`tartufo` searches through git repositories for secrets, digging deep into +commit history and branches. This is effective at finding secrets accidentally +committed. `tartufo` also can be used by git pre-commit scripts to screen +changes for secrets before they are committed to the repository. + +This tool will go through the entire commit history of each branch, and check +each diff from each commit, and check for secrets. This is both by regex and by +entropy. For entropy checks, tartufo will evaluate the shannon entropy for both +the base64 char set and hexidecimal char set for every blob of text greater +than 20 characters comprised of those character sets in each diff. If at any +point a high entropy string > 20 characters is detected, it will print to the +screen. + +## Example + +![Example Issue](docs/source/_static/img/example_issue.png) + +## Documentation + +Our main documentation site is hosted by Read The Docs, at +. + +## Usage + +```bash +Usage: tartufo [OPTIONS] COMMAND [ARGS]... + + Find secrets hidden in the depths of git. + + Tartufo will, by default, scan the entire history of a git repository for + any text which looks like a secret, password, credential, etc. It can also + be made to work in pre-commit mode, for scanning blobs of text as a pre- + commit hook. + +Options: + --default-regexes / --no-default-regexes + Whether to include the default regex list + when configuring search patterns. Only + applicable if --rules is also specified. + [default: default-regexes] + --entropy / --no-entropy Enable entropy checks. [default: entropy] + --regex / --no-regex Enable high signal regexes checks. + [default: regex] + --scan-filenames / --no-scan-filenames + Check the names of files being scanned as + well as their contents. [default: scan- + filenames] + -of, --output-format [json|compact|text|report] + Specify the format in which the output needs + to be generated `--output-format + json/compact/text/report`. Either `json`, + `compact`, `text` or `report` can be + specified. If not provided (default) the + output will be generated in `text` format. + -od, --output-dir DIRECTORY If specified, all issues will be written out + as individual JSON files to a uniquely named + directory under this one. This will help + with keeping the results of individual runs + of tartufo separated. + -td, --temp-dir DIRECTORY If specified, temporary files will be + written to the specified path + --buffer-size INTEGER Maximum number of issue to buffer in memory + before shifting to temporary file buffering + [default: 10000] + --git-rules-repo TEXT A file path, or git URL, pointing to a git + repository containing regex rules to be used + for scanning. By default, all .json files + will be loaded from the root of that + repository. --git-rules-files can be used to + override this behavior and load specific + files. + --git-rules-files TEXT Used in conjunction with --git-rules-repo, + specify glob-style patterns for files from + which to load the regex rules. Can be + specified multiple times. + --config FILE Read configuration from specified file. + [default: tartufo.toml] + --target-config/--no-target-config + Enable or Disable processing of the config file in the + repository or folder being scanned + i.e. config files like tartufo.toml or pyproject.toml + [default: target-config] + -q, --quiet / --no-quiet Quiet mode. No outputs are reported if the + scan is successful and doesn't find any + issues + -v, --verbose Display more verbose output. Specifying this + option multiple times will incrementally + increase the amount of output. + --log-timestamps / --no-log-timestamps + Enable or disable timestamps in logging + messages. [default: log-timestamps] + --entropy-sensitivity INTEGER RANGE + Modify entropy detection sensitivity. This + is expressed as on a scale of 0 to 100, + where 0 means "totally nonrandom" and 100 + means "totally random". Decreasing the + scanner's sensitivity increases the + likelihood that a given string will be + identified as suspicious. [default: 75; + 0<=x<=100] + --color / --no-color Enable or disable terminal color. If not + provided (default), enabled if output is a + terminal (TTY). + -V, --version Show the version and exit. + -h, --help Show this message and exit. + +Commands: + pre-commit Scan staged changes in a pre-commit hook. + scan-remote-repo Automatically clone and scan a remote git repository. + scan-folder Scan a folder. + scan-local-repo Scan a repository already cloned to your local system. +``` + +## Contributing + +All contributors and contributions are welcome! Please see [our contributing +docs] for more information. + +## Attributions + +This project was inspired by and built off of the work done by Dylan Ayrey on +the [truffleHog] project. + +[our contributing docs]: https://tartufo.readthedocs.io/en/latest/CONTRIBUTING.html +[pre-commit]: https://pre-commit.com/ +[truffleHog]: https://github.com/dxa4481/truffleHog + + +%prep +%autosetup -n tartufo-4.1.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-tartufo -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Tue Apr 11 2023 Python_Bot - 4.1.0-1 +- Package Spec generated -- cgit v1.2.3