%global _empty_manifest_terminate_build 0
Name:		python-mobsfscan
Version:	0.2.0
Release:	1
Summary:	mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code.
License:	GNU Lesser General Public License v3 or later (LGPLv3+)
URL:		https://github.com/MobSF/mobsfscan
Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/f1/dc/f00e1956966233c883a6fb71fe8d283d0a06ac0e0727473574f43d351c7e/mobsfscan-0.2.0.tar.gz
BuildArch:	noarch

Requires:	python3-colorama
Requires:	python3-libsast
Requires:	python3-sarif-om
Requires:	python3-jschema-to-python
Requires:	python3-tabulate
Requires:	python3-xmltodict

%description
- ignore-filenames:
  - skip.java
  ignore-paths:
  - __MACOSX
  - skip_dir
  ignore-rules:
  - android_kotlin_logging
  - android_safetynet_api
  - android_prevent_screenshot
  - android_detect_tapjacking
  - android_certificate_pinning
  - android_root_detection
  - android_certificate_transparency
  severity-filter:
  - WARNING
  - ERROR
```
## Suppress Findings
You can suppress findings from source files by adding the comment `// mobsf-ignore: rule_id1, rule_id2` to the line that trigger the findings.
Example:
```java
String password = "strong password"; // mobsf-ignore: hardcoded_password
```
## CI/CD Integrations
You can enable mobsfscan in your CI/CD or DevSecOps pipelines.
#### Github Action
Add the following to the file `.github/workflows/mobsfscan.yml`.
```yaml
name: mobsfscan
on:
  push:
    branches: [ master, main ]
  pull_request:
    branches: [ master, main ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: mobsfscan
      uses: MobSF/mobsfscan@main
      with:
        args: '. --json'
```
Example: [pivaa with mobsfscan github action](https://github.com/MobSF/pivaa/actions/workflows/mobsfscan.yml)
#### Github Code Scanning Integration
Add the following to the file `.github/workflows/mobsfscan_sarif.yml`.
```yaml
name: mobsfscan sarif
on:
  push:
    branches: [ master, main ]
  pull_request:
    branches: [ master, main ]
jobs:
  mobsfscan:
    runs-on: ubuntu-latest
    name: mobsfscan code scanning
    steps:
    - name: Checkout the code
      uses: actions/checkout@v2
    - name: mobsfscan
      uses: MobSF/mobsfscan@main
      with:
        args: '. --sarif --output results.sarif || true'
    - name: Upload mobsfscan report
      uses: github/codeql-action/upload-sarif@v1
      with:
        sarif_file: results.sarif
```
![mobsfscan github code scanning](https://user-images.githubusercontent.com/4301109/118427198-839be300-b681-11eb-8b79-92b916ffe3ef.png)
#### Gitlab CI/CD
Add the following to the file `.gitlab-ci.yml`.
```yaml
stages:
    - test
mobsfscan:
    image: python
    before_script:
        - pip3 install --upgrade mobsfscan
    script:
        - mobsfscan .
```
Example: 
#### Travis CI
Add the following to the file `.travis.yml`.
```yaml
language: python
install:
    - pip3 install --upgrade mobsfscan
script:
    - mobsfscan .
```
#### Circle CI
Add the following to the file `.circleci/config.yaml`
```yaml
version: 2.1
jobs:
  mobsfscan:
    docker:
      - image: cimg/python:3.9.6
    steps:
      - checkout
      - run:
          name: Install mobsfscan
          command: pip install --upgrade mobsfscan
      - run:
           name: mobsfscan check
           command: mobsfscan .
```
## Docker
### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/mobsfscan)
```bash
docker pull opensecurity/mobsfscan
docker run -v /path-to-source-dir:/src opensecurity/mobsfscan /src
```
### Build Locally
```
docker build -t mobsfscan .
docker run -v /path-to-source-dir:/src mobsfscan /src
```

%package -n python3-mobsfscan
Summary:	mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code.
Provides:	python-mobsfscan
BuildRequires:	python3-devel
BuildRequires:	python3-setuptools
BuildRequires:	python3-pip
%description -n python3-mobsfscan
- ignore-filenames:
  - skip.java
  ignore-paths:
  - __MACOSX
  - skip_dir
  ignore-rules:
  - android_kotlin_logging
  - android_safetynet_api
  - android_prevent_screenshot
  - android_detect_tapjacking
  - android_certificate_pinning
  - android_root_detection
  - android_certificate_transparency
  severity-filter:
  - WARNING
  - ERROR
```
## Suppress Findings
You can suppress findings from source files by adding the comment `// mobsf-ignore: rule_id1, rule_id2` to the line that trigger the findings.
Example:
```java
String password = "strong password"; // mobsf-ignore: hardcoded_password
```
## CI/CD Integrations
You can enable mobsfscan in your CI/CD or DevSecOps pipelines.
#### Github Action
Add the following to the file `.github/workflows/mobsfscan.yml`.
```yaml
name: mobsfscan
on:
  push:
    branches: [ master, main ]
  pull_request:
    branches: [ master, main ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: mobsfscan
      uses: MobSF/mobsfscan@main
      with:
        args: '. --json'
```
Example: [pivaa with mobsfscan github action](https://github.com/MobSF/pivaa/actions/workflows/mobsfscan.yml)
#### Github Code Scanning Integration
Add the following to the file `.github/workflows/mobsfscan_sarif.yml`.
```yaml
name: mobsfscan sarif
on:
  push:
    branches: [ master, main ]
  pull_request:
    branches: [ master, main ]
jobs:
  mobsfscan:
    runs-on: ubuntu-latest
    name: mobsfscan code scanning
    steps:
    - name: Checkout the code
      uses: actions/checkout@v2
    - name: mobsfscan
      uses: MobSF/mobsfscan@main
      with:
        args: '. --sarif --output results.sarif || true'
    - name: Upload mobsfscan report
      uses: github/codeql-action/upload-sarif@v1
      with:
        sarif_file: results.sarif
```
![mobsfscan github code scanning](https://user-images.githubusercontent.com/4301109/118427198-839be300-b681-11eb-8b79-92b916ffe3ef.png)
#### Gitlab CI/CD
Add the following to the file `.gitlab-ci.yml`.
```yaml
stages:
    - test
mobsfscan:
    image: python
    before_script:
        - pip3 install --upgrade mobsfscan
    script:
        - mobsfscan .
```
Example: 
#### Travis CI
Add the following to the file `.travis.yml`.
```yaml
language: python
install:
    - pip3 install --upgrade mobsfscan
script:
    - mobsfscan .
```
#### Circle CI
Add the following to the file `.circleci/config.yaml`
```yaml
version: 2.1
jobs:
  mobsfscan:
    docker:
      - image: cimg/python:3.9.6
    steps:
      - checkout
      - run:
          name: Install mobsfscan
          command: pip install --upgrade mobsfscan
      - run:
           name: mobsfscan check
           command: mobsfscan .
```
## Docker
### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/mobsfscan)
```bash
docker pull opensecurity/mobsfscan
docker run -v /path-to-source-dir:/src opensecurity/mobsfscan /src
```
### Build Locally
```
docker build -t mobsfscan .
docker run -v /path-to-source-dir:/src mobsfscan /src
```

%package help
Summary:	Development documents and examples for mobsfscan
Provides:	python3-mobsfscan-doc
%description help
- ignore-filenames:
  - skip.java
  ignore-paths:
  - __MACOSX
  - skip_dir
  ignore-rules:
  - android_kotlin_logging
  - android_safetynet_api
  - android_prevent_screenshot
  - android_detect_tapjacking
  - android_certificate_pinning
  - android_root_detection
  - android_certificate_transparency
  severity-filter:
  - WARNING
  - ERROR
```
## Suppress Findings
You can suppress findings from source files by adding the comment `// mobsf-ignore: rule_id1, rule_id2` to the line that trigger the findings.
Example:
```java
String password = "strong password"; // mobsf-ignore: hardcoded_password
```
## CI/CD Integrations
You can enable mobsfscan in your CI/CD or DevSecOps pipelines.
#### Github Action
Add the following to the file `.github/workflows/mobsfscan.yml`.
```yaml
name: mobsfscan
on:
  push:
    branches: [ master, main ]
  pull_request:
    branches: [ master, main ]
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: mobsfscan
      uses: MobSF/mobsfscan@main
      with:
        args: '. --json'
```
Example: [pivaa with mobsfscan github action](https://github.com/MobSF/pivaa/actions/workflows/mobsfscan.yml)
#### Github Code Scanning Integration
Add the following to the file `.github/workflows/mobsfscan_sarif.yml`.
```yaml
name: mobsfscan sarif
on:
  push:
    branches: [ master, main ]
  pull_request:
    branches: [ master, main ]
jobs:
  mobsfscan:
    runs-on: ubuntu-latest
    name: mobsfscan code scanning
    steps:
    - name: Checkout the code
      uses: actions/checkout@v2
    - name: mobsfscan
      uses: MobSF/mobsfscan@main
      with:
        args: '. --sarif --output results.sarif || true'
    - name: Upload mobsfscan report
      uses: github/codeql-action/upload-sarif@v1
      with:
        sarif_file: results.sarif
```
![mobsfscan github code scanning](https://user-images.githubusercontent.com/4301109/118427198-839be300-b681-11eb-8b79-92b916ffe3ef.png)
#### Gitlab CI/CD
Add the following to the file `.gitlab-ci.yml`.
```yaml
stages:
    - test
mobsfscan:
    image: python
    before_script:
        - pip3 install --upgrade mobsfscan
    script:
        - mobsfscan .
```
Example: 
#### Travis CI
Add the following to the file `.travis.yml`.
```yaml
language: python
install:
    - pip3 install --upgrade mobsfscan
script:
    - mobsfscan .
```
#### Circle CI
Add the following to the file `.circleci/config.yaml`
```yaml
version: 2.1
jobs:
  mobsfscan:
    docker:
      - image: cimg/python:3.9.6
    steps:
      - checkout
      - run:
          name: Install mobsfscan
          command: pip install --upgrade mobsfscan
      - run:
           name: mobsfscan check
           command: mobsfscan .
```
## Docker
### Prebuilt image from [DockerHub](https://hub.docker.com/r/opensecurity/mobsfscan)
```bash
docker pull opensecurity/mobsfscan
docker run -v /path-to-source-dir:/src opensecurity/mobsfscan /src
```
### Build Locally
```
docker build -t mobsfscan .
docker run -v /path-to-source-dir:/src mobsfscan /src
```

%prep
%autosetup -n mobsfscan-0.2.0

%build
%py3_build

%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
	find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
	find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
	find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
	find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
	find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .

%files -n python3-mobsfscan -f filelist.lst
%dir %{python3_sitelib}/*

%files help -f doclist.lst
%{_docdir}/*

%changelog
* Thu Jun 08 2023 Python_Bot <Python_Bot@openeuler.org> - 0.2.0-1
- Package Spec generated