%global _empty_manifest_terminate_build 0
Name:		python-malwaretl-stoq-transformer
Version:	1.0.7
Release:	1
Summary:	Helper class to build Stoq instances for use in MalwareETL pipelines
License:	Apache Software License
URL:		https://github.com/g-clef/stoq_transformer
Source0:	https://mirrors.aliyun.com/pypi/web/packages/d4/7b/4f4aee8853bbabc6d9ac8217da5f273dd26cbfcba5117a64670e8a4a0105/malwaretl_stoq_transformer-1.0.7.tar.gz
BuildArch:	noarch

Requires:	python3-stoq-framework
Requires:	python3-lief

%description
# malwaretl_stoq_transformer
Transform step in malwarETL pipeline for captured files

This includes a few clustom stoQ plugins:
 1. A custom EMBER-format Lief because I want to make sure the data collected here matches the 
EMBER dataset format. The `to_json` LIEF method does not include some values if they're False, empty lists, etc in 
the final json, and that is a problem for training since those are values that I want to be able to learn on. Also,
some of the values were strangely different (`len(lief_obj.imported_functions) != len(lief_json["imports}]`) so I could
not be convinced that the json dump was clearly comparable to the EMBER dataset data.
 2. A custom version of the regular Lief plugin, because the lief library is looking for input as a list, rather than as a
straight bytestring, so the default Lief plugin didn't work.
 3. A custom dispatcher that looks at the mimetype of a file, and selectively dispatches files to workers depending on the mimetype.


This project is designed to be used in two ways (at the same time):
    1. Collector or Transformer projects import the library, get a stoq instance for their collector, and progressively hand
        files to that instance for scanning as they download them.
    2. Collector or Transformer projects use the Docker image generated here as the base image for their images, so that
        the stoq requirements are pre-installed in their starting image.


The original Stoq plugins that I modified were licensed under the Apache License, and are copyrighted by the 
PUNCH Cyber Analytics Group.


%package -n python3-malwaretl-stoq-transformer
Summary:	Helper class to build Stoq instances for use in MalwareETL pipelines
Provides:	python-malwaretl-stoq-transformer
BuildRequires:	python3-devel
BuildRequires:	python3-setuptools
BuildRequires:	python3-pip
%description -n python3-malwaretl-stoq-transformer
# malwaretl_stoq_transformer
Transform step in malwarETL pipeline for captured files

This includes a few clustom stoQ plugins:
 1. A custom EMBER-format Lief because I want to make sure the data collected here matches the 
EMBER dataset format. The `to_json` LIEF method does not include some values if they're False, empty lists, etc in 
the final json, and that is a problem for training since those are values that I want to be able to learn on. Also,
some of the values were strangely different (`len(lief_obj.imported_functions) != len(lief_json["imports}]`) so I could
not be convinced that the json dump was clearly comparable to the EMBER dataset data.
 2. A custom version of the regular Lief plugin, because the lief library is looking for input as a list, rather than as a
straight bytestring, so the default Lief plugin didn't work.
 3. A custom dispatcher that looks at the mimetype of a file, and selectively dispatches files to workers depending on the mimetype.


This project is designed to be used in two ways (at the same time):
    1. Collector or Transformer projects import the library, get a stoq instance for their collector, and progressively hand
        files to that instance for scanning as they download them.
    2. Collector or Transformer projects use the Docker image generated here as the base image for their images, so that
        the stoq requirements are pre-installed in their starting image.


The original Stoq plugins that I modified were licensed under the Apache License, and are copyrighted by the 
PUNCH Cyber Analytics Group.


%package help
Summary:	Development documents and examples for malwaretl-stoq-transformer
Provides:	python3-malwaretl-stoq-transformer-doc
%description help
# malwaretl_stoq_transformer
Transform step in malwarETL pipeline for captured files

This includes a few clustom stoQ plugins:
 1. A custom EMBER-format Lief because I want to make sure the data collected here matches the 
EMBER dataset format. The `to_json` LIEF method does not include some values if they're False, empty lists, etc in 
the final json, and that is a problem for training since those are values that I want to be able to learn on. Also,
some of the values were strangely different (`len(lief_obj.imported_functions) != len(lief_json["imports}]`) so I could
not be convinced that the json dump was clearly comparable to the EMBER dataset data.
 2. A custom version of the regular Lief plugin, because the lief library is looking for input as a list, rather than as a
straight bytestring, so the default Lief plugin didn't work.
 3. A custom dispatcher that looks at the mimetype of a file, and selectively dispatches files to workers depending on the mimetype.


This project is designed to be used in two ways (at the same time):
    1. Collector or Transformer projects import the library, get a stoq instance for their collector, and progressively hand
        files to that instance for scanning as they download them.
    2. Collector or Transformer projects use the Docker image generated here as the base image for their images, so that
        the stoq requirements are pre-installed in their starting image.


The original Stoq plugins that I modified were licensed under the Apache License, and are copyrighted by the 
PUNCH Cyber Analytics Group.


%prep
%autosetup -n malwaretl_stoq_transformer-1.0.7

%build
%py3_build

%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
	find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
	find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
	find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
	find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
	find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .

%files -n python3-malwaretl-stoq-transformer -f filelist.lst
%dir %{python3_sitelib}/*

%files help -f doclist.lst
%{_docdir}/*

%changelog
* Tue Jun 20 2023 Python_Bot <Python_Bot@openeuler.org> - 1.0.7-1
- Package Spec generated