%global _empty_manifest_terminate_build 0 Name: python-defusedcsv Version: 2.0.0 Release: 1 Summary: Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks License: Apache License 2.0 URL: https://github.com/raphaelm/defusedcsv Source0: https://mirrors.nju.edu.cn/pypi/web/packages/09/71/b315ee2dde73f37cc8245c5f31034e790ef72fa31b431f4bd534d9c0a19b/defusedcsv-2.0.0.tar.gz BuildArch: noarch %description If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS Excel or LibreOffice). This library tries to mitigate that by prepending all cells starting with ``@``, ``+``, ``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all ``|`` characters in these cells with ``\|``. This will of course change the resulting CSV files, but Excel will not display the ``'`` character to the user. Tested with Python 3.8 to 3.10. %package -n python3-defusedcsv Summary: Drop-in replacement for Python's CSV library that tries to mitigate CSV injection attacks Provides: python-defusedcsv BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: python3-pip %description -n python3-defusedcsv If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS Excel or LibreOffice). This library tries to mitigate that by prepending all cells starting with ``@``, ``+``, ``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all ``|`` characters in these cells with ``\|``. This will of course change the resulting CSV files, but Excel will not display the ``'`` character to the user. Tested with Python 3.8 to 3.10. %package help Summary: Development documents and examples for defusedcsv Provides: python3-defusedcsv-doc %description help If your Python application offers CSV export of user-generated data, that user-generated data might contain malicious payloads that might trigger vulnerabilities in the spreadsheet software of the user that downloads the file (i.e. MS Excel or LibreOffice). This library tries to mitigate that by prepending all cells starting with ``@``, ``+``, ``-``, ``=``, ``|`` or ``%`` with an apostrophe ``'`` and additionally replacing all ``|`` characters in these cells with ``\|``. This will of course change the resulting CSV files, but Excel will not display the ``'`` character to the user. Tested with Python 3.8 to 3.10. %prep %autosetup -n defusedcsv-2.0.0 %build %py3_build %install %py3_install install -d -m755 %{buildroot}/%{_pkgdocdir} if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi pushd %{buildroot} if [ -d usr/lib ]; then find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/lib64 ]; then find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/bin ]; then find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi if [ -d usr/sbin ]; then find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst fi touch doclist.lst if [ -d usr/share/man ]; then find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst fi popd mv %{buildroot}/filelist.lst . mv %{buildroot}/doclist.lst . %files -n python3-defusedcsv -f filelist.lst %dir %{python3_sitelib}/* %files help -f doclist.lst %{_docdir}/* %changelog * Thu Jun 08 2023 Python_Bot - 2.0.0-1 - Package Spec generated