%global _empty_manifest_terminate_build 0
Name: python-badfiles
Version: 0.3.0
Release: 1
Summary: A malicious file detection engine written with Python and Yara.
License: Apache-2.0
URL: https://github.com/jeffallan/badfiles
Source0: https://mirrors.aliyun.com/pypi/web/packages/61/3f/b7a459677b2343503c0634c8994c7a230ab4f499e5a6fe35b272eae9905b/badfiles-0.3.0.tar.gz
BuildArch: noarch
Requires: python3-Gooey
Requires: python3-black
Requires: python3-flake8
Requires: python3-flake8-docstrings
Requires: python3-isort
Requires: python3-mkdocs
Requires: python3-mkdocs-autorefs
Requires: python3-mkdocs-include-markdown-plugin
Requires: python3-mkdocs-material
Requires: python3-mkdocs-material-extensions
Requires: python3-mkdocstrings
Requires: python3-pip
Requires: python3-pre-commit
Requires: python3-pytest
Requires: python3-pytest-cov
Requires: python3-magic
Requires: python3-toml
Requires: python3-tox
Requires: python3-twine
Requires: python3-virtualenv
Requires: python3-yara-python
%description
# badfiles
A malicious file detection engine written with Python and Yara.
* Free software: Apache-2.0
* Documentation:
## Introduction
At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector.
The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly.
## Features
Currently, this project focuses on detecting the following:
### Generally Suspicious Files:
:heavy_check_mark: Mime type confusion.
:black_square_button: Files with a root UID or GID (*NIX only).
:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
### CSV Files
:heavy_check_mark: CSV Injection.
:black_square_button: Files with a root UID or GID (*NIX only).
:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
### Office Documents
:heavy_check_mark: DDE injection.
:heavy_check_mark: Files with a root UID or GID (*NIX only).
:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
### Zip Files
:heavy_check_mark: Symlink attacks.
:heavy_check_mark: Zip slips.
:heavy_check_mark: Nested zip bombs.
:heavy_check_mark: Flat zip bombs.
:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
:heavy_check_mark: Files with a root UID or GID (*NIX only).
### Tar Files
:heavy_check_mark: Files with a root UID or GID (*NIX only).
:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
:black_square_button: Files with absolute paths (*Nix only).
### Additional Features
Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details.
## [Getting Started](https://jeffallan.github.io/badfiles/installation/)
## [Usage](https://jeffallan.github.io/badfiles/usage/)
## Credits
This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage)
This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules.
This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads.
### Contributors
%package -n python3-badfiles
Summary: A malicious file detection engine written with Python and Yara.
Provides: python-badfiles
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: python3-pip
%description -n python3-badfiles
# badfiles
A malicious file detection engine written with Python and Yara.
* Free software: Apache-2.0
* Documentation:
## Introduction
At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector.
The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly.
## Features
Currently, this project focuses on detecting the following:
### Generally Suspicious Files:
:heavy_check_mark: Mime type confusion.
:black_square_button: Files with a root UID or GID (*NIX only).
:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
### CSV Files
:heavy_check_mark: CSV Injection.
:black_square_button: Files with a root UID or GID (*NIX only).
:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
### Office Documents
:heavy_check_mark: DDE injection.
:heavy_check_mark: Files with a root UID or GID (*NIX only).
:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
### Zip Files
:heavy_check_mark: Symlink attacks.
:heavy_check_mark: Zip slips.
:heavy_check_mark: Nested zip bombs.
:heavy_check_mark: Flat zip bombs.
:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
:heavy_check_mark: Files with a root UID or GID (*NIX only).
### Tar Files
:heavy_check_mark: Files with a root UID or GID (*NIX only).
:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
:black_square_button: Files with absolute paths (*Nix only).
### Additional Features
Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details.
## [Getting Started](https://jeffallan.github.io/badfiles/installation/)
## [Usage](https://jeffallan.github.io/badfiles/usage/)
## Credits
This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage)
This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules.
This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads.
### Contributors
%package help
Summary: Development documents and examples for badfiles
Provides: python3-badfiles-doc
%description help
# badfiles
A malicious file detection engine written with Python and Yara.
* Free software: Apache-2.0
* Documentation:
## Introduction
At some point most applications need to accept files from a third party. Since we do not have absolute control over these files they can present a serious threat vector.
The aim of this project is to provide a flexible and expandable solution to triage these files so they can be handled accordingly.
## Features
Currently, this project focuses on detecting the following:
### Generally Suspicious Files:
:heavy_check_mark: Mime type confusion.
:black_square_button: Files with a root UID or GID (*NIX only).
:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
### CSV Files
:heavy_check_mark: CSV Injection.
:black_square_button: Files with a root UID or GID (*NIX only).
:black_square_button: Sticky, setuid, or setgit bit (*NIX only).
### Office Documents
:heavy_check_mark: DDE injection.
:heavy_check_mark: Files with a root UID or GID (*NIX only).
:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
### Zip Files
:heavy_check_mark: Symlink attacks.
:heavy_check_mark: Zip slips.
:heavy_check_mark: Nested zip bombs.
:heavy_check_mark: Flat zip bombs.
:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
:heavy_check_mark: Files with a root UID or GID (*NIX only).
### Tar Files
:heavy_check_mark: Files with a root UID or GID (*NIX only).
:heavy_check_mark: Sticky, setuid, or setgit bit (*NIX only).
:black_square_button: Files with absolute paths (*Nix only).
### Additional Features
Please file an issue or a pull request especially if you have found or created malicious files that bypass these detection mechanisms. Please see the [contributing guidelines](https://jeffallan.github.io/badfiles/contributing/) for more details.
## [Getting Started](https://jeffallan.github.io/badfiles/installation/)
## [Usage](https://jeffallan.github.io/badfiles/usage/)
## Credits
This package was created with [This Cookiecutter template.](https://github.com/zillionare/cookiecutter-pypackage)
This project uses [zip-bomb](https://github.com/damianrusinek/zip-bomb) to create the nested and flat zip bombs for unit testing and detection rules.
This project uses a custom Yara rule from [Reversing Labs](https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation) to detect obfuscated CSV injection payloads.
### Contributors
%prep
%autosetup -n badfiles-0.3.0
%build
%py3_build
%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
find usr/lib -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
find usr/lib64 -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
find usr/bin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
find usr/sbin -type f -printf "\"/%h/%f\"\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
find usr/share/man -type f -printf "\"/%h/%f.gz\"\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .
%files -n python3-badfiles -f filelist.lst
%dir %{python3_sitelib}/*
%files help -f doclist.lst
%{_docdir}/*
%changelog
* Thu Jun 08 2023 Python_Bot - 0.3.0-1
- Package Spec generated