SPECS: pixy.spec (NEW) - new

glen glen at pld-linux.org
Wed Apr 15 10:28:32 CEST 2009


Author: glen                         Date: Wed Apr 15 08:28:32 2009 GMT
Module: SPECS                         Tag: HEAD
---- Log message:
- new

---- Files affected:
SPECS:
   pixy.spec (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SPECS/pixy.spec
diff -u /dev/null SPECS/pixy.spec:1.1
--- /dev/null	Wed Apr 15 10:28:32 2009
+++ SPECS/pixy.spec	Wed Apr 15 10:28:27 2009
@@ -0,0 +1,79 @@
+# $Revision$, $Date$
+# TODO
+# - create .jar instead of using two trees of .classes
+# - external dep for lib/* classes
+%define		ver	%(echo %{version} | tr . _)
+Summary:	Pixy: XSS and SQLI Scanner for PHP Programs
+Name:		pixy
+Version:	3.02
+Release:	0.5
+License:	Gentleperson's Agreement
+Group:		Development/Languages/Java
+Source0:	http://pixybox.seclab.tuwien.ac.at/pixy/dist/%{name}_%{ver}.zip
+# Source0-md5:	037873e8cdfc0d616697798837d76706
+URL:		http://pixybox.seclab.tuwien.ac.at/pixy/index.php
+BuildRequires:	rpmbuild(macros) >= 1.461
+Requires:	jre
+Requires:	junit
+BuildArch:	noarch
+BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define		_appdir		%{_datadir}/%{name}
+
+%description
+Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities
+are present in many modern web applications, and are reported
+continuously on pages such as BugTraq. In the past, finding such
+vulnerabilities usually involved manual source code audits.
+Unfortunately, this manual vulnerability search is a very tiresome and
+error-prone task.
+
+%prep
+%setup -q -n Pixy
+
+rm -f lib/junit.jar
+# create startup script in shell
+cat > pixy.sh <<'EOF'
+#!/bin/sh
+# minimum and maximum memory that you want Pixy to use
+mem_min=256m
+mem_max=1024m
+
+# setup pixy_home, maybe overridden by env var
+PIXY_HOME="${PIXY_HOME:-$HOME/.pixy}"
+if [ ! -d "$PIXY_HOME" ]; THEN
+	echo >&2 "Setting up $PIXY_HOME"
+	mkdir -m700 "$PIXY_HOME"
+	mkdir -m700 "$PIXY_HOME/config"
+	cp -a %{_appdir}/config/* "$PIXY_HOME/config"
+fi
+
+CLASSPATH="%{_appdir}/lib:%{_appdir}/class:$(find-jar junit)"
+exec java -Xms$mem_min -Xmx$mem_max -Dpixy.home="$PIXY_HOME" -classpath "$CLASSPATH" at.ac.tuwien.infosys.www.pixy.Checker -a -y xss:sql ${1:+"$@"}
+EOF
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{%{_appdir},%{_bindir}}
+# classes. TODO: include into jar, both of these
+cp -a lib build/class $RPM_BUILD_ROOT%{_appdir}
+# sample config
+cp -a config $RPM_BUILD_ROOT%{_appdir}
+install pixy.sh $RPM_BUILD_ROOT%{_bindir}/pixy
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_bindir}/pixy
+%{_appdir}
+
+%define date	%(echo `LC_ALL="C" date +"%a %b %d %Y"`)
+%changelog
+* %{date} PLD Team <feedback at pld-linux.org>
+All persons listed below can be reached at <cvs_login>@pld-linux.org
+
+$Log$
+Revision 1.1  2009/04/15 08:28:27  glen
+- new
================================================================


More information about the pld-cvs-commit mailing list