2 # - create .jar instead of using two trees of .classes
3 # - external dep for lib/* classes
4 %define ver %(echo %{version} | tr . _)
5 Summary: Pixy: XSS and SQLI Scanner for PHP Programs
9 License: Gentleperson's Agreement
10 Group: Development/Languages/Java
11 Source0: http://pixybox.seclab.tuwien.ac.at/pixy/dist/%{name}_%{ver}.zip
12 # Source0-md5: 037873e8cdfc0d616697798837d76706
13 URL: http://pixybox.seclab.tuwien.ac.at/pixy/index.php
14 BuildRequires: rpmbuild(macros) >= 1.461
19 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
21 %define _appdir %{_datadir}/%{name}
24 Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities
25 are present in many modern web applications, and are reported
26 continuously on pages such as BugTraq. In the past, finding such
27 vulnerabilities usually involved manual source code audits.
28 Unfortunately, this manual vulnerability search is a very tiresome and
35 # create startup script in shell
38 # minimum and maximum memory that you want Pixy to use
42 # setup pixy_home, maybe overridden by env var
43 PIXY_HOME="${PIXY_HOME:-$HOME/.pixy}"
44 if [ ! -d "$PIXY_HOME" ]; THEN
45 echo >&2 "Setting up $PIXY_HOME"
46 mkdir -m700 "$PIXY_HOME"
47 mkdir -m700 "$PIXY_HOME/config"
48 cp -a %{_appdir}/config/* "$PIXY_HOME/config"
51 CLASSPATH="%{_appdir}/lib:%{_appdir}/class:$(find-jar junit)"
52 exec java -Xms$mem_min -Xmx$mem_max -Dpixy.home="$PIXY_HOME" -classpath "$CLASSPATH" at.ac.tuwien.infosys.www.pixy.Checker -a -y xss:sql ${1:+"$@"}
56 rm -rf $RPM_BUILD_ROOT
57 install -d $RPM_BUILD_ROOT{%{_appdir},%{_bindir}}
58 # classes. TODO: include into jar, both of these
59 cp -a lib build/class $RPM_BUILD_ROOT%{_appdir}
61 cp -a config $RPM_BUILD_ROOT%{_appdir}
62 install pixy.sh $RPM_BUILD_ROOT%{_bindir}/pixy
65 rm -rf $RPM_BUILD_ROOT
68 %defattr(644,root,root,755)
69 %attr(755,root,root) %{_bindir}/pixy