python-ubel 0.1.0__py3-none-any.whl

python_ubel-0.1.0.dist-info/METADATA

@@ -0,0 +1,224 @@
+Metadata-Version: 2.4
+Name: python-ubel
+Version: 0.1.0
+Summary: Supply-chain dependency firewall for: Python, Node, PHP, Ubuntu, Debian, Red Hat, and Almalinux.
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests
+Requires-Dist: python-dotenv
+Requires-Dist: cvss
+Requires-Dist: reportlab
+Requires-Dist: distro
+Dynamic: license-file
+
+# UBEL ( Unified Bill / Enforced Law ) – Multi‑Ecosystem Security & Policy Enforcement CLI
+
+Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation. It works with:
+
+- **PyPI** (via `ubel-pip`)
+- **npm** (via `ubel-npm`)
+- **Linux distributions** (Ubuntu, Debian, RHEL, AlmaLinux)
+
+Ubel runs in **CLI**, **automation scripts**, and **CI/CD pipelines**, producing clean **JSON** and **PDF** reports.
+
+---
+
+## ✨ Features
+- Full dependency resolution across ecosystems
+- OSV.dev vulnerability scanning (batch API)
+- Policy engine (block/allow by severity & infection)
+- Checking linux-package or node/python dependency or entire project (`check` mode)
+- Install‑time enforcement (`install` mode)
+- Project‑level/Host-level scanning (`health` mode)
+- Catches Non-CVEs
+- It is a supply-chain protection tool
+- Automatic report generation (JSON + PDF)
+- Extremely fast (seconds per scan)
+
+---
+
+## 📦 Installation
+```bash
+pip install ubel
+```
+
+Ubel exposes three binaries:
+
+- `ubel` (Linux package scanning and OS-level operations: Ubuntu , Debian, Red Hat, Almalinux )
+- `ubel-pip` (Python ecosystem)
+- `ubel-npm` (Node.js ecosystem)
+
+---
+
+# 🚀 Usage Overview
+
+## Main CLI
+```
+usage: ubel [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+
+## PyPI CLI
+```
+usage: ubel-pip [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+
+## npm CLI
+```
+usage: ubel-npm [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+
+---
+
+# 🧠 Commands Explained
+
+### **check**
+Resolve dependencies/linux-packages → generate report → exit.
+
+#### Python example:
+```bash
+ubel-pip check
+```
+If no extra arguments are passed, Ubel will:
+- Detect `requirements.txt`
+- Resolve all packages
+- Scan them
+- Output PDF + JSON
+
+#### npm example:
+```bash
+ubel-npm check flask==3.1.0
+```
+If no args are passed, it will detect `package.json` automatically.
+
+---
+
+### **install**
+Same as `check`, but enforces policies and either **blocks or allows** installation.
+
+#### Python example:
+```bash
+ubel-pip install flask==3.1.0
+```
+Or auto-detect project requirements:
+```bash
+ubel-pip install
+```
+
+#### npm example:
+```bash
+ubel-npm install express@5.0.0
+```
+Or simply:
+```bash
+ubel-npm install
+```
+(uses `package.json` automatically)
+
+---
+
+### **health**
+Scan the **entire machine** or **running project**, including:
+- Installed PyPI packages
+- Installed npm global packages
+- OS-level packages (Ubuntu/Debian/RHEL/AlmaLinux)
+
+Example:
+( for linux )
+```bash
+ubel health
+```
+or ( for node.js app )
+```bash
+ubel-npm health
+```
+or ( for python app )
+```bash
+ubel-pip health
+```
+
+This mode produces large, detailed inventories and vulnerability matrices.
+
+---
+
+### **init**
+Initialize a policy file for the project or system.
+
+Example:
+```bash
+ubel init
+```
+Creates default policy:
+```yaml
+infections: block
+severity:
+  critical: block
+  high: block
+  medium: allow
+  low: allow
+  unknown: allow
+```
+
+---
+
+### **allow / block**
+Override Ubel's decision from CI/CD or scripted pipelines.
+
+The arguments can be: "low", "medium", "high", "critical".
+
+Example:
+```bash
+ubel block high critical
+```
+---
+
+# 📁 Automatic Project Detection
+
+For **npm** and **PyPI**, when running:
+- `install`
+- `check`
+
+without arguments:
+
+### Ubel automatically loads:
+- `package.json` (for npm)
+- `requirements.txt` (for pip)
+
+This makes it ideal for CI/CD workflows.
+
+---
+
+# 📤 Output
+Ubel generates:
+
+### **1. JSON report**
+Machine‑readable, includes:
+- dependency list
+- purls
+- vulnerabilities
+- severity
+- infection state
+- policy decision
+- Generate complete SBOM-like machine inventory
+
+### **2. PDF report**
+Human‑readable, includes:
+- summary statistics
+- per‑dependency vulnerability details
+- fix recommendations
+- tables
+- OSV reference links
+- Generate complete SBOM-like machine inventory
+
+
+---
+
+# 🧩 Ecosystem Tools
+- `ubel` → system packages, Linux distros
+- `ubel-pip` → PyPI projects, virtual environments\
+- `ubel-npm` → Node.js, npm, package.json projects
+
+
+---
+Ubel – Secure every dependency, before it reaches production.
+

python_ubel-0.1.0.dist-info/RECORD

@@ -0,0 +1,17 @@
+python_ubel-0.1.0.dist-info/licenses/LICENSE,sha256=YuSjxlIwoAbeNKWf3O9NTujI4ax1QLfkBB_XTDLFvXA,1088
+ubel/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+ubel/cli.py,sha256=jpUTxhJoCF1sDtarNxlrBr_sVJHEBAh2G65glGFg6uE,3919
+ubel/client.py,sha256=3oJ-3WdykcXmEgHmzgdgBvnCy__f6LkJcu8_r2vdizI,1356
+ubel/cvss_parser.py,sha256=FWI5x9icTRWB_XObSvmTnL5d6YbiSM0LBjSbzeqiT9w,2433
+ubel/info.py,sha256=FRnQiC9Ji7hoKGlO7yIXVRznr59y1H4v-l47AP4GSsQ,1353
+ubel/linux_runner.py,sha256=8tToN1QlDWeykjQVn037RIzq67VMq5AgXEekOYh_1rk,9448
+ubel/node_runner.py,sha256=kprOV8PtMZA4sREjN_r-b7gFRBhoAGdKySyufyogNz8,14301
+ubel/policy.py,sha256=Us3A7c5DMgBN1IvfmltYvdyumo3rYk5CmKbbFeIMDdM,1473
+ubel/python_runner.py,sha256=awZJ74cIHmOVuG2-NgMTGzYwP3fo88If7Nj6wLFfxXk,4016
+ubel/ubel_engine.py,sha256=vNg7MGQFnvPOUtcnw1ooFKbkFDqM5DoiMWW90r6Q2qA,25014
+ubel/utils.py,sha256=-Ls_R2ZLyUoC_H0CHl_0Q15MCqaVcEtSke7FVX0JcIw,853
+python_ubel-0.1.0.dist-info/METADATA,sha256=rChvCsbx3wSgETJuA3MwpKB7butOmFzpXHBoaHADK-U,4788
+python_ubel-0.1.0.dist-info/WHEEL,sha256=YCfwYGOYMi5Jhw2fU4yNgwErybb2IX5PEwBKV4ZbdBo,91
+python_ubel-0.1.0.dist-info/entry_points.txt,sha256=VaItRGYmWEUXwHsIEjFHgVF1V2V2_XZmZbkxs7W3vBs,103
+python_ubel-0.1.0.dist-info/top_level.txt,sha256=CfqimShQ7W7iW8Btb9yjfBoS98rHo94ulKa7FRb7VYw,5
+python_ubel-0.1.0.dist-info/RECORD,,

python_ubel-0.1.0.dist-info/WHEEL

@@ -0,0 +1,5 @@
+Wheel-Version: 1.0
+Generator: setuptools (82.0.0)
+Root-Is-Purelib: true
+Tag: py3-none-any
+

python_ubel-0.1.0.dist-info/entry_points.txt

@@ -0,0 +1,4 @@
+[console_scripts]
+ubel = ubel.cli:linux_mode
+ubel-npm = ubel.cli:npm_mode
+ubel-pip = ubel.cli:pip_mode

python_ubel-0.1.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Ala Bouali
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

python_ubel-0.1.0.dist-info/top_level.txt

@@ -0,0 +1 @@
+ubel

ubel/cli.py

@@ -0,0 +1,141 @@
+import argparse
+import sys
+import json
+
+from .ubel_engine import Ubel_Engine
+from .python_runner import Pypi_Manager
+from .linux_runner import Linux_Manager
+from pathlib import Path
+from .utils import load_environment, create_output_dir, download_file
+from .policy import evaluate_policy
+from .info import banner
+
+
+def print_banner():
+
+    print(banner)
+    print()
+    print(f"Reports location: {Ubel_Engine.reports_location}")
+    print()
+
+    print(f"Policy location: {Ubel_Engine.policy_dir}")
+    print()
+
+def set_policy_rules(action,severities):
+    data=Ubel_Engine.load_policy()
+    for rule in data["severity"]:
+        if rule in severities:
+            data["severity"][rule]=action
+    with open(f"{Ubel_Engine.policy_dir}/{Ubel_Engine.policy_filename}","w") as file:
+        json.dump(data,file,indent=4)
+        file.close()
+
+def non_linux_mode(pkg_manager,ecosystem,description):
+
+    print_banner()
+    
+    parser = argparse.ArgumentParser(
+        description=description
+    )
+
+    parser.add_argument(
+        "mode",
+        choices=["check", "install", "health", "init","allow","block"],
+        help="Execution mode"
+    )
+
+    parser.add_argument(
+        "extra_args",
+        nargs="*",
+        help="Arguments passed after mode"
+    )
+
+    Ubel_Engine.engine=pkg_manager
+    Ubel_Engine.system_type=ecosystem
+
+    args = parser.parse_args()
+    Ubel_Engine.initiate_local_policy()
+    if args.mode:
+        Ubel_Engine.check_mode=args.mode
+    else:
+        Ubel_Engine.check_mode="init"
+    
+    if Ubel_Engine.check_mode=="init":
+        sys.exit(0)
+    
+
+    api_key, asset_id, endpoint = load_environment()
+    pkgs=[]
+    if args.extra_args in [None,[]] and pkg_manager=="pip" and Ubel_Engine.check_mode in ["check","install"]:
+        with open("requirements.txt","r") as requirement_file:
+            lines=requirement_file.readlines()
+            requirement_file.close()
+        pkgs=[line.strip() for line in lines if line.strip()!=""]
+    else:
+        pkgs=args.extra_args
+    
+
+    if Ubel_Engine.check_mode in ["allow","block"]:
+        set_policy_rules(args.mode,args.extra_args)
+        sys.exit(0)
+
+    if not api_key and not asset_id:
+        Ubel_Engine.scan(pkgs)
+        sys.exit(0)
+
+
+def linux_mode():
+    parser = argparse.ArgumentParser(
+        description="Safe Linux policy-driven supply-chain firewall"
+    )
+    Ubel_Engine.initiate_local_policy()
+
+    Ubel_Engine.system_type=Linux_Manager.get_os_info()["id"]
+    Ubel_Engine.reports_location=f'{Path.home()}/{Ubel_Engine.reports_location}'
+    Ubel_Engine.policy_dir=f'{Path.home()}/{Ubel_Engine.policy_dir}'
+
+    print(banner)
+    print()
+    print(f"Reports location: {Ubel_Engine.reports_location}")
+    print()
+
+    print(f"Policy location: {Ubel_Engine.policy_dir}")
+    print()
+
+    parser.add_argument(
+        "mode",
+        choices=["check", "install", "health", "init","allow","block"],
+        help="Execution mode"
+    )
+
+    parser.add_argument(
+        "extra_args",
+        nargs="*",
+        help="Arguments passed after mode"
+    )
+
+    args = parser.parse_args()
+    Ubel_Engine.initiate_local_policy()
+    if args.mode:
+        Ubel_Engine.check_mode=args.mode
+    else:
+        Ubel_Engine.check_mode="init"
+    if Ubel_Engine.check_mode=="init":
+        sys.exit(0)
+    
+    if Ubel_Engine.check_mode in ["allow","block"]:
+        set_policy_rules(args.mode,args.extra_args)
+        sys.exit(0)
+
+    api_key, asset_id, endpoint = load_environment()
+    if not api_key and not asset_id:
+        Ubel_Engine.scan(args.extra_args)
+        sys.exit(0)
+
+
+def pip_mode():
+    non_linux_mode("pip","pypi","Safe Python policy-driven supply-chain firewall")
+
+
+def npm_mode():
+    non_linux_mode("npm","npm","Safe Node.js policy-driven supply-chain firewall")

ubel/client.py

@@ -0,0 +1,50 @@
+import requests
+import time
+
+
+class UbelClient:
+    def __init__(self, base_url: str, api_key: str, asset_id: str):
+        self.base_url = base_url.rstrip("/")
+        self.api_key = api_key
+        self.asset_id = asset_id
+
+    def _headers(self):
+        return {
+            "Authorization": f"Bearer {self.api_key}",
+            "Content-Type": "application/json"
+        }
+
+    def upload_report(self, report_json: dict):
+        payload = {
+            "asset_id": self.asset_id,
+            "data": report_json
+        }
+
+        r = requests.post(
+            f"{self.base_url}/scan",
+            json=payload,
+            headers=self._headers(),
+            timeout=120,
+        )
+        r.raise_for_status()
+        return r.json()
+
+    def poll_until_ready(self, report_id: str, interval=5, timeout=600):
+        start = time.time()
+
+        while True:
+            if time.time() - start > timeout:
+                raise TimeoutError("Report polling timed out")
+
+            r = requests.get(
+                f"{self.base_url}/report/{report_id}",
+                headers=self._headers(),
+                timeout=60,
+            )
+            r.raise_for_status()
+            data = r.json()
+
+            if "json_report" in data:
+                return data
+
+            time.sleep(interval)

ubel/cvss_parser.py

@@ -0,0 +1,61 @@
+from cvss import CVSS2, CVSS3, CVSS4
+
+class CVSS_Parser:
+
+    @staticmethod
+    def parse(vector:str):
+        try:
+            if vector.startswith('CVSS:4.'):
+                data=CVSS4(vector)
+            elif vector.startswith('CVSS:3.'):
+                data=CVSS3(vector)
+            else:
+                data=CVSS3(vector)
+            try:
+                base_score=data.base_score
+            except:
+                base_score=None
+            try:
+                severity=data.severity
+            except:
+                severity="unknown"
+            return str(base_score),severity
+        except:
+            return None,"unknown"
+    
+    @staticmethod
+    def process_vulnerability(vuln:dict):
+        if "severity" in vuln:
+            severity_vector_list=vuln.get("severity",[])
+            if severity_vector_list!=[]:
+                severity_vector=severity_vector_list[0].get("score")
+                if severity_vector_list[0].get("type").lower()=="ubuntu":
+                    vuln["severity"]=severity_vector
+                    vuln["severity_score"]=None
+                    vuln["severity_vector"]=None
+                    return
+                else:
+                    info=CVSS_Parser.parse(severity_vector)
+                    vuln["severity"]=info[1]
+                    vuln["severity_score"]=info[0]
+                    vuln["severity_vector"]=severity_vector
+                    if vuln["severity"] in [None,"","unknown"]:
+                        if vuln["severity_score"]!=None:
+                            severity_score=vuln["severity_score"] 
+                            score = float(severity_score)
+                            if 0.0 < score < 4.0:
+                                severity = "low"
+                            elif 4.0 <= score < 7.0:
+                                severity = "medium"
+                            elif 7.0 <= score < 9.0:
+                                severity = "high"
+                            elif 9.0 <= score <= 10.0:
+                                severity = "critical"
+                            else:
+                                severity = "unknown"  # out-of-range protection
+                            vuln["severity"]=severity
+                    return
+        vuln["severity"]="unknown"
+        vuln["severity_score"]=None
+        vuln["severity_vector"]=None
+        

ubel/info.py

@@ -0,0 +1,37 @@
+__version__ = "0.1.0"
+__tool_name__="Ubel"
+__tool_name_ascii__="""
+
+ ██    ██  ██████▒   ████████  ██       
+ ██    ██  ███████▓  ████████  ██       
+ ██    ██  ██   ▒██  ██        ██       
+ ██    ██  ██    ██  ██        ██       
+ ██    ██  ██   ▒██  ██        ██       
+ ██    ██  ███████░  ███████   ██       
+ ██    ██  ███████░  ███████   ██       
+ ██    ██  ██   ▒██  ██        ██       
+ ██    ██  ██    ██  ██        ██       
+ ██▓  ▓██  ██   ▒██  ██        ██       
+ ▒██████▒  ████████  ████████  ████████ 
+  ▒████▒   ██████▓   ████████  ████████ 
+                                        
+"""
+
+__author__="Ala Bouali"
+
+__company__="Arcane-Spark"
+
+__github__="https://github.com/AlaBouali/ubel"
+
+banner=f"""
+{__tool_name_ascii__}
+
+        Version: {__version__}
+
+        Author: {__author__}
+
+        GitHub: {__github__}
+
+        Company: {__company__}
+
+"""