PyPI - python-ubel - Versions diffs - 0.1.0__tar.gz - Mend

python-ubel 0.1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

python_ubel-0.1.0/LICENSE +21 -0
python_ubel-0.1.0/PKG-INFO +224 -0
python_ubel-0.1.0/README.md +210 -0
python_ubel-0.1.0/pyproject.toml +18 -0
python_ubel-0.1.0/python_ubel.egg-info/PKG-INFO +224 -0
python_ubel-0.1.0/python_ubel.egg-info/SOURCES.txt +20 -0
python_ubel-0.1.0/python_ubel.egg-info/dependency_links.txt +1 -0
python_ubel-0.1.0/python_ubel.egg-info/entry_points.txt +4 -0
python_ubel-0.1.0/python_ubel.egg-info/requires.txt +5 -0
python_ubel-0.1.0/python_ubel.egg-info/top_level.txt +1 -0
python_ubel-0.1.0/setup.cfg +4 -0
python_ubel-0.1.0/ubel/__init__.py +0 -0
python_ubel-0.1.0/ubel/cli.py +141 -0
python_ubel-0.1.0/ubel/client.py +50 -0
python_ubel-0.1.0/ubel/cvss_parser.py +61 -0
python_ubel-0.1.0/ubel/info.py +37 -0
python_ubel-0.1.0/ubel/linux_runner.py +290 -0
python_ubel-0.1.0/ubel/node_runner.py +399 -0
python_ubel-0.1.0/ubel/policy.py +44 -0
python_ubel-0.1.0/ubel/python_runner.py +126 -0
python_ubel-0.1.0/ubel/ubel_engine.py +640 -0
python_ubel-0.1.0/ubel/utils.py +32 -0

python_ubel-0.1.0/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Ala Bouali
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

python_ubel-0.1.0/PKG-INFO ADDED Viewed

@@ -0,0 +1,224 @@
+Metadata-Version: 2.4
+Name: python-ubel
+Version: 0.1.0
+Summary: Supply-chain dependency firewall for: Python, Node, PHP, Ubuntu, Debian, Red Hat, and Almalinux.
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests
+Requires-Dist: python-dotenv
+Requires-Dist: cvss
+Requires-Dist: reportlab
+Requires-Dist: distro
+Dynamic: license-file
+# UBEL ( Unified Bill / Enforced Law ) – Multi‑Ecosystem Security & Policy Enforcement CLI
+Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation. It works with:
+- **PyPI** (via `ubel-pip`)
+- **npm** (via `ubel-npm`)
+- **Linux distributions** (Ubuntu, Debian, RHEL, AlmaLinux)
+Ubel runs in **CLI**, **automation scripts**, and **CI/CD pipelines**, producing clean **JSON** and **PDF** reports.
+---
+## ✨ Features
+- Full dependency resolution across ecosystems
+- OSV.dev vulnerability scanning (batch API)
+- Policy engine (block/allow by severity & infection)
+- Checking linux-package or node/python dependency or entire project (`check` mode)
+- Install‑time enforcement (`install` mode)
+- Project‑level/Host-level scanning (`health` mode)
+- Catches Non-CVEs
+- It is a supply-chain protection tool
+- Automatic report generation (JSON + PDF)
+- Extremely fast (seconds per scan)
+---
+## 📦 Installation
+```bash
+pip install ubel
+```
+Ubel exposes three binaries:
+- `ubel` (Linux package scanning and OS-level operations: Ubuntu , Debian, Red Hat, Almalinux )
+- `ubel-pip` (Python ecosystem)
+- `ubel-npm` (Node.js ecosystem)
+---
+# 🚀 Usage Overview
+## Main CLI
+```
+usage: ubel [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+## PyPI CLI
+```
+usage: ubel-pip [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+## npm CLI
+```
+usage: ubel-npm [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+---
+# 🧠 Commands Explained
+### **check**
+Resolve dependencies/linux-packages → generate report → exit.
+#### Python example:
+```bash
+ubel-pip check
+```
+If no extra arguments are passed, Ubel will:
+- Detect `requirements.txt`
+- Resolve all packages
+- Scan them
+- Output PDF + JSON
+#### npm example:
+```bash
+ubel-npm check flask==3.1.0
+```
+If no args are passed, it will detect `package.json` automatically.
+---
+### **install**
+Same as `check`, but enforces policies and either **blocks or allows** installation.
+#### Python example:
+```bash
+ubel-pip install flask==3.1.0
+```
+Or auto-detect project requirements:
+```bash
+ubel-pip install
+```
+#### npm example:
+```bash
+ubel-npm install express@5.0.0
+```
+Or simply:
+```bash
+ubel-npm install
+```
+(uses `package.json` automatically)
+---
+### **health**
+Scan the **entire machine** or **running project**, including:
+- Installed PyPI packages
+- Installed npm global packages
+- OS-level packages (Ubuntu/Debian/RHEL/AlmaLinux)
+Example:
+( for linux )
+```bash
+ubel health
+```
+or ( for node.js app )
+```bash
+ubel-npm health
+```
+or ( for python app )
+```bash
+ubel-pip health
+```
+This mode produces large, detailed inventories and vulnerability matrices.
+---
+### **init**
+Initialize a policy file for the project or system.
+Example:
+```bash
+ubel init
+```
+Creates default policy:
+```yaml
+infections: block
+severity:
+  critical: block
+  high: block
+  medium: allow
+  low: allow
+  unknown: allow
+```
+---
+### **allow / block**
+Override Ubel's decision from CI/CD or scripted pipelines.
+The arguments can be: "low", "medium", "high", "critical".
+Example:
+```bash
+ubel block high critical
+```
+---
+# 📁 Automatic Project Detection
+For **npm** and **PyPI**, when running:
+- `install`
+- `check`
+without arguments:
+### Ubel automatically loads:
+- `package.json` (for npm)
+- `requirements.txt` (for pip)
+This makes it ideal for CI/CD workflows.
+---
+# 📤 Output
+Ubel generates:
+### **1. JSON report**
+Machine‑readable, includes:
+- dependency list
+- purls
+- vulnerabilities
+- severity
+- infection state
+- policy decision
+- Generate complete SBOM-like machine inventory
+### **2. PDF report**
+Human‑readable, includes:
+- summary statistics
+- per‑dependency vulnerability details
+- fix recommendations
+- tables
+- OSV reference links
+- Generate complete SBOM-like machine inventory
+---
+# 🧩 Ecosystem Tools
+- `ubel` → system packages, Linux distros
+- `ubel-pip` → PyPI projects, virtual environments\
+- `ubel-npm` → Node.js, npm, package.json projects
+---
+Ubel – Secure every dependency, before it reaches production.

python_ubel-0.1.0/README.md ADDED Viewed

@@ -0,0 +1,210 @@
+# UBEL ( Unified Bill / Enforced Law ) – Multi‑Ecosystem Security & Policy Enforcement CLI
+Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation. It works with:
+- **PyPI** (via `ubel-pip`)
+- **npm** (via `ubel-npm`)
+- **Linux distributions** (Ubuntu, Debian, RHEL, AlmaLinux)
+Ubel runs in **CLI**, **automation scripts**, and **CI/CD pipelines**, producing clean **JSON** and **PDF** reports.
+---
+## ✨ Features
+- Full dependency resolution across ecosystems
+- OSV.dev vulnerability scanning (batch API)
+- Policy engine (block/allow by severity & infection)
+- Checking linux-package or node/python dependency or entire project (`check` mode)
+- Install‑time enforcement (`install` mode)
+- Project‑level/Host-level scanning (`health` mode)
+- Catches Non-CVEs
+- It is a supply-chain protection tool
+- Automatic report generation (JSON + PDF)
+- Extremely fast (seconds per scan)
+---
+## 📦 Installation
+```bash
+pip install ubel
+```
+Ubel exposes three binaries:
+- `ubel` (Linux package scanning and OS-level operations: Ubuntu , Debian, Red Hat, Almalinux )
+- `ubel-pip` (Python ecosystem)
+- `ubel-npm` (Node.js ecosystem)
+---
+# 🚀 Usage Overview
+## Main CLI
+```
+usage: ubel [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+## PyPI CLI
+```
+usage: ubel-pip [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+## npm CLI
+```
+usage: ubel-npm [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+---
+# 🧠 Commands Explained
+### **check**
+Resolve dependencies/linux-packages → generate report → exit.
+#### Python example:
+```bash
+ubel-pip check
+```
+If no extra arguments are passed, Ubel will:
+- Detect `requirements.txt`
+- Resolve all packages
+- Scan them
+- Output PDF + JSON
+#### npm example:
+```bash
+ubel-npm check flask==3.1.0
+```
+If no args are passed, it will detect `package.json` automatically.
+---
+### **install**
+Same as `check`, but enforces policies and either **blocks or allows** installation.
+#### Python example:
+```bash
+ubel-pip install flask==3.1.0
+```
+Or auto-detect project requirements:
+```bash
+ubel-pip install
+```
+#### npm example:
+```bash
+ubel-npm install express@5.0.0
+```
+Or simply:
+```bash
+ubel-npm install
+```
+(uses `package.json` automatically)
+---
+### **health**
+Scan the **entire machine** or **running project**, including:
+- Installed PyPI packages
+- Installed npm global packages
+- OS-level packages (Ubuntu/Debian/RHEL/AlmaLinux)
+Example:
+( for linux )
+```bash
+ubel health
+```
+or ( for node.js app )
+```bash
+ubel-npm health
+```
+or ( for python app )
+```bash
+ubel-pip health
+```
+This mode produces large, detailed inventories and vulnerability matrices.
+---
+### **init**
+Initialize a policy file for the project or system.
+Example:
+```bash
+ubel init
+```
+Creates default policy:
+```yaml
+infections: block
+severity:
+  critical: block
+  high: block
+  medium: allow
+  low: allow
+  unknown: allow
+```
+---
+### **allow / block**
+Override Ubel's decision from CI/CD or scripted pipelines.
+The arguments can be: "low", "medium", "high", "critical".
+Example:
+```bash
+ubel block high critical
+```
+---
+# 📁 Automatic Project Detection
+For **npm** and **PyPI**, when running:
+- `install`
+- `check`
+without arguments:
+### Ubel automatically loads:
+- `package.json` (for npm)
+- `requirements.txt` (for pip)
+This makes it ideal for CI/CD workflows.
+---
+# 📤 Output
+Ubel generates:
+### **1. JSON report**
+Machine‑readable, includes:
+- dependency list
+- purls
+- vulnerabilities
+- severity
+- infection state
+- policy decision
+- Generate complete SBOM-like machine inventory
+### **2. PDF report**
+Human‑readable, includes:
+- summary statistics
+- per‑dependency vulnerability details
+- fix recommendations
+- tables
+- OSV reference links
+- Generate complete SBOM-like machine inventory
+---
+# 🧩 Ecosystem Tools
+- `ubel` → system packages, Linux distros
+- `ubel-pip` → PyPI projects, virtual environments\
+- `ubel-npm` → Node.js, npm, package.json projects
+---
+Ubel – Secure every dependency, before it reaches production.

python_ubel-0.1.0/pyproject.toml ADDED Viewed

@@ -0,0 +1,18 @@
+[project]
+name = "python-ubel"
+version = "0.1.0"
+description = "Supply-chain dependency firewall for: Python, Node, PHP, Ubuntu, Debian, Red Hat, and Almalinux."
+readme = "README.md"
+requires-python = ">=3.8"
+dependencies = [
+    "requests",
+    "python-dotenv",
+    "cvss",
+    "reportlab",
+    "distro"
+]
+[project.scripts]
+ubel-pip = "ubel.cli:pip_mode"
+ubel-npm = "ubel.cli:npm_mode"
+ubel = "ubel.cli:linux_mode"

python_ubel-0.1.0/python_ubel.egg-info/PKG-INFO ADDED Viewed

@@ -0,0 +1,224 @@
+Metadata-Version: 2.4
+Name: python-ubel
+Version: 0.1.0
+Summary: Supply-chain dependency firewall for: Python, Node, PHP, Ubuntu, Debian, Red Hat, and Almalinux.
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: requests
+Requires-Dist: python-dotenv
+Requires-Dist: cvss
+Requires-Dist: reportlab
+Requires-Dist: distro
+Dynamic: license-file
+# UBEL ( Unified Bill / Enforced Law ) – Multi‑Ecosystem Security & Policy Enforcement CLI
+Ubel is a fast, cross‑ecosystem security engine that resolves dependencies, generates PURLs, scans them through OSV.dev, and enforces security policies during installation. It works with:
+- **PyPI** (via `ubel-pip`)
+- **npm** (via `ubel-npm`)
+- **Linux distributions** (Ubuntu, Debian, RHEL, AlmaLinux)
+Ubel runs in **CLI**, **automation scripts**, and **CI/CD pipelines**, producing clean **JSON** and **PDF** reports.
+---
+## ✨ Features
+- Full dependency resolution across ecosystems
+- OSV.dev vulnerability scanning (batch API)
+- Policy engine (block/allow by severity & infection)
+- Checking linux-package or node/python dependency or entire project (`check` mode)
+- Install‑time enforcement (`install` mode)
+- Project‑level/Host-level scanning (`health` mode)
+- Catches Non-CVEs
+- It is a supply-chain protection tool
+- Automatic report generation (JSON + PDF)
+- Extremely fast (seconds per scan)
+---
+## 📦 Installation
+```bash
+pip install ubel
+```
+Ubel exposes three binaries:
+- `ubel` (Linux package scanning and OS-level operations: Ubuntu , Debian, Red Hat, Almalinux )
+- `ubel-pip` (Python ecosystem)
+- `ubel-npm` (Node.js ecosystem)
+---
+# 🚀 Usage Overview
+## Main CLI
+```
+usage: ubel [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+## PyPI CLI
+```
+usage: ubel-pip [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+## npm CLI
+```
+usage: ubel-npm [-h] {check,install,health,init,allow,block} [extra_args ...]
+```
+---
+# 🧠 Commands Explained
+### **check**
+Resolve dependencies/linux-packages → generate report → exit.
+#### Python example:
+```bash
+ubel-pip check
+```
+If no extra arguments are passed, Ubel will:
+- Detect `requirements.txt`
+- Resolve all packages
+- Scan them
+- Output PDF + JSON
+#### npm example:
+```bash
+ubel-npm check flask==3.1.0
+```
+If no args are passed, it will detect `package.json` automatically.
+---
+### **install**
+Same as `check`, but enforces policies and either **blocks or allows** installation.
+#### Python example:
+```bash
+ubel-pip install flask==3.1.0
+```
+Or auto-detect project requirements:
+```bash
+ubel-pip install
+```
+#### npm example:
+```bash
+ubel-npm install express@5.0.0
+```
+Or simply:
+```bash
+ubel-npm install
+```
+(uses `package.json` automatically)
+---
+### **health**
+Scan the **entire machine** or **running project**, including:
+- Installed PyPI packages
+- Installed npm global packages
+- OS-level packages (Ubuntu/Debian/RHEL/AlmaLinux)
+Example:
+( for linux )
+```bash
+ubel health
+```
+or ( for node.js app )
+```bash
+ubel-npm health
+```
+or ( for python app )
+```bash
+ubel-pip health
+```
+This mode produces large, detailed inventories and vulnerability matrices.
+---
+### **init**
+Initialize a policy file for the project or system.
+Example:
+```bash
+ubel init
+```
+Creates default policy:
+```yaml
+infections: block
+severity:
+  critical: block
+  high: block
+  medium: allow
+  low: allow
+  unknown: allow
+```
+---
+### **allow / block**
+Override Ubel's decision from CI/CD or scripted pipelines.
+The arguments can be: "low", "medium", "high", "critical".
+Example:
+```bash
+ubel block high critical
+```
+---
+# 📁 Automatic Project Detection
+For **npm** and **PyPI**, when running:
+- `install`
+- `check`
+without arguments:
+### Ubel automatically loads:
+- `package.json` (for npm)
+- `requirements.txt` (for pip)
+This makes it ideal for CI/CD workflows.
+---
+# 📤 Output
+Ubel generates:
+### **1. JSON report**
+Machine‑readable, includes:
+- dependency list
+- purls
+- vulnerabilities
+- severity
+- infection state
+- policy decision
+- Generate complete SBOM-like machine inventory
+### **2. PDF report**
+Human‑readable, includes:
+- summary statistics
+- per‑dependency vulnerability details
+- fix recommendations
+- tables
+- OSV reference links
+- Generate complete SBOM-like machine inventory
+---
+# 🧩 Ecosystem Tools
+- `ubel` → system packages, Linux distros
+- `ubel-pip` → PyPI projects, virtual environments\
+- `ubel-npm` → Node.js, npm, package.json projects
+---
+Ubel – Secure every dependency, before it reaches production.

python_ubel-0.1.0/python_ubel.egg-info/SOURCES.txt ADDED Viewed

@@ -0,0 +1,20 @@
+LICENSE
+README.md
+pyproject.toml
+python_ubel.egg-info/PKG-INFO
+python_ubel.egg-info/SOURCES.txt
+python_ubel.egg-info/dependency_links.txt
+python_ubel.egg-info/entry_points.txt
+python_ubel.egg-info/requires.txt
+python_ubel.egg-info/top_level.txt
+ubel/__init__.py
+ubel/cli.py
+ubel/client.py
+ubel/cvss_parser.py
+ubel/info.py
+ubel/linux_runner.py
+ubel/node_runner.py
+ubel/policy.py
+ubel/python_runner.py
+ubel/ubel_engine.py
+ubel/utils.py

python_ubel-0.1.0/python_ubel.egg-info/dependency_links.txt ADDED Viewed

	@@ -0,0 +1 @@
1	+

python_ubel-0.1.0/python_ubel.egg-info/entry_points.txt ADDED Viewed

@@ -0,0 +1,4 @@
+[console_scripts]
+ubel = ubel.cli:linux_mode
+ubel-npm = ubel.cli:npm_mode
+ubel-pip = ubel.cli:pip_mode