Merge pull request #221082 from fabaff/checkov-deps (77044761) · Commits · nix / nixpkgs

pkgs/development/python-modules/bc-detect-secrets/default.nix

0 → 100644

+80 −0

Original line number	Diff line number	Diff line
		{ lib
		, buildPythonPackage
		, fetchFromGitHub
		, gibberish-detector
		, mock
		, pkgs
		, pyahocorasick
		, pytestCheckHook
		, pythonOlder
		, pyyaml
		, requests
		, responses
		, unidiff
		}:

		buildPythonPackage rec {
		pname = "bc-detect-secrets";
		version = "1.4.14";
		format = "setuptools";

		disabled = pythonOlder "3.8";

		src = fetchFromGitHub {
		owner = "bridgecrewio";
		repo = "detect-secrets";
		rev = "refs/tags/${version}";
		hash = "sha256-WgUbVpn5KoayiWv3sYp+hZxqfQg73k0pXkxgUK8wrPg=";
		};

		propagatedBuildInputs = [
		pyyaml
		requests
		unidiff
		];

		passthru.optional-dependencies = {
		word_list = [
		pyahocorasick
		];
		gibberish = [
		gibberish-detector
		];
		};

		nativeCheckInputs = [
		mock
		pkgs.gitMinimal
		pytestCheckHook
		responses
		] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies);

		preCheck = ''
		export HOME=$(mktemp -d);
		'';

		disabledTests = [
		# Tests are failing for various reasons (missing git repo, missing test data, etc.)
		"test_baseline_filters_out_known_secrets"
		"test_make_decisions"
		"test_saves_to_baseline"
		"test_start_halfway"
		"TestCreate"
		"TestDiff"
		"TestGetFilesToScan"
		"TestLineNumberChanges"
		"TestModifiesBaselineFromVersionChange"
		];

		pythonImportsCheck = [
		"detect_secrets"
		];

		meta = with lib; {
		description = "Tool to detect secrets in the code";
		homepage = "https://github.com/bridgecrewio/detect-secrets";
		license = licenses.asl20;
		maintainers = with maintainers; [ fab ];
		};
		}

pkgs/development/python-modules/bc-jsonpath-ng/default.nix

0 → 100644

+48 −0

Original line number	Diff line number	Diff line
		{ lib
		, buildPythonPackage
		, decorator
		, fetchFromGitHub
		, ply
		, pytestCheckHook
		, pythonOlder
		}:

		buildPythonPackage rec {
		pname = "bc-jsonpath-ng";
		version = "1.5.9";
		format = "setuptools";

		disabled = pythonOlder "3.7";

		src = fetchFromGitHub {
		owner = "bridgecrewio";
		repo = "jsonpath-ng";
		rev = "refs/tags/${version}";
		hash = "sha256-Uho+slKmKkTrcJBKi+9GJv1JrvDrTP4/6uqmMn3qptU=";
		};

		propagatedBuildInputs = [
		decorator
		ply
		];

		nativeCheckInputs = [
		pytestCheckHook
		];

		disabledTestPaths = [
		# Exclude tests that require oslotest
		"tests/test_jsonpath_rw_ext.py"
		];

		pythonImportsCheck = [
		"bc_jsonpath_ng"
		];

		meta = with lib; {
		description = "JSONPath implementation for Python";
		homepage = "https://github.com/bridgecrewio/jsonpath-ng";
		license = with licenses; [ asl20 ];
		maintainers = with maintainers; [ fab ];
		};
		}

pkgs/development/tools/analysis/checkov/default.nix

+35 −33

Original line number	Diff line number	Diff line
		@@ -2,6 +2,7 @@
		, fetchFromGitHub
		, python3
		}:

		let
		py = python3.override {
		packageOverrides = self: super: {
		@@ -14,17 +15,6 @@ let
		};
		doCheck = false;
		});

		jsonschema = super.jsonschema.overridePythonAttrs (oldAttrs: rec {
		version = "3.2.0";
		src = oldAttrs.src.override {
		inherit version;
		sha256 = "sha256-yKhbKNN3zHc35G4tnytPRO48Dh3qxr9G3e/HGH0weXo=";
		};
		SETUPTOOLS_SCM_PRETEND_VERSION = version;
		doCheck = false;
		});

		};
		};
		in
		@@ -32,20 +22,26 @@ with py.pkgs;

		buildPythonApplication rec {
		pname = "checkov";
		version = "2.1.20";
		version = "2.3.85";
		format = "setuptools";

		src = fetchFromGitHub {
		owner = "bridgecrewio";
		repo = pname;
		rev = version;
		hash = "sha256-dXpgm9S++jtBhuzX9db8Pm5LF6Qb4isXx5uyOGdWGUc=";
		rev = "refs/tags/${version}";
		hash = "sha256-j//r9ykMCzmpPBAPmfZCMlvcv7jrFaT+fFsLZoOeQF4=";
		};

		patches = [
		./flake8-compat-5.x.patch
		];

		pythonRelaxDeps = [
		"bc-python-hcl2"
		"pycep-parser"
		"networkx"
		];

		nativeBuildInputs = with py.pkgs; [
		pythonRelaxDepsHook
		setuptools-scm
		@@ -56,6 +52,8 @@ buildPythonApplication rec {
		aiohttp
		aiomultiprocess
		argcomplete
		bc-detect-secrets
		bc-jsonpath-ng
		bc-python-hcl2
		boto3
		cachetools
		@@ -65,14 +63,13 @@ buildPythonApplication rec {
		configargparse
		cyclonedx-python-lib
		deep_merge
		detect-secrets
		docker
		dockerfile-parse
		dpath
		flake8
		gitpython
		igraph
		jmespath
		jsonpath-ng
		jsonschema
		junit-xml
		networkx
		@@ -99,11 +96,6 @@ buildPythonApplication rec {
		responses
		];

		pythonRelaxDeps = [
		"bc-python-hcl2"
		"pycep-parser"
		];

		preCheck = ''
		export HOME=$(mktemp -d);
		'';
		@@ -113,28 +105,37 @@ buildPythonApplication rec {
		"api_key"
		# Requires network access
		"TestSarifReport"
		# Will probably be fixed in one of the next releases
		"test_valid_cyclonedx_bom"
		"test_record_relative_path_with"
		"test_record_relative_path_with_relative_dir"
		# Requires prettytable release which is only available in staging
		"test_skipped_check_exists"
		# AssertionError: 0 not greater than 0
		"test_skip_mapping_default"
		# Test is failing
		"test_SQLServerAuditingEnabled"
		# Flake8 test
		"test_file_with_class"
		"test_dataclass_skip"
		"test_typing_class_skip"
		# Tests are comparing console output
		"cli"
		"console"
		];

		disabledTestPaths = [
		# Tests are pulling from external sources
		# https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml
		"integration_tests/"
		"tests/ansible/"
		"tests/arm/"
		"tests/bicep/"
		"tests/cloudformation/"
		"tests/common/"
		"tests/dockerfile/"
		"tests/generic_json/"
		"tests/generic_yaml/"
		"tests/github_actions/"
		"tests/github/"
		"tests/kubernetes/"
		"tests/sca_package_2"
		"tests/terraform/"
		# Performance tests have no value for us
		"performance_tests/test_checkov_performance.py"
		# Requires prettytable release which is only available in staging
		"tests/sca_package/"
		"tests/test_runner_filter.py"
		# No Helm
		"dogfood_tests/test_checkov_dogfood.py"
		];

		pythonImportsCheck = [
		@@ -148,6 +149,7 @@ buildPythonApplication rec {
		meta = with lib; {
		description = "Static code analysis tool for infrastructure-as-code";
		homepage = "https://github.com/bridgecrewio/checkov";
		changelog = "https://github.com/bridgecrewio/checkov/releases/tag/${version}";
		longDescription = ''
		Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,
		Kubernetes, Serverless framework and other infrastructure-as-code-languages.

pkgs/top-level/all-packages.nix

+3 −1

Original line number	Diff line number	Diff line
		@@ -402,7 +402,9 @@ with pkgs;

		cewl = callPackage ../tools/security/cewl { };

		checkov = callPackage ../development/tools/analysis/checkov { };
		checkov = callPackage ../development/tools/analysis/checkov {
		python3 = python311;
		};

		chrysalis = callPackage ../applications/misc/chrysalis { };

pkgs/top-level/python-packages.nix

+4 −0

Original line number	Diff line number	Diff line
		@@ -1209,6 +1209,10 @@ self: super: with self; {

		bbox = callPackage ../development/python-modules/bbox { };

		bc-detect-secrets = callPackage ../development/python-modules/bc-detect-secrets { };

		bc-jsonpath-ng = callPackage ../development/python-modules/bc-jsonpath-ng { };

		bc-python-hcl2 = callPackage ../development/python-modules/bc-python-hcl2 { };

		bcdoc = callPackage ../development/python-modules/bcdoc { };

Admin message