Merge pull request #156159 from fabaff/depscan

appthreat-depscan: init at 2.1.0
2024-11-06 02:06:46 +01:00 · 2022-01-29 10:17:24 +01:00 · 2022-01-29 10:17:24 +01:00 · 8ed5c9e7b1
parent abc3fcbec3 f52b89b5c2
commit 8ed5c9e7b1
4 changed files with 124 additions and 0 deletions
--- a/pkgs/development/python-modules/appthreat-vulnerability-db/default.nix
+++ b/pkgs/development/python-modules/appthreat-vulnerability-db/default.nix
@ -0,0 +1,68 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, requests
+, appdirs
+, tabulate
+, msgpack
+, orjson
+, semver
+, packageurl-python
+, pythonOlder
+, pytestCheckHook
+}:
+
+buildPythonPackage rec {
+  pname = "appthreat-vulnerability-db";
+  version = "2.0.1";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "AppThreat";
+    repo = "vulnerability-db";
+    rev = "v${version}";
+    sha256 = "sha256-fqpBnxcRBBXsjJepxDuoDbT3hk5rXAvky11sIvQS9XI=";
+  };
+
+  propagatedBuildInputs = [
+    requests
+    appdirs
+    tabulate
+    msgpack
+    orjson
+    semver
+    packageurl-python
+  ];
+
+  checkInputs = [
+    pytestCheckHook
+  ];
+
+  postPatch = ''
+    substituteInPlace pytest.ini \
+      --replace " --cov-append --cov-report term --cov vdb" ""
+  '';
+
+  preCheck = ''
+    export HOME=$(mktemp -d);
+  '';
+
+  disabledTests = [
+    # Tests require network access
+    "test_bulk_search"
+    "test_download_recent"
+  ];
+
+  pythonImportsCheck = [
+    "vdb"
+  ];
+
+  meta = with lib; {
+    description = "Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm";
+    homepage = "https://github.com/appthreat/vulnerability-db";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
--- a/pkgs/development/tools/appthreat-depscan/default.nix
+++ b/pkgs/development/tools/appthreat-depscan/default.nix
@ -0,0 +1,52 @@
+{ lib
+, fetchFromGitHub
+, python3
+}:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "appthreat-depscan";
+  version = "2.1.0";
+
+  src = fetchFromGitHub {
+    owner = "AppThreat";
+    repo = "dep-scan";
+    rev = "v${version}";
+    hash = "sha256-HCOS8/jn7BOzDwSpenVGo6QpI/1ey6L1zBucTyqsSY4=";
+  };
+
+  propagatedBuildInputs = with python3.pkgs; [
+    appthreat-vulnerability-db
+    defusedxml
+    pyyaml
+    rich
+  ];
+
+  checkInputs = with python3.pkgs; [
+    pytestCheckHook
+  ];
+
+  postPatch = ''
+    substituteInPlace pytest.ini \
+      --replace " --cov-append --cov-report term --cov depscan" ""
+  '';
+
+  preCheck = ''
+    export HOME=$(mktemp -d);
+  '';
+
+  disabledTests = [
+    # Assertion Error
+    "test_query_metadata2"
+  ];
+
+  pythonImportsCheck = [
+    "depscan"
+  ];
+
+  meta = with lib; {
+    description = "Tool to audit dependencies based on known vulnerabilities and advisories";
+    homepage = "https://github.com/AppThreat/dep-scan";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -200,6 +200,8 @@ with pkgs;

  fission = callPackage ../development/tools/fission { };

+  appthreat-depscan = callPackage ../development/tools/appthreat-depscan { };
+
  authy = callPackage ../applications/misc/authy { };

  avro-tools = callPackage ../development/tools/avro-tools { };
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@ -568,6 +568,8 @@ in {

  apptools = callPackage ../development/python-modules/apptools { };

+  appthreat-vulnerability-db = callPackage ../development/python-modules/appthreat-vulnerability-db { };
+
  aprslib = callPackage ../development/python-modules/aprslib { };

  APScheduler = callPackage ../development/python-modules/APScheduler { };