Merge pull request #163588 from fabaff/pip-audit

pip-audit: init at 2.0.0
author: Fabian Affolter <fabian@affolter-engineering.ch> 2022-05-04 08:37:54 +0200
committer: GitHub <noreply@github.com> 2022-05-04 08:37:54 +0200
commit: f450d5b35401ee6880969802e5ed6baaade41ce6 (patch)
tree: 14c4945d8b68c125a6b69d73a904c1a2b88646d6
parent: aa885f45818e5b3164dad2ceddbbaea4116464b2 (diff)
parent: 1d17d14cb72c8a3d122827c53f6d30bd9e490314 (diff)
download: nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar
nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.gz
nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.bz2
nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.lz
nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.xz
nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.zst
nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.zip
6 files changed, 164 insertions, 8 deletions
diff --git a/pkgs/development/python-modules/cachecontrol/default.nix b/pkgs/development/python-modules/cachecontrol/default.nix
index d074183e79d..bee126fbf16 100644
--- a/pkgs/development/python-modules/cachecontrol/default.nix
+++ b/pkgs/development/python-modules/cachecontrol/default.nix
@@ -21,10 +21,11 @@ buildPythonPackage rec {
     owner = "ionrock";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-mgvL0q10UbPHY1H3tJprke5p8qNl3HNYoeLAERZTcTs=";
+    hash = "sha256-mgvL0q10UbPHY1H3tJprke5p8qNl3HNYoeLAERZTcTs=";
   };
 
   propagatedBuildInputs = [
+    lockfile
     msgpack
     requests
   ];
@@ -32,7 +33,6 @@ buildPythonPackage rec {
   checkInputs = [
     cherrypy
     mock
-    lockfile
     pytestCheckHook
   ];
 
diff --git a/pkgs/development/python-modules/pip-api/default.nix b/pkgs/development/python-modules/pip-api/default.nix
new file mode 100644
index 00000000000..5e4412dcf85
--- /dev/null
+++ b/pkgs/development/python-modules/pip-api/default.nix
@@ -0,0 +1,52 @@
+{ lib
+, buildPythonPackage
+, fetchPypi
+, pip
+, pretend
+, pytestCheckHook
+, pythonOlder
+, virtualenv
+}:
+
+buildPythonPackage rec {
+  pname = "pip-api";
+  version = "0.0.29";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
+
+  src = fetchPypi {
+    inherit pname version;
+    hash = "sha256-9wFYTrHD4BAhyEb4nWKauTc7ZiTwYmdXd0rVT8TClXE=";
+  };
+
+  propagatedBuildInputs = [
+    pip
+  ];
+
+  checkInputs = [
+    pretend
+    pytestCheckHook
+    virtualenv
+  ];
+
+  pythonImportsCheck = [
+    "pip_api"
+  ];
+
+  disabledTests = [
+    "test_hash"
+    "test_hash_default_algorithm_is_256"
+    "test_installed_distributions"
+    "test_invoke_install"
+    "test_invoke_uninstall"
+    "test_isolation"
+  ];
+
+  meta = with lib; {
+    description = "Importable pip API";
+    homepage = "https://github.com/di/pip-api";
+    license = with licenses; [ mit ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/development/python-modules/pretend/default.nix b/pkgs/development/python-modules/pretend/default.nix
index 87e0e6613b1..0134b0dc36a 100644
--- a/pkgs/development/python-modules/pretend/default.nix
+++ b/pkgs/development/python-modules/pretend/default.nix
@@ -1,19 +1,36 @@
-{ lib, buildPythonPackage, fetchPypi }:
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, pytestCheckHook
+, pythonOlder
+}:
 
 buildPythonPackage rec {
   pname = "pretend";
   version = "1.0.9";
+  format = "setuptools";
 
-  src = fetchPypi {
-    inherit pname version;
-    sha256 = "c90eb810cde8ebb06dafcb8796f9a95228ce796531bc806e794c2f4649aa1b10";
+  disabled = pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "alex";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-OqMfeIMFNBBLq6ejR3uOCIHZ9aA4zew7iefVlAsy1JQ=";
   };
 
-  # No tests in archive
-  doCheck = false;
+  checkInputs = [
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "pretend"
+  ];
 
   meta = with lib; {
+    description = "Module for stubbing";
     homepage = "https://github.com/alex/pretend";
     license = licenses.bsd3;
+    maintainers = with maintainers; [ ];
   };
 }
diff --git a/pkgs/development/tools/pip-audit/default.nix b/pkgs/development/tools/pip-audit/default.nix
new file mode 100644
index 00000000000..8f700761d16
--- /dev/null
+++ b/pkgs/development/tools/pip-audit/default.nix
@@ -0,0 +1,83 @@
+{ lib
+, fetchFromGitHub
+, fetchpatch
+, python3
+}:
+
+let
+  py = python3.override {
+    packageOverrides = self: super: {
+
+      # ansible doesn't support resolvelib > 0.6.0 and can't have an override
+      resolvelib = super.resolvelib.overridePythonAttrs (oldAttrs: rec {
+        version = "0.8.1";
+        src = fetchFromGitHub {
+          owner = "sarugaku";
+          repo = "resolvelib";
+          rev = version;
+          sha256 = "1qpd0gg9yl0kbamlgjs9pkxd39kx511kbc92civ77v0ka5sw8ca0";
+        };
+      });
+    };
+  };
+in
+with py.pkgs;
+
+buildPythonApplication rec {
+  pname = "pip-audit";
+  version = "2.2.1";
+  format = "setuptools";
+
+  src = fetchFromGitHub {
+    owner = "trailofbits";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-ji61783imVlvoBaDMTxQwbf1L1G4lJbOFZ1FjcNOT/8=";
+  };
+
+  propagatedBuildInputs = [
+    cachecontrol
+    cyclonedx-python-lib
+    html5lib
+    packaging
+    pip-api
+    progress
+    resolvelib
+  ];
+
+  checkInputs = [
+    pretend
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "pip_audit"
+  ];
+
+  preCheck = ''
+    export HOME=$(mktemp -d);
+  '';
+
+  disabledTestPaths = [
+    # Tests require network access
+    "test/dependency_source/test_requirement.py"
+    "test/dependency_source/test_resolvelib.py"
+    "test/service/test_pypi.py"
+    "test/service/test_osv.py"
+  ];
+
+  disabledTests = [
+    # Tests requrire network access
+    "test_get_pip_cache"
+    "test_virtual_env"
+    "test_pyproject_source"
+    "test_pyproject_source_duplicate_deps"
+  ];
+
+  meta = with lib; {
+    description = "Tool for scanning Python environments for known vulnerabilities";
+    homepage = "https://github.com/trailofbits/pip-audit";
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index aa6e8e6e0bb..ff2c55688b3 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -14440,6 +14440,8 @@ with pkgs;
 
   poetry2conda = python3Packages.callPackage ../development/python-modules/poetry2conda { };
 
+  pip-audit = callPackage ../development/tools/pip-audit {};
+
   pipenv = callPackage ../development/tools/pipenv {};
 
   pipewire = callPackage ../development/libraries/pipewire {
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 1ce394f4cdb..86a42ff6b33 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -6314,6 +6314,8 @@ in {
 
   pipenv-poetry-migrate = callPackage ../development/python-modules/pipenv-poetry-migrate { };
 
+  pip-api = callPackage ../development/python-modules/pip-api { };
+
   pip-tools = callPackage ../development/python-modules/pip-tools { };
 
   pipx = callPackage ../development/python-modules/pipx { };
author	Fabian Affolter <fabian@affolter-engineering.ch>	2022-05-04 08:37:54 +0200
committer	GitHub <noreply@github.com>	2022-05-04 08:37:54 +0200
commit	f450d5b35401ee6880969802e5ed6baaade41ce6 (patch)
tree	14c4945d8b68c125a6b69d73a904c1a2b88646d6
parent	aa885f45818e5b3164dad2ceddbbaea4116464b2 (diff)
parent	1d17d14cb72c8a3d122827c53f6d30bd9e490314 (diff)
download	nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.gz nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.bz2 nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.lz nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.xz nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.tar.zst nixpkgs-f450d5b35401ee6880969802e5ed6baaade41ce6.zip