diff options
Diffstat (limited to 'pkgs/development/tools/analysis')
13 files changed, 99 insertions, 87 deletions
diff --git a/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix b/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix index c18d42b60ff..8b74bb1d399 100644 --- a/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix +++ b/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix @@ -10,16 +10,16 @@ rustPlatform.buildRustPackage rec { pname = "cargo-tarpaulin"; - version = "0.27.0"; + version = "0.27.1"; src = fetchFromGitHub { owner = "xd009642"; repo = "tarpaulin"; rev = version; - hash = "sha256-yvZVViD7QbVTQ/gEcoSrE7jdQH7gR20LpXWsC8DHE9w="; + hash = "sha256-Mr1thOGqpLcMUBbmD6YzU9WlyOvlPHSqyiU/wtb4edo="; }; - cargoHash = "sha256-0uowFaPkDUkDozd2DCsOfZzz3gMQpkL6PdKBzy1d+wg="; + cargoHash = "sha256-UrDyAS/SIrXWsYucmjj6URjqjjWB40wxLF0rXHmB2Tw="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix index abaaef5ef49..25e04817643 100644 --- a/pkgs/development/tools/analysis/checkov/default.nix +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -3,33 +3,16 @@ , python3 }: -let - py = python3.override { - packageOverrides = self: super: { - cyclonedx-python-lib = super.cyclonedx-python-lib.overridePythonAttrs (oldAttrs: rec { - version = "2.7.1"; - src = fetchFromGitHub { - owner = "CycloneDX"; - repo = "cyclonedx-python-lib"; - rev = "v${version}"; - hash = "sha256-c/KhoJOa121/h0n0GUazjUFChnUo05ThD+fuZXc5/Pk="; - }; - }); - }; - }; -in -with py.pkgs; - -buildPythonApplication rec { +python3.pkgs.buildPythonApplication rec { pname = "checkov"; - version = "2.4.48"; - format = "setuptools"; + version = "3.0.38"; + pyproject = true; src = fetchFromGitHub { owner = "bridgecrewio"; - repo = pname; + repo = "checkov"; rev = "refs/tags/${version}"; - hash = "sha256-d9rSzdsKnbL7yBLweptGzq40wn15I1PB1YQFa7/GJKU="; + hash = "sha256-2ObPi+wrxvoVWjASmp0KSPMLFuIGdWNWK4jRrZC9ODE="; }; patches = [ @@ -45,12 +28,12 @@ buildPythonApplication rec { "pycep-parser" ]; - nativeBuildInputs = [ + nativeBuildInputs = with python3.pkgs; [ pythonRelaxDepsHook setuptools-scm ]; - propagatedBuildInputs = [ + propagatedBuildInputs = with python3.pkgs; [ aiodns aiohttp aiomultiprocess @@ -65,7 +48,6 @@ buildPythonApplication rec { colorama configargparse cyclonedx-python-lib - deep_merge docker dockerfile-parse dpath @@ -83,6 +65,8 @@ buildPythonApplication rec { prettytable pycep-parser pyyaml + pydantic + rustworkx semantic-version spdx-tools tabulate @@ -92,7 +76,7 @@ buildPythonApplication rec { update_checker ]; - nativeCheckInputs = [ + nativeCheckInputs = with python3.pkgs; [ aioresponses mock pytest-asyncio @@ -119,12 +103,10 @@ buildPythonApplication rec { # Tests are comparing console output "cli" "console" - # Starting to fail after 2.3.205 - "test_non_multiline_pair" - "test_secret_value_in_keyword" - "test_runner_verify_secrets_skip_invalid_suppressed" - "test_runner_verify_secrets_skip_all_no_effect" + # Assertion error "test_runner" + # AssertionError: assert ['<?xml versi... + "test_get_cyclonedx_report" ]; disabledTestPaths = [ @@ -144,6 +126,8 @@ buildPythonApplication rec { "tests/kubernetes/" "tests/sca_package_2" "tests/terraform/" + "cdk_integration_tests/" + "sast_integration_tests" # Performance tests have no value for us "performance_tests/test_checkov_performance.py" # No Helm diff --git a/pkgs/development/tools/analysis/checkstyle/default.nix b/pkgs/development/tools/analysis/checkstyle/default.nix index f8bc11d63a6..96bd017e777 100644 --- a/pkgs/development/tools/analysis/checkstyle/default.nix +++ b/pkgs/development/tools/analysis/checkstyle/default.nix @@ -1,12 +1,12 @@ { lib, stdenvNoCC, fetchurl, makeBinaryWrapper, jre }: stdenvNoCC.mkDerivation rec { - version = "10.12.3"; + version = "10.12.5"; pname = "checkstyle"; src = fetchurl { url = "https://github.com/checkstyle/checkstyle/releases/download/checkstyle-${version}/checkstyle-${version}-all.jar"; - sha256 = "sha256-drJO3sZlh2G9f80cvPD41YjhHZt74lmV9bSIhUDrTKo="; + sha256 = "sha256-DAUPngTL9c2MePG5ISLul+iRvnwqChg04fo63aKAee0="; }; nativeBuildInputs = [ makeBinaryWrapper ]; diff --git a/pkgs/development/tools/analysis/codeql/default.nix b/pkgs/development/tools/analysis/codeql/default.nix index 6812f79f83b..c23c933e48e 100644 --- a/pkgs/development/tools/analysis/codeql/default.nix +++ b/pkgs/development/tools/analysis/codeql/default.nix @@ -2,7 +2,7 @@ stdenv.mkDerivation rec { pname = "codeql"; - version = "2.14.3"; + version = "2.15.1"; dontConfigure = true; dontBuild = true; @@ -10,7 +10,7 @@ stdenv.mkDerivation rec { src = fetchzip { url = "https://github.com/github/codeql-cli-binaries/releases/download/v${version}/codeql.zip"; - sha256 = "sha256-GungnnWT4SoAGRmgFXooAwtha8hlEARNgUlqSrYHQ7o="; + hash = "sha256-ksWf5z0PM5osMxnR5XeEyZw4g7UbHUCqnpw2FB5M6kU="; }; nativeBuildInputs = [ diff --git a/pkgs/development/tools/analysis/cov-build/default.nix b/pkgs/development/tools/analysis/cov-build/default.nix index 93a4ffab388..61c8dda2e6d 100644 --- a/pkgs/development/tools/analysis/cov-build/default.nix +++ b/pkgs/development/tools/analysis/cov-build/default.nix @@ -1,30 +1,49 @@ -{ lib, stdenv, requireFile }: +{ lib +, stdenv +, fetchurl + +, autoPatchelfHook + +, alsa-lib +, libxcrypt-legacy +, lttng-ust_2_12 +, xorg +, zlib +}: -let - message = '' - Register an account at https://scan.coverity.com, download the - build tools, and add it to the nix store with nix-prefetch-url - ''; -in stdenv.mkDerivation rec { pname = "cov-build"; - version = "7.0.2"; + version = "2022.12.2"; src = if stdenv.hostPlatform.system == "i686-linux" - then requireFile { - name = "cov-analysis-linux32-${version}.tar.gz"; - sha256 = "0i06wbd7blgx9adh9w09by4i18vwmldfp9ix97a5dph2cjymsviy"; - inherit message; + then fetchurl { + url = "https://archive.org/download/cov-analysis-linux-${version}.tar/cov-analysis-linux-${version}.tar.gz"; + hash = "sha256-Jr9bMUo9GRp+dgoAPqKxaTqWYWh4djGArdG9ukUK+ZY="; } - else requireFile { - name = "cov-analysis-linux64-${version}.tar.gz"; - sha256 = "0iby75p0g8gv7b501xav47milr8m9781h0hcgm1ch6x3qj6irqd8"; - inherit message; - }; + else if stdenv.hostPlatform.system == "x86_64-linux" + then fetchurl { + url = "https://archive.org/download/cov-analysis-linux64-${version}.tar/cov-analysis-linux64-${version}.tar.gz"; + hash = "sha256-CyNKILJXlDMOCXbZZF4r/knz0orRx32oSj+Kpq/nxXQ="; + } + else throw "Unsupported platform '${stdenv.hostPlatform.system}'"; + + nativeBuildInputs = [ autoPatchelfHook ]; + + buildInputs = [ + alsa-lib + libxcrypt-legacy + lttng-ust_2_12 + xorg.libXext + xorg.libXrender + xorg.libXtst + zlib + ]; + + dontConfigure = true; + + dontBuild = true; - dontStrip = true; - buildPhase = false; installPhase = '' mkdir -p $out/bin $out/libexec mv * $out/libexec @@ -38,6 +57,8 @@ stdenv.mkDerivation rec { done ''; + dontStrip = true; + meta = { description = "Coverity Scan build tools"; homepage = "https://scan.coverity.com"; diff --git a/pkgs/development/tools/analysis/cpplint/default.nix b/pkgs/development/tools/analysis/cpplint/default.nix index 7be303a52a4..87344d747bf 100644 --- a/pkgs/development/tools/analysis/cpplint/default.nix +++ b/pkgs/development/tools/analysis/cpplint/default.nix @@ -1,18 +1,34 @@ -{ lib, python3Packages, fetchFromGitHub }: +{ lib, python3Packages, fetchFromGitHub, fetchpatch }: python3Packages.buildPythonApplication rec { pname = "cpplint"; version = "1.5.5"; + format = "setuptools"; # Fetch from github instead of pypi, since the test cases are not in the pypi archive src = fetchFromGitHub { owner = pname; repo = pname; rev = version; - sha256 = "sha256-JXz2Ufo7JSceZVqYwCRkuAsOR08znZlIUk8GCLAyiI4="; + hash = "sha256-JXz2Ufo7JSceZVqYwCRkuAsOR08znZlIUk8GCLAyiI4="; }; - patches = [ ./0001-Remove-pytest-runner-version-pin.patch ]; + patches = [ + ./0001-Remove-pytest-runner-version-pin.patch + + # The patch below stops using the sre_compile module, which was deprecated + # in Python 3.11 and replaces it with re.compile. Upstream is unsure if it + # should use re.compile or re._compiler.compile, so we should monitor the + # thread for updates. + # + # https://github.com/cpplint/cpplint/pull/214 + # + (fetchpatch { + name = "python-3.11-compatibility.patch"; + url = "https://github.com/cpplint/cpplint/commit/e84e84f53915ae2a9214e756cf89c573a73bbcd3.patch"; + hash = "sha256-u57AFWaVmGFSsvSGq1x9gZmTsuZPqXvTC7mTfyb2164="; + }) + ]; postPatch = '' patchShebangs cpplint_unittest.py diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix index 8aa6e7e0744..6ed8c18d0b1 100644 --- a/pkgs/development/tools/analysis/flow/default.nix +++ b/pkgs/development/tools/analysis/flow/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "flow"; - version = "0.217.0"; + version = "0.222.0"; src = fetchFromGitHub { owner = "facebook"; repo = "flow"; rev = "v${version}"; - sha256 = "sha256-QMgxic8fx7/Beahu8xyE247syLWgq1LZb3I5UdZp2XM="; + sha256 = "sha256-IOy6zsDGUfiSeOalQnku/4uNyjqpz2bMcpmf7Vq9fyI="; }; postPatch = '' diff --git a/pkgs/development/tools/analysis/jacoco/default.nix b/pkgs/development/tools/analysis/jacoco/default.nix index 0bca6ee15fa..3bcd7b59160 100644 --- a/pkgs/development/tools/analysis/jacoco/default.nix +++ b/pkgs/development/tools/analysis/jacoco/default.nix @@ -7,12 +7,12 @@ stdenv.mkDerivation rec { pname = "jacoco"; - version = "0.8.10"; + version = "0.8.11"; src = fetchzip { url = "https://search.maven.org/remotecontent?filepath=org/jacoco/jacoco/${version}/jacoco-${version}.zip"; stripRoot = false; - sha256 = "sha256-V8I3DXoeUPNxAe7z/ISGa5UQAyLJN7RKXlD0FOw92Oo="; + sha256 = "sha256-Sd4Kh5ts0IdHhd9vF1XZzZ2KFRb+rsnzpam6Ysxu910="; }; outputs = [ "out" "doc" ]; diff --git a/pkgs/development/tools/analysis/rizin/default.nix b/pkgs/development/tools/analysis/rizin/default.nix index e6b20bd5e15..d4bd1e84b11 100644 --- a/pkgs/development/tools/analysis/rizin/default.nix +++ b/pkgs/development/tools/analysis/rizin/default.nix @@ -25,11 +25,11 @@ let rizin = stdenv.mkDerivation rec { pname = "rizin"; - version = "0.6.2"; + version = "0.6.3"; src = fetchurl { url = "https://github.com/rizinorg/rizin/releases/download/v${version}/rizin-src-v${version}.tar.xz"; - hash = "sha256-4poAo+IgBL3RAUbShrHM4OBhltQarkcpqvydeDIf+Gs="; + hash = "sha256-lfZMarnm2qnp+lY0OY649s206/LoFNouTLlp0x9FCcI="; }; mesonFlags = [ diff --git a/pkgs/development/tools/analysis/rr/default.nix b/pkgs/development/tools/analysis/rr/default.nix index 94e1d704b27..412b62593d2 100644 --- a/pkgs/development/tools/analysis/rr/default.nix +++ b/pkgs/development/tools/analysis/rr/default.nix @@ -4,23 +4,17 @@ }: stdenv.mkDerivation rec { - version = "5.6.0"; + version = "5.7.0"; pname = "rr"; src = fetchFromGitHub { owner = "mozilla"; repo = "rr"; rev = version; - sha256 = "H39HPkAQGubXVQV3jCpH4Pz+7Q9n03PrS70utk7Tt2k="; + hash = "sha256-n1Jbhr77bI0AXncY/RquNVSwwnnAXt31RmKtAa1/oHg="; }; - patches = [ - (fetchpatch { - name = "fix-flexible-array-member.patch"; - url = "https://github.com/rr-debugger/rr/commit/2979c60ef8bbf7c940afd90172ddc5d8863f766e.diff"; - sha256 = "cmdCJetQr3ELPOyWl37h1fGfG/xvaiJpywxIAnqb5YY="; - }) - ]; + patches = [ ]; postPatch = '' substituteInPlace src/Command.cc --replace '_BSD_SOURCE' '_DEFAULT_SOURCE' @@ -42,7 +36,6 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake pkg-config which makeWrapper ]; buildInputs = [ libpfm zlib python3Packages.python python3Packages.pexpect procps gdb capnproto - libpfm zlib python3Packages.python python3Packages.pexpect procps capnproto ]; cmakeFlags = [ "-Ddisable32bit=ON" @@ -54,7 +47,7 @@ stdenv.mkDerivation rec { hardeningDisable = [ "fortify" ]; # FIXME - #doCheck = true; + doCheck = false; preCheck = "export HOME=$TMPDIR"; diff --git a/pkgs/development/tools/analysis/snyk/default.nix b/pkgs/development/tools/analysis/snyk/default.nix index 09222eb1d6f..9cc58cf405d 100644 --- a/pkgs/development/tools/analysis/snyk/default.nix +++ b/pkgs/development/tools/analysis/snyk/default.nix @@ -12,9 +12,6 @@ buildNpmPackage rec { }; npmDepsHash = "sha256-j3lMQh8++pb/00d9H2v7QBkpxIJdsuRQoFkNiQbvnF4="; - - nativeBuildInputs = [ nodePackages.node-gyp python3 ]; - npmBuildScript = "build:prod"; meta = with lib; { diff --git a/pkgs/development/tools/analysis/tflint/default.nix b/pkgs/development/tools/analysis/tflint/default.nix index 4924e190251..e717c852112 100644 --- a/pkgs/development/tools/analysis/tflint/default.nix +++ b/pkgs/development/tools/analysis/tflint/default.nix @@ -10,16 +10,16 @@ buildGoModule rec { pname = "tflint"; - version = "0.48.0"; + version = "0.49.0"; src = fetchFromGitHub { owner = "terraform-linters"; repo = pname; rev = "v${version}"; - hash = "sha256-QU3nSq13klBoa3+czvdlrNwtG0iQqoC/hcbTHr5KN14="; + hash = "sha256-udP11icQp90u8hmDkg9nKQYPvHFDLeylQS6sLS74ErY="; }; - vendorHash = "sha256-yWxBiOPB0z3+bd6f+LalfVYYoV04scnl3YXJkaTo/dk="; + vendorHash = "sha256-sSWDy8LsqRP4DNuWI8HhE6ojjnHx2Ltyw55oaGOa1ms="; doCheck = false; diff --git a/pkgs/development/tools/analysis/valgrind/default.nix b/pkgs/development/tools/analysis/valgrind/default.nix index 6cee7ef029d..c8046b68cd9 100644 --- a/pkgs/development/tools/analysis/valgrind/default.nix +++ b/pkgs/development/tools/analysis/valgrind/default.nix @@ -6,11 +6,11 @@ stdenv.mkDerivation rec { pname = "valgrind"; - version = "3.21.0"; + version = "3.22.0"; src = fetchurl { url = "https://sourceware.org/pub/${pname}/${pname}-${version}.tar.bz2"; - hash = "sha256-EM4WGLs+M/rRbreVUrCj4SEXYkSKDX/OEcimJDuayXE="; + hash = "sha256-yBHbWt0sX3KZRMr0fE56Zdyqu5Rh5HK1eHZd179tLUw="; }; patches = [ @@ -58,7 +58,7 @@ stdenv.mkDerivation rec { preConfigure = lib.optionalString stdenv.isFreeBSD '' substituteInPlace configure --replace '`uname -r`' \ - ${toString stdenv.hostPlatform.parsed.kernel.version}.0 + ${toString stdenv.hostPlatform.parsed.kernel.version}.0- '' + lib.optionalString stdenv.isDarwin ( let OSRELEASE = '' $(awk -F '"' '/#define OSRELEASE/{ print $2 }' \ @@ -131,6 +131,7 @@ stdenv.mkDerivation rec { platforms = with lib.platforms; lib.intersectLists (x86 ++ power ++ s390x ++ armv7 ++ aarch64 ++ mips) (darwin ++ freebsd ++ illumos ++ linux); - broken = stdenv.isDarwin || stdenv.hostPlatform.isStatic; # https://hydra.nixos.org/build/128521440/nixlog/2 + badPlatforms = [ lib.systems.inspect.platformPatterns.isStatic ]; + broken = stdenv.isDarwin; # https://hydra.nixos.org/build/128521440/nixlog/2 }; } |