diff options
Diffstat (limited to 'pkgs/development/tools/analysis')
75 files changed, 3254 insertions, 0 deletions
diff --git a/pkgs/development/tools/analysis/actionlint/default.nix b/pkgs/development/tools/analysis/actionlint/default.nix new file mode 100644 index 00000000000..68112b01cfb --- /dev/null +++ b/pkgs/development/tools/analysis/actionlint/default.nix @@ -0,0 +1,35 @@ +{ lib, buildGoModule, fetchFromGitHub, ronn, installShellFiles }: + +buildGoModule rec { + pname = "actionlint"; + version = "1.6.10"; + + subPackages = [ "cmd/actionlint" ]; + + src = fetchFromGitHub { + owner = "rhysd"; + repo = "actionlint"; + rev = "v${version}"; + sha256 = "sha256-RFsNJiCeSAeEWOUnfBpeIZKoS2mlXazYMQd1M6yFLGU="; + }; + + vendorSha256 = "sha256-CxNER8aQftMG14M+x6bPwcXgUZRkUDYZtFg1cPxxg+I="; + + nativeBuildInputs = [ ronn installShellFiles ]; + + postInstall = '' + ronn --roff man/actionlint.1.ronn + installManPage man/actionlint.1 + ''; + + ldflags = [ "-s" "-w" "-X github.com/rhysd/actionlint.version=${version}" ]; + + meta = with lib; { + homepage = "https://rhysd.github.io/actionlint/"; + description = "Static checker for GitHub Actions workflow files"; + changelog = "https://github.com/rhysd/actionlint/raw/v${version}/CHANGELOG.md"; + license = licenses.mit; + maintainers = [ maintainers.marsam ]; + mainProgram = "actionlint"; + }; +} diff --git a/pkgs/development/tools/analysis/autoflake/default.nix b/pkgs/development/tools/analysis/autoflake/default.nix new file mode 100644 index 00000000000..03e01aadb71 --- /dev/null +++ b/pkgs/development/tools/analysis/autoflake/default.nix @@ -0,0 +1,23 @@ +{ lib, python3Packages }: + +with python3Packages; +buildPythonApplication rec { + pname = "autoflake"; + version = "1.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "61a353012cff6ab94ca062823d1fb2f692c4acda51c76ff83a8d77915fba51ea"; + }; + + propagatedBuildInputs = [ pyflakes ]; + + doCheck = true; + + meta = with lib; { + homepage = "https://github.com/myint/autoflake"; + description = "A simple program which removes unused imports and unused variables as reported by pyflakes"; + license = licenses.mit; + maintainers = with maintainers; [ yuriaisaka ]; + }; +} diff --git a/pkgs/development/tools/analysis/bingrep/default.nix b/pkgs/development/tools/analysis/bingrep/default.nix new file mode 100644 index 00000000000..2d8348bfc9b --- /dev/null +++ b/pkgs/development/tools/analysis/bingrep/default.nix @@ -0,0 +1,22 @@ +{ lib, rustPlatform, fetchFromGitHub }: + +rustPlatform.buildRustPackage rec { + pname = "bingrep"; + version = "0.9.0"; + + src = fetchFromGitHub { + owner = "m4b"; + repo = pname; + rev = "v${version}"; + hash = "sha256-M3BYj1SKQKjEqP9cxaVlh7UeleDbcx6JN+UI6Ez+QJ8="; + }; + + cargoHash = "sha256-botAoLNg/qTh+cjPXcjo/Ol2Vktj/c5130k5falEuLY="; + + meta = with lib; { + description = "Greps through binaries from various OSs and architectures, and colors them"; + homepage = "https://github.com/m4b/bingrep"; + license = licenses.mit; + maintainers = with maintainers; [ minijackson ]; + }; +} diff --git a/pkgs/development/tools/analysis/binlore/default.nix b/pkgs/development/tools/analysis/binlore/default.nix new file mode 100644 index 00000000000..ac46bd4c418 --- /dev/null +++ b/pkgs/development/tools/analysis/binlore/default.nix @@ -0,0 +1,112 @@ +{ lib +, fetchFromGitHub +, runCommand +, yallback +, yara +}: + +/* TODO/CAUTION: + +I don't want to discourage use, but I'm not sure how stable +the API is. Have fun, but be prepared to track changes! :) + +For _now_, binlore is basically a thin wrapper around +`<invoke yara> | <postprocess with yallback>` with support +for running it on a derivation, saving the result in the +store, and aggregating results from a set of packages. + +In the longer term, I suspect there are more uses for this +general pattern (i.e., run some analysis tool that produces +a deterministic output and cache the result per package...). + +I'm not sure how that'll look and if it'll be the case that +binlore automatically collects all of them, or if you'll be +configuring which "kind(s)" of lore it generates. Nailing +that down will almost certainly mean reworking the API. + +*/ + +let + src = fetchFromGitHub { + owner = "abathur"; + repo = "binlore"; + rev = "v0.1.4"; + hash = "sha256-+N0Bqyaj/mAwrcgFtUI8czmKo3VW6J8ZRxaPEghp7QM="; + }; + /* + binlore has one one more yallbacks responsible for + routing the appropriate lore to a named file in the + appropriate format. At some point I might try to do + something fancy with this, but for now the answer to + *all* questions about the lore are: the bare minimum + to get resholve over the next feature hump in time to + hopefully slip this feature in before the branch-off. + */ + # TODO: feeling really uninspired on the API + loreDef = { + # YARA rule file + rules = (src + /execers.yar); + # output filenames; "types" of lore + types = [ "execers" "wrappers" ]; + # shell rule callbacks; see github.com/abathur/yallback + yallback = (src + /execers.yall); + # TODO: + # - echo for debug, can be removed at some point + # - I really just wanted to put the bit after the pipe + # in here, but I'm erring on the side of flexibility + # since this form will make it easier to pilot other + # uses of binlore. + callback = lore: drv: overrides: '' + if [[ -d "${drv}/bin" ]]; then + echo generating binlore for $drv by running: + echo "${yara}/bin/yara ${lore.rules} ${drv}/bin | ${yallback}/bin/yallback ${lore.yallback}" + else + echo "failed to generate binlore for $drv (${drv}/bin doesn't exist)" + fi + '' + + /* + Override lore for some packages. Unsure, but for now: + 1. start with the ~name (pname-version) + 2. remove characters from the end until we find a match + in overrides/ + 3. execute the override script with the list of expected + lore types + */ + '' + i=''${#identifier} + filter= + while [[ $i > 0 ]] && [[ -z "$filter" ]]; do + if [[ -f "${overrides}/''${identifier:0:$i}" ]]; then + filter="${overrides}/''${identifier:0:$i}" + echo using "${overrides}/''${identifier:0:$i}" to generate overriden binlore for $drv + break + fi + ((i--)) || true # don't break build + done # || true # don't break build + if [[ -d "${drv}/bin" ]]; then + ${yara}/bin/yara ${lore.rules} ${drv}/bin | ${yallback}/bin/yallback ${lore.yallback} "$filter" + fi + ''; + }; + overrides = (src + /overrides); + +in rec { + collect = { lore ? loreDef, drvs }: (runCommand "more-binlore" { } '' + mkdir $out + for lorefile in ${toString lore.types}; do + cat ${lib.concatMapStrings (x: x + "/$lorefile ") (map (make lore) (map lib.getBin drvs))} > $out/$lorefile + done + ''); + # TODO: echo for debug, can be removed at some point + make = lore: drv: runCommand "${drv.name}-binlore" { + identifier = drv.name; + drv = drv; + } ('' + mkdir $out + touch $out/{${builtins.concatStringsSep "," lore.types}} + + ${lore.callback lore drv overrides} + + echo binlore for $drv written to $out + ''); +} diff --git a/pkgs/development/tools/analysis/brakeman/Gemfile b/pkgs/development/tools/analysis/brakeman/Gemfile new file mode 100644 index 00000000000..1ff5490b0a7 --- /dev/null +++ b/pkgs/development/tools/analysis/brakeman/Gemfile @@ -0,0 +1,2 @@ +source "https://rubygems.org" +gem "brakeman" diff --git a/pkgs/development/tools/analysis/brakeman/Gemfile.lock b/pkgs/development/tools/analysis/brakeman/Gemfile.lock new file mode 100644 index 00000000000..257d8a7fba1 --- /dev/null +++ b/pkgs/development/tools/analysis/brakeman/Gemfile.lock @@ -0,0 +1,13 @@ +GEM + remote: https://rubygems.org/ + specs: + brakeman (5.1.1) + +PLATFORMS + ruby + +DEPENDENCIES + brakeman + +BUNDLED WITH + 2.2.24 diff --git a/pkgs/development/tools/analysis/brakeman/default.nix b/pkgs/development/tools/analysis/brakeman/default.nix new file mode 100644 index 00000000000..72c4b1fbc3e --- /dev/null +++ b/pkgs/development/tools/analysis/brakeman/default.nix @@ -0,0 +1,18 @@ +{ lib, ruby, bundlerApp, bundlerUpdateScript }: + +bundlerApp rec { + pname = "brakeman"; + exes = [ "brakeman" ]; + gemdir = ./.; + + passthru.updateScript = bundlerUpdateScript "brakeman"; + + meta = with lib; { + description = "Static analysis security scanner for Ruby on Rails"; + homepage = "https://brakemanscanner.org/"; + changelog = "https://github.com/presidentbeef/brakeman/blob/v${version}/CHANGES.md"; + license = [ licenses.unfreeRedistributable ]; + platforms = ruby.meta.platforms; + maintainers = [ maintainers.marsam ]; + }; +} diff --git a/pkgs/development/tools/analysis/brakeman/gemset.nix b/pkgs/development/tools/analysis/brakeman/gemset.nix new file mode 100644 index 00000000000..ea241dbf6e7 --- /dev/null +++ b/pkgs/development/tools/analysis/brakeman/gemset.nix @@ -0,0 +1,12 @@ +{ + brakeman = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0y71fqqd0azy5rn78fwiz9px0mql23zrl0ij0dzdkx22l4cscpb0"; + type = "gem"; + }; + version = "5.1.1"; + }; +} diff --git a/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix b/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix new file mode 100644 index 00000000000..101a4f948fc --- /dev/null +++ b/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, rustPlatform, fetchFromGitHub, pkg-config, curl, openssl, Security }: + +rustPlatform.buildRustPackage rec { + pname = "cargo-tarpaulin"; + version = "0.19.1"; + + src = fetchFromGitHub { + owner = "xd009642"; + repo = "tarpaulin"; + rev = version; + sha256 = "sha256-H/EQTS+d317icCZdOWTvykzIFQC7ia7/jYFkImgogps="; + }; + + nativeBuildInputs = [ + pkg-config + ]; + buildInputs = [ openssl ] + ++ lib.optionals stdenv.isDarwin [ curl Security ]; + + cargoSha256 = "sha256-A3J5od6yT7eVU66WfvG/umne0RDBZCf8IvQpW6OTZSE="; + #checkFlags = [ "--test-threads" "1" ]; + doCheck = false; + + meta = with lib; { + description = "A code coverage tool for Rust projects"; + homepage = "https://github.com/xd009642/tarpaulin"; + license = with licenses; [ mit /* or */ asl20 ]; + maintainers = with maintainers; [ hugoreeves ]; + }; +} diff --git a/pkgs/development/tools/analysis/cccc/cccc.patch b/pkgs/development/tools/analysis/cccc/cccc.patch new file mode 100644 index 00000000000..9454e3b18ad --- /dev/null +++ b/pkgs/development/tools/analysis/cccc/cccc.patch @@ -0,0 +1,24 @@ +diff --git a/cccc/cccc_tbl.cc b/cccc/cccc_tbl.cc +index df98e2b..59f2572 100644 +--- a/cccc/cccc_tbl.cc ++++ b/cccc/cccc_tbl.cc +@@ -96,7 +96,7 @@ bool CCCC_Table<T>::remove(T* old_item_ptr) + typename map_t::iterator value_iterator=map_t::find(old_item_ptr->key()); + if(value_iterator!=map_t::end()) + { +- erase(value_iterator); ++ map_t::erase(value_iterator); + retval=true; + } + return retval; +diff --git a/makefile b/makefile +index 23ad004..2cca469 100644 +--- a/makefile ++++ b/makefile +@@ -20,5 +20,5 @@ test : + cd test ; make -f posix.mak + + install : +- cd install ; su root -c "make -f install.mak" ++ cd install ; make -f install.mak + diff --git a/pkgs/development/tools/analysis/cccc/default.nix b/pkgs/development/tools/analysis/cccc/default.nix new file mode 100644 index 00000000000..dc7cccd9dc1 --- /dev/null +++ b/pkgs/development/tools/analysis/cccc/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "cccc"; + version = "3.1.4"; + + src = fetchurl { + url = "mirror://sourceforge/cccc/${version}/cccc-${version}.tar.gz"; + sha256 = "1gsdzzisrk95kajs3gfxks3bjvfd9g680fin6a9pjrism2lyrcr7"; + }; + + hardeningDisable = [ "format" ]; + + patches = [ ./cccc.patch ]; + + preConfigure = '' + substituteInPlace install/install.mak --replace /usr/local/bin $out/bin + substituteInPlace install/install.mak --replace MKDIR=mkdir "MKDIR=mkdir -p" + ''; + buildFlags = [ "CCC=c++" "LD=c++" ]; + + meta = { + description = "C and C++ Code Counter"; + longDescription = '' + CCCC is a tool which analyzes C++ and Java files and generates a report + on various metrics of the code. Metrics supported include lines of code, McCabe's + complexity and metrics proposed by Chidamber&Kemerer and Henry&Kafura. + ''; + homepage = "http://cccc.sourceforge.net/"; + license = lib.licenses.gpl2; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.linquize ]; + }; +} diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix new file mode 100644 index 00000000000..a025abf1e34 --- /dev/null +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -0,0 +1,145 @@ +{ lib +, fetchFromGitHub +, python3 +}: +let + py = python3.override { + packageOverrides = self: super: { + + dpath = super.dpath.overridePythonAttrs (oldAttrs: rec { + version = "1.5.0"; + src = oldAttrs.src.override { + inherit version; + sha256 = "06rn91n2izw7czncgql71w7acsa8wwni51njw0c6s8w4xas1arj9"; + }; + doCheck = false; + }); + + jsonschema = super.jsonschema.overridePythonAttrs (oldAttrs: rec { + version = "3.2.0"; + src = oldAttrs.src.override { + inherit version; + sha256 = "sha256-yKhbKNN3zHc35G4tnytPRO48Dh3qxr9G3e/HGH0weXo="; + }; + SETUPTOOLS_SCM_PRETEND_VERSION = version; + doCheck = false; + }); + + }; + }; +in +with py.pkgs; + +buildPythonApplication rec { + pname = "checkov"; + version = "2.0.975"; + + src = fetchFromGitHub { + owner = "bridgecrewio"; + repo = pname; + rev = version; + hash = "sha256-vzq6HKugjM9LBaklv0IlMauSAl3bqHOikDCzrhVBVPA="; + }; + + nativeBuildInputs = with py.pkgs; [ + setuptools-scm + ]; + + propagatedBuildInputs = with py.pkgs; [ + aiodns + aiohttp + aiomultiprocess + argcomplete + bc-python-hcl2 + boto3 + cachetools + charset-normalizer + cloudsplaining + colorama + configargparse + cyclonedx-python-lib + deep_merge + detect-secrets + docker + dockerfile-parse + dpath + GitPython + jmespath + jsonpath-ng + jsonschema + junit-xml + networkx + packaging + policyuniverse + prettytable + pycep-parser + pyyaml + semantic-version + tabulate + termcolor + tqdm + typing-extensions + update_checker + ]; + + checkInputs = with py.pkgs; [ + aioresponses + mock + pytest-asyncio + pytest-mock + pytest-xdist + pytestCheckHook + ]; + + postPatch = '' + substituteInPlace setup.py \ + --replace "cyclonedx-python-lib>=0.11.0,<1.0.0" "cyclonedx-python-lib>=0.11.0" \ + --replace "prettytable>=3.0.0" "prettytable" + ''; + + preCheck = '' + export HOME=$(mktemp -d); + ''; + + disabledTests = [ + # No API key available + "api_key" + # Requires network access + "TestSarifReport" + # Will probably be fixed in one of the next releases + "test_valid_cyclonedx_bom" + "test_record_relative_path_with" + "test_record_relative_path_with_relative_dir" + # Requires prettytable release which is only available in staging + "test_skipped_check_exists" + # AssertionError: 0 not greater than 0 + "test_skip_mapping_default" + ]; + + disabledTestPaths = [ + # Tests are pulling from external sources + # https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml + "integration_tests/" + "tests/terraform/" + # Performance tests have no value for us + "performance_tests/test_checkov_performance.py" + # Requires prettytable release which is only available in staging + "tests/sca_package/" + "tests/test_runner_filter.py" + ]; + + pythonImportsCheck = [ + "checkov" + ]; + + meta = with lib; { + description = "Static code analysis tool for infrastructure-as-code"; + homepage = "https://github.com/bridgecrewio/checkov"; + longDescription = '' + Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, + Kubernetes, Serverless framework and other infrastructure-as-code-languages. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ anhdle14 fab ]; + }; +} diff --git a/pkgs/development/tools/analysis/checkstyle/default.nix b/pkgs/development/tools/analysis/checkstyle/default.nix new file mode 100644 index 00000000000..6c135beea45 --- /dev/null +++ b/pkgs/development/tools/analysis/checkstyle/default.nix @@ -0,0 +1,37 @@ +{ lib, stdenv, fetchurl, makeWrapper, jre }: + +stdenv.mkDerivation rec { + version = "9.3"; + pname = "checkstyle"; + + src = fetchurl { + url = "https://github.com/checkstyle/checkstyle/releases/download/checkstyle-${version}/checkstyle-${version}-all.jar"; + sha256 = "sha256-Aq0zB+RgWafE+K9sX2H0d7xf2RDlavsUXEWQTJXSE6w="; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ jre ]; + + dontUnpack = true; + + installPhase = '' + runHook preInstall + install -D $src $out/checkstyle/checkstyle-all.jar + makeWrapper ${jre}/bin/java $out/bin/checkstyle \ + --add-flags "-jar $out/checkstyle/checkstyle-all.jar" + runHook postInstall + ''; + + meta = with lib; { + description = "Checks Java source against a coding standard"; + longDescription = '' + checkstyle is a development tool to help programmers write Java code that + adheres to a coding standard. By default it supports the Sun Code + Conventions, but is highly configurable. + ''; + homepage = "http://checkstyle.sourceforge.net/"; + license = licenses.lgpl21; + maintainers = with maintainers; [ pSub ]; + platforms = jre.meta.platforms; + }; +} diff --git a/pkgs/development/tools/analysis/clang-analyzer/0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch b/pkgs/development/tools/analysis/clang-analyzer/0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch new file mode 100644 index 00000000000..87d79a070cd --- /dev/null +++ b/pkgs/development/tools/analysis/clang-analyzer/0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch @@ -0,0 +1,35 @@ +From 99a7e55a60c8d96e160f9104a3dd31b7914d3488 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> +Date: Fri, 31 Jul 2020 09:22:03 +0100 +Subject: [PATCH] Fix scan-build to use NIX_CFLAGS_COMPILE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jörg Thalheim <joerg@thalheim.io> +--- + clang/tools/scan-build/libexec/ccc-analyzer | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/clang/tools/scan-build/libexec/ccc-analyzer +b/clang/tools/scan-build/libexec/ccc-analyzer +index ed0d4d3d73f3..2d5113435ca5 100755 +--- a/clang/tools/scan-build/libexec/ccc-analyzer ++++ b/clang/tools/scan-build/libexec/ccc-analyzer +@@ -249,6 +249,14 @@ sub Analyze { + push @Args, "-target", $AnalyzerTarget; + } + ++ # Add Nix flags to analysis ++ if (defined $ENV{'NIX_CFLAGS_COMPILE'}) { ++ my @nixArgs = split(/\s+/, $ENV{'NIX_CFLAGS_COMPILE'}); ++ foreach my $nixArg (@nixArgs) { ++ push @Args, $nixArg; ++ } ++ } ++ + my $AnalysisArgs = GetCCArgs($HtmlDir, "--analyze", \@Args); + @CmdArgs = @$AnalysisArgs; + } +-- +2.33.0 diff --git a/pkgs/development/tools/analysis/clang-analyzer/default.nix b/pkgs/development/tools/analysis/clang-analyzer/default.nix new file mode 100644 index 00000000000..46e04aaf389 --- /dev/null +++ b/pkgs/development/tools/analysis/clang-analyzer/default.nix @@ -0,0 +1,38 @@ +{ lib, stdenv, fetchurl, clang, llvmPackages, perl, makeWrapper, python3 }: + +stdenv.mkDerivation rec { + pname = "clang-analyzer"; + inherit (llvmPackages.clang-unwrapped) src version; + + patches = [ ./0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch ]; + buildInputs = [ clang llvmPackages.clang perl python3 ]; + nativeBuildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/share/scan-view $out/bin + cp -R clang/tools/scan-view/share/* $out/share/scan-view + cp -R clang/tools/scan-view/bin/* $out/bin/scan-view + cp -R clang/tools/scan-build/* $out + + rm $out/bin/*.bat $out/libexec/*.bat $out/CMakeLists.txt + + wrapProgram $out/bin/scan-build \ + --add-flags "--use-cc=${clang}/bin/clang" \ + --add-flags "--use-c++=${clang}/bin/clang++" \ + --add-flags "--use-analyzer='${llvmPackages.clang}/bin/clang'" + ''; + + meta = { + description = "Clang Static Analyzer"; + longDescription = '' + The Clang Static Analyzer is a source code analysis tool that finds bugs + in C, C++, and Objective-C programs. + ''; + homepage = "https://clang-analyzer.llvm.org/"; + license = lib.licenses.bsd3; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.thoughtpolice ]; + }; +} diff --git a/pkgs/development/tools/analysis/coan/default.nix b/pkgs/development/tools/analysis/coan/default.nix new file mode 100644 index 00000000000..3ef6c2b8459 --- /dev/null +++ b/pkgs/development/tools/analysis/coan/default.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, fetchurl, perl }: + +stdenv.mkDerivation rec { + version = "6.0.1"; + pname = "coan"; + + src = fetchurl { + url = "mirror://sourceforge/project/coan2/v${version}/${pname}-${version}.tar.gz"; + sha256 = "1d041j0nd1hc0562lbj269dydjm4rbzagdgzdnmwdxr98544yw44"; + }; + + nativeBuildInputs = [ perl ]; + + enableParallelBuilding = true; + + postInstall = '' + mv -v $out/share/man/man1/coan.1.{1,gz} + ''; + + meta = with lib; { + description = "The C preprocessor chainsaw"; + longDescription = '' + A software engineering tool for analysing preprocessor-based + configurations of C or C++ source code. Its principal use is to simplify + a body of source code by eliminating any parts that are redundant with + respect to a specified configuration. Dead code removal is an + application of this sort. + ''; + homepage = "http://coan2.sourceforge.net/"; + license = licenses.bsd3; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/tools/analysis/codeql/default.nix b/pkgs/development/tools/analysis/codeql/default.nix new file mode 100644 index 00000000000..a6a95e74e4a --- /dev/null +++ b/pkgs/development/tools/analysis/codeql/default.nix @@ -0,0 +1,48 @@ +{ lib, stdenv, fetchzip, zlib, xorg, freetype, jdk11, curl, autoPatchelfHook }: + +stdenv.mkDerivation rec { + pname = "codeql"; + version = "2.8.1"; + + dontConfigure = true; + dontBuild = true; + dontStrip = true; + + src = fetchzip { + url = "https://github.com/github/codeql-cli-binaries/releases/download/v${version}/codeql.zip"; + sha256 = "sha256-zZoK5x+nE8AVZWDSMmsVPFuXNnAHBPyu9+1GgSwN19c="; + }; + + nativeBuildInputs = [ + zlib + xorg.libX11 + xorg.libXext + xorg.libXi + xorg.libXtst + xorg.libXrender + freetype + jdk11 + stdenv.cc.cc.lib + curl + ]; + + installPhase = '' + # codeql directory should not be top-level, otherwise, + # it'll include /nix/store to resolve extractors. + mkdir -p $out/{codeql,bin} + cp -R * $out/codeql/ + + ln -sf $out/codeql/tools/linux64/lib64trace.so $out/codeql/tools/linux64/libtrace.so + + sed -i 's%\$CODEQL_DIST/tools/\$CODEQL_PLATFORM/java%\${jdk11}%g' $out/codeql/codeql + + ln -s $out/codeql/codeql $out/bin/ + ''; + + meta = with lib; { + description = "Semantic code analysis engine"; + homepage = "https://codeql.github.com"; + maintainers = [ maintainers.dump_stack ]; + license = licenses.unfree; + }; +} diff --git a/pkgs/development/tools/analysis/cov-build/default.nix b/pkgs/development/tools/analysis/cov-build/default.nix new file mode 100644 index 00000000000..93a4ffab388 --- /dev/null +++ b/pkgs/development/tools/analysis/cov-build/default.nix @@ -0,0 +1,48 @@ +{ lib, stdenv, requireFile }: + +let + message = '' + Register an account at https://scan.coverity.com, download the + build tools, and add it to the nix store with nix-prefetch-url + ''; +in +stdenv.mkDerivation rec { + pname = "cov-build"; + version = "7.0.2"; + + src = + if stdenv.hostPlatform.system == "i686-linux" + then requireFile { + name = "cov-analysis-linux32-${version}.tar.gz"; + sha256 = "0i06wbd7blgx9adh9w09by4i18vwmldfp9ix97a5dph2cjymsviy"; + inherit message; + } + else requireFile { + name = "cov-analysis-linux64-${version}.tar.gz"; + sha256 = "0iby75p0g8gv7b501xav47milr8m9781h0hcgm1ch6x3qj6irqd8"; + inherit message; + }; + + dontStrip = true; + buildPhase = false; + installPhase = '' + mkdir -p $out/bin $out/libexec + mv * $out/libexec + for x in cov-build cov-capture cov-configure cov-emit cov-emit-java \ + cov-export-cva cov-extract-scm cov-help cov-import-scm cov-link \ + cov-internal-clang cov-internal-emit-clang cov-internal-nm \ + cov-internal-emit-java-bytecode cov-internal-reduce cov-translate \ + cov-preprocess cov-internal-pid-to-db cov-manage-emit \ + cov-manage-history; do + ln -s $out/libexec/bin/$x $out/bin/$x; + done + ''; + + meta = { + description = "Coverity Scan build tools"; + homepage = "https://scan.coverity.com"; + license = lib.licenses.unfreeRedistributable; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.thoughtpolice ]; + }; +} diff --git a/pkgs/development/tools/analysis/coz/default.nix b/pkgs/development/tools/analysis/coz/default.nix new file mode 100644 index 00000000000..17968a466bf --- /dev/null +++ b/pkgs/development/tools/analysis/coz/default.nix @@ -0,0 +1,56 @@ +{ lib, stdenv +, fetchFromGitHub +, libelfin +, ncurses +, python3 +, python3Packages +, makeWrapper +}: +stdenv.mkDerivation rec { + pname = "coz"; + version = "0.2.1"; + + src = fetchFromGitHub { + owner = "plasma-umass"; + repo = "coz"; + rev = version; + sha256 = "0val36yw987b1558iiyk3nqg0yy5k9y5wh49v91zj3cs58mmfyhc"; + }; + + postPatch = '' + sed -i -e '/pid_t gettid/,+2d' libcoz/ccutil/thread.h + ''; + + postConfigure = '' + # This is currently hard-coded. Will be fixed in the next release. + sed -e "s|/usr/lib/|$out/lib/|" -i ./coz + ''; + + nativeBuildInputs = [ + ncurses + makeWrapper + python3Packages.wrapPython + ]; + + buildInputs = [ + libelfin + (python3.withPackages (p: [ p.docutils ])) + ]; + + installPhase = '' + mkdir -p $out/share/man/man1 + make install prefix=$out + + # fix executable includes + chmod -x $out/include/coz.h + + wrapPythonPrograms + ''; + + meta = { + homepage = "https://github.com/plasma-umass/coz"; + description = "Profiler based on casual profiling"; + license = lib.licenses.bsd2; + maintainers = with lib.maintainers; [ zimbatm ]; + }; +} diff --git a/pkgs/development/tools/analysis/cppcheck/default.nix b/pkgs/development/tools/analysis/cppcheck/default.nix new file mode 100644 index 00000000000..7f9e82162ea --- /dev/null +++ b/pkgs/development/tools/analysis/cppcheck/default.nix @@ -0,0 +1,39 @@ +{ lib, stdenv, fetchurl, libxslt, docbook_xsl, docbook_xml_dtd_45, pcre, withZ3 ? true, z3 }: + +stdenv.mkDerivation rec { + pname = "cppcheck"; + version = "2.7"; + + src = fetchurl { + url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.bz2"; + sha256 = "sha256-rHTAlzxGoFJ2D0/3ymqEYWyleVUQVC0ZWm8SLFMHkpE="; + }; + + buildInputs = [ pcre ] ++ lib.optionals withZ3 [ z3 ]; + nativeBuildInputs = [ libxslt docbook_xsl docbook_xml_dtd_45 ]; + + makeFlags = [ "PREFIX=$(out)" "FILESDIR=$(out)/cfg" "HAVE_RULES=yes" ] + ++ lib.optionals withZ3 [ "USE_Z3=yes" "CPPFLAGS=-DNEW_Z3=1" ]; + + outputs = [ "out" "man" ]; + + enableParallelBuilding = true; + + postInstall = '' + make DB2MAN=${docbook_xsl}/xml/xsl/docbook/manpages/docbook.xsl man + mkdir -p $man/share/man/man1 + cp cppcheck.1 $man/share/man/man1/cppcheck.1 + ''; + + meta = with lib; { + description = "A static analysis tool for C/C++ code"; + longDescription = '' + Check C/C++ code for memory leaks, mismatching allocation-deallocation, + buffer overruns and more. + ''; + homepage = "http://cppcheck.sourceforge.net/"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ joachifm ]; + }; +} diff --git a/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch b/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch new file mode 100644 index 00000000000..3b602421d10 --- /dev/null +++ b/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch @@ -0,0 +1,16 @@ +diff --git a/setup.py b/setup.py +index aef5c4e..030ea14 100755 +--- a/setup.py ++++ b/setup.py +@@ -73,7 +73,7 @@ setup(name='cpplint', + long_description=open('README.rst').read(), + license='BSD-3-Clause', + setup_requires=[ +- "pytest-runner==5.2" ++ "pytest-runner" + ], + tests_require=test_required, + # extras_require allow pip install .[dev] +-- +2.31.1 + diff --git a/pkgs/development/tools/analysis/cpplint/default.nix b/pkgs/development/tools/analysis/cpplint/default.nix new file mode 100644 index 00000000000..2f665b8395b --- /dev/null +++ b/pkgs/development/tools/analysis/cpplint/default.nix @@ -0,0 +1,32 @@ +{ lib, python3Packages, fetchFromGitHub }: + +python3Packages.buildPythonApplication rec { + pname = "cpplint"; + version = "1.5.5"; + + # Fetch from github instead of pypi, since the test cases are not in the pypi archive + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = version; + sha256 = "sha256-JXz2Ufo7JSceZVqYwCRkuAsOR08znZlIUk8GCLAyiI4="; + }; + + patches = [ ./0001-Remove-pytest-runner-version-pin.patch ]; + + postPatch = '' + patchShebangs cpplint_unittest.py + ''; + + checkInputs = with python3Packages; [ pytest pytest-runner ]; + checkPhase = '' + ./cpplint_unittest.py + ''; + + meta = with lib; { + homepage = "https://github.com/cpplint/cpplint"; + description = "Static code checker for C++"; + maintainers = [ maintainers.bhipple ]; + license = [ licenses.bsd3 ]; + }; +} diff --git a/pkgs/development/tools/analysis/cvehound/default.nix b/pkgs/development/tools/analysis/cvehound/default.nix new file mode 100644 index 00000000000..05073bba750 --- /dev/null +++ b/pkgs/development/tools/analysis/cvehound/default.nix @@ -0,0 +1,41 @@ +{ lib, fetchFromGitHub, coccinelle, gnugrep, python3Packages }: + +with python3Packages; + +buildPythonApplication rec { + pname = "cvehound"; + version = "1.0.4"; + + src = fetchFromGitHub { + owner = "evdenis"; + repo = "cvehound"; + rev = version; + sha256 = "sha256-m8vpea02flQ8elSvGWv9FqBhsEcBzRYjcUk+dc4kb2M="; + }; + + makeWrapperArgs = [ + "--prefix PATH : ${lib.makeBinPath [ coccinelle gnugrep ]}" + ]; + + propagatedBuildInputs = [ + psutil + setuptools + sympy + ]; + + checkInputs = [ + GitPython + pytestCheckHook + ]; + + # Tries to clone the kernel sources + doCheck = false; + + meta = with lib; { + description = "tool to check linux kernel source dump for known CVEs"; + homepage = "https://github.com/evdenis/cvehound"; + # See https://github.com/evdenis/cvehound/issues/22 + license = with licenses; [ gpl2Only gpl3Only ]; + maintainers = with maintainers; [ ambroisie ]; + }; +} diff --git a/pkgs/development/tools/analysis/dotenv-linter/default.nix b/pkgs/development/tools/analysis/dotenv-linter/default.nix new file mode 100644 index 00000000000..49331dbfceb --- /dev/null +++ b/pkgs/development/tools/analysis/dotenv-linter/default.nix @@ -0,0 +1,25 @@ +{ lib +, rustPlatform +, fetchFromGitHub +}: + +rustPlatform.buildRustPackage rec { + pname = "dotenv-linter"; + version = "3.2.0"; + + src = fetchFromGitHub { + owner = "dotenv-linter"; + repo = "dotenv-linter"; + rev = "v${version}"; + sha256 = "sha256-YWL1aPcMdU4lo7h/T2sdl2H6qnx3lfMtV39Ak4yP88w="; + }; + + cargoSha256 = "sha256-q59hpnXc00OzrJk1KOWbIPQYfIE+7ku9XtTDXHgwQBg="; + + meta = with lib; { + description = "Lightning-fast linter for .env files. Written in Rust"; + homepage = "https://dotenv-linter.github.io"; + license = licenses.mit; + maintainers = with maintainers; [ humancalico ]; + }; +} diff --git a/pkgs/development/tools/analysis/egypt/default.nix b/pkgs/development/tools/analysis/egypt/default.nix new file mode 100644 index 00000000000..02665022099 --- /dev/null +++ b/pkgs/development/tools/analysis/egypt/default.nix @@ -0,0 +1,32 @@ +{ lib, fetchurl, perlPackages }: + +perlPackages.buildPerlPackage rec { + pname = "egypt"; + version = "1.10"; + + src = fetchurl { + sha256 = "0r0wj6v8z9fzlh9pb5617kyjdf92ppmlbzajaarrq729bbb6ln5m"; + url = "https://www.gson.org/egypt/download/${pname}-${version}.tar.gz"; + }; + + outputs = [ "out" ]; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with lib; { + description = "Tool for making call graphs of C programmes"; + longDescription = '' + Egypt is a simple tool for creating call graphs of C programs. It neither + analyzes source code nor lays out graphs. Instead, it leaves the source + code analysis to GCC and the graph layout to Graphviz, both of which are + better at their respective jobs than egypt itself could ever hope to be. + Egypt is simply a very small Perl script that glues these existing tools + together. + ''; + homepage = "http://www.gson.org/egypt/"; + license = with licenses; [ artistic1 gpl1Plus ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/tools/analysis/emma/default.nix b/pkgs/development/tools/analysis/emma/default.nix new file mode 100644 index 00000000000..43970497bb4 --- /dev/null +++ b/pkgs/development/tools/analysis/emma/default.nix @@ -0,0 +1,25 @@ +{lib, stdenv, fetchurl, unzip}: + +stdenv.mkDerivation rec { + pname = "emma"; + version = "2.0.5312"; + + src = fetchurl { + url = "mirror://sourceforge/${pname}/${pname}-${version}.zip"; + sha256 = "0xxy39s2lvgs56vicjzpcz936l1vjaplliwa0dm7v3iyvw6jn7vj"; + }; + + nativeBuildInputs = [ unzip ]; + + installPhase = '' + mkdir -p $out/lib/jars + cp lib/*.jar $out/lib/jars/ + ''; + + meta = { + homepage = "http://emma.sourceforge.net/"; + description = "A code coverage tool for Java"; + platforms = lib.platforms.unix; + license = lib.licenses.cpl10; + }; +} diff --git a/pkgs/development/tools/analysis/eresi/default.nix b/pkgs/development/tools/analysis/eresi/default.nix new file mode 100644 index 00000000000..158f6545b71 --- /dev/null +++ b/pkgs/development/tools/analysis/eresi/default.nix @@ -0,0 +1,66 @@ +{ stdenv, lib, fetchFromGitHub, which, openssl, readline, fetchpatch }: + +stdenv.mkDerivation rec { + pname = "eresi"; + version = "0.83-a3-phoenix"; + + src = fetchFromGitHub { + owner = "thorkill"; + repo = "eresi"; + rev = version; + sha256 = "0a5a7mh2zw9lcdrl8n1mqccrc0xcgj7743l7l4kslkh722fxv625"; + }; + + patches = [ + (fetchpatch { + url = "https://github.com/thorkill/eresi/commit/a79406344cc21d594d27fa5ec5922abe9f7475e7.patch"; + sha256 = "1mjjc6hj7r06iarvai7prcdvjk9g0k5vwrmkwcm7b8ivd5xzxp2z"; + }) + ]; + + postPatch = '' + # Two occurences of fprintf() with only two arguments, which should really + # be fputs(). + # + # Upstream pull request: https://github.com/thorkill/eresi/pull/162 + # + sed -i -e 's/fprintf(\(stderr\), *\([a-z0-9]\+\))/fputs(\2, \1)/g' \ + libe2dbg/common/common.c libe2dbg/user/threads.c + + # We need to patch out a few ifs here, because it tries to create a series + # of configuration files in ~/.something. However, our builds are sandboxed + # and also don't contain a valid home, so let's NOP it out :-) + # + # The second fix we need to make is that we need to pretend being Gentoo + # because otherwise the build process tries to link against libtermcap, + # which I think is solely for historic reasons (nowadays Terminfo should + # have largely superseded it). + sed -i -e '/^if \[ ! -e/c if false; then' \ + -e 's/^GENTOO=.*/GENTOO=1/' configure + ''; + + configureFlags = [ + (if stdenv.is64bit then "--enable-32-64" else "--enable-32") + "--enable-readline" + ]; + + # The configure script is not generated by autoconf but is hand-rolled, so it + # has --enable-static but no --disabled-static and also doesn't support the + # equals sign in --prefix. + prefixKey = "--prefix "; + dontDisableStatic = true; + + nativeBuildInputs = [ which ]; + buildInputs = [ openssl readline ]; + enableParallelBuilding = true; + + installTargets = lib.singleton "install" + ++ lib.optional stdenv.is64bit "install64"; + + meta = { + description = "The ERESI Reverse Engineering Software Interface"; + license = lib.licenses.gpl2Only; + homepage = "https://github.com/thorkill/eresi"; # Formerly http://www.eresi-project.org/ + platforms = lib.platforms.linux; + }; +} diff --git a/pkgs/development/tools/analysis/evmdis/default.nix b/pkgs/development/tools/analysis/evmdis/default.nix new file mode 100644 index 00000000000..4061090b182 --- /dev/null +++ b/pkgs/development/tools/analysis/evmdis/default.nix @@ -0,0 +1,21 @@ +{ lib, buildGoPackage, fetchFromGitHub }: + +buildGoPackage { + pname = "evmdis-unstable"; + version = "2018-03-23"; + goPackagePath = "github.com/Arachnid/evmdis"; + + src = fetchFromGitHub { + owner = "Arachnid"; + repo = "evmdis"; + rev = "0d1406905c5fda6224651fa53260a21c907eb986"; + sha256 = "09y4j7ipgv8yd99g3xk3f079w8fqfj7kl1y7ry81ainysn0qlqrg"; + }; + + meta = with lib; { + homepage = "https://github.com/Arachnid/evmdis"; + description = "Ethereum EVM disassembler"; + license = [ licenses.asl20 ]; + maintainers = with maintainers; [ asymmetric ]; + }; +} diff --git a/pkgs/development/tools/analysis/findbugs/default.nix b/pkgs/development/tools/analysis/findbugs/default.nix new file mode 100644 index 00000000000..e07d98998ef --- /dev/null +++ b/pkgs/development/tools/analysis/findbugs/default.nix @@ -0,0 +1,45 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "findbugs"; + version = "3.0.1"; + + src = fetchurl { + url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz"; + sha256 = "06b46fz4nid7qvm36r66zw01fr87y4jyz21ixw27b8hkqah0s3p8"; + }; + + buildPhase = '' + substituteInPlace bin/findbugs --replace /bin/pwd pwd + ''; + + installPhase = '' + d=$out/libexec/findbugs + mkdir -p $d $out/bin $out/nix-support + + cp -prd bin lib plugin doc $d/ + rm $d/bin/*.bat + for i in $d/bin/*; do + if [ -f $i ]; then ln -s $i $out/bin/; fi + done + + # Get rid of unnecessary JARs. + rm $d/lib/ant.jar + + # Make some JARs findable. + mkdir -p $out/share/java + ln -s $d/lib/{findbugs.jar,findbugs-ant.jar} $out/share/java/ + + cat <<EOF > $out/nix-support/setup-hook + export FINDBUGS_HOME=$d + EOF + ''; + + meta = with lib; { + description = "A static analysis tool to find bugs in Java programs automatically"; + homepage = "http://findbugs.sourceforge.net/"; + maintainers = with maintainers; [ pSub ]; + platforms = with platforms; unix; + license = licenses.lgpl3; + }; +} diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix new file mode 100644 index 00000000000..2d97b64b11e --- /dev/null +++ b/pkgs/development/tools/analysis/flow/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub, ocamlPackages, CoreServices }: + +stdenv.mkDerivation rec { + pname = "flow"; + version = "0.174.1"; + + src = fetchFromGitHub { + owner = "facebook"; + repo = "flow"; + rev = "v${version}"; + sha256 = "sha256-lfj6KyB9QYvUy4Ybo8f30omAg4K/jT5MEERJPm0aJ7U="; + }; + + installPhase = '' + install -Dm755 bin/flow $out/bin/flow + install -Dm644 resources/shell/bash-completion $out/share/bash-completion/completions/flow + ''; + + buildInputs = (with ocamlPackages; [ ocaml findlib ocamlbuild ocaml-migrate-parsetree-2 dtoa core_kernel sedlex_2 ocaml_lwt lwt_log lwt_ppx ppx_deriving ppx_gen_rec visitors wtf8 ]) + ++ lib.optionals stdenv.isDarwin [ CoreServices ]; + + meta = with lib; { + description = "A static type checker for JavaScript"; + homepage = "https://flow.org/"; + changelog = "https://github.com/facebook/flow/raw/v${version}/Changelog.md"; + license = licenses.mit; + platforms = ocamlPackages.ocaml.meta.platforms; + maintainers = with maintainers; [ marsam puffnfresh ]; + }; +} diff --git a/pkgs/development/tools/analysis/frama-c/default.nix b/pkgs/development/tools/analysis/frama-c/default.nix new file mode 100644 index 00000000000..b5ae5055d02 --- /dev/null +++ b/pkgs/development/tools/analysis/frama-c/default.nix @@ -0,0 +1,87 @@ +{ lib, stdenv, fetchurl, makeWrapper, writeText +, autoconf, ncurses, graphviz, doxygen +, ocamlPackages, ltl2ba, coq, why3 +, gdk-pixbuf, wrapGAppsHook +}: + +let + mkocamlpath = p: "${p}/lib/ocaml/${ocamlPackages.ocaml.version}/site-lib"; + runtimeDeps = with ocamlPackages; [ + apron.dev + biniou + camlzip + easy-format + menhirLib + mlgmpidl + num + ocamlgraph + stdlib-shims + why3 + re + seq + sexplib + sexplib0 + parsexp + base + yojson + zarith + ]; + ocamlpath = lib.concatMapStringsSep ":" mkocamlpath runtimeDeps; +in + +stdenv.mkDerivation rec { + pname = "frama-c"; + version = "24.0"; + slang = "Chromium"; + + src = fetchurl { + url = "https://frama-c.com/download/frama-c-${version}-${slang}.tar.gz"; + sha256 = "sha256:0x1xgip50jdz1phsb9rzwf2ra8lshn1hmd9g967xia402wrg3sjf"; + }; + + preConfigure = lib.optionalString stdenv.cc.isClang "configureFlagsArray=(\"--with-cpp=clang -E -C\")"; + + nativeBuildInputs = [ autoconf wrapGAppsHook ]; + + buildInputs = with ocamlPackages; [ + ncurses ocaml findlib ltl2ba ocamlgraph yojson menhirLib camlzip + lablgtk3 lablgtk3-sourceview3 coq graphviz zarith apron why3 mlgmpidl doxygen + gdk-pixbuf + ]; + + enableParallelBuilding = true; + + preFixup = '' + gappsWrapperArgs+=(--prefix OCAMLPATH ':' ${ocamlpath}) + ''; + + # Allow loading of external Frama-C plugins + setupHook = writeText "setupHook.sh" '' + addFramaCPath () { + if test -d "''$1/lib/frama-c/plugins"; then + export FRAMAC_PLUGIN="''${FRAMAC_PLUGIN-}''${FRAMAC_PLUGIN:+:}''$1/lib/frama-c/plugins" + export OCAMLPATH="''${OCAMLPATH-}''${OCAMLPATH:+:}''$1/lib/frama-c/plugins" + fi + + if test -d "''$1/lib/frama-c"; then + export OCAMLPATH="''${OCAMLPATH-}''${OCAMLPATH:+:}''$1/lib/frama-c" + fi + + if test -d "''$1/share/frama-c/"; then + export FRAMAC_EXTRA_SHARE="''${FRAMAC_EXTRA_SHARE-}''${FRAMAC_EXTRA_SHARE:+:}''$1/share/frama-c" + fi + + } + + addEnvHooks "$targetOffset" addFramaCPath + ''; + + + meta = { + description = "An extensible and collaborative platform dedicated to source-code analysis of C software"; + homepage = "http://frama-c.com/"; + license = lib.licenses.lgpl21; + maintainers = with lib.maintainers; [ thoughtpolice amiddelk ]; + platforms = lib.platforms.unix; + }; +} diff --git a/pkgs/development/tools/analysis/garcosim/tracefilegen/default.nix b/pkgs/development/tools/analysis/garcosim/tracefilegen/default.nix new file mode 100644 index 00000000000..f7f5e84c012 --- /dev/null +++ b/pkgs/development/tools/analysis/garcosim/tracefilegen/default.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, fetchFromGitHub, cmake }: + +stdenv.mkDerivation rec { + + pname = "tracefilegen"; + version = "unstable-2017-05-13"; + + src = fetchFromGitHub { + owner = "GarCoSim"; + repo = "TraceFileGen"; + rev = "0ebfd1fdb54079d4bdeaa81fc9267ecb9f016d60"; + sha256 = "1gsx18ksgz5gwl3v62vgrmhxc0wc99i74qwhpn0h57zllk41drjc"; + }; + + nativeBuildInputs = [ cmake ]; + + patches = [ ./gcc7.patch ]; + + installPhase = '' + install -Dm755 TraceFileGen $out/bin/TraceFileGen + mkdir -p $out/share/doc/${pname}-${version}/ + cp -ar $src/Documentation/html $out/share/doc/${pname}-${version}/. + ''; + + meta = with lib; { + description = "Automatically generate all types of basic memory management operations and write into trace files"; + homepage = "https://github.com/GarCoSim"; + maintainers = [ maintainers.cmcdragonkai ]; + license = licenses.gpl2; + platforms = platforms.linux; + }; + +} diff --git a/pkgs/development/tools/analysis/garcosim/tracefilegen/gcc7.patch b/pkgs/development/tools/analysis/garcosim/tracefilegen/gcc7.patch new file mode 100644 index 00000000000..48301bbf61a --- /dev/null +++ b/pkgs/development/tools/analysis/garcosim/tracefilegen/gcc7.patch @@ -0,0 +1,13 @@ +diff --git a/Utils/Logger.cpp b/Utils/Logger.cpp +index 747cd63..e3efdf1 100644 +--- a/Utils/Logger.cpp ++++ b/Utils/Logger.cpp +@@ -29,7 +29,7 @@ Logger::Logger(char* tracepath) { + trace = fopen(tracepath, "w"); + + // dot file is not used, set null as default value +- dot = '\0'; ++ dot = nullptr; + //dot = fopen("gcKons.dot", "w"); + //fprintf(dot,"digraph G {\n"); + } diff --git a/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix b/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix new file mode 100644 index 00000000000..a76b6b9239e --- /dev/null +++ b/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation { + + pname = "tracefilesim"; + version = "unstable-2015-11-07"; + + src = fetchFromGitHub { + owner = "GarCoSim"; + repo = "TraceFileSim"; + rev = "368aa6b1d6560e7ecbd16fca47000c8f528f3da2"; + sha256 = "156m92k38ap4bzidbr8dzl065rni8lrib71ih88myk9z5y1x5nxm"; + }; + + hardeningDisable = [ "fortify" ]; + + installPhase = '' + mkdir --parents "$out/bin" + cp ./traceFileSim "$out/bin" + ''; + + meta = with lib; { + description = "Ease the analysis of existing memory management techniques, as well as the prototyping of new memory management techniques"; + homepage = "https://github.com/GarCoSim"; + maintainers = [ maintainers.cmcdragonkai ]; + license = licenses.gpl2; + platforms = platforms.linux; + }; + +} diff --git a/pkgs/development/tools/analysis/hopper/default.nix b/pkgs/development/tools/analysis/hopper/default.nix new file mode 100644 index 00000000000..b169877f5c1 --- /dev/null +++ b/pkgs/development/tools/analysis/hopper/default.nix @@ -0,0 +1,80 @@ +{ stdenv +, fetchurl +, lib +, autoPatchelfHook +, wrapQtAppsHook +, libbsd +, python27 +, gmpxx +, ncurses5 +, gnustep +, libffi +}: +stdenv.mkDerivation rec { + pname = "hopper"; + version = "4.5.29"; + rev = "v${lib.versions.major version}"; + + src = fetchurl { + url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux.pkg.tar.xz"; + sha256 = "1v1pff5fiv41khvrnlpdks2vddjnvziyn14qqj6v26snyhwi86zh"; + }; + + sourceRoot = "."; + + nativeBuildInputs = [ + wrapQtAppsHook + autoPatchelfHook + ]; + + buildInputs = [ + libbsd + python27 + gmpxx + ncurses5 + gnustep.libobjc + ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin + mkdir -p $out/lib + mkdir -p $out/share + + cp $sourceRoot/opt/hopper-${rev}/bin/Hopper $out/bin/hopper + cp \ + --archive \ + $sourceRoot/opt/hopper-${rev}/lib/libBlocksRuntime.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libdispatch.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libgnustep-base.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libHopperCore.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libkqueue.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libobjcxx.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libpthread_workqueue.so* \ + $out/lib + + # we already ship libffi.so.7 + ln -s ${lib.getLib libffi}/lib/libffi.so $out/lib/libffi.so.6 + + cp -r $sourceRoot/usr/share $out + + runHook postInstall + ''; + + postFixup = '' + substituteInPlace "$out/share/applications/hopper-${rev}.desktop" \ + --replace "Exec=/opt/hopper-${rev}/bin/Hopper" "Exec=$out/bin/hopper" + ''; + + meta = with lib; { + homepage = "https://www.hopperapp.com/index.html"; + description = "A macOS and Linux Disassembler"; + license = licenses.unfree; + maintainers = with maintainers; [ + luis + Enteee + ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/tools/analysis/hotspot/default.nix b/pkgs/development/tools/analysis/hotspot/default.nix new file mode 100644 index 00000000000..5fede1aee5c --- /dev/null +++ b/pkgs/development/tools/analysis/hotspot/default.nix @@ -0,0 +1,80 @@ +{ lib +, mkDerivation +, cmake +, elfutils +, extra-cmake-modules +, fetchFromGitHub +, kconfigwidgets +, ki18n +, kio +, kitemmodels +, kitemviews +, kwindowsystem +, libelf +, qtbase +, threadweaver +, qtx11extras +, zstd +, kddockwidgets +, rustc-demangle +}: + +mkDerivation rec { + pname = "hotspot"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "KDAB"; + repo = "hotspot"; + rev = "v${version}"; + sha256 = "1f68bssh3p387hkavfjkqcf7qf7w5caznmjfjldicxphap4riqr5"; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ + cmake + extra-cmake-modules + ]; + buildInputs = [ + elfutils + kconfigwidgets + ki18n + kio + kitemmodels + kitemviews + kwindowsystem + libelf + qtbase + threadweaver + qtx11extras + zstd + kddockwidgets + rustc-demangle + ]; + + # hotspot checks for the presence of third party libraries' + # git directory to give a nice warning when you forgot to clone + # submodules; but Nix clones them and removes .git (for reproducibility). + # So we need to fake their existence here. + postPatch = '' + mkdir -p 3rdparty/{perfparser,PrefixTickLabels}/.git + ''; + + cmakeFlags = [ + "-DRUSTC_DEMANGLE_INCLUDE_DIR=${rustc-demangle}/include" + "-DRUSTC_DEMANGLE_LIBRARY=${rustc-demangle}/lib/librustc_demangle.so" + ]; + + meta = { + description = "A GUI for Linux perf"; + longDescription = '' + hotspot is a GUI replacement for `perf report`. + It takes a perf.data file, parses and evaluates its contents and + then displays the result in a graphical way. + ''; + homepage = "https://github.com/KDAB/hotspot"; + license = with lib.licenses; [ gpl2Only gpl3Only ]; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ nh2 ]; + }; +} diff --git a/pkgs/development/tools/analysis/ikos/default.nix b/pkgs/development/tools/analysis/ikos/default.nix new file mode 100644 index 00000000000..a1eec36204b --- /dev/null +++ b/pkgs/development/tools/analysis/ikos/default.nix @@ -0,0 +1,37 @@ +{ stdenv, lib, fetchFromGitHub, cmake, boost, tbb +, gmp, llvm, clang, sqlite, python3 +, ocamlPackages, mpfr, ppl, doxygen, graphviz +}: + +let + python = python3.withPackages (ps: with ps; [ + pygments + ]); +in + +stdenv.mkDerivation rec { + pname = "ikos"; + version = "3.0"; + + src = fetchFromGitHub { + owner = "NASA-SW-VnV"; + repo = "ikos"; + rev = "v${version}"; + sha256 = "0k3kp1af0qx3l1x6a4sl4fm8qlwchjvwkvs2ck0fhfnc62q2im5f"; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ boost tbb gmp clang llvm sqlite python + ocamlPackages.apron mpfr ppl doxygen graphviz ]; + + cmakeFlags = [ "-DAPRON_ROOT=${ocamlPackages.apron}" ]; + + postBuild = "make doc"; + + meta = with lib; { + homepage = "https://github.com/NASA-SW-VnV/ikos"; + description = "Static analyzer for C/C++ based on the theory of Abstract Interpretation"; + license = licenses.nasa13; + maintainers = with maintainers; [ atnnn ]; + }; +} diff --git a/pkgs/development/tools/analysis/include-what-you-use/default.nix b/pkgs/development/tools/analysis/include-what-you-use/default.nix new file mode 100644 index 00000000000..bc1be4e5ba5 --- /dev/null +++ b/pkgs/development/tools/analysis/include-what-you-use/default.nix @@ -0,0 +1,37 @@ +{ lib, stdenv, fetchurl, cmake, llvmPackages, python3 }: + +stdenv.mkDerivation rec { + pname = "include-what-you-use"; + # Also bump llvmPackages in all-packages.nix to the supported version! + version = "0.17"; + + src = fetchurl { + sha256 = "sha256-7KfAT4tBa2OF7QDjNmmn+kaTzSbLcrUizeVYgo6wxmU="; + url = "${meta.homepage}/downloads/${pname}-${version}.src.tar.gz"; + }; + + nativeBuildInputs = with llvmPackages; [ cmake llvm.dev llvm python3]; + buildInputs = with llvmPackages; [ libclang clang-unwrapped ]; + + cmakeFlags = [ "-DIWYU_LLVM_ROOT_PATH=${llvmPackages.clang-unwrapped}" ]; + + postInstall = '' + substituteInPlace $out/bin/iwyu_tool.py \ + --replace "'include-what-you-use'" "'$out/bin/include-what-you-use'" + ''; + + meta = with lib; { + description = "Analyze #includes in C/C++ source files with clang"; + longDescription = '' + For every symbol (type, function variable, or macro) that you use in + foo.cc, either foo.cc or foo.h should #include a .h file that exports the + declaration of that symbol. The main goal of include-what-you-use is to + remove superfluous #includes, both by figuring out what #includes are not + actually needed for this file (for both .cc and .h files), and by + replacing #includes with forward-declares when possible. + ''; + homepage = "https://include-what-you-use.org"; + license = licenses.bsd3; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/tools/analysis/jdepend/default.nix b/pkgs/development/tools/analysis/jdepend/default.nix new file mode 100644 index 00000000000..faa68dadc3b --- /dev/null +++ b/pkgs/development/tools/analysis/jdepend/default.nix @@ -0,0 +1,35 @@ +{ lib, stdenv, fetchFromGitHub, ant, jdk, runtimeShell }: + +stdenv.mkDerivation rec { + pname = "jdepend"; + version = "2.10"; + + src = fetchFromGitHub { + owner = "clarkware"; + repo = "jdepend"; + rev = version; + sha256 = "1lxf3j9vflky7a2py3i59q7cwd1zvjv2b88l3za39vc90s04dz6k"; + }; + + nativeBuildInputs = [ ant jdk ]; + buildPhase = "ant jar"; + + installPhase = '' + mkdir -p $out/bin $out/share + install dist/${pname}-${version}.jar $out/share + + cat > "$out/bin/jdepend" <<EOF + #!${runtimeShell} + exec ${jdk.jre}/bin/java -classpath "$out/share/*" "\$@" + EOF + chmod a+x $out/bin/jdepend + ''; + + meta = with lib; { + description = "Traverses Java class file directories and generates design quality metrics for each Java package"; + homepage = "http://www.clarkware.com/software/JDepend.html"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ pSub ]; + }; +} diff --git a/pkgs/development/tools/analysis/kcov/default.nix b/pkgs/development/tools/analysis/kcov/default.nix new file mode 100644 index 00000000000..a708c88ee9e --- /dev/null +++ b/pkgs/development/tools/analysis/kcov/default.nix @@ -0,0 +1,84 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +, pkg-config +, zlib +, curl +, elfutils +, python3 +, libiberty +, libopcodes +, runCommand +, gcc +, rustc +}: + +let + self = + stdenv.mkDerivation rec { + pname = "kcov"; + version = "38"; + + src = fetchFromGitHub { + owner = "SimonKagstrom"; + repo = "kcov"; + rev = "v${version}"; + sha256 = "sha256-6LoIo2/yMUz8qIpwJVcA3qZjjF+8KEM1MyHuyHsQD38="; + }; + + preConfigure = "patchShebangs src/bin-to-c-source.py"; + nativeBuildInputs = [ cmake pkg-config python3 ]; + + buildInputs = [ curl zlib elfutils libiberty libopcodes ]; + + strictDeps = true; + + passthru.tests = { + works-on-c = runCommand "works-on-c" {} '' + set -ex + cat - > a.c <<EOF + int main() {} + EOF + ${gcc}/bin/gcc a.c -o a.out + ${self}/bin/kcov /tmp/kcov ./a.out + test -e /tmp/kcov/index.html + touch $out + set +x + ''; + + works-on-rust = runCommand "works-on-rust" {} '' + set -ex + cat - > a.rs <<EOF + fn main() {} + EOF + # Put gcc in the path so that `cc` is found + PATH=${gcc}/bin:$PATH ${rustc}/bin/rustc a.rs -o a.out + ${self}/bin/kcov /tmp/kcov ./a.out + test -e /tmp/kcov/index.html + touch $out + set +x + ''; + }; + + meta = with lib; { + description = "Code coverage tester for compiled programs, Python scripts and shell scripts"; + + longDescription = '' + Kcov is a code coverage tester for compiled programs, Python + scripts and shell scripts. It allows collecting code coverage + information from executables without special command-line + arguments, and continuosly produces output from long-running + applications. + ''; + + homepage = "http://simonkagstrom.github.io/kcov/index.html"; + license = licenses.gpl2; + changelog = "https://github.com/SimonKagstrom/kcov/blob/master/ChangeLog"; + + maintainers = with maintainers; [ gal_bolle ekleog ]; + platforms = platforms.linux; + }; + }; +in +self diff --git a/pkgs/development/tools/analysis/lcov/default.nix b/pkgs/development/tools/analysis/lcov/default.nix new file mode 100644 index 00000000000..30df5daed6f --- /dev/null +++ b/pkgs/development/tools/analysis/lcov/default.nix @@ -0,0 +1,45 @@ + {lib, stdenv, fetchFromGitHub, perl, perlPackages, makeWrapper }: + +stdenv.mkDerivation rec { + pname = "lcov"; + version = "1.15"; + + src = fetchFromGitHub { + owner = "linux-test-project"; + repo = "lcov"; + rev = "v${version}"; + sha256 = "1kvc7fkp45w48f0bxwbxvxkicnjrrydki0hllg294n1wrp80zzyk"; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ perl ]; + + preBuild = '' + patchShebangs bin/ + makeFlagsArray=(PREFIX=$out LCOV_PERL_PATH=$(command -v perl)) + ''; + + postInstall = '' + wrapProgram $out/bin/lcov --set PERL5LIB ${perlPackages.makeFullPerlPath [ perlPackages.PerlIOgzip perlPackages.JSON ]} + wrapProgram $out/bin/genpng --set PERL5LIB ${perlPackages.makeFullPerlPath [ perlPackages.GD ]} + ''; + + meta = with lib; { + description = "Code coverage tool that enhances GNU gcov"; + + longDescription = + '' LCOV is an extension of GCOV, a GNU tool which provides information + about what parts of a program are actually executed (i.e., + "covered") while running a particular test case. The extension + consists of a set of PERL scripts which build on the textual GCOV + output to implement the following enhanced functionality such as + HTML output. + ''; + + homepage = "http://ltp.sourceforge.net/coverage/lcov.php"; + license = lib.licenses.gpl2Plus; + + maintainers = with maintainers; [ dezgeg ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/tools/analysis/makefile2graph/default.nix b/pkgs/development/tools/analysis/makefile2graph/default.nix new file mode 100644 index 00000000000..5c286e62954 --- /dev/null +++ b/pkgs/development/tools/analysis/makefile2graph/default.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, fetchFromGitHub, makeWrapper, bash, gnumake }: + +stdenv.mkDerivation rec { + pname = "makefile2graph"; + version = "unstable-2018-01-03"; + + src = fetchFromGitHub { + owner = "lindenb"; + repo = "makefile2graph"; + rev = "61fb95a5ba91c20236f5e4deb11127c34b47091f"; + sha256 = "07hq40bl48i8ka35fcciqcafpd8k9rby1wf4vl2p53v0665xaghr"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + makeFlags = [ "prefix=$(out)" ]; + + fixupPhase = '' + substituteInPlace $out/bin/makefile2graph \ + --replace '/bin/sh' ${bash}/bin/bash \ + --replace 'make2graph' "$out/bin/make2graph" + wrapProgram $out/bin/makefile2graph \ + --set PATH ${lib.makeBinPath [ gnumake ]} + ''; + + meta = with lib; { + homepage = "https://github.com/lindenb/makefile2graph"; + description = "Creates a graph of dependencies from GNU-Make; Output is a graphiz-dot file or a Gexf-XML file"; + maintainers = with maintainers; [ cmcdragonkai ]; + license = licenses.mit; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/tools/analysis/massif-visualizer/default.nix b/pkgs/development/tools/analysis/massif-visualizer/default.nix new file mode 100644 index 00000000000..78f8bbeb683 --- /dev/null +++ b/pkgs/development/tools/analysis/massif-visualizer/default.nix @@ -0,0 +1,30 @@ +{ + mkDerivation, lib, fetchurl, + extra-cmake-modules, shared-mime-info, + qtsvg, qtxmlpatterns, karchive, kconfig, kcoreaddons, kparts, kio, ki18n, + kdiagram, kgraphviewer +}: + +mkDerivation rec { + pname = "massif-visualizer"; + version = "0.7.0"; + + src = fetchurl { + url = "mirror://kde/stable/massif-visualizer/${version}/src/${pname}-${version}.tar.xz"; + sha256 = "0v8z6r9gngzckvqyxjm9kp7hilwfqibyk2f9vag9l98ar0iwr97q"; + }; + + nativeBuildInputs = [ extra-cmake-modules shared-mime-info ]; + + buildInputs = [ + qtsvg qtxmlpatterns karchive kconfig kcoreaddons kparts kio ki18n + kdiagram kgraphviewer + ]; + + meta = with lib; { + description = "Tool that visualizes massif data generated by valgrind"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ zraexy ]; + }; +} diff --git a/pkgs/development/tools/analysis/nix-linter/default.nix b/pkgs/development/tools/analysis/nix-linter/default.nix new file mode 100644 index 00000000000..1a6539520d7 --- /dev/null +++ b/pkgs/development/tools/analysis/nix-linter/default.nix @@ -0,0 +1,43 @@ +{ lib +, mkDerivation +, fetchFromGitHub +, fixplate +, tasty +, tasty-hunit +, tasty-th +, streamly +, mtl +, path +, pretty-terminal +, text +, base +, aeson +, path-io +, cmdargs +, containers +, hnix +, bytestring +}: + +mkDerivation rec { + pname = "nix-linter"; + version = "0.2.0.3"; + + src = fetchFromGitHub { + owner = "Synthetica9"; + repo = "nix-linter"; + rev = "38c4a14681cf3a1e6f098d8b723db503910a28d8"; + sha256 = "16igk4xnm4mg9mw0zg2zk6s44axia3fs6334fasvjy0c7cjwk4c7"; + }; + + isLibrary = false; + isExecutable = true; + libraryHaskellDepends = [ fixplate ]; + executableHaskellDepends = [ streamly mtl path pretty-terminal text base aeson cmdargs containers hnix bytestring path-io ]; + testHaskellDepends = [ tasty tasty-hunit tasty-th ]; + + description = "Linter for Nix(pkgs), based on hnix"; + homepage = "https://github.com/Synthetica9/nix-linter"; + license = lib.licenses.bsd3; + maintainers = [ lib.maintainers.marsam ]; +} diff --git a/pkgs/development/tools/analysis/oclgrind/default.nix b/pkgs/development/tools/analysis/oclgrind/default.nix new file mode 100644 index 00000000000..3752fa8e251 --- /dev/null +++ b/pkgs/development/tools/analysis/oclgrind/default.nix @@ -0,0 +1,28 @@ +{ lib, stdenv, fetchFromGitHub, cmake, llvmPackages, readline, python2 }: + +stdenv.mkDerivation rec { + pname = "oclgrind"; + version = "21.10"; + + src = fetchFromGitHub { + owner = "jrprice"; + repo = "oclgrind"; + rev = "v${version}"; + sha256 = "sha256-DGCF7X2rPV1w9guxg2bMylRirXQgez24sG7Unlct3ow="; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ llvmPackages.llvm llvmPackages.clang-unwrapped readline python2 ]; + + cmakeFlags = [ + "-DCLANG_ROOT=${llvmPackages.clang-unwrapped}" + ]; + + meta = with lib; { + description = "An OpenCL device simulator and debugger"; + homepage = "https://github.com/jrprice/oclgrind"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ athas ]; + }; +} diff --git a/pkgs/development/tools/analysis/panopticon/default.nix b/pkgs/development/tools/analysis/panopticon/default.nix new file mode 100644 index 00000000000..500ca632fcf --- /dev/null +++ b/pkgs/development/tools/analysis/panopticon/default.nix @@ -0,0 +1,50 @@ +{ lib, fetchFromGitHub, rustPlatform, qt5, git, cmake +, pkg-config, makeWrapper }: + +rustPlatform.buildRustPackage rec { + pname = "panopticon"; + version = "unstable-20171202"; + + src = fetchFromGitHub { + owner = "das-labor"; + repo = pname; + rev = "33ffec0d6d379d51b38d6ea00d040f54b1356ae4"; + sha256 = "1zv87nqhrzsxx0m891df4vagzssj3kblfv9yp7j96dw0vn9950qa"; + }; + + nativeBuildInputs = [ cmake pkg-config makeWrapper ]; + propagatedBuildInputs = with qt5; [ + qt5.qtbase + qtdeclarative + qtsvg + qtquickcontrols2 + qtgraphicaleffects + git + ]; + + dontWrapQtApps = true; + + cargoSha256 = "0vhcb3kw1zgchx3nrk8lyrz8p5071y99vsysxvi71klv7dcvn0am"; + doCheck = false; + + postInstall = '' + mkdir -p $out/share/${pname} $out/bin + cp -R qml $out/share/${pname} + mv $out/bin/${pname} $out/share/${pname} + chmod +x $out/share/${pname} + makeWrapper $out/share/${pname}/${pname} $out/bin/${pname} + ''; + + meta = with lib; { + description = "A libre cross-platform disassembler"; + longDescription = '' + Panopticon is a cross platform disassembler for reverse + engineering written in Rust. It can disassemble AMD64, + x86, AVR and MOS 6502 instruction sets and open ELF files. + Panopticon comes with Qt GUI for browsing and annotating + control flow graphs. + ''; + license = with licenses; [ gpl3 ]; + maintainers = with maintainers; [ leenaars ]; + }; +} diff --git a/pkgs/development/tools/analysis/pev/default.nix b/pkgs/development/tools/analysis/pev/default.nix new file mode 100644 index 00000000000..a46bc067f11 --- /dev/null +++ b/pkgs/development/tools/analysis/pev/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, openssl, fetchFromGitHub }: + +stdenv.mkDerivation { + pname = "pev"; + version = "unstable-2020-05-23"; + + src = fetchFromGitHub { + owner = "merces"; + repo = "pev"; + rev = "beec2b4f09585fea919ed41ce466dee06be0b6bf"; + sha256 = "sha256-HrMbk9YbuqkoBBM7+rfXpqVEnd1rDl2rMePdcfU1WDg="; + fetchSubmodules = true; + }; + + buildInputs = [ openssl ]; + + enableParallelBuilding = true; + + makeFlags = [ "prefix=$(out)" ]; + + installFlags = [ "prefix=$(out)" ]; + + meta = with lib; { + description = "A full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries"; + homepage = "https://pev.sourceforge.net/"; + license = licenses.gpl2; + maintainers = with maintainers; [ jeschli ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/tools/analysis/pmd/default.nix b/pkgs/development/tools/analysis/pmd/default.nix new file mode 100644 index 00000000000..503d5c63049 --- /dev/null +++ b/pkgs/development/tools/analysis/pmd/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchurl, unzip, makeWrapper, openjdk }: + +stdenv.mkDerivation rec { + pname = "pmd"; + version = "6.43.0"; + + src = fetchurl { + url = "mirror://sourceforge/pmd/pmd-bin-${version}.zip"; + sha256 = "sha256-+eJCN890vm4WBcMZ2VCGOS8WUyIckL+DfQVNaUSovGE="; + }; + + nativeBuildInputs = [ unzip makeWrapper ]; + + installPhase = '' + runHook preInstall + mkdir -p $out + cp -R {bin,lib} $out + wrapProgram $out/bin/run.sh --prefix PATH : ${openjdk.jre}/bin + runHook postInstall + ''; + + meta = with lib; { + description = "An extensible cross-language static code analyzer"; + homepage = "https://pmd.github.io/"; + changelog = "https://pmd.github.io/pmd-${version}/pmd_release_notes.html"; + platforms = platforms.unix; + license = with licenses; [ bsdOriginal asl20 ]; + }; +} diff --git a/pkgs/development/tools/analysis/qcachegrind/default.nix b/pkgs/development/tools/analysis/qcachegrind/default.nix new file mode 100644 index 00000000000..5ce79a09248 --- /dev/null +++ b/pkgs/development/tools/analysis/qcachegrind/default.nix @@ -0,0 +1,44 @@ +{ lib, stdenv, qmake, qtbase, perl, python2, php, kcachegrind, wrapQtAppsHook }: + +stdenv.mkDerivation { + pname = "qcachegrind"; + version = kcachegrind.version; + + src = kcachegrind.src; + + buildInputs = [ qtbase perl python2 php ]; + + nativeBuildInputs = [ qmake wrapQtAppsHook ]; + + dontWrapQtApps = true; + + postInstall = '' + mkdir -p $out/bin + cp -p converters/dprof2calltree $out/bin/dprof2calltree + cp -p converters/hotshot2calltree.in $out/bin/hotshot2calltree + cp -p converters/memprof2calltree $out/bin/memprof2calltree + cp -p converters/op2calltree $out/bin/op2calltree + cp -p converters/pprof2calltree $out/bin/pprof2calltree + chmod -R +x $out/bin/ + '' + (if stdenv.isDarwin then '' + mkdir -p $out/Applications + cp cgview/cgview.app/Contents/MacOS/cgview $out/bin + cp -a qcachegrind/qcachegrind.app $out/Applications + '' else '' + install qcachegrind/qcachegrind cgview/cgview -t "$out/bin" + install -Dm644 qcachegrind/qcachegrind.desktop -t "$out/share/applications" + install -Dm644 kcachegrind/32-apps-kcachegrind.png "$out/share/icons/hicolor/32x32/apps/kcachegrind.png" + install -Dm644 kcachegrind/48-apps-kcachegrind.png "$out/share/icons/hicolor/48x48/apps/kcachegrind.png" + ''); + + preFixup = '' + wrapQtApp "$out/bin/qcachegrind" + ''; + + meta = with lib; { + description = "A Qt GUI to visualize profiling data"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ periklis ]; + }; +} diff --git a/pkgs/development/tools/analysis/radare2/default.nix b/pkgs/development/tools/analysis/radare2/default.nix new file mode 100644 index 00000000000..d5d393ee96e --- /dev/null +++ b/pkgs/development/tools/analysis/radare2/default.nix @@ -0,0 +1,119 @@ +{ lib +, stdenv +, fetchFromGitHub +, buildPackages +, pkg-config +, libusb-compat-0_1 +, readline +, libewf +, perl +, zlib +, openssl +, libuv +, file +, libzip +, xxHash +, gtk2 +, vte +, gtkdialog +, python3 +, ruby +, lua +, capstone +, useX11 ? false +, rubyBindings ? false +, pythonBindings ? false +, luaBindings ? false +}: + +let + # FIXME: Compare revision with https://github.com/radareorg/radare2/blob/master/libr/asm/arch/arm/v35arm64/Makefile#L20 + arm64 = fetchFromGitHub { + owner = "radareorg"; + repo = "vector35-arch-arm64"; + rev = "3c5eaba46dab72ecb7d5f5b865a13fdeee95b464"; + sha256 = "sha256-alcGEi+D8CptXzfznnuxQKCvU2mbzn2sQge5jSqLVpg="; + }; + armv7 = fetchFromGitHub { + owner = "radareorg"; + repo = "vector35-arch-armv7"; + rev = "dde39f69ffea19fc37e681874b12cb4707bc4f30"; + + sha256 = "sha256-bnWQc0dScM9rhIdzf+iVXvMqYWq/bguEAUQPaZRgdlU="; + }; +in +stdenv.mkDerivation rec { + pname = "radare2"; + version = "5.6.4"; + + src = fetchFromGitHub { + owner = "radare"; + repo = "radare2"; + rev = version; + sha256 = "sha256-rqGlp9fHTF1z8A+DROYfzHXi5xfLMdUWzssGN5uHQmE="; + }; + + preBuild = '' + cp -r ${arm64} libr/asm/arch/arm/v35arm64/arch-arm64 + chmod -R +w libr/asm/arch/arm/v35arm64/arch-arm64 + + cp -r ${armv7} libr/asm/arch/arm/v35arm64/arch-armv7 + chmod -R +w libr/asm/arch/arm/v35arm64/arch-armv7 + ''; + + postFixup = lib.optionalString stdenv.isDarwin '' + for file in $out/bin/rasm2 $out/bin/ragg2 $out/bin/rabin2 $out/lib/libr_asm.${version}.dylib $out/lib/libr_anal.${version}.dylib; do + install_name_tool -change libcapstone.4.dylib ${capstone}/lib/libcapstone.4.dylib $file + done + ''; + + WITHOUT_PULL = "1"; + makeFlags = [ + "GITTAP=${version}" + "RANLIB=${stdenv.cc.bintools.bintools}/bin/${stdenv.cc.bintools.targetPrefix}ranlib" + "CC=${stdenv.cc.targetPrefix}cc" + "HOST_CC=${stdenv.cc.targetPrefix}cc" + ]; + + configureFlags = [ + "--with-sysmagic" + "--with-syszip" + "--with-sysxxhash" + "--with-syscapstone" + "--with-openssl" + ]; + + enableParallelBuilding = true; + depsBuildBuild = [ buildPackages.stdenv.cc ]; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ + capstone + file + readline + libusb-compat-0_1 + libewf + perl + zlib + openssl + libuv + ] ++ lib.optional useX11 [ gtkdialog vte gtk2 ] + ++ lib.optional rubyBindings [ ruby ] + ++ lib.optional pythonBindings [ python3 ] + ++ lib.optional luaBindings [ lua ]; + + propagatedBuildInputs = [ + # radare2 exposes r_lib which depends on these libraries + file # for its list of magic numbers (`libmagic`) + libzip + xxHash + ]; + + meta = with lib; { + description = "unix-like reverse engineering framework and commandline tools"; + homepage = "https://radare.org/"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ raskin makefu mic92 arkivm ]; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/tools/analysis/randoop/default.nix b/pkgs/development/tools/analysis/randoop/default.nix new file mode 100644 index 00000000000..4c33ef57a47 --- /dev/null +++ b/pkgs/development/tools/analysis/randoop/default.nix @@ -0,0 +1,28 @@ +{ lib, stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + version = "4.3.0"; + pname = "randoop"; + + src = fetchurl { + url = "https://github.com/randoop/randoop/releases/download/v${version}/${pname}-${version}.zip"; + sha256 = "sha256-3svBmXcRvscaK8YD4qm/geQSJ6cAm0en/d7H09h41PQ="; + }; + + nativeBuildInputs = [ unzip ]; + + installPhase = '' + mkdir -p $out/lib $out/doc + + cp -R *.jar $out/lib + cp README.txt $out/doc + ''; + + meta = with lib; { + description = "Automatic test generation for Java"; + homepage = "https://randoop.github.io/randoop/"; + license = licenses.mit; + maintainers = with maintainers; [ pSub ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/tools/analysis/retdec/default.nix b/pkgs/development/tools/analysis/retdec/default.nix new file mode 100644 index 00000000000..1701abeb25f --- /dev/null +++ b/pkgs/development/tools/analysis/retdec/default.nix @@ -0,0 +1,233 @@ +{ stdenv +, fetchFromGitHub +, fetchpatch +, fetchzip +, lib +, callPackage +, openssl +, cmake +, autoconf +, automake +, libtool +, pkg-config +, bison +, flex +, groff +, perl +, python3 +, time +, upx +, ncurses +, libffi +, libxml2 +, zlib +, withPEPatterns ? false +}: + +let + capstone = fetchFromGitHub { + owner = "avast-tl"; + repo = "capstone"; + rev = "27c713fe4f6eaf9721785932d850b6291a6073fe"; + sha256 = "105z1g9q7s6n15qpln9vzhlij7vj6cyc5dqdr05n7wzjvlagwgxc"; + }; + elfio = fetchFromGitHub { + owner = "avast-tl"; + repo = "elfio"; + rev = "998374baace397ea98f3b1d768e81c978b4fba41"; + sha256 = "09n34rdp0wpm8zy30zx40wkkc4gbv2k3cv181y6c1260rllwk5d1"; + }; + keystone = fetchFromGitHub { # only for tests + owner = "keystone-engine"; + repo = "keystone"; + rev = "d7ba8e378e5284e6384fc9ecd660ed5f6532e922"; + sha256 = "1yzw3v8xvxh1rysh97y0i8y9svzbglx2zbsqjhrfx18vngh0x58f"; + }; + libdwarf = fetchFromGitHub { + owner = "avast-tl"; + repo = "libdwarf"; + rev = "85465d5e235cc2d2f90d04016d6aca1a452d0e73"; + sha256 = "11y62r65py8yp57i57a4cymxispimn62by9z4j2g19hngrpsgbki"; + }; + llvm = fetchFromGitHub { + owner = "avast-tl"; + repo = "llvm"; + rev = "725d0cee133c6ab9b95c493f05de3b08016f5c3c"; + sha256 = "0dzvafmn4qs62w1y9vh0a11clpj6q3hb41aym4izpcyybjndf9bq"; + }; + pelib = fetchFromGitHub { + owner = "avast-tl"; + repo = "pelib"; + rev = "a7004b2e80e4f6dc984f78b821e7b585a586050d"; + sha256 = "0nyrb3g749lxgcymz1j584xbb1x6rvy1mc700lyn0brznvqsm81n"; + }; + rapidjson = fetchFromGitHub { + owner = "Tencent"; + repo = "rapidjson"; + rev = "v1.1.0"; + sha256 = "1jixgb8w97l9gdh3inihz7avz7i770gy2j2irvvlyrq3wi41f5ab"; + }; + yaracpp = callPackage ./yaracpp.nix {}; # is its own package because it needs a patch + yaramod = fetchFromGitHub { + owner = "avast-tl"; + repo = "yaramod"; + rev = "v2.2.2"; + sha256 = "0cq9h4h686q9ybamisbl797g6xjy211s3cq83nixkwkigmz48ccp"; + }; + jsoncpp = fetchFromGitHub { + owner = "open-source-parsers"; + repo = "jsoncpp"; + rev = "1.8.4"; + sha256 = "1z0gj7a6jypkijmpknis04qybs1hkd04d1arr3gy89lnxmp6qzlm"; + }; + googletest = fetchFromGitHub { # only for tests + owner = "google"; + repo = "googletest"; + rev = "83fa0cb17dad47a1d905526dcdddb5b96ed189d2"; + sha256 = "1c2r0p9v7vz2vasy8bknfb448l6wsvzw35s8hmc5z013z5502mpk"; + }; + tinyxml2 = fetchFromGitHub { + owner = "leethomason"; + repo = "tinyxml2"; + rev = "cc1745b552dd12bb1297a99f82044f83b06729e0"; + sha256 = "015g8520a0c55gwmv7pfdsgfz2rpdmh3d1nq5n9bd65n35492s3q"; + }; + + retdec-support = let + version = "2018-02-08"; # make sure to adjust both hashes (once with withPEPatterns=true and once withPEPatterns=false) + in fetchzip { + url = "https://github.com/avast-tl/retdec-support/releases/download/${version}/retdec-support_${version}.tar.xz"; + sha256 = if withPEPatterns then "148i8flbyj1y4kfdyzsz7jsj38k4h97npjxj18h6v4wksd4m4jm7" + else "0ixv9qyqq40pzyqy6v9jf5rxrvivjb0z0zn260nbmb9gk765bacy"; + stripRoot = false; + # Removing PE signatures reduces this from 3.8GB -> 642MB (uncompressed) + extraPostFetch = lib.optionalString (!withPEPatterns) '' + rm -r "$out/generic/yara_patterns/static-code/pe" + ''; + } // { + inherit version; # necessary to check the version against the expected version + }; + + # patch CMakeLists.txt for a dependency and compare the versions to the ones expected by upstream + # this has to be applied for every dependency (which it is in postPatch) + patchDep = dep: '' + # check if our version of dep is the same version that upstream expects + echo "Checking version of ${dep.dep_name}" + expected_rev="$( sed -n -e 's|.*URL https://github.com/.*/archive/\(.*\)\.zip.*|\1|p' "deps/${dep.dep_name}/CMakeLists.txt" )" + if [ "$expected_rev" != '${dep.rev}' ]; then + echo "The ${dep.dep_name} dependency has the wrong version: ${dep.rev} while $expected_rev is expected." + exit 1 + fi + + # patch the CMakeLists.txt file to use our local copy of the dependency instead of fetching it at build time + sed -i -e 's|URL .*|URL ${dep}|' "deps/${dep.dep_name}/CMakeLists.txt" + ''; + +in stdenv.mkDerivation rec { + pname = "retdec"; + + # If you update this you will also need to adjust the versions of the updated dependencies. You can do this by first just updating retdec + # itself and trying to build it. The build should fail and tell you which dependencies you have to upgrade to which versions. + # I've notified upstream about this problem here: + # https://github.com/avast-tl/retdec/issues/412 + # gcc is pinned to gcc8 in all-packages.nix. That should probably be re-evaluated on update. + version = "3.2"; + + src = fetchFromGitHub { + owner = "avast-tl"; + repo = pname; + rev = "refs/tags/v${version}"; + sha256 = "0chky656lsddn20bnm3pmz6ix20y4a0y8swwr42hrhi01vkhmzrp"; + }; + + nativeBuildInputs = [ + cmake + autoconf + automake + libtool + pkg-config + bison + flex + groff + perl + python3 + ]; + + buildInputs = [ + openssl + ncurses + libffi + libxml2 + zlib + ]; + + cmakeFlags = [ + "-DRETDEC_TESTS=ON" # build tests + ]; + + # all dependencies that are normally fetched during build time (the subdirectories of `deps`) + # all of these need to be fetched through nix and the CMakeLists files need to be patched not to fetch them themselves + external_deps = [ + (capstone // { dep_name = "capstone"; }) + (elfio // { dep_name = "elfio"; }) + (googletest // { dep_name = "googletest"; }) + (jsoncpp // { dep_name = "jsoncpp"; }) + (keystone // { dep_name = "keystone"; }) + (libdwarf // { dep_name = "libdwarf"; }) + (llvm // { dep_name = "llvm"; }) + (pelib // { dep_name = "pelib"; }) + (rapidjson // { dep_name = "rapidjson"; }) + (tinyxml2 // { dep_name = "tinyxml2"; }) + (yaracpp // { dep_name = "yaracpp"; }) + (yaramod // { dep_name = "yaramod"; }) + ]; + + # Use newer yaramod to fix w/bison 3.2+ + patches = [ + # 2.1.2 -> 2.2.1 + (fetchpatch { + url = "https://github.com/avast-tl/retdec/commit/c9d23da1c6e23c149ed684c6becd3f3828fb4a55.patch"; + sha256 = "0hdq634f72fihdy10nx2ajbps561w03dfdsy5r35afv9fapla6mv"; + }) + # 2.2.1 -> 2.2.2 + (fetchpatch { + url = "https://github.com/avast-tl/retdec/commit/fb85f00754b5d13b781385651db557741679721e.patch"; + sha256 = "0a8mwmwb39pr5ag3q11nv81ncdk51shndqrkm92shqrmdq14va52"; + }) + ]; + + postPatch = (lib.concatMapStrings patchDep external_deps) + '' + # install retdec-support + echo "Checking version of retdec-support" + expected_version="$( sed -n -e "s|^version = '\(.*\)'$|\1|p" 'cmake/install-share.py' )" + if [ "$expected_version" != '${retdec-support.version}' ]; then + echo "The retdec-support dependency has the wrong version: ${retdec-support.version} while $expected_version is expected." + exit 1 + fi + mkdir -p "$out/share/retdec" + cp -r ${retdec-support} "$out/share/retdec/support" # write permission needed during install + chmod -R u+w "$out/share/retdec/support" + # python file originally responsible for fetching the retdec-support archive to $out/share/retdec + # that is not necessary anymore, so empty the file + echo > cmake/install-share.py + + # call correct `time` and `upx` programs + substituteInPlace scripts/retdec-config.py --replace /usr/bin/time ${time}/bin/time + substituteInPlace scripts/retdec-unpacker.py --replace "'upx'" "'${upx}/bin/upx'" + ''; + + doInstallCheck = true; + installCheckPhase = '' + ${python3.interpreter} "$out/bin/retdec-tests-runner.py" + + rm -rf $out/bin/__pycache__ + ''; + + meta = with lib; { + description = "A retargetable machine-code decompiler based on LLVM"; + homepage = "https://retdec.com"; + license = licenses.mit; + maintainers = with maintainers; [ dtzWill timokau ]; + platforms = ["x86_64-linux" "i686-linux"]; + }; +} diff --git a/pkgs/development/tools/analysis/retdec/yaracpp.nix b/pkgs/development/tools/analysis/retdec/yaracpp.nix new file mode 100644 index 00000000000..c8bc4ed747b --- /dev/null +++ b/pkgs/development/tools/analysis/retdec/yaracpp.nix @@ -0,0 +1,49 @@ +{ stdenv +, fetchFromGitHub +, coreutils +}: + +let + yara = fetchFromGitHub { + owner = "avast-tl"; + repo = "yara"; + rev = "ea101c5856941f39cad2db3012f2660d1d5c8b65"; + sha256 = "033ssx2hql5k4pv9si043s3mjq2b748ymjzif8pg6rdwh260faky"; + }; +in stdenv.mkDerivation rec { + # only fetches the yaracpp source patched to work with a local yara clone, + # does not build anything + pname = "yaracpp-src"; + version = "2018-10-09"; + rev = "b92bde0e59e3b75bc445227e04b71105771dee8b"; # as specified in retdec/deps/yaracpp/CMakeLists.txt + + src = fetchFromGitHub { + inherit rev; + owner = "avast-tl"; + repo = "yaracpp"; + sha256 = "0fan7q79j7s3bjmhsd2nw6sqyi14xgikn7mr2p4nj87lick5l4a2"; + }; + + postPatch = '' + # check if our version of yara is the same version that upstream expects + echo "Checking version of yara" + expected_rev="$( sed -n -e 's|.*URL https://github.com/.*/archive/\(.*\)\.zip.*|\1|p' "deps/CMakeLists.txt" )" + if [ "$expected_rev" != '${yara.rev}' ]; then + echo "The yara dependency has the wrong version: ${yara.rev} while $expected_rev is expected." + exit 1 + fi + + # patch the CMakeLists.txt file to use our local copy of the dependency instead of fetching it at build time + sed -i -e "s|URL .*|URL ${yara}|" "deps/CMakeLists.txt" + + # abuse the CONFIGURE_COMMAND to make the source writeable after copying it to the build locatoin (necessary for the build) + sed -i -e 's|CONFIGURE_COMMAND ""|CONFIGURE_COMMAND COMMAND ${coreutils}/bin/chmod -R u+w .|' "deps/CMakeLists.txt" + ''; + + buildPhase = "# do nothing"; + configurePhase = "# do nothing"; + installPhase = '' + mkdir -p "$out" + cp -r * "$out" + ''; +} diff --git a/pkgs/development/tools/analysis/rizin/cutter.nix b/pkgs/development/tools/analysis/rizin/cutter.nix new file mode 100644 index 00000000000..a6ac4fbce12 --- /dev/null +++ b/pkgs/development/tools/analysis/rizin/cutter.nix @@ -0,0 +1,44 @@ +{ fetchFromGitHub, lib, mkDerivation +# nativeBuildInputs +, qmake, pkg-config, cmake +# Qt +, qtbase, qtsvg, qtwebengine, qttools +# buildInputs +, rizin +, python3 +, wrapQtAppsHook +}: + +mkDerivation rec { + pname = "cutter"; + version = "2.0.5"; + + src = fetchFromGitHub { + owner = "rizinorg"; + repo = "cutter"; + rev = "v${version}"; + sha256 = "sha256-ljws9S7ZxZK/Ou8jgGSoR++vtzFTEBywHMhCC/UOLEs="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ cmake qmake pkg-config python3 wrapQtAppsHook ]; + propagatedBuildInputs = [ python3.pkgs.pyside2 ]; + buildInputs = [ qtbase qttools qtsvg qtwebengine rizin python3 ]; + + cmakeFlags = [ + "-DCUTTER_USE_BUNDLED_RIZIN=OFF" + "-DCUTTER_ENABLE_PYTHON=ON" + "-DCUTTER_ENABLE_PYTHON_BINDINGS=ON" + ]; + + preBuild = '' + qtWrapperArgs+=(--prefix PYTHONPATH : "$PYTHONPATH") + ''; + + meta = with lib; { + description = "Free and Open Source Reverse Engineering Platform powered by rizin"; + homepage = src.meta.homepage; + license = licenses.gpl3; + maintainers = with maintainers; [ mic92 dtzWill ]; + }; +} diff --git a/pkgs/development/tools/analysis/rizin/default.nix b/pkgs/development/tools/analysis/rizin/default.nix new file mode 100644 index 00000000000..9b15cdd148d --- /dev/null +++ b/pkgs/development/tools/analysis/rizin/default.nix @@ -0,0 +1,81 @@ +{ lib +, stdenv +, fetchurl +, pkg-config +, libusb-compat-0_1 +, readline +, libewf +, perl +, zlib +, openssl +, libuv +, file +, libzip +, lz4 +, xxHash +, meson +, cmake +, ninja +, capstone +, tree-sitter +, python3 +}: + +stdenv.mkDerivation rec { + pname = "rizin"; + version = "0.3.4"; + + src = fetchurl { + url = "https://github.com/rizinorg/rizin/releases/download/v${version}/rizin-src-v${version}.tar.xz"; + sha256 = "sha256-7qSbOWOHwJ0ZcFqrAqYXzbFWgvymfxAf8rJ+75SnEOk="; + }; + + mesonFlags = [ + "-Duse_sys_capstone=enabled" + "-Duse_sys_magic=enabled" + "-Duse_sys_libzip=enabled" + "-Duse_sys_zlib=enabled" + "-Duse_sys_xxhash=enabled" + "-Duse_sys_lz4=enabled" + "-Duse_sys_openssl=enabled" + "-Duse_sys_tree_sitter=enabled" + ]; + + nativeBuildInputs = [ pkg-config meson ninja cmake (python3.withPackages (ps: [ ps.setuptools ])) ]; + + # meson's find_library seems to not use our compiler wrapper if static parameter + # is either true/false... We work around by also providing LIBRARY_PATH + preConfigure = '' + LIBRARY_PATH="" + for b in ${toString (map lib.getLib buildInputs)}; do + if [[ -d "$b/lib" ]]; then + LIBRARY_PATH="$b/lib''${LIBRARY_PATH:+:}$LIBRARY_PATH" + fi + done + export LIBRARY_PATH + ''; + + buildInputs = [ + file + libzip + capstone + readline + libusb-compat-0_1 + libewf + perl + zlib + lz4 + openssl + libuv + tree-sitter + xxHash + ]; + + meta = { + description = "UNIX-like reverse engineering framework and command-line toolset."; + homepage = "https://rizin.re/"; + license = lib.licenses.gpl3Plus; + maintainers = with lib.maintainers; [ raskin makefu mic92 ]; + platforms = with lib.platforms; linux; + }; +} diff --git a/pkgs/development/tools/analysis/rr/default.nix b/pkgs/development/tools/analysis/rr/default.nix new file mode 100644 index 00000000000..bda6f7e4e3c --- /dev/null +++ b/pkgs/development/tools/analysis/rr/default.nix @@ -0,0 +1,59 @@ +{ lib, gcc9Stdenv, fetchFromGitHub, cmake, libpfm, zlib, pkg-config, python3Packages, which, procps, gdb, capnproto }: + +gcc9Stdenv.mkDerivation rec { + version = "5.5.0"; + pname = "rr"; + + src = fetchFromGitHub { + owner = "mozilla"; + repo = "rr"; + rev = version; + sha256 = "sha256-ZZhkmDWGNWejwXZEcFO9p9NG1dopK7kXRj7OrkJCPR0="; + }; + + postPatch = '' + substituteInPlace src/Command.cc --replace '_BSD_SOURCE' '_DEFAULT_SOURCE' + sed '7i#include <math.h>' -i src/Scheduler.cc + patchShebangs . + ''; + + # TODO: remove this preConfigure hook after 5.2.0 since it is fixed upstream + # see https://github.com/mozilla/rr/issues/2269 + preConfigure = ''substituteInPlace CMakeLists.txt --replace "std=c++11" "std=c++14"''; + + nativeBuildInputs = [ cmake pkg-config which ]; + buildInputs = [ + libpfm zlib python3Packages.python python3Packages.pexpect procps gdb capnproto + ]; + propagatedBuildInputs = [ gdb ]; # needs GDB to replay programs at runtime + cmakeFlags = [ + "-DCMAKE_C_FLAGS_RELEASE:STRING=" + "-DCMAKE_CXX_FLAGS_RELEASE:STRING=" + "-Ddisable32bit=ON" + ]; + + # we turn on additional warnings due to hardening + NIX_CFLAGS_COMPILE = "-Wno-error"; + + hardeningDisable = [ "fortify" ]; + + # FIXME + #doCheck = true; + + preCheck = "export HOME=$TMPDIR"; + + meta = { + homepage = "https://rr-project.org/"; + description = "Records nondeterministic executions and debugs them deterministically"; + longDescription = '' + rr aspires to be your primary debugging tool, replacing -- well, + enhancing -- gdb. You record a failure once, then debug the + recording, deterministically, as many times as you want. Every + time the same execution is replayed. + ''; + + license = with lib.licenses; [ mit bsd2 ]; + maintainers = with lib.maintainers; [ pierron thoughtpolice ]; + platforms = lib.platforms.x86; + }; +} diff --git a/pkgs/development/tools/analysis/rr/unstable.nix b/pkgs/development/tools/analysis/rr/unstable.nix new file mode 100644 index 00000000000..35098c1bcfc --- /dev/null +++ b/pkgs/development/tools/analysis/rr/unstable.nix @@ -0,0 +1,22 @@ +# This is a temporary copy of the default.nix in this folder, with the version +# updated to the current tip of rr's master branch. This exists because rr has +# not had a release in a long time. Upstream has stated that it should be fine +# to use master. This file, and its attribute in all-packages, can be removed +# once rr makes a release. + +{ callPackage, fetchFromGitHub }: + +let + rr = callPackage ./. {}; +in + + rr.overrideAttrs (old: { + version = "unstable-2021-07-06"; + + src = fetchFromGitHub { + owner = "mozilla"; + repo = "rr"; + rev = "0fc21a8d654dabc7fb1991d76343824cb7951ea0"; + sha256 = "0s851rflxmvxcfw97zmplcwzhv86xmd3my78pi4c7gkj18d621i5"; + }; + }) diff --git a/pkgs/development/tools/analysis/rr/zen_workaround.nix b/pkgs/development/tools/analysis/rr/zen_workaround.nix new file mode 100644 index 00000000000..193e70d0d95 --- /dev/null +++ b/pkgs/development/tools/analysis/rr/zen_workaround.nix @@ -0,0 +1,45 @@ +{ stdenv, lib, fetchzip, kernel }: + +/* The python script shouldn't be needed for users of this kernel module. + https://github.com/rr-debugger/rr/blob/master/scripts/zen_workaround.py + The module itself is called "zen_workaround" (a bit generic unfortunately). +*/ +stdenv.mkDerivation rec { + pname = "rr-zen_workaround"; + version = "2020-09-22"; + + src = fetchzip { + url = "https://gist.github.com/glandium/01d54cefdb70561b5f6675e08f2990f2/archive/2f430f0c136a69b0886281d0c76708997d8878af.zip"; + sha256 = "1mbmbyymgl75wparv3rgnyxnc44rd6n935jziz9anl9apy031ryi"; + }; + + hardeningDisable = [ "pic" ]; + nativeBuildInputs = kernel.moduleBuildDependencies; + + makeFlags = [ + "-C${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + postConfigure = '' + makeFlags="$makeFlags M=$(pwd)" + ''; + buildFlags = "modules"; + + installPhase = let + modDestDir = "$out/lib/modules/${kernel.modDirVersion}/kernel"; #TODO: longer path? + in '' + runHook preInstall + mkdir -p "${modDestDir}" + cp *.ko "${modDestDir}/" + find ${modDestDir} -name '*.ko' -exec xz -f '{}' \; + runHook postInstall + ''; + + meta = with lib; { + description = "Kernel module supporting the rr debugger on (some) AMD Zen-based CPUs"; + homepage = "https://github.com/rr-debugger/rr/wiki/Zen#kernel-module"; + license = licenses.gpl2; + maintainers = [ maintainers.vcunat ]; + platforms = [ "x86_64-linux" ]; + broken = versionOlder kernel.version "4.19"; # 4.14 breaks and 4.19 works + }; +} diff --git a/pkgs/development/tools/analysis/smatch/default.nix b/pkgs/development/tools/analysis/smatch/default.nix new file mode 100644 index 00000000000..82a32504d73 --- /dev/null +++ b/pkgs/development/tools/analysis/smatch/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchgit, sqlite, pkg-config, perl +, buildllvmsparse ? true +, buildc2xml ? true +, llvm, libxml2 +}: + +stdenv.mkDerivation rec { + pname = "smatch"; + version = "20120924"; + + src = fetchgit { + url = "git://repo.or.cz/${pname}.git"; + rev = "23656e3e578b700cbf96d043f039e6341a3ba5b9"; + sha256 = "0r43qi6vryqg450fj73yjwbb7gzcgx64rhrhb3r1m6a252srijiy"; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ sqlite perl ] + ++ lib.optional buildllvmsparse llvm + ++ lib.optional buildc2xml libxml2; + + preBuild = '' + sed -i Makefile \ + -e "s|^PREFIX=.*|PREFIX = $out|g" + ''; + + meta = with lib; { + description = "A semantic analysis tool for C"; + homepage = "http://smatch.sourceforge.net/"; + maintainers = with maintainers; []; + license = licenses.free; /* OSL, see http://www.opensource.org */ + platforms = platforms.linux; + }; +} diff --git a/pkgs/development/tools/analysis/snowman/default.nix b/pkgs/development/tools/analysis/snowman/default.nix new file mode 100644 index 00000000000..870f084580b --- /dev/null +++ b/pkgs/development/tools/analysis/snowman/default.nix @@ -0,0 +1,31 @@ +{ lib, mkDerivation, fetchFromGitHub, cmake, boost, qtbase }: + +mkDerivation rec { + pname = "snowman"; + version = "0.1.3"; + + src = fetchFromGitHub { + owner = "yegord"; + repo = "snowman"; + rev = "v${version}"; + sha256 = "1mrmhj2nddi0d47c266vsg5vbapbqbcpj5ld4v1qcwnnk6z2zn0j"; + }; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ boost qtbase ]; + + postUnpack = '' + export sourceRoot=$sourceRoot/src + ''; + + meta = with lib; { + description = "Native code to C/C++ decompiler"; + homepage = "http://derevenets.com/"; + + # https://github.com/yegord/snowman/blob/master/doc/licenses.asciidoc + license = licenses.gpl3Plus; + maintainers = with maintainers; [ dtzWill ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/development/tools/analysis/sparse/default.nix b/pkgs/development/tools/analysis/sparse/default.nix new file mode 100644 index 00000000000..780ae828e28 --- /dev/null +++ b/pkgs/development/tools/analysis/sparse/default.nix @@ -0,0 +1,36 @@ +{ callPackage, fetchurl, lib, stdenv, gtk3, pkg-config, libxml2, llvm, perl, sqlite }: + +let + GCC_BASE = "${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.uname.processor}-unknown-linux-gnu/${stdenv.cc.cc.version}"; +in stdenv.mkDerivation rec { + pname = "sparse"; + version = "0.6.4"; + + src = fetchurl { + url = "mirror://kernel/software/devel/sparse/dist/${pname}-${version}.tar.xz"; + sha256 = "sha256-arKLSZG8au29c1UCkTYKpqs99B9ZIGqb3paQIIpuOHw="; + }; + + preConfigure = '' + sed -i 's|"/usr/include"|"${stdenv.cc.libc.dev}/include"|' pre-process.c + sed -i 's|qx(\$ccom -print-file-name=)|"${GCC_BASE}"|' cgcc + makeFlags+=" PREFIX=$out" + ''; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ gtk3 libxml2 llvm perl sqlite ]; + doCheck = true; + buildFlags = "GCC_BASE:=${GCC_BASE}"; + + passthru.tests = { + simple-execution = callPackage ./tests.nix { }; + }; + + meta = with lib; { + description = "Semantic parser for C"; + homepage = "https://git.kernel.org/cgit/devel/sparse/sparse.git/"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ thoughtpolice jkarlson ]; + }; +} diff --git a/pkgs/development/tools/analysis/sparse/tests.nix b/pkgs/development/tools/analysis/sparse/tests.nix new file mode 100644 index 00000000000..5eba254e537 --- /dev/null +++ b/pkgs/development/tools/analysis/sparse/tests.nix @@ -0,0 +1,24 @@ +{ runCommand, gcc, sparse, writeText }: +let + src = writeText "CODE.c" '' + #include <stdio.h> + #include <stddef.h> + #include <stdlib.h> + + int main(int argc, char *argv[]) { + return EXIT_SUCCESS; + } + ''; +in + runCommand "${sparse.pname}-tests" { buildInputs = [ gcc sparse ]; meta.timeout = 3; } +'' + set -eu + ${sparse}/bin/cgcc ${src} > output 2>&1 || ret=$? + if [[ -z $(<output) ]]; then + mv output $out + else + echo "Test build returned $ret" + cat output + exit 1 + fi +'' diff --git a/pkgs/development/tools/analysis/spin/default.nix b/pkgs/development/tools/analysis/spin/default.nix new file mode 100644 index 00000000000..62026d52781 --- /dev/null +++ b/pkgs/development/tools/analysis/spin/default.nix @@ -0,0 +1,42 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, bison, gcc, tk, swarm, graphviz }: + +let + binPath = lib.makeBinPath [ gcc graphviz tk swarm ]; +in + +stdenv.mkDerivation rec { + pname = "spin"; + version = "6.5.2"; + + src = fetchFromGitHub { + owner = "nimble-code"; + repo = "Spin"; + rev = "version-${version}"; + sha256 = "sha256-drvQXfDZCZRycBZt/VNngy8zs4XVJg+d1b4dQXVcyFU="; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ bison ]; + + sourceRoot = "source/Src"; + + preBuild = '' + mkdir -p $out/bin + mkdir -p $out/share/man/man1 + ''; + + enableParallelBuilding = true; + makeFlags = [ "DESTDIR=$(out)" ]; + + postInstall = '' + wrapProgram $out/bin/spin --prefix PATH : ${binPath} + ''; + + meta = with lib; { + description = "Formal verification tool for distributed software systems"; + homepage = "https://spinroot.com/"; + license = licenses.bsd3; + platforms = platforms.unix; + maintainers = with maintainers; [ pSub siraben ]; + }; +} diff --git a/pkgs/development/tools/analysis/splint/darwin.patch b/pkgs/development/tools/analysis/splint/darwin.patch new file mode 100644 index 00000000000..8c435707571 --- /dev/null +++ b/pkgs/development/tools/analysis/splint/darwin.patch @@ -0,0 +1,13 @@ +diff --git a/src/osd.c b/src/osd.c +index ebe214a..4ba81d5 100644 +--- a/src/osd.c ++++ b/src/osd.c +@@ -516,7 +516,7 @@ osd_getPid () + # if defined (WIN32) || defined (OS2) && defined (__IBMC__) + int pid = _getpid (); + # else +- __pid_t pid = getpid (); ++ pid_t pid = getpid (); + # endif + + return (int) pid; diff --git a/pkgs/development/tools/analysis/splint/default.nix b/pkgs/development/tools/analysis/splint/default.nix new file mode 100644 index 00000000000..954342550ea --- /dev/null +++ b/pkgs/development/tools/analysis/splint/default.nix @@ -0,0 +1,33 @@ +{ fetchurl, lib, stdenv, flex }: + +stdenv.mkDerivation rec { + pname = "splint"; + version = "3.1.2"; + + src = fetchurl { + url = "https://www.splint.org/downloads/${pname}-${version}.src.tgz"; + sha256 = "02pv8kscsrkrzip9r08pfs9xs98q74c52mlxzbii6cv6vx1vd3f7"; + }; + + patches = [ ./tmpdir.patch ] ++ lib.optional stdenv.isDarwin ./darwin.patch; + + buildInputs = [ flex ]; + + doCheck = true; + + meta = with lib; { + homepage = "http://www.splint.org/"; + description = "Annotation-assisted lightweight static analyzer for C"; + + longDescription = '' + Splint is a tool for statically checking C programs for security + vulnerabilities and coding mistakes. With minimal effort, Splint + can be used as a better lint. If additional effort is invested + adding annotations to programs, Splint can perform stronger + checking than can be done by any standard lint. + ''; + + license = licenses.gpl2Plus; + platforms = platforms.unix; + }; +} diff --git a/pkgs/development/tools/analysis/splint/tmpdir.patch b/pkgs/development/tools/analysis/splint/tmpdir.patch new file mode 100644 index 00000000000..01402ce943b --- /dev/null +++ b/pkgs/development/tools/analysis/splint/tmpdir.patch @@ -0,0 +1,16 @@ +Have Splint honor $TMPDIR. + +--- splint-3.1.2/src/context.c 2004-07-31 21:04:26.000000000 +0200 ++++ splint-3.1.2/src/context.c 2008-07-11 10:55:16.000000000 +0200 +@@ -801,7 +801,10 @@ context_resetAllFlags (void) + val = cstring_makeLiteral (env != NULL ? env : DEFAULT_TMPDIR); + } + # else +- val = cstring_makeLiteral (DEFAULT_TMPDIR); ++ { ++ char *env = getenv ("TMPDIR"); ++ val = cstring_makeLiteral (env != NULL ? env : DEFAULT_TMPDIR); ++ } + # endif /* !defined(OS2) && !defined(MSDOS) */ + + break; diff --git a/pkgs/development/tools/analysis/svlint/default.nix b/pkgs/development/tools/analysis/svlint/default.nix new file mode 100644 index 00000000000..ef4e31e9481 --- /dev/null +++ b/pkgs/development/tools/analysis/svlint/default.nix @@ -0,0 +1,25 @@ +{ lib +, rustPlatform +, fetchFromGitHub +}: + +rustPlatform.buildRustPackage rec { + pname = "svlint"; + version = "0.5.1"; + + src = fetchFromGitHub { + owner = "dalance"; + repo = "svlint"; + rev = "v${version}"; + sha256 = "sha256-BgkzbKRcZkot3qkwPqSE9QkH3A3HNDuLjpFzKsU+Wb0="; + }; + + cargoSha256 = "sha256-HeFh8H7IN3m4HiEH1QbCBROslzVCzYxGIaeyM4K7gcs="; + + meta = with lib; { + description = "SystemVerilog linter"; + homepage = "https://github.com/dalance/svlint"; + license = licenses.mit; + maintainers = with maintainers; [ trepetti ]; + }; +} diff --git a/pkgs/development/tools/analysis/swarm/default.nix b/pkgs/development/tools/analysis/swarm/default.nix new file mode 100644 index 00000000000..cc67ce8123c --- /dev/null +++ b/pkgs/development/tools/analysis/swarm/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "swarm"; + version = "unstable-2019-03-11"; + + src = fetchFromGitHub { + owner = "nimble-code"; + repo = "swarm"; + rev = "4b36ed83c8fbb074f2dc5777fe1c0ab4d73cc7d9"; + sha256 = "18zwlwsiiksivjpg6agmbmg0zsw2fl9475ss66b6pgcsya2q4afs"; + }; + + installPhase = '' + install -Dm755 Src/swarm $out/bin/swarm + install -Dm644 Doc/swarm.1 $out/share/man/man1/swarm.1 + ''; + + meta = with lib; { + description = "Verification script generator for Spin"; + homepage = "http://spinroot.com/"; + license = licenses.free; + platforms = platforms.unix; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/pkgs/development/tools/analysis/tartan/default.nix b/pkgs/development/tools/analysis/tartan/default.nix new file mode 100644 index 00000000000..0ac4bf32528 --- /dev/null +++ b/pkgs/development/tools/analysis/tartan/default.nix @@ -0,0 +1,52 @@ +{ stdenv +, lib +, fetchFromGitLab +, meson +, ninja +, pkg-config +, llvmPackages +, gobject-introspection +, glib +, unstableGitUpdater +}: + +stdenv.mkDerivation rec { + pname = "tartan"; + version = "unstable-2021-12-23"; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "tartan"; + repo = "tartan"; + rev = "bd4ea95d8b3ce1258491e9fac7fcc37d2b241a16"; + sha256 = "l3duPt8Kh/JljzOV+Dm26XbS7gZ+mmFfYUYofWSJRyo="; + }; + + nativeBuildInputs = [ + meson + ninja + pkg-config + ]; + + buildInputs = [ + gobject-introspection + glib + llvmPackages.libclang + llvmPackages.libllvm + ]; + + passthru = { + updateScript = unstableGitUpdater { + # The updater tries src.url by default, which does not exist for fetchFromGitLab (fetchurl). + url = "https://gitlab.freedesktop.org/tartan/tartan.git"; + }; + }; + + meta = with lib; { + description = "Tools and Clang plugins for developing code with GLib"; + homepage = "https://freedesktop.org/wiki/Software/tartan"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ jtojnar ]; + }; +} diff --git a/pkgs/development/tools/analysis/tflint/default.nix b/pkgs/development/tools/analysis/tflint/default.nix new file mode 100644 index 00000000000..869d7e464a5 --- /dev/null +++ b/pkgs/development/tools/analysis/tflint/default.nix @@ -0,0 +1,27 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "tflint"; + version = "0.34.1"; + + src = fetchFromGitHub { + owner = "terraform-linters"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-ltxFduUr+poi4tEjViQXCbe+j3fUdvBG8CTaM7VdpK0="; + }; + + vendorSha256 = "sha256-xEmDOP2DbTZ8bpK4OCabIpOwORB8EOJZkHCxL5wBeEU="; + + doCheck = false; + + subPackages = [ "." ]; + + meta = with lib; { + description = "Terraform linter focused on possible errors, best practices, and so on"; + homepage = "https://github.com/terraform-linters/tflint"; + changelog = "https://github.com/terraform-linters/tflint/raw/v${version}/CHANGELOG.md"; + license = licenses.mpl20; + maintainers = [ maintainers.marsam ]; + }; +} diff --git a/pkgs/development/tools/analysis/tfsec/default.nix b/pkgs/development/tools/analysis/tfsec/default.nix new file mode 100644 index 00000000000..87e7676da89 --- /dev/null +++ b/pkgs/development/tools/analysis/tfsec/default.nix @@ -0,0 +1,31 @@ +{ lib +, buildGoPackage +, fetchFromGitHub +}: + +buildGoPackage rec { + pname = "tfsec"; + version = "1.2.1"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-KIS2o2pLus5aohRYsabWRxZs4KfYM6PXSNp0JZhhlZk="; + }; + + goPackagePath = "github.com/aquasecurity/tfsec"; + + ldflags = [ + "-w" + "-s" + "-X ${goPackagePath}/version.Version=${version}" + ]; + + meta = with lib; { + description = "Static analysis powered security scanner for terraform code"; + homepage = "https://github.com/aquasecurity/tfsec"; + license = licenses.mit; + maintainers = with maintainers; [ fab marsam ]; + }; +} diff --git a/pkgs/development/tools/analysis/uefi-firmware-parser/default.nix b/pkgs/development/tools/analysis/uefi-firmware-parser/default.nix new file mode 100644 index 00000000000..b879a6ef237 --- /dev/null +++ b/pkgs/development/tools/analysis/uefi-firmware-parser/default.nix @@ -0,0 +1,30 @@ +{ lib, python3, fetchFromGitHub }: + +with python3.pkgs; + +buildPythonApplication rec { + pname = "uefi-firmware-parser"; + version = "1.8"; + + # Version 1.8 is not published on pypi + src = fetchFromGitHub { + owner = "theopolis"; + repo = "uefi-firmware-parser"; + rev = "v${version}"; + sha256 = "1yn9vi91j1yxkn0icdnjhgl0qrqqkzyhccj39af4f19q1gdw995l"; + }; + + meta = with lib; { + homepage = "https://github.com/theopolis/uefi-firmware-parser/"; + description = "Parse BIOS/Intel ME/UEFI firmware related structures: Volumes, FileSystems, Files, etc"; + # MIT + license headers in some files + license = with licenses; [ + mit + zlib # uefi_firmware/me.py + bsd2 # uefi_firmware/compression/Tiano/**/* + publicDomain # uefi_firmware/compression/LZMA/SDK/C/* + ]; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = [ maintainers.samueldr ]; + }; +} diff --git a/pkgs/development/tools/analysis/valgrind/default.nix b/pkgs/development/tools/analysis/valgrind/default.nix new file mode 100644 index 00000000000..6e736df235f --- /dev/null +++ b/pkgs/development/tools/analysis/valgrind/default.nix @@ -0,0 +1,104 @@ +{ lib, stdenv, fetchurl, fetchpatch +, autoreconfHook, perl +, gdb, cctools, xnu, bootstrap_cmds +}: + +stdenv.mkDerivation rec { + pname = "valgrind"; + version = "3.18.1"; + + src = fetchurl { + url = "https://sourceware.org/pub/${pname}/${pname}-${version}.tar.bz2"; + sha256 = "sha256-AIWaoTp3Lt33giIl9LRu4NOa++Bx0yd42k2ZmECB9/U="; + }; + + patches = [ + # Fix tests on Musl. + # https://bugs.kde.org/show_bug.cgi?id=445300 + (fetchpatch { + url = "https://bugsfiles.kde.org/attachment.cgi?id=143535"; + sha256 = "036zyk30rixjvpylw3c7n171n4gpn6zcp7h6ya2dz4h5r478l9i6"; + }) + ]; + + outputs = [ "out" "dev" "man" "doc" ]; + + hardeningDisable = [ "pie" "stackprotector" ]; + + # GDB is needed to provide a sane default for `--db-command'. + # Perl is needed for `callgrind_{annotate,control}'. + buildInputs = [ gdb perl ] ++ lib.optionals (stdenv.isDarwin) [ bootstrap_cmds xnu ]; + + # Perl is also a native build input. + nativeBuildInputs = [ autoreconfHook perl ]; + + enableParallelBuilding = true; + separateDebugInfo = stdenv.isLinux; + + preConfigure = lib.optionalString stdenv.isDarwin ( + let OSRELEASE = '' + $(awk -F '"' '/#define OSRELEASE/{ print $2 }' \ + <${xnu}/Library/Frameworks/Kernel.framework/Headers/libkern/version.h)''; + in '' + echo "Don't derive our xnu version using uname -r." + substituteInPlace configure --replace "uname -r" "echo ${OSRELEASE}" + + # Apple's GCC doesn't recognize `-arch' (as of version 4.2.1, build 5666). + echo "getting rid of the \`-arch' GCC option..." + find -name Makefile\* -exec \ + sed -i {} -e's/DARWIN\(.*\)-arch [^ ]\+/DARWIN\1/g' \; + + sed -i coregrind/link_tool_exe_darwin.in \ + -e 's/^my \$archstr = .*/my $archstr = "x86_64";/g' + + substituteInPlace coregrind/m_debuginfo/readmacho.c \ + --replace /usr/bin/dsymutil ${stdenv.cc.bintools.bintools}/bin/dsymutil + + echo "substitute hardcoded /usr/bin/ld with ${cctools}/bin/ld" + substituteInPlace coregrind/link_tool_exe_darwin.in \ + --replace /usr/bin/ld ${cctools}/bin/ld + ''); + + # To prevent rebuild on linux when moving darwin's postPatch fixes to preConfigure + postPatch = ""; + + configureFlags = + lib.optional (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "x86_64-darwin") "--enable-only64bit" + ++ lib.optional stdenv.hostPlatform.isDarwin "--with-xcodedir=${xnu}/include"; + + doCheck = true; + + postInstall = '' + for i in $out/libexec/valgrind/*.supp; do + substituteInPlace $i \ + --replace 'obj:/lib' 'obj:*/lib' \ + --replace 'obj:/usr/X11R6/lib' 'obj:*/lib' \ + --replace 'obj:/usr/lib' 'obj:*/lib' + done + ''; + + meta = { + homepage = "http://www.valgrind.org/"; + description = "Debugging and profiling tool suite"; + + longDescription = '' + Valgrind is an award-winning instrumentation framework for + building dynamic analysis tools. There are Valgrind tools that + can automatically detect many memory management and threading + bugs, and profile your programs in detail. You can also use + Valgrind to build new tools. + ''; + + license = lib.licenses.gpl2Plus; + + maintainers = [ lib.maintainers.eelco ]; + platforms = lib.platforms.unix; + badPlatforms = [ + "armv5tel-linux" "armv6l-linux" "armv6m-linux" + "sparc-linux" "sparc64-linux" + "riscv32-linux" "riscv64-linux" + "alpha-linux" + ]; + broken = stdenv.isDarwin || stdenv.hostPlatform.isStatic; # https://hydra.nixos.org/build/128521440/nixlog/2 + }; +} diff --git a/pkgs/development/tools/analysis/valkyrie/default.nix b/pkgs/development/tools/analysis/valkyrie/default.nix new file mode 100644 index 00000000000..fd24362bab1 --- /dev/null +++ b/pkgs/development/tools/analysis/valkyrie/default.nix @@ -0,0 +1,31 @@ +{ lib, stdenv, fetchurl, qt4, qmake4Hook }: + +stdenv.mkDerivation rec { + pname = "valkyrie"; + version = "2.0.0"; + + src = fetchurl { + url = "https://valgrind.org/downloads/${pname}-${version}.tar.bz2"; + sha256 = "0hwvsncf62mdkahwj9c8hpmm94c1wr5jn89370k6rj894kxry2x7"; + }; + + patchPhase = '' + sed -i '1s;^;#include <unistd.h>\n;' src/objects/tool_object.cpp + sed -i '1s;^;#include <unistd.h>\n;' src/utils/vk_config.cpp + sed -i '1s;^;#include <sys/types.h>\n;' src/utils/vk_config.cpp + sed -i '1s;^;#include <unistd.h>\n;' src/utils/vk_utils.cpp + sed -i '1s;^;#include <sys/types.h>\n;' src/utils/vk_utils.cpp + ''; + + buildInputs = [ qt4 ]; + + nativeBuildInputs = [ qmake4Hook ]; + + meta = with lib; { + homepage = "http://www.valgrind.org/"; + description = "Qt4-based GUI for the Valgrind 3.6.x series"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ pSub ]; + }; +} diff --git a/pkgs/development/tools/analysis/yallback/default.nix b/pkgs/development/tools/analysis/yallback/default.nix new file mode 100644 index 00000000000..4e62ff5b9ed --- /dev/null +++ b/pkgs/development/tools/analysis/yallback/default.nix @@ -0,0 +1,34 @@ +{ lib +, stdenv +, fetchFromGitHub +, makeWrapper +, coreutils +, bashInteractive +}: + +stdenv.mkDerivation rec { + version = "0.2.0"; + pname = "yallback"; + src = fetchFromGitHub { + owner = "abathur"; + repo = "yallback"; + rev = "v${version}"; + hash = "sha256-t+fdnDJMFiFqN23dSY3TnsZsIDcravtwdNKJ5MiZosE="; + }; + + buildInputs = [ coreutils bashInteractive ]; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + install -Dv yallback $out/bin/yallback + wrapProgram $out/bin/yallback --prefix PATH : ${lib.makeBinPath [ coreutils ]} + ''; + + meta = with lib; { + description = "Callbacks for YARA rule matches"; + homepage = "https://github.com/abathur/yallback"; + license = licenses.mit; + maintainers = with maintainers; [ abathur ]; + platforms = platforms.all; + }; +} |