summary refs log tree commit diff
path: root/pkgs/development/tools/pip-audit/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/tools/pip-audit/default.nix')
-rw-r--r--pkgs/development/tools/pip-audit/default.nix87
1 files changed, 87 insertions, 0 deletions
diff --git a/pkgs/development/tools/pip-audit/default.nix b/pkgs/development/tools/pip-audit/default.nix
new file mode 100644
index 00000000000..942d87c32e2
--- /dev/null
+++ b/pkgs/development/tools/pip-audit/default.nix
@@ -0,0 +1,87 @@
+{ lib
+, fetchFromGitHub
+, fetchpatch
+, python3
+}:
+
+let
+  py = python3.override {
+    packageOverrides = self: super: {
+
+      # ansible doesn't support resolvelib > 0.6.0 and can't have an override
+      resolvelib = super.resolvelib.overridePythonAttrs (oldAttrs: rec {
+        version = "0.8.1";
+        src = fetchFromGitHub {
+          owner = "sarugaku";
+          repo = "resolvelib";
+          rev = version;
+          sha256 = "1qpd0gg9yl0kbamlgjs9pkxd39kx511kbc92civ77v0ka5sw8ca0";
+        };
+      });
+    };
+  };
+in
+with py.pkgs;
+
+buildPythonApplication rec {
+  pname = "pip-audit";
+  version = "2.3.1";
+  format = "pyproject";
+
+  src = fetchFromGitHub {
+    owner = "trailofbits";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-W7g2ZV1Xf1s5sGRJiZdQcreBD6zp1/VRQPGs+VIOJE0=";
+  };
+
+  nativeBuildInputs = [
+    flit-core
+  ];
+
+  propagatedBuildInputs = [
+    cachecontrol
+    cyclonedx-python-lib
+    html5lib
+    packaging
+    pip-api
+    progress
+    resolvelib
+  ];
+
+  checkInputs = [
+    pretend
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "pip_audit"
+  ];
+
+  preCheck = ''
+    export HOME=$(mktemp -d);
+  '';
+
+  disabledTestPaths = [
+    # Tests require network access
+    "test/dependency_source/test_requirement.py"
+    "test/dependency_source/test_resolvelib.py"
+    "test/service/test_pypi.py"
+    "test/service/test_osv.py"
+  ];
+
+  disabledTests = [
+    # Tests requrire network access
+    "test_get_pip_cache"
+    "test_virtual_env"
+    "test_pyproject_source"
+    "test_pyproject_source_duplicate_deps"
+  ];
+
+  meta = with lib; {
+    description = "Tool for scanning Python environments for known vulnerabilities";
+    homepage = "https://github.com/trailofbits/pip-audit";
+    license = with licenses; [ asl20 ];
+    maintainers = with maintainers; [ fab ];
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-06 14:34:38 +0000