diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix new file mode 100644 index 00000000000..f805670a5d5 --- /dev/null +++ b/pkgs/tools/security/trufflehog/default.nix @@ -0,0 +1,38 @@ +{ lib, pythonPackages }: + +let + truffleHogRegexes = pythonPackages.buildPythonPackage rec { + pname = "truffleHogRegexes"; + version = "0.0.4"; + src = pythonPackages.fetchPypi { + inherit pname version; + sha256 = "09vrscbb4h4w01gmamlzghxx6cvrqdscylrbdcnbjsd05xl7zh4z"; + }; + }; +in + pythonPackages.buildPythonApplication rec { + pname = "truffleHog"; + version = "2.0.91"; + + src = pythonPackages.fetchPypi { + inherit pname version; + sha256 = "0r4c9ihy6wjh5cwli7lb6cr2yfvxrh7r6cgznql1src5gzlnkymx"; + }; + + # Relax overly restricted version constraint + postPatch = '' + substituteInPlace setup.py --replace "GitPython ==" "GitPython >= " + ''; + + propagatedBuildInputs = [ pythonPackages.GitPython truffleHogRegexes ]; + + # Test cases run git clone and require network access + doCheck = false; + + meta = { + homepage = https://github.com/dxa4481/truffleHog; + description = "Searches through git repositories for high entropy strings and secrets, digging deep into commit history"; + license = with lib.licenses; [ gpl2 ]; + maintainers = with lib.maintainers; [ bhipple ]; + }; + } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 774f2becdd4..90f9edcd9f1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21119,6 +21119,8 @@ with pkgs; tup = callPackage ../development/tools/build-managers/tup { }; + trufflehog = callPackage ../tools/security/trufflehog { }; + tvheadend = callPackage ../servers/tvheadend { }; ums = callPackage ../servers/ums { };