From b5fd71fbcefb10ae26aa1f2f9b3a1dc844f80500 Mon Sep 17 00:00:00 2001 From: Le Anh Duc Date: Wed, 16 Dec 2020 22:38:45 +0900 Subject: [PATCH 1/4] maintainers: add anhdle14 --- maintainers/maintainer-list.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 48a69b1bd23..0ccba14ef4a 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -586,6 +586,16 @@ githubId = 11699655; name = "Stanislas Lange"; }; + anhdle14 = { + name = "Le Anh Duc"; + email = "anhdle14@icloud.com"; + github = "anhdle14"; + githubId = 9645992; + keys = [{ + longkeyid = "rsa4096/0x0299AFF9ECBB5169"; + fingerprint = "AA4B 8EC3 F971 D350 482E 4E20 0299 AFF9 ECBB 5169"; + }]; + }; ankhers = { email = "me@ankhers.dev"; github = "ankhers"; From 90b522e0c693484fcdfb875cfe3518bfdc121ce9 Mon Sep 17 00:00:00 2001 From: Le Anh Duc Date: Wed, 23 Dec 2020 14:10:07 +0900 Subject: [PATCH 2/4] bc-python-hcl2: init at 0.3.11 Co-authored-by: Guillaume Girol --- .../python-modules/bc-python-hcl2/default.nix | 49 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 1 + 2 files changed, 50 insertions(+) create mode 100644 pkgs/development/python-modules/bc-python-hcl2/default.nix diff --git a/pkgs/development/python-modules/bc-python-hcl2/default.nix b/pkgs/development/python-modules/bc-python-hcl2/default.nix new file mode 100644 index 00000000000..34eab21bf5d --- /dev/null +++ b/pkgs/development/python-modules/bc-python-hcl2/default.nix @@ -0,0 +1,49 @@ +{ lib, buildPythonPackage, fetchPypi, nose }: + +let + lark-parser = buildPythonPackage rec { + pname = "lark-parser"; + version = "0.7.8"; + + src = fetchPypi { + inherit pname version; + sha256 = "JiFeuxV+b7LudDGapERbnzt+RW4mviFc4Z/aqpAcIKQ="; + }; + + doCheck = true; + }; +in +buildPythonPackage rec { + pname = "bc-python-hcl2"; + version = "0.3.11"; + + src = fetchPypi { + inherit pname version; + sha256 = "VZhI1oJ2EDZGyz3iI6/KYvJq4BGafzR+rcSgHqlUDrA="; + }; + + # Nose is required during build process, so can not use `checkInputs`. + buildInputs = [ + nose + ]; + + propagatedBuildInputs = [ + lark-parser + ]; + + pythonImportsCheck = [ "hcl2" ]; + + meta = with lib; { + description = "A parser for HCL2 written in Python using Lark"; + longDescription = '' + A parser for HCL2 written in Python using Lark. + This parser only supports HCL2 and isn't backwards compatible with HCL v1. + It can be used to parse any HCL2 config file such as Terraform. + ''; + # Although this is the main homepage from PyPi but it is also a homepage + # of another PyPi package (python-hcl2). But these two are different. + homepage = "https://github.com/amplify-education/python-hcl2"; + license = licenses.mit; + maintainers = [ maintainers.anhdle14 ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index eeed74d4cad..d3bcbecc2e0 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -807,6 +807,7 @@ in { bayespy = callPackage ../development/python-modules/bayespy { }; + bc-python-hcl2 = callPackage ../development/python-modules/bc-python-hcl2 { }; bcdoc = callPackage ../development/python-modules/bcdoc { }; bcrypt = if pythonOlder "3.6" then From 7dc9da6eede8ce11f02c333cc847689a86edcf8e Mon Sep 17 00:00:00 2001 From: Le Anh Duc Date: Wed, 23 Dec 2020 14:10:27 +0900 Subject: [PATCH 3/4] deep_merge: init at 0.0.4 Co-authored-by: Guillaume Girol --- .../python-modules/deep_merge/default.nix | 24 +++++++++++++++++++ pkgs/top-level/python-packages.nix | 3 +++ 2 files changed, 27 insertions(+) create mode 100644 pkgs/development/python-modules/deep_merge/default.nix diff --git a/pkgs/development/python-modules/deep_merge/default.nix b/pkgs/development/python-modules/deep_merge/default.nix new file mode 100644 index 00000000000..533bc6aa347 --- /dev/null +++ b/pkgs/development/python-modules/deep_merge/default.nix @@ -0,0 +1,24 @@ +{ lib, buildPythonPackage, fetchPypi, pytestCheckHook, nose }: + +buildPythonPackage rec { + pname = "deep_merge"; + version = "0.0.4"; + + src = fetchPypi { + inherit pname version; + sha256 = "tUQV+Qk0xC4zQRTihky01OczWzStOW41rYYQyWBlpH4="; + }; + + checkInputs = [ + nose + ]; + + doCheck = false; + + meta = with lib; { + description = "This library contains a simple utility for deep-merging dictionaries and the data structures they contain"; + homepage = "https://github.com/halfak/deep_merge"; + license = licenses.mit; + maintainers = [ maintainers.anhdle14 ]; + }; +} diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index d3bcbecc2e0..149aa3cdffc 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -808,6 +808,7 @@ in { bayespy = callPackage ../development/python-modules/bayespy { }; bc-python-hcl2 = callPackage ../development/python-modules/bc-python-hcl2 { }; + bcdoc = callPackage ../development/python-modules/bcdoc { }; bcrypt = if pythonOlder "3.6" then @@ -1545,6 +1546,8 @@ in { decorator = callPackage ../development/python-modules/decorator { }; + deep_merge = callPackage ../development/python-modules/deep_merge { }; + deepdiff = callPackage ../development/python-modules/deepdiff { }; deepmerge = callPackage ../development/python-modules/deepmerge { }; From a0a4feb0de05a4eef44f7e99c92672994289bff9 Mon Sep 17 00:00:00 2001 From: Le Anh Duc Date: Wed, 16 Dec 2020 22:39:57 +0900 Subject: [PATCH 4/4] checkov: init at 1.0.674 --- .../tools/analysis/checkov/default.nix | 77 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 2 files changed, 79 insertions(+) create mode 100644 pkgs/development/tools/analysis/checkov/default.nix diff --git a/pkgs/development/tools/analysis/checkov/default.nix b/pkgs/development/tools/analysis/checkov/default.nix new file mode 100644 index 00000000000..6277b1d4239 --- /dev/null +++ b/pkgs/development/tools/analysis/checkov/default.nix @@ -0,0 +1,77 @@ +{ stdenv, pkgs, lib, python3, fetchFromGitHub }: + +let + pname = "checkov"; + version = "1.0.674"; + src = fetchFromGitHub { + owner = "bridgecrewio"; + repo = pname; + rev = version; + sha256 = "/S8ic5ZVxA2vd/rjRPX5gslbmnULL7BSx34vgWIsheQ="; + }; + + disabled = pkgs.python3Packages.pythonOlder "3.7"; + + # CheckOV only work with `dpath 1.5.0` + dpath = pkgs.python3Packages.buildPythonPackage rec { + pname = "dpath"; + version = "1.5.0"; + + src = pkgs.python3Packages.fetchPypi { + inherit pname version; + sha256 = "SWYVtOqEI20Y4NKGEi3nSGmmDg+H4sfsZ4f/KGxINhs="; + }; + + doCheck = false; + }; +in +python3.pkgs.buildPythonPackage rec { + inherit pname version disabled src; + + nativeBuildInputs = with python3.pkgs; [ setuptools_scm ]; + + propagatedBuildInputs = with python3.pkgs; [ + pytest + coverage + bandit + bc-python-hcl2 + deep_merge + tabulate + colorama + termcolor + junit-xml + dpath + pyyaml + boto3 + GitPython + six + jmespath + tqdm + update_checker + semantic-version + packaging + ]; + + # Both of these tests are pulling from external srouces (https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml) + preCheck = '' + rm -rf integration_tests/* + rm -rf tests/terraform/* + ''; + + # Wrap the executable so that the python packages are available + # it's just a shebang script which calls `python -m checkov "$@"` + postFixup = '' + wrapProgram $out/bin/checkov \ + --set PYTHONPATH $PYTHONPATH + ''; + + meta = with lib; { + homepage = "https://github.com/bridgecrewio/checkov"; + description = "Static code analysis tool for infrastructure-as-code"; + longDescription = '' + Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ anhdle14 ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bcb3fd6b248..307f8d384cd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -178,6 +178,8 @@ in cereal = callPackage ../development/libraries/cereal { }; + checkov = callPackage ../development/tools/analysis/checkov {}; + chrysalis = callPackage ../applications/misc/chrysalis { }; clj-kondo = callPackage ../development/tools/clj-kondo { };