pyrox.dev
1{ lib
2, buildPythonPackage
3, fetchFromGitHub
4, gibberish-detector
5, isPy27
6, mock
7, pyahocorasick
8, pytestCheckHook
9, pyyaml
10, requests
11, responses
12, unidiff
13}:
14
15buildPythonPackage rec {
16 pname = "detect-secrets";
17 version = "1.1.0";
18 disabled = isPy27;
19
20 src = fetchFromGitHub {
21 owner = "Yelp";
22 repo = pname;
23 rev = "v${version}";
24 sha256 = "sha256-dj0lqm9s8OKhM4OmNrmGVRc32/ZV0I9+5WcW2hvLwu0=";
25 };
26
27 propagatedBuildInputs = [
28 gibberish-detector
29 pyyaml
30 pyahocorasick
31 requests
32 ];
33
34 checkInputs = [
35 mock
36 pytestCheckHook
37 responses
38 unidiff
39 ];
40
41 preCheck = ''
42 export HOME=$(mktemp -d);
43 '';
44
45 disabledTests = [
46 # Tests are failing for various reasons. Needs to be adjusted with the next update
47 "test_baseline_filters_out_known_secrets"
48 "test_basic"
49 "test_does_not_modify_slim_baseline"
50 "test_handles_each_path_separately"
51 "test_handles_multiple_directories"
52 "test_load_and_output"
53 "test_make_decisions"
54 "test_modifies_baseline"
55 "test_no_files_in_git_repo"
56 "test_outputs_baseline_if_none_supplied"
57 "test_saves_to_baseline"
58 "test_scan_all_files"
59 "test_should_scan_all_files_in_directory_if_flag_is_provided"
60 "test_should_scan_specific_non_tracked_file"
61 "test_should_scan_tracked_files_in_directory"
62 "test_start_halfway"
63 "test_works_from_different_directory"
64 "TestModifiesBaselineFromVersionChange"
65 ];
66
67 pythonImportsCheck = [ "detect_secrets" ];
68
69 meta = with lib; {
70 description = "An enterprise friendly way of detecting and preventing secrets in code";
71 homepage = "https://github.com/Yelp/detect-secrets";
72 license = licenses.asl20;
73 maintainers = with maintainers; [ marsam ];
74 };
75}