pkgs/tools/security/log4j-scan/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

nixpkgs / pkgs / tools / security / log4j-scan / default.nix

at netboot-syslinux-multiplatform 44 lines 986 B view raw

 1{ lib
 2, fetchFromGitHub
 3, python3
 4}:
 5
 6python3.pkgs.buildPythonApplication rec {
 7  pname = "log4j-scan";
 8  version = "unstable-2021-12-18";
 9  format = "other";
10
11  src = fetchFromGitHub {
12    owner = "fullhunt";
13    repo = pname;
14    rev = "070fbd00f0945645bd5e0daa199a554ef3884b95";
15    sha256 = "sha256-ORSc4KHyAMjuA7QHReDh6SYY5yZRunBBN1+lkCayqL4=";
16  };
17
18  propagatedBuildInputs = with python3.pkgs; [
19    pycryptodome
20    requests
21    termcolor
22  ];
23
24  postPatch = ''
25    substituteInPlace log4j-scan.py \
26      --replace "headers.txt" "../share/headers.txt"
27  '';
28
29  installPhase = ''
30    runHook preInstall
31
32    install -vD ${pname}.py $out/bin/${pname}
33    install -vD headers.txt headers-large.txt -t $out/share
34
35    runHook postInstall
36  '';
37
38  meta = with lib; {
39    description = "Scanner for finding hosts which are vulnerable for log4j";
40    homepage = "https://github.com/fullhunt/log4j-scan";
41    license = licenses.mit;
42    maintainers = with maintainers; [ fab ];
43  };
44}