tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{
2 lib,
3 beautifulsoup4,
4 buildPythonPackage,
5 crossplane,
6 fetchFromGitHub,
7 jellyfish,
8 jproperties,
9 jsonschema-specifications,
10 jsonschema,
11 luhn,
12 lxml,
13 pytest-mock,
14 pytestCheckHook,
15 pyyaml,
16 semgrep,
17 setuptools,
18 six,
19 soupsieve,
20 wrapt,
21}:
22
23buildPythonPackage rec {
24 pname = "whispers";
25 version = "2.4.0";
26 pyproject = true;
27
28 src = fetchFromGitHub {
29 owner = "adeptex";
30 repo = "whispers";
31 tag = version;
32 hash = "sha256-hmFz6RI52CylsBIqO14hFX+2bvrPjpUBnfoDyVh9TbU=";
33 };
34
35 postPatch = ''
36 substituteInPlace setup.py \
37 --replace-fail '"pytest-runner"' ""
38 '';
39
40 pythonRelaxDeps = true;
41
42 build-system = [ setuptools ];
43
44 dependencies = [
45 beautifulsoup4
46 crossplane
47 jellyfish
48 jproperties
49 jsonschema
50 jsonschema-specifications
51 luhn
52 lxml
53 pyyaml
54 semgrep
55 six
56 soupsieve
57 wrapt
58 ];
59
60 nativeCheckInputs = [
61 pytest-mock
62 pytestCheckHook
63 ];
64
65 disabledTestPaths = [
66 # Pinning tests highly sensitive to semgrep version
67 "tests/unit/plugins/test_semgrep.py"
68 ];
69
70 preCheck = ''
71 # Pinning test highly sensitive to semgrep version
72 substituteInPlace tests/unit/test_main.py \
73 --replace-fail '("--ast", 434),' ""
74
75 # Some tests need the binary available in PATH
76 export PATH=$out/bin:$PATH
77 '';
78
79 pythonImportsCheck = [ "whispers" ];
80
81 meta = {
82 description = "Tool to identify hardcoded secrets in static structured text";
83 homepage = "https://github.com/adeptex/whispers";
84 changelog = "https://github.com/adeptex/whispers/releases/tag/${src.tag}";
85 license = lib.licenses.asl20;
86 maintainers = with lib.maintainers; [ fab ];
87 mainProgram = "whispers";
88 };
89}