2022-07-18 16:21:45 +00:00
|
|
|
{ lib
|
|
|
|
, fetchFromGitHub
|
|
|
|
, semgrep-core
|
|
|
|
, buildPythonApplication
|
|
|
|
, pythonPackages
|
2022-09-22 12:36:57 +00:00
|
|
|
, pythonRelaxDepsHook
|
2022-07-18 16:21:45 +00:00
|
|
|
|
|
|
|
, pytestCheckHook
|
|
|
|
, git
|
|
|
|
}:
|
|
|
|
|
|
|
|
let
|
2023-07-15 17:15:38 +00:00
|
|
|
common = import ./common.nix { inherit lib; };
|
2022-07-18 16:21:45 +00:00
|
|
|
in
|
|
|
|
buildPythonApplication rec {
|
|
|
|
pname = "semgrep";
|
2023-07-15 17:15:38 +00:00
|
|
|
inherit (common) version;
|
|
|
|
src = fetchFromGitHub {
|
|
|
|
owner = "returntocorp";
|
|
|
|
repo = "semgrep";
|
|
|
|
rev = "v${version}";
|
|
|
|
hash = common.srcHash;
|
|
|
|
};
|
2022-07-18 16:21:45 +00:00
|
|
|
|
2023-07-15 17:15:38 +00:00
|
|
|
# prepare a subset of the submodules as we only need a handful
|
|
|
|
# and there are many many submodules total
|
2023-03-15 16:39:30 +00:00
|
|
|
postPatch = (lib.concatStringsSep "\n" (lib.mapAttrsToList
|
|
|
|
(
|
|
|
|
path: submodule: ''
|
|
|
|
# substitute ${path}
|
|
|
|
# remove git submodule placeholder
|
|
|
|
rm -r ${path}
|
|
|
|
# link submodule
|
|
|
|
ln -s ${submodule}/ ${path}
|
|
|
|
''
|
|
|
|
)
|
2023-07-15 17:15:38 +00:00
|
|
|
passthru.submodulesSubset)) + ''
|
2022-12-17 10:02:37 +00:00
|
|
|
cd cli
|
|
|
|
'';
|
2022-07-18 16:21:45 +00:00
|
|
|
|
2022-09-22 12:36:57 +00:00
|
|
|
nativeBuildInputs = [ pythonRelaxDepsHook ];
|
2022-12-17 10:02:37 +00:00
|
|
|
# tell cli/setup.py to not copy semgrep-core into the result
|
|
|
|
# this means we can share a copy of semgrep-core and avoid an issue where it
|
|
|
|
# copies the binary but doesn't retain the executable bit
|
|
|
|
SEMGREP_SKIP_BIN = true;
|
|
|
|
|
2022-09-22 12:36:57 +00:00
|
|
|
pythonRelaxDeps = [
|
|
|
|
"boltons"
|
2023-03-24 00:07:29 +00:00
|
|
|
"glom"
|
2022-09-22 12:36:57 +00:00
|
|
|
];
|
2022-07-18 16:21:45 +00:00
|
|
|
|
2022-12-17 10:02:37 +00:00
|
|
|
propagatedBuildInputs = with pythonPackages; [
|
|
|
|
attrs
|
|
|
|
boltons
|
|
|
|
colorama
|
|
|
|
click
|
|
|
|
click-option-group
|
|
|
|
glom
|
|
|
|
requests
|
2023-03-15 16:39:30 +00:00
|
|
|
rich
|
2022-12-17 10:02:37 +00:00
|
|
|
ruamel-yaml
|
|
|
|
tqdm
|
|
|
|
packaging
|
|
|
|
jsonschema
|
|
|
|
wcmatch
|
|
|
|
peewee
|
|
|
|
defusedxml
|
|
|
|
urllib3
|
|
|
|
typing-extensions
|
|
|
|
python-lsp-jsonrpc
|
|
|
|
tomli
|
|
|
|
];
|
2022-07-18 16:21:45 +00:00
|
|
|
|
|
|
|
doCheck = true;
|
2023-02-02 18:25:31 +00:00
|
|
|
nativeCheckInputs = [ git pytestCheckHook ] ++ (with pythonPackages; [
|
2022-07-18 16:21:45 +00:00
|
|
|
pytest-snapshot
|
|
|
|
pytest-mock
|
|
|
|
pytest-freezegun
|
|
|
|
types-freezegun
|
|
|
|
]);
|
|
|
|
disabledTests = [
|
|
|
|
# requires networking
|
2022-12-17 10:02:37 +00:00
|
|
|
"test_send"
|
|
|
|
# requires networking
|
|
|
|
"test_parse_exclude_rules_auto"
|
2022-07-18 16:21:45 +00:00
|
|
|
];
|
|
|
|
preCheck = ''
|
|
|
|
# tests need a home directory
|
|
|
|
export HOME="$(mktemp -d)"
|
|
|
|
|
|
|
|
# disabledTestPaths doesn't manage to avoid the e2e tests
|
|
|
|
# remove them from pyproject.toml
|
|
|
|
# and remove need for pytest-split
|
|
|
|
substituteInPlace pyproject.toml \
|
|
|
|
--replace '"tests/e2e",' "" \
|
|
|
|
--replace 'addopts = "--splitting-algorithm=least_duration"' ""
|
|
|
|
'';
|
|
|
|
|
2022-12-17 10:02:37 +00:00
|
|
|
# since we stop cli/setup.py from finding semgrep-core and copying it into
|
|
|
|
# the result we need to provide it on the PATH
|
|
|
|
preFixup = ''
|
|
|
|
makeWrapperArgs+=(--prefix PATH : ${lib.makeBinPath [ semgrep-core ]})
|
|
|
|
'';
|
|
|
|
|
|
|
|
passthru = {
|
|
|
|
inherit common;
|
2023-07-15 17:15:38 +00:00
|
|
|
submodulesSubset = lib.mapAttrs (k: args: fetchFromGitHub args) common.submodules;
|
2022-12-17 10:02:37 +00:00
|
|
|
updateScript = ./update.sh;
|
|
|
|
};
|
2022-07-18 16:21:45 +00:00
|
|
|
|
|
|
|
meta = common.meta // {
|
|
|
|
description = common.meta.description + " - cli";
|
2023-07-15 17:15:38 +00:00
|
|
|
inherit (semgrep-core.meta) platforms;
|
2022-07-18 16:21:45 +00:00
|
|
|
};
|
|
|
|
}
|