diff options
Diffstat (limited to 'nixpkgs/pkgs/development/tools/analysis')
87 files changed, 4156 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/tools/analysis/actionlint/default.nix b/nixpkgs/pkgs/development/tools/analysis/actionlint/default.nix new file mode 100644 index 000000000000..b953aea0bb2d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/actionlint/default.nix @@ -0,0 +1,45 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, installShellFiles +, makeWrapper +, python3Packages +, ronn +, shellcheck +}: + +buildGoModule rec { + pname = "actionlint"; + version = "1.6.26"; + + subPackages = [ "cmd/actionlint" ]; + + src = fetchFromGitHub { + owner = "rhysd"; + repo = "actionlint"; + rev = "v${version}"; + hash = "sha256-BCja8twbPwYI41JuQs2LHMCXlTbY5FAjHhZvn5mIlkg="; + }; + + vendorHash = "sha256-sBwI2L9tNg8Q/vIhhp0eIxetklytvJj+O1mWjrHkH24="; + + nativeBuildInputs = [ makeWrapper ronn installShellFiles ]; + + postInstall = '' + ronn --roff man/actionlint.1.ronn + installManPage man/actionlint.1 + wrapProgram "$out/bin/actionlint" \ + --prefix PATH : ${lib.makeBinPath [ python3Packages.pyflakes shellcheck ]} + ''; + + ldflags = [ "-s" "-w" "-X github.com/rhysd/actionlint.version=${version}" ]; + + meta = with lib; { + homepage = "https://rhysd.github.io/actionlint/"; + description = "Static checker for GitHub Actions workflow files"; + changelog = "https://github.com/rhysd/actionlint/raw/v${version}/CHANGELOG.md"; + license = licenses.mit; + maintainers = [ maintainers.marsam ]; + mainProgram = "actionlint"; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/banana-vera/default.nix b/nixpkgs/pkgs/development/tools/analysis/banana-vera/default.nix new file mode 100644 index 000000000000..03e26e5eaede --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/banana-vera/default.nix @@ -0,0 +1,41 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +, python310 +, tcl +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "banana-vera"; + version = "1.3.0-fedora38"; + + src = fetchFromGitHub { + owner = "Epitech"; + repo = "banana-vera"; + rev = "refs/tags/v${finalAttrs.version}"; + sha256 = "sha256-sSN3trSySJe3KVyrb/hc5HUGRS4M3c4UX9SLlzBM43c"; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ + python310 + python310.pkgs.boost + tcl + ]; + + cmakeFlags = [ + "-DVERA_LUA=OFF" + "-DVERA_USE_SYSTEM_BOOST=ON" + "-DPANDOC=OFF" + ]; + + meta = { + mainProgram = "vera++"; + description = "A fork of vera using python3.10"; + homepage = "https://github.com/Epitech/banana-vera"; + license = lib.licenses.boost; + maintainers = with lib.maintainers; [ sigmanificient ]; + platforms = lib.platforms.linux ++ lib.platforms.darwin; + }; +}) diff --git a/nixpkgs/pkgs/development/tools/analysis/bingrep/default.nix b/nixpkgs/pkgs/development/tools/analysis/bingrep/default.nix new file mode 100644 index 000000000000..f8cbc806250d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/bingrep/default.nix @@ -0,0 +1,22 @@ +{ lib, rustPlatform, fetchFromGitHub }: + +rustPlatform.buildRustPackage rec { + pname = "bingrep"; + version = "0.11.0"; + + src = fetchFromGitHub { + owner = "m4b"; + repo = pname; + rev = "v${version}"; + hash = "sha256-bHu3/f25U1QtRZv1z5OQSDMayOpLU6tbNaV00K55ZY8="; + }; + + cargoHash = "sha256-n49VmAJcD98LdkrUCW6ouihSXmSCsdBDvCe9l96G0ec="; + + meta = with lib; { + description = "Greps through binaries from various OSs and architectures, and colors them"; + homepage = "https://github.com/m4b/bingrep"; + license = licenses.mit; + maintainers = with maintainers; [ minijackson ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/binlore/default.nix b/nixpkgs/pkgs/development/tools/analysis/binlore/default.nix new file mode 100644 index 000000000000..54ea108b7d46 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/binlore/default.nix @@ -0,0 +1,113 @@ +{ lib +, fetchFromGitHub +, runCommand +, yallback +, yara +}: + +/* TODO/CAUTION: + +I don't want to discourage use, but I'm not sure how stable +the API is. Have fun, but be prepared to track changes! :) + +For _now_, binlore is basically a thin wrapper around +`<invoke yara> | <postprocess with yallback>` with support +for running it on a derivation, saving the result in the +store, and aggregating results from a set of packages. + +In the longer term, I suspect there are more uses for this +general pattern (i.e., run some analysis tool that produces +a deterministic output and cache the result per package...). + +I'm not sure how that'll look and if it'll be the case that +binlore automatically collects all of them, or if you'll be +configuring which "kind(s)" of lore it generates. Nailing +that down will almost certainly mean reworking the API. + +*/ + +let + src = fetchFromGitHub { + owner = "abathur"; + repo = "binlore"; + rev = "v0.2.0"; + hash = "sha256-bBJky7Km+mieHTqoMz3mda3KaKxr9ipYpfQqn/4w8J0="; + }; + /* + binlore has one one more yallbacks responsible for + routing the appropriate lore to a named file in the + appropriate format. At some point I might try to do + something fancy with this, but for now the answer to + *all* questions about the lore are: the bare minimum + to get resholve over the next feature hump in time to + hopefully slip this feature in before the branch-off. + */ + # TODO: feeling really uninspired on the API + loreDef = { + # YARA rule file + rules = (src + "/execers.yar"); + # output filenames; "types" of lore + types = [ "execers" "wrappers" ]; + # shell rule callbacks; see github.com/abathur/yallback + yallback = (src + "/execers.yall"); + # TODO: + # - echo for debug, can be removed at some point + # - I really just wanted to put the bit after the pipe + # in here, but I'm erring on the side of flexibility + # since this form will make it easier to pilot other + # uses of binlore. + callback = lore: drv: overrides: '' + if [[ -d "${drv}/bin" ]] || [[ -d "${drv}/lib" ]] || [[ -d "${drv}/libexec" ]]; then + echo generating binlore for $drv by running: + echo "${yara}/bin/yara --scan-list --recursive ${lore.rules} <(printf '%s\n' ${drv}/{bin,lib,libexec}) | ${yallback}/bin/yallback ${lore.yallback}" + else + echo "failed to generate binlore for $drv (none of ${drv}/{bin,lib,libexec} exist)" + fi + '' + + /* + Override lore for some packages. Unsure, but for now: + 1. start with the ~name (pname-version) + 2. remove characters from the end until we find a match + in overrides/ + 3. execute the override script with the list of expected + lore types + */ + '' + i=''${#identifier} + filter= + while [[ $i > 0 ]] && [[ -z "$filter" ]]; do + if [[ -f "${overrides}/''${identifier:0:$i}" ]]; then + filter="${overrides}/''${identifier:0:$i}" + echo using "${overrides}/''${identifier:0:$i}" to generate overriden binlore for $drv + break + fi + ((i--)) || true # don't break build + done # || true # don't break build + if [[ -d "${drv}/bin" ]] || [[ -d "${drv}/lib" ]] || [[ -d "${drv}/libexec" ]]; then + ${yara}/bin/yara --scan-list --recursive ${lore.rules} <(printf '%s\n' ${drv}/{bin,lib,libexec}) | ${yallback}/bin/yallback ${lore.yallback} "$filter" + fi + ''; + }; + overrides = (src + "/overrides"); + +in rec { + collect = { lore ? loreDef, drvs, strip ? [ ] }: (runCommand "more-binlore" { } '' + mkdir $out + for lorefile in ${toString lore.types}; do + cat ${lib.concatMapStrings (x: x + "/$lorefile ") (map (make lore) (map lib.getBin (builtins.filter lib.isDerivation drvs)))} > $out/$lorefile + substituteInPlace $out/$lorefile ${lib.concatMapStrings (x: "--replace '${x}/' '' ") strip} + done + ''); + # TODO: echo for debug, can be removed at some point + make = lore: drv: runCommand "${drv.name}-binlore" { + identifier = drv.name; + drv = drv; + } ('' + mkdir $out + touch $out/{${builtins.concatStringsSep "," lore.types}} + + ${lore.callback lore drv overrides} + + echo binlore for $drv written to $out + ''); +} diff --git a/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile b/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile new file mode 100644 index 000000000000..1ff5490b0a77 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile @@ -0,0 +1,2 @@ +source "https://rubygems.org" +gem "brakeman" diff --git a/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile.lock b/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile.lock new file mode 100644 index 000000000000..dcc9920bd534 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/brakeman/Gemfile.lock @@ -0,0 +1,15 @@ +GEM + remote: https://rubygems.org/ + specs: + brakeman (6.1.1) + racc + racc (1.7.3) + +PLATFORMS + ruby + +DEPENDENCIES + brakeman + +BUNDLED WITH + 2.5.3 diff --git a/nixpkgs/pkgs/development/tools/analysis/brakeman/default.nix b/nixpkgs/pkgs/development/tools/analysis/brakeman/default.nix new file mode 100644 index 000000000000..72c4b1fbc3e3 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/brakeman/default.nix @@ -0,0 +1,18 @@ +{ lib, ruby, bundlerApp, bundlerUpdateScript }: + +bundlerApp rec { + pname = "brakeman"; + exes = [ "brakeman" ]; + gemdir = ./.; + + passthru.updateScript = bundlerUpdateScript "brakeman"; + + meta = with lib; { + description = "Static analysis security scanner for Ruby on Rails"; + homepage = "https://brakemanscanner.org/"; + changelog = "https://github.com/presidentbeef/brakeman/blob/v${version}/CHANGES.md"; + license = [ licenses.unfreeRedistributable ]; + platforms = ruby.meta.platforms; + maintainers = [ maintainers.marsam ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/brakeman/gemset.nix b/nixpkgs/pkgs/development/tools/analysis/brakeman/gemset.nix new file mode 100644 index 000000000000..fdee80a9ff75 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/brakeman/gemset.nix @@ -0,0 +1,23 @@ +{ + brakeman = { + dependencies = ["racc"]; + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "1ahkss5xpdw7vwykyd5kba74cs4r987fcn7ad5qvzhzhqdariqvy"; + type = "gem"; + }; + version = "6.1.1"; + }; + racc = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "01b9662zd2x9bp4rdjfid07h09zxj7kvn7f5fghbqhzc625ap1dp"; + type = "gem"; + }; + version = "1.7.3"; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix b/nixpkgs/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix new file mode 100644 index 000000000000..75f6ee44bf99 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/cargo-tarpaulin/default.nix @@ -0,0 +1,39 @@ +{ lib +, rustPlatform +, fetchFromGitHub +, pkg-config +, openssl +, stdenv +, curl +, Security +}: + +rustPlatform.buildRustPackage rec { + pname = "cargo-tarpaulin"; + version = "0.27.3"; + + src = fetchFromGitHub { + owner = "xd009642"; + repo = "tarpaulin"; + rev = version; + hash = "sha256-ejrnqkeMhCBWCjLCOblhZV/fY4Aib4F1uanufHyUmfw="; + }; + + cargoHash = "sha256-YO91vSyMwRTrQxRAgWJemL+dlmnEN7VSGrwnE6z7ocI="; + + nativeBuildInputs = [ + pkg-config + ]; + buildInputs = [ openssl ] + ++ lib.optionals stdenv.isDarwin [ curl Security ]; + + doCheck = false; + + meta = with lib; { + description = "A code coverage tool for Rust projects"; + homepage = "https://github.com/xd009642/tarpaulin"; + changelog = "https://github.com/xd009642/tarpaulin/blob/${src.rev}/CHANGELOG.md"; + license = with licenses; [ mit /* or */ asl20 ]; + maintainers = with maintainers; [ figsoda hugoreeves ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/cccc/cccc.patch b/nixpkgs/pkgs/development/tools/analysis/cccc/cccc.patch new file mode 100644 index 000000000000..9454e3b18ad1 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/cccc/cccc.patch @@ -0,0 +1,24 @@ +diff --git a/cccc/cccc_tbl.cc b/cccc/cccc_tbl.cc +index df98e2b..59f2572 100644 +--- a/cccc/cccc_tbl.cc ++++ b/cccc/cccc_tbl.cc +@@ -96,7 +96,7 @@ bool CCCC_Table<T>::remove(T* old_item_ptr) + typename map_t::iterator value_iterator=map_t::find(old_item_ptr->key()); + if(value_iterator!=map_t::end()) + { +- erase(value_iterator); ++ map_t::erase(value_iterator); + retval=true; + } + return retval; +diff --git a/makefile b/makefile +index 23ad004..2cca469 100644 +--- a/makefile ++++ b/makefile +@@ -20,5 +20,5 @@ test : + cd test ; make -f posix.mak + + install : +- cd install ; su root -c "make -f install.mak" ++ cd install ; make -f install.mak + diff --git a/nixpkgs/pkgs/development/tools/analysis/cccc/default.nix b/nixpkgs/pkgs/development/tools/analysis/cccc/default.nix new file mode 100644 index 000000000000..49c8fb140e59 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/cccc/default.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "cccc"; + version = "3.1.4"; + + src = fetchurl { + url = "mirror://sourceforge/cccc/${version}/cccc-${version}.tar.gz"; + sha256 = "1gsdzzisrk95kajs3gfxks3bjvfd9g680fin6a9pjrism2lyrcr7"; + }; + + hardeningDisable = [ "format" ]; + + patches = [ ./cccc.patch ]; + + preConfigure = '' + substituteInPlace install/install.mak --replace /usr/local/bin $out/bin + substituteInPlace install/install.mak --replace MKDIR=mkdir "MKDIR=mkdir -p" + ''; + buildFlags = [ "CCC=c++" "LD=c++" ]; + + meta = { + description = "C and C++ Code Counter"; + longDescription = '' + CCCC is a tool which analyzes C++ and Java files and generates a report + on various metrics of the code. Metrics supported include lines of code, McCabe's + complexity and metrics proposed by Chidamber&Kemerer and Henry&Kafura. + ''; + homepage = "https://cccc.sourceforge.net/"; + license = lib.licenses.gpl2; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.linquize ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/checkov/default.nix b/nixpkgs/pkgs/development/tools/analysis/checkov/default.nix new file mode 100644 index 000000000000..a60ef454284d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/checkov/default.nix @@ -0,0 +1,164 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "checkov"; + version = "3.2.8"; + pyproject = true; + + src = fetchFromGitHub { + owner = "bridgecrewio"; + repo = "checkov"; + rev = "refs/tags/${version}"; + hash = "sha256-Hd1YOzIH6v8N/oP2cJRUv6OkgOv9aSe7nkvzpsCN3rc="; + }; + + patches = [ + ./flake8-compat-5.x.patch + ]; + + pythonRelaxDeps = [ + "bc-detect-secrets" + "bc-python-hcl2" + "dpath" + "igraph" + "license-expression" + "networkx" + "openai" + "pycep-parser" + "termcolor" + ]; + + pythonRemoveDeps = [ + # pythonRelaxDeps doesn't work with that one + "pycep-parser" + ]; + + nativeBuildInputs = with python3.pkgs; [ + pythonRelaxDepsHook + setuptools-scm + ]; + + propagatedBuildInputs = with python3.pkgs; [ + aiodns + aiohttp + aiomultiprocess + argcomplete + bc-detect-secrets + bc-jsonpath-ng + bc-python-hcl2 + boto3 + cachetools + charset-normalizer + cloudsplaining + colorama + configargparse + cyclonedx-python-lib + docker + dockerfile-parse + dpath + flake8 + gitpython + igraph + jmespath + jsonschema + junit-xml + license-expression + networkx + openai + packaging + policyuniverse + prettytable + pycep-parser + pyyaml + pydantic + rustworkx + semantic-version + spdx-tools + tabulate + termcolor + tqdm + typing-extensions + update-checker + ]; + + nativeCheckInputs = with python3.pkgs; [ + aioresponses + mock + pytest-asyncio + pytest-mock + pytest-xdist + pytestCheckHook + responses + ]; + + preCheck = '' + export HOME=$(mktemp -d); + ''; + + disabledTests = [ + # No API key available + "api_key" + # Requires network access + "TestSarifReport" + "test_skip_mapping_default" + # Flake8 test + "test_file_with_class" + "test_dataclass_skip" + "test_typing_class_skip" + # Tests are comparing console output + "cli" + "console" + # Assertion error + "test_runner" + # AssertionError: assert ['<?xml versi... + "test_get_cyclonedx_report" + ]; + + disabledTestPaths = [ + # Tests are pulling from external sources + # https://github.com/bridgecrewio/checkov/blob/f03a4204d291cf47e3753a02a9b8c8d805bbd1be/.github/workflows/build.yml + "integration_tests/" + "tests/ansible/" + "tests/arm/" + "tests/bicep/" + "tests/cloudformation/" + "tests/common/" + "tests/dockerfile/" + "tests/generic_json/" + "tests/generic_yaml/" + "tests/github_actions/" + "tests/github/" + "tests/kubernetes/" + "tests/sca_package_2" + "tests/terraform/" + "cdk_integration_tests/" + "sast_integration_tests" + # Performance tests have no value for us + "performance_tests/test_checkov_performance.py" + # No Helm + "dogfood_tests/test_checkov_dogfood.py" + ]; + + pythonImportsCheck = [ + "checkov" + ]; + + postInstall = '' + chmod +x $out/bin/checkov + ''; + + meta = with lib; { + description = "Static code analysis tool for infrastructure-as-code"; + homepage = "https://github.com/bridgecrewio/checkov"; + changelog = "https://github.com/bridgecrewio/checkov/releases/tag/${version}"; + longDescription = '' + Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, + Kubernetes, Serverless framework and other infrastructure-as-code-languages. + ''; + license = licenses.asl20; + maintainers = with maintainers; [ anhdle14 fab ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/checkov/flake8-compat-5.x.patch b/nixpkgs/pkgs/development/tools/analysis/checkov/flake8-compat-5.x.patch new file mode 100644 index 000000000000..9bb019292536 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/checkov/flake8-compat-5.x.patch @@ -0,0 +1,25 @@ +diff --git a/flake8_plugins/flake8_class_attributes_plugin/tests/conftest.py b/flake8_plugins/flake8_class_attributes_plugin/tests/conftest.py +index 1ad762aed..c91078dcf 100644 +--- a/flake8_plugins/flake8_class_attributes_plugin/tests/conftest.py ++++ b/flake8_plugins/flake8_class_attributes_plugin/tests/conftest.py +@@ -1,6 +1,7 @@ + import ast + import os + ++import flake8 + from flake8.options.manager import OptionManager + + from flake8_plugins.flake8_class_attributes_plugin.flake8_class_attributes.checker import ClassAttributesChecker +@@ -17,7 +18,11 @@ def run_validator_for_test_file(filename, max_annotations_complexity=None, + raw_content = file_handler.read() + tree = ast.parse(raw_content) + +- options = OptionManager('flake8_class_attributes_order', '0.1.3') ++ options = OptionManager( ++ version=flake8.__version__, ++ plugin_versions='flake8_class_attributes_order: 0.1.3', ++ parents=[], ++ ) + options.use_class_attributes_order_strict_mode = strict_mode + options.class_attributes_order = attributes_order + ClassAttributesChecker.parse_options(options) diff --git a/nixpkgs/pkgs/development/tools/analysis/checkstyle/default.nix b/nixpkgs/pkgs/development/tools/analysis/checkstyle/default.nix new file mode 100644 index 000000000000..84730b829751 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/checkstyle/default.nix @@ -0,0 +1,39 @@ +{ lib, stdenvNoCC, fetchurl, makeBinaryWrapper, jre }: + +stdenvNoCC.mkDerivation rec { + version = "10.13.0"; + pname = "checkstyle"; + + src = fetchurl { + url = "https://github.com/checkstyle/checkstyle/releases/download/checkstyle-${version}/checkstyle-${version}-all.jar"; + sha256 = "sha256-VhEMyn20ubXbsDMHnNS4/E2Aeeyby3U3OV29/uXEQw4="; + }; + + nativeBuildInputs = [ makeBinaryWrapper ]; + buildInputs = [ jre ]; + + dontUnpack = true; + + installPhase = '' + runHook preInstall + install -D $src $out/checkstyle/checkstyle-all.jar + makeWrapper ${jre}/bin/java $out/bin/checkstyle \ + --add-flags "-jar $out/checkstyle/checkstyle-all.jar" + runHook postInstall + ''; + + meta = with lib; { + description = "Checks Java source against a coding standard"; + longDescription = '' + checkstyle is a development tool to help programmers write Java code that + adheres to a coding standard. By default it supports the Sun Code + Conventions, but is highly configurable. + ''; + homepage = "https://checkstyle.org/"; + changelog = "https://checkstyle.org/releasenotes.html#Release_${version}"; + sourceProvenance = with sourceTypes; [ binaryBytecode ]; + license = licenses.lgpl21; + maintainers = with maintainers; [ pSub ]; + platforms = jre.meta.platforms; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/clang-analyzer/0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch b/nixpkgs/pkgs/development/tools/analysis/clang-analyzer/0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch new file mode 100644 index 000000000000..87d79a070cd0 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/clang-analyzer/0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch @@ -0,0 +1,35 @@ +From 99a7e55a60c8d96e160f9104a3dd31b7914d3488 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> +Date: Fri, 31 Jul 2020 09:22:03 +0100 +Subject: [PATCH] Fix scan-build to use NIX_CFLAGS_COMPILE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jörg Thalheim <joerg@thalheim.io> +--- + clang/tools/scan-build/libexec/ccc-analyzer | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/clang/tools/scan-build/libexec/ccc-analyzer +b/clang/tools/scan-build/libexec/ccc-analyzer +index ed0d4d3d73f3..2d5113435ca5 100755 +--- a/clang/tools/scan-build/libexec/ccc-analyzer ++++ b/clang/tools/scan-build/libexec/ccc-analyzer +@@ -249,6 +249,14 @@ sub Analyze { + push @Args, "-target", $AnalyzerTarget; + } + ++ # Add Nix flags to analysis ++ if (defined $ENV{'NIX_CFLAGS_COMPILE'}) { ++ my @nixArgs = split(/\s+/, $ENV{'NIX_CFLAGS_COMPILE'}); ++ foreach my $nixArg (@nixArgs) { ++ push @Args, $nixArg; ++ } ++ } ++ + my $AnalysisArgs = GetCCArgs($HtmlDir, "--analyze", \@Args); + @CmdArgs = @$AnalysisArgs; + } +-- +2.33.0 diff --git a/nixpkgs/pkgs/development/tools/analysis/clang-analyzer/default.nix b/nixpkgs/pkgs/development/tools/analysis/clang-analyzer/default.nix new file mode 100644 index 000000000000..46e04aaf389f --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/clang-analyzer/default.nix @@ -0,0 +1,38 @@ +{ lib, stdenv, fetchurl, clang, llvmPackages, perl, makeWrapper, python3 }: + +stdenv.mkDerivation rec { + pname = "clang-analyzer"; + inherit (llvmPackages.clang-unwrapped) src version; + + patches = [ ./0001-Fix-scan-build-to-use-NIX_CFLAGS_COMPILE.patch ]; + buildInputs = [ clang llvmPackages.clang perl python3 ]; + nativeBuildInputs = [ makeWrapper ]; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/share/scan-view $out/bin + cp -R clang/tools/scan-view/share/* $out/share/scan-view + cp -R clang/tools/scan-view/bin/* $out/bin/scan-view + cp -R clang/tools/scan-build/* $out + + rm $out/bin/*.bat $out/libexec/*.bat $out/CMakeLists.txt + + wrapProgram $out/bin/scan-build \ + --add-flags "--use-cc=${clang}/bin/clang" \ + --add-flags "--use-c++=${clang}/bin/clang++" \ + --add-flags "--use-analyzer='${llvmPackages.clang}/bin/clang'" + ''; + + meta = { + description = "Clang Static Analyzer"; + longDescription = '' + The Clang Static Analyzer is a source code analysis tool that finds bugs + in C, C++, and Objective-C programs. + ''; + homepage = "https://clang-analyzer.llvm.org/"; + license = lib.licenses.bsd3; + platforms = lib.platforms.unix; + maintainers = [ lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/clazy/default.nix b/nixpkgs/pkgs/development/tools/analysis/clazy/default.nix new file mode 100644 index 000000000000..10c61bf88881 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/clazy/default.nix @@ -0,0 +1,56 @@ +{ + lib + , stdenv + , fetchFromGitHub + , llvmPackages + , cmake + , makeWrapper +}: + +stdenv.mkDerivation rec { + pname = "clazy"; + version = "1.11"; + + src = fetchFromGitHub { + owner = "KDE"; + repo = "clazy"; + rev = "v${version}"; + sha256 = "sha256-kcl4dUg84fNdizKUS4kpvIKFfajtTRdz+MYUbKcMFvg="; + }; + + buildInputs = [ + llvmPackages.llvm + llvmPackages.libclang + ]; + + nativeBuildInputs = [ + cmake + makeWrapper + ]; + + postInstall = '' + wrapProgram $out/bin/clazy \ + --suffix PATH : "${llvmPackages.clang}/bin/" \ + --suffix CPATH : "$(<${llvmPackages.clang}/nix-support/libc-cflags)" \ + --suffix CPATH : "${llvmPackages.clang}/resource-root/include" \ + --suffix CPLUS_INCLUDE_PATH : "$(<${llvmPackages.clang}/nix-support/libcxx-cxxflags)" \ + --suffix CPLUS_INCLUDE_PATH : "$(<${llvmPackages.clang}/nix-support/libc-cflags)" \ + --suffix CPLUS_INCLUDE_PATH : "${llvmPackages.clang}/resource-root/include" + + wrapProgram $out/bin/clazy-standalone \ + --suffix CPATH : "$(<${llvmPackages.clang}/nix-support/libc-cflags)" \ + --suffix CPATH : "${llvmPackages.clang}/resource-root/include" \ + --suffix CPLUS_INCLUDE_PATH : "$(<${llvmPackages.clang}/nix-support/libcxx-cxxflags)" \ + --suffix CPLUS_INCLUDE_PATH : "$(<${llvmPackages.clang}/nix-support/libc-cflags)" \ + --suffix CPLUS_INCLUDE_PATH : "${llvmPackages.clang}/resource-root/include" + ''; + + meta = { + description = "Qt-oriented static code analyzer based on the Clang framework"; + homepage = "https://github.com/KDE/clazy"; + license = lib.licenses.lgpl2Plus; + maintainers = [ lib.maintainers.cadkin ]; + platforms = lib.platforms.linux; + }; + +} diff --git a/nixpkgs/pkgs/development/tools/analysis/coan/default.nix b/nixpkgs/pkgs/development/tools/analysis/coan/default.nix new file mode 100644 index 000000000000..d88a4a8a92eb --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/coan/default.nix @@ -0,0 +1,35 @@ +{ lib, stdenv, fetchurl, perl }: + +stdenv.mkDerivation rec { + version = "6.0.1"; + pname = "coan"; + + src = fetchurl { + url = "mirror://sourceforge/project/coan2/v${version}/${pname}-${version}.tar.gz"; + sha256 = "1d041j0nd1hc0562lbj269dydjm4rbzagdgzdnmwdxr98544yw44"; + }; + + nativeBuildInputs = [ perl ]; + + CXXFLAGS = "-std=c++11"; + + enableParallelBuilding = true; + + postInstall = '' + mv -v $out/share/man/man1/coan.1.{1,gz} + ''; + + meta = with lib; { + description = "The C preprocessor chainsaw"; + longDescription = '' + A software engineering tool for analysing preprocessor-based + configurations of C or C++ source code. Its principal use is to simplify + a body of source code by eliminating any parts that are redundant with + respect to a specified configuration. Dead code removal is an + application of this sort. + ''; + homepage = "https://coan2.sourceforge.net/"; + license = licenses.bsd3; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/codeql/default.nix b/nixpkgs/pkgs/development/tools/analysis/codeql/default.nix new file mode 100644 index 000000000000..10634622fe5e --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/codeql/default.nix @@ -0,0 +1,55 @@ +{ lib, stdenv, fetchzip, zlib, xorg, freetype, jdk17, curl }: + +stdenv.mkDerivation rec { + pname = "codeql"; + version = "2.16.1"; + + dontConfigure = true; + dontBuild = true; + dontStrip = true; + + src = fetchzip { + url = "https://github.com/github/codeql-cli-binaries/releases/download/v${version}/codeql.zip"; + hash = "sha256-y9tSG/SxCeyFdWF6gKuPSBgfG5H2uB/XRmQkfMBdKQU="; + }; + + nativeBuildInputs = [ + zlib + xorg.libX11 + xorg.libXext + xorg.libXi + xorg.libXtst + xorg.libXrender + freetype + jdk17 + stdenv.cc.cc.lib + curl + ]; + + installPhase = '' + # codeql directory should not be top-level, otherwise, + # it'll include /nix/store to resolve extractors. + mkdir -p $out/{codeql,bin} + cp -R * $out/codeql/ + + ln -sf $out/codeql/tools/linux64/lib64trace.so $out/codeql/tools/linux64/libtrace.so + + # many of the codeql extractors use CODEQL_DIST + CODEQL_PLATFORM to + # resolve java home, so to be able to create databases, we want to make + # sure that they point somewhere sane/usable since we can not autopatch + # the codeql packaged java dist, but we DO want to patch the extractors + # as well as the builders which are ELF binaries for the most part + rm -rf $out/codeql/tools/linux64/java + ln -s ${jdk17} $out/codeql/tools/linux64/java + + ln -s $out/codeql/codeql $out/bin/ + ''; + + meta = with lib; { + description = "Semantic code analysis engine"; + homepage = "https://codeql.github.com"; + maintainers = [ maintainers.dump_stack ]; + platforms = lib.platforms.linux ++ lib.platforms.darwin; + license = licenses.unfree; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/cov-build/default.nix b/nixpkgs/pkgs/development/tools/analysis/cov-build/default.nix new file mode 100644 index 000000000000..61c8dda2e6da --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/cov-build/default.nix @@ -0,0 +1,69 @@ +{ lib +, stdenv +, fetchurl + +, autoPatchelfHook + +, alsa-lib +, libxcrypt-legacy +, lttng-ust_2_12 +, xorg +, zlib +}: + +stdenv.mkDerivation rec { + pname = "cov-build"; + version = "2022.12.2"; + + src = + if stdenv.hostPlatform.system == "i686-linux" + then fetchurl { + url = "https://archive.org/download/cov-analysis-linux-${version}.tar/cov-analysis-linux-${version}.tar.gz"; + hash = "sha256-Jr9bMUo9GRp+dgoAPqKxaTqWYWh4djGArdG9ukUK+ZY="; + } + else if stdenv.hostPlatform.system == "x86_64-linux" + then fetchurl { + url = "https://archive.org/download/cov-analysis-linux64-${version}.tar/cov-analysis-linux64-${version}.tar.gz"; + hash = "sha256-CyNKILJXlDMOCXbZZF4r/knz0orRx32oSj+Kpq/nxXQ="; + } + else throw "Unsupported platform '${stdenv.hostPlatform.system}'"; + + nativeBuildInputs = [ autoPatchelfHook ]; + + buildInputs = [ + alsa-lib + libxcrypt-legacy + lttng-ust_2_12 + xorg.libXext + xorg.libXrender + xorg.libXtst + zlib + ]; + + dontConfigure = true; + + dontBuild = true; + + installPhase = '' + mkdir -p $out/bin $out/libexec + mv * $out/libexec + for x in cov-build cov-capture cov-configure cov-emit cov-emit-java \ + cov-export-cva cov-extract-scm cov-help cov-import-scm cov-link \ + cov-internal-clang cov-internal-emit-clang cov-internal-nm \ + cov-internal-emit-java-bytecode cov-internal-reduce cov-translate \ + cov-preprocess cov-internal-pid-to-db cov-manage-emit \ + cov-manage-history; do + ln -s $out/libexec/bin/$x $out/bin/$x; + done + ''; + + dontStrip = true; + + meta = { + description = "Coverity Scan build tools"; + homepage = "https://scan.coverity.com"; + license = lib.licenses.unfreeRedistributable; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/coz/default.nix b/nixpkgs/pkgs/development/tools/analysis/coz/default.nix new file mode 100644 index 000000000000..17968a466bf4 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/coz/default.nix @@ -0,0 +1,56 @@ +{ lib, stdenv +, fetchFromGitHub +, libelfin +, ncurses +, python3 +, python3Packages +, makeWrapper +}: +stdenv.mkDerivation rec { + pname = "coz"; + version = "0.2.1"; + + src = fetchFromGitHub { + owner = "plasma-umass"; + repo = "coz"; + rev = version; + sha256 = "0val36yw987b1558iiyk3nqg0yy5k9y5wh49v91zj3cs58mmfyhc"; + }; + + postPatch = '' + sed -i -e '/pid_t gettid/,+2d' libcoz/ccutil/thread.h + ''; + + postConfigure = '' + # This is currently hard-coded. Will be fixed in the next release. + sed -e "s|/usr/lib/|$out/lib/|" -i ./coz + ''; + + nativeBuildInputs = [ + ncurses + makeWrapper + python3Packages.wrapPython + ]; + + buildInputs = [ + libelfin + (python3.withPackages (p: [ p.docutils ])) + ]; + + installPhase = '' + mkdir -p $out/share/man/man1 + make install prefix=$out + + # fix executable includes + chmod -x $out/include/coz.h + + wrapPythonPrograms + ''; + + meta = { + homepage = "https://github.com/plasma-umass/coz"; + description = "Profiler based on casual profiling"; + license = lib.licenses.bsd2; + maintainers = with lib.maintainers; [ zimbatm ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/cppcheck/default.nix b/nixpkgs/pkgs/development/tools/analysis/cppcheck/default.nix new file mode 100644 index 000000000000..0582c1d6e89a --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/cppcheck/default.nix @@ -0,0 +1,85 @@ +{ lib +, stdenv +, fetchFromGitHub + +, docbook_xml_dtd_45 +, docbook_xsl +, installShellFiles +, libxslt +, pcre +, pkg-config +, python3 +, which +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "cppcheck"; + version = "2.13.3"; + + outputs = [ "out" "man" ]; + + src = fetchFromGitHub { + owner = "danmar"; + repo = "cppcheck"; + rev = finalAttrs.version; + hash = "sha256-JTasjK9EkdGCTGL5Qx9uU3UBFlQzVdpTJ/v1IfzXCLE="; + }; + + nativeBuildInputs = [ + docbook_xml_dtd_45 + docbook_xsl + installShellFiles + libxslt + pkg-config + python3 + which + ]; + + buildInputs = [ + pcre + (python3.withPackages (ps: [ ps.pygments ])) + ]; + + makeFlags = [ "PREFIX=$(out)" "MATCHCOMPILER=yes" "FILESDIR=$(out)/share/cppcheck" "HAVE_RULES=yes" ]; + + enableParallelBuilding = true; + strictDeps = true; + + # test/testcondition.cpp:4949(TestCondition::alwaysTrueContainer): Assertion failed. + doCheck = !(stdenv.isLinux && stdenv.isAarch64); + doInstallCheck = true; + + postPatch = '' + substituteInPlace Makefile \ + --replace 'PCRE_CONFIG = $(shell which pcre-config)' 'PCRE_CONFIG = $(PKG_CONFIG) libpcre' + ''; + + postBuild = '' + make DB2MAN=${docbook_xsl}/xml/xsl/docbook/manpages/docbook.xsl man + ''; + + postInstall = '' + installManPage cppcheck.1 + ''; + + installCheckPhase = '' + runHook preInstallCheck + + echo 'int main() {}' > ./installcheck.cpp + $out/bin/cppcheck ./installcheck.cpp > /dev/null + + runHook postInstallCheck + ''; + + meta = { + description = "A static analysis tool for C/C++ code"; + homepage = "http://cppcheck.sourceforge.net"; + license = lib.licenses.gpl3Plus; + longDescription = '' + Check C/C++ code for memory leaks, mismatching allocation-deallocation, + buffer overruns and more. + ''; + maintainers = with lib.maintainers; [ joachifm paveloom ]; + platforms = lib.platforms.unix; + }; +}) diff --git a/nixpkgs/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch b/nixpkgs/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch new file mode 100644 index 000000000000..3b602421d100 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/cpplint/0001-Remove-pytest-runner-version-pin.patch @@ -0,0 +1,16 @@ +diff --git a/setup.py b/setup.py +index aef5c4e..030ea14 100755 +--- a/setup.py ++++ b/setup.py +@@ -73,7 +73,7 @@ setup(name='cpplint', + long_description=open('README.rst').read(), + license='BSD-3-Clause', + setup_requires=[ +- "pytest-runner==5.2" ++ "pytest-runner" + ], + tests_require=test_required, + # extras_require allow pip install .[dev] +-- +2.31.1 + diff --git a/nixpkgs/pkgs/development/tools/analysis/cpplint/default.nix b/nixpkgs/pkgs/development/tools/analysis/cpplint/default.nix new file mode 100644 index 000000000000..87344d747bf6 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/cpplint/default.nix @@ -0,0 +1,48 @@ +{ lib, python3Packages, fetchFromGitHub, fetchpatch }: + +python3Packages.buildPythonApplication rec { + pname = "cpplint"; + version = "1.5.5"; + format = "setuptools"; + + # Fetch from github instead of pypi, since the test cases are not in the pypi archive + src = fetchFromGitHub { + owner = pname; + repo = pname; + rev = version; + hash = "sha256-JXz2Ufo7JSceZVqYwCRkuAsOR08znZlIUk8GCLAyiI4="; + }; + + patches = [ + ./0001-Remove-pytest-runner-version-pin.patch + + # The patch below stops using the sre_compile module, which was deprecated + # in Python 3.11 and replaces it with re.compile. Upstream is unsure if it + # should use re.compile or re._compiler.compile, so we should monitor the + # thread for updates. + # + # https://github.com/cpplint/cpplint/pull/214 + # + (fetchpatch { + name = "python-3.11-compatibility.patch"; + url = "https://github.com/cpplint/cpplint/commit/e84e84f53915ae2a9214e756cf89c573a73bbcd3.patch"; + hash = "sha256-u57AFWaVmGFSsvSGq1x9gZmTsuZPqXvTC7mTfyb2164="; + }) + ]; + + postPatch = '' + patchShebangs cpplint_unittest.py + ''; + + nativeCheckInputs = with python3Packages; [ pytest pytest-runner ]; + checkPhase = '' + ./cpplint_unittest.py + ''; + + meta = with lib; { + homepage = "https://github.com/cpplint/cpplint"; + description = "Static code checker for C++"; + maintainers = [ maintainers.bhipple ]; + license = [ licenses.bsd3 ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/cvehound/default.nix b/nixpkgs/pkgs/development/tools/analysis/cvehound/default.nix new file mode 100644 index 000000000000..d6b08fb06153 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/cvehound/default.nix @@ -0,0 +1,46 @@ +{ lib +, fetchFromGitHub +, coccinelle +, gnugrep +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "cvehound"; + version = "1.1.0"; + + src = fetchFromGitHub { + owner = "evdenis"; + repo = "cvehound"; + rev = "refs/tags/${version}"; + hash = "sha256-4+0Virpsq4mwOIpostS87VYTX8hsumXEL1w8FiOrNtA="; + }; + + makeWrapperArgs = [ + "--prefix PATH : ${lib.makeBinPath [ coccinelle gnugrep ]}" + ]; + + propagatedBuildInputs = with python3.pkgs; [ + lxml + setuptools + sympy + ]; + + nativeCheckInputs = with python3.pkgs; [ + gitpython + psutil + pytestCheckHook + ]; + + # Tries to clone the kernel sources + doCheck = false; + + meta = with lib; { + description = "Tool to check linux kernel source dump for known CVEs"; + homepage = "https://github.com/evdenis/cvehound"; + changelog = "https://github.com/evdenis/cvehound/blob/${src.rev}/ChangeLog"; + # See https://github.com/evdenis/cvehound/issues/22 + license = with licenses; [ gpl2Only gpl3Plus ]; + maintainers = with maintainers; [ ambroisie ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/dotenv-linter/default.nix b/nixpkgs/pkgs/development/tools/analysis/dotenv-linter/default.nix new file mode 100644 index 000000000000..fec39c962a66 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/dotenv-linter/default.nix @@ -0,0 +1,29 @@ +{ stdenv +, lib +, rustPlatform +, fetchFromGitHub +, Security +}: + +rustPlatform.buildRustPackage rec { + pname = "dotenv-linter"; + version = "3.3.0"; + + src = fetchFromGitHub { + owner = "dotenv-linter"; + repo = "dotenv-linter"; + rev = "v${version}"; + sha256 = "sha256-HCP1OUWm/17e73TbinmDxYUi18/KXxppstyUSixjlSo="; + }; + + cargoSha256 = "sha256-4r4NTq2rLnpmm/nwxJ9RoN2+JrUI6XKGfYFI78NY710="; + + buildInputs = lib.optional stdenv.isDarwin Security; + + meta = with lib; { + description = "Lightning-fast linter for .env files. Written in Rust"; + homepage = "https://dotenv-linter.github.io"; + license = licenses.mit; + maintainers = with maintainers; [ humancalico ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/egypt/default.nix b/nixpkgs/pkgs/development/tools/analysis/egypt/default.nix new file mode 100644 index 000000000000..026650220991 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/egypt/default.nix @@ -0,0 +1,32 @@ +{ lib, fetchurl, perlPackages }: + +perlPackages.buildPerlPackage rec { + pname = "egypt"; + version = "1.10"; + + src = fetchurl { + sha256 = "0r0wj6v8z9fzlh9pb5617kyjdf92ppmlbzajaarrq729bbb6ln5m"; + url = "https://www.gson.org/egypt/download/${pname}-${version}.tar.gz"; + }; + + outputs = [ "out" ]; + + enableParallelBuilding = true; + + doCheck = true; + + meta = with lib; { + description = "Tool for making call graphs of C programmes"; + longDescription = '' + Egypt is a simple tool for creating call graphs of C programs. It neither + analyzes source code nor lays out graphs. Instead, it leaves the source + code analysis to GCC and the graph layout to Graphviz, both of which are + better at their respective jobs than egypt itself could ever hope to be. + Egypt is simply a very small Perl script that glues these existing tools + together. + ''; + homepage = "http://www.gson.org/egypt/"; + license = with licenses; [ artistic1 gpl1Plus ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/emma/default.nix b/nixpkgs/pkgs/development/tools/analysis/emma/default.nix new file mode 100644 index 000000000000..a1804eafd8cf --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/emma/default.nix @@ -0,0 +1,26 @@ +{lib, stdenv, fetchurl, unzip}: + +stdenv.mkDerivation rec { + pname = "emma"; + version = "2.0.5312"; + + src = fetchurl { + url = "mirror://sourceforge/${pname}/${pname}-${version}.zip"; + sha256 = "0xxy39s2lvgs56vicjzpcz936l1vjaplliwa0dm7v3iyvw6jn7vj"; + }; + + nativeBuildInputs = [ unzip ]; + + installPhase = '' + mkdir -p $out/lib/jars + cp lib/*.jar $out/lib/jars/ + ''; + + meta = { + homepage = "https://emma.sourceforge.net/"; + description = "A code coverage tool for Java"; + sourceProvenance = with lib.sourceTypes; [ binaryBytecode ]; + platforms = lib.platforms.unix; + license = lib.licenses.cpl10; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/eresi/default.nix b/nixpkgs/pkgs/development/tools/analysis/eresi/default.nix new file mode 100644 index 000000000000..3d5571ddea42 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/eresi/default.nix @@ -0,0 +1,76 @@ +{ stdenv, lib, fetchFromGitHub, which, openssl, readline, fetchpatch }: + +stdenv.mkDerivation rec { + pname = "eresi"; + version = "0.83-a3-phoenix"; + + src = fetchFromGitHub { + owner = "thorkill"; + repo = "eresi"; + rev = version; + sha256 = "0a5a7mh2zw9lcdrl8n1mqccrc0xcgj7743l7l4kslkh722fxv625"; + }; + + patches = [ + (fetchpatch { + url = "https://github.com/thorkill/eresi/commit/a79406344cc21d594d27fa5ec5922abe9f7475e7.patch"; + sha256 = "1mjjc6hj7r06iarvai7prcdvjk9g0k5vwrmkwcm7b8ivd5xzxp2z"; + }) + + # Pull patch pending upstream inclusion for -fno-common toolchains: + # https://github.com/thorkill/eresi/pull/166 + (fetchpatch { + url = "https://github.com/thorkill/eresi/commit/bc5b9a75c326f277e5f89e01a3b8f7f0519a99f6.patch"; + sha256 = "0lqwrnkkhhd3vi1r8ngvziyqkk09h98h93rrs3ndqi048a898ys1"; + }) + ]; + + postPatch = '' + # Two occurences of fprintf() with only two arguments, which should really + # be fputs(). + # + # Upstream pull request: https://github.com/thorkill/eresi/pull/162 + # + sed -i -e 's/fprintf(\(stderr\), *\([a-z0-9]\+\))/fputs(\2, \1)/g' \ + libe2dbg/common/common.c libe2dbg/user/threads.c + + # We need to patch out a few ifs here, because it tries to create a series + # of configuration files in ~/.something. However, our builds are sandboxed + # and also don't contain a valid home, so let's NOP it out :-) + # + # The second fix we need to make is that we need to pretend being Gentoo + # because otherwise the build process tries to link against libtermcap, + # which I think is solely for historic reasons (nowadays Terminfo should + # have largely superseded it). + sed -i -e '/^if \[ ! -e/c if false; then' \ + -e 's/^GENTOO=.*/GENTOO=1/' configure + ''; + + configureFlags = [ + (if stdenv.is64bit then "--enable-32-64" else "--enable-32") + "--enable-readline" + ]; + + # The configure script is not generated by autoconf but is hand-rolled, so it + # has --enable-static but no --disabled-static and also doesn't support the + # equals sign in --prefix. + prefixKey = "--prefix "; + dontDisableStatic = true; + + nativeBuildInputs = [ which ]; + buildInputs = [ openssl readline ]; + enableParallelBuilding = true; + # ln: failed to create symbolic link '...-eresi-0.83-a3-phoenix//bin/elfsh': No such file or directory + # make: *** [Makefile:108: install64] Error 1 + enableParallelInstalling = false; + + installTargets = lib.singleton "install" + ++ lib.optional stdenv.is64bit "install64"; + + meta = { + description = "The ERESI Reverse Engineering Software Interface"; + license = lib.licenses.gpl2Only; + homepage = "https://github.com/thorkill/eresi"; # Formerly http://www.eresi-project.org/ + platforms = lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/evmdis/default.nix b/nixpkgs/pkgs/development/tools/analysis/evmdis/default.nix new file mode 100644 index 000000000000..eb23a0aae51f --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/evmdis/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule { + pname = "evmdis"; + version = "unstable-2022-05-09"; + + src = fetchFromGitHub { + owner = "Arachnid"; + repo = "evmdis"; + rev = "7fad4fbee443262839ce9f88111b417801163086"; + hash = "sha256-jfbjXoGT8RtwLlqX13kcKdiFlhrVwA7Ems6abGJVRbA="; + }; + + vendorHash = null; + + preBuild = '' + # Add go modules support + cp ${./go.mod} go.mod + ''; + + ldflags = [ "-s" "-w" ]; + + meta = with lib; { + homepage = "https://github.com/Arachnid/evmdis"; + description = "Ethereum EVM disassembler"; + license = [ licenses.asl20 ]; + maintainers = with maintainers; [ asymmetric ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/evmdis/go.mod b/nixpkgs/pkgs/development/tools/analysis/evmdis/go.mod new file mode 100644 index 000000000000..d71cfe70845d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/evmdis/go.mod @@ -0,0 +1,3 @@ +module github.com/Arachnid/evmdis + +go 1.18 diff --git a/nixpkgs/pkgs/development/tools/analysis/findbugs/default.nix b/nixpkgs/pkgs/development/tools/analysis/findbugs/default.nix new file mode 100644 index 000000000000..63301622c1fb --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/findbugs/default.nix @@ -0,0 +1,46 @@ +{ lib, stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "findbugs"; + version = "3.0.1"; + + src = fetchurl { + url = "mirror://sourceforge/${pname}/${pname}-${version}.tar.gz"; + sha256 = "06b46fz4nid7qvm36r66zw01fr87y4jyz21ixw27b8hkqah0s3p8"; + }; + + buildPhase = '' + substituteInPlace bin/findbugs --replace /bin/pwd pwd + ''; + + installPhase = '' + d=$out/libexec/findbugs + mkdir -p $d $out/bin $out/nix-support + + cp -prd bin lib plugin doc $d/ + rm $d/bin/*.bat + for i in $d/bin/*; do + if [ -f $i ]; then ln -s $i $out/bin/; fi + done + + # Get rid of unnecessary JARs. + rm $d/lib/ant.jar + + # Make some JARs findable. + mkdir -p $out/share/java + ln -s $d/lib/{findbugs.jar,findbugs-ant.jar} $out/share/java/ + + cat <<EOF > $out/nix-support/setup-hook + export FINDBUGS_HOME=$d + EOF + ''; + + meta = with lib; { + description = "A static analysis tool to find bugs in Java programs automatically"; + homepage = "https://findbugs.sourceforge.net/"; + maintainers = with maintainers; [ pSub ]; + platforms = with platforms; unix; + sourceProvenance = with sourceTypes; [ binaryBytecode ]; + license = licenses.lgpl3; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/flow/default.nix b/nixpkgs/pkgs/development/tools/analysis/flow/default.nix new file mode 100644 index 000000000000..21811bd668c7 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/flow/default.nix @@ -0,0 +1,45 @@ +{ lib, stdenv, fetchFromGitHub, ocamlPackages, CoreServices }: + +stdenv.mkDerivation rec { + pname = "flow"; + version = "0.228.0"; + + src = fetchFromGitHub { + owner = "facebook"; + repo = "flow"; + rev = "v${version}"; + hash = "sha256-JUmDnpa9hvaGBcZR+OOD9R4P06x94zAdXW1SotXlcMc="; + }; + + postPatch = '' + substituteInPlace src/services/inference/check_cache.ml --replace 'Core_kernel' 'Core' + ''; + + makeFlags = [ "FLOW_RELEASE=1" ]; + + # Work around https://github.com/NixOS/nixpkgs/issues/166205. + env = lib.optionalAttrs stdenv.cc.isClang { + NIX_LDFLAGS = "-l${stdenv.cc.libcxx.cxxabi.libName}"; + }; + + installPhase = '' + install -Dm755 bin/flow $out/bin/flow + install -Dm644 resources/shell/bash-completion $out/share/bash-completion/completions/flow + ''; + + strictDeps = true; + + nativeBuildInputs = with ocamlPackages; [ ocaml dune_3 findlib ocamlbuild ]; + + buildInputs = lib.optionals stdenv.isDarwin [ CoreServices ] + ++ (with ocamlPackages; [ core_kernel dtoa fileutils lwt_log lwt_ppx ocaml_lwt ppx_deriving ppx_gen_rec ppx_let sedlex visitors wtf8 ] ++ lib.optionals stdenv.isLinux [ inotify ]); + + meta = with lib; { + description = "A static type checker for JavaScript"; + homepage = "https://flow.org/"; + changelog = "https://github.com/facebook/flow/blob/v${version}/Changelog.md"; + license = licenses.mit; + platforms = ocamlPackages.ocaml.meta.platforms; + maintainers = with maintainers; [ marsam puffnfresh ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/frama-c/default.nix b/nixpkgs/pkgs/development/tools/analysis/frama-c/default.nix new file mode 100644 index 000000000000..1bf477cf3d16 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/frama-c/default.nix @@ -0,0 +1,108 @@ +{ lib, stdenv, fetchurl, fetchpatch, makeWrapper, writeText +, graphviz, doxygen +, ocamlPackages, ltl2ba, coq, why3 +, gdk-pixbuf, wrapGAppsHook +}: + +let + mkocamlpath = p: "${p}/lib/ocaml/${ocamlPackages.ocaml.version}/site-lib"; + runtimeDeps = with ocamlPackages; [ + apron.dev + bigarray-compat + biniou + camlzip + easy-format + menhirLib + mlgmpidl + num + ocamlgraph + ppx_deriving + ppx_deriving_yojson + ppx_import + stdlib-shims + why3.dev + re + result + seq + sexplib + sexplib0 + parsexp + base + unionFind + yojson + zarith + ]; + ocamlpath = lib.concatMapStringsSep ":" mkocamlpath runtimeDeps; +in + +stdenv.mkDerivation rec { + pname = "frama-c"; + version = "28.0"; + slang = "Nickel"; + + src = fetchurl { + url = "https://frama-c.com/download/frama-c-${version}-${slang}.tar.gz"; + hash = "sha256-KWEogjMOy27d0LTKOvwEkrcND+szeaG46JMZTG4XOYM="; + }; + + preConfigure = '' + substituteInPlace src/dune --replace " bytes " " " + ''; + + postConfigure = "patchShebangs src/plugins/eva/gen-api.sh"; + + strictDeps = true; + + nativeBuildInputs = [ wrapGAppsHook ] ++ (with ocamlPackages; [ ocaml findlib dune_3 menhir ]); + + buildInputs = with ocamlPackages; [ + dune-site dune-configurator + ltl2ba ocamlgraph yojson menhirLib camlzip + lablgtk3 lablgtk3-sourceview3 coq graphviz zarith apron why3 mlgmpidl doxygen + ppx_deriving ppx_import ppx_deriving_yaml ppx_deriving_yojson + gdk-pixbuf + unionFind + ]; + + buildPhase = '' + runHook preBuild + dune build -j$NIX_BUILD_CORES --release @install + runHook postBuild + ''; + + installFlags = [ "PREFIX=$(out)" ]; + + preFixup = '' + gappsWrapperArgs+=(--prefix OCAMLPATH ':' ${ocamlpath}:$out/lib/) + ''; + + # Allow loading of external Frama-C plugins + setupHook = writeText "setupHook.sh" '' + addFramaCPath () { + if test -d "''$1/lib/frama-c/plugins"; then + export FRAMAC_PLUGIN="''${FRAMAC_PLUGIN-}''${FRAMAC_PLUGIN:+:}''$1/lib/frama-c/plugins" + export OCAMLPATH="''${OCAMLPATH-}''${OCAMLPATH:+:}''$1/lib/frama-c/plugins" + fi + + if test -d "''$1/lib/frama-c"; then + export OCAMLPATH="''${OCAMLPATH-}''${OCAMLPATH:+:}''$1/lib/frama-c" + fi + + if test -d "''$1/share/frama-c/"; then + export FRAMAC_EXTRA_SHARE="''${FRAMAC_EXTRA_SHARE-}''${FRAMAC_EXTRA_SHARE:+:}''$1/share/frama-c" + fi + + } + + addEnvHooks "$targetOffset" addFramaCPath + ''; + + + meta = { + description = "An extensible and collaborative platform dedicated to source-code analysis of C software"; + homepage = "http://frama-c.com/"; + license = lib.licenses.lgpl21; + maintainers = with lib.maintainers; [ thoughtpolice amiddelk ]; + platforms = lib.platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/garcosim/tracefilegen/default.nix b/nixpkgs/pkgs/development/tools/analysis/garcosim/tracefilegen/default.nix new file mode 100644 index 000000000000..f7f5e84c012b --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/garcosim/tracefilegen/default.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, fetchFromGitHub, cmake }: + +stdenv.mkDerivation rec { + + pname = "tracefilegen"; + version = "unstable-2017-05-13"; + + src = fetchFromGitHub { + owner = "GarCoSim"; + repo = "TraceFileGen"; + rev = "0ebfd1fdb54079d4bdeaa81fc9267ecb9f016d60"; + sha256 = "1gsx18ksgz5gwl3v62vgrmhxc0wc99i74qwhpn0h57zllk41drjc"; + }; + + nativeBuildInputs = [ cmake ]; + + patches = [ ./gcc7.patch ]; + + installPhase = '' + install -Dm755 TraceFileGen $out/bin/TraceFileGen + mkdir -p $out/share/doc/${pname}-${version}/ + cp -ar $src/Documentation/html $out/share/doc/${pname}-${version}/. + ''; + + meta = with lib; { + description = "Automatically generate all types of basic memory management operations and write into trace files"; + homepage = "https://github.com/GarCoSim"; + maintainers = [ maintainers.cmcdragonkai ]; + license = licenses.gpl2; + platforms = platforms.linux; + }; + +} diff --git a/nixpkgs/pkgs/development/tools/analysis/garcosim/tracefilegen/gcc7.patch b/nixpkgs/pkgs/development/tools/analysis/garcosim/tracefilegen/gcc7.patch new file mode 100644 index 000000000000..48301bbf61ad --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/garcosim/tracefilegen/gcc7.patch @@ -0,0 +1,13 @@ +diff --git a/Utils/Logger.cpp b/Utils/Logger.cpp +index 747cd63..e3efdf1 100644 +--- a/Utils/Logger.cpp ++++ b/Utils/Logger.cpp +@@ -29,7 +29,7 @@ Logger::Logger(char* tracepath) { + trace = fopen(tracepath, "w"); + + // dot file is not used, set null as default value +- dot = '\0'; ++ dot = nullptr; + //dot = fopen("gcKons.dot", "w"); + //fprintf(dot,"digraph G {\n"); + } diff --git a/nixpkgs/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix b/nixpkgs/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix new file mode 100644 index 000000000000..a76b6b9239e1 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/garcosim/tracefilesim/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation { + + pname = "tracefilesim"; + version = "unstable-2015-11-07"; + + src = fetchFromGitHub { + owner = "GarCoSim"; + repo = "TraceFileSim"; + rev = "368aa6b1d6560e7ecbd16fca47000c8f528f3da2"; + sha256 = "156m92k38ap4bzidbr8dzl065rni8lrib71ih88myk9z5y1x5nxm"; + }; + + hardeningDisable = [ "fortify" ]; + + installPhase = '' + mkdir --parents "$out/bin" + cp ./traceFileSim "$out/bin" + ''; + + meta = with lib; { + description = "Ease the analysis of existing memory management techniques, as well as the prototyping of new memory management techniques"; + homepage = "https://github.com/GarCoSim"; + maintainers = [ maintainers.cmcdragonkai ]; + license = licenses.gpl2; + platforms = platforms.linux; + }; + +} diff --git a/nixpkgs/pkgs/development/tools/analysis/hopper/default.nix b/nixpkgs/pkgs/development/tools/analysis/hopper/default.nix new file mode 100644 index 000000000000..d7b519b04c34 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/hopper/default.nix @@ -0,0 +1,76 @@ +{ stdenv +, fetchurl +, lib +, autoPatchelfHook +, wrapQtAppsHook +, gmpxx +, gnustep +, libbsd +, libffi_3_3 +, ncurses6 +}: + +stdenv.mkDerivation rec { + pname = "hopper"; + version = "5.5.3"; + rev = "v4"; + + src = fetchurl { + url = "https://d2ap6ypl1xbe4k.cloudfront.net/Hopper-${rev}-${version}-Linux-demo.pkg.tar.xz"; + hash = "sha256-xq9ZVg1leHm/tq6LYyQLa8p5dDwBd64Jt92uMoE0z58="; + }; + + sourceRoot = "."; + + nativeBuildInputs = [ + autoPatchelfHook + wrapQtAppsHook + ]; + + buildInputs = [ + gnustep.libobjc + libbsd + libffi_3_3 + ncurses6 + ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin + mkdir -p $out/lib + mkdir -p $out/share + + cp $sourceRoot/opt/hopper-${rev}/bin/Hopper $out/bin/hopper + cp \ + --archive \ + $sourceRoot/opt/hopper-${rev}/lib/libBlocksRuntime.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libdispatch.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libgnustep-base.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libHopperCore.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libkqueue.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libobjcxx.so* \ + $sourceRoot/opt/hopper-${rev}/lib/libpthread_workqueue.so* \ + $out/lib + + cp -r $sourceRoot/usr/share $out + + runHook postInstall + ''; + + postFixup = '' + substituteInPlace "$out/share/applications/hopper-${rev}.desktop" \ + --replace "Exec=/opt/hopper-${rev}/bin/Hopper" "Exec=$out/bin/hopper" + ''; + + meta = with lib; { + homepage = "https://www.hopperapp.com/index.html"; + description = "A macOS and Linux Disassembler"; + license = licenses.unfree; + maintainers = with maintainers; [ + luis + Enteee + ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/hotspot/default.nix b/nixpkgs/pkgs/development/tools/analysis/hotspot/default.nix new file mode 100644 index 000000000000..bbf91ec28fb4 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/hotspot/default.nix @@ -0,0 +1,82 @@ +{ lib +, mkDerivation +, cmake +, elfutils +, extra-cmake-modules +, fetchFromGitHub +, kconfigwidgets +, ki18n +, kio +, kitemmodels +, kitemviews +, kparts +, kwindowsystem +, libelf +, qtbase +, threadweaver +, qtx11extras +, zstd +, kddockwidgets +, rustc-demangle +}: + +mkDerivation rec { + pname = "hotspot"; + version = "1.4.1"; + + src = fetchFromGitHub { + owner = "KDAB"; + repo = "hotspot"; + rev = "refs/tags/v${version}"; + hash = "sha256-DW4R7+rnonmEMbCkNS7TGodw+3mEyHl6OlFK3kbG5HM="; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ + cmake + extra-cmake-modules + ]; + buildInputs = [ + (elfutils.override { enableDebuginfod = true; }) # perfparser needs to find debuginfod.h + kconfigwidgets + ki18n + kio + kitemmodels + kitemviews + kparts + kwindowsystem + libelf + qtbase + threadweaver + qtx11extras + zstd + kddockwidgets + rustc-demangle + ]; + + # hotspot checks for the presence of third party libraries' + # git directory to give a nice warning when you forgot to clone + # submodules; but Nix clones them and removes .git (for reproducibility). + # So we need to fake their existence here. + postPatch = '' + mkdir -p 3rdparty/{perfparser,PrefixTickLabels}/.git + ''; + + qtWrapperArgs = [ + "--prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ rustc-demangle ]}" + ]; + + meta = with lib; { + description = "A GUI for Linux perf"; + longDescription = '' + hotspot is a GUI replacement for `perf report`. + It takes a perf.data file, parses and evaluates its contents and + then displays the result in a graphical way. + ''; + homepage = "https://github.com/KDAB/hotspot"; + changelog = "https://github.com/KDAB/hotspot/releases/tag/v${version}"; + license = with licenses; [ gpl2Only gpl3Only ]; + platforms = platforms.linux; + maintainers = with maintainers; [ nh2 ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/ikos/default.nix b/nixpkgs/pkgs/development/tools/analysis/ikos/default.nix new file mode 100644 index 000000000000..50f4f552e0ff --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/ikos/default.nix @@ -0,0 +1,50 @@ +{ stdenv, lib, fetchFromGitHub, fetchpatch, cmake, boost, tbb +, gmp, llvm, clang, sqlite, python3 +, ocamlPackages, mpfr, ppl, doxygen, graphviz +}: + +let + python = python3.withPackages (ps: with ps; [ + pygments + ]); +in + +stdenv.mkDerivation rec { + pname = "ikos"; + version = "3.1"; + + src = fetchFromGitHub { + owner = "NASA-SW-VnV"; + repo = "ikos"; + rev = "v${version}"; + hash = "sha256-scaFkUhCkIi41iR6CGPbEndzXkgqTKMb3PDNvhgVbCE="; + }; + + patches = [ (fetchpatch { + url = "https://github.com/NASA-SW-VnV/ikos/commit/2e647432427b3f0dbb639e0371d976ab6406f290.patch"; + hash = "sha256-ffzjlqEp4qp76Kwl5zpyQlg/xUMt8aLDSSP4XA4ndS8="; + }) + # Fix build with GCC 13 + # https://github.com/NASA-SW-VnV/ikos/pull/262 + (fetchpatch { + name = "gcc-13.patch"; + url = "https://github.com/NASA-SW-VnV/ikos/commit/73c816641fb9780f0d3b5e448510363a3cf21ce2.patch"; + hash = "sha256-bkeSAtxrL+z+6QNiGOWSg7kN8XiZqMxlJiu5Dquhca0="; + }) + ]; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ boost tbb gmp clang llvm sqlite python + ocamlPackages.apron mpfr ppl doxygen graphviz ]; + + cmakeFlags = [ "-DAPRON_ROOT=${ocamlPackages.apron}" ]; + + postBuild = "make doc"; + + meta = with lib; { + homepage = "https://github.com/NASA-SW-VnV/ikos"; + description = "Static analyzer for C/C++ based on the theory of Abstract Interpretation"; + license = licenses.nasa13; + maintainers = with maintainers; [ atnnn ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/include-what-you-use/default.nix b/nixpkgs/pkgs/development/tools/analysis/include-what-you-use/default.nix new file mode 100644 index 000000000000..7266b76a4ad6 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/include-what-you-use/default.nix @@ -0,0 +1,51 @@ +{ lib, stdenv, fetchurl, cmake, llvmPackages, python3 }: + +stdenv.mkDerivation rec { + pname = "include-what-you-use"; + # Also bump llvmPackages in all-packages.nix to the supported version! + version = "0.21"; + + src = fetchurl { + url = "${meta.homepage}/downloads/${pname}-${version}.src.tar.gz"; + hash = "sha256-ajUZGf+JvafJXIlUcmAYaNs9qrlqlYs44DYokNWHYLY="; + }; + + postPatch = '' + patchShebangs . + ''; + + nativeBuildInputs = with llvmPackages; [ cmake llvm.dev llvm python3 ]; + buildInputs = with llvmPackages; [ libclang clang-unwrapped python3 ]; + + clang = llvmPackages.clang; + + cmakeFlags = [ "-DCMAKE_PREFIX_PATH=${llvmPackages.llvm.dev}" ]; + + postInstall = '' + substituteInPlace $out/bin/iwyu_tool.py \ + --replace "'include-what-you-use'" "'$out/bin/include-what-you-use'" + + + mv $out/bin/include-what-you-use $out/bin/.include-what-you-use-unwrapped + mv $out/bin/iwyu_tool.py $out/bin/.iwyu_tool.py-unwrapped + substituteAll ${./wrapper} $out/bin/include-what-you-use + ln -s $out/bin/include-what-you-use $out/bin/iwyu_tool.py + chmod +x $out/bin/include-what-you-use + patchShebangs $out/bin/include-what-you-use + ''; + + meta = with lib; { + description = "Analyze #includes in C/C++ source files with clang"; + longDescription = '' + For every symbol (type, function variable, or macro) that you use in + foo.cc, either foo.cc or foo.h should #include a .h file that exports the + declaration of that symbol. The main goal of include-what-you-use is to + remove superfluous #includes, both by figuring out what #includes are not + actually needed for this file (for both .cc and .h files), and by + replacing #includes with forward-declares when possible. + ''; + homepage = "https://include-what-you-use.org"; + license = licenses.bsd3; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/include-what-you-use/wrapper b/nixpkgs/pkgs/development/tools/analysis/include-what-you-use/wrapper new file mode 100755 index 000000000000..3fd37902cf2d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/include-what-you-use/wrapper @@ -0,0 +1,26 @@ +#!/bin/sh + +buildcpath() { + local path after + while (( $# )); do + case $1 in + -isystem) + shift + path=$path${path:+':'}$1 + ;; + -idirafter) + shift + after=$after${after:+':'}$1 + ;; + esac + shift + done + echo $path${after:+':'}$after +} + +export CPATH=${CPATH}${CPATH:+':'}$(buildcpath ${NIX_CFLAGS_COMPILE} \ + $(<@clang@/nix-support/libc-cflags)):@clang@/resource-root/include +export CPLUS_INCLUDE_PATH=${CPLUS_INCLUDE_PATH}${CPLUS_INCLUDE_PATH:+':'}$(buildcpath ${NIX_CFLAGS_COMPILE} \ + $(<@clang@/nix-support/libcxx-cxxflags) \ + $(<@clang@/nix-support/libc-cflags)):@clang@/resource-root/include +exec -a "$0" @out@/bin/.$(basename $0)-unwrapped "$@" diff --git a/nixpkgs/pkgs/development/tools/analysis/jacoco/default.nix b/nixpkgs/pkgs/development/tools/analysis/jacoco/default.nix new file mode 100644 index 000000000000..3bcd7b59160f --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/jacoco/default.nix @@ -0,0 +1,44 @@ +{ lib +, stdenv +, fetchzip +, makeWrapper +, jre +}: + +stdenv.mkDerivation rec { + pname = "jacoco"; + version = "0.8.11"; + + src = fetchzip { + url = "https://search.maven.org/remotecontent?filepath=org/jacoco/jacoco/${version}/jacoco-${version}.zip"; + stripRoot = false; + sha256 = "sha256-Sd4Kh5ts0IdHhd9vF1XZzZ2KFRb+rsnzpam6Ysxu910="; + }; + + outputs = [ "out" "doc" ]; + + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + runHook preInstall + + mkdir -p $doc/share/doc $out/bin + + cp -r doc $doc/share/doc/jacoco + install -Dm444 lib/* -t $out/share/java + + makeWrapper ${jre}/bin/java $out/bin/jacoco \ + --add-flags "-jar $out/share/java/jacococli.jar" + + runHook postInstall + ''; + + meta = with lib; { + description = "A free code coverage library for Java"; + homepage = "https://www.jacoco.org/jacoco"; + changelog = "https://www.jacoco.org/jacoco/trunk/doc/changes.html"; + license = licenses.epl20; + platforms = platforms.all; + maintainers = with maintainers; [ figsoda ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/jdepend/default.nix b/nixpkgs/pkgs/development/tools/analysis/jdepend/default.nix new file mode 100644 index 000000000000..498a484a89f0 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/jdepend/default.nix @@ -0,0 +1,58 @@ +{ lib +, stdenv +, fetchFromGitHub +, ant +, jdk +, makeWrapper +, canonicalize-jars-hook +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "jdepend"; + version = "2.10"; + + src = fetchFromGitHub { + owner = "clarkware"; + repo = "jdepend"; + rev = finalAttrs.version; + hash = "sha256-0/xGgAaJ7TTUHxShJbbcPzTODk4lDn+FOn5St5McrtM="; + }; + + nativeBuildInputs = [ + ant + jdk + makeWrapper + canonicalize-jars-hook + ]; + + buildPhase = '' + runHook preBuild + ant jar + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + install -Dm644 dist/jdepend-*.jar -t $out/share/jdepend + + makeWrapper ${jdk.jre}/bin/java $out/bin/jdepend \ + --add-flags "-classpath $out/share/jdepend/jdepend-*.jar" + + for type in "swingui" "textui" "xmlui"; do + makeWrapper $out/bin/jdepend $out/bin/jdepend-$type \ + --add-flags "jdepend.$type.JDepend" + done + + runHook postInstall + ''; + + meta = with lib; { + changelog = "https://github.com/clarkware/jdepend/blob/${finalAttrs.src.rev}/CHANGELOG.md"; + description = "Traverses Java class file directories and generates design quality metrics for each Java package"; + homepage = "http://www.clarkware.com/software/JDepend.html"; + license = licenses.bsd3; + maintainers = with maintainers; [ pSub ]; + platforms = platforms.linux; + }; +}) diff --git a/nixpkgs/pkgs/development/tools/analysis/kcov/default.nix b/nixpkgs/pkgs/development/tools/analysis/kcov/default.nix new file mode 100644 index 000000000000..473dc9d7a4bb --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/kcov/default.nix @@ -0,0 +1,83 @@ +{ lib +, stdenv +, fetchFromGitHub +, cmake +, pkg-config +, zlib +, curl +, elfutils +, python3 +, libiberty +, libopcodes +, runCommandCC +, rustc +}: + +let + self = + stdenv.mkDerivation rec { + pname = "kcov"; + version = "42"; + + src = fetchFromGitHub { + owner = "SimonKagstrom"; + repo = "kcov"; + rev = "v${version}"; + sha256 = "sha256-8/182RjuNuyFzSyCgyyximGaveDyhStwIQg29S5U/pI="; + }; + + preConfigure = "patchShebangs src/bin-to-c-source.py"; + nativeBuildInputs = [ cmake pkg-config python3 ]; + + buildInputs = [ curl zlib elfutils libiberty libopcodes ]; + + strictDeps = true; + + passthru.tests = { + works-on-c = runCommandCC "works-on-c" { } '' + set -ex + cat - > a.c <<EOF + int main() {} + EOF + $CC a.c -o a.out + ${self}/bin/kcov /tmp/kcov ./a.out + test -e /tmp/kcov/index.html + touch $out + set +x + ''; + + works-on-rust = runCommandCC "works-on-rust" { nativeBuildInputs = [ rustc ]; } '' + set -ex + cat - > a.rs <<EOF + fn main() {} + EOF + # Put gcc in the path so that `cc` is found + rustc a.rs -o a.out + ${self}/bin/kcov /tmp/kcov ./a.out + test -e /tmp/kcov/index.html + touch $out + set +x + ''; + }; + + meta = with lib; { + description = "Code coverage tester for compiled programs, Python scripts and shell scripts"; + + longDescription = '' + Kcov is a code coverage tester for compiled programs, Python + scripts and shell scripts. It allows collecting code coverage + information from executables without special command-line + arguments, and continuosly produces output from long-running + applications. + ''; + + homepage = "http://simonkagstrom.github.io/kcov/index.html"; + license = licenses.gpl2; + changelog = "https://github.com/SimonKagstrom/kcov/blob/master/ChangeLog"; + + maintainers = with maintainers; [ gal_bolle ekleog ]; + platforms = platforms.linux; + }; + }; +in +self diff --git a/nixpkgs/pkgs/development/tools/analysis/lcov/default.nix b/nixpkgs/pkgs/development/tools/analysis/lcov/default.nix new file mode 100644 index 000000000000..349b44730b8a --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/lcov/default.nix @@ -0,0 +1,45 @@ + {lib, stdenv, fetchFromGitHub, perl, perlPackages, makeWrapper }: + +stdenv.mkDerivation rec { + pname = "lcov"; + version = "1.16"; + + src = fetchFromGitHub { + owner = "linux-test-project"; + repo = "lcov"; + rev = "v${version}"; + sha256 = "sha256-X1T5OqR6NgTNGedH1on3+XZ7369007By6tRJK8xtmbk="; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ perl ]; + + preBuild = '' + patchShebangs bin/ + makeFlagsArray=(PREFIX=$out LCOV_PERL_PATH=$(command -v perl)) + ''; + + postInstall = '' + wrapProgram $out/bin/lcov --set PERL5LIB ${perlPackages.makeFullPerlPath [ perlPackages.PerlIOgzip perlPackages.JSON ]} + wrapProgram $out/bin/genpng --set PERL5LIB ${perlPackages.makeFullPerlPath [ perlPackages.GD ]} + ''; + + meta = with lib; { + description = "Code coverage tool that enhances GNU gcov"; + + longDescription = + '' LCOV is an extension of GCOV, a GNU tool which provides information + about what parts of a program are actually executed (i.e., + "covered") while running a particular test case. The extension + consists of a set of PERL scripts which build on the textual GCOV + output to implement the following enhanced functionality such as + HTML output. + ''; + + homepage = "https://ltp.sourceforge.net/coverage/lcov.php"; + license = lib.licenses.gpl2Plus; + + maintainers = with maintainers; [ dezgeg ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/makefile2graph/default.nix b/nixpkgs/pkgs/development/tools/analysis/makefile2graph/default.nix new file mode 100644 index 000000000000..dea310ede42e --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/makefile2graph/default.nix @@ -0,0 +1,33 @@ +{ lib, stdenv, fetchFromGitHub, makeWrapper, bash, gnumake }: + +stdenv.mkDerivation rec { + pname = "makefile2graph"; + version = "2021.11.06"; + + src = fetchFromGitHub { + owner = "lindenb"; + repo = "makefile2graph"; + rev = "refs/tags/${version}"; + hash = "sha256-4jyftC0eCJ13X/L4uEWhT5FA5/UXUmSHSoba89GSySQ="; + }; + + nativeBuildInputs = [ makeWrapper ]; + + makeFlags = [ "prefix=$(out)" ]; + + fixupPhase = '' + substituteInPlace $out/bin/makefile2graph \ + --replace '/bin/sh' ${bash}/bin/bash \ + --replace 'make2graph' "$out/bin/make2graph" + wrapProgram $out/bin/makefile2graph \ + --set PATH ${lib.makeBinPath [ gnumake ]} + ''; + + meta = with lib; { + homepage = "https://github.com/lindenb/makefile2graph"; + description = "Creates a graph of dependencies from GNU-Make; Output is a graphiz-dot file or a Gexf-XML file"; + maintainers = with maintainers; [ cmcdragonkai ]; + license = licenses.mit; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/massif-visualizer/default.nix b/nixpkgs/pkgs/development/tools/analysis/massif-visualizer/default.nix new file mode 100644 index 000000000000..78f8bbeb683e --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/massif-visualizer/default.nix @@ -0,0 +1,30 @@ +{ + mkDerivation, lib, fetchurl, + extra-cmake-modules, shared-mime-info, + qtsvg, qtxmlpatterns, karchive, kconfig, kcoreaddons, kparts, kio, ki18n, + kdiagram, kgraphviewer +}: + +mkDerivation rec { + pname = "massif-visualizer"; + version = "0.7.0"; + + src = fetchurl { + url = "mirror://kde/stable/massif-visualizer/${version}/src/${pname}-${version}.tar.xz"; + sha256 = "0v8z6r9gngzckvqyxjm9kp7hilwfqibyk2f9vag9l98ar0iwr97q"; + }; + + nativeBuildInputs = [ extra-cmake-modules shared-mime-info ]; + + buildInputs = [ + qtsvg qtxmlpatterns karchive kconfig kcoreaddons kparts kio ki18n + kdiagram kgraphviewer + ]; + + meta = with lib; { + description = "Tool that visualizes massif data generated by valgrind"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ zraexy ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/nix-linter/default.nix b/nixpkgs/pkgs/development/tools/analysis/nix-linter/default.nix new file mode 100644 index 000000000000..aa60f5aa757d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/nix-linter/default.nix @@ -0,0 +1,47 @@ +{ lib +, mkDerivation +, fetchFromGitHub +, fixplate +, tasty +, tasty-hunit +, tasty-th +, streamly +, mtl +, path +, pretty-terminal +, text +, base +, aeson +, path-io +, cmdargs +, containers +, hnix +, bytestring +}: + +mkDerivation rec { + pname = "nix-linter"; + version = "0.2.0.4"; + + src = fetchFromGitHub { + owner = "Synthetica9"; + repo = "nix-linter"; + rev = "ecdd50750fd3ffaff83c0637474b884a0c38f8b9"; + sha256 = "0hm6iaamh1wlvqk8z4yfh4idgbclbsimxhlgflwz2hnv9mm12sf1"; + }; + + isLibrary = false; + isExecutable = true; + libraryHaskellDepends = [ fixplate ]; + executableHaskellDepends = [ streamly mtl path pretty-terminal text base aeson cmdargs containers hnix bytestring path-io ]; + testHaskellDepends = [ tasty tasty-hunit tasty-th ]; + + description = "Linter for Nix(pkgs), based on hnix"; + homepage = "https://github.com/Synthetica9/nix-linter"; + license = lib.licenses.bsd3; + maintainers = [ lib.maintainers.marsam ]; + + # doesn't build on ghc92 + hydraPlatforms = lib.platforms.none; + broken = true; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/oclgrind/default.nix b/nixpkgs/pkgs/development/tools/analysis/oclgrind/default.nix new file mode 100644 index 000000000000..74f856e23de0 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/oclgrind/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchFromGitHub, cmake, llvmPackages_12, readline, python3 }: + +stdenv.mkDerivation rec { + pname = "oclgrind"; + version = "21.10"; + + src = fetchFromGitHub { + owner = "jrprice"; + repo = "oclgrind"; + rev = "v${version}"; + sha256 = "sha256-DGCF7X2rPV1w9guxg2bMylRirXQgez24sG7Unlct3ow="; + }; + + nativeBuildInputs = [ cmake ]; + nativeCheckInputs = [ python3 ]; + buildInputs = [ llvmPackages_12.llvm llvmPackages_12.clang-unwrapped readline ]; + + cmakeFlags = [ + "-DCLANG_ROOT=${llvmPackages_12.clang-unwrapped}" + ]; + + meta = with lib; { + description = "An OpenCL device simulator and debugger"; + homepage = "https://github.com/jrprice/oclgrind"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = with maintainers; [ athas ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/panopticon/default.nix b/nixpkgs/pkgs/development/tools/analysis/panopticon/default.nix new file mode 100644 index 000000000000..4e01fba57798 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/panopticon/default.nix @@ -0,0 +1,52 @@ +{ stdenv, lib, fetchFromGitHub, rustPlatform, qt5, git, cmake +, pkg-config, makeWrapper }: + +rustPlatform.buildRustPackage rec { + pname = "panopticon"; + version = "unstable-20171202"; + + src = fetchFromGitHub { + owner = "das-labor"; + repo = pname; + rev = "33ffec0d6d379d51b38d6ea00d040f54b1356ae4"; + sha256 = "1zv87nqhrzsxx0m891df4vagzssj3kblfv9yp7j96dw0vn9950qa"; + }; + + nativeBuildInputs = [ cmake pkg-config makeWrapper ]; + propagatedBuildInputs = with qt5; [ + qt5.qtbase + qtdeclarative + qtsvg + qtquickcontrols2 + qtgraphicaleffects + git + ]; + + dontWrapQtApps = true; + + cargoSha256 = "0vhcb3kw1zgchx3nrk8lyrz8p5071y99vsysxvi71klv7dcvn0am"; + doCheck = false; + + postInstall = '' + mkdir -p $out/share/${pname} $out/bin + cp -R qml $out/share/${pname} + mv $out/bin/${pname} $out/share/${pname} + chmod +x $out/share/${pname} + makeWrapper $out/share/${pname}/${pname} $out/bin/${pname} + ''; + + meta = with lib; { + description = "A libre cross-platform disassembler"; + longDescription = '' + Panopticon is a cross platform disassembler for reverse + engineering written in Rust. It can disassemble AMD64, + x86, AVR and MOS 6502 instruction sets and open ELF files. + Panopticon comes with Qt GUI for browsing and annotating + control flow graphs. + ''; + license = with licenses; [ gpl3 ]; + maintainers = with maintainers; [ leenaars ]; + # never built on aarch64-linux since first introduction in nixpkgs + broken = stdenv.isDarwin || (stdenv.isLinux && stdenv.isAarch64); + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/pev/default.nix b/nixpkgs/pkgs/development/tools/analysis/pev/default.nix new file mode 100644 index 000000000000..a46bc067f11b --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/pev/default.nix @@ -0,0 +1,30 @@ +{ lib, stdenv, openssl, fetchFromGitHub }: + +stdenv.mkDerivation { + pname = "pev"; + version = "unstable-2020-05-23"; + + src = fetchFromGitHub { + owner = "merces"; + repo = "pev"; + rev = "beec2b4f09585fea919ed41ce466dee06be0b6bf"; + sha256 = "sha256-HrMbk9YbuqkoBBM7+rfXpqVEnd1rDl2rMePdcfU1WDg="; + fetchSubmodules = true; + }; + + buildInputs = [ openssl ]; + + enableParallelBuilding = true; + + makeFlags = [ "prefix=$(out)" ]; + + installFlags = [ "prefix=$(out)" ]; + + meta = with lib; { + description = "A full-featured, open source, multiplatform command line toolkit to work with PE (Portable Executables) binaries"; + homepage = "https://pev.sourceforge.net/"; + license = licenses.gpl2; + maintainers = with maintainers; [ jeschli ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/pmd/default.nix b/nixpkgs/pkgs/development/tools/analysis/pmd/default.nix new file mode 100644 index 000000000000..f50fb16d8bc8 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/pmd/default.nix @@ -0,0 +1,41 @@ +{ lib, stdenv, fetchurl, unzip, makeWrapper, openjdk }: + +stdenv.mkDerivation rec { + pname = "pmd"; + version = "6.55.0"; + + src = fetchurl { + url = "https://github.com/pmd/pmd/releases/download/pmd_releases/${version}/pmd-bin-${version}.zip"; + hash = "sha256-Iaz5bUPLQNWRyszMHCCmb8eW6t32nqYYEllER7rHoR0="; + }; + + nativeBuildInputs = [ unzip makeWrapper ]; + + dontConfigure = true; + dontBuild = true; + + installPhase = '' + runHook preInstall + + install -Dm755 bin/run.sh $out/libexec/pmd + install -Dm644 lib/*.jar -t $out/lib/pmd + + wrapProgram $out/libexec/pmd \ + --prefix PATH : ${openjdk.jre}/bin \ + --set LIB_DIR $out/lib/pmd + + for app in pmd cpd cpdgui designer bgastviewer designerold ast-dump; do + makeWrapper $out/libexec/pmd $out/bin/$app --argv0 $app --add-flags $app + done + + runHook postInstall + ''; + + meta = with lib; { + description = "An extensible cross-language static code analyzer"; + homepage = "https://pmd.github.io/"; + changelog = "https://pmd.github.io/pmd-${version}/pmd_release_notes.html"; + platforms = platforms.unix; + license = with licenses; [ bsdOriginal asl20 ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/qcachegrind/default.nix b/nixpkgs/pkgs/development/tools/analysis/qcachegrind/default.nix new file mode 100644 index 000000000000..6a463c566091 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/qcachegrind/default.nix @@ -0,0 +1,44 @@ +{ lib, stdenv, qmake, qtbase, perl, php, kcachegrind, wrapQtAppsHook }: + +stdenv.mkDerivation { + pname = "qcachegrind"; + version = kcachegrind.version; + + src = kcachegrind.src; + + buildInputs = [ qtbase perl php ]; + + nativeBuildInputs = [ qmake wrapQtAppsHook ]; + + dontWrapQtApps = true; + + postInstall = '' + mkdir -p $out/bin + cp -p converters/dprof2calltree $out/bin/dprof2calltree + cp -p converters/memprof2calltree $out/bin/memprof2calltree + cp -p converters/op2calltree $out/bin/op2calltree + cp -p converters/pprof2calltree $out/bin/pprof2calltree + chmod -R +x $out/bin/ + '' + (if stdenv.isDarwin then '' + mkdir -p $out/Applications + cp cgview/cgview.app/Contents/MacOS/cgview $out/bin + cp -a qcachegrind/qcachegrind.app $out/Applications + '' else '' + install qcachegrind/qcachegrind cgview/cgview -t "$out/bin" + install -Dm644 qcachegrind/qcachegrind.desktop -t "$out/share/applications" + install -Dm644 kcachegrind/32-apps-kcachegrind.png "$out/share/icons/hicolor/32x32/apps/kcachegrind.png" + install -Dm644 kcachegrind/48-apps-kcachegrind.png "$out/share/icons/hicolor/48x48/apps/kcachegrind.png" + ''); + + preFixup = '' + wrapQtApp "$out/bin/qcachegrind" + ''; + + meta = with lib; { + broken = stdenv.isDarwin; + description = "A Qt GUI to visualize profiling data"; + license = licenses.gpl2Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ periklis ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/radare2/default.nix b/nixpkgs/pkgs/development/tools/analysis/radare2/default.nix new file mode 100644 index 000000000000..a053d40c89f1 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/radare2/default.nix @@ -0,0 +1,118 @@ +{ lib +, stdenv +, fetchFromGitHub +, fetchpatch +, buildPackages +, pkg-config +, meson +, ninja +, libusb-compat-0_1 +, readline +, libewf +, perl +, zlib +, openssl +, libuv +, file +, libzip +, xxHash +, gtk2 +, vte +, gtkdialog +, python3 +, ruby +, lua +, lz4 +, capstone +, useX11 ? false +, rubyBindings ? false +, luaBindings ? false +}: + +let + # FIXME: Compare revision with + # https://github.com/radareorg/radare2/blob/master/libr/arch/p/arm/v35/Makefile#L26-L27 + arm64 = fetchFromGitHub { + owner = "radareorg"; + repo = "vector35-arch-arm64"; + rev = "55d73c6bbb94448a5c615933179e73ac618cf876"; + hash = "sha256-pZxxp5xDg8mgkGEx7LaBSoKxNPyggFYA4um9YaO20LU="; + }; + armv7 = fetchFromGitHub { + owner = "radareorg"; + repo = "vector35-arch-armv7"; + rev = "f270a6cc99644cb8e76055b6fa632b25abd26024"; + hash = "sha256-YhfgJ7M8ys53jh1clOzj0I2yfJshXQm5zP0L9kMYsmk="; + }; +in +stdenv.mkDerivation rec { + pname = "radare2"; + version = "5.8.8"; + + src = fetchFromGitHub { + owner = "radare"; + repo = "radare2"; + rev = "refs/tags/${version}"; + hash = "sha256-JGNV5xSyrjcO2ZgOjzDqzfZyALPSCyA3DZx/D8ffmKA="; + }; + + preBuild = '' + pushd ../libr/arch/p/arm/v35 + cp -r ${arm64} arch-arm64 + chmod -R +w arch-arm64 + + cp -r ${armv7} arch-armv7 + chmod -R +w arch-armv7 + popd + ''; + + postFixup = lib.optionalString stdenv.isDarwin '' + install_name_tool -add_rpath $out/lib $out/lib/libr_io.${version}.dylib + ''; + + mesonFlags = [ + "-Duse_sys_capstone=true" + "-Duse_sys_magic=true" + "-Duse_sys_zip=true" + "-Duse_sys_xxhash=true" + "-Duse_sys_lz4=true" + "-Dr2_gittap=${version}" + ]; + + enableParallelBuilding = true; + depsBuildBuild = [ buildPackages.stdenv.cc ]; + + strictDeps = true; + + nativeBuildInputs = [ pkg-config meson ninja python3 ]; + buildInputs = [ + capstone + file + readline + libusb-compat-0_1 + libewf + perl + zlib + openssl + libuv + lz4 + ] ++ lib.optionals useX11 [ gtkdialog vte gtk2 ] + ++ lib.optionals rubyBindings [ ruby ] + ++ lib.optionals luaBindings [ lua ]; + + propagatedBuildInputs = [ + # radare2 exposes r_lib which depends on these libraries + file # for its list of magic numbers (`libmagic`) + libzip + xxHash + ]; + + meta = with lib; { + description = "UNIX-like reverse engineering framework and command-line tools"; + homepage = "https://radare.org"; + changelog = "https://github.com/radareorg/radare2/releases/tag/${version}"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ azahi raskin makefu mic92 arkivm ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/randoop/default.nix b/nixpkgs/pkgs/development/tools/analysis/randoop/default.nix new file mode 100644 index 000000000000..f5936704e304 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/randoop/default.nix @@ -0,0 +1,29 @@ +{ lib, stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + version = "4.3.2"; + pname = "randoop"; + + src = fetchurl { + url = "https://github.com/randoop/randoop/releases/download/v${version}/${pname}-${version}.zip"; + sha256 = "sha256-lcYI0Yns/R5VeOUG68Xe8h1BO8wlKvL1CZIqzWkgsqo="; + }; + + nativeBuildInputs = [ unzip ]; + + installPhase = '' + mkdir -p $out/lib $out/doc + + cp -R *.jar $out/lib + cp README.txt $out/doc + ''; + + meta = with lib; { + description = "Automatic test generation for Java"; + homepage = "https://randoop.github.io/randoop/"; + sourceProvenance = with sourceTypes; [ binaryBytecode ]; + license = licenses.mit; + maintainers = with maintainers; [ pSub ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/retdec/default.nix b/nixpkgs/pkgs/development/tools/analysis/retdec/default.nix new file mode 100644 index 000000000000..95e95bb34bab --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/retdec/default.nix @@ -0,0 +1,236 @@ +{ stdenv +, fetchFromGitHub +, fetchpatch +, fetchzip +, writeText +, lib +, openssl +, cmake +, autoconf +, automake +, libtool +, pkg-config +, bison +, flex +, groff +, perl +, python3 +, ncurses +, time +, upx +, gtest +, libffi +, libxml2 +, zlib +, enableTests ? true +, buildDevTools ? true +, compileYaraPatterns ? true +}: + +let + # all dependencies that are normally fetched during build time (the subdirectories of `deps`) + # all of these need to be fetched through nix and applied via their <NAME>_URL cmake variable + capstone = fetchFromGitHub { + owner = "capstone-engine"; + repo = "capstone"; + rev = "5.0-rc2"; + sha256 = "sha256-nB7FcgisBa8rRDS3k31BbkYB+tdqA6Qyj9hqCnFW+ME="; + }; + llvm = fetchFromGitHub { + owner = "avast-tl"; + repo = "llvm"; + rev = "2a1f3d8a97241c6e91710be8f84cf3cf80c03390"; + sha256 = "sha256-+v1T0VI9R92ed9ViqsfYZMJtPCjPHCr4FenoYdLuFOU="; + }; + yaracpp = fetchFromGitHub { + owner = "VirusTotal"; + repo = "yara"; + rev = "v4.2.0-rc1"; + sha256 = "sha256-WcN6ClYO2d+/MdG06RHx3kN0o0WVAY876dJiG7CwJ8w="; + }; + yaramod = fetchFromGitHub { + owner = "avast"; + repo = "yaramod"; + rev = "aa06dd408c492a8f4488774caf2ee105ccc23ab5"; + sha256 = "sha256-NVDRf2U5H92EN/Ks//uxNEaeKU+sT4VL4QyyYMO+zKk="; + }; + keystone = fetchFromGitHub { + # only for tests + owner = "keystone-engine"; + repo = "keystone"; + rev = "d7ba8e378e5284e6384fc9ecd660ed5f6532e922"; + sha256 = "1yzw3v8xvxh1rysh97y0i8y9svzbglx2zbsqjhrfx18vngh0x58f"; + }; + + retdec-support-version = "2019-03-08"; + retdec-support = + { rev = retdec-support-version; } // # for checking the version against the expected version + fetchzip { + url = "https://github.com/avast-tl/retdec-support/releases/download/${retdec-support-version}/retdec-support_${retdec-support-version}.tar.xz"; + hash = "sha256-t1tx4MfLW/lwtbO5JQ1nrFBIOeMclq+0dENuXW+ahIM="; + stripRoot = false; + }; + + check-dep = name: dep: + '' + context="$(grep ${name}_URL --after-context 1 cmake/deps.cmake)" + expected="$(echo "$context" | grep --only-matching '".*"')" + have="${dep.rev}" + + echo "checking ${name} dependency matches deps.cmake..."; + if ! echo "$expected" | grep -q "$have"; then + printf '%s\n' "${name} version does not match!" " nix: $have, expected: $expected" + false + fi + ''; + + deps = { + CAPSTONE = capstone; + LLVM = llvm; + YARA = yaracpp; + YARAMOD = yaramod; + SUPPORT_PKG = retdec-support; + } // lib.optionalAttrs enableTests { + KEYSTONE = keystone; + # nixpkgs googletest is used + # GOOGLETEST = googletest; + }; + + # overwrite install-share.py to copy instead of download. + # we use this so the copy happens at the right time in the build, + # otherwise, the build process cleans the directory. + install-share = + writeText + "install-share.py" + '' + import os, sys, shutil, subprocess + + install_path, arch_url, sha256hash_ref, version = sys.argv[1:] + support_dir = os.path.join(install_path, 'share', 'retdec', 'support') + + assert os.path.isdir(arch_url), "nix install-share.py expects a path for support url" + + os.makedirs(support_dir, exist_ok=True) + shutil.copytree(arch_url, support_dir, dirs_exist_ok=True) + subprocess.check_call(['chmod', '-R', 'u+w', support_dir]) + ''; +in +stdenv.mkDerivation (self: { + pname = "retdec"; + + # If you update this you will also need to adjust the versions of the updated dependencies. + # I've notified upstream about this problem here: + # https://github.com/avast-tl/retdec/issues/412 + # + # The dependencies and their sources are listed in this file: + # https://github.com/avast/retdec/blob/master/cmake/deps.cmake + version = "5.0"; + + src = fetchFromGitHub { + owner = "avast"; + repo = "retdec"; + rev = "refs/tags/v${self.version}"; + sha256 = "sha256-H4e+aSgdBBbG6X6DzHGiDEIASPwBVNVsfHyeBTQLAKI="; + }; + + patches = [ + # gcc 13 compatibility: https://github.com/avast/retdec/pull/1153 + (fetchpatch { + url = "https://github.com/avast/retdec/commit/dbaab2c3d17b1eae22c581e8ab6bfefadf4ef6ae.patch"; + hash = "sha256-YqHYPGAGWT4x6C+CpsOSsOIZ+NPM2FBQtGQFs74OUIQ="; + }) + ]; + + nativeBuildInputs = [ + cmake + autoconf + automake + libtool + pkg-config + bison + flex + groff + perl + python3 + ]; + + buildInputs = [ + openssl + ncurses + libffi + libxml2 + zlib + ] ++ lib.optional self.doInstallCheck gtest; + + cmakeFlags = [ + (lib.cmakeBool "RETDEC_TESTS" self.doInstallCheck) # build tests + (lib.cmakeBool "RETDEC_DEV_TOOLS" buildDevTools) # build tools e.g. capstone2llvmir, retdectool + (lib.cmakeBool "RETDEC_COMPILE_YARA" compileYaraPatterns) # build and install compiled patterns + ] ++ lib.mapAttrsToList (k: v: lib.cmakeFeature "${k}_URL" "${v}") deps; + + preConfigure = + lib.concatStringsSep "\n" (lib.mapAttrsToList check-dep deps) + + + '' + cp -v ${install-share} ./support/install-share.py + + # the CMakeLists assume CMAKE_INSTALL_BINDIR, etc are path components but in Nix, they are absolute. + # therefore, we need to remove the unnecessary CMAKE_INSTALL_PREFIX prepend. + substituteInPlace ./CMakeLists.txt \ + --replace-warn "''$"{CMAKE_INSTALL_PREFIX}/"''$"{RETDEC_INSTALL_BIN_DIR} "''$"{CMAKE_INSTALL_FULL_BINDIR} \ + --replace-warn "''$"{CMAKE_INSTALL_PREFIX}/"''$"{RETDEC_INSTALL_LIB_DIR} "''$"{CMAKE_INSTALL_FULL_LIBDIR} \ + + # --replace "''$"{CMAKE_INSTALL_PREFIX}/"''$"{RETDEC_INSTALL_SUPPORT_DIR} "''$"{RETDEC_INSTALL_SUPPORT_DIR} + # note! Nix does not set CMAKE_INSTALL_DATADIR to an absolute path, so this replacement would be incorrect + + # similarly for yaramod. here, we fix the LIBDIR to lib64. for whatever reason, only "lib64" works. + substituteInPlace deps/yaramod/CMakeLists.txt \ + --replace-fail "''$"{YARAMOD_INSTALL_DIR}/"''$"{CMAKE_INSTALL_LIBDIR} "''$"{YARAMOD_INSTALL_DIR}/lib64 \ + --replace-fail CMAKE_ARGS 'CMAKE_ARGS -DCMAKE_INSTALL_LIBDIR=lib64' + + # yara needs write permissions in the generated source directory. + echo ${lib.escapeShellArg '' + ExternalProject_Add_Step( + yara chmod WORKING_DIRECTORY ''${YARA_DIR} + DEPENDEES download COMMAND chmod -R u+w . + ) + ''} >> deps/yara/CMakeLists.txt + + # patch gtest to use the system package + gtest=deps/googletest/CMakeLists.txt + old="$(cat $gtest)" + (echo 'find_package(GTest REQUIRED)'; echo "$old") > $gtest + sed -i 's/ExternalProject_[^(]\+[(]/ set(IGNORED /g' $gtest + + substituteInPlace $gtest \ + --replace-fail '$'{GTEST_LIB} "GTest::gtest"\ + --replace-fail '$'{GMOCK_LIB} "GTest::gmock"\ + --replace-fail '$'{GTEST_MAIN_LIB} "GTest::gtest_main"\ + --replace-fail '$'{GMOCK_MAIN_LIB} "GTest::gmock_main" + + # without git history, there is no chance these tests will pass. + substituteInPlace tests/utils/version_tests.cpp \ + --replace-quiet VersionTests DISABLED_VersionTests + + substituteInPlace scripts/retdec-utils.py \ + --replace-warn /usr/bin/time ${time} \ + --replace-warn /usr/local/bin/gtime ${time} + substituteInPlace scripts/retdec-unpacker.py \ + --replace-warn "'upx'" "'${upx}'" + ''; + + doInstallCheck = enableTests; + installCheckPhase = '' + ${python3.interpreter} "$out/bin/retdec-tests-runner.py" + + rm -rf $out/bin/__pycache__ + ''; + + meta = with lib; { + description = "A retargetable machine-code decompiler based on LLVM"; + homepage = "https://retdec.com"; + license = licenses.mit; + maintainers = with maintainers; [ dtzWill katrinafyi ]; + platforms = [ "x86_64-linux" ]; + }; +}) diff --git a/nixpkgs/pkgs/development/tools/analysis/rizin/cutter.nix b/nixpkgs/pkgs/development/tools/analysis/rizin/cutter.nix new file mode 100644 index 000000000000..480f20f04f49 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/rizin/cutter.nix @@ -0,0 +1,103 @@ +{ lib +, fetchFromGitHub +, fetchpatch +, stdenv +# for passthru.plugins +, pkgs +# nativeBuildInputs +, cmake +, pkg-config +, wrapQtAppsHook +# Qt +, qt5compat +, qtbase +, qtwayland +, qtsvg +, qttools +, qtwebengine +# buildInputs +, graphviz +, python3 +, rizin +}: + +let cutter = stdenv.mkDerivation rec { + pname = "cutter"; + version = "2.3.2"; + + src = fetchFromGitHub { + owner = "rizinorg"; + repo = "cutter"; + rev = "v${version}"; + hash = "sha256-88yIqFYIv7o6aC2YSJwWJ46fZJBnOmifv+SirsfS4tw="; + fetchSubmodules = true; + }; + + patches = [ + # tracking: https://github.com/rizinorg/cutter/pull/3268 + (fetchpatch { + name = "cutter-simplify-python-binding-include-handling.patch"; + url = "https://github.com/rizinorg/cutter/compare/7256fbb00e92ab12a24d14a92364db482ed295cb..ca5949d9d7c907185cf3d062d9fa71c34c5960d4.diff"; + hash = "sha256-bqV2FTA8lMNpHBDXdenNx+1cLYa7MH47XKo1YatmLV4="; + }) + ]; + + nativeBuildInputs = [ + cmake + pkg-config + python3 + wrapQtAppsHook + ]; + + propagatedBuildInputs = [ + python3.pkgs.pyside6 + ]; + + buildInputs = [ + graphviz + python3 + qt5compat + qtbase + qtsvg + qttools + qtwebengine + rizin + ] ++ lib.optionals stdenv.isLinux [ + qtwayland + ]; + + cmakeFlags = [ + "-DCUTTER_USE_BUNDLED_RIZIN=OFF" + "-DCUTTER_ENABLE_PYTHON=ON" + "-DCUTTER_ENABLE_PYTHON_BINDINGS=ON" + "-DCUTTER_ENABLE_GRAPHVIZ=ON" + "-DCUTTER_QT6=ON" + ]; + + preBuild = '' + qtWrapperArgs+=(--prefix PYTHONPATH : "$PYTHONPATH") + ''; + + passthru = rec { + plugins = rizin.plugins // { + rz-ghidra = rizin.plugins.rz-ghidra.override { + inherit cutter qtbase qtsvg; + enableCutterPlugin = true; + }; + }; + withPlugins = filter: pkgs.callPackage ./wrapper.nix { + inherit rizin cutter; + isCutter = true; + plugins = filter plugins; + }; + }; + + meta = with lib; { + description = "Free and Open Source Reverse Engineering Platform powered by rizin"; + homepage = src.meta.homepage; + license = licenses.gpl3; + mainProgram = "cutter"; + maintainers = with maintainers; [ mic92 dtzWill ]; + inherit (rizin.meta) platforms; + }; +}; in cutter diff --git a/nixpkgs/pkgs/development/tools/analysis/rizin/default.nix b/nixpkgs/pkgs/development/tools/analysis/rizin/default.nix new file mode 100644 index 000000000000..3112e438da05 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/rizin/default.nix @@ -0,0 +1,134 @@ +{ lib +, pkgs # for passthru.plugins +, stdenv +, fetchurl +, pkg-config +, libusb-compat-0_1 +, readline +, libewf +, perl +, zlib +, openssl +, file +, libmspack +, libzip +, lz4 +, xxHash +, xz +, meson +, python3 +, cmake +, ninja +, capstone +, tree-sitter +}: + +let rizin = stdenv.mkDerivation rec { + pname = "rizin"; + version = "0.6.3"; + + src = fetchurl { + url = "https://github.com/rizinorg/rizin/releases/download/v${version}/rizin-src-v${version}.tar.xz"; + hash = "sha256-lfZMarnm2qnp+lY0OY649s206/LoFNouTLlp0x9FCcI="; + }; + + mesonFlags = [ + "-Duse_sys_capstone=enabled" + "-Duse_sys_magic=enabled" + "-Duse_sys_libzip=enabled" + "-Duse_sys_zlib=enabled" + "-Duse_sys_lz4=enabled" + "-Duse_sys_lzma=enabled" + "-Duse_sys_xxhash=enabled" + "-Duse_sys_openssl=enabled" + "-Duse_sys_libmspack=enabled" + "-Duse_sys_tree_sitter=enabled" + # this is needed for wrapping (adding plugins) to work + "-Dportable=true" + ]; + + # Normally, Rizin only looks for files in the install prefix. With + # portable=true, it instead looks for files in relation to the parent + # of the directory of the binary file specified in /proc/self/exe, + # caching it. This patch replaces the entire logic to only look at + # the env var NIX_RZ_PREFIX + patches = [ ./librz-wrapper-support.patch ]; + + nativeBuildInputs = [ + pkg-config + meson + (python3.withPackages (pp: with pp; [ + pyyaml + ])) + ninja + cmake + ]; + + # meson's find_library seems to not use our compiler wrapper if static parameter + # is either true/false... We work around by also providing LIBRARY_PATH + preConfigure = '' + LIBRARY_PATH="" + for b in ${toString (map lib.getLib buildInputs)}; do + if [[ -d "$b/lib" ]]; then + LIBRARY_PATH="$b/lib''${LIBRARY_PATH:+:}$LIBRARY_PATH" + fi + done + export LIBRARY_PATH + '' + lib.optionalString stdenv.isDarwin '' + substituteInPlace binrz/rizin/macos_sign.sh \ + --replace 'codesign' '# codesign' + ''; + + buildInputs = [ + file + libzip + capstone + readline + libusb-compat-0_1 + libewf + perl + zlib + lz4 + openssl + libmspack + tree-sitter + xxHash + xz + ]; + + postPatch = '' + # find_installation without arguments uses Meson’s Python interpreter, + # which does not have any extra modules. + # https://github.com/mesonbuild/meson/pull/9904 + substituteInPlace meson.build \ + --replace "import('python').find_installation()" "find_program('python3')" + ''; + + passthru = rec { + plugins = { + jsdec = pkgs.callPackage ./jsdec.nix { + inherit rizin openssl; + }; + rz-ghidra = pkgs.qt6.callPackage ./rz-ghidra.nix { + inherit rizin openssl; + enableCutterPlugin = false; + }; + # sigdb isn't a real plugin, but it's separated from the main rizin + # derivation so that only those who need it will download it + sigdb = pkgs.callPackage ./sigdb.nix { }; + }; + withPlugins = filter: pkgs.callPackage ./wrapper.nix { + inherit rizin; + plugins = filter plugins; + }; + }; + + meta = { + description = "UNIX-like reverse engineering framework and command-line toolset."; + homepage = "https://rizin.re/"; + license = lib.licenses.gpl3Plus; + mainProgram = "rizin"; + maintainers = with lib.maintainers; [ raskin makefu mic92 ]; + platforms = with lib.platforms; unix; + }; +}; in rizin diff --git a/nixpkgs/pkgs/development/tools/analysis/rizin/jsdec.nix b/nixpkgs/pkgs/development/tools/analysis/rizin/jsdec.nix new file mode 100644 index 000000000000..df291d169eb5 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/rizin/jsdec.nix @@ -0,0 +1,35 @@ +{ lib +, stdenv +, fetchFromGitHub +, meson +, pkg-config +, ninja +, rizin +, openssl +}: + +stdenv.mkDerivation rec { + pname = "jsdec"; + version = "0.6.0"; + + src = fetchFromGitHub { + owner = "rizinorg"; + repo = "jsdec"; + rev = "v${version}"; + hash = "sha256-iVaxxPBIJRhZrmejAOL/Fb4k66mGsZOBs7UikgMj5WA="; + }; + + nativeBuildInputs = [ meson ninja pkg-config ]; + preConfigure = '' + cd p + ''; + mesonFlags = [ "-Djsc_folder=.." ]; + buildInputs = [ openssl rizin ]; + + meta = with lib; { + description = "Simple decompiler for Rizin"; + homepage = src.meta.homepage; + license = with licenses; [ asl20 bsd3 mit ]; + maintainers = with maintainers; [ chayleaf ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/rizin/librz-wrapper-support.patch b/nixpkgs/pkgs/development/tools/analysis/rizin/librz-wrapper-support.patch new file mode 100644 index 000000000000..23df0d22c69a --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/rizin/librz-wrapper-support.patch @@ -0,0 +1,13 @@ +diff --git a/librz/util/path.c b/librz/util/path.c +index 8ea3d67..f4a8918 100644 +--- a/librz/util/path.c ++++ b/librz/util/path.c +@@ -35,6 +35,8 @@ static void fini_portable_prefix(void) { + } + + static char *set_portable_prefix(void) { ++ return rz_sys_getenv("NIX_RZ_PREFIX"); ++ + char *pid_to_path = rz_sys_pid_to_path(rz_sys_getpid()); + if (!pid_to_path) { + return NULL; diff --git a/nixpkgs/pkgs/development/tools/analysis/rizin/rz-ghidra.nix b/nixpkgs/pkgs/development/tools/analysis/rizin/rz-ghidra.nix new file mode 100644 index 000000000000..d2cb95f2d962 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/rizin/rz-ghidra.nix @@ -0,0 +1,67 @@ +{ lib +, stdenv +, fetchFromGitHub +, fetchpatch +, cmake +# buildInputs +, rizin +, openssl +, pugixml +# optional buildInputs +, enableCutterPlugin ? true +, cutter +, qt5compat +, qtbase +, qtsvg +}: + +stdenv.mkDerivation rec { + pname = "rz-ghidra"; + version = "0.6.0"; + + src = fetchFromGitHub { + owner = "rizinorg"; + repo = "rz-ghidra"; + rev = "v${version}"; + hash = "sha256-tQAurouRr6fP1tbIkfd0a9UfeYcwiU1BpjOTcooXkT0="; + fetchSubmodules = true; + }; + + patches = [ + (fetchpatch { + url = "https://github.com/rizinorg/rz-ghidra/pull/327/commits/eba20e2c743ed3dfc5d1be090a5018f7267baa49.patch"; + hash = "sha256-aoXFClXZBcOnHl+6lLYrnui7sRb3cRJQhQfNDLxHtcs="; + }) + ]; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ + openssl + pugixml + rizin + ] ++ lib.optionals enableCutterPlugin [ + cutter + qt5compat + qtbase + qtsvg + ]; + + dontWrapQtApps = true; + + cmakeFlags = [ + "-DUSE_SYSTEM_PUGIXML=ON" + ] ++ lib.optionals enableCutterPlugin [ + "-DBUILD_CUTTER_PLUGIN=ON" + "-DCUTTER_INSTALL_PLUGDIR=share/rizin/cutter/plugins/native" + ]; + + meta = with lib; { + # errors out with undefined symbols from Cutter + broken = enableCutterPlugin && stdenv.isDarwin; + description = "Deep ghidra decompiler and sleigh disassembler integration for rizin"; + homepage = src.meta.homepage; + license = licenses.lgpl3; + maintainers = with maintainers; [ chayleaf ]; + inherit (rizin.meta) platforms; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/rizin/sigdb.nix b/nixpkgs/pkgs/development/tools/analysis/rizin/sigdb.nix new file mode 100644 index 000000000000..2c4bdaebbaba --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/rizin/sigdb.nix @@ -0,0 +1,36 @@ +{ lib +, fetchFromGitHub +, stdenvNoCC +}: + +stdenvNoCC.mkDerivation rec { + pname = "rizin-sigdb"; + version = "unstable-2023-02-13"; + + src = fetchFromGitHub { + owner = "rizinorg"; + # sigdb-source: source files (.pat and etc), around 2.5gb total + # sigdb: built and deflated .sig files, around 50mb total + repo = "sigdb"; + rev = "829baf835e3515923266898fd597f7f75046ebd2"; + hash = "sha256-zvGna2CEsDctc9P7hWTaz7kdtxAtPsXHNWOrRQ9ocdc="; + }; + + buildPhase = '' + mkdir installdir + cp -r elf pe installdir + .scripts/verify-sigs-install.sh + ''; + + installPhase = '' + mkdir -p $out/share/rizin + mv installdir $out/share/rizin/sigdb + ''; + + meta = with lib; { + description = "Rizin FLIRT Signature Database"; + homepage = src.meta.homepage; + license = licenses.lgpl3; + maintainers = with lib.maintainers; [ chayleaf ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/rizin/wrapper.nix b/nixpkgs/pkgs/development/tools/analysis/rizin/wrapper.nix new file mode 100644 index 000000000000..11d046c27f6d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/rizin/wrapper.nix @@ -0,0 +1,44 @@ +{ lib +, makeWrapper +, symlinkJoin +, plugins +, rizin +, isCutter ? false +, cutter +}: + +let + unwrapped = if isCutter then cutter else rizin; +in +symlinkJoin { + name = "${unwrapped.pname}-with-plugins-${unwrapped.version}"; + + # NIX_RZ_PREFIX only changes where *Rizin* locates files (plugins, + # themes, etc). But we must change it even for wrapping Cutter, because + # Cutter plugins often have associated Rizin plugins. This means that + # $out (which NIX_RZ_PREFIX will be set to) must always contain Rizin + # files, even if we only wrap Cutter - so for Cutter, include Rizin to + # symlinkJoin paths. + paths = [ unwrapped ] ++ lib.optional isCutter rizin ++ plugins; + + nativeBuildInputs = [ makeWrapper ]; + + passthru = { + inherit unwrapped; + }; + + postBuild = '' + rm $out/bin/* + wrapperArgs=(--set NIX_RZ_PREFIX $out${ + lib.optionalString isCutter " --prefix XDG_DATA_DIRS : $out/share" + }) + for binary in $(ls ${unwrapped}/bin); do + makeWrapper ${unwrapped}/bin/$binary $out/bin/$binary "''${wrapperArgs[@]}" + done + ''; + + meta = unwrapped.meta // { + # prefer wrapped over unwrapped + priority = (unwrapped.meta.priority or 0) - 1; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/rr/default.nix b/nixpkgs/pkgs/development/tools/analysis/rr/default.nix new file mode 100644 index 000000000000..412b62593d27 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/rr/default.nix @@ -0,0 +1,76 @@ +{ lib, stdenv, fetchFromGitHub, fetchpatch +, cmake, pkg-config, which, makeWrapper +, libpfm, zlib, python3Packages, procps, gdb, capnproto +}: + +stdenv.mkDerivation rec { + version = "5.7.0"; + pname = "rr"; + + src = fetchFromGitHub { + owner = "mozilla"; + repo = "rr"; + rev = version; + hash = "sha256-n1Jbhr77bI0AXncY/RquNVSwwnnAXt31RmKtAa1/oHg="; + }; + + patches = [ ]; + + postPatch = '' + substituteInPlace src/Command.cc --replace '_BSD_SOURCE' '_DEFAULT_SOURCE' + sed '7i#include <math.h>' -i src/Scheduler.cc + sed '1i#include <ctime>' -i src/test-monitor/test-monitor.cc + patchShebangs . + ''; + + # With LTO enabled, linking fails with the following message: + # + # src/AddressSpace.cc:1666: undefined reference to `rr_syscall_addr' + # ld.bfd: bin/rr: hidden symbol `rr_syscall_addr' isn't defined + # ld.bfd: final link failed: bad value + # collect2: error: ld returned 1 exit status + # + # See also https://github.com/NixOS/nixpkgs/pull/110846 + preConfigure = ''substituteInPlace CMakeLists.txt --replace "-flto" ""''; + + nativeBuildInputs = [ cmake pkg-config which makeWrapper ]; + buildInputs = [ + libpfm zlib python3Packages.python python3Packages.pexpect procps gdb capnproto + ]; + cmakeFlags = [ + "-Ddisable32bit=ON" + ]; + + # we turn on additional warnings due to hardening + env.NIX_CFLAGS_COMPILE = "-Wno-error"; + + hardeningDisable = [ "fortify" ]; + + # FIXME + doCheck = false; + + preCheck = "export HOME=$TMPDIR"; + + # needs GDB to replay programs at runtime + preFixup = '' + wrapProgram "$out/bin/rr" \ + --prefix PATH ":" "${lib.makeBinPath [ + gdb + ]}"; + ''; + + meta = { + homepage = "https://rr-project.org/"; + description = "Records nondeterministic executions and debugs them deterministically"; + longDescription = '' + rr aspires to be your primary debugging tool, replacing -- well, + enhancing -- gdb. You record a failure once, then debug the + recording, deterministically, as many times as you want. Every + time the same execution is replayed. + ''; + + license = with lib.licenses; [ mit bsd2 ]; + maintainers = with lib.maintainers; [ pierron thoughtpolice ]; + platforms = [ "i686-linux" "x86_64-linux" "aarch64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/rr/zen_workaround.nix b/nixpkgs/pkgs/development/tools/analysis/rr/zen_workaround.nix new file mode 100644 index 000000000000..3ec69aabf8d2 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/rr/zen_workaround.nix @@ -0,0 +1,45 @@ +{ stdenv, lib, fetchzip, kernel }: + +/* The python script shouldn't be needed for users of this kernel module. + https://github.com/rr-debugger/rr/blob/master/scripts/zen_workaround.py + The module itself is called "zen_workaround" (a bit generic unfortunately). +*/ +stdenv.mkDerivation rec { + pname = "rr-zen_workaround"; + version = "2020-09-22"; + + src = fetchzip { + url = "https://gist.github.com/glandium/01d54cefdb70561b5f6675e08f2990f2/archive/2f430f0c136a69b0886281d0c76708997d8878af.zip"; + sha256 = "1mbmbyymgl75wparv3rgnyxnc44rd6n935jziz9anl9apy031ryi"; + }; + + hardeningDisable = [ "pic" ]; + nativeBuildInputs = kernel.moduleBuildDependencies; + + makeFlags = [ + "-C${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" + ]; + postConfigure = '' + makeFlags="$makeFlags M=$(pwd)" + ''; + buildFlags = [ "modules" ]; + + installPhase = let + modDestDir = "$out/lib/modules/${kernel.modDirVersion}/kernel"; #TODO: longer path? + in '' + runHook preInstall + mkdir -p "${modDestDir}" + cp *.ko "${modDestDir}/" + find ${modDestDir} -name '*.ko' -exec xz -f '{}' \; + runHook postInstall + ''; + + meta = with lib; { + description = "Kernel module supporting the rr debugger on (some) AMD Zen-based CPUs"; + homepage = "https://github.com/rr-debugger/rr/wiki/Zen#kernel-module"; + license = licenses.gpl2; + maintainers = [ maintainers.vcunat ]; + platforms = [ "x86_64-linux" ]; + broken = versionOlder kernel.version "4.19"; # 4.14 breaks and 4.19 works + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/smatch/default.nix b/nixpkgs/pkgs/development/tools/analysis/smatch/default.nix new file mode 100644 index 000000000000..2100b72c9878 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/smatch/default.nix @@ -0,0 +1,39 @@ +{ lib +, stdenv +, fetchFromGitHub +, pkg-config +, sqlite +, openssl +, buildllvmsparse ? false +, buildc2xml ? false +, libllvm +, libxml2 +}: + +stdenv.mkDerivation rec { + pname = "smatch"; + version = "1.73"; + + src = fetchFromGitHub { + owner = "error27"; + repo = "smatch"; + rev = version; + sha256 = "sha256-Pv3bd2cjnQKnhH7TrkYWfDEeaq6u/q/iK1ZErzn6bME="; + }; + + nativeBuildInputs = [ pkg-config ]; + + buildInputs = [ sqlite openssl ] + ++ lib.optionals buildllvmsparse [ libllvm ] + ++ lib.optionals buildc2xml [ libxml2.dev ]; + + makeFlags = [ "PREFIX=${placeholder "out"}" "CXX=${stdenv.cc.targetPrefix}c++" ]; + + meta = with lib; { + description = "A semantic analysis tool for C"; + homepage = "https://sparse.docs.kernel.org/"; + maintainers = with maintainers; [ marsam ]; + license = licenses.gpl2Plus; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/snowman/default.nix b/nixpkgs/pkgs/development/tools/analysis/snowman/default.nix new file mode 100644 index 000000000000..870f084580b8 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/snowman/default.nix @@ -0,0 +1,31 @@ +{ lib, mkDerivation, fetchFromGitHub, cmake, boost, qtbase }: + +mkDerivation rec { + pname = "snowman"; + version = "0.1.3"; + + src = fetchFromGitHub { + owner = "yegord"; + repo = "snowman"; + rev = "v${version}"; + sha256 = "1mrmhj2nddi0d47c266vsg5vbapbqbcpj5ld4v1qcwnnk6z2zn0j"; + }; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ boost qtbase ]; + + postUnpack = '' + export sourceRoot=$sourceRoot/src + ''; + + meta = with lib; { + description = "Native code to C/C++ decompiler"; + homepage = "http://derevenets.com/"; + + # https://github.com/yegord/snowman/blob/master/doc/licenses.asciidoc + license = licenses.gpl3Plus; + maintainers = with maintainers; [ dtzWill ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/snyk/default.nix b/nixpkgs/pkgs/development/tools/analysis/snyk/default.nix new file mode 100644 index 000000000000..fc5db92cb161 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/snyk/default.nix @@ -0,0 +1,36 @@ +{ buildNpmPackage, fetchFromGitHub, lib, stdenv, testers, snyk }: + +buildNpmPackage rec { + pname = "snyk"; + version = "1.1276.0"; + + src = fetchFromGitHub { + owner = "snyk"; + repo = "cli"; + rev = "v${version}"; + hash = "sha256-l5Xx6z3NbtwdtKe8MmRWTJoKaEH3AZjHKXqoLv3rHfU="; + }; + + npmDepsHash = "sha256-FJGxCEhBADH4c1khJaVFHL4e25Mq4PHrez+2NPFBx0w="; + + postPatch = '' + substituteInPlace package.json --replace '"version": "1.0.0-monorepo"' '"version": "${version}"' + ''; + + env.NIX_CFLAGS_COMPILE = + # Fix error: no member named 'aligned_alloc' in the global namespace + lib.optionalString (stdenv.isDarwin && stdenv.isx86_64) "-D_LIBCPP_HAS_NO_LIBRARY_ALIGNED_ALLOCATION=1"; + + npmBuildScript = "build:prod"; + + passthru.tests.version = testers.testVersion { + package = snyk; + }; + + meta = with lib; { + description = "Scans and monitors projects for security vulnerabilities"; + homepage = "https://snyk.io"; + license = licenses.asl20; + maintainers = with maintainers; [ ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/sparse/default.nix b/nixpkgs/pkgs/development/tools/analysis/sparse/default.nix new file mode 100644 index 000000000000..497d571cf14c --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/sparse/default.nix @@ -0,0 +1,44 @@ +{ callPackage, fetchurl, lib, stdenv, gtk3, pkg-config, libxml2, llvm, perl, sqlite }: + +let + GCC_BASE = "${stdenv.cc.cc}/lib/gcc/${stdenv.hostPlatform.uname.processor}-unknown-linux-gnu/${stdenv.cc.cc.version}"; +in stdenv.mkDerivation rec { + pname = "sparse"; + version = "0.6.4"; + + src = fetchurl { + url = "mirror://kernel/software/devel/sparse/dist/${pname}-${version}.tar.xz"; + sha256 = "sha256-arKLSZG8au29c1UCkTYKpqs99B9ZIGqb3paQIIpuOHw="; + }; + + preConfigure = '' + sed -i 's|"/usr/include"|"${stdenv.cc.libc.dev}/include"|' pre-process.c + sed -i 's|qx(\$ccom -print-file-name=)|"${GCC_BASE}"|' cgcc + makeFlags+=" PREFIX=$out" + ''; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ gtk3 libxml2 llvm perl sqlite ]; + doCheck = true; + buildFlags = [ "GCC_BASE:=${GCC_BASE}" ]; + + # Test failures with "fortify3" on, such as: + # +*** buffer overflow detected ***: terminated + # +Aborted (core dumped) + # error: Actual exit value does not match the expected one. + # error: expected 0, got 134. + # error: FAIL: test 'bool-float.c' failed + hardeningDisable = [ "fortify3" ]; + + passthru.tests = { + simple-execution = callPackage ./tests.nix { }; + }; + + meta = with lib; { + description = "Semantic parser for C"; + homepage = "https://git.kernel.org/pub/scm/devel/sparse/sparse.git/"; + license = licenses.mit; + platforms = platforms.linux; + maintainers = with maintainers; [ thoughtpolice jkarlson ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/sparse/tests.nix b/nixpkgs/pkgs/development/tools/analysis/sparse/tests.nix new file mode 100644 index 000000000000..5eba254e537a --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/sparse/tests.nix @@ -0,0 +1,24 @@ +{ runCommand, gcc, sparse, writeText }: +let + src = writeText "CODE.c" '' + #include <stdio.h> + #include <stddef.h> + #include <stdlib.h> + + int main(int argc, char *argv[]) { + return EXIT_SUCCESS; + } + ''; +in + runCommand "${sparse.pname}-tests" { buildInputs = [ gcc sparse ]; meta.timeout = 3; } +'' + set -eu + ${sparse}/bin/cgcc ${src} > output 2>&1 || ret=$? + if [[ -z $(<output) ]]; then + mv output $out + else + echo "Test build returned $ret" + cat output + exit 1 + fi +'' diff --git a/nixpkgs/pkgs/development/tools/analysis/spin/default.nix b/nixpkgs/pkgs/development/tools/analysis/spin/default.nix new file mode 100644 index 000000000000..6c0f359fff5d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/spin/default.nix @@ -0,0 +1,47 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, bison, gcc, tk, swarm, graphviz }: + +let + binPath = lib.makeBinPath [ gcc graphviz tk swarm ]; +in + +stdenv.mkDerivation rec { + pname = "spin"; + version = "6.5.2"; + + src = fetchFromGitHub { + owner = "nimble-code"; + repo = "Spin"; + rev = "version-${version}"; + sha256 = "sha256-drvQXfDZCZRycBZt/VNngy8zs4XVJg+d1b4dQXVcyFU="; + }; + + nativeBuildInputs = [ makeWrapper ]; + buildInputs = [ bison ]; + + sourceRoot = "${src.name}/Src"; + + preBuild = '' + mkdir -p $out/bin + mkdir -p $out/share/man/man1 + ''; + + enableParallelBuilding = true; + makeFlags = [ "DESTDIR=$(out)" ]; + + postInstall = '' + wrapProgram $out/bin/spin --prefix PATH : ${binPath} + + mkdir -p $out/share/spin + cp $src/optional_gui/ispin.tcl $out/share/spin + makeWrapper $out/share/spin/ispin.tcl $out/bin/ispin \ + --prefix PATH : $out/bin:${binPath} + ''; + + meta = with lib; { + description = "Formal verification tool for distributed software systems"; + homepage = "https://spinroot.com/"; + license = licenses.bsd3; + platforms = platforms.unix; + maintainers = with maintainers; [ pSub siraben ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/splint/darwin.patch b/nixpkgs/pkgs/development/tools/analysis/splint/darwin.patch new file mode 100644 index 000000000000..8c435707571d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/splint/darwin.patch @@ -0,0 +1,13 @@ +diff --git a/src/osd.c b/src/osd.c +index ebe214a..4ba81d5 100644 +--- a/src/osd.c ++++ b/src/osd.c +@@ -516,7 +516,7 @@ osd_getPid () + # if defined (WIN32) || defined (OS2) && defined (__IBMC__) + int pid = _getpid (); + # else +- __pid_t pid = getpid (); ++ pid_t pid = getpid (); + # endif + + return (int) pid; diff --git a/nixpkgs/pkgs/development/tools/analysis/splint/default.nix b/nixpkgs/pkgs/development/tools/analysis/splint/default.nix new file mode 100644 index 000000000000..954342550eac --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/splint/default.nix @@ -0,0 +1,33 @@ +{ fetchurl, lib, stdenv, flex }: + +stdenv.mkDerivation rec { + pname = "splint"; + version = "3.1.2"; + + src = fetchurl { + url = "https://www.splint.org/downloads/${pname}-${version}.src.tgz"; + sha256 = "02pv8kscsrkrzip9r08pfs9xs98q74c52mlxzbii6cv6vx1vd3f7"; + }; + + patches = [ ./tmpdir.patch ] ++ lib.optional stdenv.isDarwin ./darwin.patch; + + buildInputs = [ flex ]; + + doCheck = true; + + meta = with lib; { + homepage = "http://www.splint.org/"; + description = "Annotation-assisted lightweight static analyzer for C"; + + longDescription = '' + Splint is a tool for statically checking C programs for security + vulnerabilities and coding mistakes. With minimal effort, Splint + can be used as a better lint. If additional effort is invested + adding annotations to programs, Splint can perform stronger + checking than can be done by any standard lint. + ''; + + license = licenses.gpl2Plus; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/splint/tmpdir.patch b/nixpkgs/pkgs/development/tools/analysis/splint/tmpdir.patch new file mode 100644 index 000000000000..01402ce943bc --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/splint/tmpdir.patch @@ -0,0 +1,16 @@ +Have Splint honor $TMPDIR. + +--- splint-3.1.2/src/context.c 2004-07-31 21:04:26.000000000 +0200 ++++ splint-3.1.2/src/context.c 2008-07-11 10:55:16.000000000 +0200 +@@ -801,7 +801,10 @@ context_resetAllFlags (void) + val = cstring_makeLiteral (env != NULL ? env : DEFAULT_TMPDIR); + } + # else +- val = cstring_makeLiteral (DEFAULT_TMPDIR); ++ { ++ char *env = getenv ("TMPDIR"); ++ val = cstring_makeLiteral (env != NULL ? env : DEFAULT_TMPDIR); ++ } + # endif /* !defined(OS2) && !defined(MSDOS) */ + + break; diff --git a/nixpkgs/pkgs/development/tools/analysis/stylelint/default.nix b/nixpkgs/pkgs/development/tools/analysis/stylelint/default.nix new file mode 100644 index 000000000000..23afd1aff86e --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/stylelint/default.nix @@ -0,0 +1,24 @@ +{ buildNpmPackage, fetchFromGitHub, lib }: + +buildNpmPackage rec { + pname = "stylelint"; + version = "16.2.1"; + + src = fetchFromGitHub { + owner = "stylelint"; + repo = "stylelint"; + rev = version; + hash = "sha256-ncJ5oCXe23+an2nFOafMEypFUkwRVW3hZf5pWCKkBNE="; + }; + + npmDepsHash = "sha256-0+jrfXoM6yqkd43lot3JPB+HBTz3XXzqAulGketRsxU="; + + dontNpmBuild = true; + + meta = with lib; { + description = "Mighty CSS linter that helps you avoid errors and enforce conventions"; + homepage = "https://stylelint.io"; + license = licenses.mit; + maintainers = with maintainers; [ ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/svlint/default.nix b/nixpkgs/pkgs/development/tools/analysis/svlint/default.nix new file mode 100644 index 000000000000..a879e0a81153 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/svlint/default.nix @@ -0,0 +1,26 @@ +{ lib +, rustPlatform +, fetchCrate +}: + +rustPlatform.buildRustPackage rec { + pname = "svlint"; + version = "0.9.2"; + + src = fetchCrate { + inherit pname version; + sha256 = "sha256-5fPra4kgvykeQnvRtO3enbMIzbh5+nDJ2x0aHYMGiww="; + }; + + cargoHash = "sha256-R7jqFgMj4YjUbEObdRxxvataYMXe9wq8B8k+t7+Dv30="; + + cargoBuildFlags = [ "--bin" "svlint" ]; + + meta = with lib; { + description = "SystemVerilog linter"; + homepage = "https://github.com/dalance/svlint"; + changelog = "https://github.com/dalance/svlint/blob/v${version}/CHANGELOG.md"; + license = licenses.mit; + maintainers = with maintainers; [ trepetti ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/swarm/default.nix b/nixpkgs/pkgs/development/tools/analysis/swarm/default.nix new file mode 100644 index 000000000000..cc67ce8123c8 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/swarm/default.nix @@ -0,0 +1,26 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "swarm"; + version = "unstable-2019-03-11"; + + src = fetchFromGitHub { + owner = "nimble-code"; + repo = "swarm"; + rev = "4b36ed83c8fbb074f2dc5777fe1c0ab4d73cc7d9"; + sha256 = "18zwlwsiiksivjpg6agmbmg0zsw2fl9475ss66b6pgcsya2q4afs"; + }; + + installPhase = '' + install -Dm755 Src/swarm $out/bin/swarm + install -Dm644 Doc/swarm.1 $out/share/man/man1/swarm.1 + ''; + + meta = with lib; { + description = "Verification script generator for Spin"; + homepage = "http://spinroot.com/"; + license = licenses.free; + platforms = platforms.unix; + maintainers = with maintainers; [ abbradar ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/tartan/default.nix b/nixpkgs/pkgs/development/tools/analysis/tartan/default.nix new file mode 100644 index 000000000000..1106d017cba1 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/tartan/default.nix @@ -0,0 +1,53 @@ +{ stdenv +, lib +, fetchFromGitLab +, meson +, ninja +, pkg-config +, llvmPackages +, gobject-introspection +, glib +, unstableGitUpdater +}: + +stdenv.mkDerivation rec { + pname = "tartan"; + version = "unstable-2021-12-23"; + + src = fetchFromGitLab { + domain = "gitlab.freedesktop.org"; + owner = "tartan"; + repo = "tartan"; + rev = "bd4ea95d8b3ce1258491e9fac7fcc37d2b241a16"; + sha256 = "l3duPt8Kh/JljzOV+Dm26XbS7gZ+mmFfYUYofWSJRyo="; + }; + + nativeBuildInputs = [ + meson + ninja + pkg-config + ]; + + buildInputs = [ + gobject-introspection + glib + llvmPackages.libclang + llvmPackages.libllvm + ]; + + passthru = { + updateScript = unstableGitUpdater { + # The updater tries src.url by default, which does not exist for fetchFromGitLab (fetchurl). + url = "https://gitlab.freedesktop.org/tartan/tartan.git"; + }; + }; + + meta = with lib; { + broken = stdenv.isDarwin; + description = "Tools and Clang plugins for developing code with GLib"; + homepage = "https://freedesktop.org/wiki/Software/tartan"; + license = licenses.gpl3Plus; + platforms = platforms.unix; + maintainers = with maintainers; [ jtojnar ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/tflint-plugins/default.nix b/nixpkgs/pkgs/development/tools/analysis/tflint-plugins/default.nix new file mode 100644 index 000000000000..1f4d50a90d10 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/tflint-plugins/default.nix @@ -0,0 +1,4 @@ +{ callPackage, ... }: { + tflint-ruleset-aws = callPackage ./tflint-ruleset-aws.nix { }; + tflint-ruleset-google = callPackage ./tflint-ruleset-google.nix { }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-aws.nix b/nixpkgs/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-aws.nix new file mode 100644 index 000000000000..5aa610fafa85 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-aws.nix @@ -0,0 +1,38 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "tflint-ruleset-aws"; + version = "0.29.0"; + + src = fetchFromGitHub { + owner = "terraform-linters"; + repo = pname; + rev = "v${version}"; + hash = "sha256-tqHlvJyLRhREKnuMUP479xuD0PjdCZfIMj4L44skiSE="; + }; + + vendorHash = "sha256-vEkrDwsetW4HtbcgkhcaK42v/CKfRlIoHgYzjoTavqk="; + + # upstream Makefile also does a go test $(go list ./... | grep -v integration) + preCheck = '' + rm integration/integration_test.go + ''; + + postInstall = '' + mkdir -p $out/github.com/terraform-linters/${pname}/${version} + mv $out/bin/${pname} $out/github.com/terraform-linters/${pname}/${version}/ + # remove other binaries from bin + rm -R $out/bin + ''; + + meta = with lib; { + homepage = "https://github.com/terraform-linters/tflint-ruleset-aws"; + changelog = "https://github.com/terraform-linters/tflint-ruleset-aws/blob/v${version}/CHANGELOG.md"; + description = "TFLint ruleset plugin for Terraform AWS Provider"; + maintainers = with maintainers; [ flokli ]; + license = with licenses; [ mpl20 ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-google.nix b/nixpkgs/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-google.nix new file mode 100644 index 000000000000..646cb81d102d --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/tflint-plugins/tflint-ruleset-google.nix @@ -0,0 +1,38 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "tflint-ruleset-google"; + version = "0.26.0"; + + src = fetchFromGitHub { + owner = "terraform-linters"; + repo = pname; + rev = "v${version}"; + hash = "sha256-VQm7pvZCfkZR54UeaPuKogEqhQOy5BAV7WkfwCW3C7c="; + }; + + vendorHash = "sha256-C52b11cJE2Bu785SNlTsbgNR6Wt/YeY8l1U/9anXrMo="; + + # upstream Makefile also does a go test $(go list ./... | grep -v integration) + preCheck = '' + rm integration/integration_test.go + ''; + + subPackages = [ "." ]; + + postInstall = '' + mkdir -p $out/github.com/terraform-linters/${pname}/${version} + mv $out/bin/${pname} $out/github.com/terraform-linters/${pname}/${version}/ + ''; + + meta = with lib; { + homepage = "https://github.com/terraform-linters/tflint-ruleset-google"; + description = "TFLint ruleset plugin for Terraform Google Provider"; + platforms = platforms.unix; + maintainers = with maintainers; [ john-rodewald ]; + license = with licenses; [ mpl20 ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/tflint/default.nix b/nixpkgs/pkgs/development/tools/analysis/tflint/default.nix new file mode 100644 index 000000000000..e59d0ad11d0f --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/tflint/default.nix @@ -0,0 +1,53 @@ +{ lib +, buildGoModule +, fetchFromGitHub +, runCommand +, makeWrapper +, tflint +, tflint-plugins +, symlinkJoin +}: + +buildGoModule rec { + pname = "tflint"; + version = "0.50.3"; + + src = fetchFromGitHub { + owner = "terraform-linters"; + repo = pname; + rev = "v${version}"; + hash = "sha256-PfPynSPuMhiyQW9f6HY2WDNlmtltU4xOo0A88I/bCuI="; + }; + + vendorHash = "sha256-HjvEbEfPVeqAVmVKCJHYPSZjZc19DV1HDaz/HcBJAUg="; + + doCheck = false; + + subPackages = [ "." ]; + + ldflags = [ "-s" "-w" ]; + + passthru.withPlugins = plugins: + let + actualPlugins = plugins tflint-plugins; + pluginDir = symlinkJoin { + name = "tflint-plugin-dir"; + paths = [ actualPlugins ]; + }; + in + runCommand "tflint-with-plugins" + { + nativeBuildInputs = [ makeWrapper ]; + } '' + makeWrapper ${tflint}/bin/tflint $out/bin/tflint \ + --set TFLINT_PLUGIN_DIR "${pluginDir}" + ''; + + meta = with lib; { + description = "Terraform linter focused on possible errors, best practices, and so on"; + homepage = "https://github.com/terraform-linters/tflint"; + changelog = "https://github.com/terraform-linters/tflint/blob/v${version}/CHANGELOG.md"; + license = licenses.mpl20; + maintainers = [ maintainers.marsam ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/tfsec/default.nix b/nixpkgs/pkgs/development/tools/analysis/tfsec/default.nix new file mode 100644 index 000000000000..28a780a24101 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/tfsec/default.nix @@ -0,0 +1,40 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "tfsec"; + version = "1.28.5"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = "tfsec"; + rev = "refs/tags/v${version}"; + hash = "sha256-zMOAXuMOuWzV5uqzNvw+2DiEA9o/80v7DW5KDhoT/fg="; + }; + + ldflags = [ + "-s" + "-w" + "-X=github.com/aquasecurity/tfsec/version.Version=v${version}" + ## not sure if this is needed (https://github.com/aquasecurity/tfsec/blob/master/.goreleaser.yml#L6) + # "-extldflags '-fno-PIC -static'" + ]; + + vendorHash = "sha256-nBjlsDFjkqwFBwNnGk8WC+XM5xBuopyrloPlQyOReuY="; + + subPackages = [ + "cmd/tfsec" + "cmd/tfsec-docs" + "cmd/tfsec-checkgen" + ]; + + meta = with lib; { + description = "Static analysis powered security scanner for terraform code"; + homepage = "https://github.com/aquasecurity/tfsec"; + changelog = "https://github.com/aquasecurity/tfsec/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ fab marsam peterromfeldhk ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/uefi-firmware-parser/default.nix b/nixpkgs/pkgs/development/tools/analysis/uefi-firmware-parser/default.nix new file mode 100644 index 000000000000..b879a6ef2374 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/uefi-firmware-parser/default.nix @@ -0,0 +1,30 @@ +{ lib, python3, fetchFromGitHub }: + +with python3.pkgs; + +buildPythonApplication rec { + pname = "uefi-firmware-parser"; + version = "1.8"; + + # Version 1.8 is not published on pypi + src = fetchFromGitHub { + owner = "theopolis"; + repo = "uefi-firmware-parser"; + rev = "v${version}"; + sha256 = "1yn9vi91j1yxkn0icdnjhgl0qrqqkzyhccj39af4f19q1gdw995l"; + }; + + meta = with lib; { + homepage = "https://github.com/theopolis/uefi-firmware-parser/"; + description = "Parse BIOS/Intel ME/UEFI firmware related structures: Volumes, FileSystems, Files, etc"; + # MIT + license headers in some files + license = with licenses; [ + mit + zlib # uefi_firmware/me.py + bsd2 # uefi_firmware/compression/Tiano/**/* + publicDomain # uefi_firmware/compression/LZMA/SDK/C/* + ]; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = [ maintainers.samueldr ]; + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/valgrind/default.nix b/nixpkgs/pkgs/development/tools/analysis/valgrind/default.nix new file mode 100644 index 000000000000..c8046b68cd96 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/valgrind/default.nix @@ -0,0 +1,137 @@ +{ lib, stdenv, fetchurl, fetchpatch +, autoreconfHook, perl +, gdb, cctools, xnu, bootstrap_cmds +, writeScript +}: + +stdenv.mkDerivation rec { + pname = "valgrind"; + version = "3.22.0"; + + src = fetchurl { + url = "https://sourceware.org/pub/${pname}/${pname}-${version}.tar.bz2"; + hash = "sha256-yBHbWt0sX3KZRMr0fE56Zdyqu5Rh5HK1eHZd179tLUw="; + }; + + patches = [ + # Fix build on ELFv2 powerpc64 + # https://bugs.kde.org/show_bug.cgi?id=398883 + (fetchurl { + url = "https://github.com/void-linux/void-packages/raw/3e16b4606235885463fc9ab45b4c120f1a51aa28/srcpkgs/valgrind/patches/elfv2-ppc64-be.patch"; + sha256 = "NV/F+5aqFZz7+OF5oN5MUTpThv4H5PEY9sBgnnWohQY="; + }) + # Fix checks on Musl. + # https://bugs.kde.org/show_bug.cgi?id=453929 + (fetchpatch { + url = "https://bugsfiles.kde.org/attachment.cgi?id=148912"; + sha256 = "Za+7K93pgnuEUQ+jDItEzWlN0izhbynX2crSOXBBY/I="; + }) + # Fix build on armv7l. + # https://bugs.kde.org/show_bug.cgi?id=454346 + (fetchpatch { + url = "https://bugsfiles.kde.org/attachment.cgi?id=149172"; + sha256 = "sha256-4MASLsEK8wcshboR4YOc6mIt7AvAgDPvqIZyHqlvTEs="; + }) + (fetchpatch { + url = "https://bugsfiles.kde.org/attachment.cgi?id=149173"; + sha256 = "sha256-jX9hD4utWRebbXMJYZ5mu9jecvdrNP05E5J+PnKRTyQ="; + }) + (fetchpatch { + url = "https://bugsfiles.kde.org/attachment.cgi?id=149174"; + sha256 = "sha256-f1YIFIhWhXYVw3/UNEWewDak2mvbAd3aGzK4B+wTlys="; + }) + ]; + + outputs = [ "out" "dev" "man" "doc" ]; + + hardeningDisable = [ "pie" "stackprotector" ]; + + # GDB is needed to provide a sane default for `--db-command'. + # Perl is needed for `callgrind_{annotate,control}'. + buildInputs = [ gdb perl ] ++ lib.optionals (stdenv.isDarwin) [ bootstrap_cmds xnu ]; + + # Perl is also a native build input. + nativeBuildInputs = [ autoreconfHook perl ]; + + enableParallelBuilding = true; + separateDebugInfo = stdenv.isLinux; + + preConfigure = lib.optionalString stdenv.isFreeBSD '' + substituteInPlace configure --replace '`uname -r`' \ + ${toString stdenv.hostPlatform.parsed.kernel.version}.0- + '' + lib.optionalString stdenv.isDarwin ( + let OSRELEASE = '' + $(awk -F '"' '/#define OSRELEASE/{ print $2 }' \ + <${xnu}/Library/Frameworks/Kernel.framework/Headers/libkern/version.h)''; + in '' + echo "Don't derive our xnu version using uname -r." + substituteInPlace configure --replace "uname -r" "echo ${OSRELEASE}" + + # Apple's GCC doesn't recognize `-arch' (as of version 4.2.1, build 5666). + echo "getting rid of the \`-arch' GCC option..." + find -name Makefile\* -exec \ + sed -i {} -e's/DARWIN\(.*\)-arch [^ ]\+/DARWIN\1/g' \; + + sed -i coregrind/link_tool_exe_darwin.in \ + -e 's/^my \$archstr = .*/my $archstr = "x86_64";/g' + + substituteInPlace coregrind/m_debuginfo/readmacho.c \ + --replace /usr/bin/dsymutil ${stdenv.cc.bintools.bintools}/bin/dsymutil + + echo "substitute hardcoded /usr/bin/ld with ${cctools}/bin/ld" + substituteInPlace coregrind/link_tool_exe_darwin.in \ + --replace /usr/bin/ld ${cctools}/bin/ld + ''); + + configureFlags = + lib.optional stdenv.hostPlatform.isx86_64 "--enable-only64bit" + ++ lib.optional stdenv.hostPlatform.isDarwin "--with-xcodedir=${xnu}/include"; + + doCheck = true; + + postInstall = '' + for i in $out/libexec/valgrind/*.supp; do + substituteInPlace $i \ + --replace 'obj:/lib' 'obj:*/lib' \ + --replace 'obj:/usr/X11R6/lib' 'obj:*/lib' \ + --replace 'obj:/usr/lib' 'obj:*/lib' + done + ''; + + passthru = { + updateScript = writeScript "update-valgrind" '' + #!/usr/bin/env nix-shell + #!nix-shell -i bash -p curl pcre common-updater-scripts + + set -eu -o pipefail + + # Expect the text in format of: + # 'Current release: <a href="/downloads/current.html#current">valgrind-3.19.0</a>' + new_version="$(curl -s https://valgrind.org/ | + pcregrep -o1 'Current release: .*>valgrind-([0-9.]+)</a>')" + update-source-version ${pname} "$new_version" + ''; + }; + + meta = { + homepage = "http://www.valgrind.org/"; + description = "Debugging and profiling tool suite"; + + longDescription = '' + Valgrind is an award-winning instrumentation framework for + building dynamic analysis tools. There are Valgrind tools that + can automatically detect many memory management and threading + bugs, and profile your programs in detail. You can also use + Valgrind to build new tools. + ''; + + license = lib.licenses.gpl2Plus; + + maintainers = [ lib.maintainers.eelco ]; + platforms = with lib.platforms; lib.intersectLists + (x86 ++ power ++ s390x ++ armv7 ++ aarch64 ++ mips) + (darwin ++ freebsd ++ illumos ++ linux); + badPlatforms = [ lib.systems.inspect.platformPatterns.isStatic ]; + broken = stdenv.isDarwin; # https://hydra.nixos.org/build/128521440/nixlog/2 + }; +} diff --git a/nixpkgs/pkgs/development/tools/analysis/yallback/default.nix b/nixpkgs/pkgs/development/tools/analysis/yallback/default.nix new file mode 100644 index 000000000000..4e62ff5b9ed8 --- /dev/null +++ b/nixpkgs/pkgs/development/tools/analysis/yallback/default.nix @@ -0,0 +1,34 @@ +{ lib +, stdenv +, fetchFromGitHub +, makeWrapper +, coreutils +, bashInteractive +}: + +stdenv.mkDerivation rec { + version = "0.2.0"; + pname = "yallback"; + src = fetchFromGitHub { + owner = "abathur"; + repo = "yallback"; + rev = "v${version}"; + hash = "sha256-t+fdnDJMFiFqN23dSY3TnsZsIDcravtwdNKJ5MiZosE="; + }; + + buildInputs = [ coreutils bashInteractive ]; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + install -Dv yallback $out/bin/yallback + wrapProgram $out/bin/yallback --prefix PATH : ${lib.makeBinPath [ coreutils ]} + ''; + + meta = with lib; { + description = "Callbacks for YARA rule matches"; + homepage = "https://github.com/abathur/yallback"; + license = licenses.mit; + maintainers = with maintainers; [ abathur ]; + platforms = platforms.all; + }; +} |