113 lines
3 KiB
Nix
113 lines
3 KiB
Nix
{ lib
|
|
, fetchFromGitHub
|
|
, buildPythonPackage
|
|
, pytestCheckHook
|
|
, pythonOlder
|
|
# deps
|
|
, cryptography
|
|
, nassl
|
|
, pydantic
|
|
, tls-parser
|
|
# check deps
|
|
, faker
|
|
, openssl_1_0_2
|
|
, openssl_1_1
|
|
}:
|
|
|
|
buildPythonPackage rec {
|
|
pname = "sslyze";
|
|
version = "5.0.0";
|
|
disabled = pythonOlder "3.7";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "nabla-c0d3";
|
|
repo = pname;
|
|
rev = version;
|
|
hash = "sha256-7kUriEMHcGCXKs42KVWxXvM+JEEWf/8tnuoGujHbqHY=";
|
|
};
|
|
|
|
patchPhase = ''
|
|
substituteInPlace setup.py \
|
|
--replace "cryptography>=2.6,<36.0.0" "cryptography>=2.6"
|
|
'';
|
|
|
|
checkInputs = [
|
|
pytestCheckHook
|
|
faker
|
|
];
|
|
|
|
# Most of the tests are online; hence, applicable tests are listed
|
|
# explicitly here
|
|
pytestFlagsArray = [
|
|
"tests/cli_tests/test_console_output.py"
|
|
"tests/cli_tests/test_server_string_parser.py"
|
|
"tests/json_tests/test_json_output.py"
|
|
"tests/plugins_tests/certificate_info/test_certificate_algorithms.py"
|
|
"tests/plugins_tests/certificate_info/test_certificate_utils.py"
|
|
"tests/plugins_tests/certificate_info/test_symantec.py"
|
|
"tests/plugins_tests/certificate_info/test_trust_store_repository.py"
|
|
"tests/plugins_tests/openssl_cipher_suites/test_cipher_suites.py"
|
|
"tests/plugins_tests/test_early_data_plugin.py"
|
|
"tests/plugins_tests/test_http_headers_plugin.py"
|
|
"tests/plugins_tests/test_robot_plugin.py"
|
|
"tests/plugins_tests/test_scan_commands.py"
|
|
"tests/plugins_tests/test_session_renegotiation_plugin.py"
|
|
"tests/scanner_tests/test_jobs_worker_thread.py"
|
|
"tests/scanner_tests/test_mass_scanner.py"
|
|
"tests/scanner_tests/test_models.py"
|
|
"tests/scanner_tests/test_scanner.py"
|
|
"tests/server_connectivity_tests/test_client_authentication.py"
|
|
];
|
|
|
|
disabledTests = [
|
|
# TestEllipticCurvesPluginWithOnlineServer
|
|
"test_supported_curves"
|
|
# TestRobotPluginPlugin
|
|
"test_robot_attack_good"
|
|
# TestHttpHeadersPlugin
|
|
"test_all_headers_disabled"
|
|
"test_expect_ct_enabled"
|
|
"test_hsts_enabled"
|
|
# TestSessionRenegotiationPlugin
|
|
"test_renegotiation_good"
|
|
# TestCertificateAlgorithms
|
|
"test_ecdsa_certificate"
|
|
"test_invalid_certificate_bad_name"
|
|
# TestEarlyDataPlugin
|
|
"test_early_data_enabled"
|
|
# TestTrustStoresRepository
|
|
"test_update_default"
|
|
# TestClientAuthentication
|
|
"test_optional_client_authentication"
|
|
];
|
|
|
|
# Some tests require OpenSSL
|
|
preCheck = ''
|
|
pushd $TMPDIR/$sourceRoot/tests/openssl_server/
|
|
|
|
rm openssl-1-1-1-linux64
|
|
ln -s ${openssl_1_1.bin}/bin/openssl openssl-1-1-1-linux64
|
|
|
|
rm openssl-1-0-0e-linux64
|
|
ln -s ${openssl_1_0_2.bin}/bin/openssl openssl-1-0-0e-linux64
|
|
|
|
popd
|
|
'';
|
|
|
|
pythonImportsCheck = [ "sslyze" ];
|
|
|
|
propagatedBuildInputs = [
|
|
cryptography
|
|
nassl
|
|
pydantic
|
|
tls-parser
|
|
];
|
|
|
|
meta = with lib; {
|
|
homepage = "https://github.com/nabla-c0d3/sslyze";
|
|
description = "Fast and powerful SSL/TLS scanning library";
|
|
platforms = platforms.linux ++ platforms.darwin;
|
|
license = licenses.agpl3Only;
|
|
maintainers = with maintainers; [ veehaitch ];
|
|
};
|
|
}
|