log4j-scan: init at unstable-2021-12-14

2021-12-14 16:25:29 +01:00 · 2021-12-14 16:25:29 +01:00 · bad5eb111f
parent a53d2afe68
commit bad5eb111f
2 changed files with 46 additions and 0 deletions
--- a/pkgs/tools/security/log4j-scan/default.nix
+++ b/pkgs/tools/security/log4j-scan/default.nix
@ -0,0 +1,44 @@
+{ lib
+, fetchFromGitHub
+, python3
+}:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "log4j-scan";
+  version = "unstable-2021-12-14";
+  format = "other";
+
+  src = fetchFromGitHub {
+    owner = "fullhunt";
+    repo = pname;
+    rev = "7be0f1c02ce3494469dc73a177e6f0c96f0016d9";
+    sha256 = "sha256-HazxK0wJ8xeFauD2xOxmOwWw1nEpQh+QdcBVZNaUgrM=";
+  };
+
+  propagatedBuildInputs = with python3.pkgs; [
+    pycryptodome
+    requests
+    termcolor
+  ];
+
+  postPatch = ''
+    substituteInPlace log4j-scan.py \
+      --replace "headers.txt" "../share/headers.txt"
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    install -vD ${pname}.py $out/bin/${pname}
+    install -vD headers.txt headers-large.txt -t $out/share
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "Scanner for finding hosts which are vulnerable for log4j";
+    homepage = "https://github.com/fullhunt/log4j-scan";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -7463,6 +7463,8 @@ with pkgs;

  localtime = callPackage ../tools/system/localtime { };

+  log4j-scan = callPackage ../tools/security/log4j-scan { };
+
  logcheck = callPackage ../tools/system/logcheck { };

  logmein-hamachi = callPackage ../tools/networking/logmein-hamachi { };