From 0b143570199aad8f710a3a885653cd79ae4c8fa4 Mon Sep 17 00:00:00 2001 From: Samuel Tardieu Date: Sat, 26 Oct 2024 17:26:41 +0200 Subject: [PATCH] [24.05] python3Packages.js2py: remove unmaintained and insecure: https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape (cherry picked from commit 0f79dd4197e3570ff7435e382346b9a3bf15db5b) --- .../networking/pyload-ng/default.nix | 1 - .../django-js-reverse/default.nix | 5 +- .../python-modules/js2py/default.nix | 47 ------------------- .../python-modules/lark/default.nix | 2 +- .../python-modules/pyjsparser/default.nix | 10 +--- pkgs/top-level/python-aliases.nix | 1 + pkgs/top-level/python-packages.nix | 2 - 7 files changed, 6 insertions(+), 62 deletions(-) delete mode 100644 pkgs/development/python-modules/js2py/default.nix diff --git a/pkgs/applications/networking/pyload-ng/default.nix b/pkgs/applications/networking/pyload-ng/default.nix index 61c62fb95e9491..a43621c6f51e5d 100644 --- a/pkgs/applications/networking/pyload-ng/default.nix +++ b/pkgs/applications/networking/pyload-ng/default.nix @@ -37,7 +37,6 @@ python3.pkgs.buildPythonApplication rec { flask-compress flask-session flask-themes2 - js2py pycurl semver setuptools diff --git a/pkgs/development/python-modules/django-js-reverse/default.nix b/pkgs/development/python-modules/django-js-reverse/default.nix index 9fedef235c1130..bbc1188ec3092f 100644 --- a/pkgs/development/python-modules/django-js-reverse/default.nix +++ b/pkgs/development/python-modules/django-js-reverse/default.nix @@ -8,7 +8,6 @@ django, packaging, nodejs, - js2py, six, }: @@ -26,9 +25,11 @@ buildPythonPackage rec { propagatedBuildInputs = [ django ] ++ lib.optionals (pythonAtLeast "3.7") [ packaging ]; + # Js2py is needed for tests but it's unmaintained and insecure + doCheck = false; + nativeCheckInputs = [ nodejs - js2py six ]; diff --git a/pkgs/development/python-modules/js2py/default.nix b/pkgs/development/python-modules/js2py/default.nix deleted file mode 100644 index 1ecceaf8329ee9..00000000000000 --- a/pkgs/development/python-modules/js2py/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - lib, - fetchPypi, - buildPythonPackage, - pythonAtLeast, - setuptools, - tzlocal, - six, - pyjsparser, -}: - -buildPythonPackage rec { - pname = "js2py"; - version = "0.74"; - pyproject = true; - - # broken with Python 3.12 - # https://github.com/PiotrDabkowski/Js2Py/issues/317 - disabled = pythonAtLeast "3.12"; - - src = fetchPypi { - pname = "Js2Py"; - inherit version; - hash = "sha256-OfOmqoRpGA77o8hncnHfJ8MTMv0bRx3xryr1i4e4ly8="; - }; - - nativeBuildInputs = [ setuptools ]; - - propagatedBuildInputs = [ - pyjsparser - six - tzlocal - ]; - - # Test require network connection - doCheck = false; - - pythonImportsCheck = [ "js2py" ]; - - meta = with lib; { - description = "JavaScript to Python Translator & JavaScript interpreter written in 100% pure Python"; - homepage = "https://github.com/PiotrDabkowski/Js2Py"; - license = licenses.mit; - maintainers = with maintainers; [ onny ]; - knownVulnerabilities = [ "CVE-2024-28397" ]; - }; -} diff --git a/pkgs/development/python-modules/lark/default.nix b/pkgs/development/python-modules/lark/default.nix index ba99dc53431ca5..81ca1050979a11 100644 --- a/pkgs/development/python-modules/lark/default.nix +++ b/pkgs/development/python-modules/lark/default.nix @@ -30,7 +30,7 @@ buildPythonPackage rec { "lark.grammars" ]; - # Js2py is needed for tests but it's marked as insecure + # Js2py is needed for tests but it's unmaintained and insecure doCheck = false; meta = with lib; { diff --git a/pkgs/development/python-modules/pyjsparser/default.nix b/pkgs/development/python-modules/pyjsparser/default.nix index 0b6eab26b5c35c..b0988585e21bcc 100644 --- a/pkgs/development/python-modules/pyjsparser/default.nix +++ b/pkgs/development/python-modules/pyjsparser/default.nix @@ -3,7 +3,6 @@ fetchFromGitHub, buildPythonPackage, pytestCheckHook, - js2py, }: let @@ -21,18 +20,11 @@ let nativeCheckInputs = [ pytestCheckHook - js2py ]; - # escape infinite recursion with js2py + # js2py is needed for tests but it's unmaintained and insecure doCheck = false; - passthru.tests = { - check = pyjsparser.overridePythonAttrs (_: { - doCheck = true; - }); - }; - pythonImportsCheck = [ "pyjsparser" ]; meta = with lib; { diff --git a/pkgs/top-level/python-aliases.nix b/pkgs/top-level/python-aliases.nix index 843458c35c01b4..42c76396462196 100644 --- a/pkgs/top-level/python-aliases.nix +++ b/pkgs/top-level/python-aliases.nix @@ -245,6 +245,7 @@ mapAliases ({ jinja2_pluralize = jinja2-pluralize; # added 2023-11-01 jinja2_time = jinja2-time; # added 2022-11-07 JPype1 = jpype1; # added 2023-02-19 + js2py = throw "js2py has been removed, as it is unmaintained and insecure"; # added 2024-10-17 jsonpath_rw = jsonpath-rw; # added 2024-01-06 jsonschema_3 = throw "jsonschema 3 is neither the latest version nor needed inside nixpkgs anymore"; # added 2023-06-28 jupyter_client = jupyter-client; # added 2021-10-15 diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index af35a0f902c43c..fa8328d1e8d155 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -6126,8 +6126,6 @@ self: super: with self; { inherit (pkgs) jq; }; - js2py = callPackage ../development/python-modules/js2py { }; - jsbeautifier = callPackage ../development/python-modules/jsbeautifier { }; jschema-to-python = callPackage ../development/python-modules/jschema-to-python { };