From 2a96f8ef5d2ae669243608fee836923900c4cb9f Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Sat, 5 Jul 2025 17:31:04 +0200
Subject: [PATCH 1/2] python313Packages.flask-unsign: init at 1.2.1

Command line tool to fetch, decode, brute-force and craft session
cookies of a Flask application

https://github.com/Paradoxis/Flask-Unsign
---
 pkgs/by-name/fl/flask-unsign/package.nix      |  1 +
 .../python-modules/flask-unsign/default.nix   | 50 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 +
 3 files changed, 53 insertions(+)
 create mode 100644 pkgs/by-name/fl/flask-unsign/package.nix
 create mode 100644 pkgs/development/python-modules/flask-unsign/default.nix

diff --git a/pkgs/by-name/fl/flask-unsign/package.nix b/pkgs/by-name/fl/flask-unsign/package.nix
new file mode 100644
index 000000000000..4581ddb5244d
--- /dev/null
+++ b/pkgs/by-name/fl/flask-unsign/package.nix
@@ -0,0 +1 @@
+{ python3Packages }: with python3Packages; toPythonApplication flask-unsign
diff --git a/pkgs/development/python-modules/flask-unsign/default.nix b/pkgs/development/python-modules/flask-unsign/default.nix
new file mode 100644
index 000000000000..970e7ddb9c9d
--- /dev/null
+++ b/pkgs/development/python-modules/flask-unsign/default.nix
@@ -0,0 +1,50 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  flask,
+  itsdangerous,
+  markupsafe,
+  pytestCheckHook,
+  requests,
+  setuptools,
+  werkzeug,
+}:
+
+buildPythonPackage rec {
+  pname = "flask-unsign";
+  version = "1.2.1";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "Paradoxis";
+    repo = "Flask-Unsign";
+    tag = "v${version}";
+    hash = "sha256-/WK3g6Ef3mSKeT3aaSAh5J8estUN4sNmM9Tq9An/18A=";
+  };
+
+  build-system = [ setuptools ];
+
+  dependencies = [
+    flask
+    itsdangerous
+    markupsafe
+    requests
+    werkzeug
+  ];
+
+  nativeCheckInputs = [ pytestCheckHook ];
+
+  pythonImportsCheck = [ "flask_unsign" ];
+
+  pytestFlagsArray = [ "tests/flask_unsign.py" ];
+
+  meta = {
+    description = "Command line tool to fetch, decode, brute-force and craft session cookies of Flask applications";
+    homepage = "https://github.com/Paradoxis/Flask-Unsign";
+    changelog = "https://github.com/Paradoxis/Flask-Unsign/releases/tag/${src.tag}";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ fab ];
+    mainProgram = "flask-unsign";
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 5e6721686eb1..753bb2063e84 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -5236,6 +5236,8 @@ self: super: with self; {
 
   flask-themes2 = callPackage ../development/python-modules/flask-themes2 { };
 
+  flask-unsign = callPackage ../development/python-modules/flask-unsign { };
+
   flask-versioned = callPackage ../development/python-modules/flask-versioned { };
 
   flask-webtest = callPackage ../development/python-modules/flask-webtest { };

From d8f8a63d53e4b12651541a86ce4e52ab2f9a9d7c Mon Sep 17 00:00:00 2001
From: Fabian Affolter <mail@fabian-affolter.ch>
Date: Sat, 5 Jul 2025 17:38:27 +0200
Subject: [PATCH 2/2] python313Packages.badsecrets: init at 0.10.35

Module for detecting known secrets across many web frameworks

https://github.com/blacklanternsecurity/badsecrets
---
 pkgs/by-name/ba/badsecrets/package.nix        |  1 +
 .../python-modules/badsecrets/default.nix     | 55 +++++++++++++++++++
 pkgs/top-level/python-packages.nix            |  2 +
 3 files changed, 58 insertions(+)
 create mode 100644 pkgs/by-name/ba/badsecrets/package.nix
 create mode 100644 pkgs/development/python-modules/badsecrets/default.nix

diff --git a/pkgs/by-name/ba/badsecrets/package.nix b/pkgs/by-name/ba/badsecrets/package.nix
new file mode 100644
index 000000000000..796f5b107d6e
--- /dev/null
+++ b/pkgs/by-name/ba/badsecrets/package.nix
@@ -0,0 +1 @@
+{ python3Packages }: with python3Packages; toPythonApplication badsecrets
diff --git a/pkgs/development/python-modules/badsecrets/default.nix b/pkgs/development/python-modules/badsecrets/default.nix
new file mode 100644
index 000000000000..e0c169e58b0e
--- /dev/null
+++ b/pkgs/development/python-modules/badsecrets/default.nix
@@ -0,0 +1,55 @@
+{
+  lib,
+  buildPythonPackage,
+  colorama,
+  django,
+  fetchFromGitHub,
+  flask-unsign,
+  poetry-core,
+  poetry-dynamic-versioning,
+  pycryptodome,
+  pyjwt,
+  requests,
+  viewstate,
+}:
+
+buildPythonPackage rec {
+  pname = "badsecrets";
+  version = "0.10.35";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "blacklanternsecurity";
+    repo = "badsecrets";
+    tag = "v${version}";
+    hash = "sha256-i80f4qPX695HFdNefIT2sqcKsdMTEiYXUltF2Gj6aAI=";
+  };
+
+  build-system = [
+    poetry-core
+    poetry-dynamic-versioning
+  ];
+
+  dependencies = [
+    colorama
+    django
+    flask-unsign
+    pycryptodome
+    pyjwt
+    requests
+    viewstate
+  ];
+
+  pythonImportsCheck = [ "badsecrets" ];
+
+  meta = {
+    description = "Module for detecting known secrets across many web frameworks";
+    homepage = "https://github.com/blacklanternsecurity/badsecrets";
+    changelog = "https://github.com/blacklanternsecurity/badsecrets/releases/tag/${src.tag}";
+    license = with lib.licenses; [
+      agpl3Only
+      gpl3Only
+    ];
+    maintainers = with lib.maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 753bb2063e84..899ea895c476 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -1631,6 +1631,8 @@ self: super: with self; {
 
   bacpypes = callPackage ../development/python-modules/bacpypes { };
 
+  badsecrets = callPackage ../development/python-modules/badsecrets { };
+
   bagit = callPackage ../development/python-modules/bagit { };
 
   baize = callPackage ../development/python-modules/baize { };