veracode-api 0.4.1

data/.gitignore

@@ -0,0 +1,6 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+
+.DS_Store

data/Gemfile

@@ -0,0 +1,12 @@
+source "http://rubygems.org"
+
+group :test do
+  gem 'webmock'
+  gem 'vcr'
+  gem 'turn'
+  gem 'minitest'
+  gem 'rake'
+end
+
+# Specify your gem's dependencies in veracode.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2012 Stephen Kapp
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,36 @@
+Veracode API Gem
+================
+
+Ruby Wrapper for the Veracode API
+
+About
+-----
+
+This Gem puts a wrapper around the Veracode API to allow access to API functionality to view reports, perform uploads and administer accounts.
+
+How to use it
+-------------
+
+Install with Rubygems
+
+	gem install veracode-api
+	
+If you use bundler, add it to your 'Gemfile'
+
+	gem 'veracode-api'
+	
+TODO
+----
+
+* Better Documentation
+* Upload Functionality
+* User Admin Functionality
+
+Issues
+------
+
+Found an issue, please report it on Github
+
+	https://github.com/mort666/veracode-api
+	
+Copyright (c) 2012 Stephen Kapp, released under the Apache License, Version 2.0

data/Rakefile

@@ -0,0 +1,9 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+ 
+Rake::TestTask.new do |t|
+  t.test_files = FileList['spec/lib/veracode/*_spec.rb']
+  t.verbose = true
+end
+ 
+task :default => :test

data/lib/veracode-api.rb

@@ -0,0 +1,14 @@
+require "httparty"
+
+require "veracode/version"
+require "veracode/config"
+require "veracode/base"
+require "veracode/upload"
+require "veracode/admin"
+require "veracode/results"
+
+module Veracode
+  module API
+    extend Veracode::API::Config
+  end
+end

data/lib/veracode/admin.rb

@@ -0,0 +1,6 @@
+module Veracode
+  module API
+    class Admin < Veracode::API::Base
+    end
+  end
+end

data/lib/veracode/api/builds.rb

@@ -0,0 +1,95 @@
+require 'veracode/api/types'
+
+module Veracode 
+  module Result
+    module Builds 
+      class AnalysisUnit < Veracode::Common::Base 
+        api_field :analysis_type, :tag => :analysis_type
+        api_field :status, :tag => :status
+        api_field :published_date, :tag => :published_date
+      end
+      
+      class Build < Veracode::Common::Base 
+        api_field :version, :tag => :version
+        api_field :build_id, :tag => :build_id
+        api_field :submitter, :tag => :submitter
+        api_field :platform, :tag => :platform
+        api_field :lifecycle_stage, :tag => :lifecycle_stage
+        api_field :policy_name, :tag => :policy_name
+        api_field :policy_version, :tag => :policy_version
+        api_field :policy_compliance_status, :tag => :policy_compliance_status
+        api_field :rules_status, :tag => :rules_status
+        
+        def grace_period_expired?
+          @grace_period_expired ||= @xml_hash.grace_period_expired.to_bool
+        end
+        
+        def scan_overdue?
+          @scan_overdue ||= @xml_hash.scan_overdue.to_bool
+        end
+        
+        def results_ready?
+          @results_ready ||= @xml_hash.results_ready.to_bool
+        end
+                
+        def analysis_units
+          @analysis_units ||= []
+          if @analysis_units.empty?
+            if @xml_hash.analysis_unit.class == Array
+              @analysis_units = @xml_hash.analysis_unit.map do |analysis_unit|
+                AnalysisUnit.new(analysis_unit)
+              end
+            else
+              @analysis_units << AnalysisUnit.new(@xml_hash.analysis_unit)
+            end
+          end
+          return @analysis_units
+        end
+      end
+      
+      class Application < Veracode::Common::Base
+        api_field :app_name, :tag => :app_name
+        api_field :app_id, :tag => :app_id
+        api_field :industry_vertical, :tag => :industry_vertical
+        api_field :assurance_level, :tag => :assurance_level
+        api_field :business_criticality, :tag => :business_criticality
+        api_field :origin, :tag => :origin
+        api_field :business_unit, :tag => :business_unit
+        api_field :business_owner, :tag => :business_owner
+        api_field :modified_date, :tag => :modified_date
+        api_field :vendor, :tag => :vendor
+        api_field :tags, :tag => :tags
+        
+        def cots?
+          @cots ||= @xml_hash.cots.to_bool
+        end
+        
+        def builds
+          @builds ||= []
+          if @builds.empty?
+            if @xml_hash.build.class == Array
+              @builds = @xml_hash.build.map do |build|
+                Build.new(build)
+              end
+            else
+              @builds << Build.new(@xml_hash.build)
+            end
+          end
+          return @builds
+        end        
+      end
+      
+      class Applications < Veracode::Common::Base
+        def applications
+          @applications ||= []
+          if @applications.empty?
+            @applications = @xml_hash.applicationbuilds.application.map do |application|
+              Application.new(application)
+            end
+          end
+        end
+      end
+              
+    end
+  end
+end

data/lib/veracode/api/call_stack.rb

@@ -0,0 +1,59 @@
+require 'veracode/api/types'
+
+module Veracode
+  module Result
+    class Call < Veracode::Common::Base
+      api_field :data_path, :tag => :data_path
+      api_field :file_path, :tag => :file_path
+      api_field :function_name, :tag => :function_name
+      api_field :line_number, :tag => :line_number
+    end       
+    
+    class CallStack < Veracode::Common::Base
+      api_field :module_name, :tag => :module_name
+      api_field :steps, :tag => :steps
+      api_field :local_path, :tag => :local_path
+      api_field :function_name, :tag => :function_name
+      api_field :line_number, :tag => :line_number
+      
+      def calls
+        @calls ||= []
+        begin  
+          if @calls.empty?      
+            if @xml_hash.call.class == Array
+              @calls = @xml_hash.call.map do |item|
+                Call.new(item)
+              end
+            else
+              @calls << Call.new(@xml_hash.call)
+            end
+          end
+        rescue NoMethodError
+        end
+        return @calls
+      end
+    end
+    
+    class CallStacks < Veracode::Common::Base
+      api_field :build_id, :tag => :build_id
+      api_field :flaw_id, :tag => :flaw_id
+      
+      def callstack
+        @callstacks ||= []
+        begin  
+          if @callstacks.empty?      
+            if @xml_hash.callstack.class == Array
+              @callstacks = @xml_hash.callstack.map do |item|
+                CallStack.new(item)
+              end
+            else
+              @callstacks << CallStack.new(@xml_hash.callstack)
+            end
+          end
+        rescue NoMethodError
+        end
+        return @callstacks
+      end
+    end
+  end
+end

data/lib/veracode/api/detailed.rb

@@ -0,0 +1,169 @@
+require 'veracode/api/types'
+require 'veracode/api/flaws'
+
+module Veracode
+  module Result
+    class CWE < Veracode::Common::Base
+      api_field :cweid, :tag => :cweid
+      api_field :cwename, :tag => :cwename
+      
+      def pcirelated?
+        @pcirelated ||= @xml_hash.pcirelated.to_bool
+      end
+      
+      def description
+        @xml_hash.description.text.text
+      end
+
+      api_type_field :manualflaws, :tag => :manualflaws, :as => Flaws
+      api_type_field :dynamicflaws, :tag => :dynamicflaws, :as => Flaws
+      api_type_field :staticflaws, :tag => :staticflaws, :as => Flaws
+
+    end
+    
+    class Category < Veracode::Common::Base 
+      api_field :categoryid, :tag => :categoryid
+      api_field :categoryname, :tag => :categoryname
+      api_type_field :desc, :tag => :desc, :as => Para 
+      api_type_field :recommendations, :tag => :recommendations, :as => Para 
+      
+      def pcirelated?
+        @pcirelated ||= @xml_hash.pcirelated.to_bool
+      end
+      
+      def description
+        temp = self.desc.para.map do |para|
+          para.text
+        end       
+        
+        self.desc.para.map do |para|
+          if !para.bulletitem.nil?
+            x = para.bulletitem.each.map do |item|
+              "* " + item.text + "\r\n"
+            end
+          end
+          temp << x.join
+        end 
+        
+        return temp.join("\r\n\r\n").strip
+      end
+   
+      def recommendation
+        temp = self.recommendations.para.map do |para|
+          para.text
+        end       
+        
+        self.recommendations.para.map do |para|
+          if !para.bulletitem.nil?
+            x = para.bulletitem.each.map do |item|
+              "* " + item.text + "\r\n"
+            end
+          end
+          temp << x.join
+        end 
+        
+        return temp.join("\r\n\r\n").strip
+      end
+
+      def cwe
+        @cwe ||= [] 
+        begin
+          if @cwe.empty?
+            if @xml_hash.cwe.class == Array 
+              @cwe = @xml_hash.cwe.map do |c|
+                CWE.new(c)
+              end
+            else
+              @cwe << CWE.new(@xml_hash.cwe) 
+            end
+          end
+        rescue NoMethodError
+        end
+        
+        return @cwe
+      end
+    end
+    
+    class Severity < Veracode::Common::Base
+      api_field :level, :tag => :level
+      
+      def categories
+        @categories ||= [] 
+        begin
+          if @categories.empty?
+            if @xml_hash.category.class == Array 
+              @categories = @xml_hash.category.map do |sev|
+                Category.new(sev)
+              end
+            else
+              @categories << Category.new(@xml_hash.category) 
+            end
+          end
+        rescue NoMethodError
+        end
+        
+        return @categories
+      end
+    end
+    
+    class DetailedReport < Veracode::Common::Base
+      
+      api_field :report_format_version, :tag => :report_format_version
+      api_field :app_name, :tag => :app_name
+      api_field :app_id, :tag => :app_id
+      api_field :first_build_submitted_date, :tag => :first_build_submitted_date
+      api_field :version, :tag => :version
+      api_field :build_id, :tag => :build_id
+      api_field :submitter, :tag => :submitter
+      api_field :vendor, :tag => :vendor
+      api_field :platform, :tag => :platform
+      api_field :assurance_level, :tag => :assurance_level
+      api_field :business_criticality, :tag => :business_criticality
+      api_field :generation_date, :tag => :generation_date
+      api_field :veracode_level, :tag => :veracode_level
+      api_field :total_flaws, :tag => :total_flaws
+      api_field :flaws_not_mitigated, :tag => :flaws_not_mitigated
+      api_field :teams, :tag => :teams
+      api_field :life_cycle_stage, :tag => :life_cycle_stage
+      api_field :planned_deployment_date, :tag => :planned_deployment_date
+      api_field :last_update_time, :tag => :last_update_time
+      api_field :policy_name, :tag => :policy_name
+      api_field :policy_version, :tag => :policy_version
+      api_field :policy_compliance_status, :tag => :policy_compliance_status
+      api_field :policy_rules_status, :tag => :policy_rules_status
+      api_field :scan_overdue, :tag => :scan_overdue
+      api_field :any_type_scan_due, :tag => :any_type_scan_due
+      api_field :business_owner, :tag => :business_owner
+      api_field :business_unit, :tag => :business_unit
+      api_field :tags, :tag => :tags
+      
+      api_type_field :static_analysis, :tag => :static_analysis, :as => Analysis
+      api_type_field :dynamic_analysis, :tag => :dynamic_analysis, :as => Analysis
+      api_type_field :manual_analysis, :tag => :manual_analysis, :as => ManualAnalysis
+      api_type_field :flaw_status, :tag => :flaw_status, :as => FlawStatus
+      
+      def is_latest_build?
+        @is_latest_build ||= @xml_hash.is_latest_build.to_bool
+      end
+      
+      def grace_period_expired?
+        @grace_period_expired ||= @xml_hash.grace_period_expired.to_bool
+      end      
+      
+      def severity
+        @severity ||= []
+        if @severity.empty?
+          if @xml_hash.severity.class == Array
+            @severity = @xml_hash.severity.map do |sev|
+              Severity.new(sev)
+            end
+          else
+            @severity << Severity.new(@xml_hash.severity)
+          end
+        end
+        return @severity
+      end
+    end
+    
+  end
+end

data/lib/veracode/api/flaws.rb

@@ -0,0 +1,154 @@
+require 'veracode/api/types'
+
+module Veracode
+  module Result
+    class AnnotationType < Veracode::Common::Base
+      api_field :action, :tag => :action
+      api_field :description, :tag => :description
+      api_field :user, :tag => :user
+      api_field :date, :tag => :date
+    end
+    
+    class Annotations < Veracode::Common::Base
+      def annotation
+        @annotations ||= [] 
+        begin
+          if @annotations.empty?
+            if @xml_hash.annotation.class == Array 
+              @annotations = @xml_hash.annotation.map do |annotation|
+                AnnotationType.new(annotation)
+              end
+            else
+              @annotations << AnnotationType.new(@xml_hash.annotation) 
+            end
+          end
+        rescue NoMethodError
+        end
+        
+        return @annotations
+      end
+    end
+    
+    class MitigationType < Veracode::Common::Base
+      api_field :action, :tag => :action
+      api_field :description, :tag => :description
+      api_field :user, :tag => :user
+      api_field :date, :tag => :date
+    end
+    
+    class Mitigations < Veracode::Common::Base
+      def mitigation
+        @mitigations ||= [] 
+        begin
+          if @mitigations.empty?
+            if @xml_hash.mitigation.class == Array 
+              @mitigations = @xml_hash.mitigation.map do |mitigation|
+                MitigationType.new(mitigation)
+              end
+            else
+              @mitigations << MitigationType.new(@xml_hash.mitigation) 
+            end
+          end
+        rescue NoMethodError
+        end
+        
+        return @mitigations
+      end
+    end
+    
+    class ExploitabilityAdjustment < Veracode::Common::Base
+      api_field :note, :tag => :note
+      api_field :score_adjustment, :tag => :score_adjustment
+    end
+    
+    class ExploitAdjustment < Veracode::Common::Base
+      def exploitability_adjustment
+        @exploitability_adjustments ||= [] 
+        begin
+          if @exploitability_adjustments.empty?
+            if @xml_hash.exploitability_adjustment.class == Array 
+              @exploitability_adjustments = @xml_hash.exploitability_adjustment.map do |exploitability_adjustment|
+                ExploitabilityAdjustment.new(exploitability_adjustment)
+              end
+            else
+              @exploitability_adjustments << ExploitabilityAdjustment.new(@xml_hash.exploitability_adjustment) 
+            end
+          end
+        rescue NoMethodError
+        end
+        
+        return @exploitability_adjustments
+      end
+    end
+    
+    class Flaw < Veracode::Common::Base
+      api_field :severity, :tag => :severity
+      api_field :categoryname, :tag => :categoryname
+      api_field :count, :tag => :count
+      api_field :issueid, :tag => :issueid
+      api_field :module, :tag => :module
+      api_field :type, :tag => :type
+      api_field :description, :tag => :description
+      api_field :note, :tag => :note
+      api_field :cweid, :tag => :cweid
+      api_field :remediationeffort, :tag => :remediationeffort
+      api_field :exploitlevel, :tag => :exploitLevel
+      api_field :categoryid, :tag => :categoryid
+      api_field :date_first_occurrence, :tag => :date_first_occurrence
+      api_field :remediation_status, :tag => :remediation_status
+      api_field :sourcefile, :tag => :sourcefile
+      api_field :line, :tag => :line
+      api_field :sourcefilepath, :tag => :sourcefilepath
+      api_field :scope, :tag => :scope
+      api_field :functionprototype, :tag => :functionprototype
+      api_field :functionrelativelocation, :tag => :functionrelativelocation
+      api_field :url, :tag => :url
+      api_field :vuln_parameter, :tag => :vuln_parameter
+      api_field :location, :tag => :location
+      api_field :cvss, :tag => :cvss
+      api_field :capecid, :tag => :capecid
+      api_field :exploitdifficulty, :tag => :exploitdifficulty
+      api_field :inputvector, :tag => :inputvector
+      api_field :cia_impact, :tag => :cia_impact
+      api_field :grace_period_expires, :tag => :grace_period_expires
+      
+      def pcirelated?
+        @pcirelated ||= @xml_hash.pcirelated.to_bool
+      end
+      
+      def affects_policy_compliance?
+        @affects_policy_compliance ||= @xml_hash.affects_policy_compliance.to_bool
+      end
+      
+      api_field :exploit_desc, :tag => :exploit_desc
+      api_field :severity_desc, :tag => :severity_desc
+      api_field :remediation_desc, :tag => :remediation_desc
+ 
+      api_type_field :exploitability_adjustments, :tag => :exploitability_adjustments, :as => ExploitAdjustment
+      api_type_field :appendix, :tag => :appendix, :as => AppendixType
+      api_type_field :mitigations, :tag => :mitigations, :as => Mitigations
+      api_type_field :annotations, :tag => :annotations, :as => Annotations
+    end
+    
+    class Flaws < Veracode::Common::Base
+      def flaws
+        @flaws ||= [] 
+        begin
+          if @flaws.empty?
+            if @xml_hash.flaw.class == Array 
+              @flaws = @xml_hash.flaw.map do |flaw|
+                Flaw.new(flaw)
+              end
+            else
+              @flaws << Flaw.new(@xml_hash.flaw) 
+            end
+          end
+        rescue NoMethodError
+        end
+        
+        return @flaws
+      end
+    end
+  end
+end
+