veracode 1.0.0.alpha → 1.0.0.alpha6

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 902b115fab8cb21e15a5bd54aef3246f5380de49
+  data.tar.gz: ca13044ad546a545134ed74b7b7a3a0504329e47
+SHA512:
+  metadata.gz: 2268ae1531eedcc77c9b21b77d544c06c6a1f8b10f74504b9c616a092a6d95c2966e8f98188d1f40fbba87eb9701511268a9b614c5f2a35911f0c41630770b47
+  data.tar.gz: 66bc411b52c53ff87c5958eb9a6c2dd1b66048d3d5fa3e2beca07798476eb9899fcb0385cf857fbd20a1e48493394a919729de0560efe47fe26d2867ed70c35c

data/bin/veracode

@@ -13,6 +13,7 @@ APP_NAME = File.basename(Dir.pwd)
 COMMAND = "#{$0} #{ARGV.join(' ')}"
 
 require 'veracode'
+require 'veracode/version'
 
 $options =  {
               :phase1 => false, 
@@ -58,12 +59,18 @@ case subcommand
 
     Veracode.prepare
 
+  when "version", "--version", "-v"
+    puts File.basename($0, '.*') + " " + Veracode::VERSION
+
   when "help", nil
     ARGV.clear
     ARGV.unshift "--help"
 
     OptionParser.new do |opts|
-      opts.banner = "Usage: veracode prepare [options]"
+      opts.banner = "#{opts.program_name} #{Veracode::VERSION}\n" + 
+                    "Usage: #{opts.program_name} prepare [options]\n" + 
+                    "       #{opts.program_name} version\n" + 
+                    "       #{opts.program_name} help"
     end.parse!
 
   else

data/lib/veracode.rb

@@ -1,34 +1,45 @@
+require 'pathname'
+require 'set'
 require 'zlib'
-require 'zip/zip'
-require "veracode/version"
+require 'zip'
+require 'veracode/version'
+require 'veracode/schema'
+require 'veracode/gems'
 
 module Veracode
   @run_id = nil
+  @required_libs = Set.new
 
   # Metadata and method disassemblies for all Modules (.txt.gz)
   @disasmlog = nil
-  @disasmlog_filename = "disasm.txt.gz"
+  @disasmlog_filename = 'disasm.txt.gz'
 
   # Error log including capture of STDERR and any errors generated by the gem (.log)
   @errorlog = nil
-  @errorlog_filename = "error.log"
+  @errorlog_filename = 'error.log'
 
   # Index file containing the names of files present in the application directory (.txt)
-  @index_filename = "index.txt"
+  @index_filename = 'index.txt'
 
   # Manifest file containing original names of all files in archive (.txt)
   @manifest = []
-  @manifest_filename = "manifest.txt"
+  @manifest_filename = 'manifest.txt'
+
+  # XML file containing list of gems used by application
+  @gems_filename = 'gems.xml'
+
+  # Archive version file containing archive format version identifier
+  @version_filename = 'version.txt'
 
   # The final archive that will be uploaded to Veracode for analysis (.zip)
   @archive = nil
   @archive_filename = nil
   @archive_dirname = nil
 
-
   def self.init
     @run_id = Time.now.strftime("%Y%m%d%H%M%S")
     @archive_dirname = File.join("tmp","veracode-#{@run_id}")
+    @required_libs.merge(["pathname", "set", "zlib", "zip/zip", "veracode"])
 
     if !Dir.exists?("tmp")
       begin
@@ -57,9 +68,11 @@ module Veracode
     @disasmlog_filename = File.join(@archive_dirname, @disasmlog_filename)
     @index_filename     = File.join(@archive_dirname, @index_filename)
     @manifest_filename  = File.join(@archive_dirname, @manifest_filename)
+    @gems_filename      = File.join(@archive_dirname, @gems_filename)
+    @version_filename   = File.join(@archive_dirname, @version_filename)
 
     # Try touching each of the files to be written
-    [@disasmlog_filename, @errorlog_filename, @index_filename, @manifest_filename].each {|f|
+    [@disasmlog_filename, @errorlog_filename, @index_filename, @manifest_filename, @gems_filename, @version_filename].each {|f|
       begin
         File.open(f, "wb") {}
       rescue Exception => e
@@ -76,6 +89,7 @@ module Veracode
       log_error "RUBY_DESCRIPTION: #{RUBY_DESCRIPTION}"
       log_error "RAILS_VERSION: " + `rails --version`.chomp
       log_error "GEM_VERSION: #{Veracode::VERSION}"
+      log_error "ARCHIVE_VERSION: #{Veracode::ARCHIVE_VERSION}"
       log_error "PWD: #{Dir.pwd.to_s.dump}"
       log_error "APP_NAME: #{APP_NAME.dump}"
       log_error "RUNID: #{@run_id}"
@@ -86,6 +100,16 @@ module Veracode
       STDERR.reopen(@errorlog)
     end
 
+    begin
+      File.open(@version_filename, "wb") {|version_file|
+        version_file.puts Veracode::ARCHIVE_VERSION
+      }
+    rescue Exception => e
+      log_error "Unable to write to archive version file #{@version_filename}: #{e.message}"
+    end
+
+    list_gems
+
     index_application
 
     @manifest += Dir.glob("*").keep_if {|f| File.file?(f)}
@@ -101,6 +125,8 @@ module Veracode
       @manifest |= Dir[File.join("**","*.rb")]
       # Add any other erb files not already added
       @manifest |= Dir[File.join("**","*.erb")]
+      # Add any other builder files not already added
+      @manifest |= Dir[File.join("**","*.builder")]
       # Add any other haml files not already added
       @manifest |= Dir[File.join("**","*.haml")]
     end
@@ -133,7 +159,7 @@ module Veracode
     @errorlog.flush
 
     begin
-      Zip::ZipFile.open(@archive_filename, Zip::ZipFile::CREATE) { |zf|
+      Zip::File.open(@archive_filename, Zip::File::CREATE) { |zf|
         @manifest.each {|file|
 
           if file.start_with?(@archive_dirname)
@@ -155,7 +181,7 @@ module Veracode
   end
 
   def self.cleanup
-    [@disasmlog_filename, @errorlog_filename, @index_filename, @manifest_filename].each {|f|
+    [@disasmlog_filename, @errorlog_filename, @index_filename, @manifest_filename, @gems_filename, @version_filename].each {|f|
       begin
         File.delete(f)
       rescue Exception => e
@@ -198,12 +224,20 @@ module Veracode
 
   ##############################################################################
   # Helpers
+  def self.cond_require(lib)
+    if @required_libs.add?(lib)
+      return require lib
+    end
+    return false
+  end
+
   def self.glob_require(files)
+    any_new = false
     Dir.glob(files) do |f|
       print "Requiring #{f.to_s} " if $options[:verbose]
       
       begin
-        require File.expand_path(f)
+        any_new |= cond_require File.expand_path(f)
       rescue Exception => e
         puts "(failed: #{e.message})" if $options[:verbose]
         log_error "Unable to require #{File.expand_path(f).to_s.dump} (#{e.message})"
@@ -212,6 +246,7 @@ module Veracode
       end
 
     end
+    return any_new
   end
 
   def self.safe_name(o)
@@ -412,8 +447,8 @@ module Veracode
 
     %w[ public protected private ].each {|p|
       get_methods = (p + "_instance_methods").to_sym
-      if m.respond_to?(get_methods) && m.send(get_methods, $options[:include_inherited]).count > 0
-        m.send(get_methods, $options[:include_inherited]).each do |m_symbol|
+      if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
+        m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
           begin
             method = m.instance_method(m_symbol)
             formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
@@ -465,7 +500,12 @@ module Veracode
   # Archiving Objects
   def self.archive(objects, with_disasm=true)
 
-    objects = objects - [Veracode]
+    objects = objects - [
+                          Veracode, 
+                          Veracode::ActiveRecord, 
+                          Veracode::ActiveRecord::Model, 
+                          Veracode::ActiveRecord::Schema,
+                         ]
 
     if $options[:verbose]
       puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
@@ -491,6 +531,68 @@ module Veracode
   end
 
 
+  def self.compile_templates
+
+    begin
+      cond_require 'action_view' unless defined? ActionView
+      cond_require 'action_controller' unless defined? ActionController
+    rescue Exception => e
+      log_error "Unable to satisfy haml dependencies (#{e.message})"
+      return
+    end
+
+    types = %w{ erb builder haml }
+    
+    view_paths = []
+    view_paths += ActionController::Base.view_paths.to_a.map(&:to_s)
+    view_paths |= [File.expand_path("app/views")]
+
+    puts "Looking for templates in #{view_paths.join(", ")}" if $options[:verbose]
+
+    templates = view_paths.map { |vp|
+      Dir[File.join(vp, "**", "*.erb")] + 
+      Dir[File.join(vp, "**", "*.builder")] + 
+      Dir[File.join(vp, "**", "*.haml")]
+    }.flatten
+
+    return unless templates.count > 0
+
+    puts "Found #{templates.count} templates" if $options[:verbose]
+    log_error "Found #{templates.count} templates"
+
+    haml_templates = templates.grep(/\.haml$/)
+    if haml_templates.any?
+      begin
+        cond_require 'haml' unless defined? Haml
+        cond_require 'haml/template/plugin' unless defined? Haml::Plugin
+      rescue Exception => e
+        puts "Unable to satisfy haml dependencies"
+        log_error "Unable to satisfy haml dependencies (#{e.message})"
+        templates -= haml_templates
+        puts "      #{templates.count} templates" if $options[:verbose]
+      end
+    end
+
+    assigns = {}
+    view = ActionView::Base.new(view_paths, assigns)
+    controller_view = ApplicationController.new.view_context
+
+    templates.each { |template|
+      puts "Compiling template #{template}" if $options[:verbose]
+
+      begin
+        # This render will fail, but will trigger compilation of template
+        view.render(:file => template)
+      rescue Exception => e
+        log_error "Compiled template #{template} #{e.message}"
+      end
+    }
+
+    puts "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates" if $options[:verbose]
+    log_error "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates"
+    log_error "Not all templates were compiled" if ActionView::CompiledTemplates.instance_methods.count < templates.count
+  end
+
   def self.compile_erb_templates
 
     # Rails 3 has wrapped Erubis to handle block helpers in ERB templates
@@ -563,9 +665,9 @@ module Veracode
     return unless templates.count > 0
 
     begin
-      require 'action_view'
-      require 'haml'
-      require 'haml/template/plugin'
+      cond_require 'action_view'
+      cond_require 'haml'
+      cond_require 'haml/template/plugin'
     rescue Exception => e
       log_error "Unable to satisfy haml dependencies (#{e.message})"
       return
@@ -604,7 +706,58 @@ module Veracode
 
   end
 
-
+    def self.require_libs(lib_paths)
+    for lib_path in lib_paths
+      dirsToProcess = [Pathname(lib_path)]
+      until dirsToProcess.count == 0 || !Dir.exists?(dirsToProcess[0])
+        currentDir = dirsToProcess.delete_at(0)
+        for child in currentDir.children
+          if child.directory?
+            dirsToProcess[dirsToProcess.count] = child
+	    base = child.to_s.partition("#{lib_path}/")[2]
+            lib = ""
+            for part in base.split('/').reverse
+              lib = "#{part}/#{lib}"
+              lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
+              begin
+                if cond_require lib
+                  puts "requiring #{lib}" if $options[:verbose]
+		end
+              rescue Exception => e
+              end
+	    end
+          end
+        end
+      end
+    end
+  end
+  
+  def self.require_rails(gemdir)
+    dirsToProcess = [Pathname(gemdir)]
+    until dirsToProcess.count == 0
+      currentDir = dirsToProcess.delete_at(0)
+      for child in currentDir.children
+        if child.directory?
+          dirsToProcess[dirsToProcess.count] = child
+        end
+        base = child.to_s.partition("#{gemdir}/")[2]
+        if base.index("action_controller") != nil || base.index("action_view") != nil || base.index("active_record") != nil
+	  lib = ""
+  	  for part in base.split('/').reverse
+  	    lib = "#{part}/#{lib}"
+	    lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
+	    lib.chomp!(File.extname(lib))
+	    begin
+	      if cond_require lib
+	        puts "requiring #{lib}" if $options[:verbose]
+	      end
+	    rescue Exception => e
+	    end
+	  end
+        end
+      end
+    end
+  end
 
 
 ################################################################################
@@ -653,12 +806,46 @@ module Veracode
 
     puts "Phase 2 - Load Rails" if $options[:verbose]
     begin
-      require "rails"
+      cond_require "rails"
+      cond_require 'action_controller'
+      cond_require 'action_view'
+      cond_require 'active_record'
     rescue Exception => e
       puts "Unable to require rails: #{e.message}"
       log_error "Unable to require rails: #{e.message}"
       exit
     else
+      @stdlib = $:
+      @gemdir = Gem.dir
+
+      ## Imitate script/rails
+      # APP_PATH = File.expand_path('config/application')
+        # APP_PATH is already set in bin/veracode
+      #require File.expand_path('../../config/boot',  __FILE__)
+        glob_require "config/boot.rb"
+      #require 'rails/commands'
+        # this will trigger the console to be launched
+        # ARGV.clear
+        # ARGV << 'console'
+        # ARGV << '--sandbox'
+        # require 'rails/commands'
+
+      ## Imitate rails/commands when console
+      glob_require 'rails/commands/console'
+      # require APP_PATH # => config/application.rb
+
+      glob_require "config/application.rb"
+
+      Rails.application.require_environment! unless $options[:jruby]
+      begin
+        cond_require 'sass'
+        cond_require 'sass/rails/importer'
+        cond_require 'multi_json/adapters/json_gem'
+      rescue Exception => e
+      end
+    
+      require_libs(@stdlib)
+      require_rails(@gemdir)
       puts "Required rails" if $options[:verbose]
     end
 
@@ -681,26 +868,6 @@ module Veracode
     # phase 3 - require app
 
     puts "Phase 3 - Imitate Rails" if $options[:verbose]
-
-    ## Imitate script/rails
-    # APP_PATH = File.expand_path('config/application')
-      # APP_PATH is already set in bin/veracode
-    #require File.expand_path('../../config/boot',  __FILE__)
-      glob_require "config/boot.rb"
-    #require 'rails/commands'
-      # this will trigger the console to be launched
-      # ARGV.clear
-      # ARGV << 'console'
-      # ARGV << '--sandbox'
-      # require 'rails/commands'
-
-    ## Imitate rails/commands when console
-    glob_require 'rails/commands/console'
-    # require APP_PATH # => config/application.rb
-
-    glob_require "config/application.rb"
-
-    Rails.application.require_environment! unless $options[:jruby]
     # Following line will actually kick off IRB
     # Rails::Console.start(Rails.application)
     
@@ -709,23 +876,28 @@ module Veracode
     glob_require "rails/console/app"
     glob_require "rails/console/helpers"
 
+    glob_require "lib/**/*.rb"
     glob_require "app/models/**/*.rb"
     glob_require "app/helpers/**/*.rb"
     glob_require "app/controllers/application_controller.rb"
     glob_require "app/controllers/**/*.rb"
 
-    compile_erb_templates
-    compile_haml_templates
+    compile_templates
 
     self.update
     self.stats if $options[:verbose]
 
+    # Ensure compiled templates are fully disassembled in archive
+    @baseline_modules.delete(ActionView::CompiledTemplates)
+
     if $options[:phase3]
       puts "Processing and disassembling #{APP_NAME} classes and modules"
       archive(@baseline_modules, false)
       archive(@modules - @baseline_modules, true)
     end
 
+    archive_schema
+
     ## /phase 3 - require app
     ################################################################
 

data/lib/veracode/gems.rb

@@ -0,0 +1,49 @@
+module Veracode
+  SupportedGems = %w{
+    actionmailer
+    actionpack
+    activemodel
+    activerecord
+    activeresource
+    activesupport
+    arel
+    builder
+    erubis
+    haml
+    haml-rails
+    rails
+    railties
+    veracode
+  }
+
+  def self.list_gems
+
+    gems = `bundle list`.each_line
+                        .reject {|line| line !~ /^  \* /}
+                        .map {|line| line[4..-1]}
+                        .map {|line| line.split.first}
+
+    begin
+      File.open(@gems_filename, "wb") {|gems_file|
+        gems_file.puts '<messages>'
+        gems.each {|gem|
+          gems_file << <<GEMS_XML
+  <message>
+    <platform>ruby</platform>
+    <name>#{gem}</name>
+    <detailed_message>#{gem}</detailed_message>
+    <token>#{gem}</token>
+    <package>rubygem.#{gem}</package>
+    <errorlevel>#{(SupportedGems.include?(gem) ? "info" : "warn" )}</errorlevel>
+    <type>framework_unsupported</type>
+  </message>
+GEMS_XML
+        }
+        gems_file.puts '</messages>'
+      }
+    rescue Exception => e
+      log_error "Unable to write to gem list to file #{@gems_filename}: #{e.message}"
+    end
+
+  end
+end

data/lib/veracode/schema.rb

@@ -0,0 +1,86 @@
+module Veracode
+  module ActiveRecord
+    class Model
+      attr_reader :name, :attributes
+      def initialize(name)
+        @name = name
+        @attributes = Array.new
+      end
+      def binary(name, *rest)
+        @attributes << [name, :binary]
+      end
+      def boolean(name, *rest)
+        @attributes << [name, :boolean]
+      end
+      def date(name, *rest)
+        @attributes << [name, :date]
+      end
+      def datetime(name, *rest)
+        @attributes << [name, :datetime]
+      end
+      def decimal(name, *rest)
+        @attributes << [name, :decimal]
+      end
+      def float(name, *rest)
+        @attributes << [name, :float]
+      end
+      def integer(name, *rest)
+        @attributes << [name, :integer]
+      end
+      def primary_key(name, *rest)
+        @attributes << [name, :primary_key]
+      end
+      def string(name, *rest)
+        @attributes << [name, :string]
+      end
+      def text(name, *rest)
+        @attributes << [name, :text]
+      end
+      def time(name, *rest)
+        @attributes << [name, :time]
+      end
+      def timestamp(name, *rest)
+        @attributes << [name, :timestamp]
+      end
+    end
+
+    class Schema
+      def self.define(info={}, &block)
+        Schema.new.instance_eval(&block)
+      end
+      def create_table(name, options={})
+        td = Model.new(name)
+        td.integer('id')
+        yield td if block_given?
+        Veracode.add_to_archive Veracode.format_variable("@@#{td.name}", td.attributes, 'class')
+      end
+      def add_index(table_name, column_name, options = {})
+      end
+    end
+  end
+
+  def self.archive_schema
+    puts "Evaluating and archiving schema information"
+    schema_file = File.join("db", "schema.rb")
+
+    begin
+      schema = 'Veracode::' + File.read(schema_file).each_line.reject {|l| l =~ /^\s*#/}.join      
+    rescue Exception => e
+      puts "Unable to retrieve schema information from 'db/schema.rb'. Are your migrations up to date?"
+      log_error "Unable to retrieve schema from 'db/schema.rb' (#{e.message})"
+      add_to_archive  %Q|module "Veracode::Schema"\n|
+      add_to_archive  %Q|endmodule\n\n|
+      return
+    end
+
+    add_to_archive  %Q|module "Veracode::Schema"\n|
+    begin
+      eval(schema)
+    rescue Exception => e
+      puts "Unable to evaluate schema information from 'db/schema.rb'. (#{e.message})"
+      log_error "Unable to evaluate 'db/schema.rb' (#{e.message})"
+    end
+    add_to_archive  %Q|endmodule\n\n|
+  end
+
+end

data/lib/veracode/version.rb

@@ -1,3 +1,4 @@
 module Veracode
-  VERSION = "1.0.0.alpha"
+  VERSION = '1.0.0.alpha6'
+  ARCHIVE_VERSION = '2012-07-04'
 end

metadata

@@ -1,27 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: veracode
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha
-  prerelease: 6
+  version: 1.0.0.alpha6
 platform: ruby
 authors:
 - Veracode
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-05-14 00:00:00.000000000 Z
+date: 2015-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubyzip
-  requirement: &70257511683960 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '1.0'
   type: :runtime
   prerelease: false
-  version_requirements: *70257511683960
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: Prepares your Ruby on Rails app for submission to Veracode.
 email: devcontact@veracode.com
 executables:
@@ -31,30 +33,34 @@ extra_rdoc_files: []
 files:
 - bin/veracode
 - lib/veracode.rb
+- lib/veracode/gems.rb
+- lib/veracode/schema.rb
 - lib/veracode/version.rb
 homepage: http://veracode.com/
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ~>
+  - - '>='
     - !ruby/object:Gem::Version
       version: 1.9.3.0
+  - - <
+    - !ruby/object:Gem::Version
+      version: 2.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>'
+  - - '>'
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 2.4.3
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Command line tool for preparing your Ruby on Rails app for submission to
   Veracode
 test_files: []