veracode 1.0.0.alpha10 → 1.0.0.alpha17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/bin/veracode +22 -1
- data/lib/veracode.rb +158 -95
- data/lib/veracode/version.rb +1 -1
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: e5cb7c4ca35c0ba950a80cd3128abe49464b68357d59528a09af7e17998bf2d9
|
|
4
|
+
data.tar.gz: fea0072496133717cc1f109cfe987eee7ee6099443c6032efd594c823338353f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 955ceacaea17f867fbbacbeb50607cdf71c4392474e71d73c5a3ba2c585139fef63ea6b73cc1fd6713a078e76c2855465f65a9a567d066a654989a3fdac9caf7
|
|
7
|
+
data.tar.gz: 0700d727fe2b5a19ebec8ba118e6d4438473e3234ffbd3fa26520f7cce054fd9fd5cd5c20d1d09e550bbcb417708cccf1019ad24a784f3e6b59a8fbea30de1a9
|
data/bin/veracode
CHANGED
|
@@ -23,8 +23,13 @@ require 'veracode/version'
|
|
|
23
23
|
$options = {
|
|
24
24
|
:archive_source => true,
|
|
25
25
|
:include_inherited => false,
|
|
26
|
-
:jruby => false,
|
|
27
26
|
:environment => false,
|
|
27
|
+
:verbose => false,
|
|
28
|
+
:jruby => false,
|
|
29
|
+
:skipactiverecord => false,
|
|
30
|
+
:skipactionview => false,
|
|
31
|
+
:skipsprockets => false,
|
|
32
|
+
:snapshot => false
|
|
28
33
|
}
|
|
29
34
|
|
|
30
35
|
subcommand = ARGV.shift
|
|
@@ -41,6 +46,18 @@ case subcommand
|
|
|
41
46
|
$options[:jruby] = true
|
|
42
47
|
end
|
|
43
48
|
|
|
49
|
+
opts.on("-O", "--skip-active-record", "Skip ActiveRecord") do
|
|
50
|
+
$options[:skipactiverecord] = true
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
opts.on("-V", "--skip-action-view", "Skip ActionView") do
|
|
54
|
+
$options[:skipactionview] = true
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
opts.on("-S", "--skip-sprockets", "Skip Sprockets") do
|
|
58
|
+
$options[:skipsprockets] = true
|
|
59
|
+
end
|
|
60
|
+
|
|
44
61
|
# opts.on("--[no-]source", "[Don't] Include source code in archive") do |s|
|
|
45
62
|
# $options[:archive_source] = s
|
|
46
63
|
# end
|
|
@@ -49,6 +66,10 @@ case subcommand
|
|
|
49
66
|
$DEBUG = true
|
|
50
67
|
end
|
|
51
68
|
|
|
69
|
+
opts.on("--debug-snapshot", "Generate a snapshot of the prepare state for Veracode debugging.") do
|
|
70
|
+
$options[:snapshot] = true
|
|
71
|
+
end
|
|
72
|
+
|
|
52
73
|
end.parse!
|
|
53
74
|
|
|
54
75
|
Veracode.prepare
|
data/lib/veracode.rb
CHANGED
|
@@ -202,7 +202,11 @@ module Veracode
|
|
|
202
202
|
exit
|
|
203
203
|
end
|
|
204
204
|
|
|
205
|
-
|
|
205
|
+
if $options[:snapshot]
|
|
206
|
+
puts "Please provide #{@archive_filename} to veracode for further investigation."
|
|
207
|
+
else
|
|
208
|
+
puts "Please upload #{@archive_filename}"
|
|
209
|
+
end
|
|
206
210
|
end
|
|
207
211
|
|
|
208
212
|
def self.cleanup
|
|
@@ -419,20 +423,25 @@ module Veracode
|
|
|
419
423
|
##############################################################################
|
|
420
424
|
# Archiving Headers
|
|
421
425
|
def self.class_header(c)
|
|
422
|
-
|
|
426
|
+
begin
|
|
427
|
+
return "" unless c.is_a? Class
|
|
423
428
|
|
|
424
|
-
|
|
429
|
+
puts " class header" if $options[:verbose]
|
|
425
430
|
|
|
426
|
-
|
|
427
|
-
|
|
431
|
+
case
|
|
432
|
+
when c.superclass.nil? # this should only happen for BasicObject
|
|
433
|
+
return ""
|
|
434
|
+
when c.superclass.name.nil? # in case the parent is anonymous
|
|
435
|
+
name = c.superclass.to_s.dump
|
|
436
|
+
else
|
|
437
|
+
name = c.superclass.name.dump
|
|
438
|
+
end
|
|
439
|
+
|
|
440
|
+
"superclass #{name}\n"
|
|
441
|
+
rescue Exception => e
|
|
442
|
+
log_error e.message
|
|
428
443
|
return ""
|
|
429
|
-
when c.superclass.name.nil? # in case the parent is anonymous
|
|
430
|
-
name = c.superclass.to_s.dump
|
|
431
|
-
else
|
|
432
|
-
name = c.superclass.name.dump
|
|
433
444
|
end
|
|
434
|
-
|
|
435
|
-
"superclass #{name}\n"
|
|
436
445
|
end
|
|
437
446
|
|
|
438
447
|
def self.module_header(m)
|
|
@@ -440,14 +449,27 @@ module Veracode
|
|
|
440
449
|
|
|
441
450
|
puts " module header" if $options[:verbose]
|
|
442
451
|
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
452
|
+
formatted_contents = ""
|
|
453
|
+
|
|
454
|
+
begin
|
|
455
|
+
formatted_contents += ( m.included_modules.count > 0 ?
|
|
456
|
+
m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join :
|
|
457
|
+
""
|
|
458
|
+
)
|
|
459
|
+
rescue Exception => e
|
|
460
|
+
log_error "Error archiving module header #{m.inspect.dump}: #{e.message}"
|
|
461
|
+
end
|
|
462
|
+
|
|
463
|
+
begin
|
|
464
|
+
formatted_contents += ( m.respond_to?(:singleton_class) && m.singleton_class.included_modules.count > 0 ?
|
|
465
|
+
m.singleton_class.included_modules.map {|m| "extend #{m.inspect.dump}\n" }.join :
|
|
466
|
+
""
|
|
467
|
+
)
|
|
468
|
+
rescue Exception => e
|
|
469
|
+
log_error "Error archiving module header #{m.inspect.dump}: #{e.message}"
|
|
470
|
+
end
|
|
471
|
+
|
|
472
|
+
return formatted_contents
|
|
451
473
|
end
|
|
452
474
|
|
|
453
475
|
|
|
@@ -496,51 +518,63 @@ module Veracode
|
|
|
496
518
|
# m.respond_to?(:global_variables) was throwing exceptions
|
|
497
519
|
end
|
|
498
520
|
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
m.__send__(get_methods, $options[:include_inherited]).
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
507
|
-
|
|
521
|
+
begin
|
|
522
|
+
%w[ public protected private ].each {|p|
|
|
523
|
+
get_methods = (p + "_instance_methods").to_sym
|
|
524
|
+
if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
|
|
525
|
+
m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
|
|
526
|
+
begin
|
|
527
|
+
method = m.instance_method(m_symbol)
|
|
528
|
+
formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
|
|
529
|
+
rescue Exception => e
|
|
530
|
+
log_error "Error archiving #{p.to_s} instance method #{m_symbol.to_s.dump}: #{e.message}"
|
|
531
|
+
end
|
|
508
532
|
end
|
|
509
533
|
end
|
|
510
|
-
|
|
511
|
-
|
|
534
|
+
}
|
|
535
|
+
rescue Exception => e
|
|
536
|
+
# m.respond_to?(get_methods)
|
|
537
|
+
end
|
|
512
538
|
|
|
513
539
|
formatted_contents
|
|
514
540
|
end
|
|
515
541
|
|
|
516
542
|
def self.object_contents(o, with_disasm=true)
|
|
517
|
-
return "" unless o.is_a?
|
|
543
|
+
return "" unless !o.nil? && o.is_a?(Object)
|
|
518
544
|
|
|
519
545
|
puts " object contents" if $options[:verbose]
|
|
520
546
|
|
|
521
547
|
formatted_contents = ""
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
o.instance_variables.
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
548
|
+
|
|
549
|
+
begin
|
|
550
|
+
if o.respond_to?(:instance_variables) && o.instance_variables.count > 0
|
|
551
|
+
o.instance_variables.each do |v_symbol|
|
|
552
|
+
begin
|
|
553
|
+
v = o.instance_variable_get(v_symbol)
|
|
554
|
+
formatted_contents += format_variable(v_symbol, v, "instance")
|
|
555
|
+
rescue Exception => e
|
|
556
|
+
log_error "Error archiving instance variable #{v_symbol.to_s.dump}: #{e.message}"
|
|
557
|
+
formatted_contents += format_variable(v_symbol, :veracode_nil, "instance")
|
|
558
|
+
end
|
|
531
559
|
end
|
|
532
560
|
end
|
|
561
|
+
rescue Exception => e
|
|
562
|
+
log_error "Error getting :instance_variables for object #{o}: #{e.message}"
|
|
533
563
|
end
|
|
534
564
|
|
|
535
|
-
|
|
536
|
-
o.singleton_methods($options[:include_inherited]).
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
565
|
+
begin
|
|
566
|
+
if o.respond_to?(:singleton_methods) && o.singleton_methods($options[:include_inherited]).count > 0
|
|
567
|
+
o.singleton_methods($options[:include_inherited]).each do |m_symbol|
|
|
568
|
+
begin
|
|
569
|
+
m = o.method(m_symbol)
|
|
570
|
+
formatted_contents += format_method(m, "singleton", with_disasm)
|
|
571
|
+
rescue Exception => e
|
|
572
|
+
log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
|
|
573
|
+
end
|
|
542
574
|
end
|
|
543
575
|
end
|
|
576
|
+
rescue Exception => e
|
|
577
|
+
log_error "Error getting :singleton_methods for object #{o}: #{e.message}"
|
|
544
578
|
end
|
|
545
579
|
|
|
546
580
|
formatted_contents
|
|
@@ -550,13 +584,12 @@ module Veracode
|
|
|
550
584
|
##############################################################################
|
|
551
585
|
# Archiving Objects
|
|
552
586
|
def self.archive(objects, with_disasm=true)
|
|
553
|
-
|
|
554
587
|
objects = objects - [
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
588
|
+
Veracode,
|
|
589
|
+
Veracode::ActiveRecord,
|
|
590
|
+
Veracode::ActiveRecord::Model,
|
|
591
|
+
Veracode::ActiveRecord::Schema,
|
|
592
|
+
]
|
|
560
593
|
|
|
561
594
|
if $options[:verbose]
|
|
562
595
|
puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
|
|
@@ -565,20 +598,16 @@ module Veracode
|
|
|
565
598
|
|
|
566
599
|
objects.sort_by {|o| safe_name(o) }.each do |o|
|
|
567
600
|
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
add_to_archive "#{o.class.to_s.downcase} #{quote(safe_name(o))}\n" +
|
|
571
|
-
|
|
572
|
-
( o.is_a?(Class) ? class_header(o) : "") + # superclass
|
|
573
|
-
( o.is_a?(Module) ? module_header(o) : "") + # included modules
|
|
601
|
+
puts "archiving #{o.class.to_s.downcase} #{quote(safe_name(o))}" if $options[:verbose]
|
|
574
602
|
|
|
575
|
-
|
|
576
|
-
|
|
577
|
-
|
|
578
|
-
|
|
579
|
-
|
|
603
|
+
add_to_archive "#{o.class.to_s.downcase} #{quote(safe_name(o))}\n" +
|
|
604
|
+
( o.is_a?(Class) ? class_header(o) : "") + # superclass
|
|
605
|
+
( o.is_a?(Module) ? module_header(o) : "") + # included modules
|
|
606
|
+
( (o.is_a?(Object) && !o.nil?) ? object_contents(o, with_disasm) : "") +
|
|
607
|
+
( o.is_a?(Module) ? module_contents(o, with_disasm) : "") +
|
|
608
|
+
"end#{o.class.to_s.downcase}\n" +
|
|
609
|
+
"\n"
|
|
580
610
|
end
|
|
581
|
-
|
|
582
611
|
end
|
|
583
612
|
|
|
584
613
|
|
|
@@ -626,7 +655,11 @@ module Veracode
|
|
|
626
655
|
|
|
627
656
|
assigns = {}
|
|
628
657
|
view = ActionView::Base.new(view_paths, assigns)
|
|
629
|
-
|
|
658
|
+
begin
|
|
659
|
+
|
|
660
|
+
rescue Exception => e
|
|
661
|
+
log_error "Unable to get controller view context (#{e.message})"
|
|
662
|
+
end
|
|
630
663
|
|
|
631
664
|
templates.each { |template|
|
|
632
665
|
puts "Compiling template #{template}" if $options[:verbose]
|
|
@@ -845,7 +878,17 @@ end
|
|
|
845
878
|
|
|
846
879
|
puts "Phase 2 - Load Rails" if $options[:verbose]
|
|
847
880
|
begin
|
|
848
|
-
|
|
881
|
+
if $options[:skipactiverecord] || $options[:skipactionview] || $options[:skipsprockets]
|
|
882
|
+
require "active_model/railtie"
|
|
883
|
+
require "active_record/railtie" unless $options[:skipactiverecord]
|
|
884
|
+
require "action_controller/railtie"
|
|
885
|
+
require "action_mailer/railtie"
|
|
886
|
+
require "action_view/railtie" unless $options[:skipactionview]
|
|
887
|
+
require "sprockets/railtie" unless $options[:skipsprockets]
|
|
888
|
+
require "rails/test_unit/railtie"
|
|
889
|
+
else
|
|
890
|
+
require "rails/all"
|
|
891
|
+
end
|
|
849
892
|
rescue Exception => e
|
|
850
893
|
puts "Unable to require rails: #{e.message}"
|
|
851
894
|
log_error "Unable to require rails: #{e.message}"
|
|
@@ -856,9 +899,9 @@ end
|
|
|
856
899
|
|
|
857
900
|
## Imitate script/rails
|
|
858
901
|
# APP_PATH = File.expand_path('config/application')
|
|
859
|
-
|
|
902
|
+
# APP_PATH is already set in bin/veracode
|
|
860
903
|
#require File.expand_path('../../config/boot', __FILE__)
|
|
861
|
-
|
|
904
|
+
glob_require "config/boot.rb"
|
|
862
905
|
#require 'rails/commands'
|
|
863
906
|
# this will trigger the console to be launched
|
|
864
907
|
# ARGV.clear
|
|
@@ -867,7 +910,16 @@ end
|
|
|
867
910
|
# require 'rails/commands'
|
|
868
911
|
|
|
869
912
|
## Imitate rails/commands when console
|
|
870
|
-
|
|
913
|
+
if Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
|
|
914
|
+
cond_require 'rails/command.rb'
|
|
915
|
+
cond_require 'rails/command/actions.rb'
|
|
916
|
+
cond_require 'rails/command/base.rb'
|
|
917
|
+
cond_require 'rails/command/behavior.rb'
|
|
918
|
+
cond_require 'rails/command/environment_argument.rb'
|
|
919
|
+
cond_require 'rails/commands/console/console_command.rb'
|
|
920
|
+
else
|
|
921
|
+
cond_require 'rails/commands/console.rb'
|
|
922
|
+
end
|
|
871
923
|
# require APP_PATH # => config/application.rb
|
|
872
924
|
|
|
873
925
|
glob_require "config/application.rb"
|
|
@@ -903,35 +955,46 @@ end
|
|
|
903
955
|
|
|
904
956
|
puts "Phase 3 - Imitate Rails" if $options[:verbose]
|
|
905
957
|
|
|
906
|
-
|
|
907
|
-
|
|
908
|
-
any_new
|
|
909
|
-
|
|
910
|
-
|
|
911
|
-
|
|
912
|
-
|
|
958
|
+
begin
|
|
959
|
+
any_new = true
|
|
960
|
+
while any_new
|
|
961
|
+
any_new = false
|
|
962
|
+
any_new |= glob_require "lib/**/*.rb"
|
|
963
|
+
any_new |= glob_require "app/**/*.rb"
|
|
964
|
+
puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
|
|
965
|
+
end
|
|
913
966
|
|
|
914
|
-
|
|
967
|
+
compile_templates
|
|
915
968
|
|
|
916
|
-
|
|
917
|
-
|
|
969
|
+
self.update
|
|
970
|
+
self.stats if $options[:verbose]
|
|
918
971
|
|
|
919
|
-
|
|
920
|
-
|
|
972
|
+
# Ensure compiled templates are fully disassembled in archive
|
|
973
|
+
@baseline_modules.delete(ActionView::CompiledTemplates)
|
|
921
974
|
|
|
922
|
-
|
|
923
|
-
|
|
924
|
-
|
|
925
|
-
|
|
926
|
-
|
|
927
|
-
|
|
928
|
-
|
|
929
|
-
|
|
930
|
-
|
|
931
|
-
|
|
932
|
-
|
|
933
|
-
|
|
934
|
-
|
|
975
|
+
if $options[:environment]
|
|
976
|
+
puts "Processing and disassembling environment"
|
|
977
|
+
archive(@modules.reject {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
|
|
978
|
+
.reject {|o| safe_name(o) =~ /^Veracode/ }
|
|
979
|
+
.reject {|o| safe_name(o) =~ /^EmptyRails/ }
|
|
980
|
+
.reject {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
|
|
981
|
+
else
|
|
982
|
+
puts "Processing Ruby and Rails classes and modules"
|
|
983
|
+
archive(@baseline_modules, false)
|
|
984
|
+
add_to_archive "\n# Phase 3 - App disassembly\n"
|
|
985
|
+
puts "Processing and disassembling #{APP_NAME} classes and modules"
|
|
986
|
+
archive(@modules - @baseline_modules, true)
|
|
987
|
+
archive_schema
|
|
988
|
+
|
|
989
|
+
end
|
|
990
|
+
|
|
991
|
+
rescue Exception => e
|
|
992
|
+
if $options[:snapshot]
|
|
993
|
+
log_error e.message
|
|
994
|
+
log_error e.backtrace.join("\n")
|
|
995
|
+
else
|
|
996
|
+
raise
|
|
997
|
+
end
|
|
935
998
|
end
|
|
936
999
|
|
|
937
1000
|
## /phase 3 - require app
|
data/lib/veracode/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: veracode
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.0.
|
|
4
|
+
version: 1.0.0.alpha17
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Veracode
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-05-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rubyzip
|
|
@@ -55,10 +55,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
55
55
|
version: 1.3.1
|
|
56
56
|
requirements: []
|
|
57
57
|
rubyforge_project:
|
|
58
|
-
rubygems_version: 2.
|
|
58
|
+
rubygems_version: 2.7.8
|
|
59
59
|
signing_key:
|
|
60
60
|
specification_version: 4
|
|
61
61
|
summary: Command line tool for preparing your Ruby on Rails app for submission to
|
|
62
62
|
Veracode
|
|
63
63
|
test_files: []
|
|
64
|
-
has_rdoc:
|