veracode 1.0.0.alpha11 → 1.0.0.alpha18

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +5 -5
  2. data/bin/veracode +10 -1
  3. data/lib/veracode.rb +157 -94
  4. data/lib/veracode/version.rb +1 -1
  5. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 964f87e830e4ecd33cebac6f2bc0b38348096e13
4
- data.tar.gz: 44210d8588d2d63f26deb090f0f749f2b6427ce6
2
+ SHA256:
3
+ metadata.gz: e42ef047b5e2b3f33eba714c33d5c13aa393679e704633ac93df478b6697c811
4
+ data.tar.gz: 5adf88dcca009894d9f1631061750d108e9ec3ab77de5ac6083c95aeda5db4e6
5
5
  SHA512:
6
- metadata.gz: e9b6eb4539068b5c29309b922bf376f2df68592605c01ca789a05241763456e219e0dcb456746ceae24ff51e536d2b6e26b191764480d5cc1065eb1b642a6e14
7
- data.tar.gz: 7bfd6df0aa27556f5c83c9d3df6522f9fd458bde3bf55cc4e90cc01be1872ae6973b8f095a8b8a46c0236e4b471644f664e01a7b6746fa37dcb223474f6acd45
6
+ metadata.gz: afcf1ebbc31dfb94ade508fdf858f6815a088d66d40982f82e2f7c439929b3eb2c803b5d238cea1825f7ed5f60cb0d483caa4d85032542d60e91be970c9d2db2
7
+ data.tar.gz: 8dd0fa92c21625c40df171a9ee8d4f5a8dc4f37f53f8a1dd223f5fbd8e5aefc1d0279915ff368d24b228eef690b0cafb5407a85c1cbb743e17e5127b34830c15
data/bin/veracode CHANGED
@@ -23,8 +23,13 @@ require 'veracode/version'
23
23
  $options = {
24
24
  :archive_source => true,
25
25
  :include_inherited => false,
26
- :jruby => false,
27
26
  :environment => false,
27
+ :verbose => false,
28
+ :jruby => false,
29
+ :skipactiverecord => false,
30
+ :skipactionview => false,
31
+ :skipsprockets => false,
32
+ :snapshot => false
28
33
  }
29
34
 
30
35
  subcommand = ARGV.shift
@@ -61,6 +66,10 @@ case subcommand
61
66
  $DEBUG = true
62
67
  end
63
68
 
69
+ opts.on("--debug-snapshot", "Generate a snapshot of the prepare state for Veracode debugging.") do
70
+ $options[:snapshot] = true
71
+ end
72
+
64
73
  end.parse!
65
74
 
66
75
  Veracode.prepare
data/lib/veracode.rb CHANGED
@@ -202,7 +202,11 @@ module Veracode
202
202
  exit
203
203
  end
204
204
 
205
- puts "Please upload #{@archive_filename}"
205
+ if $options[:snapshot]
206
+ puts "Please provide #{@archive_filename} to veracode for further investigation."
207
+ else
208
+ puts "Please upload #{@archive_filename}"
209
+ end
206
210
  end
207
211
 
208
212
  def self.cleanup
@@ -294,7 +298,8 @@ module Veracode
294
298
  begin
295
299
  ( o.nil? ? "nil" : o.to_s )
296
300
  rescue
297
- "nil"
301
+ log_error "Error testing #{o} with nil?. Probable monkey patching. #{e.message}"
302
+ ( o == nil ? "nil" : o.to_s ) # in case of monkey patched nil?
298
303
  end
299
304
  end
300
305
  when o.is_a?(Method), o.is_a?(UnboundMethod)
@@ -419,20 +424,25 @@ module Veracode
419
424
  ##############################################################################
420
425
  # Archiving Headers
421
426
  def self.class_header(c)
422
- return "" unless c.is_a? Class
427
+ begin
428
+ return "" unless c.is_a? Class
423
429
 
424
- puts " class header" if $options[:verbose]
430
+ puts " class header" if $options[:verbose]
425
431
 
426
- case
427
- when c.superclass.nil? # this should only happen for BasicObject
432
+ case
433
+ when c.superclass.nil? # this should only happen for BasicObject
434
+ return ""
435
+ when c.superclass.name.nil? # in case the parent is anonymous
436
+ name = c.superclass.to_s.dump
437
+ else
438
+ name = c.superclass.name.dump
439
+ end
440
+
441
+ "superclass #{name}\n"
442
+ rescue Exception => e
443
+ log_error e.message
428
444
  return ""
429
- when c.superclass.name.nil? # in case the parent is anonymous
430
- name = c.superclass.to_s.dump
431
- else
432
- name = c.superclass.name.dump
433
445
  end
434
-
435
- "superclass #{name}\n"
436
446
  end
437
447
 
438
448
  def self.module_header(m)
@@ -440,14 +450,27 @@ module Veracode
440
450
 
441
451
  puts " module header" if $options[:verbose]
442
452
 
443
- ( m.included_modules.count > 0 ?
444
- m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join :
445
- ""
446
- ) +
447
- ( m.respond_to?(:singleton_class) && m.singleton_class.included_modules.count > 0 ?
448
- m.singleton_class.included_modules.map {|m| "extend #{m.inspect.dump}\n" }.join :
449
- ""
450
- )
453
+ formatted_contents = ""
454
+
455
+ begin
456
+ formatted_contents += ( m.included_modules.count > 0 ?
457
+ m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join :
458
+ ""
459
+ )
460
+ rescue Exception => e
461
+ log_error "Error archiving module header #{m.inspect.dump}: #{e.message}"
462
+ end
463
+
464
+ begin
465
+ formatted_contents += ( m.respond_to?(:singleton_class) && m.singleton_class.included_modules.count > 0 ?
466
+ m.singleton_class.included_modules.map {|m| "extend #{m.inspect.dump}\n" }.join :
467
+ ""
468
+ )
469
+ rescue Exception => e
470
+ log_error "Error archiving module header #{m.inspect.dump}: #{e.message}"
471
+ end
472
+
473
+ return formatted_contents
451
474
  end
452
475
 
453
476
 
@@ -496,51 +519,70 @@ module Veracode
496
519
  # m.respond_to?(:global_variables) was throwing exceptions
497
520
  end
498
521
 
499
- %w[ public protected private ].each {|p|
500
- get_methods = (p + "_instance_methods").to_sym
501
- if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
502
- m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
503
- begin
504
- method = m.instance_method(m_symbol)
505
- formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
506
- rescue Exception => e
507
- log_error "Error archiving #{p.to_s} instance method #{m_symbol.to_s.dump}: #{e.message}"
522
+ begin
523
+ %w[ public protected private ].each {|p|
524
+ get_methods = (p + "_instance_methods").to_sym
525
+ if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
526
+ m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
527
+ begin
528
+ method = m.instance_method(m_symbol)
529
+ formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
530
+ rescue Exception => e
531
+ log_error "Error archiving #{p.to_s} instance method #{m_symbol.to_s.dump}: #{e.message}"
532
+ end
508
533
  end
509
534
  end
510
- end
511
- }
535
+ }
536
+ rescue Exception => e
537
+ # m.respond_to?(get_methods)
538
+ end
512
539
 
513
540
  formatted_contents
514
541
  end
515
542
 
516
543
  def self.object_contents(o, with_disasm=true)
517
- return "" unless o.is_a? Object
544
+ begin
545
+ return "" unless !o.nil?
546
+ rescue Exception => e
547
+ log_error "Error testing #{o} with nil?. Probable monkey patching. #{e.message}"
548
+ return "" if o == nil
549
+ end
550
+
551
+ return "" unless o.is_a?(Object)
518
552
 
519
553
  puts " object contents" if $options[:verbose]
520
554
 
521
555
  formatted_contents = ""
522
-
523
- if o.respond_to?(:instance_variables) && o.instance_variables.count > 0
524
- o.instance_variables.each do |v_symbol|
525
- begin
526
- v = o.instance_variable_get(v_symbol)
527
- formatted_contents += format_variable(v_symbol, v, "instance")
528
- rescue Exception => e
529
- log_error "Error archiving instance variable #{v_symbol.to_s.dump}: #{e.message}"
530
- formatted_contents += format_variable(v_symbol, :veracode_nil, "instance")
556
+
557
+ begin
558
+ if o.respond_to?(:instance_variables) && o.instance_variables.count > 0
559
+ o.instance_variables.each do |v_symbol|
560
+ begin
561
+ v = o.instance_variable_get(v_symbol)
562
+ formatted_contents += format_variable(v_symbol, v, "instance")
563
+ rescue Exception => e
564
+ log_error "Error archiving instance variable #{v_symbol.to_s.dump}: #{e.message}"
565
+ formatted_contents += format_variable(v_symbol, :veracode_nil, "instance")
566
+ end
531
567
  end
532
568
  end
569
+ rescue Exception => e
570
+ log_error "Error getting :instance_variables for object #{o}: #{e.message}"
533
571
  end
534
572
 
535
- if o.respond_to?(:singleton_methods) && o.singleton_methods($options[:include_inherited]).count > 0
536
- o.singleton_methods($options[:include_inherited]).each do |m_symbol|
537
- begin
538
- m = o.method(m_symbol)
539
- formatted_contents += format_method(m, "singleton", with_disasm)
540
- rescue Exception => e
541
- log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
573
+ begin
574
+ if o.respond_to?(:singleton_methods) && o.singleton_methods($options[:include_inherited]).count > 0
575
+ o.singleton_methods($options[:include_inherited]).each do |m_symbol|
576
+ begin
577
+ m = o.method(m_symbol)
578
+ formatted_contents += format_method(m, "singleton", with_disasm)
579
+ rescue Exception => e
580
+ log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
581
+ end
542
582
  end
543
583
  end
584
+ rescue Exception => e
585
+ log_error "Error getting :singleton_methods for object #{o}: #{e.message}"
544
586
  end
545
587
 
546
588
  formatted_contents
@@ -550,13 +592,13 @@ module Veracode
550
592
  ##############################################################################
551
593
  # Archiving Objects
552
594
  def self.archive(objects, with_disasm=true)
553
-
554
- objects = objects - [
555
- Veracode,
556
- Veracode::ActiveRecord,
557
- Veracode::ActiveRecord::Model,
558
- Veracode::ActiveRecord::Schema,
559
- ]
595
+ veracode_artifacts = Set[
596
+ safe_name(Veracode),
597
+ safe_name(Veracode::ActiveRecord),
598
+ safe_name(Veracode::ActiveRecord::Model),
599
+ safe_name(Veracode::ActiveRecord::Schema)
600
+ ]
601
+ objects = objects.reject { |o| veracode_artifacts.include?(safe_name(o)) }
560
602
 
561
603
  if $options[:verbose]
562
604
  puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
@@ -568,17 +610,13 @@ module Veracode
568
610
  puts "archiving #{o.class.to_s.downcase} #{quote(safe_name(o))}" if $options[:verbose]
569
611
 
570
612
  add_to_archive "#{o.class.to_s.downcase} #{quote(safe_name(o))}\n" +
571
-
572
- ( o.is_a?(Class) ? class_header(o) : "") + # superclass
573
- ( o.is_a?(Module) ? module_header(o) : "") + # included modules
574
-
575
- ( o.is_a?(Object) ? object_contents(o, with_disasm) : "") +
576
- ( o.is_a?(Module) ? module_contents(o, with_disasm) : "") +
577
-
578
- "end#{o.class.to_s.downcase}\n" +
579
- "\n"
613
+ ( o.is_a?(Class) ? class_header(o) : "") + # superclass
614
+ ( o.is_a?(Module) ? module_header(o) : "") + # included modules
615
+ ( o.is_a?(Object) ? object_contents(o, with_disasm) : "") +
616
+ ( o.is_a?(Module) ? module_contents(o, with_disasm) : "") +
617
+ "end#{o.class.to_s.downcase}\n" +
618
+ "\n"
580
619
  end
581
-
582
620
  end
583
621
 
584
622
 
@@ -626,7 +664,11 @@ module Veracode
626
664
 
627
665
  assigns = {}
628
666
  view = ActionView::Base.new(view_paths, assigns)
629
- controller_view = ApplicationController.new.view_context
667
+ begin
668
+
669
+ rescue Exception => e
670
+ log_error "Unable to get controller view context (#{e.message})"
671
+ end
630
672
 
631
673
  templates.each { |template|
632
674
  puts "Compiling template #{template}" if $options[:verbose]
@@ -866,9 +908,9 @@ end
866
908
 
867
909
  ## Imitate script/rails
868
910
  # APP_PATH = File.expand_path('config/application')
869
- # APP_PATH is already set in bin/veracode
911
+ # APP_PATH is already set in bin/veracode
870
912
  #require File.expand_path('../../config/boot', __FILE__)
871
- glob_require "config/boot.rb"
913
+ glob_require "config/boot.rb"
872
914
  #require 'rails/commands'
873
915
  # this will trigger the console to be launched
874
916
  # ARGV.clear
@@ -877,7 +919,16 @@ end
877
919
  # require 'rails/commands'
878
920
 
879
921
  ## Imitate rails/commands when console
880
- cond_require 'rails/commands/console.rb'
922
+ if Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
923
+ cond_require 'rails/command.rb'
924
+ cond_require 'rails/command/actions.rb'
925
+ cond_require 'rails/command/base.rb'
926
+ cond_require 'rails/command/behavior.rb'
927
+ cond_require 'rails/command/environment_argument.rb'
928
+ cond_require 'rails/commands/console/console_command.rb'
929
+ else
930
+ cond_require 'rails/commands/console.rb'
931
+ end
881
932
  # require APP_PATH # => config/application.rb
882
933
 
883
934
  glob_require "config/application.rb"
@@ -913,35 +964,47 @@ end
913
964
 
914
965
  puts "Phase 3 - Imitate Rails" if $options[:verbose]
915
966
 
916
- any_new = true
917
- while any_new
918
- any_new = false
919
- any_new |= glob_require "lib/**/*.rb"
920
- any_new |= glob_require "app/**/*.rb"
921
- puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
922
- end
967
+ begin
968
+ any_new = true
969
+ while any_new
970
+ any_new = false
971
+ any_new |= glob_require "lib/**/*.rb"
972
+ any_new |= glob_require "app/**/*.rb"
973
+ puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
974
+ end
923
975
 
924
- compile_templates
976
+ compile_templates
925
977
 
926
- self.update
927
- self.stats if $options[:verbose]
978
+ self.update
979
+ self.stats if $options[:verbose]
928
980
 
929
- # Ensure compiled templates are fully disassembled in archive
930
- @baseline_modules.delete(ActionView::CompiledTemplates)
981
+ # Ensure compiled templates are fully disassembled in archive
982
+ @baseline_modules.delete(ActionView::CompiledTemplates)
931
983
 
932
- if $options[:environment]
933
- puts "Processing and disassembling environment"
934
- archive(@modules.reject {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
935
- .reject {|o| safe_name(o) =~ /^Veracode/ }
936
- .reject {|o| safe_name(o) =~ /^EmptyRails/ }
937
- .reject {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
938
- else
939
- puts "Processing Ruby and Rails classes and modules"
940
- archive(@baseline_modules, false)
941
- add_to_archive "\n# Phase 3 - App disassembly\n"
942
- puts "Processing and disassembling #{APP_NAME} classes and modules"
943
- archive(@modules - @baseline_modules, true)
944
- archive_schema
984
+ if $options[:environment]
985
+ puts "Processing and disassembling environment"
986
+ archive(@modules.reject {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
987
+ .reject {|o| safe_name(o) =~ /^Veracode/ }
988
+ .reject {|o| safe_name(o) =~ /^EmptyRails/ }
989
+ .reject {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
990
+ else
991
+ puts "Processing Ruby and Rails classes and modules"
992
+ archive(@baseline_modules, false)
993
+ add_to_archive "\n# Phase 3 - App disassembly\n"
994
+ puts "Processing and disassembling #{APP_NAME} classes and modules"
995
+ safe_baseline_modules = @baseline_modules.each_with_object(Set.new) { |o, s| s << safe_name(o) }
996
+ archive(@modules.reject {|o| safe_baseline_modules.include?(safe_name(o))}, true)
997
+ archive_schema
998
+
999
+ end
1000
+
1001
+ rescue Exception => e
1002
+ if $options[:snapshot]
1003
+ log_error e.message
1004
+ log_error e.backtrace.join("\n")
1005
+ else
1006
+ raise
1007
+ end
945
1008
  end
946
1009
 
947
1010
  ## /phase 3 - require app
data/lib/veracode/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  module Veracode
2
- VERSION = '1.0.0.alpha11'
2
+ VERSION = '1.0.0.alpha18'
3
3
  ARCHIVE_VERSION = '2012-07-04'
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: veracode
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0.alpha11
4
+ version: 1.0.0.alpha18
5
5
  platform: ruby
6
6
  authors:
7
7
  - Veracode
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-02-07 00:00:00.000000000 Z
11
+ date: 2019-06-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rubyzip
@@ -55,10 +55,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
55
55
  version: 1.3.1
56
56
  requirements: []
57
57
  rubyforge_project:
58
- rubygems_version: 2.6.11
58
+ rubygems_version: 2.7.8
59
59
  signing_key:
60
60
  specification_version: 4
61
61
  summary: Command line tool for preparing your Ruby on Rails app for submission to
62
62
  Veracode
63
63
  test_files: []
64
- has_rdoc: