veracode 1.0.0.alpha11 → 1.0.0.alpha18

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 964f87e830e4ecd33cebac6f2bc0b38348096e13
-  data.tar.gz: 44210d8588d2d63f26deb090f0f749f2b6427ce6
+SHA256:
+  metadata.gz: e42ef047b5e2b3f33eba714c33d5c13aa393679e704633ac93df478b6697c811
+  data.tar.gz: 5adf88dcca009894d9f1631061750d108e9ec3ab77de5ac6083c95aeda5db4e6
 SHA512:
-  metadata.gz: e9b6eb4539068b5c29309b922bf376f2df68592605c01ca789a05241763456e219e0dcb456746ceae24ff51e536d2b6e26b191764480d5cc1065eb1b642a6e14
-  data.tar.gz: 7bfd6df0aa27556f5c83c9d3df6522f9fd458bde3bf55cc4e90cc01be1872ae6973b8f095a8b8a46c0236e4b471644f664e01a7b6746fa37dcb223474f6acd45
+  metadata.gz: afcf1ebbc31dfb94ade508fdf858f6815a088d66d40982f82e2f7c439929b3eb2c803b5d238cea1825f7ed5f60cb0d483caa4d85032542d60e91be970c9d2db2
+  data.tar.gz: 8dd0fa92c21625c40df171a9ee8d4f5a8dc4f37f53f8a1dd223f5fbd8e5aefc1d0279915ff368d24b228eef690b0cafb5407a85c1cbb743e17e5127b34830c15

data/bin/veracode

@@ -23,8 +23,13 @@ require 'veracode/version'
 $options =  {
               :archive_source => true,
               :include_inherited => false,
-              :jruby => false,
               :environment => false,
+              :verbose => false,
+              :jruby => false,
+              :skipactiverecord => false,
+              :skipactionview => false,
+              :skipsprockets => false,
+              :snapshot => false
             }
 
 subcommand = ARGV.shift
@@ -61,6 +66,10 @@ case subcommand
         $DEBUG = true
       end
 
+      opts.on("--debug-snapshot", "Generate a snapshot of the prepare state for Veracode debugging.") do 
+        $options[:snapshot] = true
+      end
+
     end.parse!
 
     Veracode.prepare

data/lib/veracode.rb

@@ -202,7 +202,11 @@ module Veracode
       exit
     end
 
-    puts "Please upload #{@archive_filename}"
+    if $options[:snapshot]
+      puts "Please provide #{@archive_filename} to veracode for further investigation."
+    else
+      puts "Please upload #{@archive_filename}"
+    end
   end
 
   def self.cleanup
@@ -294,7 +298,8 @@ module Veracode
         begin
           ( o.nil? ? "nil" : o.to_s )
         rescue
-          "nil"
+          log_error "Error testing #{o} with nil?. Probable monkey patching. #{e.message}"
+          ( o == nil ? "nil" : o.to_s ) # in case of monkey patched nil?
         end
       end
     when o.is_a?(Method), o.is_a?(UnboundMethod)
@@ -419,20 +424,25 @@ module Veracode
   ##############################################################################
   # Archiving Headers
   def self.class_header(c)
-    return "" unless c.is_a? Class
+    begin
+      return "" unless c.is_a? Class
 
-    puts "  class header" if $options[:verbose]
+      puts "  class header" if $options[:verbose]
 
-    case
-    when c.superclass.nil? # this should only happen for BasicObject
+      case
+      when c.superclass.nil? # this should only happen for BasicObject
+        return ""
+      when c.superclass.name.nil? # in case the parent is anonymous
+        name = c.superclass.to_s.dump
+      else
+        name = c.superclass.name.dump
+      end
+
+      "superclass #{name}\n"
+    rescue Exception => e
+      log_error e.message
       return ""
-    when c.superclass.name.nil? # in case the parent is anonymous
-      name = c.superclass.to_s.dump
-    else
-      name = c.superclass.name.dump
     end
-
-    "superclass #{name}\n"
   end
 
   def self.module_header(m)
@@ -440,14 +450,27 @@ module Veracode
 
     puts "  module header" if $options[:verbose]
 
-    ( m.included_modules.count > 0 ? 
-        m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join : 
-        ""
-    ) + 
-    ( m.respond_to?(:singleton_class) && m.singleton_class.included_modules.count > 0 ? 
-        m.singleton_class.included_modules.map {|m| "extend #{m.inspect.dump}\n" }.join : 
-        ""
-    )
+    formatted_contents = ""
+
+    begin
+      formatted_contents += ( m.included_modules.count > 0 ? 
+          m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join : 
+          ""
+        )
+    rescue Exception => e
+      log_error "Error archiving module header #{m.inspect.dump}: #{e.message}"
+    end
+
+    begin
+        formatted_contents += ( m.respond_to?(:singleton_class) && m.singleton_class.included_modules.count > 0 ? 
+            m.singleton_class.included_modules.map {|m| "extend #{m.inspect.dump}\n" }.join : 
+            ""
+          )
+    rescue Exception => e
+      log_error "Error archiving module header #{m.inspect.dump}: #{e.message}"
+    end
+
+    return formatted_contents
   end
 
 
@@ -496,51 +519,70 @@ module Veracode
       # m.respond_to?(:global_variables) was throwing exceptions
     end
 
-    %w[ public protected private ].each {|p|
-      get_methods = (p + "_instance_methods").to_sym
-      if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
-        m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
-          begin
-            method = m.instance_method(m_symbol)
-            formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
-          rescue Exception => e
-            log_error "Error archiving #{p.to_s} instance method #{m_symbol.to_s.dump}: #{e.message}"
+    begin
+      %w[ public protected private ].each {|p|
+        get_methods = (p + "_instance_methods").to_sym
+        if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
+          m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
+            begin
+              method = m.instance_method(m_symbol)
+              formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
+            rescue Exception => e
+              log_error "Error archiving #{p.to_s} instance method #{m_symbol.to_s.dump}: #{e.message}"
+            end
           end
         end
-      end
-    }
+      }
+    rescue Exception => e
+      # m.respond_to?(get_methods)
+    end
 
     formatted_contents
   end
 
   def self.object_contents(o, with_disasm=true)
-    return "" unless o.is_a? Object
+    begin
+      return "" unless !o.nil?
+    rescue Exception => e
+      log_error "Error testing #{o} with nil?. Probable monkey patching. #{e.message}"
+      return "" if o == nil
+    end
+
+    return "" unless o.is_a?(Object)
 
     puts "  object contents" if $options[:verbose]
 
     formatted_contents = ""
-
-    if o.respond_to?(:instance_variables) && o.instance_variables.count > 0
-      o.instance_variables.each do |v_symbol|
-        begin
-          v = o.instance_variable_get(v_symbol)
-          formatted_contents += format_variable(v_symbol, v, "instance")
-        rescue Exception => e
-          log_error "Error archiving instance variable #{v_symbol.to_s.dump}: #{e.message}"
-          formatted_contents += format_variable(v_symbol, :veracode_nil, "instance")
+    
+    begin
+      if o.respond_to?(:instance_variables) && o.instance_variables.count > 0
+        o.instance_variables.each do |v_symbol|
+          begin
+            v = o.instance_variable_get(v_symbol)
+            formatted_contents += format_variable(v_symbol, v, "instance")
+          rescue Exception => e
+            log_error "Error archiving instance variable #{v_symbol.to_s.dump}: #{e.message}"
+            formatted_contents += format_variable(v_symbol, :veracode_nil, "instance")
+          end
         end
       end
+    rescue Exception => e
+      log_error "Error getting :instance_variables for object #{o}: #{e.message}"
     end
 
-    if o.respond_to?(:singleton_methods) && o.singleton_methods($options[:include_inherited]).count > 0
-      o.singleton_methods($options[:include_inherited]).each do |m_symbol|
-        begin
-          m = o.method(m_symbol)
-          formatted_contents += format_method(m, "singleton", with_disasm)
-        rescue Exception => e
-          log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
+    begin
+      if o.respond_to?(:singleton_methods) && o.singleton_methods($options[:include_inherited]).count > 0
+        o.singleton_methods($options[:include_inherited]).each do |m_symbol|
+          begin
+            m = o.method(m_symbol)
+            formatted_contents += format_method(m, "singleton", with_disasm)
+          rescue Exception => e
+            log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
+          end
         end
       end
+    rescue Exception => e
+      log_error "Error getting :singleton_methods for object #{o}: #{e.message}"
     end
 
     formatted_contents
@@ -550,13 +592,13 @@ module Veracode
   ##############################################################################
   # Archiving Objects
   def self.archive(objects, with_disasm=true)
-
-    objects = objects - [
-                          Veracode, 
-                          Veracode::ActiveRecord, 
-                          Veracode::ActiveRecord::Model, 
-                          Veracode::ActiveRecord::Schema,
-                         ]
+    veracode_artifacts = Set[
+      safe_name(Veracode),
+      safe_name(Veracode::ActiveRecord),
+      safe_name(Veracode::ActiveRecord::Model),
+      safe_name(Veracode::ActiveRecord::Schema)
+    ]
+    objects = objects.reject { |o| veracode_artifacts.include?(safe_name(o)) }
 
     if $options[:verbose]
       puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
@@ -568,17 +610,13 @@ module Veracode
       puts "archiving #{o.class.to_s.downcase} #{quote(safe_name(o))}" if $options[:verbose]
 
       add_to_archive "#{o.class.to_s.downcase} #{quote(safe_name(o))}\n" + 
-
-                     ( o.is_a?(Class)  ? class_header(o)  : "") + # superclass
-                     ( o.is_a?(Module) ? module_header(o) : "") + # included modules
-
-                     ( o.is_a?(Object) ? object_contents(o, with_disasm) : "") + 
-                     ( o.is_a?(Module) ? module_contents(o, with_disasm) : "") + 
-
-                     "end#{o.class.to_s.downcase}\n" + 
-                     "\n"
+                   ( o.is_a?(Class)  ? class_header(o)  : "") + # superclass
+                   ( o.is_a?(Module) ? module_header(o) : "") + # included modules
+                   ( o.is_a?(Object) ? object_contents(o, with_disasm) : "") + 
+                   ( o.is_a?(Module) ? module_contents(o, with_disasm) : "") + 
+                   "end#{o.class.to_s.downcase}\n" + 
+                   "\n"
     end
-
   end
 
 
@@ -626,7 +664,11 @@ module Veracode
 
     assigns = {}
     view = ActionView::Base.new(view_paths, assigns)
-    controller_view = ApplicationController.new.view_context
+    begin
+        
+    rescue Exception => e
+      log_error "Unable to get controller view context (#{e.message})"
+    end
 
     templates.each { |template|
       puts "Compiling template #{template}" if $options[:verbose]
@@ -866,9 +908,9 @@ end
 
     ## Imitate script/rails
     # APP_PATH = File.expand_path('config/application')
-      # APP_PATH is already set in bin/veracode
+    # APP_PATH is already set in bin/veracode
     #require File.expand_path('../../config/boot',  __FILE__)
-      glob_require "config/boot.rb"
+     glob_require "config/boot.rb"
     #require 'rails/commands'
       # this will trigger the console to be launched
       # ARGV.clear
@@ -877,7 +919,16 @@ end
       # require 'rails/commands'
 
     ## Imitate rails/commands when console
-    cond_require 'rails/commands/console.rb'
+    if Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
+      cond_require 'rails/command.rb'
+      cond_require 'rails/command/actions.rb'
+      cond_require 'rails/command/base.rb'
+      cond_require 'rails/command/behavior.rb'
+      cond_require 'rails/command/environment_argument.rb'
+      cond_require 'rails/commands/console/console_command.rb'
+    else 
+      cond_require 'rails/commands/console.rb'
+    end
     # require APP_PATH # => config/application.rb
 
     glob_require "config/application.rb"
@@ -913,35 +964,47 @@ end
 
     puts "Phase 3 - Imitate Rails" if $options[:verbose]
 
-    any_new = true
-    while any_new
-      any_new = false
-      any_new |= glob_require "lib/**/*.rb"
-      any_new |= glob_require "app/**/*.rb"
-      puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
-    end
+    begin
+      any_new = true
+      while any_new
+        any_new = false
+        any_new |= glob_require "lib/**/*.rb"
+        any_new |= glob_require "app/**/*.rb"
+        puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
+      end
 
-    compile_templates
+      compile_templates
 
-    self.update
-    self.stats if $options[:verbose]
+      self.update
+      self.stats if $options[:verbose]
 
-    # Ensure compiled templates are fully disassembled in archive
-    @baseline_modules.delete(ActionView::CompiledTemplates)
+      # Ensure compiled templates are fully disassembled in archive
+      @baseline_modules.delete(ActionView::CompiledTemplates)
 
-    if $options[:environment]
-      puts "Processing and disassembling environment"
-      archive(@modules.reject  {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
-                      .reject  {|o| safe_name(o) =~ /^Veracode/ }
-                      .reject  {|o| safe_name(o) =~ /^EmptyRails/ }
-                      .reject  {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
-    else
-      puts "Processing Ruby and Rails classes and modules"
-      archive(@baseline_modules, false)
-      add_to_archive "\n# Phase 3 - App disassembly\n"
-      puts "Processing and disassembling #{APP_NAME} classes and modules"
-      archive(@modules - @baseline_modules, true)
-      archive_schema
+      if $options[:environment]
+        puts "Processing and disassembling environment"
+        archive(@modules.reject  {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
+                        .reject  {|o| safe_name(o) =~ /^Veracode/ }
+                        .reject  {|o| safe_name(o) =~ /^EmptyRails/ }
+                        .reject  {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
+      else
+        puts "Processing Ruby and Rails classes and modules"
+        archive(@baseline_modules, false)
+        add_to_archive "\n# Phase 3 - App disassembly\n"
+        puts "Processing and disassembling #{APP_NAME} classes and modules"
+        safe_baseline_modules = @baseline_modules.each_with_object(Set.new) { |o, s| s << safe_name(o) }
+        archive(@modules.reject {|o| safe_baseline_modules.include?(safe_name(o))}, true)
+        archive_schema
+
+      end
+
+    rescue Exception => e
+      if $options[:snapshot]
+        log_error e.message
+        log_error e.backtrace.join("\n")
+      else
+        raise
+      end
     end
 
     ## /phase 3 - require app

data/lib/veracode/version.rb

@@ -1,4 +1,4 @@
 module Veracode
-  VERSION = '1.0.0.alpha11'
+  VERSION = '1.0.0.alpha18'
   ARCHIVE_VERSION = '2012-07-04'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: veracode
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha11
+  version: 1.0.0.alpha18
 platform: ruby
 authors:
 - Veracode
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-07 00:00:00.000000000 Z
+date: 2019-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubyzip
@@ -55,10 +55,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.7.8
 signing_key: 
 specification_version: 4
 summary: Command line tool for preparing your Ruby on Rails app for submission to
   Veracode
 test_files: []
-has_rdoc: