veracode 1.0.0.alpha12 → 1.0.0.alpha19
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/bin/veracode +10 -1
- data/lib/veracode.rb +152 -99
- data/lib/veracode/version.rb +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: d1ea5fea7f60db50f74f9ff774a1a548d9aea957bfb78ba4daab6a2d8d3d53c2
|
4
|
+
data.tar.gz: 70ff0d73076ec7e4f652627d1edc8fdf211659bca3eda9af062d327a85c606fc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fcad070be483f3316862afca54b4e4e2b91cd09a8c6979c048e483c1f5fb629d8bc4b7dc8c12499b2cedcfa05f2faade67cb17fe8d3a63a8345daa71c403e234
|
7
|
+
data.tar.gz: a331deeba1ca33939dd9f78a6d8554b5049b67566b90cab4af6ac7c9a85633bf1680c137d6628916f9357d819e04b5bf48a48a4f1f525d55f31c2dc48c17c773
|
data/bin/veracode
CHANGED
@@ -23,8 +23,13 @@ require 'veracode/version'
|
|
23
23
|
$options = {
|
24
24
|
:archive_source => true,
|
25
25
|
:include_inherited => false,
|
26
|
-
:jruby => false,
|
27
26
|
:environment => false,
|
27
|
+
:verbose => false,
|
28
|
+
:jruby => false,
|
29
|
+
:skipactiverecord => false,
|
30
|
+
:skipactionview => false,
|
31
|
+
:skipsprockets => false,
|
32
|
+
:snapshot => false
|
28
33
|
}
|
29
34
|
|
30
35
|
subcommand = ARGV.shift
|
@@ -61,6 +66,10 @@ case subcommand
|
|
61
66
|
$DEBUG = true
|
62
67
|
end
|
63
68
|
|
69
|
+
opts.on("--debug-snapshot", "Generate a snapshot of the prepare state for Veracode debugging.") do
|
70
|
+
$options[:snapshot] = true
|
71
|
+
end
|
72
|
+
|
64
73
|
end.parse!
|
65
74
|
|
66
75
|
Veracode.prepare
|
data/lib/veracode.rb
CHANGED
@@ -202,7 +202,11 @@ module Veracode
|
|
202
202
|
exit
|
203
203
|
end
|
204
204
|
|
205
|
-
|
205
|
+
if $options[:snapshot]
|
206
|
+
puts "Please provide #{@archive_filename} to veracode for further investigation."
|
207
|
+
else
|
208
|
+
puts "Please upload #{@archive_filename}"
|
209
|
+
end
|
206
210
|
end
|
207
211
|
|
208
212
|
def self.cleanup
|
@@ -284,23 +288,27 @@ module Veracode
|
|
284
288
|
end
|
285
289
|
|
286
290
|
def self.safe_name(o)
|
287
|
-
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
|
292
|
-
( o.name.nil? ? o.to_s : o.name.to_s )
|
293
|
-
rescue
|
291
|
+
begin
|
292
|
+
case
|
293
|
+
when o == ActiveSupport::TimeWithZone
|
294
|
+
"ActiveSupport::TimeWithZone"
|
295
|
+
when o.is_a?(Module)
|
294
296
|
begin
|
295
|
-
( o.nil? ?
|
297
|
+
( o.name.nil? ? o.to_s : o.name.to_s )
|
296
298
|
rescue
|
297
|
-
|
299
|
+
begin
|
300
|
+
( o.nil? ? "nil" : o.to_s )
|
301
|
+
rescue
|
302
|
+
( o == nil ? "nil" : o.to_s ) # in case of monkey patched nil?
|
303
|
+
end
|
298
304
|
end
|
305
|
+
when o.is_a?(Method), o.is_a?(UnboundMethod)
|
306
|
+
o.name.to_s
|
307
|
+
else
|
308
|
+
o.to_s
|
299
309
|
end
|
300
|
-
|
301
|
-
|
302
|
-
else
|
303
|
-
o.to_s
|
310
|
+
rescue
|
311
|
+
"Veracode" #should result in this being dropped from the archive since we can't get a safe name for it
|
304
312
|
end
|
305
313
|
end
|
306
314
|
|
@@ -419,20 +427,25 @@ module Veracode
|
|
419
427
|
##############################################################################
|
420
428
|
# Archiving Headers
|
421
429
|
def self.class_header(c)
|
422
|
-
|
430
|
+
begin
|
431
|
+
return "" unless c.is_a? Class
|
423
432
|
|
424
|
-
|
433
|
+
puts " class header" if $options[:verbose]
|
425
434
|
|
426
|
-
|
427
|
-
|
435
|
+
case
|
436
|
+
when c.superclass.nil? # this should only happen for BasicObject
|
437
|
+
return ""
|
438
|
+
when c.superclass.name.nil? # in case the parent is anonymous
|
439
|
+
name = c.superclass.to_s.dump
|
440
|
+
else
|
441
|
+
name = c.superclass.name.dump
|
442
|
+
end
|
443
|
+
|
444
|
+
"superclass #{name}\n"
|
445
|
+
rescue Exception => e
|
446
|
+
log_error e.message
|
428
447
|
return ""
|
429
|
-
when c.superclass.name.nil? # in case the parent is anonymous
|
430
|
-
name = c.superclass.to_s.dump
|
431
|
-
else
|
432
|
-
name = c.superclass.name.dump
|
433
448
|
end
|
434
|
-
|
435
|
-
"superclass #{name}\n"
|
436
449
|
end
|
437
450
|
|
438
451
|
def self.module_header(m)
|
@@ -443,7 +456,7 @@ module Veracode
|
|
443
456
|
formatted_contents = ""
|
444
457
|
|
445
458
|
begin
|
446
|
-
|
459
|
+
formatted_contents += ( m.included_modules.count > 0 ?
|
447
460
|
m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join :
|
448
461
|
""
|
449
462
|
)
|
@@ -509,51 +522,70 @@ module Veracode
|
|
509
522
|
# m.respond_to?(:global_variables) was throwing exceptions
|
510
523
|
end
|
511
524
|
|
512
|
-
|
513
|
-
|
514
|
-
|
515
|
-
m.__send__(get_methods, $options[:include_inherited]).
|
516
|
-
|
517
|
-
|
518
|
-
|
519
|
-
|
520
|
-
|
525
|
+
begin
|
526
|
+
%w[ public protected private ].each {|p|
|
527
|
+
get_methods = (p + "_instance_methods").to_sym
|
528
|
+
if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
|
529
|
+
m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
|
530
|
+
begin
|
531
|
+
method = m.instance_method(m_symbol)
|
532
|
+
formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
|
533
|
+
rescue Exception => e
|
534
|
+
log_error "Error archiving #{p.to_s} instance method #{m_symbol.to_s.dump}: #{e.message}"
|
535
|
+
end
|
521
536
|
end
|
522
537
|
end
|
523
|
-
|
524
|
-
|
538
|
+
}
|
539
|
+
rescue Exception => e
|
540
|
+
# m.respond_to?(get_methods)
|
541
|
+
end
|
525
542
|
|
526
543
|
formatted_contents
|
527
544
|
end
|
528
545
|
|
529
546
|
def self.object_contents(o, with_disasm=true)
|
530
|
-
|
547
|
+
begin
|
548
|
+
return "" unless !o.nil?
|
549
|
+
rescue Exception => e
|
550
|
+
log_error "Error testing #{o} with nil?. Probable monkey patching. #{e.message}"
|
551
|
+
return "" if o == nil
|
552
|
+
end
|
553
|
+
|
554
|
+
return "" unless o.is_a?(Object)
|
531
555
|
|
532
556
|
puts " object contents" if $options[:verbose]
|
533
557
|
|
534
558
|
formatted_contents = ""
|
535
|
-
|
536
|
-
|
537
|
-
o.instance_variables.
|
538
|
-
|
539
|
-
|
540
|
-
|
541
|
-
|
542
|
-
|
543
|
-
|
559
|
+
|
560
|
+
begin
|
561
|
+
if o.respond_to?(:instance_variables) && o.instance_variables.count > 0
|
562
|
+
o.instance_variables.each do |v_symbol|
|
563
|
+
begin
|
564
|
+
v = o.instance_variable_get(v_symbol)
|
565
|
+
formatted_contents += format_variable(v_symbol, v, "instance")
|
566
|
+
rescue Exception => e
|
567
|
+
log_error "Error archiving instance variable #{v_symbol.to_s.dump}: #{e.message}"
|
568
|
+
formatted_contents += format_variable(v_symbol, :veracode_nil, "instance")
|
569
|
+
end
|
544
570
|
end
|
545
571
|
end
|
572
|
+
rescue Exception => e
|
573
|
+
log_error "Error getting :instance_variables for object #{o}: #{e.message}"
|
546
574
|
end
|
547
575
|
|
548
|
-
|
549
|
-
o.singleton_methods($options[:include_inherited]).
|
550
|
-
|
551
|
-
|
552
|
-
|
553
|
-
|
554
|
-
|
576
|
+
begin
|
577
|
+
if o.respond_to?(:singleton_methods) && o.singleton_methods($options[:include_inherited]).count > 0
|
578
|
+
o.singleton_methods($options[:include_inherited]).each do |m_symbol|
|
579
|
+
begin
|
580
|
+
m = o.method(m_symbol)
|
581
|
+
formatted_contents += format_method(m, "singleton", with_disasm)
|
582
|
+
rescue Exception => e
|
583
|
+
log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
|
584
|
+
end
|
555
585
|
end
|
556
586
|
end
|
587
|
+
rescue Exception => e
|
588
|
+
log_error "Error getting :singleton_methods for object #{o}: #{e.message}"
|
557
589
|
end
|
558
590
|
|
559
591
|
formatted_contents
|
@@ -563,13 +595,13 @@ module Veracode
|
|
563
595
|
##############################################################################
|
564
596
|
# Archiving Objects
|
565
597
|
def self.archive(objects, with_disasm=true)
|
566
|
-
|
567
|
-
|
568
|
-
|
569
|
-
|
570
|
-
|
571
|
-
|
572
|
-
|
598
|
+
veracode_artifacts = Set[
|
599
|
+
safe_name(Veracode),
|
600
|
+
safe_name(Veracode::ActiveRecord),
|
601
|
+
safe_name(Veracode::ActiveRecord::Model),
|
602
|
+
safe_name(Veracode::ActiveRecord::Schema)
|
603
|
+
]
|
604
|
+
objects = objects.reject { |o| veracode_artifacts.include?(safe_name(o)) }
|
573
605
|
|
574
606
|
if $options[:verbose]
|
575
607
|
puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
|
@@ -581,17 +613,13 @@ module Veracode
|
|
581
613
|
puts "archiving #{o.class.to_s.downcase} #{quote(safe_name(o))}" if $options[:verbose]
|
582
614
|
|
583
615
|
add_to_archive "#{o.class.to_s.downcase} #{quote(safe_name(o))}\n" +
|
584
|
-
|
585
|
-
|
586
|
-
|
587
|
-
|
588
|
-
|
589
|
-
|
590
|
-
|
591
|
-
"end#{o.class.to_s.downcase}\n" +
|
592
|
-
"\n"
|
616
|
+
( o.is_a?(Class) ? class_header(o) : "") + # superclass
|
617
|
+
( o.is_a?(Module) ? module_header(o) : "") + # included modules
|
618
|
+
( o.is_a?(Object) ? object_contents(o, with_disasm) : "") +
|
619
|
+
( o.is_a?(Module) ? module_contents(o, with_disasm) : "") +
|
620
|
+
"end#{o.class.to_s.downcase}\n" +
|
621
|
+
"\n"
|
593
622
|
end
|
594
|
-
|
595
623
|
end
|
596
624
|
|
597
625
|
|
@@ -639,7 +667,11 @@ module Veracode
|
|
639
667
|
|
640
668
|
assigns = {}
|
641
669
|
view = ActionView::Base.new(view_paths, assigns)
|
642
|
-
|
670
|
+
begin
|
671
|
+
|
672
|
+
rescue Exception => e
|
673
|
+
log_error "Unable to get controller view context (#{e.message})"
|
674
|
+
end
|
643
675
|
|
644
676
|
templates.each { |template|
|
645
677
|
puts "Compiling template #{template}" if $options[:verbose]
|
@@ -879,9 +911,9 @@ end
|
|
879
911
|
|
880
912
|
## Imitate script/rails
|
881
913
|
# APP_PATH = File.expand_path('config/application')
|
882
|
-
|
914
|
+
# APP_PATH is already set in bin/veracode
|
883
915
|
#require File.expand_path('../../config/boot', __FILE__)
|
884
|
-
|
916
|
+
glob_require "config/boot.rb"
|
885
917
|
#require 'rails/commands'
|
886
918
|
# this will trigger the console to be launched
|
887
919
|
# ARGV.clear
|
@@ -890,7 +922,16 @@ end
|
|
890
922
|
# require 'rails/commands'
|
891
923
|
|
892
924
|
## Imitate rails/commands when console
|
893
|
-
|
925
|
+
if Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
|
926
|
+
cond_require 'rails/command.rb'
|
927
|
+
cond_require 'rails/command/actions.rb'
|
928
|
+
cond_require 'rails/command/base.rb'
|
929
|
+
cond_require 'rails/command/behavior.rb'
|
930
|
+
cond_require 'rails/command/environment_argument.rb'
|
931
|
+
cond_require 'rails/commands/console/console_command.rb'
|
932
|
+
else
|
933
|
+
cond_require 'rails/commands/console.rb'
|
934
|
+
end
|
894
935
|
# require APP_PATH # => config/application.rb
|
895
936
|
|
896
937
|
glob_require "config/application.rb"
|
@@ -926,35 +967,47 @@ end
|
|
926
967
|
|
927
968
|
puts "Phase 3 - Imitate Rails" if $options[:verbose]
|
928
969
|
|
929
|
-
|
930
|
-
|
931
|
-
any_new
|
932
|
-
|
933
|
-
|
934
|
-
|
935
|
-
|
970
|
+
begin
|
971
|
+
any_new = true
|
972
|
+
while any_new
|
973
|
+
any_new = false
|
974
|
+
any_new |= glob_require "lib/**/*.rb"
|
975
|
+
any_new |= glob_require "app/**/*.rb"
|
976
|
+
puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
|
977
|
+
end
|
936
978
|
|
937
|
-
|
979
|
+
compile_templates
|
938
980
|
|
939
|
-
|
940
|
-
|
981
|
+
self.update
|
982
|
+
self.stats if $options[:verbose]
|
941
983
|
|
942
|
-
|
943
|
-
|
984
|
+
# Ensure compiled templates are fully disassembled in archive
|
985
|
+
@baseline_modules.delete(ActionView::CompiledTemplates)
|
944
986
|
|
945
|
-
|
946
|
-
|
947
|
-
|
948
|
-
|
949
|
-
|
950
|
-
|
951
|
-
|
952
|
-
|
953
|
-
|
954
|
-
|
955
|
-
|
956
|
-
|
957
|
-
|
987
|
+
if $options[:environment]
|
988
|
+
puts "Processing and disassembling environment"
|
989
|
+
archive(@modules.reject {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
|
990
|
+
.reject {|o| safe_name(o) =~ /^Veracode/ }
|
991
|
+
.reject {|o| safe_name(o) =~ /^EmptyRails/ }
|
992
|
+
.reject {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
|
993
|
+
else
|
994
|
+
puts "Processing Ruby and Rails classes and modules"
|
995
|
+
archive(@baseline_modules, false)
|
996
|
+
add_to_archive "\n# Phase 3 - App disassembly\n"
|
997
|
+
puts "Processing and disassembling #{APP_NAME} classes and modules"
|
998
|
+
safe_baseline_modules = @baseline_modules.each_with_object(Set.new) { |o, s| s << safe_name(o) }
|
999
|
+
archive(@modules.reject {|o| safe_baseline_modules.include?(safe_name(o))}, true)
|
1000
|
+
archive_schema
|
1001
|
+
|
1002
|
+
end
|
1003
|
+
|
1004
|
+
rescue Exception => e
|
1005
|
+
if $options[:snapshot]
|
1006
|
+
log_error e.message
|
1007
|
+
log_error e.backtrace.join("\n")
|
1008
|
+
else
|
1009
|
+
raise
|
1010
|
+
end
|
958
1011
|
end
|
959
1012
|
|
960
1013
|
## /phase 3 - require app
|
data/lib/veracode/version.rb
CHANGED
metadata
CHANGED
@@ -1,29 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: veracode
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.0.
|
4
|
+
version: 1.0.0.alpha19
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Veracode
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-11-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rubyzip
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1.
|
19
|
+
version: '1.3'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1.
|
26
|
+
version: '1.3'
|
27
27
|
description: Prepares your Ruby on Rails app for submission to Veracode.
|
28
28
|
email: devcontact@veracode.com
|
29
29
|
executables:
|
@@ -55,7 +55,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
55
55
|
version: 1.3.1
|
56
56
|
requirements: []
|
57
57
|
rubyforge_project:
|
58
|
-
rubygems_version: 2.
|
58
|
+
rubygems_version: 2.7.8
|
59
59
|
signing_key:
|
60
60
|
specification_version: 4
|
61
61
|
summary: Command line tool for preparing your Ruby on Rails app for submission to
|