veracode 1.0.0.alpha12 → 1.0.0.alpha19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 9ffaeba52a85aff23949c824adca1d68314d41c0
-  data.tar.gz: c6f539d71f08767169996d16fbcd997d04658af7
+SHA256:
+  metadata.gz: d1ea5fea7f60db50f74f9ff774a1a548d9aea957bfb78ba4daab6a2d8d3d53c2
+  data.tar.gz: 70ff0d73076ec7e4f652627d1edc8fdf211659bca3eda9af062d327a85c606fc
 SHA512:
-  metadata.gz: f48037a017dba0acf886e1bfdfd6abd4143ece680195568c412fe0344643a62252f9da9da269a1580ced4d663276f9299954a94552bbc6766b832e8e2639758e
-  data.tar.gz: 2a54b797348504a26cfd322783c64ff8ba639afa75be29794fd96bdb063f997d71a479ca04dc14e07bd7de9261195ac977ca1edc56741244e1c9f1a1b223ec15
+  metadata.gz: fcad070be483f3316862afca54b4e4e2b91cd09a8c6979c048e483c1f5fb629d8bc4b7dc8c12499b2cedcfa05f2faade67cb17fe8d3a63a8345daa71c403e234
+  data.tar.gz: a331deeba1ca33939dd9f78a6d8554b5049b67566b90cab4af6ac7c9a85633bf1680c137d6628916f9357d819e04b5bf48a48a4f1f525d55f31c2dc48c17c773

data/bin/veracode

@@ -23,8 +23,13 @@ require 'veracode/version'
 $options =  {
               :archive_source => true,
               :include_inherited => false,
-              :jruby => false,
               :environment => false,
+              :verbose => false,
+              :jruby => false,
+              :skipactiverecord => false,
+              :skipactionview => false,
+              :skipsprockets => false,
+              :snapshot => false
             }
 
 subcommand = ARGV.shift
@@ -61,6 +66,10 @@ case subcommand
         $DEBUG = true
       end
 
+      opts.on("--debug-snapshot", "Generate a snapshot of the prepare state for Veracode debugging.") do 
+        $options[:snapshot] = true
+      end
+
     end.parse!
 
     Veracode.prepare

data/lib/veracode.rb

@@ -202,7 +202,11 @@ module Veracode
       exit
     end
 
-    puts "Please upload #{@archive_filename}"
+    if $options[:snapshot]
+      puts "Please provide #{@archive_filename} to veracode for further investigation."
+    else
+      puts "Please upload #{@archive_filename}"
+    end
   end
 
   def self.cleanup
@@ -284,23 +288,27 @@ module Veracode
   end
 
   def self.safe_name(o)
-    case 
-    when o == ActiveSupport::TimeWithZone
-      "ActiveSupport::TimeWithZone"
-    when o.is_a?(Module)
-      begin
-        ( o.name.nil? ? o.to_s : o.name.to_s )
-      rescue
+    begin
+      case 
+      when o == ActiveSupport::TimeWithZone
+        "ActiveSupport::TimeWithZone"
+      when o.is_a?(Module)
         begin
-          ( o.nil? ? "nil" : o.to_s )
+          ( o.name.nil? ? o.to_s : o.name.to_s )
         rescue
-          "nil"
+          begin
+            ( o.nil? ? "nil" : o.to_s )
+          rescue
+              ( o == nil ? "nil" : o.to_s ) # in case of monkey patched nil?
+          end
         end
+      when o.is_a?(Method), o.is_a?(UnboundMethod)
+        o.name.to_s
+      else
+        o.to_s
       end
-    when o.is_a?(Method), o.is_a?(UnboundMethod)
-      o.name.to_s
-    else
-      o.to_s
+    rescue
+      "Veracode" #should result in this being dropped from the archive since we can't get a safe name for it
     end
   end
   
@@ -419,20 +427,25 @@ module Veracode
   ##############################################################################
   # Archiving Headers
   def self.class_header(c)
-    return "" unless c.is_a? Class
+    begin
+      return "" unless c.is_a? Class
 
-    puts "  class header" if $options[:verbose]
+      puts "  class header" if $options[:verbose]
 
-    case
-    when c.superclass.nil? # this should only happen for BasicObject
+      case
+      when c.superclass.nil? # this should only happen for BasicObject
+        return ""
+      when c.superclass.name.nil? # in case the parent is anonymous
+        name = c.superclass.to_s.dump
+      else
+        name = c.superclass.name.dump
+      end
+
+      "superclass #{name}\n"
+    rescue Exception => e
+      log_error e.message
       return ""
-    when c.superclass.name.nil? # in case the parent is anonymous
-      name = c.superclass.to_s.dump
-    else
-      name = c.superclass.name.dump
     end
-
-    "superclass #{name}\n"
   end
 
   def self.module_header(m)
@@ -443,7 +456,7 @@ module Veracode
     formatted_contents = ""
 
     begin
-      fomatted_contents += ( m.included_modules.count > 0 ? 
+      formatted_contents += ( m.included_modules.count > 0 ? 
           m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join : 
           ""
         )
@@ -509,51 +522,70 @@ module Veracode
       # m.respond_to?(:global_variables) was throwing exceptions
     end
 
-    %w[ public protected private ].each {|p|
-      get_methods = (p + "_instance_methods").to_sym
-      if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
-        m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
-          begin
-            method = m.instance_method(m_symbol)
-            formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
-          rescue Exception => e
-            log_error "Error archiving #{p.to_s} instance method #{m_symbol.to_s.dump}: #{e.message}"
+    begin
+      %w[ public protected private ].each {|p|
+        get_methods = (p + "_instance_methods").to_sym
+        if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
+          m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
+            begin
+              method = m.instance_method(m_symbol)
+              formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
+            rescue Exception => e
+              log_error "Error archiving #{p.to_s} instance method #{m_symbol.to_s.dump}: #{e.message}"
+            end
           end
         end
-      end
-    }
+      }
+    rescue Exception => e
+      # m.respond_to?(get_methods)
+    end
 
     formatted_contents
   end
 
   def self.object_contents(o, with_disasm=true)
-    return "" unless o.is_a? Object
+    begin
+      return "" unless !o.nil?
+    rescue Exception => e
+      log_error "Error testing #{o} with nil?. Probable monkey patching. #{e.message}"
+      return "" if o == nil
+    end
+
+    return "" unless o.is_a?(Object)
 
     puts "  object contents" if $options[:verbose]
 
     formatted_contents = ""
-
-    if o.respond_to?(:instance_variables) && o.instance_variables.count > 0
-      o.instance_variables.each do |v_symbol|
-        begin
-          v = o.instance_variable_get(v_symbol)
-          formatted_contents += format_variable(v_symbol, v, "instance")
-        rescue Exception => e
-          log_error "Error archiving instance variable #{v_symbol.to_s.dump}: #{e.message}"
-          formatted_contents += format_variable(v_symbol, :veracode_nil, "instance")
+    
+    begin
+      if o.respond_to?(:instance_variables) && o.instance_variables.count > 0
+        o.instance_variables.each do |v_symbol|
+          begin
+            v = o.instance_variable_get(v_symbol)
+            formatted_contents += format_variable(v_symbol, v, "instance")
+          rescue Exception => e
+            log_error "Error archiving instance variable #{v_symbol.to_s.dump}: #{e.message}"
+            formatted_contents += format_variable(v_symbol, :veracode_nil, "instance")
+          end
         end
       end
+    rescue Exception => e
+      log_error "Error getting :instance_variables for object #{o}: #{e.message}"
     end
 
-    if o.respond_to?(:singleton_methods) && o.singleton_methods($options[:include_inherited]).count > 0
-      o.singleton_methods($options[:include_inherited]).each do |m_symbol|
-        begin
-          m = o.method(m_symbol)
-          formatted_contents += format_method(m, "singleton", with_disasm)
-        rescue Exception => e
-          log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
+    begin
+      if o.respond_to?(:singleton_methods) && o.singleton_methods($options[:include_inherited]).count > 0
+        o.singleton_methods($options[:include_inherited]).each do |m_symbol|
+          begin
+            m = o.method(m_symbol)
+            formatted_contents += format_method(m, "singleton", with_disasm)
+          rescue Exception => e
+            log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
+          end
         end
       end
+    rescue Exception => e
+      log_error "Error getting :singleton_methods for object #{o}: #{e.message}"
     end
 
     formatted_contents
@@ -563,13 +595,13 @@ module Veracode
   ##############################################################################
   # Archiving Objects
   def self.archive(objects, with_disasm=true)
-
-    objects = objects - [
-                          Veracode, 
-                          Veracode::ActiveRecord, 
-                          Veracode::ActiveRecord::Model, 
-                          Veracode::ActiveRecord::Schema,
-                         ]
+    veracode_artifacts = Set[
+      safe_name(Veracode),
+      safe_name(Veracode::ActiveRecord),
+      safe_name(Veracode::ActiveRecord::Model),
+      safe_name(Veracode::ActiveRecord::Schema)
+    ]
+    objects = objects.reject { |o| veracode_artifacts.include?(safe_name(o)) }
 
     if $options[:verbose]
       puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
@@ -581,17 +613,13 @@ module Veracode
       puts "archiving #{o.class.to_s.downcase} #{quote(safe_name(o))}" if $options[:verbose]
 
       add_to_archive "#{o.class.to_s.downcase} #{quote(safe_name(o))}\n" + 
-
-                     ( o.is_a?(Class)  ? class_header(o)  : "") + # superclass
-                     ( o.is_a?(Module) ? module_header(o) : "") + # included modules
-
-                     ( o.is_a?(Object) ? object_contents(o, with_disasm) : "") + 
-                     ( o.is_a?(Module) ? module_contents(o, with_disasm) : "") + 
-
-                     "end#{o.class.to_s.downcase}\n" + 
-                     "\n"
+                   ( o.is_a?(Class)  ? class_header(o)  : "") + # superclass
+                   ( o.is_a?(Module) ? module_header(o) : "") + # included modules
+                   ( o.is_a?(Object) ? object_contents(o, with_disasm) : "") + 
+                   ( o.is_a?(Module) ? module_contents(o, with_disasm) : "") + 
+                   "end#{o.class.to_s.downcase}\n" + 
+                   "\n"
     end
-
   end
 
 
@@ -639,7 +667,11 @@ module Veracode
 
     assigns = {}
     view = ActionView::Base.new(view_paths, assigns)
-    controller_view = ApplicationController.new.view_context
+    begin
+        
+    rescue Exception => e
+      log_error "Unable to get controller view context (#{e.message})"
+    end
 
     templates.each { |template|
       puts "Compiling template #{template}" if $options[:verbose]
@@ -879,9 +911,9 @@ end
 
     ## Imitate script/rails
     # APP_PATH = File.expand_path('config/application')
-      # APP_PATH is already set in bin/veracode
+    # APP_PATH is already set in bin/veracode
     #require File.expand_path('../../config/boot',  __FILE__)
-      glob_require "config/boot.rb"
+     glob_require "config/boot.rb"
     #require 'rails/commands'
       # this will trigger the console to be launched
       # ARGV.clear
@@ -890,7 +922,16 @@ end
       # require 'rails/commands'
 
     ## Imitate rails/commands when console
-    cond_require 'rails/commands/console.rb'
+    if Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
+      cond_require 'rails/command.rb'
+      cond_require 'rails/command/actions.rb'
+      cond_require 'rails/command/base.rb'
+      cond_require 'rails/command/behavior.rb'
+      cond_require 'rails/command/environment_argument.rb'
+      cond_require 'rails/commands/console/console_command.rb'
+    else 
+      cond_require 'rails/commands/console.rb'
+    end
     # require APP_PATH # => config/application.rb
 
     glob_require "config/application.rb"
@@ -926,35 +967,47 @@ end
 
     puts "Phase 3 - Imitate Rails" if $options[:verbose]
 
-    any_new = true
-    while any_new
-      any_new = false
-      any_new |= glob_require "lib/**/*.rb"
-      any_new |= glob_require "app/**/*.rb"
-      puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
-    end
+    begin
+      any_new = true
+      while any_new
+        any_new = false
+        any_new |= glob_require "lib/**/*.rb"
+        any_new |= glob_require "app/**/*.rb"
+        puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
+      end
 
-    compile_templates
+      compile_templates
 
-    self.update
-    self.stats if $options[:verbose]
+      self.update
+      self.stats if $options[:verbose]
 
-    # Ensure compiled templates are fully disassembled in archive
-    @baseline_modules.delete(ActionView::CompiledTemplates)
+      # Ensure compiled templates are fully disassembled in archive
+      @baseline_modules.delete(ActionView::CompiledTemplates)
 
-    if $options[:environment]
-      puts "Processing and disassembling environment"
-      archive(@modules.reject  {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
-                      .reject  {|o| safe_name(o) =~ /^Veracode/ }
-                      .reject  {|o| safe_name(o) =~ /^EmptyRails/ }
-                      .reject  {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
-    else
-      puts "Processing Ruby and Rails classes and modules"
-      archive(@baseline_modules, false)
-      add_to_archive "\n# Phase 3 - App disassembly\n"
-      puts "Processing and disassembling #{APP_NAME} classes and modules"
-      archive(@modules - @baseline_modules, true)
-      archive_schema
+      if $options[:environment]
+        puts "Processing and disassembling environment"
+        archive(@modules.reject  {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
+                        .reject  {|o| safe_name(o) =~ /^Veracode/ }
+                        .reject  {|o| safe_name(o) =~ /^EmptyRails/ }
+                        .reject  {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
+      else
+        puts "Processing Ruby and Rails classes and modules"
+        archive(@baseline_modules, false)
+        add_to_archive "\n# Phase 3 - App disassembly\n"
+        puts "Processing and disassembling #{APP_NAME} classes and modules"
+        safe_baseline_modules = @baseline_modules.each_with_object(Set.new) { |o, s| s << safe_name(o) }
+        archive(@modules.reject {|o| safe_baseline_modules.include?(safe_name(o))}, true)
+        archive_schema
+
+      end
+
+    rescue Exception => e
+      if $options[:snapshot]
+        log_error e.message
+        log_error e.backtrace.join("\n")
+      else
+        raise
+      end
     end
 
     ## /phase 3 - require app

data/lib/veracode/version.rb

@@ -1,4 +1,4 @@
 module Veracode
-  VERSION = '1.0.0.alpha12'
+  VERSION = '1.0.0.alpha19'
   ARCHIVE_VERSION = '2012-07-04'
 end

metadata

@@ -1,29 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: veracode
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha12
+  version: 1.0.0.alpha19
 platform: ruby
 authors:
 - Veracode
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-06-05 00:00:00.000000000 Z
+date: 2019-11-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1.3'
 description: Prepares your Ruby on Rails app for submission to Veracode.
 email: devcontact@veracode.com
 executables:
@@ -55,7 +55,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.7.8
 signing_key: 
 specification_version: 4
 summary: Command line tool for preparing your Ruby on Rails app for submission to