veracode 1.0.0.alpha18 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/veracode +14 -3
- data/lib/veracode.rb +117 -40
- data/lib/veracode/version.rb +2 -2
- metadata +10 -11
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ae78d2f7729f0e00a2215edc4cee0d007ff0d653fb3d7cea8962e25de1548a98
|
4
|
+
data.tar.gz: f951565e38308c4335b5de9517fc750090957f068dc8ab3baa3eb3f9e3ea21e6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 915f08c9538670e0218bd7b4e7e9597593532ee36dc41942d61ce28f0a72d3c001d6aa7d67b27cd23932aed3a8b32c853f71266b01fd1d1392fd3f5f83f5c89e
|
7
|
+
data.tar.gz: f8322116797c6934403a56c48328451efd27128f7c4eff1d6272e37ed6e860e436cd8f90a557d1f8bac516dc153f91fa88dac70bd1448a28e64b21f3ba828535
|
data/bin/veracode
CHANGED
@@ -25,7 +25,7 @@ $options = {
|
|
25
25
|
:include_inherited => false,
|
26
26
|
:environment => false,
|
27
27
|
:verbose => false,
|
28
|
-
:
|
28
|
+
:skipenvironment => false,
|
29
29
|
:skipactiverecord => false,
|
30
30
|
:skipactionview => false,
|
31
31
|
:skipsprockets => false,
|
@@ -42,8 +42,8 @@ case subcommand
|
|
42
42
|
$options[:verbose] = true
|
43
43
|
end
|
44
44
|
|
45
|
-
opts.on("-
|
46
|
-
$options[:
|
45
|
+
opts.on("-E", "--skip-environment", "Skip environment") do
|
46
|
+
$options[:skipenvironment] = true
|
47
47
|
end
|
48
48
|
|
49
49
|
opts.on("-O", "--skip-active-record", "Skip ActiveRecord") do
|
@@ -70,6 +70,17 @@ case subcommand
|
|
70
70
|
$options[:snapshot] = true
|
71
71
|
end
|
72
72
|
|
73
|
+
# only print the options that match the documentation in the help center
|
74
|
+
opts.on("-h", "--help", "Print help") do
|
75
|
+
msg = <<-HELPMSG.strip
|
76
|
+
Usage: veracode prepare [options]
|
77
|
+
-v, --verbose Run verbosely
|
78
|
+
-D, --debug Enable debug output
|
79
|
+
HELPMSG
|
80
|
+
puts msg
|
81
|
+
exit
|
82
|
+
end
|
83
|
+
|
73
84
|
end.parse!
|
74
85
|
|
75
86
|
Veracode.prepare
|
data/lib/veracode.rb
CHANGED
@@ -36,6 +36,7 @@ module Veracode
|
|
36
36
|
@archive_filename = nil
|
37
37
|
@archive_dirname = nil
|
38
38
|
|
39
|
+
@expanded_app_dir = Dir.getwd
|
39
40
|
|
40
41
|
def self.init
|
41
42
|
if Gem::Dependency.new('', '~> 2.2.0').match?('', RUBY_VERSION)
|
@@ -120,10 +121,11 @@ module Veracode
|
|
120
121
|
|
121
122
|
@manifest += Dir.glob("*").keep_if {|f| File.file?(f)}
|
122
123
|
|
123
|
-
#
|
124
|
-
%w{app config
|
124
|
+
#{app config db doc lib log public script test tmp vendor}
|
125
|
+
%w{app config lib log public script}.each {|dirname|
|
125
126
|
@manifest += Dir[File.join(dirname, "**", "*")].keep_if {|f| File.file?(f)}
|
126
127
|
}
|
128
|
+
@manifest += Dir[File.join("vendor", "**", "*.rb")]
|
127
129
|
@manifest += Dir[File.join("db", "**", "*.rb")]
|
128
130
|
|
129
131
|
if $options[:archive_source]
|
@@ -288,24 +290,27 @@ module Veracode
|
|
288
290
|
end
|
289
291
|
|
290
292
|
def self.safe_name(o)
|
291
|
-
|
292
|
-
|
293
|
-
|
294
|
-
|
295
|
-
|
296
|
-
( o.name.nil? ? o.to_s : o.name.to_s )
|
297
|
-
rescue
|
293
|
+
begin
|
294
|
+
case
|
295
|
+
when o == ActiveSupport::TimeWithZone
|
296
|
+
"ActiveSupport::TimeWithZone"
|
297
|
+
when o.is_a?(Module)
|
298
298
|
begin
|
299
|
-
( o.nil? ?
|
299
|
+
( o.name.nil? ? o.to_s : o.name.to_s )
|
300
300
|
rescue
|
301
|
-
|
302
|
-
|
301
|
+
begin
|
302
|
+
( o.nil? ? "nil" : o.to_s )
|
303
|
+
rescue
|
304
|
+
( o == nil ? "nil" : o.to_s ) # in case of monkey patched nil?
|
305
|
+
end
|
303
306
|
end
|
307
|
+
when o.is_a?(Method), o.is_a?(UnboundMethod)
|
308
|
+
o.name.to_s
|
309
|
+
else
|
310
|
+
o.to_s
|
304
311
|
end
|
305
|
-
|
306
|
-
|
307
|
-
else
|
308
|
-
o.to_s
|
312
|
+
rescue
|
313
|
+
"Veracode" #should result in this being dropped from the archive since we can't get a safe name for it
|
309
314
|
end
|
310
315
|
end
|
311
316
|
|
@@ -397,8 +402,8 @@ module Veracode
|
|
397
402
|
|
398
403
|
if with_disasm
|
399
404
|
insns = RubyVM::InstructionSequence.disassemble(m)
|
400
|
-
formatted += ( (insns.nil? || insns.empty?) ?
|
401
|
-
"
|
405
|
+
formatted += ( (insns.nil? || insns.empty? || insns[/.*#{@expanded_app_dir}.*/].nil?) ?
|
406
|
+
"\n" :
|
402
407
|
"#{insns}== end disasm\n"
|
403
408
|
)
|
404
409
|
end
|
@@ -598,7 +603,22 @@ module Veracode
|
|
598
603
|
safe_name(Veracode::ActiveRecord::Model),
|
599
604
|
safe_name(Veracode::ActiveRecord::Schema)
|
600
605
|
]
|
601
|
-
|
606
|
+
rails_filters = [
|
607
|
+
"ActionCable::",
|
608
|
+
"ActionController::",
|
609
|
+
"ActionDispatch::",
|
610
|
+
"ActionMailer::",
|
611
|
+
"ActiveJob::",
|
612
|
+
"ActiveSupport::",
|
613
|
+
"ActiveStorage::",
|
614
|
+
"ActionView::(?!CompiledTemplates)", #Allows Compiled templates with the not group
|
615
|
+
"ActiveRecord::",
|
616
|
+
]
|
617
|
+
objects = objects.reject do |o|
|
618
|
+
sn = safe_name(o).dup
|
619
|
+
while with_disasm && !sn.slice!(/^#<(Class|Module):/).nil? do sn = sn[0..-2] end #strip #<Class: and #<Module: prefix, strip corresponding > suffix
|
620
|
+
veracode_artifacts.include?(sn) || (with_disasm && sn[/^(#{rails_filters.join('|')}).*/])
|
621
|
+
end
|
602
622
|
|
603
623
|
if $options[:verbose]
|
604
624
|
puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
|
@@ -607,10 +627,12 @@ module Veracode
|
|
607
627
|
|
608
628
|
objects.sort_by {|o| safe_name(o) }.each do |o|
|
609
629
|
|
610
|
-
|
630
|
+
sn = safe_name(o)
|
631
|
+
puts "archiving #{o.class.to_s.downcase} #{quote(sn)}" if $options[:verbose]
|
611
632
|
|
612
|
-
add_to_archive "#{o.class.to_s.downcase} #{quote(
|
633
|
+
add_to_archive "#{o.class.to_s.downcase} #{quote(sn)}\n" +
|
613
634
|
( o.is_a?(Class) ? class_header(o) : "") + # superclass
|
635
|
+
( @rails6 && sn == "ActionView::Base" ? "include \"ActionView::CompiledTemplates\"\n" : "") + #hack for rails 6 compiled template output
|
614
636
|
( o.is_a?(Module) ? module_header(o) : "") + # included modules
|
615
637
|
( o.is_a?(Object) ? object_contents(o, with_disasm) : "") +
|
616
638
|
( o.is_a?(Module) ? module_contents(o, with_disasm) : "") +
|
@@ -619,6 +641,33 @@ module Veracode
|
|
619
641
|
end
|
620
642
|
end
|
621
643
|
|
644
|
+
def self.archive_rails6_templates
|
645
|
+
puts "archiving views" if $options[:verbose]
|
646
|
+
o = @view.compiled_method_container
|
647
|
+
compiled_views = o.instance_methods - @view_methods
|
648
|
+
formatted_contents = ""
|
649
|
+
for m_symbol in compiled_views
|
650
|
+
begin
|
651
|
+
m = o.instance_method(m_symbol)
|
652
|
+
formatted_contents += format_method(m, "public_instance", true)
|
653
|
+
rescue Exception => e
|
654
|
+
log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
|
655
|
+
end
|
656
|
+
end
|
657
|
+
# fake the module outpput to match what SAF expects from Rails <= 5
|
658
|
+
add_to_archive "module \"ActionView::CompiledTemplates\"\n" +
|
659
|
+
"extend \"ActiveSupport::Dependencies::ModuleConstMissing\"\n" +
|
660
|
+
"extend \"Module::Concerning\"\n" +
|
661
|
+
"extend \"ActiveSupport::ToJsonWithActiveSupportEncoder\"\n" +
|
662
|
+
"extend \"PP::ObjectMixin\"\n" +
|
663
|
+
"extend \"ActiveSupport::Dependencies::Loadable\"\n" +
|
664
|
+
"extend \"JSON::Ext::Generator::GeneratorMethods::Object\"\n" +
|
665
|
+
"extend \"ActiveSupport::Tryable\"\n" +
|
666
|
+
"extend \"Kernel\"\n" +
|
667
|
+
formatted_contents +
|
668
|
+
"endmodule\n"
|
669
|
+
end
|
670
|
+
|
622
671
|
|
623
672
|
def self.compile_templates
|
624
673
|
|
@@ -681,9 +730,11 @@ module Veracode
|
|
681
730
|
end
|
682
731
|
}
|
683
732
|
|
684
|
-
|
685
|
-
|
686
|
-
|
733
|
+
unless @rails6
|
734
|
+
puts "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates" if $options[:verbose]
|
735
|
+
log_error "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates"
|
736
|
+
log_error "Not all templates were compiled" if ActionView::CompiledTemplates.instance_methods.count < templates.count
|
737
|
+
end
|
687
738
|
end
|
688
739
|
|
689
740
|
def self.compile_erb_templates
|
@@ -726,7 +777,9 @@ module Veracode
|
|
726
777
|
)
|
727
778
|
|
728
779
|
case t.method(:compile).arity
|
729
|
-
when
|
780
|
+
when 1 # Rails 6
|
781
|
+
t.send(:compile, @view)
|
782
|
+
when 2 # Rails 3.1.0+
|
730
783
|
t.send(:compile, ActionView::Base.new, ActionView::CompiledTemplates)
|
731
784
|
when 3
|
732
785
|
t.send(:compile, {}, ActionView::Base.new, ActionView::CompiledTemplates)
|
@@ -739,7 +792,7 @@ module Veracode
|
|
739
792
|
|
740
793
|
}
|
741
794
|
|
742
|
-
puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose]
|
795
|
+
puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose] && !@rails6
|
743
796
|
|
744
797
|
end
|
745
798
|
|
@@ -782,7 +835,9 @@ module Veracode
|
|
782
835
|
)
|
783
836
|
|
784
837
|
case t.method(:compile).arity
|
785
|
-
when
|
838
|
+
when 1 # Rails 6
|
839
|
+
t.send(:compile, @view)
|
840
|
+
when 2 # Rails 3.1.0+
|
786
841
|
t.send(:compile, ActionView::Base.new, ActionView::CompiledTemplates)
|
787
842
|
when 3
|
788
843
|
t.send(:compile, {}, ActionView::Base.new, ActionView::CompiledTemplates)
|
@@ -795,7 +850,7 @@ module Veracode
|
|
795
850
|
|
796
851
|
}
|
797
852
|
|
798
|
-
puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose]
|
853
|
+
puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose] && !@rails6
|
799
854
|
|
800
855
|
end
|
801
856
|
|
@@ -813,6 +868,9 @@ module Veracode
|
|
813
868
|
lib = "#{part}/#{lib}"
|
814
869
|
lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
|
815
870
|
begin
|
871
|
+
if @rails6 && (lib =~ /node_modules/ || lib == 'debug')
|
872
|
+
next
|
873
|
+
end
|
816
874
|
if cond_require lib
|
817
875
|
puts "requiring #{lib}" if $options[:verbose]
|
818
876
|
end
|
@@ -852,9 +910,6 @@ def self.require_rails(gemdir)
|
|
852
910
|
end
|
853
911
|
end
|
854
912
|
|
855
|
-
|
856
|
-
|
857
|
-
|
858
913
|
################################################################################
|
859
914
|
# Subcommands
|
860
915
|
def self.prepare
|
@@ -906,11 +961,12 @@ end
|
|
906
961
|
puts "Required rails" if $options[:verbose]
|
907
962
|
end
|
908
963
|
|
964
|
+
@rails6 = Gem::Version.new(Rails.version) >= Gem::Version.new("6.0.0")
|
909
965
|
## Imitate script/rails
|
910
966
|
# APP_PATH = File.expand_path('config/application')
|
911
967
|
# APP_PATH is already set in bin/veracode
|
912
968
|
#require File.expand_path('../../config/boot', __FILE__)
|
913
|
-
|
969
|
+
glob_require "config/boot.rb"
|
914
970
|
#require 'rails/commands'
|
915
971
|
# this will trigger the console to be launched
|
916
972
|
# ARGV.clear
|
@@ -919,7 +975,7 @@ end
|
|
919
975
|
# require 'rails/commands'
|
920
976
|
|
921
977
|
## Imitate rails/commands when console
|
922
|
-
if Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
|
978
|
+
if @rails6 || Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
|
923
979
|
cond_require 'rails/command.rb'
|
924
980
|
cond_require 'rails/command/actions.rb'
|
925
981
|
cond_require 'rails/command/base.rb'
|
@@ -933,7 +989,11 @@ end
|
|
933
989
|
|
934
990
|
glob_require "config/application.rb"
|
935
991
|
|
936
|
-
|
992
|
+
begin
|
993
|
+
Rails.application.require_environment! unless $options[:skipenvironment]
|
994
|
+
rescue Exception => e
|
995
|
+
log_error "Unable to require environment: #{e.message}"
|
996
|
+
end
|
937
997
|
# Following line will actually kick off IRB
|
938
998
|
# Rails::Console.start(Rails.application)
|
939
999
|
|
@@ -973,13 +1033,26 @@ end
|
|
973
1033
|
puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
|
974
1034
|
end
|
975
1035
|
|
976
|
-
|
977
|
-
|
978
|
-
|
979
|
-
|
1036
|
+
begin
|
1037
|
+
if @rails6
|
1038
|
+
self.update
|
1039
|
+
@view = ActionView::Base.with_empty_template_cache
|
1040
|
+
@view_methods = @view.compiled_method_container.instance_methods
|
1041
|
+
compile_erb_templates
|
1042
|
+
compile_haml_templates
|
1043
|
+
self.stats if $options[:verbose]
|
1044
|
+
else
|
1045
|
+
compile_templates
|
1046
|
+
self.update
|
1047
|
+
self.stats if $options[:verbose]
|
1048
|
+
end
|
980
1049
|
|
981
|
-
|
982
|
-
|
1050
|
+
# Ensure compiled templates are fully disassembled in archive
|
1051
|
+
@baseline_modules.delete(ActionView::CompiledTemplates) unless @rails6
|
1052
|
+
rescue Exception => e
|
1053
|
+
puts "Unable to compile templates: #{e.message}" if $options[:verbose]
|
1054
|
+
log_error "Unable to compile templates: #{e.message}"
|
1055
|
+
end
|
983
1056
|
|
984
1057
|
if $options[:environment]
|
985
1058
|
puts "Processing and disassembling environment"
|
@@ -994,6 +1067,9 @@ end
|
|
994
1067
|
puts "Processing and disassembling #{APP_NAME} classes and modules"
|
995
1068
|
safe_baseline_modules = @baseline_modules.each_with_object(Set.new) { |o, s| s << safe_name(o) }
|
996
1069
|
archive(@modules.reject {|o| safe_baseline_modules.include?(safe_name(o))}, true)
|
1070
|
+
if @rails6
|
1071
|
+
archive_rails6_templates()
|
1072
|
+
end
|
997
1073
|
archive_schema
|
998
1074
|
|
999
1075
|
end
|
@@ -1003,6 +1079,7 @@ end
|
|
1003
1079
|
log_error e.message
|
1004
1080
|
log_error e.backtrace.join("\n")
|
1005
1081
|
else
|
1082
|
+
puts "Failed to prepare veracode archive. Please see #{@archive_dirname + '/' + @errorlog_filename}."
|
1006
1083
|
raise
|
1007
1084
|
end
|
1008
1085
|
end
|
data/lib/veracode/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: veracode
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Veracode
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rubyzip
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1.
|
19
|
+
version: '1.3'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1.
|
26
|
+
version: '1.3'
|
27
27
|
description: Prepares your Ruby on Rails app for submission to Veracode.
|
28
28
|
email: devcontact@veracode.com
|
29
29
|
executables:
|
@@ -39,7 +39,7 @@ files:
|
|
39
39
|
homepage: http://veracode.com/
|
40
40
|
licenses: []
|
41
41
|
metadata: {}
|
42
|
-
post_install_message:
|
42
|
+
post_install_message:
|
43
43
|
rdoc_options: []
|
44
44
|
require_paths:
|
45
45
|
- lib
|
@@ -50,13 +50,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
50
50
|
version: 1.9.3.0
|
51
51
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
|
-
- - "
|
53
|
+
- - ">="
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version:
|
55
|
+
version: '0'
|
56
56
|
requirements: []
|
57
|
-
|
58
|
-
|
59
|
-
signing_key:
|
57
|
+
rubygems_version: 3.0.8
|
58
|
+
signing_key:
|
60
59
|
specification_version: 4
|
61
60
|
summary: Command line tool for preparing your Ruby on Rails app for submission to
|
62
61
|
Veracode
|