veracode 1.0.0.alpha19 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d1ea5fea7f60db50f74f9ff774a1a548d9aea957bfb78ba4daab6a2d8d3d53c2
-  data.tar.gz: 70ff0d73076ec7e4f652627d1edc8fdf211659bca3eda9af062d327a85c606fc
+  metadata.gz: 32f374241e790d16dcc804e4dd3dbbb754417e0b99afa9a3c2ab9fe80ef6466d
+  data.tar.gz: a10a06a8bb5b5d573808c3f2855e3b7ba9eecf2535f975f13966e755771b9dc0
 SHA512:
-  metadata.gz: fcad070be483f3316862afca54b4e4e2b91cd09a8c6979c048e483c1f5fb629d8bc4b7dc8c12499b2cedcfa05f2faade67cb17fe8d3a63a8345daa71c403e234
-  data.tar.gz: a331deeba1ca33939dd9f78a6d8554b5049b67566b90cab4af6ac7c9a85633bf1680c137d6628916f9357d819e04b5bf48a48a4f1f525d55f31c2dc48c17c773
+  metadata.gz: 66f1e39a03ef77a76bc33febbbe7e7778f3d653f2d76f5eba02c0e93a26e0eacf2e3fecfd14a3281281c6ebcf27330d219ffded199ad56db7c5791658bcb66ff
+  data.tar.gz: b9498b2e70b3b3c3b509937d5001067c9fe710388e7b86ab1a98c607810c41862f932b91d4112530473e412653bd861b687561af8339c662622f69e50efb4017

data/lib/veracode.rb

@@ -36,6 +36,7 @@ module Veracode
   @archive_filename = nil
   @archive_dirname = nil
 
+  @expanded_app_dir = Dir.getwd
 
   def self.init
     if Gem::Dependency.new('', '~> 2.2.0').match?('', RUBY_VERSION)
@@ -120,10 +121,11 @@ module Veracode
 
     @manifest += Dir.glob("*").keep_if {|f| File.file?(f)}
 
-#     {app config db doc lib log public script test tmp vendor}
-    %w{app config        lib log public script          vendor}.each {|dirname|
+    #{app config db doc lib log public script test tmp vendor}
+    %w{app config lib log public script}.each {|dirname|
       @manifest += Dir[File.join(dirname, "**", "*")].keep_if {|f| File.file?(f)}
     }
+    @manifest += Dir[File.join("vendor", "**", "*.rb")]
     @manifest += Dir[File.join("db", "**", "*.rb")]
 
     if $options[:archive_source]
@@ -400,8 +402,8 @@ module Veracode
 
     if with_disasm
       insns = RubyVM::InstructionSequence.disassemble(m)
-      formatted += ( (insns.nil? || insns.empty?) ? 
-                     "== disasm\n== end disasm\n" : 
+      formatted += ( (insns.nil? || insns.empty? || insns[/.*#{@expanded_app_dir}.*/].nil?) ? 
+                     "\n" :
                      "#{insns}== end disasm\n" 
                    )
     end
@@ -601,7 +603,22 @@ module Veracode
       safe_name(Veracode::ActiveRecord::Model),
       safe_name(Veracode::ActiveRecord::Schema)
     ]
-    objects = objects.reject { |o| veracode_artifacts.include?(safe_name(o)) }
+    rails_filters = [
+      "ActionCable::",
+      "ActionController::",
+      "ActionDispatch::",
+      "ActionMailer::",
+      "ActiveJob::",
+      "ActiveSupport::",
+      "ActiveStorage::",
+      "ActionView::(?!CompiledTemplates)", #Allows Compiled templates with the not group
+      "ActiveRecord::",
+    ]
+    objects = objects.reject do |o|
+      sn = safe_name(o).dup
+      while with_disasm && !sn.slice!(/^#<(Class|Module):/).nil? do sn = sn[0..-2] end #strip #<Class: and #<Module: prefix, strip corresponding > suffix
+      veracode_artifacts.include?(sn) || (with_disasm && sn[/^(#{rails_filters.join('|')}).*/])
+    end
 
     if $options[:verbose]
       puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
@@ -610,10 +627,12 @@ module Veracode
 
     objects.sort_by {|o| safe_name(o) }.each do |o|
 
-      puts "archiving #{o.class.to_s.downcase} #{quote(safe_name(o))}" if $options[:verbose]
+      sn = safe_name(o)
+      puts "archiving #{o.class.to_s.downcase} #{quote(sn)}" if $options[:verbose]
 
-      add_to_archive "#{o.class.to_s.downcase} #{quote(safe_name(o))}\n" + 
+      add_to_archive "#{o.class.to_s.downcase} #{quote(sn)}\n" + 
                    ( o.is_a?(Class)  ? class_header(o)  : "") + # superclass
+                   ( @rails6 && sn == "ActionView::Base" ? "include \"ActionView::CompiledTemplates\"\n" : "") + #hack for rails 6 compiled template output
                    ( o.is_a?(Module) ? module_header(o) : "") + # included modules
                    ( o.is_a?(Object) ? object_contents(o, with_disasm) : "") + 
                    ( o.is_a?(Module) ? module_contents(o, with_disasm) : "") + 
@@ -622,6 +641,33 @@ module Veracode
     end
   end
 
+  def self.archive_rails6_templates
+    puts "archiving views" if $options[:verbose]
+    o = @view.compiled_method_container
+    compiled_views = o.instance_methods - @view_methods
+    formatted_contents = ""
+    for m_symbol in compiled_views
+      begin
+        m = o.instance_method(m_symbol)
+        formatted_contents += format_method(m, "public_instance", true)
+      rescue Exception => e
+        log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
+      end
+    end
+    # fake the module outpput to match what SAF expects from Rails <= 5
+    add_to_archive "module \"ActionView::CompiledTemplates\"\n" + 
+                   "extend \"ActiveSupport::Dependencies::ModuleConstMissing\"\n" +
+                   "extend \"Module::Concerning\"\n" +
+                   "extend \"ActiveSupport::ToJsonWithActiveSupportEncoder\"\n" +
+                   "extend \"PP::ObjectMixin\"\n" +
+                   "extend \"ActiveSupport::Dependencies::Loadable\"\n" +
+                   "extend \"JSON::Ext::Generator::GeneratorMethods::Object\"\n" +
+                   "extend \"ActiveSupport::Tryable\"\n" +
+                   "extend \"Kernel\"\n" +
+                   formatted_contents +
+                   "endmodule\n"
+  end
+
 
   def self.compile_templates
 
@@ -684,9 +730,11 @@ module Veracode
       end
     }
 
-    puts "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates" if $options[:verbose]
-    log_error "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates"
-    log_error "Not all templates were compiled" if ActionView::CompiledTemplates.instance_methods.count < templates.count
+    unless @rails6
+      puts "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates" if $options[:verbose]
+      log_error "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates"
+      log_error "Not all templates were compiled" if ActionView::CompiledTemplates.instance_methods.count < templates.count
+    end
   end
 
   def self.compile_erb_templates
@@ -729,7 +777,9 @@ module Veracode
         )
 
         case t.method(:compile).arity
-        when 2  # Rails 3.1.0+
+        when 1 # Rails 6
+          t.send(:compile, @view)
+        when 2 # Rails 3.1.0+
           t.send(:compile, ActionView::Base.new, ActionView::CompiledTemplates)
         when 3
           t.send(:compile, {}, ActionView::Base.new, ActionView::CompiledTemplates)
@@ -742,7 +792,7 @@ module Veracode
 
     }
 
-    puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose]
+    puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose] && !@rails6
 
   end
 
@@ -785,7 +835,9 @@ module Veracode
         )
 
         case t.method(:compile).arity
-        when 2  # Rails 3.1.0+
+        when 1 # Rails 6
+          t.send(:compile, @view) 
+        when 2 # Rails 3.1.0+
           t.send(:compile, ActionView::Base.new, ActionView::CompiledTemplates)
         when 3
           t.send(:compile, {}, ActionView::Base.new, ActionView::CompiledTemplates)
@@ -798,7 +850,7 @@ module Veracode
 
     }
 
-    puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose]
+    puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose] && !@rails6
 
   end
 
@@ -816,6 +868,9 @@ module Veracode
               lib = "#{part}/#{lib}"
               lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
             begin
+              if @rails6 && (lib =~ /node_modules/ || lib == 'debug')
+                next
+              end
               if cond_require lib
                 puts "requiring #{lib}" if $options[:verbose]
               end
@@ -855,9 +910,6 @@ def self.require_rails(gemdir)
   end
 end
 
-
-
-
 ################################################################################
 # Subcommands
   def self.prepare
@@ -909,11 +961,12 @@ end
       puts "Required rails" if $options[:verbose]
     end
 
+    @rails6 = Gem::Version.new(Rails.version) >= Gem::Version.new("6.0.0")
     ## Imitate script/rails
     # APP_PATH = File.expand_path('config/application')
     # APP_PATH is already set in bin/veracode
     #require File.expand_path('../../config/boot',  __FILE__)
-     glob_require "config/boot.rb"
+    glob_require "config/boot.rb"
     #require 'rails/commands'
       # this will trigger the console to be launched
       # ARGV.clear
@@ -922,7 +975,7 @@ end
       # require 'rails/commands'
 
     ## Imitate rails/commands when console
-    if Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
+    if @rails6 || Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
       cond_require 'rails/command.rb'
       cond_require 'rails/command/actions.rb'
       cond_require 'rails/command/base.rb'
@@ -976,13 +1029,21 @@ end
         puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
       end
 
-      compile_templates
-
-      self.update
-      self.stats if $options[:verbose]
+      if @rails6
+        self.update
+        @view = ActionView::Base.with_empty_template_cache
+        @view_methods = @view.compiled_method_container.instance_methods
+        compile_erb_templates
+        compile_haml_templates
+        self.stats if $options[:verbose]
+      else
+        compile_templates
+        self.update
+        self.stats if $options[:verbose]
+      end
 
       # Ensure compiled templates are fully disassembled in archive
-      @baseline_modules.delete(ActionView::CompiledTemplates)
+      @baseline_modules.delete(ActionView::CompiledTemplates) unless @rails6
 
       if $options[:environment]
         puts "Processing and disassembling environment"
@@ -997,6 +1058,9 @@ end
         puts "Processing and disassembling #{APP_NAME} classes and modules"
         safe_baseline_modules = @baseline_modules.each_with_object(Set.new) { |o, s| s << safe_name(o) }
         archive(@modules.reject {|o| safe_baseline_modules.include?(safe_name(o))}, true)
+        if @rails6
+          archive_rails6_templates()
+        end
         archive_schema
 
       end

data/lib/veracode/version.rb

@@ -1,4 +1,4 @@
 module Veracode
-  VERSION = '1.0.0.alpha19'
-  ARCHIVE_VERSION = '2012-07-04'
+  VERSION = '1.0.0'
+  ARCHIVE_VERSION = '2020-06-29'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: veracode
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha19
+  version: 1.0.0
 platform: ruby
 authors:
 - Veracode
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-01 00:00:00.000000000 Z
+date: 2020-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubyzip
@@ -39,7 +39,7 @@ files:
 homepage: http://veracode.com/
 licenses: []
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -50,13 +50,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 1.9.3.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.8
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Command line tool for preparing your Ruby on Rails app for submission to
   Veracode