veracode 1.0.0.alpha19 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/veracode +14 -3
- data/lib/veracode.rb +104 -26
- data/lib/veracode/version.rb +2 -2
- metadata +7 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5034f66e32e4f8c4ca8f8402491e02a000fec97485eb7325687b6a4a5e7b9a88
|
4
|
+
data.tar.gz: e5c71b7a1a8ac70356ad77e8c9d88897596d8744abd86c22269c1b177dc6b50b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a77258daf063823f0f3e03c6d10a1bdc3f157432ef2fcf91e045d498f255cea69f35f63df725195d4ac50966530f3376f7710b86e7fb5ec6ed74d1ef1af07c65
|
7
|
+
data.tar.gz: 7633d5c870d6bd8ed6a015ba4b506d2e8b44ab45761044d103d58c10bc1802a530e83dfea1dd81d96d9b75aa3ddfedddb8b124c6d5af8d3d9a88d385ae58288e
|
data/bin/veracode
CHANGED
@@ -25,7 +25,7 @@ $options = {
|
|
25
25
|
:include_inherited => false,
|
26
26
|
:environment => false,
|
27
27
|
:verbose => false,
|
28
|
-
:
|
28
|
+
:skipenvironment => false,
|
29
29
|
:skipactiverecord => false,
|
30
30
|
:skipactionview => false,
|
31
31
|
:skipsprockets => false,
|
@@ -42,8 +42,8 @@ case subcommand
|
|
42
42
|
$options[:verbose] = true
|
43
43
|
end
|
44
44
|
|
45
|
-
opts.on("-
|
46
|
-
$options[:
|
45
|
+
opts.on("-E", "--skip-environment", "Skip environment") do
|
46
|
+
$options[:skipenvironment] = true
|
47
47
|
end
|
48
48
|
|
49
49
|
opts.on("-O", "--skip-active-record", "Skip ActiveRecord") do
|
@@ -70,6 +70,17 @@ case subcommand
|
|
70
70
|
$options[:snapshot] = true
|
71
71
|
end
|
72
72
|
|
73
|
+
# only print the options that match the documentation in the help center
|
74
|
+
opts.on("-h", "--help", "Print help") do
|
75
|
+
msg = <<-HELPMSG.strip
|
76
|
+
Usage: veracode prepare [options]
|
77
|
+
-v, --verbose Run verbosely
|
78
|
+
-D, --debug Enable debug output
|
79
|
+
HELPMSG
|
80
|
+
puts msg
|
81
|
+
exit
|
82
|
+
end
|
83
|
+
|
73
84
|
end.parse!
|
74
85
|
|
75
86
|
Veracode.prepare
|
data/lib/veracode.rb
CHANGED
@@ -36,6 +36,7 @@ module Veracode
|
|
36
36
|
@archive_filename = nil
|
37
37
|
@archive_dirname = nil
|
38
38
|
|
39
|
+
@expanded_app_dir = Dir.getwd
|
39
40
|
|
40
41
|
def self.init
|
41
42
|
if Gem::Dependency.new('', '~> 2.2.0').match?('', RUBY_VERSION)
|
@@ -120,10 +121,11 @@ module Veracode
|
|
120
121
|
|
121
122
|
@manifest += Dir.glob("*").keep_if {|f| File.file?(f)}
|
122
123
|
|
123
|
-
#
|
124
|
-
%w{app config
|
124
|
+
#{app config db doc lib log public script test tmp vendor}
|
125
|
+
%w{app config lib log public script}.each {|dirname|
|
125
126
|
@manifest += Dir[File.join(dirname, "**", "*")].keep_if {|f| File.file?(f)}
|
126
127
|
}
|
128
|
+
@manifest += Dir[File.join("vendor", "**", "*.rb")]
|
127
129
|
@manifest += Dir[File.join("db", "**", "*.rb")]
|
128
130
|
|
129
131
|
if $options[:archive_source]
|
@@ -400,8 +402,8 @@ module Veracode
|
|
400
402
|
|
401
403
|
if with_disasm
|
402
404
|
insns = RubyVM::InstructionSequence.disassemble(m)
|
403
|
-
formatted += ( (insns.nil? || insns.empty?) ?
|
404
|
-
"
|
405
|
+
formatted += ( (insns.nil? || insns.empty? || insns[/.*#{@expanded_app_dir}.*/].nil?) ?
|
406
|
+
"\n" :
|
405
407
|
"#{insns}== end disasm\n"
|
406
408
|
)
|
407
409
|
end
|
@@ -601,7 +603,22 @@ module Veracode
|
|
601
603
|
safe_name(Veracode::ActiveRecord::Model),
|
602
604
|
safe_name(Veracode::ActiveRecord::Schema)
|
603
605
|
]
|
604
|
-
|
606
|
+
rails_filters = [
|
607
|
+
"ActionCable::",
|
608
|
+
"ActionController::",
|
609
|
+
"ActionDispatch::",
|
610
|
+
"ActionMailer::",
|
611
|
+
"ActiveJob::",
|
612
|
+
"ActiveSupport::",
|
613
|
+
"ActiveStorage::",
|
614
|
+
"ActionView::(?!CompiledTemplates)", #Allows Compiled templates with the not group
|
615
|
+
"ActiveRecord::",
|
616
|
+
]
|
617
|
+
objects = objects.reject do |o|
|
618
|
+
sn = safe_name(o).dup
|
619
|
+
while with_disasm && !sn.slice!(/^#<(Class|Module):/).nil? do sn = sn[0..-2] end #strip #<Class: and #<Module: prefix, strip corresponding > suffix
|
620
|
+
veracode_artifacts.include?(sn) || (with_disasm && sn[/^(#{rails_filters.join('|')}).*/])
|
621
|
+
end
|
605
622
|
|
606
623
|
if $options[:verbose]
|
607
624
|
puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
|
@@ -610,10 +627,12 @@ module Veracode
|
|
610
627
|
|
611
628
|
objects.sort_by {|o| safe_name(o) }.each do |o|
|
612
629
|
|
613
|
-
|
630
|
+
sn = safe_name(o)
|
631
|
+
puts "archiving #{o.class.to_s.downcase} #{quote(sn)}" if $options[:verbose]
|
614
632
|
|
615
|
-
add_to_archive "#{o.class.to_s.downcase} #{quote(
|
633
|
+
add_to_archive "#{o.class.to_s.downcase} #{quote(sn)}\n" +
|
616
634
|
( o.is_a?(Class) ? class_header(o) : "") + # superclass
|
635
|
+
( @rails6 && sn == "ActionView::Base" ? "include \"ActionView::CompiledTemplates\"\n" : "") + #hack for rails 6 compiled template output
|
617
636
|
( o.is_a?(Module) ? module_header(o) : "") + # included modules
|
618
637
|
( o.is_a?(Object) ? object_contents(o, with_disasm) : "") +
|
619
638
|
( o.is_a?(Module) ? module_contents(o, with_disasm) : "") +
|
@@ -622,6 +641,37 @@ module Veracode
|
|
622
641
|
end
|
623
642
|
end
|
624
643
|
|
644
|
+
def self.archive_rails6_templates
|
645
|
+
puts "archiving views" if $options[:verbose]
|
646
|
+
begin
|
647
|
+
o = @view.compiled_method_container
|
648
|
+
compiled_views = o.instance_methods - @view_methods
|
649
|
+
formatted_contents = ""
|
650
|
+
for m_symbol in compiled_views
|
651
|
+
begin
|
652
|
+
m = o.instance_method(m_symbol)
|
653
|
+
formatted_contents += format_method(m, "public_instance", true)
|
654
|
+
rescue Exception => e
|
655
|
+
log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
|
656
|
+
end
|
657
|
+
end
|
658
|
+
# fake the module outpput to match what SAF expects from Rails <= 5
|
659
|
+
add_to_archive "module \"ActionView::CompiledTemplates\"\n" +
|
660
|
+
"extend \"ActiveSupport::Dependencies::ModuleConstMissing\"\n" +
|
661
|
+
"extend \"Module::Concerning\"\n" +
|
662
|
+
"extend \"ActiveSupport::ToJsonWithActiveSupportEncoder\"\n" +
|
663
|
+
"extend \"PP::ObjectMixin\"\n" +
|
664
|
+
"extend \"ActiveSupport::Dependencies::Loadable\"\n" +
|
665
|
+
"extend \"JSON::Ext::Generator::GeneratorMethods::Object\"\n" +
|
666
|
+
"extend \"ActiveSupport::Tryable\"\n" +
|
667
|
+
"extend \"Kernel\"\n" +
|
668
|
+
formatted_contents +
|
669
|
+
"endmodule\n"
|
670
|
+
rescue Exception => e
|
671
|
+
log_error "Error archiving Rails 6 views: #{e.message}"
|
672
|
+
end
|
673
|
+
end
|
674
|
+
|
625
675
|
|
626
676
|
def self.compile_templates
|
627
677
|
|
@@ -684,9 +734,11 @@ module Veracode
|
|
684
734
|
end
|
685
735
|
}
|
686
736
|
|
687
|
-
|
688
|
-
|
689
|
-
|
737
|
+
unless @rails6
|
738
|
+
puts "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates" if $options[:verbose]
|
739
|
+
log_error "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates"
|
740
|
+
log_error "Not all templates were compiled" if ActionView::CompiledTemplates.instance_methods.count < templates.count
|
741
|
+
end
|
690
742
|
end
|
691
743
|
|
692
744
|
def self.compile_erb_templates
|
@@ -729,7 +781,9 @@ module Veracode
|
|
729
781
|
)
|
730
782
|
|
731
783
|
case t.method(:compile).arity
|
732
|
-
when
|
784
|
+
when 1 # Rails 6
|
785
|
+
t.send(:compile, @view)
|
786
|
+
when 2 # Rails 3.1.0+
|
733
787
|
t.send(:compile, ActionView::Base.new, ActionView::CompiledTemplates)
|
734
788
|
when 3
|
735
789
|
t.send(:compile, {}, ActionView::Base.new, ActionView::CompiledTemplates)
|
@@ -742,7 +796,7 @@ module Veracode
|
|
742
796
|
|
743
797
|
}
|
744
798
|
|
745
|
-
puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose]
|
799
|
+
puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose] && !@rails6
|
746
800
|
|
747
801
|
end
|
748
802
|
|
@@ -785,7 +839,9 @@ module Veracode
|
|
785
839
|
)
|
786
840
|
|
787
841
|
case t.method(:compile).arity
|
788
|
-
when
|
842
|
+
when 1 # Rails 6
|
843
|
+
t.send(:compile, @view)
|
844
|
+
when 2 # Rails 3.1.0+
|
789
845
|
t.send(:compile, ActionView::Base.new, ActionView::CompiledTemplates)
|
790
846
|
when 3
|
791
847
|
t.send(:compile, {}, ActionView::Base.new, ActionView::CompiledTemplates)
|
@@ -798,7 +854,7 @@ module Veracode
|
|
798
854
|
|
799
855
|
}
|
800
856
|
|
801
|
-
puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose]
|
857
|
+
puts "Compiled templates: " + ActionView::CompiledTemplates.instance_methods.count.to_s if $options[:verbose] && !@rails6
|
802
858
|
|
803
859
|
end
|
804
860
|
|
@@ -816,6 +872,9 @@ module Veracode
|
|
816
872
|
lib = "#{part}/#{lib}"
|
817
873
|
lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
|
818
874
|
begin
|
875
|
+
if @rails6 && (lib =~ /node_modules/ || lib == 'debug')
|
876
|
+
next
|
877
|
+
end
|
819
878
|
if cond_require lib
|
820
879
|
puts "requiring #{lib}" if $options[:verbose]
|
821
880
|
end
|
@@ -855,9 +914,6 @@ def self.require_rails(gemdir)
|
|
855
914
|
end
|
856
915
|
end
|
857
916
|
|
858
|
-
|
859
|
-
|
860
|
-
|
861
917
|
################################################################################
|
862
918
|
# Subcommands
|
863
919
|
def self.prepare
|
@@ -909,11 +965,12 @@ end
|
|
909
965
|
puts "Required rails" if $options[:verbose]
|
910
966
|
end
|
911
967
|
|
968
|
+
@rails6 = Gem::Version.new(Rails.version) >= Gem::Version.new("6.0.0")
|
912
969
|
## Imitate script/rails
|
913
970
|
# APP_PATH = File.expand_path('config/application')
|
914
971
|
# APP_PATH is already set in bin/veracode
|
915
972
|
#require File.expand_path('../../config/boot', __FILE__)
|
916
|
-
|
973
|
+
glob_require "config/boot.rb"
|
917
974
|
#require 'rails/commands'
|
918
975
|
# this will trigger the console to be launched
|
919
976
|
# ARGV.clear
|
@@ -922,7 +979,7 @@ end
|
|
922
979
|
# require 'rails/commands'
|
923
980
|
|
924
981
|
## Imitate rails/commands when console
|
925
|
-
if Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
|
982
|
+
if @rails6 || Gem::Version.new(Rails.version) >= Gem::Version.new("5.1.0")
|
926
983
|
cond_require 'rails/command.rb'
|
927
984
|
cond_require 'rails/command/actions.rb'
|
928
985
|
cond_require 'rails/command/base.rb'
|
@@ -936,7 +993,11 @@ end
|
|
936
993
|
|
937
994
|
glob_require "config/application.rb"
|
938
995
|
|
939
|
-
|
996
|
+
begin
|
997
|
+
Rails.application.require_environment! unless $options[:skipenvironment]
|
998
|
+
rescue Exception => e
|
999
|
+
log_error "Unable to require environment: #{e.message}"
|
1000
|
+
end
|
940
1001
|
# Following line will actually kick off IRB
|
941
1002
|
# Rails::Console.start(Rails.application)
|
942
1003
|
|
@@ -976,13 +1037,26 @@ end
|
|
976
1037
|
puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
|
977
1038
|
end
|
978
1039
|
|
979
|
-
|
980
|
-
|
981
|
-
|
982
|
-
|
1040
|
+
begin
|
1041
|
+
if @rails6
|
1042
|
+
self.update
|
1043
|
+
@view = ActionView::Base.with_empty_template_cache
|
1044
|
+
@view_methods = @view.compiled_method_container.instance_methods
|
1045
|
+
compile_erb_templates
|
1046
|
+
compile_haml_templates
|
1047
|
+
self.stats if $options[:verbose]
|
1048
|
+
else
|
1049
|
+
compile_templates
|
1050
|
+
self.update
|
1051
|
+
self.stats if $options[:verbose]
|
1052
|
+
end
|
983
1053
|
|
984
|
-
|
985
|
-
|
1054
|
+
# Ensure compiled templates are fully disassembled in archive
|
1055
|
+
@baseline_modules.delete(ActionView::CompiledTemplates) unless @rails6
|
1056
|
+
rescue Exception => e
|
1057
|
+
puts "Unable to compile templates: #{e.message}" if $options[:verbose]
|
1058
|
+
log_error "Unable to compile templates: #{e.message}"
|
1059
|
+
end
|
986
1060
|
|
987
1061
|
if $options[:environment]
|
988
1062
|
puts "Processing and disassembling environment"
|
@@ -997,6 +1071,9 @@ end
|
|
997
1071
|
puts "Processing and disassembling #{APP_NAME} classes and modules"
|
998
1072
|
safe_baseline_modules = @baseline_modules.each_with_object(Set.new) { |o, s| s << safe_name(o) }
|
999
1073
|
archive(@modules.reject {|o| safe_baseline_modules.include?(safe_name(o))}, true)
|
1074
|
+
if @rails6
|
1075
|
+
archive_rails6_templates()
|
1076
|
+
end
|
1000
1077
|
archive_schema
|
1001
1078
|
|
1002
1079
|
end
|
@@ -1006,6 +1083,7 @@ end
|
|
1006
1083
|
log_error e.message
|
1007
1084
|
log_error e.backtrace.join("\n")
|
1008
1085
|
else
|
1086
|
+
puts "Failed to prepare veracode archive. Please see #{@archive_dirname + '/' + @errorlog_filename}."
|
1009
1087
|
raise
|
1010
1088
|
end
|
1011
1089
|
end
|
data/lib/veracode/version.rb
CHANGED
metadata
CHANGED
@@ -1,27 +1,27 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: veracode
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Veracode
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-05-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rubyzip
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '1.3'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '1.3'
|
27
27
|
description: Prepares your Ruby on Rails app for submission to Veracode.
|
@@ -50,12 +50,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
50
50
|
version: 1.9.3.0
|
51
51
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
|
-
- - "
|
53
|
+
- - ">="
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version:
|
55
|
+
version: '0'
|
56
56
|
requirements: []
|
57
|
-
|
58
|
-
rubygems_version: 2.7.8
|
57
|
+
rubygems_version: 3.1.6
|
59
58
|
signing_key:
|
60
59
|
specification_version: 4
|
61
60
|
summary: Command line tool for preparing your Ruby on Rails app for submission to
|