veracode 1.0.0.alpha2 → 1.0.0.alpha7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +7 -0
  2. data/bin/veracode +21 -15
  3. data/lib/veracode.rb +229 -116
  4. data/lib/veracode/gems.rb +49 -0
  5. data/lib/veracode/schema.rb +104 -0
  6. data/lib/veracode/version.rb +2 -1
  7. metadata +20 -14
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e57a698db0528192fcbd096c38cb4236ef54869f
4
+ data.tar.gz: f4b1f130125636850f94bddd03356b35ab6678f6
5
+ SHA512:
6
+ metadata.gz: cbfc1cfc6c98a2dde96540a8f5c2f05baa01f4076e3204c49edcec5db86db752f641bb923b5f998a85e65fabe45cd1b0e05ac5074acdb71658315b1c8459f02c
7
+ data.tar.gz: 0935f7c827279516a28e56068e9b00c45c214484316f38e85ab618810dfa29811d368498a0822b8705a92bf22322946645e0bf9873e502db7f032fb294ba3665
data/bin/veracode CHANGED
@@ -16,12 +16,10 @@ require 'veracode'
16
16
  require 'veracode/version'
17
17
 
18
18
  $options = {
19
- :phase1 => false,
20
- :phase2 => false,
21
- :phase3 => true,
22
19
  :archive_source => true,
23
20
  :include_inherited => false,
24
21
  :jruby => false,
22
+ :environment => false,
25
23
  }
26
24
 
27
25
  subcommand = ARGV.shift
@@ -34,22 +32,13 @@ case subcommand
34
32
  $options[:verbose] = true
35
33
  end
36
34
 
37
- opts.on("-a", "--all", "Archive objects at all stages") do
38
- $options[:phase1] = true
39
- $options[:phase2] = true
40
- end
41
-
42
- opts.on("-f", "--file", "Disassemble .rb files") do
43
- $options[:disasm] = true
44
- end
45
-
46
35
  opts.on("-j", "--jruby", "Force JRuby mode") do
47
36
  $options[:jruby] = true
48
37
  end
49
38
 
50
- opts.on("--[no-]source", "[Don't] Include source code in archive") do |s|
51
- $options[:archive_source] = s
52
- end
39
+ # opts.on("--[no-]source", "[Don't] Include source code in archive") do |s|
40
+ # $options[:archive_source] = s
41
+ # end
53
42
 
54
43
  opts.on("-D", "--debug", "Enable debug output") do
55
44
  $DEBUG = true
@@ -73,6 +62,23 @@ case subcommand
73
62
  " #{opts.program_name} help"
74
63
  end.parse!
75
64
 
65
+ when "environment", "env"
66
+ $options[:environment] = true
67
+
68
+ OptionParser.new do |opts|
69
+ opts.banner = "Usage: veracode environment [options]"
70
+
71
+ opts.on("-v", "--verbose", "Run verbosely") do
72
+ $options[:verbose] = true
73
+ end
74
+
75
+ opts.on("-D", "--debug", "Enable debug output") do
76
+ $DEBUG = true
77
+ end
78
+
79
+ end.parse!
80
+ Veracode.prepare
81
+
76
82
  else
77
83
  $stderr.puts "#{subcommand.dump} is not a valid subcommand"
78
84
 
data/lib/veracode.rb CHANGED
@@ -1,24 +1,35 @@
1
+ require 'pathname'
2
+ require 'set'
1
3
  require 'zlib'
2
- require 'zip/zip'
3
- require "veracode/version"
4
+ require 'zip'
5
+ require 'veracode/version'
6
+ require 'veracode/schema'
7
+ require 'veracode/gems'
4
8
 
5
9
  module Veracode
6
10
  @run_id = nil
11
+ @required_libs = Set.new
7
12
 
8
13
  # Metadata and method disassemblies for all Modules (.txt.gz)
9
14
  @disasmlog = nil
10
- @disasmlog_filename = "disasm.txt.gz"
15
+ @disasmlog_filename = 'disasm.txt.gz'
11
16
 
12
17
  # Error log including capture of STDERR and any errors generated by the gem (.log)
13
18
  @errorlog = nil
14
- @errorlog_filename = "error.log"
19
+ @errorlog_filename = 'error.log'
15
20
 
16
21
  # Index file containing the names of files present in the application directory (.txt)
17
- @index_filename = "index.txt"
22
+ @index_filename = 'index.txt'
18
23
 
19
24
  # Manifest file containing original names of all files in archive (.txt)
20
25
  @manifest = []
21
- @manifest_filename = "manifest.txt"
26
+ @manifest_filename = 'manifest.txt'
27
+
28
+ # XML file containing list of gems used by application
29
+ @gems_filename = 'gems.xml'
30
+
31
+ # Archive version file containing archive format version identifier
32
+ @version_filename = 'version.txt'
22
33
 
23
34
  # The final archive that will be uploaded to Veracode for analysis (.zip)
24
35
  @archive = nil
@@ -29,6 +40,7 @@ module Veracode
29
40
  def self.init
30
41
  @run_id = Time.now.strftime("%Y%m%d%H%M%S")
31
42
  @archive_dirname = File.join("tmp","veracode-#{@run_id}")
43
+ @required_libs.merge(["pathname", "set", "zlib", "zip/zip", "veracode"])
32
44
 
33
45
  if !Dir.exists?("tmp")
34
46
  begin
@@ -57,9 +69,11 @@ module Veracode
57
69
  @disasmlog_filename = File.join(@archive_dirname, @disasmlog_filename)
58
70
  @index_filename = File.join(@archive_dirname, @index_filename)
59
71
  @manifest_filename = File.join(@archive_dirname, @manifest_filename)
72
+ @gems_filename = File.join(@archive_dirname, @gems_filename)
73
+ @version_filename = File.join(@archive_dirname, @version_filename)
60
74
 
61
75
  # Try touching each of the files to be written
62
- [@disasmlog_filename, @errorlog_filename, @index_filename, @manifest_filename].each {|f|
76
+ [@disasmlog_filename, @errorlog_filename, @index_filename, @manifest_filename, @gems_filename, @version_filename].each {|f|
63
77
  begin
64
78
  File.open(f, "wb") {}
65
79
  rescue Exception => e
@@ -76,6 +90,7 @@ module Veracode
76
90
  log_error "RUBY_DESCRIPTION: #{RUBY_DESCRIPTION}"
77
91
  log_error "RAILS_VERSION: " + `rails --version`.chomp
78
92
  log_error "GEM_VERSION: #{Veracode::VERSION}"
93
+ log_error "ARCHIVE_VERSION: #{Veracode::ARCHIVE_VERSION}"
79
94
  log_error "PWD: #{Dir.pwd.to_s.dump}"
80
95
  log_error "APP_NAME: #{APP_NAME.dump}"
81
96
  log_error "RUNID: #{@run_id}"
@@ -86,6 +101,16 @@ module Veracode
86
101
  STDERR.reopen(@errorlog)
87
102
  end
88
103
 
104
+ begin
105
+ File.open(@version_filename, "wb") {|version_file|
106
+ version_file.puts Veracode::ARCHIVE_VERSION
107
+ }
108
+ rescue Exception => e
109
+ log_error "Unable to write to archive version file #{@version_filename}: #{e.message}"
110
+ end
111
+
112
+ list_gems
113
+
89
114
  index_application
90
115
 
91
116
  @manifest += Dir.glob("*").keep_if {|f| File.file?(f)}
@@ -128,28 +153,47 @@ module Veracode
128
153
  }
129
154
  }
130
155
  rescue Exception => e
131
- log_error e.message
132
- $stderr.puts "Unable to write manifest file #{@manifest_filename}: #{e.message}"
156
+ log_error "Unable to write manifest file #{@manifest_filename}: #{e.message}"
157
+ puts "Unable to write manifest file #{@manifest_filename}: #{e.message}"
133
158
  end
134
159
 
135
160
  @errorlog.flush
136
161
 
137
162
  begin
138
- Zip::ZipFile.open(@archive_filename, Zip::ZipFile::CREATE) { |zf|
139
- @manifest.each {|file|
140
-
141
- if file.start_with?(@archive_dirname)
142
- name_in_archive = file.sub(/^#{@archive_dirname + File::SEPARATOR}/,"")
143
- else
144
- name_in_archive = File.join(APP_NAME, file)
145
- end
146
-
147
- puts "Adding #{file} to archive as #{name_in_archive}" if $options[:verbose]
148
- zf.add(name_in_archive, file)
163
+ if Gem.loaded_specs.keys.include?("zipruby")
164
+ log_error "zipruby gem detected, using it instead of rubyzip for creating archive"
165
+ @errorlog.flush
166
+ Zip::Archive.open(@archive_filename, Zip::CREATE) { |ar|
167
+ @manifest.each { |file|
168
+
169
+ if file.start_with?(@archive_dirname)
170
+ name_in_archive = file.sub(/^#{@archive_dirname + File::SEPARATOR}/,"")
171
+ else
172
+ name_in_archive = File.join(APP_NAME, file)
173
+ end
174
+
175
+ puts "Adding #{file} to archive as #{name_in_archive}" if $options[:verbose]
176
+ ar.add_file(name_in_archive, file)
177
+ }
149
178
  }
150
- }
179
+ else
180
+ Zip::File.open(@archive_filename, Zip::File::CREATE) { |zf|
181
+ @manifest.each { |file|
182
+
183
+ if file.start_with?(@archive_dirname)
184
+ name_in_archive = file.sub(/^#{@archive_dirname + File::SEPARATOR}/,"")
185
+ else
186
+ name_in_archive = File.join(APP_NAME, file)
187
+ end
188
+
189
+ puts "Adding #{file} to archive as #{name_in_archive}" if $options[:verbose]
190
+ zf.add(name_in_archive, file)
191
+ }
192
+ }
193
+ end
151
194
  rescue Exception => e
152
- $stderr.puts "Unable to create archive #{@manifest_filename}: #{e.message}"
195
+ log_error "Unable to create archive #{@manifest_filename}: #{e.message}"
196
+ puts "Unable to create archive #{@manifest_filename}: #{e.message}"
153
197
  exit
154
198
  end
155
199
 
@@ -157,7 +201,7 @@ module Veracode
157
201
  end
158
202
 
159
203
  def self.cleanup
160
- [@disasmlog_filename, @errorlog_filename, @index_filename, @manifest_filename].each {|f|
204
+ [@disasmlog_filename, @errorlog_filename, @index_filename, @manifest_filename, @gems_filename, @version_filename].each {|f|
161
205
  begin
162
206
  File.delete(f)
163
207
  rescue Exception => e
@@ -200,20 +244,33 @@ module Veracode
200
244
 
201
245
  ##############################################################################
202
246
  # Helpers
247
+ def self.cond_require(lib)
248
+ if @required_libs.add?(lib)
249
+ return require lib
250
+ end
251
+ return false
252
+ end
253
+
203
254
  def self.glob_require(files)
255
+ any_new = false
256
+ total, count = 0, 0
204
257
  Dir.glob(files) do |f|
205
258
  print "Requiring #{f.to_s} " if $options[:verbose]
206
259
 
207
260
  begin
208
- require File.expand_path(f)
261
+ required = require File.expand_path(f)
209
262
  rescue Exception => e
210
263
  puts "(failed: #{e.message})" if $options[:verbose]
211
264
  log_error "Unable to require #{File.expand_path(f).to_s.dump} (#{e.message})"
212
265
  else
213
- puts "(OK)" if $options[:verbose]
266
+ puts "(OK: #{(required ? "required" : "already required")})" if $options[:verbose]
214
267
  end
215
-
268
+ any_new |= required
269
+ total += 1
270
+ count += 1 if required
216
271
  end
272
+ puts "#{count}/#{total} files were required" if $options[:verbose]
273
+ any_new
217
274
  end
218
275
 
219
276
  def self.safe_name(o)
@@ -221,7 +278,11 @@ module Veracode
221
278
  when o == ActiveSupport::TimeWithZone
222
279
  "ActiveSupport::TimeWithZone"
223
280
  when o.is_a?(Module)
224
- ( o.name.nil? ? o.to_s : o.name )
281
+ begin
282
+ ( o.name.nil? ? o.to_s : o.name.to_s )
283
+ rescue
284
+ o.to_s
285
+ end
225
286
  when o.is_a?(Method), o.is_a?(UnboundMethod)
226
287
  o.name.to_s
227
288
  else
@@ -286,7 +347,13 @@ module Veracode
286
347
  def self.prepare_archive
287
348
  @disasmlog = Zlib::GzipWriter.new(File.open(@disasmlog_filename, "wb"), nil, nil)
288
349
  @disasmlog.puts "#{RUBY_ENGINE}-#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL}"
289
- @disasmlog.puts "# " + `rails --version`.chomp
350
+ if $options[:environment]
351
+ @disasmlog.puts "# EnvironmentDef %s-%s_rails-%s" % [RUBY_ENGINE, RUBY_VERSION, Rails.version]
352
+ else
353
+ @disasmlog.puts "# Environment %s-%s_rails-%s" % [RUBY_ENGINE, RUBY_VERSION, Rails.version]
354
+ end
355
+ @disasmlog.puts "# Ruby #{RUBY_ENGINE}-#{RUBY_VERSION}"
356
+ @disasmlog.puts "# Rails #{Rails.version}"
290
357
  @disasmlog.puts
291
358
  end
292
359
 
@@ -363,7 +430,7 @@ module Veracode
363
430
  m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join :
364
431
  ""
365
432
  ) +
366
- ( m.singleton_class.included_modules.count > 0 ?
433
+ ( m.respond_to?(:singleton_class) && m.singleton_class.included_modules.count > 0 ?
367
434
  m.singleton_class.included_modules.map {|m| "extend #{m.inspect.dump}\n" }.join :
368
435
  ""
369
436
  )
@@ -399,23 +466,26 @@ module Veracode
399
466
  end
400
467
  end
401
468
 
402
- if m.respond_to?(:global_variables)
403
- m.global_variables.each do |v_symbol|
404
- begin
405
- v = eval(v_symbol.to_s)
406
- formatted_contents += format_variable(v_symbol, v, "global")
407
- rescue Exception => e
408
- log_error "Error archiving global variable #{v_symbol.to_s.dump}: #{e.message}"
409
- formatted_contents += format_variable(v_symbol, :veracode_nil, "global")
410
- end
411
-
469
+ begin
470
+ if m == Kernel
471
+ m.global_variables.each do |v_symbol|
472
+ begin
473
+ v = eval(v_symbol.to_s)
474
+ formatted_contents += format_variable(v_symbol, v, "global")
475
+ rescue Exception => e
476
+ log_error "Error archiving global variable #{v_symbol.to_s.dump}: #{e.message}"
477
+ formatted_contents += format_variable(v_symbol, :veracode_nil, "global")
478
+ end
479
+ end
412
480
  end
481
+ rescue Exception => e
482
+ # m.respond_to?(:global_variables) was throwing exceptions
413
483
  end
414
484
 
415
485
  %w[ public protected private ].each {|p|
416
486
  get_methods = (p + "_instance_methods").to_sym
417
- if m.respond_to?(get_methods) && m.send(get_methods, $options[:include_inherited]).count > 0
418
- m.send(get_methods, $options[:include_inherited]).each do |m_symbol|
487
+ if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
488
+ m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
419
489
  begin
420
490
  method = m.instance_method(m_symbol)
421
491
  formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
@@ -467,7 +537,12 @@ module Veracode
467
537
  # Archiving Objects
468
538
  def self.archive(objects, with_disasm=true)
469
539
 
470
- objects = objects - [Veracode]
540
+ objects = objects - [
541
+ Veracode,
542
+ Veracode::ActiveRecord,
543
+ Veracode::ActiveRecord::Model,
544
+ Veracode::ActiveRecord::Schema,
545
+ ]
471
546
 
472
547
  if $options[:verbose]
473
548
  puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
@@ -493,27 +568,11 @@ module Veracode
493
568
  end
494
569
 
495
570
 
496
- def self.archive_schema
497
- puts "Archiving schema information" if $options[:verbose]
498
- schema_file = File.join("db", "schema.rb")
499
- begin
500
- add_to_archive %Q|module "Veracode::Schema"\n| +
501
- %Q|singleton_method "main" []\n| +
502
- RubyVM::InstructionSequence.compile_file(schema_file).disasm +
503
- %Q|== end disasm\n| +
504
- %Q|endmodule\n\n|
505
- rescue Exception => e
506
- puts "Unable to retrieve schema information from 'db/schema.rb'. Are your migrations up to date?"
507
- log_error "Unable to archive 'db/schema.rb' (#{e.message})"
508
- end
509
- end
510
-
511
-
512
571
  def self.compile_templates
513
572
 
514
573
  begin
515
- require 'action_view' unless defined? ActionView
516
- require 'action_controller' unless defined? ActionController
574
+ cond_require 'action_view' unless defined? ActionView
575
+ cond_require 'action_controller' unless defined? ActionController
517
576
  rescue Exception => e
518
577
  log_error "Unable to satisfy haml dependencies (#{e.message})"
519
578
  return
@@ -536,12 +595,13 @@ module Veracode
536
595
  return unless templates.count > 0
537
596
 
538
597
  puts "Found #{templates.count} templates" if $options[:verbose]
598
+ log_error "Found #{templates.count} templates"
539
599
 
540
600
  haml_templates = templates.grep(/\.haml$/)
541
601
  if haml_templates.any?
542
602
  begin
543
- require 'haml' unless defined? Haml
544
- require 'haml/template/plugin' unless defined? Haml::Plugin
603
+ cond_require 'haml' unless defined? Haml
604
+ cond_require 'haml/template/plugin' unless defined? Haml::Plugin
545
605
  rescue Exception => e
546
606
  puts "Unable to satisfy haml dependencies"
547
607
  log_error "Unable to satisfy haml dependencies (#{e.message})"
@@ -558,13 +618,16 @@ module Veracode
558
618
  puts "Compiling template #{template}" if $options[:verbose]
559
619
 
560
620
  begin
621
+ # This render will fail, but will trigger compilation of template
561
622
  view.render(:file => template)
562
623
  rescue Exception => e
563
624
  log_error "Compiled template #{template} #{e.message}"
564
625
  end
565
626
  }
566
627
 
567
- puts "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates " if $options[:verbose]
628
+ puts "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates" if $options[:verbose]
629
+ log_error "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates"
630
+ log_error "Not all templates were compiled" if ActionView::CompiledTemplates.instance_methods.count < templates.count
568
631
  end
569
632
 
570
633
  def self.compile_erb_templates
@@ -639,9 +702,9 @@ module Veracode
639
702
  return unless templates.count > 0
640
703
 
641
704
  begin
642
- require 'action_view'
643
- require 'haml'
644
- require 'haml/template/plugin'
705
+ cond_require 'action_view'
706
+ cond_require 'haml'
707
+ cond_require 'haml/template/plugin'
645
708
  rescue Exception => e
646
709
  log_error "Unable to satisfy haml dependencies (#{e.message})"
647
710
  return
@@ -680,6 +743,59 @@ module Veracode
680
743
 
681
744
  end
682
745
 
746
+ def self.require_libs(lib_paths)
747
+ for lib_path in lib_paths
748
+ dirsToProcess = [Pathname(lib_path)]
749
+ until dirsToProcess.count == 0 || !Dir.exists?(dirsToProcess[0])
750
+ currentDir = dirsToProcess.delete_at(0)
751
+ for child in currentDir.children
752
+ if child.directory?
753
+ dirsToProcess[dirsToProcess.count] = child
754
+ base = child.to_s.partition("#{lib_path}/")[2]
755
+ lib = ""
756
+ for part in base.split('/').reverse
757
+ lib = "#{part}/#{lib}"
758
+ lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
759
+ begin
760
+ if cond_require lib
761
+ puts "requiring #{lib}" if $options[:verbose]
762
+ end
763
+ rescue Exception => e
764
+ end
765
+ end
766
+ end
767
+ end
768
+ end
769
+ end
770
+ end
771
+
772
+ def self.require_rails(gemdir)
773
+ dirsToProcess = [Pathname(gemdir)]
774
+ until dirsToProcess.count == 0
775
+ currentDir = dirsToProcess.delete_at(0)
776
+ for child in currentDir.children
777
+ if child.directory?
778
+ dirsToProcess[dirsToProcess.count] = child
779
+ end
780
+ base = child.to_s.partition("#{gemdir}/")[2]
781
+ if base.index("action_controller") != nil || base.index("action_view") != nil || base.index("active_record") != nil
782
+ lib = ""
783
+ for part in base.split('/').reverse
784
+ lib = "#{part}/#{lib}"
785
+ lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
786
+ lib.chomp!(File.extname(lib))
787
+ begin
788
+ if cond_require lib
789
+ puts "requiring #{lib}" if $options[:verbose]
790
+ end
791
+ rescue Exception => e
792
+ end
793
+ end
794
+ end
795
+ end
796
+ end
797
+ end
798
+
683
799
 
684
800
 
685
801
 
@@ -697,16 +813,6 @@ module Veracode
697
813
  puts
698
814
  end
699
815
 
700
- if $options[:disasm]
701
- rbfiles = File.join("**", "*.rb")
702
- Dir[rbfiles].each do |f|
703
- puts RubyVM::InstructionSequence.compile_file(f).disasm
704
- puts
705
- end
706
- exit
707
- end
708
-
709
- prepare_archive
710
816
 
711
817
  ################################################################
712
818
  ## phase 1 - Create baseline
@@ -715,10 +821,6 @@ module Veracode
715
821
  puts "Phase 1 - Initial State" if $options[:verbose]
716
822
  self.stats if $options[:verbose]
717
823
 
718
- if $options[:phase1]
719
- puts "Processing and disassembling Ruby standard classes and modules"
720
- archive(@modules)
721
- end
722
824
  ## /phase 1 - Create baseline
723
825
  ################################################################
724
826
 
@@ -729,10 +831,7 @@ module Veracode
729
831
 
730
832
  puts "Phase 2 - Load Rails" if $options[:verbose]
731
833
  begin
732
- require "rails"
733
- require 'action_controller'
734
- require 'action_view'
735
- require 'active_record'
834
+ require "rails/all"
736
835
  rescue Exception => e
737
836
  puts "Unable to require rails: #{e.message}"
738
837
  log_error "Unable to require rails: #{e.message}"
@@ -741,26 +840,6 @@ module Veracode
741
840
  puts "Required rails" if $options[:verbose]
742
841
  end
743
842
 
744
- self.update
745
-
746
- self.stats if $options[:verbose]
747
-
748
- if $options[:phase2]
749
- puts "Processing and disassembling Rails classes and modules"
750
- archive(@modules)
751
- end
752
-
753
- self.rebaseline
754
- ## /phase 2 - Require rails
755
- ################################################################
756
-
757
-
758
-
759
- ################################################################
760
- # phase 3 - require app
761
-
762
- puts "Phase 3 - Imitate Rails" if $options[:verbose]
763
-
764
843
  ## Imitate script/rails
765
844
  # APP_PATH = File.expand_path('config/application')
766
845
  # APP_PATH is already set in bin/veracode
@@ -774,7 +853,7 @@ module Veracode
774
853
  # require 'rails/commands'
775
854
 
776
855
  ## Imitate rails/commands when console
777
- glob_require 'rails/commands/console'
856
+ cond_require 'rails/commands/console.rb'
778
857
  # require APP_PATH # => config/application.rb
779
858
 
780
859
  glob_require "config/application.rb"
@@ -785,32 +864,66 @@ module Veracode
785
864
 
786
865
  # Imitate Rails::Console.initialize_console
787
866
  # require "pp"
788
- glob_require "rails/console/app"
789
- glob_require "rails/console/helpers"
867
+ cond_require "rails/console/app.rb"
868
+ cond_require "rails/console/helpers.rb"
790
869
 
791
- glob_require "app/models/**/*.rb"
792
- glob_require "app/helpers/**/*.rb"
793
- glob_require "app/controllers/application_controller.rb"
794
- glob_require "app/controllers/**/*.rb"
870
+ if $options[:environment]
871
+ @stdlib = $:
872
+ @gemdir = Gem.dir
873
+
874
+ require_libs(@stdlib)
875
+ require_rails(@gemdir)
876
+ end
877
+
878
+ self.rebaseline
879
+
880
+ self.stats if $options[:verbose]
881
+
882
+ ## /phase 2 - Require rails
883
+ ################################################################
884
+
885
+
886
+
887
+ ################################################################
888
+ # phase 3 - require app
889
+
890
+ puts "Phase 3 - Imitate Rails" if $options[:verbose]
891
+
892
+ any_new = true
893
+ while any_new
894
+ any_new = false
895
+ any_new |= glob_require "lib/**/*.rb"
896
+ any_new |= glob_require "app/**/*.rb"
897
+ puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
898
+ end
795
899
 
796
900
  compile_templates
797
901
 
798
902
  self.update
799
903
  self.stats if $options[:verbose]
800
904
 
801
- if $options[:phase3]
802
- puts "Processing and disassembling #{APP_NAME} classes and modules"
905
+ # Ensure compiled templates are fully disassembled in archive
906
+ @baseline_modules.delete(ActionView::CompiledTemplates)
907
+
908
+ if $options[:environment]
909
+ puts "Processing and disassembling environment"
910
+ archive(@modules.reject {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
911
+ .reject {|o| safe_name(o) =~ /^Veracode/ }
912
+ .reject {|o| safe_name(o) =~ /^EmptyRails/ }
913
+ .reject {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
914
+ else
915
+ puts "Processing Ruby and Rails classes and modules"
803
916
  archive(@baseline_modules, false)
917
+ add_to_archive "\n# Phase 3 - App disassembly\n"
918
+ puts "Processing and disassembling #{APP_NAME} classes and modules"
804
919
  archive(@modules - @baseline_modules, true)
920
+ archive_schema
805
921
  end
806
922
 
807
- archive_schema
808
-
809
923
  ## /phase 3 - require app
810
924
  ################################################################
811
925
 
812
926
  finalize_archive
813
-
814
927
  pack_manifest
815
928
  cleanup
816
929
 
data/lib/veracode/gems.rb ADDED
@@ -0,0 +1,49 @@
1
+ module Veracode
2
+ SupportedGems = %w{
3
+ actionmailer
4
+ actionpack
5
+ activemodel
6
+ activerecord
7
+ activeresource
8
+ activesupport
9
+ arel
10
+ builder
11
+ erubis
12
+ haml
13
+ haml-rails
14
+ rails
15
+ railties
16
+ veracode
17
+ }
18
+
19
+ def self.list_gems
20
+
21
+ gems = `bundle list`.each_line
22
+ .reject {|line| line !~ /^ \* /}
23
+ .map {|line| line[4..-1]}
24
+ .map {|line| line.split.first}
25
+
26
+ begin
27
+ File.open(@gems_filename, "wb") {|gems_file|
28
+ gems_file.puts '<messages>'
29
+ gems.each {|gem|
30
+ gems_file << <<GEMS_XML
31
+ <message>
32
+ <platform>ruby</platform>
33
+ <name>#{gem}</name>
34
+ <detailed_message>#{gem}</detailed_message>
35
+ <token>#{gem}</token>
36
+ <package>rubygem.#{gem}</package>
37
+ <errorlevel>#{(SupportedGems.include?(gem) ? "info" : "warn" )}</errorlevel>
38
+ <type>framework_unsupported</type>
39
+ </message>
40
+ GEMS_XML
41
+ }
42
+ gems_file.puts '</messages>'
43
+ }
44
+ rescue Exception => e
45
+ log_error "Unable to write to gem list to file #{@gems_filename}: #{e.message}"
46
+ end
47
+
48
+ end
49
+ end
data/lib/veracode/schema.rb ADDED
@@ -0,0 +1,104 @@
1
+ module Veracode
2
+ module ActiveRecord
3
+ class Model
4
+
5
+ attr_reader :name, :attributes
6
+
7
+ def initialize(name)
8
+ @name = name
9
+ @attributes = Array.new
10
+ end
11
+
12
+ %w(
13
+ binary boolean date datetime decimal float integer primary_key string text time timestamp
14
+ ).map(&:to_sym).each do |meth|
15
+ define_method(meth) do |name, *rest|
16
+ @attributes << [name, meth]
17
+ end
18
+ end
19
+
20
+ end
21
+
22
+ class Schema
23
+
24
+ def self.define(info={}, &block)
25
+ Schema.new.instance_eval(&block)
26
+ end
27
+
28
+ def create_table(name, options={})
29
+ td = Model.new(name)
30
+ td.integer('id')
31
+ yield td if block_given?
32
+ Veracode.add_to_archive Veracode.format_variable("@@#{td.name}", td.attributes, 'class')
33
+ end
34
+
35
+ # ActiveRecord::ConnectionAdapters::SchemaStatements
36
+ # http://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/SchemaStatements.html
37
+ def add_column(table_name, column_name, type, options = {}) ; end
38
+ def add_index(table_name, column_name, options = {}) ; end
39
+ def add_index_options(table_name, column_name, options = {}) ; end
40
+ def add_index_sort_order(option_strings, column_names, options = {}) ; end
41
+ def add_timestamps(table_name) ; end
42
+
43
+ # ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt
44
+ # http://rubydoc.info/gems/activerecord-oracle_enhanced-adapter/ActiveRecord/ConnectionAdapters/OracleEnhancedSchemaStatementsExt
45
+ def add_foreign_key(from_table, to_table, options = {})
46
+ Veracode::log_error "schema.rb: ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt#add_foreign_key called"
47
+ end
48
+ def add_primary_key_trigger(table_name, options = {})
49
+ Veracode::log_error "schema.rb: ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt#add_primary_key_trigger called"
50
+ end
51
+ def add_synonym(name, table_name, options = {})
52
+ Veracode::log_error "schema.rb: ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt#add_synonym called"
53
+ end
54
+ # def disable_referential_integrity(&block) ; end
55
+ # def foreign_key_definition(to_table, options = {}) ; end
56
+ # def foreign_keys(table_name) ; end
57
+ # def remove_foreign_key(from_table, options) ; end
58
+ # def remove_synonym(name) ; end
59
+ # def supports_foreign_keys? ; end
60
+ # def synonyms ; end
61
+
62
+ # TODO: Return only if real receiver would respond to method
63
+ # def method_missing(meth, *args, &block)
64
+ # if ActiveRecord::ConnectionAdapters::AbstractAdapter.instance_methods.include?(meth)
65
+ # log_error "Unhandled method: #{meth} args: #{args.to_s}"
66
+ # nil
67
+ # else
68
+ # super
69
+ # end
70
+ # end
71
+ # def respond_to_everything(meth)
72
+ # log_error "Unhandled respond_to? for: #{meth}" unless really_respond_to?(meth)
73
+ # true
74
+ # end
75
+ # alias_method :really_respond_to?, :respond_to?
76
+ # alias_method :respond_to?, :respond_to_everything
77
+ end
78
+ end
79
+
80
+ def self.archive_schema
81
+ puts "Evaluating and archiving schema information"
82
+ schema_file = File.join("db", "schema.rb")
83
+
84
+ begin
85
+ schema = 'Veracode::' + File.read(schema_file).each_line.reject {|l| l =~ /^\s*#/}.join
86
+ rescue Exception => e
87
+ puts "Unable to retrieve schema information from 'db/schema.rb'. Are your migrations up to date?"
88
+ log_error "Unable to retrieve schema from 'db/schema.rb' (#{e.message})"
89
+ add_to_archive %Q|module "Veracode::Schema"\n|
90
+ add_to_archive %Q|endmodule\n\n|
91
+ return
92
+ end
93
+
94
+ add_to_archive %Q|module "Veracode::Schema"\n|
95
+ begin
96
+ eval(schema)
97
+ rescue Exception => e
98
+ puts "Unable to evaluate schema information from 'db/schema.rb'. (#{e.message})"
99
+ log_error "Unable to evaluate 'db/schema.rb' (#{e.message})"
100
+ end
101
+ add_to_archive %Q|endmodule\n\n|
102
+ end
103
+
104
+ end
data/lib/veracode/version.rb CHANGED
@@ -1,3 +1,4 @@
1
1
  module Veracode
2
- VERSION = "1.0.0.alpha2"
2
+ VERSION = '1.0.0.alpha7'
3
+ ARCHIVE_VERSION = '2012-07-04'
3
4
  end
metadata CHANGED
@@ -1,27 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: veracode
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0.alpha2
5
- prerelease: 6
4
+ version: 1.0.0.alpha7
6
5
  platform: ruby
7
6
  authors:
8
7
  - Veracode
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2012-06-11 00:00:00.000000000 Z
11
+ date: 2015-12-10 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: rubyzip
16
- requirement: &70309839816480 !ruby/object:Gem::Requirement
17
- none: false
15
+ requirement: !ruby/object:Gem::Requirement
18
16
  requirements:
19
- - - ! '>='
17
+ - - '>='
20
18
  - !ruby/object:Gem::Version
21
- version: '0'
19
+ version: '1.0'
22
20
  type: :runtime
23
21
  prerelease: false
24
- version_requirements: *70309839816480
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - '>='
25
+ - !ruby/object:Gem::Version
26
+ version: '1.0'
25
27
  description: Prepares your Ruby on Rails app for submission to Veracode.
26
28
  email: devcontact@veracode.com
27
29
  executables:
@@ -31,30 +33,34 @@ extra_rdoc_files: []
31
33
  files:
32
34
  - bin/veracode
33
35
  - lib/veracode.rb
36
+ - lib/veracode/gems.rb
37
+ - lib/veracode/schema.rb
34
38
  - lib/veracode/version.rb
35
39
  homepage: http://veracode.com/
36
40
  licenses: []
41
+ metadata: {}
37
42
  post_install_message:
38
43
  rdoc_options: []
39
44
  require_paths:
40
45
  - lib
41
46
  required_ruby_version: !ruby/object:Gem::Requirement
42
- none: false
43
47
  requirements:
44
- - - ~>
48
+ - - '>='
45
49
  - !ruby/object:Gem::Version
46
50
  version: 1.9.3.0
51
+ - - <
52
+ - !ruby/object:Gem::Version
53
+ version: 2.2.0
47
54
  required_rubygems_version: !ruby/object:Gem::Requirement
48
- none: false
49
55
  requirements:
50
- - - ! '>'
56
+ - - '>'
51
57
  - !ruby/object:Gem::Version
52
58
  version: 1.3.1
53
59
  requirements: []
54
60
  rubyforge_project:
55
- rubygems_version: 1.8.10
61
+ rubygems_version: 2.0.14
56
62
  signing_key:
57
- specification_version: 3
63
+ specification_version: 4
58
64
  summary: Command line tool for preparing your Ruby on Rails app for submission to
59
65
  Veracode
60
66
  test_files: []