veracode 1.0.0.alpha3 → 1.0.0.alpha8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/bin/veracode +25 -19
- data/lib/veracode.rb +211 -93
- data/lib/veracode/gems.rb +6 -5
- data/lib/veracode/schema.rb +63 -42
- data/lib/veracode/version.rb +1 -1
- metadata +16 -14
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: b03b9d64575800c7e3b027e4ed2e0c11e104e6f0
|
4
|
+
data.tar.gz: 8badea25276f78bf067bf2e60c488478353c87b8
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 30068aecda34ddd2bbab105ff988ebb4ff44571bb773e2a5c8c4ba029b9e778ff9b04c163194edb98e983bf51fd70da44a52ca1e1e3bb41a27086b31edc68ec1
|
7
|
+
data.tar.gz: 6f8466ca639afea009c39c22f54190875c9080b8210c4b264fd816b6672590776ca51dc1e4acd58332590d038b31f1ff85dfcb6bfcc0debd5a5999988996111e
|
data/bin/veracode
CHANGED
@@ -4,10 +4,10 @@ require 'optparse'
|
|
4
4
|
$:.unshift File.expand_path(File.dirname(__FILE__) + "/../lib")
|
5
5
|
$:.unshift Dir.pwd
|
6
6
|
|
7
|
-
unless File.exists?("script/rails")
|
8
|
-
$stderr.puts "Current directory #{File.basename(Dir.pwd).dump} does not appear to be a Rails 3 application."
|
9
|
-
exit
|
10
|
-
end
|
7
|
+
#unless File.exists?("script/rails")
|
8
|
+
# $stderr.puts "Current directory #{File.basename(Dir.pwd).dump} does not appear to be a Rails 3 application."
|
9
|
+
# exit
|
10
|
+
#end
|
11
11
|
APP_PATH = File.expand_path('config/application')
|
12
12
|
APP_NAME = File.basename(Dir.pwd)
|
13
13
|
COMMAND = "#{$0} #{ARGV.join(' ')}"
|
@@ -16,12 +16,10 @@ require 'veracode'
|
|
16
16
|
require 'veracode/version'
|
17
17
|
|
18
18
|
$options = {
|
19
|
-
:phase1 => false,
|
20
|
-
:phase2 => false,
|
21
|
-
:phase3 => true,
|
22
19
|
:archive_source => true,
|
23
20
|
:include_inherited => false,
|
24
21
|
:jruby => false,
|
22
|
+
:environment => false,
|
25
23
|
}
|
26
24
|
|
27
25
|
subcommand = ARGV.shift
|
@@ -34,22 +32,13 @@ case subcommand
|
|
34
32
|
$options[:verbose] = true
|
35
33
|
end
|
36
34
|
|
37
|
-
opts.on("-a", "--all", "Archive objects at all stages") do
|
38
|
-
$options[:phase1] = true
|
39
|
-
$options[:phase2] = true
|
40
|
-
end
|
41
|
-
|
42
|
-
opts.on("-f", "--file", "Disassemble .rb files") do
|
43
|
-
$options[:disasm] = true
|
44
|
-
end
|
45
|
-
|
46
35
|
opts.on("-j", "--jruby", "Force JRuby mode") do
|
47
36
|
$options[:jruby] = true
|
48
37
|
end
|
49
38
|
|
50
|
-
opts.on("--[no-]source", "[Don't] Include source code in archive") do |s|
|
51
|
-
|
52
|
-
end
|
39
|
+
# opts.on("--[no-]source", "[Don't] Include source code in archive") do |s|
|
40
|
+
# $options[:archive_source] = s
|
41
|
+
# end
|
53
42
|
|
54
43
|
opts.on("-D", "--debug", "Enable debug output") do
|
55
44
|
$DEBUG = true
|
@@ -73,6 +62,23 @@ case subcommand
|
|
73
62
|
" #{opts.program_name} help"
|
74
63
|
end.parse!
|
75
64
|
|
65
|
+
when "environment", "env"
|
66
|
+
$options[:environment] = true
|
67
|
+
|
68
|
+
OptionParser.new do |opts|
|
69
|
+
opts.banner = "Usage: veracode environment [options]"
|
70
|
+
|
71
|
+
opts.on("-v", "--verbose", "Run verbosely") do
|
72
|
+
$options[:verbose] = true
|
73
|
+
end
|
74
|
+
|
75
|
+
opts.on("-D", "--debug", "Enable debug output") do
|
76
|
+
$DEBUG = true
|
77
|
+
end
|
78
|
+
|
79
|
+
end.parse!
|
80
|
+
Veracode.prepare
|
81
|
+
|
76
82
|
else
|
77
83
|
$stderr.puts "#{subcommand.dump} is not a valid subcommand"
|
78
84
|
|
data/lib/veracode.rb
CHANGED
@@ -1,11 +1,14 @@
|
|
1
|
+
require 'pathname'
|
2
|
+
require 'set'
|
1
3
|
require 'zlib'
|
2
|
-
require 'zip
|
4
|
+
require 'zip'
|
3
5
|
require 'veracode/version'
|
4
6
|
require 'veracode/schema'
|
5
7
|
require 'veracode/gems'
|
6
8
|
|
7
9
|
module Veracode
|
8
10
|
@run_id = nil
|
11
|
+
@required_libs = Set.new
|
9
12
|
|
10
13
|
# Metadata and method disassemblies for all Modules (.txt.gz)
|
11
14
|
@disasmlog = nil
|
@@ -35,8 +38,14 @@ module Veracode
|
|
35
38
|
|
36
39
|
|
37
40
|
def self.init
|
41
|
+
if Gem::Dependency.new('', '~> 2.2.0').match?('', RUBY_VERSION)
|
42
|
+
$stderr.puts "Ruby 2.2 is not supported, please consult the compilation guide for all supported Ruby versions"
|
43
|
+
exit
|
44
|
+
end
|
45
|
+
|
38
46
|
@run_id = Time.now.strftime("%Y%m%d%H%M%S")
|
39
47
|
@archive_dirname = File.join("tmp","veracode-#{@run_id}")
|
48
|
+
@required_libs.merge(["pathname", "set", "zlib", "zip/zip", "veracode"])
|
40
49
|
|
41
50
|
if !Dir.exists?("tmp")
|
42
51
|
begin
|
@@ -149,28 +158,47 @@ module Veracode
|
|
149
158
|
}
|
150
159
|
}
|
151
160
|
rescue Exception => e
|
152
|
-
log_error e.message
|
153
|
-
|
161
|
+
log_error "Unable to write manifest file #{@manifest_filename}: #{e.message}"
|
162
|
+
puts "Unable to write manifest file #{@manifest_filename}: #{e.message}"
|
154
163
|
end
|
155
164
|
|
156
165
|
@errorlog.flush
|
157
166
|
|
158
167
|
begin
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
|
168
|
+
if Gem.loaded_specs.keys.include?("zipruby")
|
169
|
+
log_error "zipruby gem detected, using it instead of rubyzip for creating archive"
|
170
|
+
@errorlog.flush
|
171
|
+
Zip::Archive.open(@archive_filename, Zip::CREATE) { |ar|
|
172
|
+
@manifest.each { |file|
|
173
|
+
|
174
|
+
if file.start_with?(@archive_dirname)
|
175
|
+
name_in_archive = file.sub(/^#{@archive_dirname + File::SEPARATOR}/,"")
|
176
|
+
else
|
177
|
+
name_in_archive = File.join(APP_NAME, file)
|
178
|
+
end
|
179
|
+
|
180
|
+
puts "Adding #{file} to archive as #{name_in_archive}" if $options[:verbose]
|
181
|
+
ar.add_file(name_in_archive, file)
|
182
|
+
}
|
183
|
+
}
|
184
|
+
else
|
185
|
+
Zip::File.open(@archive_filename, Zip::File::CREATE) { |zf|
|
186
|
+
@manifest.each { |file|
|
187
|
+
|
188
|
+
if file.start_with?(@archive_dirname)
|
189
|
+
name_in_archive = file.sub(/^#{@archive_dirname + File::SEPARATOR}/,"")
|
190
|
+
else
|
191
|
+
name_in_archive = File.join(APP_NAME, file)
|
192
|
+
end
|
193
|
+
|
194
|
+
puts "Adding #{file} to archive as #{name_in_archive}" if $options[:verbose]
|
195
|
+
zf.add(name_in_archive, file)
|
196
|
+
}
|
170
197
|
}
|
171
|
-
|
198
|
+
end
|
172
199
|
rescue Exception => e
|
173
|
-
|
200
|
+
log_error "Unable to create archive #{@manifest_filename}: #{e.message}"
|
201
|
+
puts "Unable to create archive #{@manifest_filename}: #{e.message}"
|
174
202
|
exit
|
175
203
|
end
|
176
204
|
|
@@ -221,20 +249,38 @@ module Veracode
|
|
221
249
|
|
222
250
|
##############################################################################
|
223
251
|
# Helpers
|
252
|
+
def self.cond_require(lib)
|
253
|
+
if @required_libs.add?(lib)
|
254
|
+
begin
|
255
|
+
return require lib
|
256
|
+
rescue Exception => e
|
257
|
+
puts "(failed: require #{lib} #{e.message})" if $options[:verbose]
|
258
|
+
log_error "Unable to require #{lib} (#{e.message})"
|
259
|
+
end
|
260
|
+
end
|
261
|
+
return false
|
262
|
+
end
|
263
|
+
|
224
264
|
def self.glob_require(files)
|
265
|
+
any_new = false
|
266
|
+
total, count = 0, 0
|
225
267
|
Dir.glob(files) do |f|
|
226
268
|
print "Requiring #{f.to_s} " if $options[:verbose]
|
227
269
|
|
228
270
|
begin
|
229
|
-
require File.expand_path(f)
|
271
|
+
required = require File.expand_path(f)
|
230
272
|
rescue Exception => e
|
231
273
|
puts "(failed: #{e.message})" if $options[:verbose]
|
232
274
|
log_error "Unable to require #{File.expand_path(f).to_s.dump} (#{e.message})"
|
233
275
|
else
|
234
|
-
puts "(OK)" if $options[:verbose]
|
276
|
+
puts "(OK: #{(required ? "required" : "already required")})" if $options[:verbose]
|
235
277
|
end
|
236
|
-
|
278
|
+
any_new |= required
|
279
|
+
total += 1
|
280
|
+
count += 1 if required
|
237
281
|
end
|
282
|
+
puts "#{count}/#{total} files were required" if $options[:verbose]
|
283
|
+
any_new
|
238
284
|
end
|
239
285
|
|
240
286
|
def self.safe_name(o)
|
@@ -242,7 +288,11 @@ module Veracode
|
|
242
288
|
when o == ActiveSupport::TimeWithZone
|
243
289
|
"ActiveSupport::TimeWithZone"
|
244
290
|
when o.is_a?(Module)
|
245
|
-
|
291
|
+
begin
|
292
|
+
( o.name.nil? ? o.to_s : o.name.to_s )
|
293
|
+
rescue
|
294
|
+
o.to_s
|
295
|
+
end
|
246
296
|
when o.is_a?(Method), o.is_a?(UnboundMethod)
|
247
297
|
o.name.to_s
|
248
298
|
else
|
@@ -307,7 +357,13 @@ module Veracode
|
|
307
357
|
def self.prepare_archive
|
308
358
|
@disasmlog = Zlib::GzipWriter.new(File.open(@disasmlog_filename, "wb"), nil, nil)
|
309
359
|
@disasmlog.puts "#{RUBY_ENGINE}-#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL}"
|
310
|
-
|
360
|
+
if $options[:environment]
|
361
|
+
@disasmlog.puts "# EnvironmentDef %s-%s_rails-%s" % [RUBY_ENGINE, RUBY_VERSION, Rails.version]
|
362
|
+
else
|
363
|
+
@disasmlog.puts "# Environment %s-%s_rails-%s" % [RUBY_ENGINE, RUBY_VERSION, Rails.version]
|
364
|
+
end
|
365
|
+
@disasmlog.puts "# Ruby #{RUBY_ENGINE}-#{RUBY_VERSION}"
|
366
|
+
@disasmlog.puts "# Rails #{Rails.version}"
|
311
367
|
@disasmlog.puts
|
312
368
|
end
|
313
369
|
|
@@ -384,7 +440,7 @@ module Veracode
|
|
384
440
|
m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join :
|
385
441
|
""
|
386
442
|
) +
|
387
|
-
( m.singleton_class.included_modules.count > 0 ?
|
443
|
+
( m.respond_to?(:singleton_class) && m.singleton_class.included_modules.count > 0 ?
|
388
444
|
m.singleton_class.included_modules.map {|m| "extend #{m.inspect.dump}\n" }.join :
|
389
445
|
""
|
390
446
|
)
|
@@ -420,23 +476,26 @@ module Veracode
|
|
420
476
|
end
|
421
477
|
end
|
422
478
|
|
423
|
-
|
424
|
-
m
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
|
479
|
+
begin
|
480
|
+
if m == Kernel
|
481
|
+
m.global_variables.each do |v_symbol|
|
482
|
+
begin
|
483
|
+
v = eval(v_symbol.to_s)
|
484
|
+
formatted_contents += format_variable(v_symbol, v, "global")
|
485
|
+
rescue Exception => e
|
486
|
+
log_error "Error archiving global variable #{v_symbol.to_s.dump}: #{e.message}"
|
487
|
+
formatted_contents += format_variable(v_symbol, :veracode_nil, "global")
|
488
|
+
end
|
489
|
+
end
|
433
490
|
end
|
491
|
+
rescue Exception => e
|
492
|
+
# m.respond_to?(:global_variables) was throwing exceptions
|
434
493
|
end
|
435
494
|
|
436
495
|
%w[ public protected private ].each {|p|
|
437
496
|
get_methods = (p + "_instance_methods").to_sym
|
438
|
-
if m.respond_to?(get_methods) && m.
|
439
|
-
m.
|
497
|
+
if m.respond_to?(get_methods) && m.__send__(get_methods, $options[:include_inherited]).count > 0
|
498
|
+
m.__send__(get_methods, $options[:include_inherited]).each do |m_symbol|
|
440
499
|
begin
|
441
500
|
method = m.instance_method(m_symbol)
|
442
501
|
formatted_contents += format_method(method, "#{p.to_s}_instance", with_disasm)
|
@@ -488,7 +547,12 @@ module Veracode
|
|
488
547
|
# Archiving Objects
|
489
548
|
def self.archive(objects, with_disasm=true)
|
490
549
|
|
491
|
-
objects = objects - [
|
550
|
+
objects = objects - [
|
551
|
+
Veracode,
|
552
|
+
Veracode::ActiveRecord,
|
553
|
+
Veracode::ActiveRecord::Model,
|
554
|
+
Veracode::ActiveRecord::Schema,
|
555
|
+
]
|
492
556
|
|
493
557
|
if $options[:verbose]
|
494
558
|
puts "Archiving #{objects.count.to_s} objects" + (with_disasm ? " with disassembly" : "")
|
@@ -517,8 +581,8 @@ module Veracode
|
|
517
581
|
def self.compile_templates
|
518
582
|
|
519
583
|
begin
|
520
|
-
|
521
|
-
|
584
|
+
cond_require 'action_view' unless defined? ActionView
|
585
|
+
cond_require 'action_controller' unless defined? ActionController
|
522
586
|
rescue Exception => e
|
523
587
|
log_error "Unable to satisfy haml dependencies (#{e.message})"
|
524
588
|
return
|
@@ -541,12 +605,13 @@ module Veracode
|
|
541
605
|
return unless templates.count > 0
|
542
606
|
|
543
607
|
puts "Found #{templates.count} templates" if $options[:verbose]
|
608
|
+
log_error "Found #{templates.count} templates"
|
544
609
|
|
545
610
|
haml_templates = templates.grep(/\.haml$/)
|
546
611
|
if haml_templates.any?
|
547
612
|
begin
|
548
|
-
|
549
|
-
|
613
|
+
cond_require 'haml' unless defined? Haml
|
614
|
+
cond_require 'haml/template/plugin' unless defined? Haml::Plugin
|
550
615
|
rescue Exception => e
|
551
616
|
puts "Unable to satisfy haml dependencies"
|
552
617
|
log_error "Unable to satisfy haml dependencies (#{e.message})"
|
@@ -563,13 +628,16 @@ module Veracode
|
|
563
628
|
puts "Compiling template #{template}" if $options[:verbose]
|
564
629
|
|
565
630
|
begin
|
631
|
+
# This render will fail, but will trigger compilation of template
|
566
632
|
view.render(:file => template)
|
567
633
|
rescue Exception => e
|
568
634
|
log_error "Compiled template #{template} #{e.message}"
|
569
635
|
end
|
570
636
|
}
|
571
637
|
|
572
|
-
puts "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates
|
638
|
+
puts "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates" if $options[:verbose]
|
639
|
+
log_error "Compiled #{ActionView::CompiledTemplates.instance_methods.count.to_s} templates"
|
640
|
+
log_error "Not all templates were compiled" if ActionView::CompiledTemplates.instance_methods.count < templates.count
|
573
641
|
end
|
574
642
|
|
575
643
|
def self.compile_erb_templates
|
@@ -644,9 +712,9 @@ module Veracode
|
|
644
712
|
return unless templates.count > 0
|
645
713
|
|
646
714
|
begin
|
647
|
-
|
648
|
-
|
649
|
-
|
715
|
+
cond_require 'action_view'
|
716
|
+
cond_require 'haml'
|
717
|
+
cond_require 'haml/template/plugin'
|
650
718
|
rescue Exception => e
|
651
719
|
log_error "Unable to satisfy haml dependencies (#{e.message})"
|
652
720
|
return
|
@@ -685,6 +753,59 @@ module Veracode
|
|
685
753
|
|
686
754
|
end
|
687
755
|
|
756
|
+
def self.require_libs(lib_paths)
|
757
|
+
for lib_path in lib_paths
|
758
|
+
dirsToProcess = [Pathname(lib_path)]
|
759
|
+
until dirsToProcess.count == 0 || !Dir.exists?(dirsToProcess[0])
|
760
|
+
currentDir = dirsToProcess.delete_at(0)
|
761
|
+
for child in currentDir.children
|
762
|
+
if child.directory?
|
763
|
+
dirsToProcess[dirsToProcess.count] = child
|
764
|
+
base = child.to_s.partition("#{lib_path}/")[2]
|
765
|
+
lib = ""
|
766
|
+
for part in base.split('/').reverse
|
767
|
+
lib = "#{part}/#{lib}"
|
768
|
+
lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
|
769
|
+
begin
|
770
|
+
if cond_require lib
|
771
|
+
puts "requiring #{lib}" if $options[:verbose]
|
772
|
+
end
|
773
|
+
rescue Exception => e
|
774
|
+
end
|
775
|
+
end
|
776
|
+
end
|
777
|
+
end
|
778
|
+
end
|
779
|
+
end
|
780
|
+
end
|
781
|
+
|
782
|
+
def self.require_rails(gemdir)
|
783
|
+
dirsToProcess = [Pathname(gemdir)]
|
784
|
+
until dirsToProcess.count == 0
|
785
|
+
currentDir = dirsToProcess.delete_at(0)
|
786
|
+
for child in currentDir.children
|
787
|
+
if child.directory?
|
788
|
+
dirsToProcess[dirsToProcess.count] = child
|
789
|
+
end
|
790
|
+
base = child.to_s.partition("#{gemdir}/")[2]
|
791
|
+
if base.index("action_controller") != nil || base.index("action_view") != nil || base.index("active_record") != nil
|
792
|
+
lib = ""
|
793
|
+
for part in base.split('/').reverse
|
794
|
+
lib = "#{part}/#{lib}"
|
795
|
+
lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
|
796
|
+
lib.chomp!(File.extname(lib))
|
797
|
+
begin
|
798
|
+
if cond_require lib
|
799
|
+
puts "requiring #{lib}" if $options[:verbose]
|
800
|
+
end
|
801
|
+
rescue Exception => e
|
802
|
+
end
|
803
|
+
end
|
804
|
+
end
|
805
|
+
end
|
806
|
+
end
|
807
|
+
end
|
808
|
+
|
688
809
|
|
689
810
|
|
690
811
|
|
@@ -702,16 +823,6 @@ module Veracode
|
|
702
823
|
puts
|
703
824
|
end
|
704
825
|
|
705
|
-
if $options[:disasm]
|
706
|
-
rbfiles = File.join("**", "*.rb")
|
707
|
-
Dir[rbfiles].each do |f|
|
708
|
-
puts RubyVM::InstructionSequence.compile_file(f).disasm
|
709
|
-
puts
|
710
|
-
end
|
711
|
-
exit
|
712
|
-
end
|
713
|
-
|
714
|
-
prepare_archive
|
715
826
|
|
716
827
|
################################################################
|
717
828
|
## phase 1 - Create baseline
|
@@ -720,10 +831,6 @@ module Veracode
|
|
720
831
|
puts "Phase 1 - Initial State" if $options[:verbose]
|
721
832
|
self.stats if $options[:verbose]
|
722
833
|
|
723
|
-
if $options[:phase1]
|
724
|
-
puts "Processing and disassembling Ruby standard classes and modules"
|
725
|
-
archive(@modules)
|
726
|
-
end
|
727
834
|
## /phase 1 - Create baseline
|
728
835
|
################################################################
|
729
836
|
|
@@ -734,10 +841,7 @@ module Veracode
|
|
734
841
|
|
735
842
|
puts "Phase 2 - Load Rails" if $options[:verbose]
|
736
843
|
begin
|
737
|
-
require "rails"
|
738
|
-
require 'action_controller'
|
739
|
-
require 'action_view'
|
740
|
-
require 'active_record'
|
844
|
+
require "rails/all"
|
741
845
|
rescue Exception => e
|
742
846
|
puts "Unable to require rails: #{e.message}"
|
743
847
|
log_error "Unable to require rails: #{e.message}"
|
@@ -746,26 +850,6 @@ module Veracode
|
|
746
850
|
puts "Required rails" if $options[:verbose]
|
747
851
|
end
|
748
852
|
|
749
|
-
self.update
|
750
|
-
|
751
|
-
self.stats if $options[:verbose]
|
752
|
-
|
753
|
-
if $options[:phase2]
|
754
|
-
puts "Processing and disassembling Rails classes and modules"
|
755
|
-
archive(@modules)
|
756
|
-
end
|
757
|
-
|
758
|
-
self.rebaseline
|
759
|
-
## /phase 2 - Require rails
|
760
|
-
################################################################
|
761
|
-
|
762
|
-
|
763
|
-
|
764
|
-
################################################################
|
765
|
-
# phase 3 - require app
|
766
|
-
|
767
|
-
puts "Phase 3 - Imitate Rails" if $options[:verbose]
|
768
|
-
|
769
853
|
## Imitate script/rails
|
770
854
|
# APP_PATH = File.expand_path('config/application')
|
771
855
|
# APP_PATH is already set in bin/veracode
|
@@ -779,7 +863,7 @@ module Veracode
|
|
779
863
|
# require 'rails/commands'
|
780
864
|
|
781
865
|
## Imitate rails/commands when console
|
782
|
-
|
866
|
+
cond_require 'rails/commands/console.rb'
|
783
867
|
# require APP_PATH # => config/application.rb
|
784
868
|
|
785
869
|
glob_require "config/application.rb"
|
@@ -790,32 +874,66 @@ module Veracode
|
|
790
874
|
|
791
875
|
# Imitate Rails::Console.initialize_console
|
792
876
|
# require "pp"
|
793
|
-
|
794
|
-
|
877
|
+
cond_require "rails/console/app.rb"
|
878
|
+
cond_require "rails/console/helpers.rb"
|
795
879
|
|
796
|
-
|
797
|
-
|
798
|
-
|
799
|
-
|
880
|
+
if $options[:environment]
|
881
|
+
@stdlib = $:
|
882
|
+
@gemdir = Gem.dir
|
883
|
+
|
884
|
+
require_libs(@stdlib)
|
885
|
+
require_rails(@gemdir)
|
886
|
+
end
|
887
|
+
|
888
|
+
self.rebaseline
|
889
|
+
|
890
|
+
self.stats if $options[:verbose]
|
891
|
+
|
892
|
+
## /phase 2 - Require rails
|
893
|
+
################################################################
|
894
|
+
|
895
|
+
|
896
|
+
|
897
|
+
################################################################
|
898
|
+
# phase 3 - require app
|
899
|
+
|
900
|
+
puts "Phase 3 - Imitate Rails" if $options[:verbose]
|
901
|
+
|
902
|
+
any_new = true
|
903
|
+
while any_new
|
904
|
+
any_new = false
|
905
|
+
any_new |= glob_require "lib/**/*.rb"
|
906
|
+
any_new |= glob_require "app/**/*.rb"
|
907
|
+
puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
|
908
|
+
end
|
800
909
|
|
801
910
|
compile_templates
|
802
911
|
|
803
912
|
self.update
|
804
913
|
self.stats if $options[:verbose]
|
805
914
|
|
806
|
-
|
807
|
-
|
915
|
+
# Ensure compiled templates are fully disassembled in archive
|
916
|
+
@baseline_modules.delete(ActionView::CompiledTemplates)
|
917
|
+
|
918
|
+
if $options[:environment]
|
919
|
+
puts "Processing and disassembling environment"
|
920
|
+
archive(@modules.reject {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
|
921
|
+
.reject {|o| safe_name(o) =~ /^Veracode/ }
|
922
|
+
.reject {|o| safe_name(o) =~ /^EmptyRails/ }
|
923
|
+
.reject {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
|
924
|
+
else
|
925
|
+
puts "Processing Ruby and Rails classes and modules"
|
808
926
|
archive(@baseline_modules, false)
|
927
|
+
add_to_archive "\n# Phase 3 - App disassembly\n"
|
928
|
+
puts "Processing and disassembling #{APP_NAME} classes and modules"
|
809
929
|
archive(@modules - @baseline_modules, true)
|
930
|
+
archive_schema
|
810
931
|
end
|
811
932
|
|
812
|
-
archive_schema
|
813
|
-
|
814
933
|
## /phase 3 - require app
|
815
934
|
################################################################
|
816
935
|
|
817
936
|
finalize_archive
|
818
|
-
|
819
937
|
pack_manifest
|
820
938
|
cleanup
|
821
939
|
|
data/lib/veracode/gems.rb
CHANGED
@@ -25,24 +25,25 @@ module Veracode
|
|
25
25
|
|
26
26
|
begin
|
27
27
|
File.open(@gems_filename, "wb") {|gems_file|
|
28
|
-
gems_file.puts '<
|
28
|
+
gems_file.puts '<messages>'
|
29
29
|
gems.each {|gem|
|
30
30
|
gems_file << <<GEMS_XML
|
31
|
-
<
|
31
|
+
<message>
|
32
32
|
<platform>ruby</platform>
|
33
33
|
<name>#{gem}</name>
|
34
|
+
<detailed_message>#{gem}</detailed_message>
|
34
35
|
<token>#{gem}</token>
|
35
36
|
<package>rubygem.#{gem}</package>
|
36
37
|
<errorlevel>#{(SupportedGems.include?(gem) ? "info" : "warn" )}</errorlevel>
|
37
38
|
<type>framework_unsupported</type>
|
38
|
-
</
|
39
|
+
</message>
|
39
40
|
GEMS_XML
|
40
41
|
}
|
41
|
-
gems_file.puts '</
|
42
|
+
gems_file.puts '</messages>'
|
42
43
|
}
|
43
44
|
rescue Exception => e
|
44
45
|
log_error "Unable to write to gem list to file #{@gems_filename}: #{e.message}"
|
45
46
|
end
|
46
47
|
|
47
48
|
end
|
48
|
-
end
|
49
|
+
end
|
data/lib/veracode/schema.rb
CHANGED
@@ -1,61 +1,79 @@
|
|
1
1
|
module Veracode
|
2
2
|
module ActiveRecord
|
3
3
|
class Model
|
4
|
+
|
4
5
|
attr_reader :name, :attributes
|
6
|
+
|
5
7
|
def initialize(name)
|
6
8
|
@name = name
|
7
9
|
@attributes = Array.new
|
8
10
|
end
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
@attributes << [name, :date]
|
17
|
-
end
|
18
|
-
def datetime(name, *rest)
|
19
|
-
@attributes << [name, :datetime]
|
20
|
-
end
|
21
|
-
def decimal(name, *rest)
|
22
|
-
@attributes << [name, :decimal]
|
23
|
-
end
|
24
|
-
def float(name, *rest)
|
25
|
-
@attributes << [name, :float]
|
26
|
-
end
|
27
|
-
def integer(name, *rest)
|
28
|
-
@attributes << [name, :integer]
|
29
|
-
end
|
30
|
-
def primary_key(name, *rest)
|
31
|
-
@attributes << [name, :primary_key]
|
32
|
-
end
|
33
|
-
def string(name, *rest)
|
34
|
-
@attributes << [name, :string]
|
35
|
-
end
|
36
|
-
def text(name, *rest)
|
37
|
-
@attributes << [name, :text]
|
38
|
-
end
|
39
|
-
def time(name, *rest)
|
40
|
-
@attributes << [name, :time]
|
41
|
-
end
|
42
|
-
def timestamp(name, *rest)
|
43
|
-
@attributes << [name, :timestamp]
|
11
|
+
|
12
|
+
%w(
|
13
|
+
binary boolean date datetime decimal float integer primary_key string text time timestamp
|
14
|
+
).map(&:to_sym).each do |meth|
|
15
|
+
define_method(meth) do |name, *rest|
|
16
|
+
@attributes << [name, meth]
|
17
|
+
end
|
44
18
|
end
|
19
|
+
|
45
20
|
end
|
46
21
|
|
47
22
|
class Schema
|
23
|
+
|
48
24
|
def self.define(info={}, &block)
|
49
25
|
Schema.new.instance_eval(&block)
|
50
26
|
end
|
27
|
+
|
51
28
|
def create_table(name, options={})
|
52
29
|
td = Model.new(name)
|
53
30
|
td.integer('id')
|
54
31
|
yield td if block_given?
|
55
32
|
Veracode.add_to_archive Veracode.format_variable("@@#{td.name}", td.attributes, 'class')
|
56
33
|
end
|
57
|
-
|
58
|
-
|
34
|
+
|
35
|
+
# ActiveRecord::ConnectionAdapters::SchemaStatements
|
36
|
+
# http://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/SchemaStatements.html
|
37
|
+
def add_column(table_name, column_name, type, options = {}) ; end
|
38
|
+
def add_index(table_name, column_name, options = {}) ; end
|
39
|
+
def add_index_options(table_name, column_name, options = {}) ; end
|
40
|
+
def add_index_sort_order(option_strings, column_names, options = {}) ; end
|
41
|
+
def add_timestamps(table_name) ; end
|
42
|
+
|
43
|
+
# ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt
|
44
|
+
# http://rubydoc.info/gems/activerecord-oracle_enhanced-adapter/ActiveRecord/ConnectionAdapters/OracleEnhancedSchemaStatementsExt
|
45
|
+
def add_foreign_key(from_table, to_table, options = {})
|
46
|
+
Veracode::log_error "schema.rb: ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt#add_foreign_key called"
|
47
|
+
end
|
48
|
+
def add_primary_key_trigger(table_name, options = {})
|
49
|
+
Veracode::log_error "schema.rb: ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt#add_primary_key_trigger called"
|
50
|
+
end
|
51
|
+
def add_synonym(name, table_name, options = {})
|
52
|
+
Veracode::log_error "schema.rb: ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt#add_synonym called"
|
53
|
+
end
|
54
|
+
# def disable_referential_integrity(&block) ; end
|
55
|
+
# def foreign_key_definition(to_table, options = {}) ; end
|
56
|
+
# def foreign_keys(table_name) ; end
|
57
|
+
# def remove_foreign_key(from_table, options) ; end
|
58
|
+
# def remove_synonym(name) ; end
|
59
|
+
# def supports_foreign_keys? ; end
|
60
|
+
# def synonyms ; end
|
61
|
+
|
62
|
+
# TODO: Return only if real receiver would respond to method
|
63
|
+
# def method_missing(meth, *args, &block)
|
64
|
+
# if ActiveRecord::ConnectionAdapters::AbstractAdapter.instance_methods.include?(meth)
|
65
|
+
# log_error "Unhandled method: #{meth} args: #{args.to_s}"
|
66
|
+
# nil
|
67
|
+
# else
|
68
|
+
# super
|
69
|
+
# end
|
70
|
+
# end
|
71
|
+
# def respond_to_everything(meth)
|
72
|
+
# log_error "Unhandled respond_to? for: #{meth}" unless really_respond_to?(meth)
|
73
|
+
# true
|
74
|
+
# end
|
75
|
+
# alias_method :really_respond_to?, :respond_to?
|
76
|
+
# alias_method :respond_to?, :respond_to_everything
|
59
77
|
end
|
60
78
|
end
|
61
79
|
|
@@ -67,17 +85,20 @@ module Veracode
|
|
67
85
|
schema = 'Veracode::' + File.read(schema_file).each_line.reject {|l| l =~ /^\s*#/}.join
|
68
86
|
rescue Exception => e
|
69
87
|
puts "Unable to retrieve schema information from 'db/schema.rb'. Are your migrations up to date?"
|
70
|
-
log_error "Unable to
|
88
|
+
log_error "Unable to retrieve schema from 'db/schema.rb' (#{e.message})"
|
89
|
+
add_to_archive %Q|module "Veracode::Schema"\n|
|
90
|
+
add_to_archive %Q|endmodule\n\n|
|
91
|
+
return
|
71
92
|
end
|
72
|
-
|
93
|
+
|
94
|
+
add_to_archive %Q|module "Veracode::Schema"\n|
|
73
95
|
begin
|
74
|
-
add_to_archive %Q|module "Veracode::Schema"\n|
|
75
96
|
eval(schema)
|
76
|
-
add_to_archive %Q|endmodule\n\n|
|
77
97
|
rescue Exception => e
|
78
98
|
puts "Unable to evaluate schema information from 'db/schema.rb'. (#{e.message})"
|
79
99
|
log_error "Unable to evaluate 'db/schema.rb' (#{e.message})"
|
80
100
|
end
|
101
|
+
add_to_archive %Q|endmodule\n\n|
|
81
102
|
end
|
82
103
|
|
83
|
-
end
|
104
|
+
end
|
data/lib/veracode/version.rb
CHANGED
metadata
CHANGED
@@ -1,27 +1,29 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: veracode
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.0.
|
5
|
-
prerelease: 6
|
4
|
+
version: 1.0.0.alpha8
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Veracode
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date:
|
11
|
+
date: 2016-06-23 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: rubyzip
|
16
|
-
requirement:
|
17
|
-
none: false
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
18
16
|
requirements:
|
19
|
-
- -
|
17
|
+
- - ">="
|
20
18
|
- !ruby/object:Gem::Version
|
21
|
-
version: '0'
|
19
|
+
version: '1.0'
|
22
20
|
type: :runtime
|
23
21
|
prerelease: false
|
24
|
-
version_requirements:
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.0'
|
25
27
|
description: Prepares your Ruby on Rails app for submission to Veracode.
|
26
28
|
email: devcontact@veracode.com
|
27
29
|
executables:
|
@@ -36,27 +38,27 @@ files:
|
|
36
38
|
- lib/veracode/version.rb
|
37
39
|
homepage: http://veracode.com/
|
38
40
|
licenses: []
|
41
|
+
metadata: {}
|
39
42
|
post_install_message:
|
40
43
|
rdoc_options: []
|
41
44
|
require_paths:
|
42
45
|
- lib
|
43
46
|
required_ruby_version: !ruby/object:Gem::Requirement
|
44
|
-
none: false
|
45
47
|
requirements:
|
46
|
-
- -
|
48
|
+
- - ">="
|
47
49
|
- !ruby/object:Gem::Version
|
48
50
|
version: 1.9.3.0
|
49
51
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
50
|
-
none: false
|
51
52
|
requirements:
|
52
|
-
- -
|
53
|
+
- - ">"
|
53
54
|
- !ruby/object:Gem::Version
|
54
55
|
version: 1.3.1
|
55
56
|
requirements: []
|
56
57
|
rubyforge_project:
|
57
|
-
rubygems_version:
|
58
|
+
rubygems_version: 2.6.3
|
58
59
|
signing_key:
|
59
|
-
specification_version:
|
60
|
+
specification_version: 4
|
60
61
|
summary: Command line tool for preparing your Ruby on Rails app for submission to
|
61
62
|
Veracode
|
62
63
|
test_files: []
|
64
|
+
has_rdoc:
|