veracode 1.0.0.alpha6 → 1.0.0.alpha7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 902b115fab8cb21e15a5bd54aef3246f5380de49
-  data.tar.gz: ca13044ad546a545134ed74b7b7a3a0504329e47
+  metadata.gz: e57a698db0528192fcbd096c38cb4236ef54869f
+  data.tar.gz: f4b1f130125636850f94bddd03356b35ab6678f6
 SHA512:
-  metadata.gz: 2268ae1531eedcc77c9b21b77d544c06c6a1f8b10f74504b9c616a092a6d95c2966e8f98188d1f40fbba87eb9701511268a9b614c5f2a35911f0c41630770b47
-  data.tar.gz: 66bc411b52c53ff87c5958eb9a6c2dd1b66048d3d5fa3e2beca07798476eb9899fcb0385cf857fbd20a1e48493394a919729de0560efe47fe26d2867ed70c35c
+  metadata.gz: cbfc1cfc6c98a2dde96540a8f5c2f05baa01f4076e3204c49edcec5db86db752f641bb923b5f998a85e65fabe45cd1b0e05ac5074acdb71658315b1c8459f02c
+  data.tar.gz: 0935f7c827279516a28e56068e9b00c45c214484316f38e85ab618810dfa29811d368498a0822b8705a92bf22322946645e0bf9873e502db7f032fb294ba3665

data/bin/veracode

@@ -16,12 +16,10 @@ require 'veracode'
 require 'veracode/version'
 
 $options =  {
-              :phase1 => false, 
-              :phase2 => false, 
-              :phase3 => true,
               :archive_source => true,
               :include_inherited => false,
               :jruby => false,
+              :environment => false,
             }
 
 subcommand = ARGV.shift
@@ -34,22 +32,13 @@ case subcommand
         $options[:verbose] = true
       end
 
-      opts.on("-a", "--all", "Archive objects at all stages") do
-        $options[:phase1] = true
-        $options[:phase2] = true
-      end
-
-      opts.on("-f", "--file", "Disassemble .rb files") do
-        $options[:disasm] = true
-      end
-
       opts.on("-j", "--jruby", "Force JRuby mode") do
         $options[:jruby] = true
       end
 
-      opts.on("--[no-]source", "[Don't] Include source code in archive") do |s|
-        $options[:archive_source] = s
-      end
+      # opts.on("--[no-]source", "[Don't] Include source code in archive") do |s|
+      #   $options[:archive_source] = s
+      # end
 
       opts.on("-D", "--debug", "Enable debug output") do
         $DEBUG = true
@@ -73,6 +62,23 @@ case subcommand
                     "       #{opts.program_name} help"
     end.parse!
 
+  when "environment", "env"
+    $options[:environment] = true
+
+    OptionParser.new do |opts|
+      opts.banner = "Usage: veracode environment [options]"
+
+      opts.on("-v", "--verbose", "Run verbosely") do
+        $options[:verbose] = true
+      end
+
+      opts.on("-D", "--debug", "Enable debug output") do
+        $DEBUG = true
+      end
+
+    end.parse!
+    Veracode.prepare
+
   else
     $stderr.puts "#{subcommand.dump} is not a valid subcommand"
 

data/lib/veracode.rb

@@ -36,6 +36,7 @@ module Veracode
   @archive_filename = nil
   @archive_dirname = nil
 
+
   def self.init
     @run_id = Time.now.strftime("%Y%m%d%H%M%S")
     @archive_dirname = File.join("tmp","veracode-#{@run_id}")
@@ -152,28 +153,47 @@ module Veracode
         }
       }
     rescue Exception => e
-      log_error e.message
-      $stderr.puts "Unable to write manifest file #{@manifest_filename}: #{e.message}"
+      log_error "Unable to write manifest file #{@manifest_filename}: #{e.message}"
+      puts "Unable to write manifest file #{@manifest_filename}: #{e.message}"
     end
 
     @errorlog.flush
 
     begin
-      Zip::File.open(@archive_filename, Zip::File::CREATE) { |zf|
-        @manifest.each {|file|
-
-          if file.start_with?(@archive_dirname)
-            name_in_archive = file.sub(/^#{@archive_dirname + File::SEPARATOR}/,"")          
-          else
-            name_in_archive = File.join(APP_NAME, file)
-          end        
-
-          puts "Adding #{file} to archive as #{name_in_archive}" if $options[:verbose]
-          zf.add(name_in_archive, file)
+      if Gem.loaded_specs.keys.include?("zipruby")
+        log_error "zipruby gem detected, using it instead of rubyzip for creating archive"
+        @errorlog.flush
+        Zip::Archive.open(@archive_filename, Zip::CREATE) { |ar|
+          @manifest.each { |file|
+
+            if file.start_with?(@archive_dirname)
+              name_in_archive = file.sub(/^#{@archive_dirname + File::SEPARATOR}/,"")
+            else
+              name_in_archive = File.join(APP_NAME, file)
+            end        
+
+            puts "Adding #{file} to archive as #{name_in_archive}" if $options[:verbose]
+            ar.add_file(name_in_archive, file)
+          }
+        }
+      else
+        Zip::File.open(@archive_filename, Zip::File::CREATE) { |zf|
+          @manifest.each { |file|
+
+            if file.start_with?(@archive_dirname)
+              name_in_archive = file.sub(/^#{@archive_dirname + File::SEPARATOR}/,"")
+            else
+              name_in_archive = File.join(APP_NAME, file)
+            end        
+
+            puts "Adding #{file} to archive as #{name_in_archive}" if $options[:verbose]
+            zf.add(name_in_archive, file)
+          }
         }
-      }      
+      end
     rescue Exception => e
-      $stderr.puts "Unable to create archive #{@manifest_filename}: #{e.message}"
+      log_error "Unable to create archive #{@manifest_filename}: #{e.message}"
+      puts "Unable to create archive #{@manifest_filename}: #{e.message}"
       exit
     end
 
@@ -233,20 +253,24 @@ module Veracode
 
   def self.glob_require(files)
     any_new = false
+    total, count = 0, 0
     Dir.glob(files) do |f|
       print "Requiring #{f.to_s} " if $options[:verbose]
       
       begin
-        any_new |= cond_require File.expand_path(f)
+        required = require File.expand_path(f)
       rescue Exception => e
         puts "(failed: #{e.message})" if $options[:verbose]
         log_error "Unable to require #{File.expand_path(f).to_s.dump} (#{e.message})"
       else
-        puts "(OK)" if $options[:verbose]
+        puts "(OK: #{(required ? "required" : "already required")})" if $options[:verbose]
       end
-
+      any_new |= required
+      total += 1
+      count += 1 if required
     end
-    return any_new
+    puts "#{count}/#{total} files were required" if $options[:verbose]
+    any_new
   end
 
   def self.safe_name(o)
@@ -254,7 +278,11 @@ module Veracode
     when o == ActiveSupport::TimeWithZone
       "ActiveSupport::TimeWithZone"
     when o.is_a?(Module)
-      ( o.name.nil? ? o.to_s : o.name )
+      begin
+        ( o.name.nil? ? o.to_s : o.name.to_s )
+      rescue
+        o.to_s
+      end
     when o.is_a?(Method), o.is_a?(UnboundMethod)
       o.name.to_s
     else
@@ -319,7 +347,13 @@ module Veracode
   def self.prepare_archive
     @disasmlog = Zlib::GzipWriter.new(File.open(@disasmlog_filename, "wb"), nil, nil)
     @disasmlog.puts "#{RUBY_ENGINE}-#{RUBY_VERSION}-p#{RUBY_PATCHLEVEL}"
-    @disasmlog.puts "# " + `rails --version`.chomp
+    if $options[:environment]
+      @disasmlog.puts "# EnvironmentDef %s-%s_rails-%s" % [RUBY_ENGINE, RUBY_VERSION, Rails.version]
+    else
+      @disasmlog.puts "# Environment %s-%s_rails-%s" % [RUBY_ENGINE, RUBY_VERSION, Rails.version]
+    end
+    @disasmlog.puts "# Ruby #{RUBY_ENGINE}-#{RUBY_VERSION}"
+    @disasmlog.puts "# Rails #{Rails.version}"
     @disasmlog.puts
   end
 
@@ -396,7 +430,7 @@ module Veracode
         m.included_modules.map {|m| "include #{m.inspect.dump}\n" }.join : 
         ""
     ) + 
-    ( m.singleton_class.included_modules.count > 0 ? 
+    ( m.respond_to?(:singleton_class) && m.singleton_class.included_modules.count > 0 ? 
         m.singleton_class.included_modules.map {|m| "extend #{m.inspect.dump}\n" }.join : 
         ""
     )
@@ -432,17 +466,20 @@ module Veracode
       end
     end
 
-    if m.respond_to?(:global_variables)
-      m.global_variables.each do |v_symbol|
-        begin
-          v = eval(v_symbol.to_s)
-          formatted_contents += format_variable(v_symbol, v, "global")
-        rescue Exception => e
-          log_error "Error archiving global variable #{v_symbol.to_s.dump}: #{e.message}"
-          formatted_contents += format_variable(v_symbol, :veracode_nil, "global")
-        end
-        
+    begin
+      if m == Kernel
+        m.global_variables.each do |v_symbol|
+          begin
+            v = eval(v_symbol.to_s)
+            formatted_contents += format_variable(v_symbol, v, "global")
+          rescue Exception => e
+            log_error "Error archiving global variable #{v_symbol.to_s.dump}: #{e.message}"
+            formatted_contents += format_variable(v_symbol, :veracode_nil, "global")
+          end
+        end        
       end
+    rescue Exception => e
+      # m.respond_to?(:global_variables) was throwing exceptions
     end
 
     %w[ public protected private ].each {|p|
@@ -706,7 +743,7 @@ module Veracode
 
   end
 
-    def self.require_libs(lib_paths)
+  def self.require_libs(lib_paths)
     for lib_path in lib_paths
       dirsToProcess = [Pathname(lib_path)]
       until dirsToProcess.count == 0 || !Dir.exists?(dirsToProcess[0])
@@ -714,50 +751,52 @@ module Veracode
         for child in currentDir.children
           if child.directory?
             dirsToProcess[dirsToProcess.count] = child
-	    base = child.to_s.partition("#{lib_path}/")[2]
+            base = child.to_s.partition("#{lib_path}/")[2]
             lib = ""
             for part in base.split('/').reverse
               lib = "#{part}/#{lib}"
               lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
-              begin
-                if cond_require lib
-                  puts "requiring #{lib}" if $options[:verbose]
-		end
-              rescue Exception => e
+            begin
+              if cond_require lib
+                puts "requiring #{lib}" if $options[:verbose]
               end
-	    end
+            rescue Exception => e
+            end
           end
         end
       end
     end
   end
-  
-  def self.require_rails(gemdir)
-    dirsToProcess = [Pathname(gemdir)]
-    until dirsToProcess.count == 0
-      currentDir = dirsToProcess.delete_at(0)
-      for child in currentDir.children
-        if child.directory?
-          dirsToProcess[dirsToProcess.count] = child
-        end
-        base = child.to_s.partition("#{gemdir}/")[2]
-        if base.index("action_controller") != nil || base.index("action_view") != nil || base.index("active_record") != nil
-	  lib = ""
-  	  for part in base.split('/').reverse
-  	    lib = "#{part}/#{lib}"
-	    lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
-	    lib.chomp!(File.extname(lib))
-	    begin
-	      if cond_require lib
-	        puts "requiring #{lib}" if $options[:verbose]
-	      end
-	    rescue Exception => e
-	    end
-	  end
+end
+
+def self.require_rails(gemdir)
+  dirsToProcess = [Pathname(gemdir)]
+  until dirsToProcess.count == 0
+    currentDir = dirsToProcess.delete_at(0)
+    for child in currentDir.children
+      if child.directory?
+        dirsToProcess[dirsToProcess.count] = child
+      end
+      base = child.to_s.partition("#{gemdir}/")[2]
+      if base.index("action_controller") != nil || base.index("action_view") != nil || base.index("active_record") != nil
+        lib = ""
+        for part in base.split('/').reverse
+          lib = "#{part}/#{lib}"
+          lib = lib[0..lib.length-2] if lib[lib.length-1] == '/'
+          lib.chomp!(File.extname(lib))
+          begin
+            if cond_require lib
+              puts "requiring #{lib}" if $options[:verbose]
+            end
+          rescue Exception => e
+          end
         end
       end
     end
   end
+end
+
+
 
 
 ################################################################################
@@ -774,16 +813,6 @@ module Veracode
       puts
     end
 
-    if $options[:disasm]
-      rbfiles = File.join("**", "*.rb")
-      Dir[rbfiles].each do |f|
-        puts RubyVM::InstructionSequence.compile_file(f).disasm
-        puts
-      end
-      exit
-    end
-
-    prepare_archive
 
     ################################################################
     ## phase 1 - Create baseline
@@ -792,10 +821,6 @@ module Veracode
     puts "Phase 1 - Initial State" if $options[:verbose]
     self.stats if $options[:verbose]
     
-    if $options[:phase1]
-      puts "Processing and disassembling Ruby standard classes and modules"
-      archive(@modules)
-    end
     ## /phase 1 - Create baseline
     ################################################################
 
@@ -806,59 +831,54 @@ module Veracode
 
     puts "Phase 2 - Load Rails" if $options[:verbose]
     begin
-      cond_require "rails"
-      cond_require 'action_controller'
-      cond_require 'action_view'
-      cond_require 'active_record'
+      require "rails/all"
     rescue Exception => e
       puts "Unable to require rails: #{e.message}"
       log_error "Unable to require rails: #{e.message}"
       exit
     else
+      puts "Required rails" if $options[:verbose]
+    end
+
+    ## Imitate script/rails
+    # APP_PATH = File.expand_path('config/application')
+      # APP_PATH is already set in bin/veracode
+    #require File.expand_path('../../config/boot',  __FILE__)
+      glob_require "config/boot.rb"
+    #require 'rails/commands'
+      # this will trigger the console to be launched
+      # ARGV.clear
+      # ARGV << 'console'
+      # ARGV << '--sandbox'
+      # require 'rails/commands'
+
+    ## Imitate rails/commands when console
+    cond_require 'rails/commands/console.rb'
+    # require APP_PATH # => config/application.rb
+
+    glob_require "config/application.rb"
+
+    Rails.application.require_environment! unless $options[:jruby]
+    # Following line will actually kick off IRB
+    # Rails::Console.start(Rails.application)
+    
+    # Imitate Rails::Console.initialize_console
+    # require "pp"
+    cond_require "rails/console/app.rb"
+    cond_require "rails/console/helpers.rb"
+
+    if $options[:environment]
       @stdlib = $:
       @gemdir = Gem.dir
 
-      ## Imitate script/rails
-      # APP_PATH = File.expand_path('config/application')
-        # APP_PATH is already set in bin/veracode
-      #require File.expand_path('../../config/boot',  __FILE__)
-        glob_require "config/boot.rb"
-      #require 'rails/commands'
-        # this will trigger the console to be launched
-        # ARGV.clear
-        # ARGV << 'console'
-        # ARGV << '--sandbox'
-        # require 'rails/commands'
-
-      ## Imitate rails/commands when console
-      glob_require 'rails/commands/console'
-      # require APP_PATH # => config/application.rb
-
-      glob_require "config/application.rb"
-
-      Rails.application.require_environment! unless $options[:jruby]
-      begin
-        cond_require 'sass'
-        cond_require 'sass/rails/importer'
-        cond_require 'multi_json/adapters/json_gem'
-      rescue Exception => e
-      end
-    
       require_libs(@stdlib)
       require_rails(@gemdir)
-      puts "Required rails" if $options[:verbose]
     end
 
-    self.update
+    self.rebaseline
 
     self.stats if $options[:verbose]
 
-    if $options[:phase2]
-      puts "Processing and disassembling Rails classes and modules"
-      archive(@modules)
-    end
-    
-    self.rebaseline
     ## /phase 2 - Require rails
     ################################################################
     
@@ -868,19 +888,14 @@ module Veracode
     # phase 3 - require app
 
     puts "Phase 3 - Imitate Rails" if $options[:verbose]
-    # Following line will actually kick off IRB
-    # Rails::Console.start(Rails.application)
-    
-    # Imitate Rails::Console.initialize_console
-    # require "pp"
-    glob_require "rails/console/app"
-    glob_require "rails/console/helpers"
 
-    glob_require "lib/**/*.rb"
-    glob_require "app/models/**/*.rb"
-    glob_require "app/helpers/**/*.rb"
-    glob_require "app/controllers/application_controller.rb"
-    glob_require "app/controllers/**/*.rb"
+    any_new = true
+    while any_new
+      any_new = false
+      any_new |= glob_require "lib/**/*.rb"
+      any_new |= glob_require "app/**/*.rb"
+      puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
+    end
 
     compile_templates
 
@@ -890,19 +905,25 @@ module Veracode
     # Ensure compiled templates are fully disassembled in archive
     @baseline_modules.delete(ActionView::CompiledTemplates)
 
-    if $options[:phase3]
-      puts "Processing and disassembling #{APP_NAME} classes and modules"
+    if $options[:environment]
+      puts "Processing and disassembling environment"
+      archive(@modules.reject  {|o| safe_name(o) =~ /^#<(Class|Module):0x[0-9a-f]+>/i }
+                      .reject  {|o| safe_name(o) =~ /^Veracode/ }
+                      .reject  {|o| safe_name(o) =~ /^EmptyRails/ }
+                      .reject  {|o| safe_name(o) =~ /^ActionView::CompiledTemplates$/ }, false)
+    else
+      puts "Processing Ruby and Rails classes and modules"
       archive(@baseline_modules, false)
+      add_to_archive "\n# Phase 3 - App disassembly\n"
+      puts "Processing and disassembling #{APP_NAME} classes and modules"
       archive(@modules - @baseline_modules, true)
+      archive_schema
     end
 
-    archive_schema
-
     ## /phase 3 - require app
     ################################################################
 
     finalize_archive
-
     pack_manifest
     cleanup
 

data/lib/veracode/schema.rb

@@ -1,61 +1,79 @@
 module Veracode
   module ActiveRecord
     class Model
+
       attr_reader :name, :attributes
+
       def initialize(name)
         @name = name
         @attributes = Array.new
       end
-      def binary(name, *rest)
-        @attributes << [name, :binary]
-      end
-      def boolean(name, *rest)
-        @attributes << [name, :boolean]
-      end
-      def date(name, *rest)
-        @attributes << [name, :date]
-      end
-      def datetime(name, *rest)
-        @attributes << [name, :datetime]
-      end
-      def decimal(name, *rest)
-        @attributes << [name, :decimal]
-      end
-      def float(name, *rest)
-        @attributes << [name, :float]
-      end
-      def integer(name, *rest)
-        @attributes << [name, :integer]
-      end
-      def primary_key(name, *rest)
-        @attributes << [name, :primary_key]
-      end
-      def string(name, *rest)
-        @attributes << [name, :string]
-      end
-      def text(name, *rest)
-        @attributes << [name, :text]
-      end
-      def time(name, *rest)
-        @attributes << [name, :time]
-      end
-      def timestamp(name, *rest)
-        @attributes << [name, :timestamp]
+
+      %w(
+         binary boolean date datetime decimal float integer primary_key string text time timestamp
+      ).map(&:to_sym).each do |meth|
+        define_method(meth) do |name, *rest|
+          @attributes << [name, meth]
+        end
       end
+
     end
 
     class Schema
+
       def self.define(info={}, &block)
         Schema.new.instance_eval(&block)
       end
+
       def create_table(name, options={})
         td = Model.new(name)
         td.integer('id')
         yield td if block_given?
         Veracode.add_to_archive Veracode.format_variable("@@#{td.name}", td.attributes, 'class')
       end
-      def add_index(table_name, column_name, options = {})
-      end
+
+      # ActiveRecord::ConnectionAdapters::SchemaStatements
+      # http://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/SchemaStatements.html
+      def add_column(table_name, column_name, type, options = {}) ; end
+      def add_index(table_name, column_name, options = {}) ; end
+      def add_index_options(table_name, column_name, options = {}) ; end
+      def add_index_sort_order(option_strings, column_names, options = {}) ; end
+      def add_timestamps(table_name) ; end
+
+      # ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt
+      # http://rubydoc.info/gems/activerecord-oracle_enhanced-adapter/ActiveRecord/ConnectionAdapters/OracleEnhancedSchemaStatementsExt
+      def add_foreign_key(from_table, to_table, options = {})
+        Veracode::log_error "schema.rb: ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt#add_foreign_key called"
+      end
+      def add_primary_key_trigger(table_name, options = {})
+        Veracode::log_error "schema.rb: ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt#add_primary_key_trigger called"
+      end
+      def add_synonym(name, table_name, options = {})
+        Veracode::log_error "schema.rb: ActiveRecord::ConnectionAdapters::OracleEnhancedSchemaStatementsExt#add_synonym called"
+      end
+      # def disable_referential_integrity(&block) ; end
+      # def foreign_key_definition(to_table, options = {}) ; end
+      # def foreign_keys(table_name) ; end
+      # def remove_foreign_key(from_table, options) ; end
+      # def remove_synonym(name) ; end
+      # def supports_foreign_keys? ; end
+      # def synonyms ; end
+
+      # TODO: Return only if real receiver would respond to method
+      # def method_missing(meth, *args, &block)
+      #   if ActiveRecord::ConnectionAdapters::AbstractAdapter.instance_methods.include?(meth)
+      #     log_error "Unhandled method: #{meth} args: #{args.to_s}"
+      #     nil
+      #   else
+      #     super
+      #   end
+      # end
+      # def respond_to_everything(meth)
+      #   log_error "Unhandled respond_to? for: #{meth}" unless really_respond_to?(meth)
+      #   true
+      # end
+      # alias_method :really_respond_to?, :respond_to?
+      # alias_method :respond_to?, :respond_to_everything
     end
   end
 

data/lib/veracode/version.rb

@@ -1,4 +1,4 @@
 module Veracode
-  VERSION = '1.0.0.alpha6'
+  VERSION = '1.0.0.alpha7'
   ARCHIVE_VERSION = '2012-07-04'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: veracode
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha6
+  version: 1.0.0.alpha7
 platform: ruby
 authors:
 - Veracode
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-05 00:00:00.000000000 Z
+date: 2015-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubyzip
@@ -58,7 +58,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.3
+rubygems_version: 2.0.14
 signing_key: 
 specification_version: 4
 summary: Command line tool for preparing your Ruby on Rails app for submission to