veracode 1.0.0 → 1.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32f374241e790d16dcc804e4dd3dbbb754417e0b99afa9a3c2ab9fe80ef6466d
-  data.tar.gz: a10a06a8bb5b5d573808c3f2855e3b7ba9eecf2535f975f13966e755771b9dc0
+  metadata.gz: 2748dd2d1f9ca4ad77e27e5135143f3e310f2b78722d095439126afe3aa5a433
+  data.tar.gz: 6a15bb00abca2f8471d0a535bcd812bd9ae8366e60998b211236981ad5aff5fc
 SHA512:
-  metadata.gz: 66f1e39a03ef77a76bc33febbbe7e7778f3d653f2d76f5eba02c0e93a26e0eacf2e3fecfd14a3281281c6ebcf27330d219ffded199ad56db7c5791658bcb66ff
-  data.tar.gz: b9498b2e70b3b3c3b509937d5001067c9fe710388e7b86ab1a98c607810c41862f932b91d4112530473e412653bd861b687561af8339c662622f69e50efb4017
+  metadata.gz: abd794f9d29c5e9d226af29e0de4425a0beea89677396698e01955043ca0054b964718dc662c7bab6dfdddf3e60f7988fe9dc5e5b7bd494c8846eb0517994b79
+  data.tar.gz: 9132bf0aa6955ca63449dadcd4965e36fda893940f995d652aa59d1f34d5be43506c00c1f2ab89359db7d9212b10c2d3f55a80f99f548438a539339aaef4d7b5

data/bin/veracode

@@ -4,10 +4,10 @@ require 'optparse'
 $:.unshift File.expand_path(File.dirname(__FILE__) + "/../lib")
 $:.unshift Dir.pwd
 
-if File.exists?('Gemfile.lock')
+if File.exist?('Gemfile.lock')
   rails_version = File.open('Gemfile.lock').grep(/^\s*rails\s*\(=\s*[34]/)
 else
-  rails_version = File.exists?("script/rails") #fallback for rails 3.0
+  rails_version = File.exist?("script/rails") #fallback for rails 3.0
 end
 unless rails_version
   $stderr.puts "Current directory #{File.basename(Dir.pwd).dump} does not appear to be a Rails 3/4 application."
@@ -25,7 +25,7 @@ $options =  {
               :include_inherited => false,
               :environment => false,
               :verbose => false,
-              :jruby => false,
+              :skipenvironment => false,
               :skipactiverecord => false,
               :skipactionview => false,
               :skipsprockets => false,
@@ -42,8 +42,8 @@ case subcommand
         $options[:verbose] = true
       end
 
-      opts.on("-j", "--jruby", "Force JRuby mode") do
-        $options[:jruby] = true
+      opts.on("-E", "--skip-environment", "Skip environment") do
+        $options[:skipenvironment] = true
       end
 
       opts.on("-O", "--skip-active-record", "Skip ActiveRecord") do
@@ -70,6 +70,17 @@ case subcommand
         $options[:snapshot] = true
       end
 
+      # only print the options that match the documentation in the help center
+      opts.on("-h", "--help", "Print help") do
+        msg = <<-HELPMSG.strip
+Usage: veracode prepare [options]
+    -v, --verbose                    Run verbosely
+    -D, --debug                      Enable debug output
+        HELPMSG
+        puts msg
+        exit
+      end
+
     end.parse!
 
     Veracode.prepare

data/lib/veracode/version.rb

@@ -1,4 +1,4 @@
 module Veracode
-  VERSION = '1.0.0'
+  VERSION = '1.1.7'
   ARCHIVE_VERSION = '2020-06-29'
 end

data/lib/veracode.rb

@@ -39,7 +39,7 @@ module Veracode
   @expanded_app_dir = Dir.getwd
 
   def self.init
-    if Gem::Dependency.new('', '~> 2.2.0').match?('', RUBY_VERSION)
+    if Gem::Dependency.new('', '~> 2.2.0').match?('', RUBY_VERSION.dup)
       $stderr.puts "Ruby 2.2 is not supported, please consult the compilation guide for all supported Ruby versions"
       exit
     end
@@ -48,7 +48,7 @@ module Veracode
     @archive_dirname = File.join("tmp","veracode-#{@run_id}")
     @required_libs.merge(["pathname", "set", "zlib", "zip/zip", "veracode"])
 
-    if !Dir.exists?("tmp")
+    if !Dir.exist?("tmp")
       begin
         Dir.mkdir("tmp")
       rescue Exception => e
@@ -57,7 +57,7 @@ module Veracode
       end
     end
 
-    while Dir.exists?(@archive_dirname)
+    while Dir.exist?(@archive_dirname)
       @run_id = Time.now.strftime("%Y%m%d%H%M%S")
       @archive_dirname = File.join("tmp","veracode-#{@run_id}")
     end
@@ -184,6 +184,7 @@ module Veracode
           }
         }
       else
+        Zip.write_zip64_support = true
         Zip::File.open(@archive_filename, Zip::File::CREATE) { |zf|
           @manifest.each { |file|
 
@@ -291,17 +292,20 @@ module Veracode
 
   def self.safe_name(o)
     begin
+      restore_original_class_method(o)
       case 
       when o == ActiveSupport::TimeWithZone
         "ActiveSupport::TimeWithZone"
       when o.is_a?(Module)
         begin
           ( o.name.nil? ? o.to_s : o.name.to_s )
-        rescue
+        rescue Exception => e
           begin
+            log_error "Exception rescued trying to call .name on object. Object: #{o.inspect}. Exception: #{e.inspect}"
             ( o.nil? ? "nil" : o.to_s )
-          rescue
-              ( o == nil ? "nil" : o.to_s ) # in case of monkey patched nil?
+          rescue Exception => e
+            log_error "Exception rescued trying to call .nil on object. Object: #{o.inspect}. Exception: #{e.inspect}"
+            ( o == nil ? "nil" : o.to_s ) # in case of monkey patched nil?
           end
         end
       when o.is_a?(Method), o.is_a?(UnboundMethod)
@@ -309,10 +313,28 @@ module Veracode
       else
         o.to_s
       end
-    rescue
+    rescue Exception => e
+      log_error "Exception rescued trying to get safe_name on object. Dropping from archive. Exception: #{e.inspect}"
       "Veracode" #should result in this being dropped from the archive since we can't get a safe name for it
     end
   end
+
+  # Some Ruby devs override the `class` method.
+  # This is bad practice but is still done sometimes.
+  # For example: https://github.com/faker-ruby/faker/blob/v2.2.1/lib/faker/games/heroes_of_the_storm.rb#L11-L13
+  # This messes with our ability to get the class name.
+  # So we detect this and if it is overriden we restore the original method from `Kernel`
+  def self.restore_original_class_method(obj)
+    original_class_method = Kernel.instance_method(:class)
+
+    class_method_owner = obj.method(:class).owner
+
+    if class_method_owner != Kernel
+      obj.define_singleton_method(:class) do
+        original_class_method.bind(self).call
+      end
+    end
+  end
   
   def self.quote(o)
     o.to_s.dump
@@ -488,7 +510,17 @@ module Veracode
 
     formatted_contents = ""
 
-    m.constants($options[:include_inherited]).each do |c_symbol|
+    constants_method = m.method(:constants)
+    original_constants_method = Module.instance_method(:constants)
+  
+    if constants_method != original_constants_method
+      puts "  constants method has been overridden, fall back to original method" if $options[:verbose]
+      constants = original_constants_method.bind(m).call($options[:include_inherited])
+    else
+      constants = m.constants($options[:include_inherited])
+    end
+
+    constants.each do |c_symbol|
       begin
         c = m.const_get(c_symbol) if m.const_defined? c_symbol
         formatted_contents += format_constant(c_symbol, c)
@@ -643,29 +675,33 @@ module Veracode
 
   def self.archive_rails6_templates
     puts "archiving views" if $options[:verbose]
-    o = @view.compiled_method_container
-    compiled_views = o.instance_methods - @view_methods
-    formatted_contents = ""
-    for m_symbol in compiled_views
-      begin
-        m = o.instance_method(m_symbol)
-        formatted_contents += format_method(m, "public_instance", true)
-      rescue Exception => e
-        log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
+    begin
+      o = @view.compiled_method_container
+      compiled_views = o.instance_methods - @view_methods
+      formatted_contents = ""
+      for m_symbol in compiled_views
+        begin
+          m = o.instance_method(m_symbol)
+          formatted_contents += format_method(m, "public_instance", true)
+        rescue Exception => e
+          log_error "Error archiving singleton method #{m_symbol.to_s.dump}: #{e.message}"
+        end
       end
+      # fake the module outpput to match what SAF expects from Rails <= 5
+      add_to_archive "module \"ActionView::CompiledTemplates\"\n" + 
+                    "extend \"ActiveSupport::Dependencies::ModuleConstMissing\"\n" +
+                    "extend \"Module::Concerning\"\n" +
+                    "extend \"ActiveSupport::ToJsonWithActiveSupportEncoder\"\n" +
+                    "extend \"PP::ObjectMixin\"\n" +
+                    "extend \"ActiveSupport::Dependencies::Loadable\"\n" +
+                    "extend \"JSON::Ext::Generator::GeneratorMethods::Object\"\n" +
+                    "extend \"ActiveSupport::Tryable\"\n" +
+                    "extend \"Kernel\"\n" +
+                    formatted_contents +
+                    "endmodule\n"
+    rescue Exception => e
+      log_error "Error archiving Rails 6 views: #{e.message}"
     end
-    # fake the module outpput to match what SAF expects from Rails <= 5
-    add_to_archive "module \"ActionView::CompiledTemplates\"\n" + 
-                   "extend \"ActiveSupport::Dependencies::ModuleConstMissing\"\n" +
-                   "extend \"Module::Concerning\"\n" +
-                   "extend \"ActiveSupport::ToJsonWithActiveSupportEncoder\"\n" +
-                   "extend \"PP::ObjectMixin\"\n" +
-                   "extend \"ActiveSupport::Dependencies::Loadable\"\n" +
-                   "extend \"JSON::Ext::Generator::GeneratorMethods::Object\"\n" +
-                   "extend \"ActiveSupport::Tryable\"\n" +
-                   "extend \"Kernel\"\n" +
-                   formatted_contents +
-                   "endmodule\n"
   end
 
 
@@ -773,6 +809,7 @@ module Veracode
           File.read(template),
           template,
           ActionView::Template::Handlers::ERB,
+          :locals => [],
           :virtual_path => template
         )
 
@@ -857,7 +894,7 @@ module Veracode
   def self.require_libs(lib_paths)
     for lib_path in lib_paths
       dirsToProcess = [Pathname(lib_path)]
-      until dirsToProcess.count == 0 || !Dir.exists?(dirsToProcess[0])
+      until dirsToProcess.count == 0 || !Dir.exist?(dirsToProcess[0])
         currentDir = dirsToProcess.delete_at(0)
         for child in currentDir.children
           if child.directory?
@@ -989,7 +1026,11 @@ end
 
     glob_require "config/application.rb"
 
-    Rails.application.require_environment! unless $options[:jruby]
+    begin
+      Rails.application.require_environment! unless $options[:skipenvironment]
+    rescue Exception => e
+      log_error "Unable to require environment: #{e.message}"
+    end
     # Following line will actually kick off IRB
     # Rails::Console.start(Rails.application)
     
@@ -1029,21 +1070,26 @@ end
         puts "new successful requires? #{any_new.to_s}" if $options[:verbose]
       end
 
-      if @rails6
-        self.update
-        @view = ActionView::Base.with_empty_template_cache
-        @view_methods = @view.compiled_method_container.instance_methods
-        compile_erb_templates
-        compile_haml_templates
-        self.stats if $options[:verbose]
-      else
-        compile_templates
-        self.update
-        self.stats if $options[:verbose]
-      end
+      begin
+        if @rails6
+          self.update
+          @view = ActionView::Base.with_empty_template_cache
+          @view_methods = @view.compiled_method_container.instance_methods
+          compile_erb_templates
+          compile_haml_templates
+          self.stats if $options[:verbose]
+        else
+          compile_templates
+          self.update
+          self.stats if $options[:verbose]
+        end
 
-      # Ensure compiled templates are fully disassembled in archive
-      @baseline_modules.delete(ActionView::CompiledTemplates) unless @rails6
+        # Ensure compiled templates are fully disassembled in archive
+        @baseline_modules.delete(ActionView::CompiledTemplates) unless @rails6
+      rescue Exception => e
+        puts "Unable to compile templates: #{e.message}" if $options[:verbose]
+        log_error "Unable to compile templates: #{e.message}"
+      end
 
       if $options[:environment]
         puts "Processing and disassembling environment"
@@ -1070,6 +1116,7 @@ end
         log_error e.message
         log_error e.backtrace.join("\n")
       else
+        puts "Failed to prepare veracode archive. Please see #{@errorlog_filename}."
         raise
       end
     end

metadata

@@ -1,27 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: veracode
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.7
 platform: ruby
 authors:
 - Veracode
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-06 00:00:00.000000000 Z
+date: 2024-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.3'
 description: Prepares your Ruby on Rails app for submission to Veracode.
@@ -39,7 +39,7 @@ files:
 homepage: http://veracode.com/
 licenses: []
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -54,8 +54,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key:
+rubygems_version: 3.1.6
+signing_key: 
 specification_version: 4
 summary: Command line tool for preparing your Ruby on Rails app for submission to
   Veracode