veracodecli 0.1.2 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 74b3b2fddb38344c96cd938c9f27ec1ba5642125
-  data.tar.gz: 3d2934ffea90f22732d1be2d5861e3e371d41993
+  metadata.gz: 38a85c2a0d02935e016488510c19cfe2d3d34fcc
+  data.tar.gz: e46ceafd154bfb498b2f20dcb0c629ffb77f811b
 SHA512:
-  metadata.gz: 4a97bfed947f96df61ca3f142243fc7861ffbcdd248e846d3832c08ee7903a2314052d81df6880b4a20a23696c700be9ce4738fde91c995f2cb81688179104ce
-  data.tar.gz: fe856103bdbd2a8946710fec5ecb6209146de7770f3fe68bae41f7fb7b0fcfb6ee9d7f92f53196018a3421eb82792fa1cdf3b5eb4244b262a19b3793faea405a
+  metadata.gz: 2f6b49907d5d2920f734c8dcf1c34dab1332ef24a4c578377152f1fa7011bc1456419cd00052839acd13646c8711b99ad6b26552f573659a7269219dab264c86
+  data.tar.gz: 7164c3bea8001f0c235c5cb852c9c488248c47868f6e55241af8314132de12e9a5f0db015038bc896093e95adff7309b1c05dc816313cf8396acf9c5d5ddefbe

data/bin/veracodecli

@@ -5,20 +5,31 @@ require 'veracodecli'
 include VeracodeApiResults
 include VeracodeApiScan
 include VeracodeApiBase
+include VeracodeApiMacros
 
 Commander.configure do
   program :name, 'veracodecli'
-  program :version, '0.1.0'
+  program :version, '0.1.2'
   program :description, 'CLI for automating veracode api requests'
   program :help, 'Author', 'Isaiah Thiessen <isaiah.thiessen@telus.com>'
 
   command :scan do |c|
-    c.syntax = 'veracodecli scan [app_name] [archive_path]'
-    c.description = 'Submits a scan request to Veracode.'
-    c.action do |args|
+    c.syntax = 'veracodecli scan [app_name] [repo] --option [option]'
+    c.description = 'Submits a scan to Veracode.'
+    c.option '--business_unit NAME', String, 'Business Unit Name'
+    c.option '--team NAME', String, 'Team Name'
+    c.option '--business_criticality', String, 'Application business criticality'
+    c.action do |args,options|
       fail 'Specify application Name.' if args.first.nil?
-      fail 'Specify path to code archive.' if args[1].nil?
-      VeracodeApiScan.submit_scan args[0], args[1]
+      fail 'Specify repo location.' if args[1].nil?
+      # VeracodeApiScan.submit_scan args[0], args[1]
+      options.default :business_criticality => 'High'
+      options.default :business_unit => 'TELUS Digital'
+      dir = "/home/#{ENV['USER']}/veracodecli_data/sast_clone"
+      if !Dir.exists?(dir) then `git clone #{args[1]} #{dir}` end
+      if Dir.exists?(dir) then `cd #{dir}; git pull; git archive --format=tar -o sast_upload.tar master` else fail 'Repository not found' end
+      VeracodeApiMacros.submit_scan_macro args[0], options.business_criticality, options.business_unit, options.team, 'sast_clone/sast_upload.tar'
+      `cd #{dir}; rm -r sast_upload.tar`
     end
   end
 
@@ -41,11 +52,12 @@ Commander.configure do
   end
 
   command :get_report do |c|
-    c.syntax = 'veracodecli get-report [app_id]'
+    c.syntax = 'veracodecli get-report [app_name]'
     c.description = 'Downloads the final scan report from Veracode.'
     c.action do |args|
-      fail 'Specify app_id.' if args.first.nil?
-      VeracodeApiResults.get_scan_report args.first
+      fail 'Specify app_name.' if args.first.nil?
+      #VeracodeApiResults.get_scan_report args.first
+      VeracodeApiMacros.get_scan_report args.first
     end
   end
 

data/lib/veracodecli/api.rb

@@ -4,7 +4,7 @@ require 'rest-client'
 
 module VeracodeApiBase
   def check_environment_login_variables
-    fail 'EnvironmentError: VERACODE_USERNAME, VERACODE_PASSWORD, or VERACODE_TEAM not set.' unless !ENV['VERACODE_USERNAME'].nil? || !ENV['VERACODE_PASSWORD'].nil? || !ENV['VERACODE_TEAM'].nil?
+    fail 'EnvironmentError: VERACODE_USERNAME or VERACODE_PASSWORD not set.' unless !ENV['VERACODE_USERNAME'].nil? || !ENV['VERACODE_PASSWORD'].nil?
   end
 
   def veracode_api_request(api_call, api_version: '4.0', **params)
@@ -17,38 +17,33 @@ end
 module VeracodeApiScan
   include VeracodeApiBase
 
-  def validate_existance(of:)
-    puts "Validating records for #{of}"
+  def get_app_id(app_name)
     app_list = veracode_api_request 'getapplist.do', include_user_info: 'true'
-    if app_list.include? "#{of}"
-      puts 'Record found, submitting'
-      return app_list.scan(/app_id=\"(.+)\" app_name=\"#{of}\"/)[0][0]
-    else
-      puts 'Record not found, creating one'
-      create_app_result = veracode_api_request 'createapp.do', app_name: of, description: "Static Scanning profile for #{of}.", business_criticality: 'High', business_unit: "#{ENV['VERACODE_TEAM']}", web_application: 'true', teams: "#{ENV['VERACODE_TEAM']}"
-      app_id = create_app_result.scan(/app_id=\"(.+)\" app_name=\"#{of}\"/)[0][0]
-      puts "Record successfully created, app_id is #{app_id}"
-      return app_id
-    end
+    scan = app_list.scan(/app_id=\"(.+)\" app_name=\"#{app_name}\"/)
+    if !scan.nil? then app_id = scan[0][0] else app_id = nil end
+  end
+
+  def create_app_profile(app_name, business_criticality, business_unit, teams)
+    create_app_response = veracode_api_request 'createapp.do', app_name: app_name, business_criticality: business_criticality, business_unit: business_unit, teams: teams
+    app_id = create_app_response.scan(/app_id=\"(.+)\" app_name=\"#{of}\"/)[0][0]
   end
 
-  def submit_scan(app_name, archive_path)
-    app_id = validate_existance of: app_name
+  def upload_file(app_id, archive_path)
     # NOTE: curl must be used here because of a bug in the Veracode api. rest-client cannot be used while this bug is present.
     # NOTE: preferred code: upload_result = veracode_api_request 'uploadfile.do', app_id: app_id, file: "#{archive_path}"
-    upload_result = `curl --url "https://#{ENV['VERACODE_USERNAME']}:#{ENV['VERACODE_PASSWORD']}@analysiscenter.veracode.com/api/4.0/uploadfile.do" -F 'app_id=#{app_id}' -F 'file=@#{archive_path}'`
-    puts upload_result
-    prescan_submission_result = veracode_api_request 'beginprescan.do', app_id: app_id, auto_scan: 'true'
-    puts prescan_submission_result
-    puts "Submit complete for #{app_id}"
+    upload_file_response = `curl --url "https://#{ENV['VERACODE_USERNAME']}:#{ENV['VERACODE_PASSWORD']}@analysiscenter.veracode.com/api/4.0/uploadfile.do" -F 'app_id=#{app_id}' -F 'file=@#{archive_path}'`
+  end
+
+  def submit_prescan(app_id)
+    submit_prescan_response = veracode_api_request 'beginprescan.do', app_id: app_id, auto_scan: 'true'
   end
 end
 
 module VeracodeApiResults
   include VeracodeApiBase
 
-  def get_most_recent_build_id(using:)
-    build_list = veracode_api_request 'getbuildlist.do', app_id: using
+  def get_most_recent_build_id(app_id)
+    build_list = veracode_api_request 'getbuildlist.do', app_id: app_id
     build_list.scan(/build_id="(.*?)"/).last[0]
   end
 
@@ -66,8 +61,27 @@ module VeracodeApiResults
   end
 
   def get_scan_report(app_id)
-    build_id = get_most_recent_build_id using: app_id
     report = veracode_api_request 'detailedreport.do', api_version: '3.0', build_id: build_id
-    puts report
   end
 end
+
+module VeracodeApiMacros
+  include VeracodeApiScan
+  include VeracodeApiResults
+
+  def submit_scan_macro(app_name, business_criticality, business_unit, teams, archive_path)
+    app_id = get_app_id(app_name)
+    if app_id.nil?
+      app_id = create_app_profile(app_name, business_criticality, business_unit, teams)
+    end
+    upload_file app_id, archive_path
+    submit_prescan app_id
+  end
+
+  def get_report_macro(app_name)
+    app_id = get_app_id app_name
+    build_id = get_most_recent_build_id app_id
+    report = get_scan_report app_id
+  end
+
+end

data/test/test_veracodecli.rb

@@ -13,7 +13,7 @@ class TestVeracodecli < Test::Unit::TestCase
     end
 
     should 'Return HTTP 401' do
-      assert_equal response.code, veracode_api_request('getapplist.do', '')
+      assert_kind_of String, veracode_api_request('getapplist.do')
     end
 
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: veracodecli
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.4
 platform: ruby
 authors:
 - isaiah thiessen