veracodecli 0.1.5 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/bin/veracodecli +15 -8
- data/lib/veracodecli/api.rb +17 -1
- data/test/test_veracodecli.rb +10 -5
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 84e40ad9f106004bf5dccb40fdfbcfe7aa92a95e
|
|
4
|
+
data.tar.gz: 43026621561ac4aea615fd70aaec4f109446c280
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 349560ffb43459d9460da0f492b3966ed711fb18d35fea17abf463d18494bd9285687118231a01afea3284347253453c9c5caf4cce155dbb8558b931fea43e14
|
|
7
|
+
data.tar.gz: f9379bee72141331a3196868ca3d23a121fbbf71064a13b07b6d9e8f841263fc5783060bea607ce44a4eee5a8650bf2c33b2df55c4048a265b454154ccbad79a
|
data/README.md
CHANGED
|
@@ -18,7 +18,7 @@ gem install veracodecli
|
|
|
18
18
|
|
|
19
19
|
## Usage
|
|
20
20
|
|
|
21
|
-
1. Set `VERACODE_USERNAME
|
|
21
|
+
1. Set `VERACODE_USERNAME` and `VERACODE_PASSWORD` environment variables to your API credentials for the veracode API.
|
|
22
22
|
2. To run a scan use `veracodecli scan _app\_name_ _archive\_path_
|
|
23
23
|
|
|
24
24
|
- `veracodecli help` to see commands
|
data/bin/veracodecli
CHANGED
|
@@ -22,14 +22,14 @@ Commander.configure do
|
|
|
22
22
|
c.action do |args,options|
|
|
23
23
|
fail 'Specify application Name.' if args.first.nil?
|
|
24
24
|
fail 'Specify repo location.' if args[1].nil?
|
|
25
|
-
# VeracodeApiScan.submit_scan args[0], args[1]
|
|
26
25
|
options.default :business_criticality => 'High'
|
|
27
26
|
options.default :business_unit => 'TELUS Digital'
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
if Dir.exists?(dir) then `
|
|
31
|
-
|
|
32
|
-
|
|
27
|
+
directory = "/home/#{ENV['USER']}/veracodecli_data/sast_clone"
|
|
28
|
+
VeracodeApiBase.get_repo_archive directory
|
|
29
|
+
# if !Dir.exists?(dir) then `git clone #{args[1]} #{dir}` end
|
|
30
|
+
# if Dir.exists?(dir) then `cd #{dir}; git pull; git archive --format=tar -o sast_upload.tar master` else fail 'Repository not found' end
|
|
31
|
+
VeracodeApiMacros.submit_scan_macro args[0], options.business_criticality, options.business_unit, options.team, "#{directory}/sast_upload.tar"
|
|
32
|
+
`cd #{directory}; rm -r sast_upload.tar`
|
|
33
33
|
end
|
|
34
34
|
end
|
|
35
35
|
|
|
@@ -56,9 +56,16 @@ Commander.configure do
|
|
|
56
56
|
c.description = 'Downloads the final scan report from Veracode.'
|
|
57
57
|
c.action do |args|
|
|
58
58
|
fail 'Specify app_name.' if args.first.nil?
|
|
59
|
-
|
|
60
|
-
VeracodeApiMacros.get_scan_report args.first
|
|
59
|
+
VeracodeApiMacros.get_report_macro args.first
|
|
61
60
|
end
|
|
62
61
|
end
|
|
63
62
|
|
|
63
|
+
command :get_pdf_report do |c|
|
|
64
|
+
c.syntax = 'veracodecli get-pdf [app_name]'
|
|
65
|
+
c.description = 'Downloads the final scan report in pdf format.'
|
|
66
|
+
c.action do |args|
|
|
67
|
+
fail 'Specify app_name.' if args.first.nil?
|
|
68
|
+
VeracodeApiMacros.get_pdf_macro args.first
|
|
69
|
+
end
|
|
70
|
+
end
|
|
64
71
|
end
|
data/lib/veracodecli/api.rb
CHANGED
|
@@ -11,6 +11,11 @@ module VeracodeApiBase
|
|
|
11
11
|
check_environment_login_variables
|
|
12
12
|
response = RestClient.get "https://#{ENV['VERACODE_USERNAME']}:#{ENV['VERACODE_PASSWORD']}@analysiscenter.veracode.com/api/#{api_version}/#{api_call}", { params: params }
|
|
13
13
|
end
|
|
14
|
+
|
|
15
|
+
def get_repo_archive(directory)
|
|
16
|
+
if !Dir.exists?(directory) then `git clone #{args[1]} #{directory}` end
|
|
17
|
+
if Dir.exists?(directory) then `cd #{directory}; git pull; git archive --format=tar -o sast_upload.tar master` else fail 'Repository not found' end
|
|
18
|
+
end
|
|
14
19
|
end
|
|
15
20
|
|
|
16
21
|
module VeracodeApiScan
|
|
@@ -66,6 +71,11 @@ module VeracodeApiResults
|
|
|
66
71
|
report = veracode_api_request 'detailedreport.do', api_version: '3.0', build_id: build_id
|
|
67
72
|
report = report.body
|
|
68
73
|
end
|
|
74
|
+
|
|
75
|
+
def get_scan_report_pdf(build_id)
|
|
76
|
+
report = veracode_api_request 'detailedreportpdf.do', api_version: '3.0', build_id: build_id
|
|
77
|
+
report = report.body
|
|
78
|
+
end
|
|
69
79
|
end
|
|
70
80
|
|
|
71
81
|
module VeracodeApiMacros
|
|
@@ -84,7 +94,13 @@ module VeracodeApiMacros
|
|
|
84
94
|
def get_report_macro(app_name)
|
|
85
95
|
app_id = get_app_id app_name
|
|
86
96
|
build_id = get_most_recent_build_id app_id
|
|
87
|
-
report = get_scan_report
|
|
97
|
+
report = get_scan_report build_id
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
def get_pdf_macro(app_name)
|
|
101
|
+
app_id = get_app_id app_name
|
|
102
|
+
build_id = get_most_recent_build_id app_id
|
|
103
|
+
report = get_scan_report build_id
|
|
88
104
|
end
|
|
89
105
|
|
|
90
106
|
end
|
data/test/test_veracodecli.rb
CHANGED
|
@@ -8,8 +8,9 @@ class TestVeracodecli < Test::Unit::TestCase
|
|
|
8
8
|
context 'VeracodeApi' do
|
|
9
9
|
|
|
10
10
|
setup do
|
|
11
|
-
ENV['VERACODE_USERNAME'] = '
|
|
12
|
-
ENV['VERACODE_PASSWORD'] = '
|
|
11
|
+
ENV['VERACODE_USERNAME'] = ''
|
|
12
|
+
ENV['VERACODE_PASSWORD'] = ''
|
|
13
|
+
@test_file_location = '' # a .tar or .zip archive path
|
|
13
14
|
end
|
|
14
15
|
|
|
15
16
|
should 'Return existing application profile ID' do
|
|
@@ -24,9 +25,13 @@ class TestVeracodecli < Test::Unit::TestCase
|
|
|
24
25
|
assert_equal 200, veracode_api_request('beginprescan.do', app_id:'12379').code
|
|
25
26
|
end
|
|
26
27
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
28
|
+
should 'Return Response Object' do
|
|
29
|
+
assert_kind_of RestClient::Response, veracode_api_request('getapplist.do')
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
should 'Return XML response for uploadfile.do' do
|
|
33
|
+
assert_boolean upload_file('12379', @test_file_location).include?('Uploaded')
|
|
34
|
+
end
|
|
30
35
|
|
|
31
36
|
should 'Return HTTP from get_prescan_results function' do
|
|
32
37
|
assert_equal 200, get_prescan_results('12379').code
|