veracodecli 1.0.22 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 73274be3c0582bc1ac127df32276c89d55e6aacc
-  data.tar.gz: c8a2c62a4d0de4e8a7c0fc1232ddb7477eb7911a
+  metadata.gz: 313198e33e2b38505233625eb8d025d41beac504
+  data.tar.gz: 1487b7b9c55c5f56f3110e2e7fe7cf1a712f3657
 SHA512:
-  metadata.gz: 428001fc5f03209ff529c4618f962b276906841cd832e92e715a957bf57028b6cb4c2fe4c35b1828f849c6e97c11a56d8776c2b6079260f07d3e0e1653ea2bc5
-  data.tar.gz: 086632a007b43507dc699e65d80003a95259476d44224134524bce9d6ede5e79a2dd757d70fcffe4fbddb86e6c2687c21f090c421890d91163ffde3501faebdd
+  metadata.gz: 49db16d2ff4db3bbfbfb9f93cde12a2fc7ff974efa4ab03ff728c3a3c659fb602687a2c94b84010622840b3c86ab1797564b00013da67af53ca390add48a97fd
+  data.tar.gz: 9b30ee9969e1d561e0838d4eea1a2c137dbc8793ce08424ce8bbbe6a19459e06282a79e9af2610491f35fa6bb23642489fcd79f594b646c629e6d43d7dc655c9

data/README.md

@@ -1,3 +1,5 @@
+Support for this gem will soon be dropped in favour of https://github.com/isand3r/apidragon
+
 # veracodecli
 
 [![Code Climate](https://codeclimate.com/github/isand3r/veracodecli/badges/gpa.svg)](https://codeclimate.com/github/isand3r/veracodecli)
@@ -8,7 +10,6 @@ A ruby cli gem for interacting with the veracode API
 
 - [Installation](#installation)
 - [Usage](#usage)
-- [Roadmap](#roadmap)
 - [License](#license)
 - [Contributors](#contributors)
 
@@ -28,11 +29,6 @@ gem install veracodecli
 
 (append `--trace` to the end to see a stack trace if you are encountering errors.)
 
-## Roadmap
-Ideas for future development.
-
-* Config file: Make this cli scanner/tool agnostic. Should work with rest api services from other tools
-
 ## License
 
 [MIT](https://tldrlegal.com/license/mit-license)

data/VERSION

@@ -1 +1 @@
-1.0.22
+1.1.0

data/bin/veracodecli

@@ -82,6 +82,7 @@ Commander.configure do
       options.app_name.gsub! /[-_]/, ''
       file = VeracodeApiMacros.get_pdf_macro options.app_name
       Slack.send_to_slack file if (options.slack_upload.eql? 'yes')
+      File.delete file
     end
   end
 end

data/lib/veracodecli/api.rb

@@ -6,7 +6,11 @@ require 'nokogiri'
 require_relative 'settings'
 require_relative 'log'
 
+# Base Module. Contains parsing and rest call functions.
 module VeracodeApiBase
+  # Makes a REST request to analysiscenter.veracode.com/api/[version]/[function], where function is the passed api_call	method argument,
+  # api_version is the passed method argument with default value '4.0', and params is any number of json key:value pairs passed in the **params method argument.
+  # The response is logged to /tmp/veracodecli.log as long as the HTTP response code = 200. 5XX or 4XX raise an Error.
   def veracode_api_request(api_call, api_version: '4.0', **params)
     begin
       # RestClient.proxy = Settings.proxy unless !Settings.proxy
@@ -20,6 +24,7 @@ module VeracodeApiBase
     response
   end
 
+  # Clones or updates a git clone of the desired directory (set in the configuration file), then zips the contents to /temp/sast_upload.zip.
   def get_repo_archive(url)
     directory = "/tmp/sast_clone"
     if Dir.exists?(directory)
@@ -30,6 +35,7 @@ module VeracodeApiBase
     `cd /tmp; zip -r sast_upload.zip sast_clone`
   end
 
+  # Returns the passed xml 'response' for the 'app_id' attribute associated with the passed 'app_name' for the 'getapplist' call. 
   def response_parse_app_id(response, app_name)
     app_id = nil
     doc = Nokogiri::XML response
@@ -41,6 +47,7 @@ module VeracodeApiBase
     app_id
   end
 
+  # Returns the passed xml 'response' for the 'app_id' attribute for the 'createapp' call.
   def parse_new_app_id(response)
     app_id = nil
     doc = Nokogiri::XML response
@@ -53,47 +60,47 @@ module VeracodeApiBase
   end
 end
 
+# Scan Module. Contains all functions necessary to submit a scan. 
 module VeracodeApiScan
   include VeracodeApiBase
 
+  # calls getapplist and returns the ''app_id' attribute associated with the passed 'app_name' argument.  
   def get_app_id(app_name)
     app_list = veracode_api_request 'getapplist.do', include_user_info: 'true'
     app_id = response_parse_app_id app_list.body, app_name
   end
 
+  # calls 'createapp' to create an new app profile. All arguments are required and can be specified in the config file.
   def create_app_profile(app_name, business_criticality, business_unit, team)
     create_app_response = veracode_api_request 'createapp.do', app_name: app_name, business_criticality: business_criticality, business_unit: business_unit, teams: team
     app_id = parse_new_app_id create_app_response.body
     if app_id.nil? then abort 'createapp failed. Check the logs.' end
   end
 
+  # Calls 'uploadfile' to upload the previously created 'sast_upload.zip'.
   def upload_file(app_id, archive_path)
     # NOTE: curl must be used here because of a bug in the Veracode api. rest-client cannot be used while this bug is present.
     # NOTE: preferred code: upload_result = veracode_api_request 'uploadfile.do', app_id: app_id, file: "#{archive_path}"
     `curl --url "https://#{Settings.veracode_username}:#{Settings.veracode_password}@analysiscenter.veracode.com/api/4.0/uploadfile.do" -F 'app_id=#{app_id}' -F 'file=@#{archive_path}'`
   end
 
+  # calls 'beginprescan' for the passed app_id argument. 'auto_scan: 'true'' means that the scan will begin automatically after the prescan unless there are errors.
   def submit_prescan(app_id)
     veracode_api_request 'beginprescan.do', app_id: app_id, auto_scan: 'true'
   end
 end
 
+# Results module. Contains all methods necessary to download scan reports.
 module VeracodeApiResults
   include VeracodeApiBase
 
+  # calls 'getbuildlist' and returns the last 'build_id' attribute associated with the passed app_id  
   def get_most_recent_build_id(app_id)
     build_list = veracode_api_request 'getbuildlist.do', app_id: app_id
     build_list.body.scan(/build_id="(.*?)"/).last[0]
   end
-
-  # def get_build_status(app_id)
-  #   build_info = veracode_api_request 'getbuildinfo.do', app_id: app_id
-  #   build_id = build_info.body.scan(/build_id="(.*?)"/)[0][0]
-  #   build_status = build_info.body.scan(/status="(.*?)"/).last[0]
-  #   puts build_status
-  #   build_status
-  # end
-
+  
+  # calls 'getprescanresults'
   def get_prescan_results(app_id)
     results = veracode_api_request 'getprescanresults.do', app_id: app_id
     puts "Fetched prescan results for #{app_id}"
@@ -101,17 +108,20 @@ module VeracodeApiResults
     results
   end
 
+  # calls 'detailedreport' for the passed 'build_id' attribute, returning the xml body of the response. Note that this api is version 3.0 not 4.0.
   def get_scan_report(build_id)
     report = veracode_api_request 'detailedreport.do', api_version: '3.0', build_id: build_id
     report.body
   end
 
+  # similar to above method, except returns a pdf response instead of xml.
   def get_scan_report_pdf(build_id)
     report = veracode_api_request 'detailedreportpdf.do', api_version: '3.0', build_id: build_id
     report.body
   end
 end
 
+# Macros module. Contains sequenced method calls from above modules to perform actions such as submitting scans, retreiving reports.
 module VeracodeApiMacros
   include VeracodeApiScan
   include VeracodeApiResults

data/lib/veracodecli/log.rb

@@ -2,12 +2,13 @@ require 'json'
 
 class ResponseLogger
 
+  # Logger initialization, records the desired log file path.
   def initialize(log_path)
     @path = log_path
   end
 
+  # writes the following information for the passed response string: date & time the call was made, body (response), call name (call), HTTP response code (code). 
   def log(call, code, response)
-    check_log_file "#{@path}/veracodecli.log"
     log = File.open "#{@path}/veracodecli.log", 'a+'
     log.write "#{call} called @ #{timestamp}"
     log.write "HTTP #{code}\n"
@@ -16,10 +17,7 @@ class ResponseLogger
     log.close
   end
 
-  def check_log_file(file_path)
-    File.open file_path, 'w' unless File.exist? file_path
-  end
-
+  # Returns current system date & time.
   def timestamp
     `date`
   end

data/veracodecli.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: veracodecli 1.0.22 ruby lib
+# stub: veracodecli 1.1.0 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "veracodecli"
-  s.version = "1.0.22"
+  s.version = "1.1.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["isaiah thiessen"]
-  s.date = "2015-11-06"
+  s.date = "2015-12-14"
   s.description = "Ruby based CLI for accessing veracode's api"
   s.email = "isaiah.thiessen@telus.com"
   s.executables = ["veracodecli"]
@@ -41,7 +41,7 @@ Gem::Specification.new do |s|
   ]
   s.homepage = "http://github.com/isand3r/veracodecli"
   s.licenses = ["MIT"]
-  s.rubygems_version = "2.4.8"
+  s.rubygems_version = "2.5.0"
   s.summary = "Ruby based CLI for accessing veracode's api"
 
   if s.respond_to? :specification_version then

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: veracodecli
 version: !ruby/object:Gem::Version
-  version: 1.0.22
+  version: 1.1.0
 platform: ruby
 authors:
 - isaiah thiessen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-06 00:00:00.000000000 Z
+date: 2015-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -281,7 +281,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.5.0
 signing_key: 
 specification_version: 4
 summary: Ruby based CLI for accessing veracode's api