From afc9b6afe4b5cf921b2ddd9af86436076e8ef9d1 Mon Sep 17 00:00:00 2001 From: Stephen Kapp Date: Tue, 5 Jun 2012 18:40:17 +0100 Subject: [PATCH] Switched to ROXML for XML to Object handling --- lib/veracode/api/builds.rb | 93 ++++++++++---------- lib/veracode/api/detailed.rb | 164 +++++++++++++++++++++-------------- lib/veracode/api/parse.rb | 87 ------------------- lib/veracode/api/types.rb | 32 +++++++ lib/veracode/results.rb | 13 +-- 5 files changed, 178 insertions(+), 211 deletions(-) delete mode 100644 lib/veracode/api/parse.rb create mode 100644 lib/veracode/api/types.rb diff --git a/lib/veracode/api/builds.rb b/lib/veracode/api/builds.rb index 87bf9be..f3b1d5c 100644 --- a/lib/veracode/api/builds.rb +++ b/lib/veracode/api/builds.rb @@ -1,56 +1,57 @@ -require 'veracode/api/parse' +require 'roxml' module Veracode module Result module Builds - class Applications - include Veracode::Parser - attr_accessor :applications - - @applications - - def initialize - @applications = [] - end + class AnalysisUnit + include ROXML - class Application - VALID_ATTRIBUTE_KEYS = [ :app_name, :app_id, :industry_vertical, :assurance_level, - :business_criticality, :origin, :cots, :business_unit, :tags ].freeze - - attr_accessor *VALID_ATTRIBUTE_KEYS - - attr_accessor :builds - - def initialize(attributes) - @builds = [] - VALID_ATTRIBUTE_KEYS.each{|k| self.send("#{k}=", Hash[attributes][k.to_s]) } - end - - class Build - VALID_ATTRIBUTE_KEYS = [ :version, :build_id, :submitter, :platform, :lifecycle_stage, :results_ready, :policy_name, - :policy_version, :policy_compliance_status, :rules_status, :grace_period_expired, - :scan_overdue ].freeze - - attr_accessor *VALID_ATTRIBUTE_KEYS - attr_accessor :units - - def initialize(attributes) - VALID_ATTRIBUTE_KEYS.each{|k| self.send("#{k}=", Hash[attributes][k.to_s]) } - @units = [] - end + xml_accessor :analysis_type, :from => "@analysis_type" + xml_accessor :status, :from => "@status" + xml_accessor :published_date, :from => "@published_date" + end + + class Build + include ROXML + + xml_accessor :version, :from => "@version" + xml_accessor :build_id, :from => "@build_id" + xml_accessor :submitter, :from => "@submitter" + xml_accessor :platform, :from => "@platform" + xml_accessor :lifecycle_stage, :from => "@lifecycle_stage" + xml_accessor :results_ready, :from => "@results_ready" + xml_accessor :policy_name, :from => "@policy_name" + xml_accessor :policy_version, :from => "@policy_version" + xml_accessor :policy_compliance_status, :from => "@policy_compliance_status" + xml_accessor :rules_status, :from => "@rules_status" + xml_accessor :grace_period_expired, :from => "@grace_period_expired" + xml_accessor :scan_overdue, :from => "@scan_overdue" + + xml_accessor :analysis_units, :as => [AnalysisUnit] + end + + class Application + include ROXML + + xml_accessor :app_name, :from => "@app_name" + xml_accessor :app_id, :from => "@app_id" + xml_accessor :industry_vertical, :from => "@industry_vertical" + xml_accessor :assurance_level, :from => "@assurance_level" + xml_accessor :business_criticality, :from => "business_criticality" + xml_accessor :origin, :from => "@origin" + xml_accessor :cots, :from => "@cots" + xml_accessor :business_unit, :from => "@business_unit" + xml_accessor :tags, :from => "@tags" + xml_accessor :builds, :as => [Build] - class AnalysisUnit - VALID_ATTRIBUTE_KEYS = [ :analysis_type, :status, :published_date ].freeze - - attr_accessor *VALID_ATTRIBUTE_KEYS - - def initialize(attributes) - VALID_ATTRIBUTE_KEYS.each{|k| self.send("#{k}=", Hash[attributes][k.to_s]) } - end - end - end - end end + + class Applications + include ROXML + + xml_accessor :applications, :as => [Application] + end + end end end diff --git a/lib/veracode/api/detailed.rb b/lib/veracode/api/detailed.rb index 9098904..2c844de 100644 --- a/lib/veracode/api/detailed.rb +++ b/lib/veracode/api/detailed.rb @@ -1,83 +1,113 @@ -require 'veracode/api/parse' +require 'veracode/api/types' module Veracode module Result - class DetailedReport - include Veracode::Parser + class Modules < Base + xml_reader :name, :from => "@name" + xml_reader :compiler, :from => "@compiler" + xml_reader :os, :from => "@os" + xml_reader :architecture, :from => "@architecture" + xml_reader :score, :from => "@score" + xml_reader :numflawssev0, :from => "@numflawssev0" + xml_reader :numflawssev1, :from => "@numflawssev1" + xml_reader :numflawssev2, :from => "@numflawssev2" + xml_reader :numflawssev3, :from => "@numflawssev3" + xml_reader :numflawssev4, :from => "@numflawssev4" + xml_reader :numflawssev5, :from => "@numflawssev5" + end + + class Analysis < Base + xml_reader :rating, :from => "@rating" + xml_reader :score, :from => "@score" + xml_reader :submitted_date, :from => "@submitted_date" + xml_reader :published_date, :from => "@published_date" + xml_reader :mitigated_rating, :from => "@mitigated_rating" + xml_reader :mitigated_score, :from => "@mitigated_score" + xml_reader :analysis_size_bytes, :from => "@analysis_size_bytes" + xml_reader :next_scan_due, :from => "@next_scan_due" - VALID_ATTRIBUTE_KEYS = [ :report_format_version, :app_name, :app_id, :first_build_submitted_date, :version, :build_id, - :submitter, :platform, :assurance_level, :business_criticality, :generation_date, :veracode_level, - :total_flaws, :flaws_not_mitigated, :teams, :life_cycle_stage, :planned_deployment_date, :last_update_time, - :is_latest_build, :policy_name, :policy_version, :policy_compliance_status, :policy_rules_status, - :scan_overdue, :any_type_scan_due, :business_owner, :business_unit, :tags, :grace_period_expired].freeze + xml_reader :modules, :as => [Modules] + end - attr_accessor *VALID_ATTRIBUTE_KEYS + class ManualAnalysis < Base + xml_reader :rating, :from => "@rating" + xml_reader :score, :from => "@score" + xml_reader :mitigated_rating, :from => "@mitigated_rating" + xml_reader :mitigated_score, :from => "@mitigated_score" + xml_reader :submitted_date, :from => "@submitted_date" + xml_reader :published_date, :from => "@published_date" + xml_reader :next_scan_due, :from => "@next_scan_due" + + xml_reader :modules, :as => [Modules] + xml_reader :cia_adjustment + xml_reader :delivery_consultant + end + + class CWE < Base + xml_reader :cweid, :from => "@cweid" + xml_reader :cwename, :from => "@cwename" + xml_reader :pcirelated?, :from => "@pcirelated" - attr_accessor :analysis + xml_reader :description, :as => [TextType] + end + + class Category < Base + xml_reader :categoryid, :from => "@categoryid" + xml_reader :categoryname, :from => "@categoryname" + xml_reader :pcirelated?, :from => "pcirelated" - def initialize(attributes=nil) - if !attributes.nil? - VALID_ATTRIBUTE_KEYS.each{|k| self.send("#{k}=", Hash[attributes][k.to_s]) } - end - @analysis = [] - end + xml_reader :desc, :as => Para + xml_reader :recommendations, :as => Para + xml_reader :cwe, :as => [CWE] + end - def assign(attributes=nil) - if !attributes.nil? - VALID_ATTRIBUTE_KEYS.each{|k| self.send("#{k}=", Hash[attributes][k.to_s]) } - end - end + class Severity < Base + xml_reader :level, :from => "@level" - class StaticAnalysis - VALID_ATTRIBUTE_KEYS = [ :rating, :score, :submitted_date, :published_date, :analysis_size_bytes].freeze - - attr_accessor *VALID_ATTRIBUTE_KEYS - attr_accessor :modules - - def initialize(attributes) - VALID_ATTRIBUTE_KEYS.each{|k| self.send("#{k}=", Hash[attributes][k.to_s]) } - @modules = [] - end - end + xml_reader :categories, :as => [Category] + end + + class DetailedReport < Base + xml_convention :dasherize - class DynamicAnalysis - VALID_ATTRIBUTE_KEYS = [ :rating, :score, :submitted_date, :published_date, :analysis_size_bytes].freeze - - attr_accessor *VALID_ATTRIBUTE_KEYS - attr_accessor :modules - - def initialize(attributes) - VALID_ATTRIBUTE_KEYS.each{|k| self.send("#{k}=", Hash[attributes][k.to_s]) } - @modules = [] - end - end + xml_reader :report_format_version, :from => "@report_format_version" + xml_reader :app_name, :from => "@app_name" + xml_reader :app_id, :from => "@app_id" + xml_reader :first_build_submitted_date, :from => "@first_build_submitted_date" + xml_reader :version, :from => "@version" + xml_reader :build_id, :from => "@build_id" + xml_reader :submitter, :from => "@submitter" + xml_reader :platform, :from => "@platform" + xml_reader :assurance_level, :from => "@assurance_level" + xml_reader :business_criticality, :from => "@business_criticality" + xml_reader :generation_date, :from => "@generation_date" + xml_reader :veracode_level, :from => "@veracode_level" + xml_reader :total_flaws, :from => "@total_flaws" + xml_reader :flaws_not_mitigated, :from => "@flaws_not_mitigated" + xml_reader :teams, :from => "@teams" + xml_reader :life_cycle_stage, :from => "@life_cycle_stage" + xml_reader :planned_deployment_date, :from => "@planned_deployment_date" + xml_reader :last_update_time, :from => "@last_update_time" + xml_reader :is_latest_build, :from => "@is_latest_build" + xml_reader :policy_name, :from => "@policy_name" + xml_reader :policy_version, :from => "@policy_version" + xml_reader :policy_compliance_status, :from => "@policy_compliance_status" + xml_reader :policy_rules_status, :from => "@policy_rules_status" + xml_reader :scan_overdue, :from => "@scan_overdue" + xml_reader :any_type_scan_due, :from => "@any_type_scan_due" + xml_reader :business_owner, :from => "@business_owner" + xml_reader :business_unit, :from => "@business_unit" + xml_reader :tags, :from => "@tags" + xml_reader :grace_period_expired, :from => "@grace_period_expired" + - class ManualAnalysis - VALID_ATTRIBUTE_KEYS = [ :rating, :score, :submitted_date, :published_date, :analysis_size_bytes].freeze - - attr_accessor *VALID_ATTRIBUTE_KEYS - attr_accessor :modules, :cia_adjustment - - def initialize(attributes) - VALID_ATTRIBUTE_KEYS.each{|k| self.send("#{k}=", Hash[attributes][k.to_s]) } - @modules = [] - end - end + xml_reader :static_analysis, :as => Analysis + xml_reader :dynamic_analysis, :as => Analysis + xml_reader :manual_analysis, :as => ManualAnalysis - class Modules - VALID_ATTRIBUTE_KEYS = [ :name, :compiler, :os, :architecture, :score, :numflawssev0, :numflawssev1, - :numflawssev2, :numflawssev3, :numflawssev4, :numflawssev5].freeze - - attr_accessor *VALID_ATTRIBUTE_KEYS - - def initialize(attributes) - VALID_ATTRIBUTE_KEYS.each{|k| self.send("#{k}=", Hash[attributes][k.to_s]) } - end - end + xml_reader :severity, :as => [Severity] - class Severity - - end end + end end \ No newline at end of file diff --git a/lib/veracode/api/parse.rb b/lib/veracode/api/parse.rb deleted file mode 100644 index aa28dba..0000000 --- a/lib/veracode/api/parse.rb +++ /dev/null @@ -1,87 +0,0 @@ -module Veracode - module Parser - def parse(xml_text, on_error = nil, on_warning = nil) - sax_handler = Handler.new(self, on_error, on_warning) - parser = Nokogiri::XML::SAX::Parser.new(sax_handler) - parser.parse(xml_text) - self - end - end - - class Handler < Nokogiri::XML::SAX::Document - attr_reader :stack - - def initialize(object, on_error = nil, on_warning = nil) - @stack = [[object, nil, String.new]] - @parsed_configs = {} - @on_error = on_error - @on_warning = on_warning - end - - def characters(string) - object, config, value = stack.last - - value << string - end - - def cdata_block(string) - characters(string) - end - - def start_element name, attrs = [] - object, config, value = stack.last - - case name - when "application" - app = Veracode::Result::Builds::Applications::Application.new(attrs) - object.applications.push(app) - when "build" - build = Veracode::Result::Builds::Applications::Application::Build.new(attrs) - object.applications.last.builds.push(build) - when "analysis_unit" - analysis = Veracode::Result::Builds::Applications::Application::Build::AnalysisUnit.new(attrs) - object.applications.last.builds.last.units.push(analysis) - when "detailedreport" - object.assign(attrs) - when "static-analysis" - analysis = Veracode::Result::DetailedReport::StaticAnalysis.new(attrs) - object.analysis.push(analysis) - when "dynamic-analysis" - analysis = Veracode::Result::DetailedReport::DynamicAnalysis.new(attrs) - object.analysis.push(analysis) - when "manual-analysis" - analysis = Veracode::Result::DetailedReport::ManualAnalysis.new(attrs) - object.analysis.push(analysis) - when "cia_adjustment" - object.analysis.last.cia_adjustment = nil - when "module" - mod = Veracode::Result::DetailedReport::Modules.new(attrs) - object.analysis.last.modules.push(mod) - else - end - end - - def warning string - if @on_warning - @on_warning.call(string) - end - end - - def error string - if @on_error - @on_error.call(string) - end - end - - def end_element name - object, config, value = stack.last - - case name - when "screen" - when "cia_adjustment" - object.analysis.last.cia_adjustment = value.to_i - else - end - end -end -end \ No newline at end of file diff --git a/lib/veracode/api/types.rb b/lib/veracode/api/types.rb new file mode 100644 index 0000000..5367dc7 --- /dev/null +++ b/lib/veracode/api/types.rb @@ -0,0 +1,32 @@ +require 'base64' + +module Veracode + module Result + class Base + include ROXML + end + + class Screenshot < Base + xml_reader :format, :from => "@format" + + xml_reader(:data) {|b64data| Base64.decode(b64data) } + end + + class BulletType < Base + xml_reader :text, :from => "@text" + end + + class ParaType < Base + xml_reader :bulletitem, :as => [BulletType] + xml_reader :text, :from => "@text" + end + + class TextType < Base + xml_reader :text, :from => "text/@text" + end + + class Para < Base + xml_reader :para, :as => [ParaType] + end + end +end \ No newline at end of file diff --git a/lib/veracode/results.rb b/lib/veracode/results.rb index c307661..7f4fb51 100644 --- a/lib/veracode/results.rb +++ b/lib/veracode/results.rb @@ -1,9 +1,6 @@ require 'nokogiri' require 'veracode/api/builds' require 'veracode/api/detailed' -require 'veracode/api/parse' -require 'rubygems' -require 'xmlsimple' require 'pp' @@ -19,9 +16,7 @@ class Results < Veracode::Base def get_application_builds xml = getXML(GET_APP_BUILDS_URI, @username, @password) if xml.is_a?(Net::HTTPSuccess) - parser = Veracode::Result::Builds::Applications.new - - builds = parser.parse(xml.body) + builds = Veracode::Result::Builds::Applications.from_xml(xml.body) else xml.error! end @@ -30,11 +25,7 @@ def get_application_builds def get_detailed_report(build_id) xml = getXML(DETAILED_REPORT_URI + "?build_id=" + build_id, @username, @password) if xml.is_a?(Net::HTTPSuccess) - parser = Veracode::Result::DetailedReport.new - - #puts xml.body - # XmlSimple.xml_in(xml.body) - report = parser.parse(xml.body) + report = Veracode::Result::DetailedReport.from_xml(xml.body) else xml.error! end