Built up Detailed Report Handling and added Unit Tests

mort666 · Jun 6, 2012 · d5181c7 · d5181c7
1 parent afc9b6a
commit d5181c7
Show file tree

Hide file tree

Showing 14 changed files with 6,898 additions and 65 deletions.
diff --git a/Gemfile b/Gemfile
@@ -1,4 +1,12 @@
 source "http://rubygems.org"
 
+group :test do
+  gem 'webmock'
+  gem 'vcr'
+  gem 'turn'
+  gem 'minitest'
+  gem 'rake'
+end
+
 # Specify your gem's dependencies in veracode.gemspec
 gemspec
diff --git a/Rakefile b/Rakefile
@@ -1 +1,9 @@
 require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.test_files = FileList['spec/lib/veracode/*_spec.rb']
+  t.verbose = true
+end
+
+task :default => :test
diff --git a/lib/veracode.rb b/lib/veracode.rb
@@ -1,3 +1,5 @@
+require "httparty"
+
 require "veracode/version"
 require "veracode/config"
 require "veracode/base"

diff --git a/lib/veracode/api/builds.rb b/lib/veracode/api/builds.rb
@@ -1,55 +1,47 @@
-require 'roxml'
+require 'veracode/api/types'
 
 module Veracode 
   module Result
     module Builds
-      class AnalysisUnit
-        include ROXML
-
-        xml_accessor :analysis_type, :from => "@analysis_type"
-        xml_accessor :status, :from => "@status"
-        xml_accessor :published_date, :from => "@published_date"
+      class AnalysisUnit < Base
+        xml_reader :analysis_type, :from => "@analysis_type"
+        xml_reader :status, :from => "@status"
+        xml_reader :published_date, :from => "@published_date"
       end
 
-      class Build
-        include ROXML
-
-        xml_accessor :version, :from => "@version"
-        xml_accessor :build_id, :from =>  "@build_id"
-        xml_accessor :submitter, :from => "@submitter"
-        xml_accessor :platform, :from => "@platform"
-        xml_accessor :lifecycle_stage, :from => "@lifecycle_stage"
-        xml_accessor :results_ready, :from => "@results_ready"
-        xml_accessor :policy_name, :from => "@policy_name"
-        xml_accessor :policy_version, :from => "@policy_version"
-        xml_accessor :policy_compliance_status,  :from => "@policy_compliance_status"
-        xml_accessor :rules_status, :from => "@rules_status"
-        xml_accessor :grace_period_expired, :from => "@grace_period_expired"
-        xml_accessor :scan_overdue, :from => "@scan_overdue"
+      class Build < Base
+        xml_reader :version, :from => "@version"
+        xml_reader :build_id, :from =>  "@build_id"
+        xml_reader :submitter, :from => "@submitter"
+        xml_reader :platform, :from => "@platform"
+        xml_reader :lifecycle_stage, :from => "@lifecycle_stage"
+        xml_reader :results_ready, :from => "@results_ready"
+        xml_reader :policy_name, :from => "@policy_name"
+        xml_reader :policy_version, :from => "@policy_version"
+        xml_reader :policy_compliance_status,  :from => "@policy_compliance_status"
+        xml_reader :rules_status, :from => "@rules_status"
+        xml_reader :grace_period_expired, :from => "@grace_period_expired"
+        xml_reader :scan_overdue, :from => "@scan_overdue"
 
-        xml_accessor  :analysis_units, :as => [AnalysisUnit]
+        xml_reader  :analysis_units, :as => [AnalysisUnit]
       end
 
-      class Application
-        include ROXML
-
-        xml_accessor :app_name, :from => "@app_name"
-        xml_accessor :app_id,  :from => "@app_id"
-        xml_accessor :industry_vertical,  :from => "@industry_vertical"
-        xml_accessor :assurance_level,  :from => "@assurance_level"
-        xml_accessor :business_criticality,  :from => "business_criticality"
-        xml_accessor :origin,  :from => "@origin"
-        xml_accessor :cots,  :from => "@cots"
-        xml_accessor :business_unit,  :from => "@business_unit"
-        xml_accessor :tags, :from => "@tags"
-        xml_accessor :builds, :as => [Build]
+      class Application < Base
+        xml_reader :app_name, :from => "@app_name"
+        xml_reader :app_id,  :from => "@app_id"
+        xml_reader :industry_vertical,  :from => "@industry_vertical"
+        xml_reader :assurance_level,  :from => "@assurance_level"
+        xml_reader :business_criticality,  :from => "business_criticality"
+        xml_reader :origin,  :from => "@origin"
+        xml_reader :cots,  :from => "@cots"
+        xml_reader :business_unit,  :from => "@business_unit"
+        xml_reader :tags, :from => "@tags"
+        xml_reader :builds, :as => [Build]
 
       end
 
-      class Applications
-        include ROXML
-
-        xml_accessor :applications, :as => [Application]
+      class Applications < Base
+        xml_reader :applications, :as => [Application]
       end
 
     end

diff --git a/lib/veracode/api/detailed.rb b/lib/veracode/api/detailed.rb
@@ -1,4 +1,5 @@
 require 'veracode/api/types'
+require 'veracode/api/flaws'
 
 module Veracode
   module Result
@@ -49,6 +50,9 @@ class CWE < Base
       xml_reader :pcirelated?, :from => "@pcirelated"
 
       xml_reader :description, :as => [TextType]
+      xml_reader :staticflaws, :as => Flaws
+      xml_reader :dynamicflaws, :as => Flaws
+      xml_reader :manualflaws, :as => Flaws
     end
 
     class Category < Base
@@ -60,7 +64,21 @@ class Category < Base
       xml_reader :recommendations, :as => Para
       xml_reader :cwe, :as => [CWE]
     end
-
+
+    class FlawStatus < Base
+      xml_reader :new, :from => :attr
+      xml_reader :reopen, :from => :attr
+      xml_reader :open, :from => :attr
+      xml_reader :fixed, :from => :attr
+      xml_reader :total, :from => :attr
+      xml_reader :not_mitigated, :from => :attr
+      xml_reader :sev_1_change, :from => :attr
+      xml_reader :sev_2_change, :from => :attr
+      xml_reader :sev_3_change, :from => :attr
+      xml_reader :sev_4_change, :from => :attr
+      xml_reader :sev_5_change, :from => :attr
+    end
+
     class Severity < Base
       xml_reader :level, :from => "@level"
 
@@ -107,6 +125,7 @@ class DetailedReport < Base
 
       xml_reader :severity, :as => [Severity]
 
+      xml_reader :flaw_status, :as => FlawStatus
     end
 
   end

diff --git a/lib/veracode/api/flaws.rb b/lib/veracode/api/flaws.rb
@@ -0,0 +1,82 @@
+require 'veracode/api/types'
+
+module Veracode
+  module Result
+    class AnnotationType < Base
+      xml_reader :action, :from => :attr
+      xml_reader :description, :from => :attr
+      xml_reader :user, :from => :attr
+      xml_reader :date, :from => :attr
+    end
+
+    class Annotations < Base
+      xml_reader :annotation, :as => [AnnotationType]
+    end
+
+    class MitigationType < Base
+      xml_reader :action, :from => :attr
+      xml_reader :description, :from => :attr
+      xml_reader :user, :from => :attr
+      xml_reader :date, :from => :attr
+    end
+
+    class Mitigations < Base
+      xml_reader :mitigation, :as => [MitigationType]
+    end
+
+    class ExploitabilityAdjustment < Base
+      xml_reader :note
+      xml_reader :score_adjustment, :from => :attr
+    end
+
+    class ExploitAdjustment < Base
+      xml_reader :exploitability_adjustment, :as => ExploitabilityAdjustment
+    end
+
+    class Flaw < Base
+      xml_reader :severity, :from => :attr
+      xml_reader :categoryname, :from => :attr
+      xml_reader :count, :from => :attr
+      xml_reader :issueid, :from => :attr
+      xml_reader :module, :from => :attr
+      xml_reader :type, :from => :attr
+      xml_reader :description, :from => :attr
+      xml_reader :note, :from => :attr
+      xml_reader :cweid, :from => :attr
+      xml_reader :remediationeffort, :from => :attr
+      xml_reader :exploitLevel, :from => :attr
+      xml_reader :categoryid, :from => :attr
+      xml_reader :pcirelated?, :from => :attr
+      xml_reader :date_first_occurrence, :from => :attr
+      xml_reader :remediation_status, :from => :attr
+      xml_reader :sourcefile, :from => :attr
+      xml_reader :line, :from => :attr
+      xml_reader :sourcefilepath, :from => :attr
+      xml_reader :scope, :from => :attr
+      xml_reader :functionprototype, :from => :attr
+      xml_reader :functionrelativelocation, :from => :attr
+      xml_reader :url, :from => :attr
+      xml_reader :vuln_parameter, :from => :attr
+      xml_reader :location, :from => :attr
+      xml_reader :cvss, :from => :attr
+      xml_reader :capecid, :from => :attr
+      xml_reader :exploitdifficulty, :from => :attr
+      xml_reader :inputvector, :from => :attr
+      xml_reader :cia_impact, :from => :attr
+      xml_reader :grace_period_expires, :from => :attr
+      xml_reader :affects_policy_compliance?, :from => :attr
+
+      xml_reader :exploit_desc
+      xml_reader :severity_desc
+      xml_reader :remediation_desc
+      xml_reader :exploitability_adjustments, :as => ExploitAdjustment
+      xml_reader :appendix, :as => AppendixType
+      xml_reader :mitigations, :as => Mitigations
+      xml_reader :annotations, :as => Annotations
+    end
+
+    class Flaws < Base
+      xml_reader :flaws, :as => [Flaw]
+    end
+  end
+end
diff --git a/lib/veracode/api/types.rb b/lib/veracode/api/types.rb
@@ -1,4 +1,5 @@
 require 'base64'
+require 'roxml'
 
 module Veracode
   module Result
@@ -9,7 +10,7 @@ class Base
     class Screenshot < Base
       xml_reader :format, :from => "@format"
 
-      xml_reader(:data) {|b64data| Base64.decode(b64data) }
+      xml_reader(:data) {|b64data| Base64.decode64(b64data) }
     end
 
     class BulletType < Base
@@ -28,5 +29,11 @@ class TextType < Base
     class Para < Base
       xml_reader :para, :as => [ParaType]
     end
+
+    class AppendixType < Base
+      xml_reader :description
+      xml_reader :screenshot, :as => [Screenshot]
+      xml_reader :code
+    end
   end
 end
diff --git a/lib/veracode/base.rb b/lib/veracode/base.rb
@@ -1,27 +1,22 @@
-require "net/http"
-require "net/https"
-require "uri"
-
 module Veracode
   class Base
     attr_accessor *Config::VALID_OPTIONS_KEYS
 
+    include HTTParty
+
+    base_uri 'https://analysiscenter.veracode.com'
+
     def initialize(options={})
       attrs = Veracode.options.merge(options)
       Config::VALID_OPTIONS_KEYS.each do |key|
         send("#{key}=", options[key])
       end
     end
 
-    def getXML(path, username, password, debug=false)
-      url = URI.parse(path)
-      req = Net::HTTP::Get.new(url.request_uri)
-      req.basic_auth username, password
-
-      site = Net::HTTP.new(url.host, url.port)
-      site.use_ssl = true
-      site.set_debug_output $stderr if debug
-      resp = site.start {|http| http.request(req) }
+    def getXML(path, debug=false)
+      auth = { :username => @username, :password => @password }
+
+      self.class.get(path, :basic_auth => auth)
     end
 
   end

diff --git a/lib/veracode/results.rb b/lib/veracode/results.rb
@@ -6,25 +6,27 @@
 
 module Veracode
   class Results < Veracode::Base
-    GET_APP_BUILDS_URI = "https://analysiscenter.veracode.com/api/2.0/getappbuilds.do";
-  	DETAILED_REPORT_URI = "https://analysiscenter.veracode.com/api/2.0/detailedreport.do";
-  	DETAILED_REPORT_PDF_URI = "https://analysiscenter.veracode.com/api/2.0/detailedreportpdf.do";
-  	SUMMARY_REPORT_URI = "https://analysiscenter.veracode.com/api/2.0/summaryreport.do";
-  	SUMMARY_REPORT_PDF_URI = "https://analysiscenter.veracode.com/api/2.0/summaryreportpdf.do";
-  	THIRD_PARTY_REPORT_PDF_URI = "https://analysiscenter.veracode.com/api/2.0/thirdpartyreportpdf.do";
+    GET_APP_BUILDS_URI = "/api/2.0/getappbuilds.do";
+  	DETAILED_REPORT_URI = "/api/2.0/detailedreport.do";
+  	DETAILED_REPORT_PDF_URI = "/api/2.0/detailedreportpdf.do";
+  	SUMMARY_REPORT_URI = "/api/2.0/summaryreport.do";
+  	SUMMARY_REPORT_PDF_URI = "/api/2.0/summaryreportpdf.do";
+  	THIRD_PARTY_REPORT_PDF_URI = "/api/2.0/thirdpartyreportpdf.do";
 
   	def get_application_builds
-  	  xml = getXML(GET_APP_BUILDS_URI, @username, @password)
-  	  if xml.is_a?(Net::HTTPSuccess)
+  	  xml = getXML(GET_APP_BUILDS_URI)
+  	  case xml.code
+	    when 200
         builds = Veracode::Result::Builds::Applications.from_xml(xml.body)
       else
         xml.error!
       end
   	end
 
   	def get_detailed_report(build_id)
-  	  xml = getXML(DETAILED_REPORT_URI + "?build_id=" + build_id, @username, @password)
-  	  if xml.is_a?(Net::HTTPSuccess)
+  	  xml = getXML(DETAILED_REPORT_URI + "?build_id=" + build_id)
+  	  case xml.code
+	    when 200
   	    report = Veracode::Result::DetailedReport.from_xml(xml.body)
   	  else
         xml.error!