From e0fbe4495cd3c2820c92272d04312aecce2a7a76 Mon Sep 17 00:00:00 2001
From: Stephen Kapp <mort666@virus.org>
Date: Fri, 28 Dec 2012 16:27:37 +0000
Subject: [PATCH] Added Uploads API Calls and Re-org of Base API result class

---
 .gitignore                                |   2 +
 lib/veracode/api/builds.rb                |   8 +-
 lib/veracode/api/detailed.rb              |   8 +-
 lib/veracode/api/flaws.rb                 |  16 +-
 lib/veracode/api/summary.rb               |   6 +-
 lib/veracode/api/types.rb                 |  33 +-
 lib/veracode/api/upload.rb                | 155 +++++++
 lib/veracode/parser/parser.rb             |   7 +-
 lib/veracode/results.rb                   |  10 +-
 lib/veracode/upload.rb                    |  47 +-
 lib/veracode/version.rb                   |   2 +-
 spec/fixtures/veracode_cassettes/base.yml | 513 +++++++++++++++++++++-
 spec/lib/veracode/upload_spec.rb          |  74 ++++
 13 files changed, 836 insertions(+), 45 deletions(-)
 create mode 100644 lib/veracode/api/upload.rb
 create mode 100644 spec/lib/veracode/upload_spec.rb

diff --git a/.gitignore b/.gitignore
index 4040c6c..670a04b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,5 @@
 .bundle
 Gemfile.lock
 pkg/*
+
+.DS_Store
diff --git a/lib/veracode/api/builds.rb b/lib/veracode/api/builds.rb
index c1003c7..d0b6a57 100644
--- a/lib/veracode/api/builds.rb
+++ b/lib/veracode/api/builds.rb
@@ -3,13 +3,13 @@
 module Veracode 
   module Result
     module Builds 
-      class AnalysisUnit < Base 
+      class AnalysisUnit < Veracode::Common::Base 
         api_field :analysis_type, :tag => :analysis_type
         api_field :status, :tag => :status
         api_field :published_date, :tag => :published_date
       end
       
-      class Build < Base 
+      class Build < Veracode::Common::Base 
         api_field :version, :tag => :version
         api_field :build_id, :tag => :build_id
         api_field :submitter, :tag => :submitter
@@ -47,7 +47,7 @@ def analysis_units
         end
       end
       
-      class Application < Base
+      class Application < Veracode::Common::Base
         api_field :app_name, :tag => :app_name
         api_field :app_id, :tag => :app_id
         api_field :industry_vertical, :tag => :industry_vertical
@@ -76,7 +76,7 @@ def builds
         end        
       end
       
-      class Applications < Base
+      class Applications < Veracode::Common::Base
         def applications
           @applications ||= []
           if @applications.empty?
diff --git a/lib/veracode/api/detailed.rb b/lib/veracode/api/detailed.rb
index 26637d9..c2d9db8 100644
--- a/lib/veracode/api/detailed.rb
+++ b/lib/veracode/api/detailed.rb
@@ -3,7 +3,7 @@
 
 module Veracode
   module Result
-    class CWE < Base
+    class CWE < Veracode::Common::Base
       api_field :cweid, :tag => :cweid
       api_field :cwename, :tag => :cwename
       
@@ -21,7 +21,7 @@ def description
 
     end
     
-    class Category < Base 
+    class Category < Veracode::Common::Base 
       api_field :categoryid, :tag => :categoryid
       api_field :categoryname, :tag => :categoryname
       api_type_field :desc, :tag => :desc, :as => Para 
@@ -84,7 +84,7 @@ def cwe
       end
     end
     
-    class Severity < Base
+    class Severity < Veracode::Common::Base
       api_field :level, :tag => :level
       
       def categories
@@ -106,7 +106,7 @@ def categories
       end
     end
     
-    class DetailedReport < Base
+    class DetailedReport < Veracode::Common::Base
       
       api_field :report_format_version, :tag => :report_format_version
       api_field :app_name, :tag => :app_name
diff --git a/lib/veracode/api/flaws.rb b/lib/veracode/api/flaws.rb
index 61fb4c8..32ca036 100644
--- a/lib/veracode/api/flaws.rb
+++ b/lib/veracode/api/flaws.rb
@@ -2,14 +2,14 @@
 
 module Veracode
   module Result
-    class AnnotationType < Base
+    class AnnotationType < Veracode::Common::Base
       api_field :action, :tag => :action
       api_field :description, :tag => :description
       api_field :user, :tag => :user
       api_field :date, :tag => :date
     end
     
-    class Annotations < Base
+    class Annotations < Veracode::Common::Base
       def annotation
         @annotations ||= [] 
         begin
@@ -29,14 +29,14 @@ def annotation
       end
     end
     
-    class MitigationType < Base
+    class MitigationType < Veracode::Common::Base
       api_field :action, :tag => :action
       api_field :description, :tag => :description
       api_field :user, :tag => :user
       api_field :date, :tag => :date
     end
     
-    class Mitigations < Base
+    class Mitigations < Veracode::Common::Base
       def mitigation
         @mitigations ||= [] 
         begin
@@ -56,12 +56,12 @@ def mitigation
       end
     end
     
-    class ExploitabilityAdjustment < Base
+    class ExploitabilityAdjustment < Veracode::Common::Base
       api_field :note, :tag => :note
       api_field :score_adjustment, :tag => :score_adjustment
     end
     
-    class ExploitAdjustment < Base
+    class ExploitAdjustment < Veracode::Common::Base
       def exploitability_adjustment
         @exploitability_adjustments ||= [] 
         begin
@@ -81,7 +81,7 @@ def exploitability_adjustment
       end
     end
     
-    class Flaw < Base
+    class Flaw < Veracode::Common::Base
       api_field :severity, :tag => :severity
       api_field :categoryname, :tag => :categoryname
       api_field :count, :tag => :count
@@ -130,7 +130,7 @@ def affects_policy_compliance?
       api_type_field :annotations, :tag => :annotations, :as => Annotations
     end
     
-    class Flaws < Base
+    class Flaws < Veracode::Common::Base
       def flaws
         @flaws ||= [] 
         begin
diff --git a/lib/veracode/api/summary.rb b/lib/veracode/api/summary.rb
index 052556e..90bac36 100644
--- a/lib/veracode/api/summary.rb
+++ b/lib/veracode/api/summary.rb
@@ -4,13 +4,13 @@
 module Veracode
   module Result
     
-      class SummaryCategory < Base
+      class SummaryCategory < Veracode::Common::Base
         api_field :categoryname, :tag => :categoryname
         api_field :severity, :tag => :severity
         api_field :count, :tag => :count
       end
 
-      class SummarySeverity < Base
+      class SummarySeverity < Veracode::Common::Base
         api_field :level, :tag => :level
         
         def categories
@@ -32,7 +32,7 @@ def categories
         end
       end
     
-    class SummaryReport < Base
+    class SummaryReport < Veracode::Common::Base
       api_field :report_format_version, :tag => :report_format_version
       api_field :app_name, :tag => :app_name
       api_field :app_id, :tag => :app_id
diff --git a/lib/veracode/api/types.rb b/lib/veracode/api/types.rb
index 96e2820..70f401f 100644
--- a/lib/veracode/api/types.rb
+++ b/lib/veracode/api/types.rb
@@ -4,13 +4,17 @@
 # Veracode API General Types used by Summary and Detailed results as well as Application Build API 
 #
 module Veracode
-  module Result 
+  module Common
     # Base Class for result
     class Base
       
       def self.api_field(name, args)  
         send(:define_method, name) do   
-          return @xml_hash.send(args[:tag].to_sym) 
+          begin
+            return @xml_hash.send(args[:tag].to_sym)
+          rescue NoMethodError
+            return nil
+          end
         end
       end    
       
@@ -22,6 +26,7 @@ def self.api_type_field(name, args)
             instance_variable_set("@#{name}", tmp) 
             return tmp
           rescue NoMethodError
+            return nil
           end
         end   
       end
@@ -30,8 +35,10 @@ def initialize(xml_hash)
         @xml_hash = xml_hash
       end 
     end
-    
-    class Screenshot < Base
+  end
+  
+  module Result 
+    class Screenshot < Veracode::Common::Base
       api_field :format, :tag => :format            
       
       def data
@@ -42,11 +49,11 @@ def data
       #xml_reader(:data) {|b64data| Base64.decode64(b64data) }
     end
     
-    class BulletType < Base
+    class BulletType < Veracode::Common::Base
       api_field :text, :tag => :text
     end
     
-    class ParaType  < Base
+    class ParaType  < Veracode::Common::Base
       #xml_reader :bulletitem, :as => [BulletType]
       api_field :text, :tag => :text
       
@@ -68,11 +75,11 @@ def bulletitem
       end
     end
     
-    class TextType < Base
+    class TextType < Veracode::Common::Base
       #xml_reader :text, :from => "text/@text"
     end
     
-    class Para < Base
+    class Para < Veracode::Common::Base
       #xml_reader :para, :as => [ParaType] 
       def para
         @paras ||= []
@@ -89,7 +96,7 @@ def para
       end
     end
     
-    class AppendixType < Base
+    class AppendixType < Veracode::Common::Base
       api_field :description, :tag => :description
       #xml_reader :screenshot, :as => [Screenshot]
       def screenshot
@@ -111,7 +118,7 @@ def screenshot
       api_field :code, :tag => :code
     end
     
-    class Module < Base
+    class Module < Veracode::Common::Base
       api_field :name, :tag => :name
       api_field :compiler, :tag => :compiler
       api_field :os, :tag => :os
@@ -125,7 +132,7 @@ class Module < Base
       api_field :numflawssev5, :tag => :numflawssev5
     end
     
-    class Analysis < Base
+    class Analysis < Veracode::Common::Base
 
       api_field :analysis_size_bytes, :tag => :analysis_size_bytes
       api_field :rating, :tag => :rating
@@ -151,7 +158,7 @@ def modules
         end
     end
       
-    class ManualAnalysis < Base
+    class ManualAnalysis < Veracode::Common::Base
        api_field :rating, :tag => :rating
        api_field :score, :tag => :score
        api_field :mitigated_rating, :tag => :mitigated_rating
@@ -177,7 +184,7 @@ def modules
         end
     end
     
-    class FlawStatus < Base
+    class FlawStatus < Veracode::Common::Base
       api_field :new_flaws, :tag => :new
       api_field :reopen_flaws, :tag => :reopen
       #api_field :open_flaws, :tag => :open 
diff --git a/lib/veracode/api/upload.rb b/lib/veracode/api/upload.rb
new file mode 100644
index 0000000..16a0684
--- /dev/null
+++ b/lib/veracode/api/upload.rb
@@ -0,0 +1,155 @@
+require 'veracode/api/types'
+
+module Veracode
+  module Upload 
+    class AnalysisUnit < Veracode::Common::Base 
+      api_field :analysis_type, :tag => :analysis_type
+      api_field :status, :tag => :status
+      api_field :published_date, :tag => :published_date
+    end
+    
+    class Build < Veracode::Common::Base 
+      api_field :version, :tag => :version
+      api_field :build_id, :tag => :build_id
+      api_field :submitter, :tag => :submitter
+      api_field :platform, :tag => :platform
+      api_field :lifecycle_stage, :tag => :lifecycle_stage
+      api_field :policy_name, :tag => :policy_name
+      api_field :policy_version, :tag => :policy_version
+      api_field :policy_compliance_status, :tag => :policy_compliance_status
+      api_field :rules_status, :tag => :rules_status 
+      
+      def grace_period_expired?
+        @grace_period_expired ||= @xml_hash.grace_period_expired.to_bool
+      end
+      
+      def scan_overdue?
+        @scan_overdue ||= @xml_hash.scan_overdue.to_bool
+      end
+      
+      def results_ready?
+        @results_ready ||= @xml_hash.results_ready.to_bool
+      end
+              
+      def analysis_units
+        @analysis_units ||= []
+        if @analysis_units.empty?
+          if @xml_hash.analysis_unit.class == Array
+            @analysis_units = @xml_hash.analysis_unit.map do |analysis_unit|
+              AnalysisUnit.new(analysis_unit)
+            end
+          else
+            @analysis_units << AnalysisUnit.new(@xml_hash.analysis_unit)
+          end
+        end
+        return @analysis_units
+      end
+    end
+    
+    class BuildInfo < Veracode::Common::Base 
+      api_field :build_id, :tag => :build_id
+      api_field :app_id, :tag => :app_id
+      api_field :account_id, :tag => :account_id
+      
+      api_type_field :build, :tag => :build, :as => Build        
+    end
+    
+    class BuildList < Veracode::Common::Base
+      api_field :app_id, :tag => :app_id
+      api_field :account_id, :tag => :account_id
+      api_field :app_name, :tag => :app_name
+      
+      def build
+        @builds ||= []
+        begin  
+          if @builds.empty?      
+            if @xml_hash.build.class == Array
+              @builds = @xml_hash.build.map do |item|
+                Build.new(item)
+              end
+            else
+              @builds << Build.new(@xml_hash.build)
+            end
+          end
+        rescue NoMethodError
+        end
+        return @builds
+      end
+    end
+    
+    class Application < Veracode::Common::Base
+      api_field :app_id, :tag => :app_id
+      api_field :app_name, :tag => :app_name
+      api_field :vendor, :tag => :vendor
+      api_field :description, :tag => :description
+      api_field :business_criticality, :tag => :business_criticality
+      api_field :policy, :tag => :policy
+      api_field :teams, :tag => :teams
+      api_field :origin, :tag => :origin
+      api_field :industry_vertical, :tag => :industry_vertical
+      api_field :app_type, :tag => :app_type
+      api_field :deployment_method, :tag => :deployment_method
+      api_field :archer_app_name, :tag => :archer_app_name
+      api_field :modified_date, :tag => :modified_date
+      api_field :vendor_id, :tag => :vendor_id
+      api_field :business_unit, :tag => :business_unit
+      api_field :business_owner, :tag => :business_owner
+      api_field :business_owner_email, :tag => :business_owner_email
+      api_field :tags, :tag => :tags
+      
+      def is_web_application?
+        @is_web_application ||= @xml_hash.is_web_application.to_bool
+      end
+      
+      def cots?
+        @cots ||= @xml_hash.cots.to_bool
+      end 
+    end
+    
+    class ApplicationInfo < Veracode::Common::Base 
+      def application
+        @applications ||= []
+        begin  
+          if @applications.empty?      
+            if @xml_hash.application.class == Array
+              @applications = @xml_hash.application.map do |item|
+                Application.new(item)
+              end
+            else
+              @applications << Application.new(@xml_hash.application)
+            end
+          end
+        rescue NoMethodError
+        end
+        return @applications
+      end
+    end
+  
+    class App < Veracode::Common::Base
+      api_field :app_id, :tag => :app_id
+      api_field :app_name, :tag => :app_name
+      api_field :vendor_name, :tag => :vendor_name
+    end
+    
+    class AppList < Veracode::Common::Base
+      api_field :account_id, :tag => :account_id 
+      
+      def app
+        @applications ||= []
+        begin  
+          if @applications.empty?      
+            if @xml_hash.app.class == Array
+              @applications = @xml_hash.app.map do |item|
+                App.new(item)
+              end
+            else
+              @applications << App.new(@xml_hash.app)
+            end
+          end
+        rescue NoMethodError
+        end
+        return @applications
+      end
+    end
+  end
+end
\ No newline at end of file
diff --git a/lib/veracode/parser/parser.rb b/lib/veracode/parser/parser.rb
index ccedd8e..b7b7317 100644
--- a/lib/veracode/parser/parser.rb
+++ b/lib/veracode/parser/parser.rb
@@ -1,5 +1,5 @@
 require 'nori'
-
+require 'pp'
 require 'rexml/document'
 
 class ::String
@@ -35,9 +35,8 @@ def self.parse(xml)
       parser = XML::SAXParser.new()  
       parser.options = {}
       REXML::Document.parse_stream(xml, parser)
-      
+     
       parser.stack.length > 0 ? parser.stack.pop.to_hash : {}
-      
     end
   end
   
@@ -50,7 +49,7 @@ def stack
       end
       
       def tag_start(name, attrs)
-        stack.push Nori::XMLUtilityNode.new(options, name, Hash[*attrs.flatten])
+        stack.push Nori::XMLUtilityNode.new(options, name, Hash[*attrs.flatten]) 
       end
 
       def tag_end(name)
diff --git a/lib/veracode/results.rb b/lib/veracode/results.rb
index 62140c5..4324b55 100644
--- a/lib/veracode/results.rb
+++ b/lib/veracode/results.rb
@@ -20,8 +20,8 @@ def get_application_builds
     	  case xml.code
   	    when 200
   	      clean_xml = xml.body.strip
-  	      parsed = Veracode::Parser.parse(clean_xml)
-          builds = Veracode::Result::Builds::Applications.new(parsed)
+  	      parsed = Veracode::Parser.parse(clean_xml) 
+  	      builds = Veracode::Result::Builds::Applications.new(parsed)
         else
           xml.error!
         end
@@ -42,9 +42,11 @@ def get_summary_report(build_id)
     	def get_detailed_report(build_id)
     	  xml = getXML(DETAILED_REPORT_URI + "?build_id=" + build_id)
     	  case xml.code
-  	    when 200
-    	    clean_xml = xml.body.strip
+  	    when 200  
+  	      xmlbody = xml.body
+    	    clean_xml = xmlbody.strip
   	      parsed = Veracode::Parser.parse(clean_xml)          
+
     	    report = Veracode::Result::DetailedReport.new(parsed.detailedreport)
     	  else
           xml.error!
diff --git a/lib/veracode/upload.rb b/lib/veracode/upload.rb
index 1217079..88b52d5 100644
--- a/lib/veracode/upload.rb
+++ b/lib/veracode/upload.rb
@@ -1,3 +1,7 @@
+require 'nokogiri'
+require 'veracode/parser/parser'
+require 'veracode/api/upload'
+
 module Veracode
   module API
     class Upload < Veracode::API::Base
@@ -21,7 +25,48 @@ def get_application_list
         xml = getXML(GET_APP_LIST_URI)
     	  case xml.code
   	    when 200
-          xml.body
+          clean_xml = xml.body.strip
+  	      parsed = Veracode::Parser.parse(clean_xml) 
+  	      apps = Veracode::Upload::AppList.new(parsed.applist)
+        else
+          xml.error!
+        end
+      end
+      
+      def get_build_list(app_id)
+        xml = getXML(GET_BUILD_LIST_URI + "?app_id=" + app_id)
+        case xml.code
+  	    when 200
+          clean_xml = xml.body.strip
+  	      parsed = Veracode::Parser.parse(clean_xml) 
+  	      appinfo = Veracode::Upload::BuildList.new(parsed.buildlist)
+        else
+          xml.error!
+        end
+      end
+      
+      def get_build_info(app_id, build_id=nil) 
+        url = GET_BUILD_INFO_URI + "?app_id=" + app_id
+        url += "&build_id=#{build_id}" if !build_id.nil? 
+        
+        xml = getXML(url)
+        case xml.code
+  	    when 200
+          clean_xml = xml.body.strip
+  	      parsed = Veracode::Parser.parse(clean_xml) 
+  	      builds = Veracode::Upload::BuildInfo.new(parsed.buildinfo)
+        else
+          xml.error!
+        end
+      end
+      
+      def get_application_info(app_id)
+        xml = getXML(GET_APP_INFO_URI + "?app_id=" + app_id)
+        case xml.code
+  	    when 200
+          clean_xml = xml.body.strip
+  	      parsed = Veracode::Parser.parse(clean_xml) 
+  	      appinfo = Veracode::Upload::ApplicationInfo.new(parsed.appinfo)
         else
           xml.error!
         end
diff --git a/lib/veracode/version.rb b/lib/veracode/version.rb
index b0db50b..e893fb5 100644
--- a/lib/veracode/version.rb
+++ b/lib/veracode/version.rb
@@ -1,5 +1,5 @@
 module Veracode
   module API
-    VERSION = "0.2.1"
+    VERSION = "0.3.1"
   end
 end
diff --git a/spec/fixtures/veracode_cassettes/base.yml b/spec/fixtures/veracode_cassettes/base.yml
index bb889f8..7a84fcb 100644
--- a/spec/fixtures/veracode_cassettes/base.yml
+++ b/spec/fixtures/veracode_cassettes/base.yml
@@ -622,7 +622,7 @@ http_interactions:
         </applicationbuilds>
 
 '
-    http_version: !!null 
+    http_version: 
   recorded_at: Wed, 06 Jun 2012 16:19:23 GMT
 - request:
     method: get
@@ -6575,7 +6575,7 @@ http_interactions:
         level=\"1\"/>\n<severity level=\"0\"/>\n<flaw-status new=\"190\" reopen=\"0\"
         open=\"0\" fixed=\"0\" total=\"190\" not_mitigated=\"190\" sev-1-change=\"0\"
         sev-2-change=\"14\" sev-3-change=\"148\" sev-4-change=\"22\" sev-5-change=\"6\"/>\n</detailedreport>\n"
-    http_version: !!null 
+    http_version: 
   recorded_at: Wed, 06 Jun 2012 16:25:28 GMT
 - request:
     method: get
@@ -6725,6 +6725,513 @@ http_interactions:
         </summaryreport>
 
 '
-    http_version: !!null 
+    http_version: 
   recorded_at: Wed, 06 Jun 2012 22:41:58 GMT
+- request:
+    method: get
+    uri: https://test:test0@analysiscenter.veracode.com/api/4.0/getappinfo.do?app_id=32338
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers: {}
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Pragma:
+      - ''
+      Cache-Control:
+      - no-store private must-revalidate
+      Expires:
+      - Thu, 01 Jan 1970 00:00:00 GMT
+      Set-Cookie:
+      - JSESSIONID=A0033CE0C654E8CD5CE37D5AC09B9AA2; Path=/; Secure
+      - JSESSIONID=D1193E4F0EBA5FC9AE3B34AA635CC2D6; Path=/; Secure
+      Content-Type:
+      - text/xml
+      Transfer-Encoding:
+      - chunked
+      Date:
+      - Fri, 28 Dec 2012 00:41:38 GMT
+      Server:
+      - Apache
+    body:
+      encoding: US-ASCII
+      string: ! '<?xml version="1.0" encoding="UTF-8"?>
+
+
+        <appinfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/2.0/appinfo"
+        xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/appinfo
+        https://analysiscenter.veracode.com/resource/2.0/appinfo.xsd" account_id="15834">
+
+        <application app_id="32338" app_name="WebGoat" description="WebGoat is a teaching
+        web application illustrating common web vulnerabilities." business_criticality="Very
+        High" policy="Veracode Transitional Very High" teams="" origin="Open Source"
+        industry_vertical="Other" app_type="Other" deployment_method="Not Specified"
+        is_web_application="true" modified_date="2012-03-01T10:03:59-05:00" cots="false"
+        business_unit="Not Specified" tags="">
+
+        <customfield name="Custom 1" value=""/>
+
+        <customfield name="Custom 2" value=""/>
+
+        <customfield name="Custom 3" value=""/>
+
+        <customfield name="Custom 4" value=""/>
+
+        <customfield name="Custom 5" value=""/>
+
+        </application>
+
+        </appinfo>
+
+'
+    http_version: 
+  recorded_at: Fri, 28 Dec 2012 00:41:38 GMT
+- request:
+    method: get
+    uri: https://test:test@analysiscenter.veracode.com/api/4.0/getbuildinfo.do?app_id=32338&build_id=44905
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers: {}
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Pragma:
+      - ''
+      Cache-Control:
+      - no-store private must-revalidate
+      Expires:
+      - Thu, 01 Jan 1970 00:00:00 GMT
+      Set-Cookie:
+      - JSESSIONID=689834BA39FE993454C92F56DABA5B8F; Path=/; Secure
+      - JSESSIONID=728A82312AC42990254151DB064AE12B; Path=/; Secure
+      Content-Type:
+      - text/xml
+      Transfer-Encoding:
+      - chunked
+      Date:
+      - Fri, 28 Dec 2012 00:41:39 GMT
+      Server:
+      - Apache
+    body:
+      encoding: US-ASCII
+      string: ! '<?xml version="1.0" encoding="UTF-8"?>
+
+
+        <buildinfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/4.0/buildinfo"
+        xsi:schemaLocation="https://analysiscenter.veracode.com/schema/4.0/buildinfo
+        https://analysiscenter.veracode.com/resource/4.0/buildinfo.xsd" account_id="15834"
+        app_id="32338" build_id="44905">
+
+        <build version="5.0" build_id="44905" submitter="Veracode" platform="Java"
+        lifecycle_stage="External or Beta Testing" results_ready="true" policy_name="Veracode
+        Transitional Very High" policy_version="1" policy_compliance_status="Did Not
+        Pass" rules_status="Did Not Pass" grace_period_expired="false" scan_overdue="false">
+
+        <analysis_unit analysis_type="Static" published_date="2012-03-01T09:26:18-05:00"
+        published_date_sec="1330611978" status="Results Ready"/>
+
+        <analysis_unit analysis_type="Dynamic" published_date="2012-03-01T10:03:50-05:00"
+        published_date_sec="1330614230" status="Results Ready"/>
+
+        <analysis_unit analysis_type="Manual" published_date="2012-03-01T09:59:14-05:00"
+        published_date_sec="1330613954" status="Results Ready"/>
+
+        </build>
+
+        </buildinfo>
+
+'
+    http_version: 
+  recorded_at: Fri, 28 Dec 2012 00:41:40 GMT
+- request:
+    method: get
+    uri: https://test:test@analysiscenter.veracode.com/api/4.0/getappinfo.do?app_id=32338
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers: {}
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Pragma:
+      - ''
+      Cache-Control:
+      - no-store private must-revalidate
+      Expires:
+      - Thu, 01 Jan 1970 00:00:00 GMT
+      Set-Cookie:
+      - JSESSIONID=AC79A79FE8F278628C9413352ABA3EDA; Path=/; Secure
+      - JSESSIONID=B4C7CD19AC64B62199ABCDF935E6F329; Path=/; Secure
+      Content-Type:
+      - text/xml
+      Transfer-Encoding:
+      - chunked
+      Date:
+      - Fri, 28 Dec 2012 00:48:32 GMT
+      Server:
+      - Apache
+    body:
+      encoding: US-ASCII
+      string: ! '<?xml version="1.0" encoding="UTF-8"?>
+
+
+        <appinfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/2.0/appinfo"
+        xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/appinfo
+        https://analysiscenter.veracode.com/resource/2.0/appinfo.xsd" account_id="15834">
+
+        <application app_id="32338" app_name="WebGoat" description="WebGoat is a teaching
+        web application illustrating common web vulnerabilities." business_criticality="Very
+        High" policy="Veracode Transitional Very High" teams="" origin="Open Source"
+        industry_vertical="Other" app_type="Other" deployment_method="Not Specified"
+        is_web_application="true" modified_date="2012-03-01T10:03:59-05:00" cots="false"
+        business_unit="Not Specified" tags="">
+
+        <customfield name="Custom 1" value=""/>
+
+        <customfield name="Custom 2" value=""/>
+
+        <customfield name="Custom 3" value=""/>
+
+        <customfield name="Custom 4" value=""/>
+
+        <customfield name="Custom 5" value=""/>
+
+        </application>
+
+        </appinfo>
+
+'
+    http_version: 
+  recorded_at: Fri, 28 Dec 2012 00:48:32 GMT
+- request:
+    method: get
+    uri: https://test:test@analysiscenter.veracode.com/api/4.0/getbuildinfo.do?app_id=32338&build_id=44905
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers: {}
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Pragma:
+      - ''
+      Cache-Control:
+      - no-store private must-revalidate
+      Expires:
+      - Thu, 01 Jan 1970 00:00:00 GMT
+      Set-Cookie:
+      - JSESSIONID=A943D07F8F4AAA47113395890027CD5F; Path=/; Secure
+      - JSESSIONID=F9275C069942333505F9D1BB8C2AAC72; Path=/; Secure
+      Content-Type:
+      - text/xml
+      Transfer-Encoding:
+      - chunked
+      Date:
+      - Fri, 28 Dec 2012 00:48:34 GMT
+      Server:
+      - Apache
+    body:
+      encoding: US-ASCII
+      string: ! '<?xml version="1.0" encoding="UTF-8"?>
+
+
+        <buildinfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/4.0/buildinfo"
+        xsi:schemaLocation="https://analysiscenter.veracode.com/schema/4.0/buildinfo
+        https://analysiscenter.veracode.com/resource/4.0/buildinfo.xsd" account_id="15834"
+        app_id="32338" build_id="44905">
+
+        <build version="5.0" build_id="44905" submitter="Veracode" platform="Java"
+        lifecycle_stage="External or Beta Testing" results_ready="true" policy_name="Veracode
+        Transitional Very High" policy_version="1" policy_compliance_status="Did Not
+        Pass" rules_status="Did Not Pass" grace_period_expired="false" scan_overdue="false">
+
+        <analysis_unit analysis_type="Static" published_date="2012-03-01T09:26:18-05:00"
+        published_date_sec="1330611978" status="Results Ready"/>
+
+        <analysis_unit analysis_type="Dynamic" published_date="2012-03-01T10:03:50-05:00"
+        published_date_sec="1330614230" status="Results Ready"/>
+
+        <analysis_unit analysis_type="Manual" published_date="2012-03-01T09:59:14-05:00"
+        published_date_sec="1330613954" status="Results Ready"/>
+
+        </build>
+
+        </buildinfo>
+
+'
+    http_version: 
+  recorded_at: Fri, 28 Dec 2012 00:48:34 GMT
+- request:
+    method: get
+    uri: https://test:test@analysiscenter.veracode.com/api/4.0/getappinfo.do?app_id=32338
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers: {}
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Pragma:
+      - ''
+      Cache-Control:
+      - no-store private must-revalidate
+      Expires:
+      - Thu, 01 Jan 1970 00:00:00 GMT
+      Set-Cookie:
+      - JSESSIONID=0F9F741C1F9F28C3BA8CC599822F2309; Path=/; Secure
+      - JSESSIONID=19EE1A474A6325BEA3E74A568412C8F5; Path=/; Secure
+      Content-Type:
+      - text/xml
+      Transfer-Encoding:
+      - chunked
+      Date:
+      - Fri, 28 Dec 2012 01:19:47 GMT
+      Server:
+      - Apache
+    body:
+      encoding: US-ASCII
+      string: ! '<?xml version="1.0" encoding="UTF-8"?>
+
+
+        <appinfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/2.0/appinfo"
+        xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/appinfo
+        https://analysiscenter.veracode.com/resource/2.0/appinfo.xsd" account_id="15834">
+
+        <application app_id="32338" app_name="WebGoat" description="WebGoat is a teaching
+        web application illustrating common web vulnerabilities." business_criticality="Very
+        High" policy="Veracode Transitional Very High" teams="" origin="Open Source"
+        industry_vertical="Other" app_type="Other" deployment_method="Not Specified"
+        is_web_application="true" modified_date="2012-03-01T10:03:59-05:00" cots="false"
+        business_unit="Not Specified" tags="">
+
+        <customfield name="Custom 1" value=""/>
+
+        <customfield name="Custom 2" value=""/>
+
+        <customfield name="Custom 3" value=""/>
+
+        <customfield name="Custom 4" value=""/>
+
+        <customfield name="Custom 5" value=""/>
+
+        </application>
+
+        </appinfo>
+
+'
+    http_version: 
+  recorded_at: Fri, 28 Dec 2012 01:19:47 GMT
+- request:
+    method: get
+    uri: https://test:test@analysiscenter.veracode.com/api/4.0/getapplist.do
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers: {}
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Pragma:
+      - ''
+      Cache-Control:
+      - no-store private must-revalidate
+      Expires:
+      - Thu, 01 Jan 1970 00:00:00 GMT
+      Set-Cookie:
+      - JSESSIONID=1EE0A29377623DFBE6BA6A3436F2394A; Path=/; Secure
+      - JSESSIONID=6F94C2819AD0611429D8A0EEC828248C; Path=/; Secure
+      Content-Type:
+      - text/xml
+      Transfer-Encoding:
+      - chunked
+      Date:
+      - Fri, 28 Dec 2012 01:19:48 GMT
+      Server:
+      - Apache
+    body:
+      encoding: US-ASCII
+      string: ! '<?xml version="1.0" encoding="UTF-8"?>
+
+
+        <applist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/2.0/applist"
+        xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/applist
+        https://analysiscenter.veracode.com/resource/2.0/applist.xsd" account_id="15834">
+
+        <app app_id="33715" app_name="Ajax-Login"/>
+
+        <app app_id="32346" app_name="Apache"/>
+
+        <app app_id="41311" app_name="Auth Service"/>
+
+        <app app_id="32344" app_name="BlogEngine.NET"/>
+
+        <app app_id="32347" app_name="Galleon"/>
+
+        <app app_id="32333" app_name="Hadoop"/>
+
+        <app app_id="32345" app_name="HSQLdb"/>
+
+        <app app_id="33136" app_name="iGoat"/>
+
+        <app app_id="32343" app_name="iOS Traveler"/>
+
+        <app app_id="32342" app_name="Lunar Lander"/>
+
+        <app app_id="32335" app_name="Metamail"/>
+
+        <app app_id="32339" app_name="midpssh-BB"/>
+
+        <app app_id="32336" app_name="Open SSH"/>
+
+        <app app_id="35247" app_name="Open Web Analytics"/>
+
+        <app app_id="40775" app_name="Pastie"/>
+
+        <app app_id="32363" app_name="PHP Vulnerable Web App (Test)"/>
+
+        <app app_id="32721" app_name="PHP Vulnerable Web App (Test2)"/>
+
+        <app app_id="32341" app_name="phpBB"/>
+
+        <app app_id="32337" app_name="Roller"/>
+
+        <app app_id="36862" app_name="Test Application"/>
+
+        <app app_id="36863" app_name="Test Application 3"/>
+
+        <app app_id="36914" app_name="Test Application 4"/>
+
+        <app app_id="32491" app_name="TEst C App"/>
+
+        <app app_id="32503" app_name="Test C App Preflight"/>
+
+        <app app_id="37693" app_name="VOSAO"/>
+
+        <app app_id="32338" app_name="WebGoat"/>
+
+        </applist>
+
+'
+    http_version: 
+  recorded_at: Fri, 28 Dec 2012 01:19:48 GMT
+- request:
+    method: get
+    uri: https://test:test@analysiscenter.veracode.com/api/4.0/getbuildinfo.do?app_id=32338&build_id=44905
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers: {}
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Pragma:
+      - ''
+      Cache-Control:
+      - no-store private must-revalidate
+      Expires:
+      - Thu, 01 Jan 1970 00:00:00 GMT
+      Set-Cookie:
+      - JSESSIONID=DDCD093388D21E239C7B1E1A6773DCC4; Path=/; Secure
+      - JSESSIONID=FF43022D2935BBD32589AC39193FFECA; Path=/; Secure
+      Content-Type:
+      - text/xml
+      Transfer-Encoding:
+      - chunked
+      Date:
+      - Fri, 28 Dec 2012 01:22:14 GMT
+      Server:
+      - Apache
+    body:
+      encoding: US-ASCII
+      string: ! '<?xml version="1.0" encoding="UTF-8"?>
+
+
+        <buildinfo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/4.0/buildinfo"
+        xsi:schemaLocation="https://analysiscenter.veracode.com/schema/4.0/buildinfo
+        https://analysiscenter.veracode.com/resource/4.0/buildinfo.xsd" account_id="15834"
+        app_id="32338" build_id="44905">
+
+        <build version="5.0" build_id="44905" submitter="Veracode" platform="Java"
+        lifecycle_stage="External or Beta Testing" results_ready="true" policy_name="Veracode
+        Transitional Very High" policy_version="1" policy_compliance_status="Did Not
+        Pass" rules_status="Did Not Pass" grace_period_expired="false" scan_overdue="false">
+
+        <analysis_unit analysis_type="Static" published_date="2012-03-01T09:26:18-05:00"
+        published_date_sec="1330611978" status="Results Ready"/>
+
+        <analysis_unit analysis_type="Dynamic" published_date="2012-03-01T10:03:50-05:00"
+        published_date_sec="1330614230" status="Results Ready"/>
+
+        <analysis_unit analysis_type="Manual" published_date="2012-03-01T09:59:14-05:00"
+        published_date_sec="1330613954" status="Results Ready"/>
+
+        </build>
+
+        </buildinfo>
+
+'
+    http_version: 
+  recorded_at: Fri, 28 Dec 2012 01:22:14 GMT
+- request:
+    method: get
+    uri: https://test:test@analysiscenter.veracode.com/api/4.0/getbuildlist.do?app_id=32338
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers: {}
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Pragma:
+      - ''
+      Cache-Control:
+      - no-store private must-revalidate
+      Expires:
+      - Thu, 01 Jan 1970 00:00:00 GMT
+      Set-Cookie:
+      - JSESSIONID=57162CBB9652D68F2C92C8CB474F6BD1; Path=/; Secure
+      - JSESSIONID=60B5BAE3476DA4F272679F8BD560E6DD; Path=/; Secure
+      Content-Type:
+      - text/xml
+      Transfer-Encoding:
+      - chunked
+      Date:
+      - Fri, 28 Dec 2012 13:00:22 GMT
+      Server:
+      - Apache
+    body:
+      encoding: US-ASCII
+      string: ! '<?xml version="1.0" encoding="UTF-8"?>
+
+
+        <buildlist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="https://analysiscenter.veracode.com/schema/2.0/buildlist"
+        xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/buildlist
+        https://analysiscenter.veracode.com/resource/2.0/buildlist.xsd" account_id="15834"
+        app_id="32338" app_name="WebGoat">
+
+        <build build_id="44905" version="5.0"/>
+
+        </buildlist>
+
+'
+    http_version: 
+  recorded_at: Fri, 28 Dec 2012 13:00:22 GMT
 recorded_with: VCR 2.2.0
diff --git a/spec/lib/veracode/upload_spec.rb b/spec/lib/veracode/upload_spec.rb
new file mode 100644
index 0000000..24c837b
--- /dev/null
+++ b/spec/lib/veracode/upload_spec.rb
@@ -0,0 +1,74 @@
+require (File.expand_path('./../../../spec_helper', __FILE__))
+
+describe Veracode::API::Upload do
+  describe "GET build information" do
+
+    let(:veracode) { Veracode::API::Upload.new(:username => "test", :password => "test") }
+
+    before do
+      VCR.insert_cassette 'base', :record => :new_episodes
+    end
+
+    after do
+      VCR.eject_cassette
+    end
+
+    it "must have a get_application_list method" do
+      veracode.must_respond_to :get_application_list
+    end
+
+    it "must parse the api response from XML to Veracode::Upload::ApplicationInfo" do
+      veracode.get_application_info("32338").must_be_instance_of Veracode::Upload::ApplicationInfo
+    end 
+    
+    it "must parse the api response from XML to Veracode::Upload::AppList" do
+      veracode.get_application_list.must_be_instance_of Veracode::Upload::AppList
+    end
+    
+    describe "dynamic attributes for build info" do
+
+      before do
+        @result = veracode.get_build_info("32338", "44905")
+      end
+        
+      it "must parse the api response from XML to Veracode::Upload::BuildInfo" do
+        @result.must_be_instance_of Veracode::Upload::BuildInfo
+      end
+      
+      it "must return the attribute value if present" do
+        @result.app_id.must_equal "32338"
+      end
+      
+      it "must be an instance of Veracode::Upload::Build" do
+        @result.build.must_be_instance_of Veracode::Upload::Build
+      end
+      
+      it "must be an instance of TrueClass" do
+        @result.build.results_ready?.must_be_instance_of TrueClass
+      end
+
+      it "must raise method missing if attribute is not present" do
+        lambda { @result.foo_attribute }.must_raise NoMethodError
+      end
+    end
+    
+    describe "dynamic attributes for build list" do
+
+      before do
+        @result = veracode.get_build_list("32338")
+      end
+        
+      it "must parse the api response from XML to Veracode::Upload::BuildList" do
+        @result.must_be_instance_of Veracode::Upload::BuildList
+      end
+      
+      it "must return the attribute value if present" do
+        @result.app_id.must_equal "32338"
+      end
+
+      it "must raise method missing if attribute is not present" do
+        lambda { @result.foo_attribute }.must_raise NoMethodError
+      end
+    end
+  end
+end