Module: VeracodeApiScan

Includes:

VeracodeApiBase

Defined in:

lib/veracodecli/api.rb

Instance Method Summary

• #submit_scan(hostname, archive_path) ⇒ Object
• #validate_existance(of:) ⇒ Object

Methods included from VeracodeApiBase

#check_environment_login_variables, #veracode_api_request, #write, #xml_to_json

Instance Method Details

#submit_scan(hostname, archive_path) ⇒ Object

# File 'lib/veracodecli/api.rb', line 48

def submit_scan(hostname, archive_path)
  app_id = validate_existance of: hostname
  # NOTE: curl must be used here because of a bug in the Veracode api. Ruby cannot be used while this bug is present.
  # NOTE: preferred code: upload_result = veracode_api_request 'uploadfile.do', app_id: app_id, file: "#{archive_path}"
  upload_result = `curl --url "https://#{ENV['VERACODE_USERNAME']}:#{ENV['VERACODE_PASSWORD']}@analysiscenter.veracode.com/api/4.0/uploadfile.do" -F 'app_id=#{app_id}' -F 'file=@#{archive_path}'`
  puts upload_result
  # write upload_result, to_file: "#{app_id}_upload_result"
  prescan_submission_result = veracode_api_request 'beginprescan.do', app_id: app_id, auto_scan: 'true'
  puts prescan_submission_result
  puts "Submit complete for #{app_id}"
  # File.write 'VERACODE_SCAN_RESULT_CHECK_QUEUE', app_id
  # write prescan_submission_result, to_file: "#{app_id}_prescan_submission_result"
end

#validate_existance(of:) ⇒ Object

# File 'lib/veracodecli/api.rb', line 33

def validate_existance(of:)
  puts "Validating records for #{of}"
  app_list = veracode_api_request 'getapplist.do', include_user_info: 'true'
  if app_list.include? "#{of}"
    puts 'Record found, submitting'
    return app_list.scan(/app_id=\"(.+)\" app_name=\"#{of}\"/)[0][0]
  else
    puts 'Record not found, creating one'
    create_app_result = veracode_api_request 'createapp.do', app_name: of, description: "Static Scanning profile for #{of}.", business_criticality: 'High', business_unit: 'TELUS Digital', web_application: 'true', teams: "#{ENV['VERACODE_TEAM']}"
    app_id = create_app_result.scan(/app_id=\"(.+)\" app_name=\"#{of}\"/)[0][0]
    puts "Record successfully created, app_id is #{app_id}"
    return app_id
  end
end