Module: VeracodeApiBase

Included in:

VeracodeApiResults, VeracodeApiScan

Defined in:

lib/veracodecli/api.rb

Overview

Base Module. Contains parsing and rest call functions.

Instance Method Summary

• #get_repo_archive(url) ⇒ Object

  Clones or updates a git clone of the desired directory (set in the configuration file), then zips the contents to /temp/sast_upload.zip.

• #parse_new_app_id(response) ⇒ Object

  Returns the passed xml ‘response’ for the ‘app_id’ attribute for the ‘createapp’ call.

• #response_parse_app_id(response, app_name) ⇒ Object

  Returns the passed xml ‘response’ for the ‘app_id’ attribute associated with the passed ‘app_name’ for the ‘getapplist’ call.

• #veracode_api_request(api_call, api_version: '4.0', **params) ⇒ Object

  Makes a REST request to analysiscenter.veracode.com/api//[function], where function is the passed api_call method argument, api_version is the passed method argument with default value ‘4.0’, and params is any number of json key:value pairs passed in the **params method argument.

Instance Method Details

#get_repo_archive(url) ⇒ Object

Clones or updates a git clone of the desired directory (set in the configuration file), then zips the contents to /temp/sast_upload.zip.

# File 'lib/veracodecli/api.rb', line 28

def get_repo_archive(url)
  directory = "/tmp/sast_clone"
  if Dir.exists?(directory)
    `cd #{directory}; git pull`
  else
    `git clone #{url} #{directory}`
  end
  `cd /tmp; zip -r sast_upload.zip sast_clone`
end

#parse_new_app_id(response) ⇒ Object

Returns the passed xml ‘response’ for the ‘app_id’ attribute for the ‘createapp’ call.

# File 'lib/veracodecli/api.rb', line 51

def parse_new_app_id(response)
  app_id = nil
  doc = Nokogiri::XML response
  doc.remove_namespaces!
  if doc.xpath('//application').empty? then return nil end
  doc.xpath('//application').each do |application|
    app_id = application.attributes['app_id'].value
  end
  app_id
end

#response_parse_app_id(response, app_name) ⇒ Object

Returns the passed xml ‘response’ for the ‘app_id’ attribute associated with the passed ‘app_name’ for the ‘getapplist’ call.

# File 'lib/veracodecli/api.rb', line 39

def response_parse_app_id(response, app_name)
  app_id = nil
  doc = Nokogiri::XML response
  doc.remove_namespaces!
  if doc.xpath('//app').empty? then return nil end
  doc.xpath('//app').each do |app|
    app_id = app.attributes['app_id'].value unless app.attributes['app_name'].value != app_name
  end
  app_id
end

#veracode_api_request(api_call, api_version: '4.0', **params) ⇒ Object

Makes a REST request to analysiscenter.veracode.com/api//[function], where function is the passed api_call method argument, api_version is the passed method argument with default value ‘4.0’, and params is any number of json key:value pairs passed in the **params method argument. The response is logged to /tmp/veracodecli.log as long as the HTTP response code = 200. 5XX or 4XX raise an Error.

# File 'lib/veracodecli/api.rb', line 14

def veracode_api_request(api_call, api_version: '4.0', **params)
  begin
    # RestClient.proxy = Settings.proxy unless !Settings.proxy
    response = RestClient.get "https://#{Settings.veracode_username}:#{Settings.veracode_password}@analysiscenter.veracode.com/api/#{api_version}/#{api_call}", { params: params }
    log = ResponseLogger.new "/tmp"
    log.log api_call, response.code, response.body
  rescue RestClient
    abort '401: Unauthorized. Veracode API call Failed, please check your veracode credentials or whitelisted IPs'
  end
  if [500,501,502,503].any?{|code| response.code == code} then abort 'Internal server error.' end
  response
end