Module: VeracodeApiScan

Includes:

VeracodeApiBase

Included in:

VeracodeApiMacros

Defined in:

lib/veracodecli/api.rb

Overview

Scan Module. Contains all functions necessary to submit a scan.

Instance Method Summary

• #create_app_profile(app_name, business_criticality, business_unit, team) ⇒ Object

  calls ‘createapp’ to create an new app profile.

• #get_app_id(app_name) ⇒ Object

  calls getapplist and returns the ”app_id’ attribute associated with the passed ‘app_name’ argument.

• #submit_prescan(app_id) ⇒ Object

  calls ‘beginprescan’ for the passed app_id argument.

• #upload_file(app_id, archive_path) ⇒ Object

  Calls ‘uploadfile’ to upload the previously created ‘sast_upload.zip’.

Methods included from VeracodeApiBase

#get_repo_archive, #parse_new_app_id, #response_parse_app_id, #veracode_api_request

Instance Method Details

#create_app_profile(app_name, business_criticality, business_unit, team) ⇒ Object

calls ‘createapp’ to create an new app profile. All arguments are required and can be specified in the config file.

# File 'lib/veracodecli/api.rb', line 74

def create_app_profile(app_name, business_criticality, business_unit, team)
  create_app_response = veracode_api_request 'createapp.do', app_name: app_name, business_criticality: business_criticality, business_unit: business_unit, teams: team
  app_id = parse_new_app_id create_app_response.body
  if app_id.nil? then abort 'createapp failed. Check the logs.' end
end

#get_app_id(app_name) ⇒ Object

calls getapplist and returns the ”app_id’ attribute associated with the passed ‘app_name’ argument.

# File 'lib/veracodecli/api.rb', line 68

def get_app_id(app_name)
  app_list = veracode_api_request 'getapplist.do', include_user_info: 'true'
  app_id = response_parse_app_id app_list.body, app_name
end

#submit_prescan(app_id) ⇒ Object

calls ‘beginprescan’ for the passed app_id argument. ‘auto_scan: ’true” means that the scan will begin automatically after the prescan unless there are errors.

# File 'lib/veracodecli/api.rb', line 88

def submit_prescan(app_id)
  veracode_api_request 'beginprescan.do', app_id: app_id, auto_scan: 'true'
end

#upload_file(app_id, archive_path) ⇒ Object

Calls ‘uploadfile’ to upload the previously created ‘sast_upload.zip’.

# File 'lib/veracodecli/api.rb', line 81

def upload_file(app_id, archive_path)
  # NOTE: curl must be used here because of a bug in the Veracode api. rest-client cannot be used while this bug is present.
  # NOTE: preferred code: upload_result = veracode_api_request 'uploadfile.do', app_id: app_id, file: "#{archive_path}"
  `curl --url "https://#{Settings.veracode_username}:#{Settings.veracode_password}@analysiscenter.veracode.com/api/4.0/uploadfile.do" -F 'app_id=#{app_id}' -F 'file=@#{archive_path}'`
end