0

我正在尝试在我的本地计算机上使用 Xanitizer 设置 SonarQube,以便最后生成的 Security Findings XML 的结果被 Xanitizer 的 SonarQube 插件拾取,以便它可以在 SonarQube 服务器上显示结果。

文件的分析和报告的生成是在 Xanitizer 软件中手动完成的。XML 文件是在 Xanitizer 的父解压缩目录下生成的,而不是在 SonarQube 或 Sonar Scanner 目录中生成的。

Xanitizer 插件配置了 SonarQube,我可以看到在 Sonar 服务器上添加了 Xanitizer 规则。但是,在运行 Sonar Scanner Ant 任务时,它应该读取并解析 Security-Findings-List.XML 文件,但在运行 Ant 任务期间抛出异常,并使用以下堆栈跟踪 -

[sonar:sonar] Sensor NoSonar Sensor [php] (done) | time=0ms
[sonar:sonar] Sensor XanitizerSensor [xanitizer]
[sonar:sonar] Reading Xanitizer findings from 'D:\SonarFiles\Xanitizer-3.1.0\KeurigHybrisSecurity-Findings-List.xml' for project 'Hybris Java Project analyzed with the Sonar Ant Task'
[sonar:sonar] Exception caught while parsing Xanitizer XML report file 'D:\SonarFiles\Xanitizer-3.1.0\KeurigHybrisSecurity-Findings-List.xml'.
[sonar:sonar] javax.xml.parsers.ParserConfigurationException: FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present.
[sonar:sonar]   at com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl.setFeature(Unknown Source)
[sonar:sonar]   at com.rigsit.xanitizer.sqplugin.reportparser.XMLReportParser.parse(XMLReportParser.java:58)
[sonar:sonar]   at com.rigsit.xanitizer.sqplugin.XanitizerSensor.analyse(XanitizerSensor.java:120)
[sonar:sonar]   at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:57)
[sonar:sonar]   at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:49)
[sonar:sonar]   at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:78)
[sonar:sonar]   at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:175)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
[sonar:sonar]   at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:262)
[sonar:sonar]   at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:257)
[sonar:sonar]   at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:247)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
[sonar:sonar]   at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:47)
[sonar:sonar]   at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:86)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
[sonar:sonar]   at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:118)
[sonar:sonar]   at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:117)
[sonar:sonar]   at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
[sonar:sonar]   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[sonar:sonar]   at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
[sonar:sonar]   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
[sonar:sonar]   at java.lang.reflect.Method.invoke(Unknown Source)
[sonar:sonar]   at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
[sonar:sonar]   at com.sun.proxy.$Proxy0.execute(Unknown Source)
[sonar:sonar]   at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
[sonar:sonar]   at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
[sonar:sonar]   at org.sonarsource.scanner.ant.SonarQubeTask.launchAnalysis(SonarQubeTask.java:99)
[sonar:sonar]   at org.sonarsource.scanner.ant.SonarQubeTask.execute(SonarQubeTask.java:81)
[sonar:sonar]   at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[sonar:sonar]   at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
[sonar:sonar]   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
[sonar:sonar]   at java.lang.reflect.Method.invoke(Unknown Source)
[sonar:sonar]   at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[sonar:sonar]   at org.apache.tools.ant.Task.perform(Task.java:348)
[sonar:sonar]   at org.apache.tools.ant.Target.execute(Target.java:435)
[sonar:sonar]   at org.apache.tools.ant.Target.performTasks(Target.java:456)
[sonar:sonar]   at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[sonar:sonar]   at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
[sonar:sonar]   at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
[sonar:sonar]   at org.eclipse.ant.internal.launching.remote.EclipseDefaultExecutor.executeTargets(EclipseDefaultExecutor.java:36)
[sonar:sonar]   at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[sonar:sonar]   at org.eclipse.ant.internal.launching.remote.InternalAntRunner.run(InternalAntRunner.java:452)
[sonar:sonar]   at org.eclipse.ant.internal.launching.remote.InternalAntRunner.main(InternalAntRunner.java:139)
[sonar:sonar] Sensor XanitizerSensor [xanitizer] (done) | time=2ms
[sonar:sonar] Sensor Coverage Report Import [csharp]

因此,Xanitizer 的发现不会反映在 Sonar 服务器上。我无法在互联网上找到任何解决方案。我该如何解决这个问题?

使用的软件版本 - sonarqube-6.3.1、Xanitizer-3.1.0、sonar-scanner-3.0.1.733-windows

4

1 回答 1

0

你用的是什么JDK版本?我无法使用 Java 8 重现此异常(所有其他工具版本都相同)。

尽管如此,它看起来像是插件中的错误,因此请在此处提交错误报告https://github.com/RIGS-IT/sonar-xanitizer/issues或将包含附加信息的电子邮件发送至 support@xanitizer。我认为,net Stackoverflow 不是合适的平台;)

问候诺曼(Xanitizer 支持)

于 2017-04-25T13:49:55.847 回答