0

我正在尝试使用 BIRTReportGenerator 构建一个强化报告,如 SCA 用户指南中所述。扫描工作正常并生成一个 fpr 文件,但是当我运行报告生成器时,我收到以下错误。

FPR source file not found or not readable.

这是我正在使用的命令。这些是直接从用户指南中剪切和粘贴的。唯一修改的是路径。

sourceanalyzer -b myproject -clean
sourceanalyzer -b myproject -cp /Users/ginger.mcmurray/Mobuyle-Android-New-Ui/MobuyleCore/libs -Dcom.fortify.sca.SuppressLowSeverity=true -Dcom.fortify.sca.LowSeverityCutoff=10.0 -jdk 1.6 MobuyleCore/src
sourceanalyzer -b myproject -scan -f results.fpr
BIRTReportGenerator -template "OWASP Top 10" -source results.fpr -format PDF -showSuppressed --Version "OWASP Top 10 2013" --UseFortifyPriorityOrder -output MyOWASP_Top10_Report.pdf

如果我改用 ReportGenerator,一切正常。但是,我需要为我们的安全部门创建 BIRT 报告的能力。

这是一个 android java 项目,以防万一发生任何变化。

此外,尽管在命令中包含了路径,但对于我的 jar 文件中的内容,我得到了很多未知的功能和参考问题。

带有 -debug 选项的 BIRTReportGenerator 的输出。

Start VM: -Xms40m
-Xmx1088m
-XX:MaxPermSize=320m
-XX:-UseCompressedOops
-Xdock:icon=../Resources/Awb.icns
-XstartOnFirstThread
-Dorg.eclipse.swt.internal.carbon.smallFonts
-Dcom.fortify.InstallRoot=../../../../../../..
-Djava.awt.headless=true
-Dcom.fortify.InstallRoot=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/bin/..
-Xmx1000M
-XX:MaxPermSize=256m
-Djava.class.path=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar
-os macosx
-ws cocoa
-arch x86_64
-launcher /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS/eclipse
-name HPE Security Fortify Report Generation
--launcher.library /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher.cocoa.macosx.x86_64_1.1.200.v20150204-1316/eclipse_1607.so
-startup /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar
--launcher.appendVmargs
-application com.hp.fortify.birt.report.generator.console.Application
-data /Users/ginger.mcmurray/.fortify/BIRT16.10/workspace
-configuration /Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442
-template OWASP Top 10
-source results.fpr
-format PDF
-showSuppressed
--Version OWASP Top 10 2013
--UseFortifyPriorityOrder
-debug
-output MyOWASP_Top10_Report.pdf
-consoleLog
-vm /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/jre/lib/jli/libjli.dylib
-vmargs
-Xms40m
-Xmx1088m
-XX:MaxPermSize=320m
-XX:-UseCompressedOops
-Xdock:icon=../Resources/Awb.icns
-XstartOnFirstThread
-Dorg.eclipse.swt.internal.carbon.smallFonts
-Dcom.fortify.InstallRoot=../../../../../../..
-Djava.awt.headless=true
-Dcom.fortify.InstallRoot=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/bin/..
-Xmx1000M
-XX:MaxPermSize=256m
-Djava.class.path=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar 
Configuration location:
    file:/Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442/
Configuration file:
    file:/Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442/config.ini loaded
Install location:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/
Configuration file:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/configuration/config.ini loaded
Loading timestamp file from:
     file:/Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442/   .baseConfigIniTimestamp
    No timestamp file found
Timestamps found: 
     config.ini in the base: 1458848541000
     remembered -1
Shared configuration location:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/configuration/
Framework located:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/org.eclipse.osgi_3.10.2.v20150203-1939.jar
Loading extension: reference:file:org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar
    eclipse.properties not found
Framework classpath:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/org.eclipse.osgi_3.10.2.v20150203-1939.jar
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar
Debug options:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS/.options not found
Time to load bundles: 5
Starting application: 864
FPR source file not found or not readable.
4

1 回答 1

1

BIRTReportGenerator在 MacOS 上与相对路径有关时,版本 16.10/16.20 中似乎存在错误。

这已在 17.10(截至 2017 年 10 月的当前版本)中修复。

我不知道解决方法,您可以尝试联系 Fortify 技术支持 (fortifytechsupport@hpe.com),看看他们是否有解决方法。

于 2017-10-19T16:58:54.470 回答