stackoom
  简体   繁体   中英

“Exception caught while parsing Xanitizer XML report file” : ParserConfigurationException occurs while running SonarQube Scanner for Ant Task

 原文  2017-04-25 08:30:34       ant/ xml-parsing/ sonarqube/ sonarqube-scan/ sonar-plugin

Question

I'm trying to setup SonarQube with Xanitizer on my local machine so that the findings of the last generated Security Findings XML, get picked up by the SonarQube Plugin for Xanitizer so that it can display the results on the SonarQube server.

The analysis of the files and the generation of the report is done manually from within the Xanitizer software. The XML file is generated under the parent unzipped directory of Xanitizer, and not inside the SonarQube or the Sonar Scanner directories.

The Xanitizer plug-in is configured with SonarQube and I can see the Xanitizer rules getting added on the Sonar server. However, while running the Sonar Scanner Ant Task, it is supposed to read and parse the Security-Findings-List.XML file, but an Exception is thrown during the running of the Ant task with the below stacktrace - 

[sonar:sonar] Sensor NoSonar Sensor [php] (done) | time=0ms
[sonar:sonar] Sensor XanitizerSensor [xanitizer]
[sonar:sonar] Reading Xanitizer findings from 'D:\SonarFiles\Xanitizer-3.1.0\KeurigHybrisSecurity-Findings-List.xml' for project 'Hybris Java Project analyzed with the Sonar Ant Task'
[sonar:sonar] Exception caught while parsing Xanitizer XML report file 'D:\SonarFiles\Xanitizer-3.1.0\KeurigHybrisSecurity-Findings-List.xml'.
[sonar:sonar] javax.xml.parsers.ParserConfigurationException: FEATURE_SECURE_PROCESSING: Cannot set the feature to false when security manager is present.
[sonar:sonar]   at com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl.setFeature(Unknown Source)
[sonar:sonar]   at com.rigsit.xanitizer.sqplugin.reportparser.XMLReportParser.parse(XMLReportParser.java:58)
[sonar:sonar]   at com.rigsit.xanitizer.sqplugin.XanitizerSensor.analyse(XanitizerSensor.java:120)
[sonar:sonar]   at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:57)
[sonar:sonar]   at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:49)
[sonar:sonar]   at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:78)
[sonar:sonar]   at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:175)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
[sonar:sonar]   at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:262)
[sonar:sonar]   at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:257)
[sonar:sonar]   at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:247)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
[sonar:sonar]   at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:47)
[sonar:sonar]   at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:86)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:143)
[sonar:sonar]   at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:128)
[sonar:sonar]   at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:118)
[sonar:sonar]   at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:117)
[sonar:sonar]   at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
[sonar:sonar]   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[sonar:sonar]   at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
[sonar:sonar]   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
[sonar:sonar]   at java.lang.reflect.Method.invoke(Unknown Source)
[sonar:sonar]   at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
[sonar:sonar]   at com.sun.proxy.$Proxy0.execute(Unknown Source)
[sonar:sonar]   at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
[sonar:sonar]   at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
[sonar:sonar]   at org.sonarsource.scanner.ant.SonarQubeTask.launchAnalysis(SonarQubeTask.java:99)
[sonar:sonar]   at org.sonarsource.scanner.ant.SonarQubeTask.execute(SonarQubeTask.java:81)
[sonar:sonar]   at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292)
[sonar:sonar]   at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
[sonar:sonar]   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
[sonar:sonar]   at java.lang.reflect.Method.invoke(Unknown Source)
[sonar:sonar]   at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
[sonar:sonar]   at org.apache.tools.ant.Task.perform(Task.java:348)
[sonar:sonar]   at org.apache.tools.ant.Target.execute(Target.java:435)
[sonar:sonar]   at org.apache.tools.ant.Target.performTasks(Target.java:456)
[sonar:sonar]   at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1393)
[sonar:sonar]   at org.apache.tools.ant.Project.executeTarget(Project.java:1364)
[sonar:sonar]   at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
[sonar:sonar]   at org.eclipse.ant.internal.launching.remote.EclipseDefaultExecutor.executeTargets(EclipseDefaultExecutor.java:36)
[sonar:sonar]   at org.apache.tools.ant.Project.executeTargets(Project.java:1248)
[sonar:sonar]   at org.eclipse.ant.internal.launching.remote.InternalAntRunner.run(InternalAntRunner.java:452)
[sonar:sonar]   at org.eclipse.ant.internal.launching.remote.InternalAntRunner.main(InternalAntRunner.java:139)
[sonar:sonar] Sensor XanitizerSensor [xanitizer] (done) | time=2ms
[sonar:sonar] Sensor Coverage Report Import [csharp]

As a result the Xanitizer findings do not get reflected on the Sonar Server. I was not able to find any resolution on the internet. How can I resolve this issue?

Versions of softwares used - sonarqube-6.3.1, Xanitizer-3.1.0, sonar-scanner-3.0.1.733-windows

1 answers

solution1
 0  2017-04-25 13:49:55

What JDK version are you using? I can not reproduce this exception with Java 8 (all other tool versions are the same).

Nevertheless, it looks like a bug in the plugin, so please file a bug report here https://github.com/RIGS-IT/sonar-xanitizer/issues or send an e-mail with the additional information to support@xanitizer.net Stackoverflow is not the right platform for this, I think ;)

Regards Norman (Xanitizer support)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ANT Task: SonarQube Scanner Code Coverage report using JaCoCo Error while running ant build.xml SonarQube Ant task, failed to download the file Running SonarQube Ant task without source code Analyzing with SonarQube Ant Task Ant and XML configuration file parsing Exception thrown while running JMockit tests through ant script Is there any way to add hibernate.cfg.xml and log4j.properties file from custom folder while running tasks from ant Issue while running ant command Replacing a value in xml file with ANT task
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM