为什么BIRTReportGenerator找不到我的源文件?

时间:2017-10-18 15:11:14

标签: android fortify sourceanalyser

我正在尝试使用BIRTReportGenerator构建强化报告,如SCA用户指南中所述。扫描工作正常并生成一个fpr文件,但是当我运行报告生成器时,我收到以下错误。

FPR source file not found or not readable.

以下是我正在使用的命令。这些是直接从用户指南剪切和粘贴。唯一被修改的是路径。

sourceanalyzer -b myproject -clean
sourceanalyzer -b myproject -cp /Users/ginger.mcmurray/Mobuyle-Android-New-Ui/MobuyleCore/libs -Dcom.fortify.sca.SuppressLowSeverity=true -Dcom.fortify.sca.LowSeverityCutoff=10.0 -jdk 1.6 MobuyleCore/src
sourceanalyzer -b myproject -scan -f results.fpr
BIRTReportGenerator -template "OWASP Top 10" -source results.fpr -format PDF -showSuppressed --Version "OWASP Top 10 2013" --UseFortifyPriorityOrder -output MyOWASP_Top10_Report.pdf

如果我使用ReportGenerator,一切正常。但是,我需要能够为我们的安全部门创建BIRT报告。

这是针对Android java项目的,以防万一发生任何变化。

此外,尽管在命令中包含了路径,但我的jar文件中的内容仍会出现很多未知的函数和引用问题。

使用-debug选项从BIRTReportGenerator输出。

Start VM: -Xms40m
-Xmx1088m
-XX:MaxPermSize=320m
-XX:-UseCompressedOops
-Xdock:icon=../Resources/Awb.icns
-XstartOnFirstThread
-Dorg.eclipse.swt.internal.carbon.smallFonts
-Dcom.fortify.InstallRoot=../../../../../../..
-Djava.awt.headless=true
-Dcom.fortify.InstallRoot=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/bin/..
-Xmx1000M
-XX:MaxPermSize=256m
-Djava.class.path=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar
-os macosx
-ws cocoa
-arch x86_64
-launcher /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS/eclipse
-name HPE Security Fortify Report Generation
--launcher.library /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher.cocoa.macosx.x86_64_1.1.200.v20150204-1316/eclipse_1607.so
-startup /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar
--launcher.appendVmargs
-application com.hp.fortify.birt.report.generator.console.Application
-data /Users/ginger.mcmurray/.fortify/BIRT16.10/workspace
-configuration /Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442
-template OWASP Top 10
-source results.fpr
-format PDF
-showSuppressed
--Version OWASP Top 10 2013
--UseFortifyPriorityOrder
-debug
-output MyOWASP_Top10_Report.pdf
-consoleLog
-vm /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/jre/lib/jli/libjli.dylib
-vmargs
-Xms40m
-Xmx1088m
-XX:MaxPermSize=320m
-XX:-UseCompressedOops
-Xdock:icon=../Resources/Awb.icns
-XstartOnFirstThread
-Dorg.eclipse.swt.internal.carbon.smallFonts
-Dcom.fortify.InstallRoot=../../../../../../..
-Djava.awt.headless=true
-Dcom.fortify.InstallRoot=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/bin/..
-Xmx1000M
-XX:MaxPermSize=256m
-Djava.class.path=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar 
Configuration location:
    file:/Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442/
Configuration file:
    file:/Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442/config.ini loaded
Install location:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/
Configuration file:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/configuration/config.ini loaded
Loading timestamp file from:
     file:/Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442/   .baseConfigIniTimestamp
    No timestamp file found
Timestamps found: 
     config.ini in the base: 1458848541000
     remembered -1
Shared configuration location:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/configuration/
Framework located:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/org.eclipse.osgi_3.10.2.v20150203-1939.jar
Loading extension: reference:file:org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar
    eclipse.properties not found
Framework classpath:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/org.eclipse.osgi_3.10.2.v20150203-1939.jar
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar
Debug options:
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS/.options not found
Time to load bundles: 5
Starting application: 864
FPR source file not found or not readable.

1 个答案:

答案 0 :(得分:1)

当MacOS与相对路径有关时,版本16.10 / 16.20中的BIRTReportGenerator似乎存在错误。

这已在17.10(截至2017年10月的当前版本)中修复。

我不知道解决方法,您可以尝试联系Fortify技术支持(fortifytechsupport@hpe.com),看看他们是否有解决方法。

相关问题
最新问题