MacOS下Objective-C项目基于SonarQube的代码审计操作纪要
官方参考文档:http://docs.sonarqube.org/pages/viewpage.action?pageId=3080359
1. 下载build-wrapper 编译打包工具(objective-c插件下载界面)
2. 下载sonarqube server,搭建web 服务器,并且连接到MySQL数据库
3. 下载sonar scanner
安装配置过程就不说了,这里讲遇到的难点
1. objective-c plugin 需要license,否则功能基本废了,github有个开源的plugin,功能受限。
这里只申请了一个2星期的试用license。
在web server的配置菜单找到“授权” 复制授权码。
2. 据官方说法,必须使用build-wrapper进行编译。
http://docs.sonarqube.org/pages/viewpage.action?pageId=3080359
build-wrapper-macosx-x86 --out-dir <output directory> xcodebuild clean build
由于我们的项目采用了cocoapods进行第三方库的管理,在编译上出现了一些问题。
参考了这篇文章:http://www.tuicool.com/articles/jArEvi
3. 在需要代码审计的项目源代码目录下执行以下操作
sudo chown -R XXX .
sudo chgrp -R XXX .
其中XXX是你的账号,主要是修改权限,保证编译过程不出现权限问题。
编译命令:
/Users/XXX/sonarqube/build-wrapper-3.11/macosx-x86/build-wrapper-macosx-x86 --out-dir /Users/XXX/sonarqube/sonarqubeout/xcodebuild -workspace YourProjectName.xcworkspace -scheme YourSchemeName clean build
其中scheme可以通过xcodebuild -list 获得候选清单
如果有provisionfile的错误,可以预先在xcode中编译一下看看,配置是否OK。
4.然后在项目目录下执行 sonar-scanner
/usr/local/sonar-scanner-2.6/bin/sonar-scanner -X
直到出现:
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 35.504s
INFO: Final Memory: 65M/723M
INFO: ------------------------------------------------------------------------
DEBUG: Execution getVersion
DEBUG: Execution stop
表示通过没有错误。
5. 打开你的网站http://localhost:9000/去查看相关项目统计情况。
附录:
项目sonar-scanner.properties:
# Required metadata
sonar.projectKey=VisitHelper
sonar.projectName=VisitHelper
sonar.projectVersion=1.0.2
#sonar.sources=VisitHelper
sonar.language=objc
#sonar.modules=
sonar.sourceEncoding=UTF-8
sonar.c.file.suffixes=
sonar.objc.file.suffixes=.h,.m
# Path to source directories (application code, not third-party code)
sonar.sources=VisitingHelper
# Xcode project configuration
sonar.VisitHelper.workspace=VisitingHelper.xcworkspace
sonar.VisitHelper.projects=VisitingHelper.xcodeproj
sonar.VisitHelper.appScheme=VisitingHelper
sonar.VisitHelper.testScheme=VisitingHelper Unit Tests
# Path where Build Wrapper files were output to
sonar.cfamily.build-wrapper-output=/Users/XXX/sonarqube/sonarqubeout环境变量
~/.bash_profile:
SONAR_HOME=/usr/local/sonarqube
SONAR_RUNNER_HOME=/usr/local/sonar-scanner-2.6
export SONAR_HOME SONAR_RUNNER_HOMEweb 服务器MySQL配置
/usr/local/sonarqube/conf/sonar.properties
#--------------------------------------------------------------------------------------------------
# DATABASE
#
# IMPORTANT: the embedded H2 database is used by default. It is recommended for tests but not for
# production use. Supported databases are MySQL, Oracle, PostgreSQL and Microsoft SQLServer.
# User credentials.
# Permissions to create tables, indices and triggers must be granted to JDBC user.
# The schema must be created first.
sonar.jdbc.username=sonar
sonar.jdbc.password=sonar@321
#----- Embedded Database (default)
# H2 embedded database server listening port, defaults to 9092
#sonar.embeddedDatabase.port=9092
#----- MySQL 5.x
# Only InnoDB storage engine is supported (not myISAM).
# Only the bundled driver is supported. It can not be changed.
sonar.jdbc.url=jdbc:mysql://192.168.192.19:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance