目录

1,实验环境

2,前言(环境配置)

3,通过Java执行shell命令扫描项目

3.1 主要思路

3.2 参考代码

3.3 运行效果

4,通过sonarqube的webapi获取项目扫描结果

4.1 主要思路

4.2 参考代码

4.3 运行结果

1,实验环境

Windows10

sonarqube-6.7.4

sonar-scanner-2.8

2,前言(环境配置)

具体安装配置过程教程比较多,这里就不再详细介绍了。

1,在官网下载sonarqube和sonar-scanner后,解压、修改配置(主要是连接数据库);

2,在sonarqube的bin目录下运行StartSonar.bat后,可以看到证明启动成功了;

3,浏览器地址栏输入localhost:9000(默认端口号)就能进入sonarqube登录界面,账号密码默认都是admin;

4,执行代码扫描的功能主要通过sonar-scanner进行,通常的扫描方法是在sonar-scanner/conf下,编辑sonar-scanner.properties文件,配置数据库及编码信息:

#Configure here general information about the environment, such as SonarQube server connection details for example
#No information about specific project should appear here#----- Default SonarQube server
#sonar.host.url=http://localhost:9000
sonar.host.url=http://127.0.0.1:9000#----- Default source code encoding
#sonar.sourceEncoding=UTF-8
sonar.sourceEncoding=UTF-8sonar.jdbc.url=jdbc:mysql://127.0.0.1:3306/sonar?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance
sonar.jdbc.username=填写数据库sonar对应的用户名
sonar.jdbc.password=填写数据库sonar对应的用户名密码
sonar.language=java
#----- sonar登录账户
sonar.login=admin
sonar.password=admin
http.authentication.preemptive=true
http.socket.timeout = 60000

编辑wrapper.conf文件,添加jdk版本信息

在待扫描项目的主目录下新建sonar-project.properties文件,编写项目相关的配置:

# must be unique in a given SonarQube instance
sonar.projectKey=news
# this is the name displayed in the SonarQube UI
sonar.projectName=news
sonar.projectVersion=1.0# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
# Since SonarQube 4.2, this property is optional if sonar.modules is set.
# If not set, SonarQube starts looking for source code from the directory containing
# the sonar-project.properties file.
# 源代码目录
sonar.sources=src
# 编译生成的class文件存放目录(有的项目是存放在target目录中)
sonar.java.binaries=build/classes# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8

有同学在sonarqube中安装sonarjava插件版本过高,所以配置文件中不添加sonar.java.binaries 就会报错,如果想采用静态代码检测(不经过编译,没有生成的classes文件),可以这样编写属性,解决方法来自这篇文章的【评论】@pengyuan_D【解决新版sonar-java插件需要配置sonar.java.binaries参数的问题】

在待扫描项目的主目录中打开命令行,运行sonar-scanner就可以看到执行流程了

5,如果出现是因为sonar-scanner支持jdk11版本,和项目所支持的Java1.8版本冲突,可以更换sonar-scanner为2.8版本解决,具体可以参考这里@<予安>【SonarQube执行代码分析时,报错ERROR: Unable to create symbol table for : /**/*.java java.lang.IllegalArgumentException: Unsupported class file major version 55】,亲测有效

PS D:\news> sonar-scanner
C:\Program Files\sonar-scanner-2.8\bin\..
INFO: Scanner configuration file: C:\Program Files\sonar-scanner-2.8\bin\..\conf\sonar-scanner.properties
INFO: Project root configuration file: D:\news\sonar-project.properties
INFO: SonarQube Scanner 2.8
INFO: Java 1.8.0_271 Oracle Corporation (64-bit)
INFO: Windows 10 10.0 amd64
INFO: User cache: C:\Users\许逍遥\.sonar\cache
INFO: Publish mode
INFO: Load global settings
INFO: Load global settings (done) | time=70ms
INFO: Server id: AXdNgQHKmLEJg0fPaxh9
INFO: User cache: C:\Users\许逍遥\.sonar\cache
INFO: Load plugins index
INFO: Load plugins index (done) | time=55ms
INFO: SonarQube server 6.7.4
INFO: Default locale: "zh_CN", source code encoding: "GBK" (analysis is platform dependent)
INFO: Process project properties
INFO: Load project repositories
INFO: Load project repositories (done) | time=100ms
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=30ms
INFO: Load active rules
INFO: Load active rules (done) | time=559ms
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=32ms
WARN: SCM provider autodetection failed. No SCM provider claims to support this project. Please use sonar.scm.provider to define SCM of your project.
INFO: Project key: news
INFO: -------------  Scan news
INFO: Load server rules
INFO: Load server rules (done) | time=54ms
INFO: Base dir: D:\news
INFO: Working dir: D:\news\.sonar
INFO: Source paths: src
INFO: Source encoding: GBK, default locale: zh_CN
INFO: Index files
INFO: 32 files indexed
INFO: Quality profile for java: Sonar way
INFO: Quality profile for xml: Sonar way
INFO: Sensor JavaSquidSensor [java]
INFO: Configured Java source version (sonar.java.source): none
INFO: JavaClasspath initialization
WARN: Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using sonar.java.libraries property
INFO: JavaClasspath initialization (done) | time=25ms
INFO: JavaTestClasspath initialization
INFO: JavaTestClasspath initialization (done) | time=2ms
INFO: Java Main Files AST scan
INFO: 22 source files to be analyzed
INFO: 22/22 source files have been analyzed
INFO: Java Main Files AST scan (done) | time=2406ms
INFO: Java Test Files AST scan
INFO: 0 source files to be analyzed
INFO: Java Test Files AST scan (done) | time=1ms
INFO: 0/0 source files have been analyzed
INFO: Sensor JavaSquidSensor [java] (done) | time=3189ms
INFO: Sensor SurefireSensor [java]
INFO: parsing [D:\news\target\surefire-reports]
INFO: Sensor SurefireSensor [java] (done) | time=5ms
INFO: Sensor JaCoCoSensor [java]
INFO: Sensor JaCoCoSensor [java] (done) | time=2ms
INFO: Sensor SonarJavaXmlFileSensor [java]
INFO: 7 source files to be analyzed
INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=189ms
INFO: 7/7 source files have been analyzed
INFO: Sensor XML Sensor [xml]
INFO: Sensor XML Sensor [xml] (done) | time=520ms
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=11ms
INFO: Sensor Zero Coverage Sensor
INFO: Sensor Zero Coverage Sensor (done) | time=97ms
INFO: Sensor CPD Block Indexer
INFO: Sensor CPD Block Indexer (done) | time=100ms
INFO: No SCM system was detected. You can use the 'sonar.scm.provider' property to explicitly specify it.
INFO: 8 files had no CPD blocks
INFO: Calculating CPD for 14 files
INFO: CPD calculation finished
INFO: Analysis report generated in 319ms, dir size=123 KB
INFO: Analysis reports compressed in 129ms, zip size=71 KB
INFO: Analysis report uploaded in 36ms
INFO: ANALYSIS SUCCESSFUL, you can browse http://localhost:9000/dashboard/index/news
INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
INFO: More about the report processing at http://localhost:9000/api/ce/task?id=AXdRaLa6jIZ5qmW-FA5u
INFO: Task total time: 8.065 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 11.348s
INFO: Final Memory: 52M/261M
INFO: ------------------------------------------------------------------------

至此,已经可以通过常规方法使用sonarqube扫描一个Java项目了,下面正片开始ε=ε=ε=(~ ̄▽ ̄)~

以下步骤均在sonarqube开启的前提下进行

3,通过Java执行shell命令扫描项目

3.1 主要思路

用户输入项目路径projectPath、项目名称/标识符projectName(这里默认将项目名称作为key);

在项目目录下创建sonarqube扫描所需的配置文件sonar-project.properties,并填入配置信息;

通过Runtime.getRuntime().exec执行命令行程序,并通过Process对象的waitFor函数了解进程的运行结果;

3.2 参考代码

import java.io.*;
import java.net.HttpURLConnection;
import java.util.ArrayList;
import java.util.Scanner;import com.alibaba.fastjson.*;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;
import java.util.Objects;public class Main {public static Scanner input = new Scanner(System.in);public static void main(String[] args) {// 输入配置信息System.out.println("输入待扫描项目地址:");String projectPath = input.nextLine();String fileName = "sonar-project.properties";// 配置文件名称System.out.println("输入项目名称:");String projectName = input.nextLine();String projectVersion = "1.0";String sources = "src";String binaries = "./";// 创建配置文件createFile(projectPath.concat("/"), fileName, projectName, projectVersion, sources, binaries);// 运行命令行runShell(projectPath);}/*** 创建配置文件* @param projectPath* @param fileName* @param projectName* @param projectVersion* @param sources* @param binaries*/public static void createFile(String projectPath, String fileName,String projectName,String projectVersion, String sources, String binaries) {// 创建配置文件File file = new File(projectPath, fileName);if(file.exists()) {System.out.println("配置文件已存在,开始更新配置");} else {try {file.createNewFile();System.out.println("配置文件创建成功,开始更新配置");} catch (IOException e) {e.printStackTrace();}}// 向文件中添加配置信息FileWriter fw;try {fw = new FileWriter(projectPath + fileName);BufferedWriter bw = new BufferedWriter(fw);bw.write("sonar.projectKey=" + projectName + "\n");bw.write("sonar.projectName=" + projectName + "\n");bw.write("sonar.projectVersion=" + projectVersion + "\n");bw.write("sonar.sources=" + sources + "\n");bw.write("sonar.java.binaries=" + binaries + "\n");bw.write("sonar.sourceEncoding=UTF-8\n");bw.close();} catch (IOException e) {e.printStackTrace();System.out.println(2);}}/*** 打开命令行,切换到对应目录,执行sonar-scanner指令* @param projectPath*/public static void runShell (String projectPath) {try {long startTime =  System.currentTimeMillis();Process proc = Runtime.getRuntime().exec("cmd.exe /c cd " + projectPath + "&& sonar-scanner");int processCode = proc.waitFor();if(processCode == 0) {System.out.println("扫描完成");long endTime =  System.currentTimeMillis();// 获取扫描时间long usedTime = (endTime - startTime) / 1000;System.out.println("扫描用时" + usedTime + "s");System.out.println("-----------------------------");} else {System.out.println("扫描失败");}} catch (Exception e) {e.printStackTrace();}}
}

3.3 运行效果

4,通过sonarqube的webapi获取项目扫描结果

4.1 主要思路

向接口(http://localhost:9000/api/measures/component?component=项目的key&metricKeys=想要获得的指标)发送HTTP请求,获得返回的json字符串;

借助阿里爸爸的fastJSON将json字符串转换为jsonObject对象,并通过不断解析,得到想要得到的字段(这里指bugs/code_smells/vulnerabilities的数目);

4.2 参考代码

    /*** 根据项目名称获取sonarqube扫描结果(bugs、codeSmells、vulnerabilities)* @param projectName*/public static void getJsonData(String projectName) {String param1 = "component=" + projectName + "&metricKeys=bugs";String param2 = "component=" + projectName + "&metricKeys=code_smells";String param3 = "component=" + projectName + "&metricKeys=vulnerabilities";System.out.println("bugs:" + getSonarMeasures(param1));System.out.println("codeSmells:" + getSonarMeasures(param2));System.out.println("vulnerabilities:" + getSonarMeasures(param3));}/*** 根据参数获得相应的指标* @param param 向接口发送的参数(bugs、codeSmells、vulnerabilities)* @return 各种参数的值*/public static int getSonarMeasures(String param) {PrintWriter out = null;InputStream is = null;BufferedReader br = null;StringBuilder sb = new StringBuilder();int value = 0;try {String api = "http://localhost:9000/api/measures/component?";URL url = new URL(api);HttpURLConnection connection = (HttpURLConnection) url.openConnection();connection.setRequestMethod("GET");// 发送参数connection.setDoOutput(true);out = new PrintWriter(connection.getOutputStream());out.print(param);out.flush();// 接受结果is = connection.getInputStream();br = new BufferedReader(new InputStreamReader(is, "UTF-8"));// 通过流读取结果String line;while ((line = br.readLine()) != null) {sb.append(line);}// 解析json数据String backJson = sb.toString();                                    // 获得json字符串JSONObject jsonObject = JSONObject.parseObject(backJson);           // 将字符串转换为JSONObject对象JSONObject componentObj = jsonObject.getJSONObject("component");    // 获取component的JSONObject对象JSONArray measuresAry = componentObj.getJSONArray("measures");      // 由于是数组形式,先获取measures的JSONArray对象JSONObject measuresObj = measuresAry.getJSONObject(0);              // 获取measures的JSONObject对象value = measuresObj.getIntValue("value");} catch (Exception e) {e.printStackTrace();} finally {try {if(is != null) is.close();if(br != null) br.close();if(out != null) out.close();} catch (Exception e) {e.printStackTrace();}}return value;}

4.3 运行结果

Windows中使用Java执行shell命令运行检测,通过sonarqube的webapi获取扫描结果相关推荐

  1. Hadoop离线 day18 sqoop数据迁移和java执行shell命令

    sqoop数据迁移和java执行shell命令 3. sqoop数据迁移 3.1.概述 3.2.sqoop1与sqoop2架构对比 3.3.工作机制 3.4 .sqoop实战及原理 3.4.1 sqo ...

  2. java执行shell命令,chmod 777 xxx,改变权限无效的解决办法。

    在java程序中执行shell命令,改变文件的权限,可以在命令行中执行 chmod 777 <span style="font-family: Arial, Helvetica, sa ...

  3. java执行shell命令权限不够_Java调用shell脚本解决传参和权限问题的方法|chu

    1. java 执行shell java 通过 Runtime.getRuntime().exec() 方法执行 shell 的命令或 脚本,exec()方法的参数可以是脚本的路径也可以是直接的 sh ...

  4. php异步处理shell,如何在Linux和Windows环境中使用PHP执行Shell命令而无需等待结果(异步)...

    在许多情况下, 你宁愿使用控制台而不是UI来执行php脚本, 但是在某些情况下, 使用UI是触发操作的唯一方法. 可能你已经知道如何使用PHP执行bash任务, 但是如果你的任务太繁重且完成时间太长怎 ...

  5. java执行shell命令

    package com.pms.util; import java.io.File; import java.io.IOException; import java.io.InputStream; i ...

  6. JSch连接不上Linux服务器,windows 下 java程序jsch连接远程linux服务器执行shell命令

    java远程连接服务的shell需要使用SSH的登录方式,可以使用JSch技术.JSch 是SSH2的一个纯Java实现.它允许你连接到一个sshd 服务器,使用端口转发,X11转发,文件传输等等. ...

  7. Windows系统下pycharm运行.sh文件,执行shell命令

    (6条消息) Windows系统下pycharm运行.sh文件,执行shell命令_扑哧丶的博客-CSDN博客_pycharm运行shell脚本

  8. 脚本运行显示服务器超时,java执行shell脚本超时

    java执行shell脚本超时 [2021-02-11 04:20:34]  简介: 系统运维 在数据库运维的过程中,Shell 脚本在很大程度上为运维提供了极大的便利性.而shell 脚本参数作为变 ...

  9. SQL格式日志转为syslog格式:触发器中执行Shell命令

    很多企业网中都部署了日志中心,集中收集.分析和处理各种设备产生的日志. 但一些应用系统的日志是保存在数据库表中,如果需要提供syslog格式日志,除了进行代码改造外,一种快速的解决方法是使用SQL触发 ...

最新文章

  1. 刻意练习:LeetCode实战 -- Task02. 删除排序数组中的重复项
  2. 代码改动两三行,AI数据秒换隐身衣!隐私计算+AI?中科院博士实践分享一键切换...
  3. 一个MySQL时间戳精度引发的血案
  4. 程序员必收藏的五个网站
  5. 100~200之间的素数(及其四个优化方案)
  6. lucene Collector 文档收集器
  7. number2chinese php,php 数字转换为中文
  8. 给Eclipse安装MinGW
  9. python笔记3:依次输入3个数排序打印(升序)
  10. Ubuntu 文件文件夹查看权限和设置权限
  11. 安全合规/ISO--1--ISO 27000系列标准介绍
  12. 突破某书新版登录流程逆向分析
  13. CrossApp_01
  14. 单片机c语言出租车计时程序,基于单片机的出租车计费(c语言
  15. 语言缩写c-a,各国语言缩写及语言代码查询
  16. 【NOWCODER】- Python:列表(一)
  17. Elasticsearch Field Options Norms
  18. 土味情话恋爱话术微信小程序源码下载
  19. 665. Non-decreasing Array
  20. python 批量修改/替换数据

热门文章

  1. python实现王者荣耀游戏框架
  2. AGV运行数据显示系统----工业物流
  3. selenium web录制(selenium_ide-2.9.1-fx.xpi和老版本火狐浏览器在最下方)
  4. 网站运维:git工具(10):GitLab安装和使用
  5. 黑马程序员--技术网站网址2
  6. 基础js实现下雨效果(超简单)
  7. kaggle论文阅读
  8. 移动云,中国移动算力网络棋局中的关键一子
  9. windows设置CPU主频
  10. C++沙海拾遗(三)