我想通过Maven为我的PL/SQL项目运行分析。我使用此版本的插件:
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.4.0.905</version>
在连接到数据库以检索数据字典信息之前,使用mvn sonar:sonar效果很好。运行mvn -X sonar:sonar后,我得到以下堆栈跟踪:
[DEBUG] 13:26:02.222 Unable to decrypt property sonar.plsql.jdbc.password
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:121)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:103)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64 (PBECipher.java:193)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt (DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:96)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:103)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy (Native Method)
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64 (PBECipher.java:181)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt (DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:96)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:103)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
[DEBUG] 13:26:02.284 Unable to decrypt property sonar.plsql.jdbc.password
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:121)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.create (ScannerFactory.java:61)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:107)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64 (PBECipher.java:193)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt (DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:96)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.create (ScannerFactory.java:61)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:107)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy (Native Method)
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64 (PBECipher.java:181)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt (DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:96)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.create (ScannerFactory.java:61)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:107)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
我将pom.xml中的sonar.plsql.jdbc.password设置为${settings.servers.db-dev.password},此参数在我的settings.xml文件中设置。我仔细检查了Maven是否读取了正确的settings.xml文件。
实际上,在输出的最后,我从db收到logon denied错误,这意味着插件试图将(它是否使用${settings.servers.db-dev.password}作为纯文本密码?
所以我的问题是:
- 为什么 Maven 插件不能通过参数字符串获取密码?我很好奇,因为他可以
username作为参数字符串传递。(我的密码是maven加密还是纯文本都没有关系( - 如果是已知行为,那么是否有任何其他方法可以保持数据库密码加密并将其传递给声纳 maven 插件?
UPD:这是我pom.xml关于服务器扩展的文章:
<extensions>
<extension>
<groupId>com.github.shyiko.servers-maven-extension</groupId>
<artifactId>servers-maven-extension</artifactId>
<version>1.3.1</version>
</extension>
</extensions>
这是声纳配置的一部分:
<sonar.login>${spdb-beholder.sonar.login}</sonar.login>
<sonar.host.url>${spdb-beholder.sonar.host}</sonar.host.url>
<sonar.plsql.jdbc.url>${liquibase.url}</sonar.plsql.jdbc.url>
<sonar.plsql.jdbc.user>${settings.servers.db-dev.username}</sonar.plsql.jdbc.user>
<sonar.plsql.jdbc.password>${settings.servers.db-dev.password}</sonar.plsql.jdbc.password>
<sonar.plsql.jdbc.defaultSchema>${liquibase.user.owner}</sonar.plsql.jdbc.defaultSchema>
<sonar.projectName>spdb-beholder</sonar.projectName>
<sonar.projectKey>spdb-beholder</sonar.projectKey>
<sonar.plsql.file.suffixes>sql,vw,pkb</sonar.plsql.file.suffixes>
<sonar.sources>src/main/resources/migration/compiled</sonar.sources>
<sonar.tests>src/main/resources/migration/tests</sonar.tests>
<sonar.plsql.jdbc.driver>${liquibase.driver}</sonar.plsql.jdbc.driver>
<sonar.plsql.jdbc.driver.path>${project.build.directory}/lib/ojdbc8-12.2.0.1.jar</sonar.plsql.jdbc.driver.path>
<sonar.plsql.jdbc.driver.class>oracle.jdbc.OracleDriver</sonar.plsql.jdbc.driver.class>
<sonar.sourceEncoding>UTF-8</sonar.sourceEncoding>
<sonar.language>plsql</sonar.language>
<sonar.coverageReportPaths>${project.build.directory}/coverage-sonar-reporter.xml</sonar.coverageReportPaths>
<sonar.testExecutionReportPaths>${project.build.directory}/sonar-test-reporter.xml</sonar.testExecutionReportPaths>
我还检查了这是否有效:
<sonar.plsql.jdbc.user>${settings.servers.db-dev.username}</sonar.plsql.jdbc.user>
<sonar.plsql.jdbc.password>unencryptedpasswordfordb</sonar.plsql.jdbc.password>
其实不然。因此,它不取决于您传入${}参数的参数。
我找到了这篇文章:https://docs.sonarqube.org/latest/instance-administration/security/#header-6 我不太喜欢它,因为我必须将密钥保存在本地机器上,因为我还将测试结果发布到 Sonar。
Maven不支持通过${}表达式访问服务器属性。 您可以使用以下扩展名:https://github.com/shyiko/servers-maven-extension
这个问题也得到了回答 如何获取设置中定义的服务器值.xml在我的 pom.xml 中使用它们?