sonarqube

问题 Following are checkmarx issue details Unrestricted File Upload Source Object : req (Line No - 39) target Object : getInputStream (Line No -41) public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter { //... 38 public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) 39 throws AuthenticationException, IOException, ServletException 40 { 41 Entitlements creds = new ObjectMapper().readValue(req.getInputStream(), Entitlements.class); return

问题 Following are checkmarx issue details Unrestricted File Upload Source Object : req (Line No - 39) target Object : getInputStream (Line No -41) public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter { //... 38 public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) 39 throws AuthenticationException, IOException, ServletException 40 { 41 Entitlements creds = new ObjectMapper().readValue(req.getInputStream(), Entitlements.class); return

问题 Following are checkmarx issue details Unrestricted File Upload Source Object : req (Line No - 39) target Object : getInputStream (Line No -41) public class JWTLoginFilter extends AbstractAuthenticationProcessingFilter { //... 38 public Authentication attemptAuthentication(HttpServletRequest req, HttpServletResponse res) 39 throws AuthenticationException, IOException, ServletException 40 { 41 Entitlements creds = new ObjectMapper().readValue(req.getInputStream(), Entitlements.class); return

问题 We are using SonarQube 6.4 Code coverage for both front end code(JavaScript) & back end code(java) shows 0% Developers claim they have unit test cases for every function or class they write This application has database layer What does code coverage 0% mean? 回答1: As stated in the docs sonarqube does not run tests, it simply imports report generated by other tools to display them along the other analysis. So my guess is that you have not configured your CI chain to generate test reports to be

问题 Closed . This question needs details or clarity. It is not currently accepting answers. Want to improve this question? Add details and clarify the problem by editing this post. Closed yesterday . Improve this question I have several SQL injection security hotspots reported by SonarQube. I've changed my implementation to use parametrized queries but the issue hasn't been solved. SonarQube is reporting SQL Injection at The following line: SqlCommand cmd = new SqlCommand(cmdTxt, con); How may i

问题 I'm trying to create a Jenkins multibranch pipeline where on every push to bitbucket, a SonarQube analysis is performed on that branch of the project. Jenkins correctly creates the new job for each branch and a new project is created in SonarQube with the branch name appended to the project name. The issue I'm having is that when SonarQube creates the new project, the webhook to report the Quality Gate status is not set by default, so I have to manually go into each SonarQube project and set

问题 I'm trying to create a Jenkins multibranch pipeline where on every push to bitbucket, a SonarQube analysis is performed on that branch of the project. Jenkins correctly creates the new job for each branch and a new project is created in SonarQube with the branch name appended to the project name. The issue I'm having is that when SonarQube creates the new project, the webhook to report the Quality Gate status is not set by default, so I have to manually go into each SonarQube project and set

问题 I'm using Sonarqube 7.9 and Gitlab with a maven docker image that calls my Sonarqube using mvn --batch-mode verify sonar:sonar -DskipTests=true -Drevision=$REVISION_UNSTABLE $SONAR_OPTS -Dsonar.analysis.mode=issues . The thing is that the parameter sonar.analysis.mode is not used anymore since version 7.4 but I can't find out what parameter do I need to use instead. At the build development branch I just want to check the issues related to the code and I don't want to publish anything. Only

问题 I'm using Sonarqube 7.9 and Gitlab with a maven docker image that calls my Sonarqube using mvn --batch-mode verify sonar:sonar -DskipTests=true -Drevision=$REVISION_UNSTABLE $SONAR_OPTS -Dsonar.analysis.mode=issues . The thing is that the parameter sonar.analysis.mode is not used anymore since version 7.4 but I can't find out what parameter do I need to use instead. At the build development branch I just want to check the issues related to the code and I don't want to publish anything. Only

问题 I want to have a clean project. So I used Sonar to detect potential defects, ... On the below method, Sonar asks to : Use try-with-resources or close this "Connection" in a "finally" clause. . private Connection createConnection() throws JMSException { MQConnectionFactory mqCF = new MQConnectionFactory(); ... Connection connection = mqCF.createConnection(...); connection.start(); return connection; } Can you explain me what I did wrong and how to do to avoid Sonar message? Thank you. 回答1: