왜 내 소스 파일을 BIRTReportGenerator에서 찾을 수 없습니까?

Question

SCA 사용자 안내서에 설명 된대로 BIRTReportGenerator를 사용하여 강화 보고서를 작성하려고합니다. 검사가 제대로 작동하고 fpr 파일을 생성하지만 보고서 생성기를 실행하면 다음 오류가 발생합니다.

FPR source file not found or not readable. 

여기에 제가 사용하는 명령이 있습니다. 이들은 사용자 가이드에서 잘라내어 붙여 넣었습니다. 수정 된 유일한 경로입니다.

sourceanalyzer -b myproject -clean 
sourceanalyzer -b myproject -cp /Users/ginger.mcmurray/Mobuyle-Android-New-Ui/MobuyleCore/libs -Dcom.fortify.sca.SuppressLowSeverity=true -Dcom.fortify.sca.LowSeverityCutoff=10.0 -jdk 1.6 MobuyleCore/src 
sourceanalyzer -b myproject -scan -f results.fpr 
BIRTReportGenerator -template "OWASP Top 10" -source results.fpr -format PDF -showSuppressed --Version "OWASP Top 10 2013" --UseFortifyPriorityOrder -output MyOWASP_Top10_Report.pdf 

대신 ReportGenerator를 사용하면 모든 것이 작동합니다. 그러나 보안 부서의 BIRT 보고서를 작성해야합니다.

이것은 안드로이드 자바 프로젝트를위한 것입니다.

또한 명령에 경로가 포함되어 있음에도 불구하고 내 jar 파일 안에있는 것들에 대해 많은 알 수없는 함수 및 참조 문제가 발생합니다.

-debug 옵션을 사용하여 BIRTReportGenerator에서 출력.

Start VM: -Xms40m 
-Xmx1088m 
-XX:MaxPermSize=320m 
-XX:-UseCompressedOops 
-Xdock:icon=../Resources/Awb.icns 
-XstartOnFirstThread 
-Dorg.eclipse.swt.internal.carbon.smallFonts 
-Dcom.fortify.InstallRoot=../../../../../../.. 
-Djava.awt.headless=true 
-Dcom.fortify.InstallRoot=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/bin/.. 
-Xmx1000M 
-XX:MaxPermSize=256m 
-Djava.class.path=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar 
-os macosx 
-ws cocoa 
-arch x86_64 
-launcher /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS/eclipse 
-name HPE Security Fortify Report Generation 
--launcher.library /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher.cocoa.macosx.x86_64_1.1.200.v20150204-1316/eclipse_1607.so 
-startup /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar 
--launcher.appendVmargs 
-application com.hp.fortify.birt.report.generator.console.Application 
-data /Users/ginger.mcmurray/.fortify/BIRT16.10/workspace 
-configuration /Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442 
-template OWASP Top 10 
-source results.fpr 
-format PDF 
-showSuppressed 
--Version OWASP Top 10 2013 
--UseFortifyPriorityOrder 
-debug 
-output MyOWASP_Top10_Report.pdf 
-consoleLog 
-vm /Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/jre/lib/jli/libjli.dylib 
-vmargs 
-Xms40m 
-Xmx1088m 
-XX:MaxPermSize=320m 
-XX:-UseCompressedOops 
-Xdock:icon=../Resources/Awb.icns 
-XstartOnFirstThread 
-Dorg.eclipse.swt.internal.carbon.smallFonts 
-Dcom.fortify.InstallRoot=../../../../../../.. 
-Djava.awt.headless=true 
-Dcom.fortify.InstallRoot=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/bin/.. 
-Xmx1000M 
-XX:MaxPermSize=256m 
-Djava.class.path=/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS//../../../plugins/org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar 
Configuration location: 
    file:/Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442/ 
Configuration file: 
    file:/Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442/config.ini loaded 
Install location: 
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/ 
Configuration file: 
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/configuration/config.ini loaded 
Loading timestamp file from: 
    file:/Users/ginger.mcmurray/.fortify/BIRT16.10/configuration442/ .baseConfigIniTimestamp 
    No timestamp file found 
Timestamps found: 
    config.ini in the base: 1458848541000 
    remembered -1 
Shared configuration location: 
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/configuration/ 
Framework located: 
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/org.eclipse.osgi_3.10.2.v20150203-1939.jar 
Loading extension: reference:file:org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar 
    eclipse.properties not found 
Framework classpath: 
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/org.eclipse.osgi_3.10.2.v20150203-1939.jar 
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/ 
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/plugins/org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar 
Debug options: 
    file:/Applications/HP_Fortify/HP_Fortify_SCA_and_Apps_16.10/Core/private-bin/awb/eclipse/Auditworkbench.app/Contents/MacOS/.options not found 
Time to load bundles: 5 
Starting application: 864 
FPR source file not found or not readable. 

Answer 1

상대 경로로 할 필요 버전 16.10/16.20 맥 OS에서의 BIRTReportGenerator에서 버그가 수 있도록 보인다.

17.10 (현재 버전은 2017 년 10 월 기준)으로 수정되었습니다.

해결 방법을 모르겠다면 Fortify 기술 지원 (fortifytechsupport@hpe.com)에 연락하여 해결 방법이 있는지 확인하십시오.