Jenkins中使用火线进行Android静态代码扫描

Posted wpyily

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Jenkins中使用火线进行Android静态代码扫描相关的知识,希望对你有一定的参考价值。

背景

《火线》是360Qtest测试团队在公司内部经过半年实践后向外推出的一款针对android代码的静态扫描工具。本文主要介绍如何在Jenkins下植入火线扫描并实时查看结果的配置。

环境配置

  1. Jenkins,推荐使用最新的版本,本文使用的是2.2版本
  2. Publish HTML Reports插件,版本大于1.0,本文使用的是1.11

创建Job

创建一个job,如下图显示:

创建构建任务

正常的项目build一般会设置源码管理,拉取代码,设置参数,设置构建周期,这里不做演示。在设置完成代码构建命令后,增加一个Execute Windows batch command操作,加入如下的命令:

java -jar D:\\fireline.jar scanSrcDir=E:\\codes\\tmp\\Test.java proj_name=test reportSaveDir=D:\\report reportFileName=test%BUILD_NUMBER% user=zhangsan 

注意:在Execute shell 或 Execute Windows batch command文本框中使用,使用方法:%变量名%

执行完成构建任务后,会在D:\\report目录下生成一个test%BUILD_NUMBER%.html的测试报告。下图为我设置的例子:

展示HTML报告

添加一个构建后操作,选择Publish HTML reports,填写下面的选项
- HTML directory to archive:存放的报告目录
- Index page[s]:生成的html名称,比如test.html
- Report title:报告的title
设置如下图:

点击保存即可。这个时候已经可以运行构建任务了,只不过还会遇到个麻烦,就是火线的测试报告用到了javascript,而jenkins对于这个默认设置是禁止的,包括:
-No JavaScript allowed at all
-No plugins (object/embed) allowed
-No inline CSS, or CSS from other sites allowed
-No images from other sites allowed
-No frames allowed
-No web fonts allowed
-No XHR/AJAX allowed
具体参看这里:Configuring Content Security Policy

如果仅仅完成上面的操作,你在点击测试报告分页tab的时候,会出现报错提示the document's frame is sandboxed and the 'allow-scripts' permission is not set,解决办法如下:
【jenkins】->【系统管理】->【脚本命令行】,在文本框中输入:System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", ""),点击运行。重新执行一下build任务即可。


【附录】:jenkins的环境参数,记录一下方便查询
BUILD_NUMBER
The current build number, such as “153”
BUILD_ID
The current build ID, identical to BUILD_NUMBER for builds created in 1.597+, but a YYYY-MM-DD_hh-mm-ss timestamp for older builds
BUILD_DISPLAY_NAME
The display name of the current build, which is something like “#153” by default.
JOB_NAME
Name of the project of this build, such as “foo” or “foo/bar”.
JOB_BASE_NAME
Short Name of the project of this build stripping off folder paths, such as “foo” for “bar/foo”.
BUILD_TAG
String of “jenkins- JOBNAME BUILD_NUMBER”. All forward slashes (/) in the JOB_NAME are replaced with dashes (-). Convenient to put into a resource file, a jar file, etc for easier identification.
EXECUTOR_NUMBER
The unique number that identifies the current executor (among executors of the same machine) that’s carrying out this build. This is the number you see in the “build executor status”, except that the number starts from 0, not 1.
NODE_NAME
Name of the agent if the build is on an agent, or “master” if run on master
NODE_LABELS
Whitespace-separated list of labels that the node is assigned.
WORKSPACE
The absolute path of the directory assigned to the build as a workspace.
JENKINS_HOME
The absolute path of the directory assigned on the master node for Jenkins to store data.
JENKINS_URL
Full URL of Jenkins, like http://server:port/jenkins/ (note: only available if Jenkins URL set in system configuration)
BUILD_URL
Full URL of this build, like http://server:port/jenkins/job/foo/15/ (Jenkins URL must be set)
JOB_URL
Full URL of this job, like http://server:port/jenkins/job/foo/ (Jenkins URL must be set)
SVN_REVISION
Subversion revision number that’s currently checked out to the workspace, such as “12345”
SVN_URL
Subversion URL that’s currently checked out to the workspace.

以上是关于Jenkins中使用火线进行Android静态代码扫描的主要内容,如果未能解决你的问题,请参考以下文章

代码静态扫描与覆盖率工具之火线

火线教你如何开发Jenkins插件

击败Facebook Infer!360火线大起底

击败Facebook Infer!360火线大起底

JenKins结合cppcheck及cpplint进行代码风格及静态代码检测

Android APP风险检测-360火线