如何使用Fortify Scan 16.11扫描Project.Json的dotnet核心

本文介绍了如何使用Fortify Scan 16.11扫描Project.Json的dotnet核心的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我创建了一个默认的.Net Core 1.0.1类库，并更改了project.json中的buildOptions使其包含debugType： Full。我使用了集成的VS 2015 Fortify Scan（使用16.11），但出现以下错误。我应该如何扫描dotnet核心以避免此问题？

I created a default .Net Core 1.0.1 Class library and changed buildOptions in project.json to include debugType: "Full". I used the integrated VS 2015 Fortify Scan using 16.11 and I get the errors below. How should I scan dotnet core to avoid this problem?

项目src\providesFileInPackage\providesFileInPackage.xproj未配置为输出完整的调试信息。 SCA Analysis需要完整的调试符号。您要忽略项目并继续吗？
（项目属性->构建->高级按钮->调试信息->完整
或
项目属性->编译->高级选项->调试信息-> VB）

Project 'src\providesFileInPackage\providesFileInPackage.xproj' is not configured to output full debug information. SCA Analysis requires full debug symbols. Would you like to ignore project and continue?(Project Properties -> Build -> "Advanced" button -> Debug Info -> "Full" OR Project Properties -> Compile -> Advanced Options -> Debug Info -> "Full" for VB)

我的项目json看起来

My project json looks like

{
  "version": "1.0.0-*",
  "dependencies": {
    "NETStandard.Library": "1.6.0"
  },
  "frameworks": {
    "netstandard1.6": {
      "imports": "dnxcore50"
    }
  },
  "buildOptions": {
    "define": [ "DEBUG" ],
    "debugType": "full"
  }
}

推荐答案

我遇到了同样的问题。这是因为 xproj 文件而不是 project.json 造成的，所以我试图添加

I had the same problem. It's blaming the xproj file and not project.json so I tried to add

<DebugType>full</DebugType>

，但无济于事。

最后，我通过从命令行运行Fortify找到了一种解决方法：

In the end I found a workaround by running Fortify from the command line:

msbuild MyApplicationSca.proj /p:Configuration=Release /t:Rebuild /m

我的 MyApplicationSca.proj 看起来像这样：

<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">

  <PropertyGroup>
    <MySolution>MyApplication.sln</MySolution>
    <Configuration Condition=" $(Configuration) == '' ">Debug</Configuration>
    <CommonMSBuildProperties>BuildingSolutionFileName=true</CommonMSBuildProperties>
    <RunHPFortify Condition=" '$(RunHPFortify)' == '' ">false</RunHPFortify>
    <HPFortifyPath Condition=" '$(HPFortifyPath)' == '' ">$(ProgramW6432)\HP_Fortify\HP_Fortify_SCA_and_Apps_4.40\</HPFortifyPath>
    <FortifyMSBuildTasks>$(HPFortifyPath)Core\lib\FortifyMSBuildTasks.dll</FortifyMSBuildTasks>
  </PropertyGroup>

  <ItemGroup>
    <Projects Include="$(MySolution)">
      <AdditionalProperties>Platform=Any CPU</AdditionalProperties>
    </Projects>
  </ItemGroup>

  <Target Name="Clean">
    <MSBuild Projects="@(Projects)" Targets="Clean" Properties="$(CommonMSBuildProperties)" />
  </Target>

  <Target Name="Build">
    <MSBuild Projects="@(Projects)" Targets="Build" Properties="$(CommonMSBuildProperties)"
             StopOnFirstFailure="true" />
  </Target>

  <Target Name="Rebuild">
    <MSBuild Projects="@(Projects)" Targets="Rebuild" Properties="$(CommonMSBuildProperties)"
             StopOnFirstFailure="true" />
  </Target>

  <UsingTask TaskName="Fortify.CleanTask" AssemblyFile="$(FortifyMSBuildTasks)" />
  <UsingTask TaskName="Fortify.TranslateTask" AssemblyFile="$(FortifyMSBuildTasks)" />
  <UsingTask TaskName="Fortify.ScanTask" AssemblyFile="$(FortifyMSBuildTasks)" />

  <Target Name="FortifyBuild" AfterTargets="Build;Rebuild" Condition="$(RunHPFortify)">
    <PropertyGroup>
      <BuildID>MyApplication</BuildID>
      <HPFortifyLogsDir>..\HPFortifyLogs\</HPFortifyLogsDir>
      <PackagesDir>$(MSBuildProjectDirectory)\packages\</PackagesDir>
      <OutDir>$(MSBuildProjectDirectory)\MyApplication\bin\$(Configuration)\net452\win7-x64\</OutDir>
      <SCATargetBinary>$(OutDir)MyApplication.exe</SCATargetBinary>
      <FPRFilePath>$(HPFortifyLogsDir)MyApplication.fpr</FPRFilePath>
      <SSCUploadToken Condition=" '$(SSCUploadToken)' == '' ">1cfe9977-905c-4da4-bb57-97e3dcc33099</SSCUploadToken>
    </PropertyGroup>

    <ItemGroup>
      <TranslateTaskReferences Include="$(OutDir)" />
    </ItemGroup>

    <CleanTask BuildID="$(BuildID)" />

    <TranslateTask
      BuildID="$(BuildID)"
      VSVersion="14.0"
      JVMSettings="-Xmx1000M"
      BinariesFolder="$(SCATargetBinary)"
      References="@(TranslateTaskReferences)"
      LogFile="$(HPFortifyLogsDir)sca_translate_task.log">
    </TranslateTask>

    <ScanTask
      BuildID="$(BuildID)"
      JVMSettings="-Xmx1000M"
      LogFile="$(HPFortifyLogsDir)scan_task.log"
      Output="$(FPRFilePath)" />

  </Target>

</Project>

我现在没有进行更多的调查，但我希望这能使我们更接近答案

I am not investigating more than that right now but I hope this brings us a bit closer to the answer.

这篇关于如何使用Fortify Scan 16.11扫描Project.Json的dotnet核心的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！