maven - Sonar Maven 插件无法使用密码作为 Maven 参数连接到 Oracle DB
问题描述
我想通过 Maven 为我的 PL/SQL 项目运行分析。我使用这个版本的插件:
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.4.0.905</version>
在连接到数据库以检索数据字典信息之前,使用mvn sonar:sonar一直很好。运行后,mvn -X sonar:sonar我得到以下堆栈跟踪:
[DEBUG] 13:26:02.222 Unable to decrypt property sonar.plsql.jdbc.password
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:121)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:103)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64 (PBECipher.java:193)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt (DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:96)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:103)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy (Native Method)
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64 (PBECipher.java:181)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt (DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:96)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:103)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
[DEBUG] 13:26:02.284 Unable to decrypt property sonar.plsql.jdbc.password
org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:121)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.create (ScannerFactory.java:61)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:107)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: org.sonatype.plexus.components.cipher.PlexusCipherException: java.lang.ArrayIndexOutOfBoundsException
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64 (PBECipher.java:193)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt (DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:96)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.create (ScannerFactory.java:61)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:107)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.ArrayIndexOutOfBoundsException
at java.lang.System.arraycopy (Native Method)
at org.sonatype.plexus.components.cipher.PBECipher.decrypt64 (PBECipher.java:181)
at org.sonatype.plexus.components.cipher.DefaultPlexusCipher.decrypt (DefaultPlexusCipher.java:72)
at org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.decrypt (DefaultSecDispatcher.java:96)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decrypt (PropertyDecryptor.java:56)
at org.sonarsource.scanner.maven.bootstrap.PropertyDecryptor.decryptProperties (PropertyDecryptor.java:45)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.createGlobalProperties (ScannerFactory.java:76)
at org.sonarsource.scanner.maven.bootstrap.ScannerFactory.create (ScannerFactory.java:61)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:107)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke (Method.java:498)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
我设置sonar.plsql.jdbc.password为pom.xml,${settings.servers.db-dev.password}这个参数在我的settings.xml文件中设置。我仔细检查了 Maven 是否读取了正确的settings.xml文件。
实际上,在输出的最后,我logon denied从 db 得到错误,这意味着插件试图连接(它是否用作${settings.servers.db-dev.password}纯文本密码?)到 db 虽然早些时候它未能获得密码。
所以我的问题是:
- 为什么 Maven 插件不能通过参数字符串获取密码?我很好奇,因为他可以
username作为参数字符串传递。(而且我的密码是 maven 加密还是纯文本都没关系) - 如果它是已知的行为,那么是否有任何其他方法可以保持您的数据库密码加密并将其传递给声纳 Maven 插件?
UPD:这是我pom.xml的服务器扩展部分:
<extensions>
<extension>
<groupId>com.github.shyiko.servers-maven-extension</groupId>
<artifactId>servers-maven-extension</artifactId>
<version>1.3.1</version>
</extension>
</extensions>
这是一段声纳配置:
<sonar.login>${spdb-beholder.sonar.login}</sonar.login>
<sonar.host.url>${spdb-beholder.sonar.host}</sonar.host.url>
<sonar.plsql.jdbc.url>${liquibase.url}</sonar.plsql.jdbc.url>
<sonar.plsql.jdbc.user>${settings.servers.db-dev.username}</sonar.plsql.jdbc.user>
<sonar.plsql.jdbc.password>${settings.servers.db-dev.password}</sonar.plsql.jdbc.password>
<sonar.plsql.jdbc.defaultSchema>${liquibase.user.owner}</sonar.plsql.jdbc.defaultSchema>
<sonar.projectName>spdb-beholder</sonar.projectName>
<sonar.projectKey>spdb-beholder</sonar.projectKey>
<sonar.plsql.file.suffixes>sql,vw,pkb</sonar.plsql.file.suffixes>
<sonar.sources>src/main/resources/migration/compiled</sonar.sources>
<sonar.tests>src/main/resources/migration/tests</sonar.tests>
<sonar.plsql.jdbc.driver>${liquibase.driver}</sonar.plsql.jdbc.driver>
<sonar.plsql.jdbc.driver.path>${project.build.directory}/lib/ojdbc8-12.2.0.1.jar</sonar.plsql.jdbc.driver.path>
<sonar.plsql.jdbc.driver.class>oracle.jdbc.OracleDriver</sonar.plsql.jdbc.driver.class>
<sonar.sourceEncoding>UTF-8</sonar.sourceEncoding>
<sonar.language>plsql</sonar.language>
<sonar.coverageReportPaths>${project.build.directory}/coverage-sonar-reporter.xml</sonar.coverageReportPaths>
<sonar.testExecutionReportPaths>${project.build.directory}/sonar-test-reporter.xml</sonar.testExecutionReportPaths>
我还检查了这是否有效:
<sonar.plsql.jdbc.user>${settings.servers.db-dev.username}</sonar.plsql.jdbc.user>
<sonar.plsql.jdbc.password>unencryptedpasswordfordb</sonar.plsql.jdbc.password>
它没有。所以它不取决于你传入的参数是什么${}参数。
我发现这篇文章:https ://docs.sonarqube.org/latest/instance-administration/security/#header-6 我不太喜欢它,因为我必须在本地机器上保存密钥,因为我也测试测试结果发布到声纳。
解决方案
${}maven 不支持通过表达式访问服务器属性。您可以使用以下扩展名:https ://github.com/shyiko/servers-maven-extension
这个问题也在How to get the values defined in the settings.xml to use them in my pom.xml 中得到解答?
推荐阅读
- go - beego二进制安装了一个荒谬的路径,'bee new'命令不起作用
- angular - 如果结果包含部分文本,则尝试隐藏变量
- java - 套接字关闭异常和EOF异常
- bash - 如何从 shell 脚本中的测试输出中搜索“ERROR”字符串?
- sql - 插入语句中的 SQL 选择
- authentication - 在 CakePHP 1.3 中单击提交按钮后如何不需要身份验证
- django - 除非我将 pk 值设置为固定值,否则无法获得带有上下文的 GCBV 以按作者显示书籍
- excel - VBA 公式 - 每行数据的调整
- javascript - 参数类型不可分配给类型参数
- amazon-sagemaker - 目标检测——你能得到每个班级的mAP吗?