Skip to content

Commit fdfe560

Browse files
davewichersdavewichers
authored
Merge pull request #286 from darkspirit510/sonar-report-new
Replace custom sonarqube generation with sonar-report
2 parents 22b9ded + 4fb517b commit fdfe560

File tree

1 file changed

+40
-58
lines changed

1 file changed

+40
-58
lines changed

scripts/runSonarQube.sh

Lines changed: 40 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -13,35 +13,45 @@ requireCommand curl
1313
requireCommand docker
1414
requireCommand jq
1515

16+
if ! command -v "sonar-report" &> /dev/null; then
17+
echo "sonar-report is required. Please install it via https://github.com/soprasteria/sonar-report and then try again."
18+
exit 1
19+
fi
20+
1621
# Check for install/updates at https://github.com/SonarSource/sonarqube
1722

18-
sonar_port="9876"
19-
sonar_host="http://localhost:$sonar_port"
23+
container_name="sonarqube-benchmark"
24+
sonar_external_port="9876"
25+
sonar_internal_port="9000"
26+
sonar_host="http://localhost:$sonar_external_port"
2027
sonar_project="benchmark"
2128
sonar_user="admin"
2229
sonar_default_password="admin"
23-
sonar_password="PasswordWithNumb3rsAndSpecialCharacters!"
30+
sonar_password="P4ssword!!!!"
2431

25-
echo "Creating temporary SonarQube instance"
32+
echo "Creating temporary SonarQube instance..."
2633

27-
docker pull sonarqube
34+
#docker pull sonarqube
35+
#docker pull sonarsource/sonar-scanner-cli
2836

2937
# start local sonarqube
30-
container_id=$(docker run --rm -d -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p "$sonar_port:9000" sonarqube)
38+
docker run --rm -d --name "$container_name" -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p "$sonar_external_port:$sonar_internal_port" sonarqube
3139

32-
echo "Waiting for instance to come up"
40+
echo "Waiting for SonarQube to start..."
3341

34-
# wait for container to come up
3542
while [[ "$(curl --connect-timeout 5 --max-time 5 --retry 60 --retry-delay 0 --retry-max-time 120 -s -o /dev/null -w '%{http_code}' "$sonar_host")" != "200" ]]; do
36-
sleep 3;
43+
echo -n "."
44+
sleep 3
3745
done
3846

39-
# wait for sonarqube to be started
47+
echo "Waiting for SonarQube to become ready..."
48+
4049
while [[ "$(curl --silent "$sonar_host/api/system/status" | jq -r '.status')" != "UP" ]]; do
41-
sleep 3;
50+
echo -n "."
51+
sleep 3
4252
done
4353

44-
echo "Setting up instance"
54+
echo "SonarQube ready. Setting up instance..."
4555

4656
# change default password
4757
curl "$sonar_host/api/users/change_password" --silent -u "$sonar_user:$sonar_default_password" -X POST --data-raw "login=$sonar_user&password=$sonar_password&previousPassword=$sonar_default_password" -o /dev/null
@@ -52,17 +62,24 @@ curl "$sonar_host/api/projects/create" --silent -u "$sonar_user:$sonar_password"
5262
# create token
5363
sonar_token=$(curl "$sonar_host/api/user_tokens/generate" --silent -u "$sonar_user:$sonar_password" -X POST --data-raw "name=$(date)" | jq -r '.token')
5464

55-
echo "Starting scan (might take some time!)"
65+
echo "Starting scan... (might take some time!)"
66+
67+
container_ip=$(docker inspect "$container_name" | jq -r '.[0].NetworkSettings.Networks.bridge.IPAddress' )
68+
sonar_docker_host="http://$container_ip:$sonar_internal_port"
5669

57-
# run scan (using net=host to be able to connect to localhost sonarqube)
58-
docker run --env SONAR_SCANNER_OPTS=-Xmx4g --net=host --rm -v ~/.m2:/root/.m2 -v "$(pwd)":"$(pwd)" -w "$(pwd)" sonarsource/sonar-scanner-cli \
59-
-Dsonar.java.binaries="target" -Dsonar.projectKey="$sonar_project" -Dsonar.host.url="$sonar_host" -Dsonar.login="$sonar_token" \
60-
-Dsonar.sources="src" -Dsonar.exclusions="results/**,scorecard/**,scripts/**,tools/**,VMs/**"
70+
docker run --env SONAR_SCANNER_OPTS=-Xmx4g --rm -v ~/.m2:/root/.m2 -v "$(pwd)":"$(pwd)" -w "$(pwd)" sonarsource/sonar-scanner-cli \
71+
-Dsonar.java.binaries="target" \
72+
-Dsonar.projectKey="$sonar_project" \
73+
-Dsonar.host.url="$sonar_docker_host" \
74+
-Dsonar.login="$sonar_token" \
75+
-Dsonar.sources="src" \
76+
-Dsonar.exclusions="results/**,scorecard/**,scripts/**,tools/**,VMs/**"
6177

62-
echo "Waiting for SonarQube CE to finish task"
78+
echo "Waiting for SonarQube CE to finish task..."
6379

6480
while [[ "$(curl --silent -u "$sonar_token:" "$sonar_host/api/ce/component?component=$sonar_project" | jq -r '.current.status')" != "SUCCESS" ]]; do
65-
sleep 3;
81+
echo -n "."
82+
sleep 3
6683
done
6784

6885
echo "Generating report..."
@@ -71,44 +88,9 @@ benchmark_version=$(scripts/getBenchmarkVersion.sh)
7188
sonarqube_version=$(curl --silent -u "$sonar_token:" "$sonar_host/api/server/version")
7289
result_file="results/Benchmark_$benchmark_version-sonarqube-v$sonarqube_version.json"
7390

74-
# SonarQube does not provide a download option so we've to create the result file manually :(
75-
76-
result='{"issues":[], "hotspots": []}'
77-
rules='[]'
78-
79-
# sonarqube does not allow us to grab more than 10k issues, but most of them are information exposure which is not even
80-
# considered by benchmark so let's just get all relevant rules and receive results for only those rules
81-
82-
rules_count=$(curl --silent -u "$sonar_token:" "$sonar_host/api/rules/search?p=1&ps=1" | jq -r '.total')
83-
page=1
84-
85-
while (((page - 1) * 500 < rules_count)); do
86-
rules=$(echo "$rules" | jq ". += $(curl --silent -u "$sonar_token:" "$sonar_host/api/rules/search?p=$page&ps=500" | jq '.rules | map( .key ) | map( select(. | contains("java:") ) )')")
87-
page=$((page+1))
88-
done
89-
90-
rules=$(echo "$rules" | jq '. | join(",")' | sed 's/java:S1989,//')
91-
92-
issues_count=$(curl --silent -u "$sonar_token:" "$sonar_host/api/issues/search?p=1&ps=1&types=VULNERABILITY&componentKeys=$sonar_project&rules=$rules" | jq -r '.paging.total')
93-
page=1
94-
95-
while (((page - 1) * 500 < issues_count)); do
96-
issues_page=$(curl --silent -u "$sonar_token:" "$sonar_host/api/issues/search?types=VULNERABILITY&p=$page&ps=500&componentKeys=$sonar_project&rules=$rules" | jq '.issues')
97-
98-
result=$(echo "$result" | jq ".issues += $issues_page")
99-
page=$((page+1))
100-
done
101-
102-
hotspot_count=$(curl --silent -u "$sonar_token:" "$sonar_host/api/hotspots/search?projectKey=benchmark&p=1&ps=1" | jq -r '.paging.total')
103-
page=1
104-
105-
while (((page - 1) * 500 < hotspot_count)); do
106-
result=$(echo "$result" | jq ".hotspots += $(curl --silent -u "$sonar_token:" "$sonar_host/api/hotspots/search?projectKey=$sonar_project&p=$page&ps=500" | jq '.hotspots')")
107-
page=$((page+1))
108-
done
109-
110-
echo "$result" > "$result_file"
91+
sonar-report --sonarurl "$sonar_host" --sonarcomponent="$sonar_project" --sonarusername "$sonar_user" --sonarpassword 'P4ssword!!!!' --allbugs --no-rules-in-report --save-report-json "$result_file"
11192

112-
echo "Shutting down SonarQube"
93+
echo "Result file written to $result_file"
94+
echo "Shutting down SonarQube..."
11395

114-
docker stop "$container_id"
96+
docker stop "$container_name"

0 commit comments

Comments
 (0)