我正在尝试从c#代码中强化对sql和oracle文件的扫描。 我有一些文件夹,其中包含不同的oracle脚本文件,扩展名为.pls,.pkb和.ddl等。
以下是我正在执行的扫描所有文件的命令。
Command1: sourceanalyzer -b test –clean Command2:a) sourceanalyzer -b test -Dcom.fortify.sca.fileextensions.class=PLSQL C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*
b) sourceanalyzer -b test -Dcom.fortify.sca.fileextensions.pls=PLSQL C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*
Command3: sourceanalyzer -b test -scan -verbose -f Results.fpr
Command2 - > a)在这里我可以扫描.pls文件。 即使它存在于我正在搜索的文件夹中。 Command2 - > b)此命令仅扫描.pls文件,但不扫描.pkb或其他oracle文件。
请帮我找到一个可以一次扫描所有不同的oracle扩展文件的命令。
在此先感谢,阿斯玛
I am trying to do fortify scan on sql and oracle files from c# code. i have some folder which contains different oracle script files with extensions such as .pls, .pkb & .ddl etc.
Following are the commands i am executing to scan all files.
Command1: sourceanalyzer -b test –clean Command2: a) sourceanalyzer -b test -Dcom.fortify.sca.fileextensions.class=PLSQL C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*
b) sourceanalyzer -b test -Dcom.fortify.sca.fileextensions.pls=PLSQL C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*
Command3: sourceanalyzer -b test -scan -verbose -f Results.fpr
Command2 -> a) here i am able to scan .pls files. Even though its present in the folder i am searching. Command2 -> b) This command will only scan .pls files but not .pkb or other oracle files.
Please help me to find a command which can scan all different oracle extension files at once.
Thanks in Advance, Asma
最满意答案
最好的办法是修改fortify-sca.properties文件以添加新的文件扩展名。
默认位置: C:\Program Files\HPE_Security\Fortify_SCA_and_Apps_17.10\Core\config\fortify-sca.properties
您需要修改几个地方:
1)添加文件名扩展以映射到您的PLSQL文件,您可以看到第63行的现有文件:
com.fortify.sca.fileextensions.pks = PLSQL com.fortify.sca.fileextensions.pkh = PLSQL com.fortify.sca.fileextensions.pkb = PLSQL在此行的下方添加文件扩展名,例如:
com.fortify.sca.fileextensions.pls = PLSQL com.fortify.sca.fileextensions.ddl = PLSQL2)您添加的任何文件扩展名,您需要将它们添加到第26行附近的com.fortify.sca.DefaultFileTypes列表中。(这是执行通配符搜索时使用的列表**/* )
3)如果你总是要扫描PLSQL(而不是TSQL)并且你在Windows上,那么你可以将默认的SQL类型更改为PLSQL 。
这是在第127行左右,名称com.fortify.sca.SqlLanguage并将TSQL更改为PLSQL。
如果要在以.sql文件扩展名结尾的SQL文件之间切换TSQL和PLSQL,请在翻译命令中添加以下命令之一:
-Dcom.fortify.sca.fileextensions.sql=PLSQL -Dcom.fortify.sca.fileextensions.sql=TSQL示例(取自sourceanalyzer -h ):
sourceanalyzer -b mybuild -Dcom.fortify.sca.fileextensions.sql=PLSQL *.sql sourceanalyzer -b mybuild -Dcom.fortify.sca.fileextensions.sql=TSQL *.sql然后,您可以运行以下命令
sourceanalyzer -b test -clean sourceanalyzer -b test C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*然后运行sourceanalyzer -b test -show-files这将显示sourceanalyzer翻译的文件。 理想情况下,您的PLSQL文件将位于此列表中。
要检查的另一个命令是sourceanalyzer -b test -show-build-warnings这将显示sourceanalyzer在翻译文件时遇到的任何问题。
The best thing to do would be to modify the fortify-sca.properties file to add in the new file extensions.
Default Location: C:\Program Files\HPE_Security\Fortify_SCA_and_Apps_17.10\Core\config\fortify-sca.properties
There are several places you need to modify:
1) Add in filename extentions to map to your PLSQL files, you can see existing ones around line 63:
com.fortify.sca.fileextensions.pks = PLSQL com.fortify.sca.fileextensions.pkh = PLSQL com.fortify.sca.fileextensions.pkb = PLSQLAdd in your file extensions below this line, for example:
com.fortify.sca.fileextensions.pls = PLSQL com.fortify.sca.fileextensions.ddl = PLSQL2) Any file extensions you added, you need to add them to the com.fortify.sca.DefaultFileTypes list that is around line 26. (This is the list that is used when doing the wild card search **/*)
3) If you are always going to be scanning PLSQL (and not TSQL) and you are on windows then you can change the default SQL type to PLSQL.
This is around line 127, name com.fortify.sca.SqlLanguage and change the TSQL to PLSQL.
If you will be switching between TSQL and PLSQL on SQL files that end in the .sql file extension then add one of these commands to your translate commands:
-Dcom.fortify.sca.fileextensions.sql=PLSQL -Dcom.fortify.sca.fileextensions.sql=TSQLExamples (taken from sourceanalyzer -h):
sourceanalyzer -b mybuild -Dcom.fortify.sca.fileextensions.sql=PLSQL *.sql sourceanalyzer -b mybuild -Dcom.fortify.sca.fileextensions.sql=TSQL *.sqlThen you can run the following commands
sourceanalyzer -b test -clean sourceanalyzer -b test C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*Then run sourceanalyzer -b test -show-files This will show you the files that sourceanalyzer translated. Ideally, your PLSQL files will be in this list.
Another command to check is sourceanalyzer -b test -show-build-warnings This will show any issues sourceanalyzer had in translating the files.
如何对不同的pl / sql文件进行强化扫描(How to perform fortify scan on different pl/sql files)我正在尝试从c#代码中强化对sql和oracle文件的扫描。 我有一些文件夹,其中包含不同的oracle脚本文件,扩展名为.pls,.pkb和.ddl等。
以下是我正在执行的扫描所有文件的命令。
Command1: sourceanalyzer -b test –clean Command2:a) sourceanalyzer -b test -Dcom.fortify.sca.fileextensions.class=PLSQL C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*
b) sourceanalyzer -b test -Dcom.fortify.sca.fileextensions.pls=PLSQL C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*
Command3: sourceanalyzer -b test -scan -verbose -f Results.fpr
Command2 - > a)在这里我可以扫描.pls文件。 即使它存在于我正在搜索的文件夹中。 Command2 - > b)此命令仅扫描.pls文件,但不扫描.pkb或其他oracle文件。
请帮我找到一个可以一次扫描所有不同的oracle扩展文件的命令。
在此先感谢,阿斯玛
I am trying to do fortify scan on sql and oracle files from c# code. i have some folder which contains different oracle script files with extensions such as .pls, .pkb & .ddl etc.
Following are the commands i am executing to scan all files.
Command1: sourceanalyzer -b test –clean Command2: a) sourceanalyzer -b test -Dcom.fortify.sca.fileextensions.class=PLSQL C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*
b) sourceanalyzer -b test -Dcom.fortify.sca.fileextensions.pls=PLSQL C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*
Command3: sourceanalyzer -b test -scan -verbose -f Results.fpr
Command2 -> a) here i am able to scan .pls files. Even though its present in the folder i am searching. Command2 -> b) This command will only scan .pls files but not .pkb or other oracle files.
Please help me to find a command which can scan all different oracle extension files at once.
Thanks in Advance, Asma
最满意答案
最好的办法是修改fortify-sca.properties文件以添加新的文件扩展名。
默认位置: C:\Program Files\HPE_Security\Fortify_SCA_and_Apps_17.10\Core\config\fortify-sca.properties
您需要修改几个地方:
1)添加文件名扩展以映射到您的PLSQL文件,您可以看到第63行的现有文件:
com.fortify.sca.fileextensions.pks = PLSQL com.fortify.sca.fileextensions.pkh = PLSQL com.fortify.sca.fileextensions.pkb = PLSQL在此行的下方添加文件扩展名,例如:
com.fortify.sca.fileextensions.pls = PLSQL com.fortify.sca.fileextensions.ddl = PLSQL2)您添加的任何文件扩展名,您需要将它们添加到第26行附近的com.fortify.sca.DefaultFileTypes列表中。(这是执行通配符搜索时使用的列表**/* )
3)如果你总是要扫描PLSQL(而不是TSQL)并且你在Windows上,那么你可以将默认的SQL类型更改为PLSQL 。
这是在第127行左右,名称com.fortify.sca.SqlLanguage并将TSQL更改为PLSQL。
如果要在以.sql文件扩展名结尾的SQL文件之间切换TSQL和PLSQL,请在翻译命令中添加以下命令之一:
-Dcom.fortify.sca.fileextensions.sql=PLSQL -Dcom.fortify.sca.fileextensions.sql=TSQL示例(取自sourceanalyzer -h ):
sourceanalyzer -b mybuild -Dcom.fortify.sca.fileextensions.sql=PLSQL *.sql sourceanalyzer -b mybuild -Dcom.fortify.sca.fileextensions.sql=TSQL *.sql然后,您可以运行以下命令
sourceanalyzer -b test -clean sourceanalyzer -b test C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*然后运行sourceanalyzer -b test -show-files这将显示sourceanalyzer翻译的文件。 理想情况下,您的PLSQL文件将位于此列表中。
要检查的另一个命令是sourceanalyzer -b test -show-build-warnings这将显示sourceanalyzer在翻译文件时遇到的任何问题。
The best thing to do would be to modify the fortify-sca.properties file to add in the new file extensions.
Default Location: C:\Program Files\HPE_Security\Fortify_SCA_and_Apps_17.10\Core\config\fortify-sca.properties
There are several places you need to modify:
1) Add in filename extentions to map to your PLSQL files, you can see existing ones around line 63:
com.fortify.sca.fileextensions.pks = PLSQL com.fortify.sca.fileextensions.pkh = PLSQL com.fortify.sca.fileextensions.pkb = PLSQLAdd in your file extensions below this line, for example:
com.fortify.sca.fileextensions.pls = PLSQL com.fortify.sca.fileextensions.ddl = PLSQL2) Any file extensions you added, you need to add them to the com.fortify.sca.DefaultFileTypes list that is around line 26. (This is the list that is used when doing the wild card search **/*)
3) If you are always going to be scanning PLSQL (and not TSQL) and you are on windows then you can change the default SQL type to PLSQL.
This is around line 127, name com.fortify.sca.SqlLanguage and change the TSQL to PLSQL.
If you will be switching between TSQL and PLSQL on SQL files that end in the .sql file extension then add one of these commands to your translate commands:
-Dcom.fortify.sca.fileextensions.sql=PLSQL -Dcom.fortify.sca.fileextensions.sql=TSQLExamples (taken from sourceanalyzer -h):
sourceanalyzer -b mybuild -Dcom.fortify.sca.fileextensions.sql=PLSQL *.sql sourceanalyzer -b mybuild -Dcom.fortify.sca.fileextensions.sql=TSQL *.sqlThen you can run the following commands
sourceanalyzer -b test -clean sourceanalyzer -b test C:\RapidWorkspace\TFS2\MFG-FDL-16_45418-20171114181758\PROD\RELEASE\**\*.*Then run sourceanalyzer -b test -show-files This will show you the files that sourceanalyzer translated. Ideally, your PLSQL files will be in this list.
Another command to check is sourceanalyzer -b test -show-build-warnings This will show any issues sourceanalyzer had in translating the files.
发布评论