Jenkins中使用火线进行Android静态代码扫描

背景

《火线》是360Qtest测试团队在公司内部经过半年实践后向外推出的一款针对Android代码的静态扫描工具。本文主要介绍如何在Jenkins下植入火线扫描并实时查看结果的配置。

环境配置

Jenkins，推荐使用最新的版本，本文使用的是2.2版本

Publish HTML Reports插件，版本大于1.0，本文使用的是1.11

创建Job

创建一个job，如下图显示：

创建构建任务

正常的项目build一般会设置源码管理，拉取代码，设置参数，设置构建周期，这里不做演示。在设置完成代码构建命令后，增加一个Execute Windows batch command操作，加入如下的命令：

java -jar D:\fireline.jar scanSrcDir=E:\codes\tmp\Test.java proj_name=test reportSaveDir=D:\report reportFileName=test%BUILD_NUMBER% user=zhangsan

注意：在Execute shell 或 Execute Windows batch command文本框中使用，使用方法：%变量名%

执行完成构建任务后，会在D:\report目录下生成一个test%BUILD_NUMBER%.html的测试报告。下图为我设置的例子：

展示HTML报告

添加一个构建后操作，选择Publish HTML reports，填写下面的选项

- HTML directory to archive：存放的报告目录

- Index page[s]：生成的html名称，比如test.html

- Report title：报告的title

设置如下图：



点击保存即可。这个时候已经可以运行构建任务了，只不过还会遇到个麻烦，就是火线的测试报告用到了JavaScript，而jenkins对于这个默认设置是禁止的，包括：

-No JavaScript allowed at all

-No plugins (object/embed) allowed

-No inline CSS, or CSS from other sites allowed

-No images from other sites allowed

-No frames allowed

-No web fonts allowed

-No XHR/AJAX allowed

具体参看这里：Configuring Content Security Policy

如果仅仅完成上面的操作，你在点击测试报告分页tab的时候，会出现报错提示

the document's frame is sandboxed and the 'allow-scripts' permission is not set

，解决办法如下：

【jenkins】->【系统管理】->【脚本命令行】，在文本框中输入：

System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")

，点击运行。重新执行一下build任务即可。

【附录】：jenkins的环境参数，记录一下方便查询

BUILD_NUMBER

The current build number, such as “153”

BUILD_ID

The current build ID, identical to BUILD_NUMBER for builds created in 1.597+, but a YYYY-MM-DD_hh-mm-ss timestamp for older builds

BUILD_DISPLAY_NAME

The display name of the current build, which is something like “#153” by default.

JOB_NAME

Name of the project of this build, such as “foo” or “foo/bar”.

JOB_BASE_NAME

Short Name of the project of this build stripping off folder paths, such as “foo” for “bar/foo”.

BUILD_TAG

String of “jenkins-JOBNAME−{BUILD_NUMBER}”. All forward slashes (/) in the JOB_NAME are replaced with dashes (-). Convenient to put into a resource file, a jar file, etc for easier identification.

EXECUTOR_NUMBER

The unique number that identifies the current executor (among executors of the same machine) that’s carrying out this build. This is the number you see in the “build executor status”, except that the number starts from 0, not 1.

NODE_NAME

Name of the agent if the build is on an agent, or “master” if run on master

NODE_LABELS

Whitespace-separated list of labels that the node is assigned.

WORKSPACE

The absolute path of the directory assigned to the build as a workspace.

JENKINS_HOME

The absolute path of the directory assigned on the master node for Jenkins to store data.

JENKINS_URL

Full URL of Jenkins, like http://server:port/jenkins/ (note: only available if Jenkins URL set in system configuration)

BUILD_URL

Full URL of this build, like http://server:port/jenkins/job/foo/15/ (Jenkins URL must be set)

JOB_URL

Full URL of this job, like http://server:port/jenkins/job/foo/ (Jenkins URL must be set)

SVN_REVISION

Subversion revision number that’s currently checked out to the workspace, such as “12345”

SVN_URL

Subversion URL that’s currently checked out to the workspace.