Does MsBuild SonarQube Runner support encryption? - msbuild

I see on the page Settings Encryption a section about the MSBuild.SonarQube.Runner configuration file.
But the documented portion has a format which doesn't match the example SonarQube.Analysis.xml file.
However, I have tried putting these properties in the SonarQube.Analysis.xml file, in a format corresponding to the current one. Long story made short, the msbuild.sonarqube.runner puts the {aes}encrypted password in the Basic authorization field of the HttpRequest sent to SonarQube.
I guess that the client should unencrypt the password before putting it in the Authentication header. Otherwise, the sonarQube server won't allow the user to query the properties Uri (something like /api/properties?resource=projectKey)

You're right, I've fixed the documentation to reflect the effective format of the SonarQube Scanner for MSBuild.
Regarding the encryption of the sonar.password property, this is currently not supported by the MSBuild Scanner: It does not (yet?) know about the encryption logic, and therefore sees the raw encrypted value only. However, some other properties can be encrypted: the ones that are read during the end step of the SonarQube Scanner for MSBuild, which is under the hood launching the sonar-runner.
I've created the following ticket to keep track of this limitation: https://jira.sonarsource.com/browse/SONARMSBRU-192

Related

How to intercept log messages from Quarkus/Camel for testing purposes?

I'm building a Java application with Quarkus/Camel which generates some logstatements here and there. I want to be able to verify if the correct logstatements are generated so I have a need to intercept the logmessages. The problem is that I have a logtemplate specified in the Quarkus application.properties file, but this template is not used when running tests. As a result, I cannot verify the correctness of the logstatements.
I have tried to copy the logtemplate to the testbranch but it is nog picked up by Quarkus. Does somebody know how I can pursuade my tests to use the proper logtemplate?

how to add db directory to web.xml

I have a java web app configured with apache v9.0 and eclipse IDE. What I need is to keep my database in C:\db so It cannot be access directly from outside and should be away from my webapp project directory. What I don't is how to let my web app know that if a user request for a file it should go and check it in my C:\db and reply back with the file.
Based in my research, some was saying to specify my directory in my webapp web.xml file and others was saying I need to specify it in my tomcat/conf/server.xml file.
I'd really appreciate if somebody tell me what to do?
Try adding your database path C:\db as JVM argument and accessing it in application. you may try this as two ways either set as system property and access when it required or set as JVM argument and access it.
SetSystemProperties
System.setProperty("database", "C:\\db");
.
.
access it as and when required
String databasepath= System.getProperty("database");
Setting as JVM Arguments.
Double Click on your tomcat server on which your web application is present.
Click on "Open launch configuration" link and go to Arguments Tab.
in vmArguments apend the entry like below.
-Ddatabase="C:\db"
A -D is placed in front of each system property that we are passing in as a VM argument, and following this is an equal sign followed by the value of that system property.
And access it in your project where its required like below.
String databasepath= System.getProperty("database");

How to write commit message to svn repository

I am using Apache Jackrabbit Webdav library for svn checkin operation.
I am using MAKActivity method to start the transaction.
But I dont know how to add commit message. Following is the code
RandomStringGenerator rsg = new RandomStringGenerator(32);
String random = rsg.nextString();
String url = getRepoAddress() + "!svn/act/" + random;
MkActivityMethod activityMethod = null;
try
{
activityMethod = new MkActivityMethod(url);
client.executeMethod(activityMethod);
}
catch(Exception e)
{
e.printStackTrace();
}
This code executes successfully but I dont unserstand how to write log message in this.
Any help will be appreciable.
First of all I'd suggest that you not reinvent the wheel that's already been done twice now and instead using a library that knows Subversion's DAV based protocol. Note that while Subversion is mostly WebDAV and DeltaV compatible, it does have non-standard extensions.
To that end I'd point you to JavaHL or SVNKit. JavaHL comes with Subversion and uses JNI to access the Subversion libraries. SVNKit is an independent Java only implementation and includes a couple different interfaces, including one that is JavaHL compatible. If the use of the native libraries by JavaHL doesn't present a problem for you I'd recommend this since you'll have the benefit of using the same libraries as nearly every Subversion client.
If however your goal is to understand how Subversion implements the protocol on top of WebDAV and DeltaV then perhaps you want to just use a generic WebDAV and DeltaV client library to help. I'd recommend that you refer to these documents that describe how WebDAV and DeltaV are implemented within Subversion.
One thing you might want to understand is that as of Subversion 1.7 we support what we refer to as HTTPv2. HTTPv2 varies somewhat from the DeltaV standard in particular. Instead of using MKACTIVITY to start a transaction on the server we use a POST. Which has a body with a syntax something like this:
(create-txn)
or
( create-txn-with-props (PROPNAME PROPVAL [PROPNAME PROPVAL ...])
The older style which you must use with MKACTIVITY (and can use with the POST if you use create-txn instead of create-txn-with-props) is to use a PROPPATCH on the transaction or the working baseline URL.
The working baseline URL is used with MKACTIVITY and the transaction URL is used with the POST.
When using MKACTIVITY you have to use a PROPFIND on the root URL to get the version-controlled-configuration. Then do a CHECKOUT against the URL you received in response to that PROPFIND providing the activity-set href as the URL you used with MKACTIVITY. You'll get the working baseline URL back as the Location header from the CHECKOUT request. Which you can then use to issue a PROPPATCH to apply the revision properties.
When using POST, you get the transaction stub from the headers in the OPTIONS request response, the transaction name from the SVN-Txn-Name header in the response to the POST, and execute a PROPPATCH against the $transaction_stub/$transaction_name URL.
Probably the best ways to figure all this out is to setup a Subversion server and do some commits while running Subversion through a debugging proxy server such as Charles. You can force the traffic through the proxy on the svn command line with these options --config-option servers:global:http-proxy-port=8888 --config-option servers:global:http-proxy-host=127.0.0.1. If you want to see the old protocol you can include SVNAdvertiseV2Protocol off in your http configuration.
In order to support the broadest range of Subversion servers you need to implement the HTTPv1 protocol, which has more round trips and is more difficult to implement. If you want to only implement HTTPv2 you'll be limited to supporting Subversion servers newer than 1.7. In order to use HTTPv2 with maximum compatibility you'll have to detect the presence from the OPTIONS response.
As you can see it gets rather complicated so it's really not worth trying to write your own client if all you want to do is implement some basic functionality.
So you are trying to do a SVN commit using WebDAV via the SVNAutoversioning on directive?
http://svnbook.red-bean.com/en/1.7/svn.webdav.autoversioning.html
AFAIK, the spec does not allow you to provide a commit message and the server will always create one for you. Perhaps you want to look at the SVNKit library if you are trying to create SVN transactions via Java.
http://svnkit.com

How to call Apache NMS from in a sandbox?

I'm trying to call Apache ActiveMQ NMS Version 1.6.0 from my code ('IntPub') that must run in a sandbox in a .NET 4.0 environment for security reasons. The program that creates the sandbox makes my code 'partially trusted' and therefore 'security-transparent' which seems to mean that it can't create a ConnectionFactory (see error log below) because NMS seems to be 'security-critical'. Here's the code that's causing this error:
connecturi = new Uri("tcp://my.server.com:61616");
var connectionFactory = new ConnectionFactory(connecturi);
I also tried this instead with similar results:
connecturi = new Uri("activemq:tcp://my.server.com:61616");
var connectionFactory = NMSConnectionFactory.CreateConnectionFactory(connecturi);
Since I can't change the security level of my assembly (the sandbox prevents it) is there a way to make NMS run as 'safe-critical' so it can be called by 'security-transparent' code? Would I have to recompile it to do so, or does NMS do some operation that would never be considered 'safe-critical?
I appreciate any help or suggestions...
Assembly 'IntPub, Version=1.0.0.0, Culture=neutral, PublicKeyToken=6fa620743b8dc60a' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself. In order to access security critical code, this assembly must be fully trusted.Detail:
<OrganizationServiceFault xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/xrm/2011/Contracts">
<ErrorCode>-2147220956</ErrorCode>
<ErrorDetails xmlns:d2p1="http://schemas.datacontract.org/2004/07/System.Collections.Generic" />
<Message>Unexpected exception from plug-in (Execute): Test.Client: System.MethodAccessException: Attempt by security transparent method 'Test.Client.Execute(System.IServiceProvider)' to access security critical method 'Apache.NMS.ActiveMQ.ConnectionFactory..ctor(System.Uri)' failed.
From the error message attributes, it looks like you're running a Dynamics CRM 2011 plugin in sandbox mode, which has some very specific rules about what you can and can't do. In particular, you're only allowed to make network connections via HTTP and HTTPS, so attempting raw TCP sockets will definitely fail.
Take a look at this MSDN page on Plug-in Isolation, Trusts, and Statistics. It looks like there may be a way to relax the network restrictions by modifying a system registry entry to include tcp, etc, in the regex value. Below is an excerpt from the page. Note: I have not done this myself, so can't say for sure it'll work.
Sandboxed plug-ins and custom workflow activities can access the
network through the HTTP and HTTPS protocols. This capability provides
support for accessing popular web resources like social sites, news
feeds, web services, and more. The following web access restrictions
apply to this sandbox capability.
Only the HTTP and HTTPS protocols are allowed.
Access to localhost (loopback) is not permitted.
IP addresses cannot be used. You must use a named web address that requires DNS name resolution.
Anonymous authentication is supported and recommended. There is no provision for prompting the logged on user for credentials or saving those credentials.
These default web access restrictions are defined in a registry key on
the server that is running the Microsoft.Crm.Sandbox.HostService.exe
process. The value of the registry key can be changed by the System
Administrator according to business and security needs. The registry
key path on the server is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM\SandboxWorkerOutboundUriPattern
The key value is a regular expression string that defines the web access restrictions.
The default key value is:
"^http[s]?://(?!((localhost[:/])|([.])|([0-9]+[:/])|(0x[0-9a-f]+[:/])|(((([0-9]+)|(0x[0-9A-F]+)).){3}(([0-9]+)|(0x[0-9A-F]+))[:/]))).+";*
By changing this registry key value, you can change the web access for sandboxed plug-ins.

IIS shows 500 Internal server error on everything

I have a shared Windows hosting account with IIS7.5 and Plesk 10.4 .
Now, when I try to visit every page, an aspx page, some php pages, or even a jpg file, it shows This error:
Server Error
500 - Internal server error. There is a problem with the resource you
are looking for, and it cannot be displayed.
This is last lines of log file: (which plesk shows for me)
2012-03-01 18:25:59 W3SVC100 H105 208.67.23.51 GET /15iya/31.jpg - 80
109.162.226.165 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/535.7+(KHTML,+like+Gecko)+Chrome/16.0.912.63+Safari/535.7 jsuid=1735775291;+_cfduid=dcb02ca5c638c5a33cf10003ae6ac2c561326405625;+_utma=117785567.65259312.1326369096.1330372520.1330376628.15;+_utmz=117785567.1327165762.11.5.utmcsr=2barnamenevis.com|utmccn=(referral)|utmcmd=referral|utmcct=/
ghiasi.net 500 19 13 1380 627 531 2012-03-01 18:26:13 W3SVC100 H105 208.67.23.51 GET / - 80 - 109.162.226.165 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.2;+WOW64)+AppleWebKit/535.7+(KHTML,+like+Gecko)+Chrome/16.0.912.63+Safari/535.7 jsuid=1735775291;+_cfduid=dcb02ca5c638c5a33cf10003ae6ac2c561326405625;+_utma=117785567.65259312.1326369096.1330372520.1330376628.15;+_utmz=117785567.1327165762.11.5.utmcsr=2barnamenevis.com|utmccn=(referral)|utmcmd=referral|utmcct=/
ghiasi.net 500 19 13 1380 615 515
try check with your asp.net version enable properly in plesk
https://www.motherhost.com/help/plesk-windows-hosting/iis-shows-500-internal-server-error-on-everything/
To configure ASP.NET Settings for a site:
If you are subscribed to several hosting packages and have access to several webspaces associated with your account, in the Subscription menu at the top of the screen, select the required webspace.
Go to the Websites & Domains tab and click your website's domain name.
Click ASP.NET Settings.
Set up the strings that determine database connection data for ASP.NET applications that use databases. This option is available only for ASP.NET 2.0.x.
When you open the ASP.NET configuration screen for the first time, sample connection parameters with common constructions are displayed. You can delete them and specify your own strings.
To add a string, enter the required data into the Name and Connection Parameters input fields and click next to them.
To remove a string, click next to it.
Set up custom error messages that will be returned by ASP.NET applications in the Custom Error Settings field:
To set the custom error messages mode, select an appropriate option from the Custom error mode menu:
On - custom error messages are enabled.
Off - custom error messages are disabled and detailed errors are to be shown.
RemoteOnly - custom error messages are displayed only to remote clients, and ASP.NET errors are shown to the local host users.
To add a new custom error message (which will be applied unless the Off mode was selected), enter the values in the Status Code and Redirect URL fields, and click .
Status Code defines the HTTP status code resulting in redirection to the error page.
Redirect URL defines the web address of the error page presenting information about the error to the client.
Due to possible conflicts, you cannot add a new custom error message with an error code that already exists, but you can redefine the URL for the existing code.
To remove a custom error message from the list, click next to it.
Configure compilation settings in the Compilation and Debugging field:
To determine the programming language to be used as default in dynamic compilation files, choose an entry from Default web page language list.
To enable compiling retail binaries, leave the Switch on debugging checkbox empty.
To enable compiling debug binaries, select the Switch on debugging checkbox. In this case, the source code fragments containing error will be shown in a diagnostic page message.
Note. When running applications in debug mode, a memory and/or performance overhead occurs. It is recommended to use debugging when testing an application and to disable it before deploying the application into production scenario.
Configure encoding settings for ASP.NET applications in the Globalization Settings section:
To set an adopted encoding of all incoming requests, enter an encoding value into the Request encoding field (default is utf-8).
To set an adopted encoding of all responses, enter an encoding value into the Response encoding field (default is utf-8).
To set an encoding which must be used by default for parsing of .aspx, .asmx, and .asax files, enter an encoding value into the File encoding field (default is Windows-1252).
To set a culture which must be used by default for processing incoming web requests, select an appropriate item from the Culture list.
To set a culture which must be used by default when processing searches for a locale-dependent resource, select an appropriate item from the UI Culture list.
Set a code access security trust level for ASP.NET applications in the Code Access Security field.
CAS trust level is a security zone to which applications execution is assigned, defining what server resources the applications will have access to.
Important: When an assembly is assigned a trust level that is too low, it does not function correctly. For more information on the permissions levels see http://msdn.microsoft.com/library/en-us/dnnetsec/html/THCMCh09.asp?frame=true#c09618429_010.
Enable the usage of the auxiliary scripts in the Script Library Settings field. Specifying the script library settings is necessary if the validation web controls are used on your web site. This option is available only for ASP.NET 1.1.x.
If you need to use auxiliary scripts (specifically, scripts implementing objects for validating input data), provide the settings for .NET framework script library. To do so, enter the path beginning with the domain root directory preceded by the forward slash into the Path to Microsoft script library field, or click the folder icon next to the Path to Microsoft script library field and browse for the required location.
To initiate the auto-installation of files containing the scripts to the specified location, select the Install checkbox. If the files already exist there, they will be rewritten.
Set client session parameters in the Session Settings field:
To set up the default authentication mode for applications, select an appropriate item from the Authentication mode list. Windows authentication mode should be selected if any form of IIS authentication is used.
To set up time that a session can remain idle, type the number of minutes into the Session timeout box.
Click OK to apply all changes.
windows hosting india