SonarQube compatible format is not working

MobSF / mobsfscan

mobsfscan is a static analysis tool that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.

GNU Lesser General Public License v3.0

607 stars 97 forks source link

SonarQube compatible format is not working #64

Closed iducool closed 1 year ago

iducool commented 1 year ago

Getting following exception,

Here is a command that i used to generate report

mobsfscan ./ --output ./sonar-reports/mobsf_report --sonarqube

Here is an excerpt of generated file

{
  "issues": [
    {
      "engineId": "mobsfscan",
      "primaryLocation": {
        "filePath": "OTech/AppDelegate.swift",
        "message": "The App logs information. Sensitive information should never be logged. [print(\"Activity\")]",
        "textRange": {
          "endLine": 382,
          "startLine": 382
        }
      },
      "ruleId": "ios_log",

ajinabraham commented 1 year ago

It seems one of the finding doesn't have a filePath associated. It's normal for mobsfscan to report such an issue, but sonar seems to not accept it. You could disable that rule and generate the report for sonarqube.