I have a requirement where we need to perform code analysis to find vulnerabilities like how sonarqube does for an iOS Project, not for the actual swift files but for .framework created using the swift files.
Is it possible to do this using sonarqube or swiftlint? Are there any code analysis tool available to analyse the .framework?
Related
According to the docs, both the swift and Obj-C sonar scanners want code coverage data and in different ways (build-wrapper vs xccov). But this got me thinking, code coverage is for an entire target/project in xcode, not just files for a particular language. So for a mixed Obj-C and swift project, does SonarQube want the same entire-project-xcode-generated coverage data twice (once per scanner)? If not, how does it relate code coverage for a particular language in a sonar project, or does it not care at all?
Only asking this because again, and much to my surprise, the docs for the 2 scanners list different code coverage instructions, leading the user to wonder if each scanner doesn't expect the data to be mixed together like it is with xcode and a mixed obj-c swift project (i.e. its the same data)
Even i am facing same scanario. What we are currently doing is we setup build-wrapper utility as indicated at https://docs.sonarqube.org/latest/analysis/languages/cfamily/.
So, initially it worked fine for a month or so. Later, we start getting following error:
====================================================================================
02:36:25.658 INFO: ------------------------------------------------------------------------
02:36:25.658 ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: The "build-wrapper-dump.json" file was found but 0 C/C++/Objective-C files were analyzed. Please make sure that:
* you are using the latest version of the build-wrapper and the SonarCFamily analyzer
* you are correctly invoking the scanner with correct configuration * your compiler is supported
* you are wrapping your build correctly
* you are wrapping a full/clean build
* you are providing the path to the correct build-wrapper output directory
====================================================================================
So, we have decide to install a backelite plug-in / jar (that handles sonar coverage reports for a mix of Swift and Objective-C) to our sonar server (Enterprise edition) , but, it led to the following error:
error message screenshot
So, basically you can set uo build wrapper utility and try performing the sonar scan. Make sure sonar-scanner is installed and you are passing relevant switches to the sonar-scanner command.
We are searching best ANPR (Automatic Number Plate Reader/Recognition) for Xamarin.Forms. I have already gone through AnyLine and OpenAlpr.
AnyLine seems to be high cost, based on image capture counts.
Regarding OpenAlpr we have a workable solution for Xcode (IOS) and also Xamarin.Android.
The real problem is we couldn't bind the existing xcode project into xamarin.IOS using the sharpie tool (we tried sharpie for some other project, that works fine). Then we realized, that we can't create static library in xcode using an existing framework(openalpr.framework) files.
My question are,
Can we create static library using .framework file? please explain.
Else, Is there any other ANPR tools already available for Xamarin.Forms of Xamarin.IOS?
MicroFocus IDOL has an excellent ANPR Solution which can be accessed via REST APIs. The product is called Media Server.
https://www.microfocus.com/media/flyer/fast_and_comprehensive_vehicle_identification_flyer.pdf
I have not used Xamarin before, I'm coming from a native development background.
I have a question about the feasibility of binding a native iOS library written in Swift, in order to use it in an Xamarin project. Is this possible and more importantly is it possible to do without any access to a Mac OS computer?
As a side question, is Objective-C library binding doable without Mac OS?
To do the entire process: No.
You can create a Xamarin Binding project from within Visual Studio, but there are a lot of dependencies you will need that you can only get by having access to a macOS.
1 - If you don't have the compiled and fat library you will need a macOS to build using Xcode and use Lipo to create the fat library.
2 - Supposing you already have it, you will need to create the ApiDefinition.cs, to do so you might use Objective Sharpie (macOS only). You can get around it by creating it manually, but unless you are binding a very tiny library - just for the sake of proving the point - you will not want to do so.
Those two apply to any Xamarin.iOS Binding, as it is the same process for Objective-C Bindings
3 - For Swift Bindings you will also need to include all Swift dependencies inside SwiftSupport folder inside your IPA file. This step is required before publishing the App, not creating the binding - I have only tried to do so using a shell script. But for this case you need a macOS to publish the app to App Store as well.
So just to prove the point: Maybe.
I'm working iOs app,which uses swift language.It's generating coverage.profdata successfully.But I would like to generate the same thing on SonarQube.
Please let me know if you have any ideas!!
I tried the below link
swift-sonar properties
The SonarQube Swift plugin does not have built-in support to import coverage results.
The only option (and the best one) for you is to use the Generic Coverage Plugin:
First you run your coverage tool to generate the coverage.profdata file
Then you manage to transform this file into the target format supported by the Generic Coverage Plugin
And finally you reference this new coverage file in your sonar-project.properties file (like explained in the documentation of the plugin)
I've seen project such as ios-universal-framework, but I want to know why XCode iOS does not natively support having a framework. Is it some kind of legal issue. The static library option is not good enough because I want to be able to use .dylib files in my framework.
A little background on what I want to do with a framework. I have a project that is generated from Unity3D, and when we update, we have to manually add back all of our project changes.
What I want is to use a framework that can store most of those external libraries and resources to make it easier to upgrade our project when updates are released.
From a security perspective no code is allowed to be dynamically loaded, thus only static libraries are allowed.
It is possible to create static psudo-frameworks. Take a look at GitHub iOS-Universal-Framework.
What you need is a PosprocessBuilder as described in the build pipeline described in the Unity3d Documentation.
You can manage the Xcode configurations in this pipeline using scripts like the Xcode Zerg.
I've used one python script written by a guy called Calvin Rien that worked really well, if you want to know more about this script this blog post should give you a hint.
What you really need to look for to you automate the these steps is to look for posts of Continuous Integration using Unity 3d and iOS like this one:
Unity3d: from commit to deployment onto tester devices in 20 min using Jenkins