Sonarqube plug-in for wrapped PLSQL code scan

santhosh_r · February 25, 2019, 4:15am

Hi Team,

As part of implementing code quality check in our products, planning to go with SonarQube. Actual requirement is to scan the wrapped PLSQL code, do let me know if this feasible with usage of any available plugins or any other means?

Appreciate valuable response on this!

Thanks & Regards,
Santhosh R

I Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
what are you trying to achieve
what have you tried so far to achieve this

Scott · February 25, 2019, 10:21am

Hi. If it’s your project, you must have the original sources (unwrapped). It’s not possible to analyze wrapped files, since it’s a kind of obfuscation that can’t be reliably reversed.

Alexandre_Gigleux · February 25, 2019, 1:34pm

Hello Santhosh,

Can you clarify what you mean by that by giving an example, give some technologies context? I’m sure I’m missing something here.

Thanks

Scott · February 25, 2019, 2:23pm

Just to explain my answer: I think you are talking about “wrapped” in the sense of “obfuscated”

https://docs.oracle.com/en/database/oracle/oracle-database/18/lnpls/plsql-source-text-wrapping.html

Suppose we have this file “test.sql”:

create or replace function calc(x number, y number) return number is
begin
  return x + y;
end;

We can obfuscate this code running %ORACLE_HOME%\bin\wrap.exe iname=test.sql, which generates:

create or replace function calc wrapped 
a000000
1f
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
8
4e 79
tG83GHFBGKDG+VckaDL9n2kx7zQwg8eZgcfLCNL+XlrcR6E842mlmYEywLIlzONGwiGUrHGE
5tbkDnFEcnDRSeq/riTRRHWiRqxh5hoqnApPbSodplqGjpk=

/

santhosh_r · February 25, 2019, 3:56pm

Hi Alex,

I meant the actual source code(PLSQL) gets obfuscated in my case, for which the Scan to be achieved. Hope I attempted to clarify now?

Regards,

Santhosh R