Sonarqube plug-in for wrapped PLSQL code scan


(Santhosh Ravichandran) #1

Hi Team,

As part of implementing code quality check in our products, planning to go with SonarQube. Actual requirement is to scan the wrapped PLSQL code, do let me know if this feasible with usage of any available plugins or any other means?

Appreciate valuable response on this!

Thanks & Regards,
Santhosh R

I Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

(Scott) #3

Hi. If it’s your project, you must have the original sources (unwrapped). It’s not possible to analyze wrapped files, since it’s a kind of obfuscation that can’t be reliably reversed.


(Alexandre Gigleux) #4

Hello Santhosh,

Can you clarify what you mean by that by giving an example, give some technologies context? I’m sure I’m missing something here.

Thanks


(Scott) #5

Just to explain my answer: I think you are talking about “wrapped” in the sense of “obfuscated” :smiley:

https://docs.oracle.com/en/database/oracle/oracle-database/18/lnpls/plsql-source-text-wrapping.html

Suppose we have this file “test.sql”:

create or replace function calc(x number, y number) return number is
begin
  return x + y;
end;

We can obfuscate this code running %ORACLE_HOME%\bin\wrap.exe iname=test.sql, which generates:

create or replace function calc wrapped 
a000000
1f
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
abcd
8
4e 79
tG83GHFBGKDG+VckaDL9n2kx7zQwg8eZgcfLCNL+XlrcR6E842mlmYEywLIlzONGwiGUrHGE
5tbkDnFEcnDRSeq/riTRRHWiRqxh5hoqnApPbSodplqGjpk=

/

(Santhosh Ravichandran) #6

Hi Alex,

I meant the actual source code(PLSQL) gets obfuscated in my case, for which the Scan to be achieved. Hope I attempted to clarify now?

Regards,

Santhosh R