ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins. Read more for important details.
ALERT! The community will be read-only starting on April 19, 8am Pacific as the migration begins.Read more for important details.
Cadet 3rd Class
Cadet 3rd Class
3402 views

Errors scanning Android applications with SCA

Hi - 

I'm trying to use sourceanalyzer to generate a report for an android project.  While I can get it to work for a trivial application, I'm unable to successfully complete translation.  

Let's say I run the following command:

sourceanalyzer -b buildxyz -gradle -verbose ./gradlew clean compileDebugSource

I'll get the following items in the log whilst translating:

[warning]: Classpath entry "/home/<user>/<path/to/project>/build/intermediates/bundles/default/classes.jar doesn't exist 
[warning]: Classpath entry /home/<user>/gradle_home/caches/modules-2/files-2.1/com.google.code.gson/gson/2.8.0/c4ba5371a29ac9b2ad6129b1d39ea38750043eff/gson-2.8.0.jar" doesn't exist

Note the quotes on the beginning of the first file and the end of the second filename.  I believe sourceanalyzer is treating those as part of the file name - If I create a symbolic link called 

/home/<user>/gradle_home/caches/modules-2/files-2.1/com.google.code.gson/gson/2.8.0/c4ba5371a29ac9b2ad6129b1d39ea38750043eff/gson-2.8.0.jar"

**Including** the quote at the end, that error goes away. Later in the log:


[warning]: Unable to locate a class for import android.os.AsyncTask [warning]: Unable to locate a class for import com.android.volley.Response [warning]: Unable to locate a class for import com.android.volley.toolbox.JsonRequest [warning]: Unable to locate a class for import android.content.Context [warning]: Unable to locate a class for import com.android.volley.RequestQueue [warning]: Unable to locate a class for import com.android.volley.DefaultRetryPolicy [warning]: Unable to locate a class for import com.<dependency from another project> [warning]: Unable to locate a class for import org.json.JSONObject [warning]: Unable to locate a class for import org.json.JSONException
[error]: Unable to resolve function 'com.android.volley.DefaultRetryPolicy.init^' at (<file in project>:line:column))
[error]: Unable to resolve symbol 'Volley' at (<file in project>)
[error]: Unable to resolve function 'newRequestQueue' at (<file in project>)
[error]: Unable to resolve symbol 'Log' at (<file in project>)
[error]: Unable to resolve function 'd' at (<file in project>)
[error]: Unable to resolve function 'd' at (<file in project>)
...

This is from a collection of both dependencies within the project, library dependencies (org.json, com.android.volley) and fundamental android platform dependencies (Log, "e", "android.os.AsyncTask").

Has anyone encountered this error, or conversely, been able to successfully analyze a nontrivial android project?

 

0 Likes
1 Reply
Cadet 3rd Class
Cadet 3rd Class

I'm having the same problem with a non-trivial Java/Gradle project. I'm interested in a workaround or fix (maybe I have something configured incorrectly?). I haven't tried adding the symbolic links yet, but it sounds like that didn't get you a complete solution, anyway...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.