通过 java 代码和 运行 JMX 测试文件调用 JMETER 导致 Xstream 安全异常

Invoking JMETER through java code and running the JMX test file causing Xstream Security Exception

但是在做同样的事情时我得到了 "Security framework of XStream not initialized, XStream is probably vulnerable." 下面是代码片段

package com.jmeter.runner;

import java.io.FileInputStream;

import org.apache.jmeter.engine.StandardJMeterEngine;
import org.apache.jmeter.save.SaveService;
import org.apache.jmeter.util.JMeterUtils;
import org.apache.jorphan.collections.HashTree;

import com.thoughtworks.xstream.XStream;

public class JMeterFromExistingJMX {

     public static void main(String[] argv) throws Exception {


         Class<?>[] classes = new Class[] { JMeterFromExistingJMX.class };
         XStream xStream = new XStream();
         XStream.setupDefaultSecurity(xStream);
         xStream.allowTypes(classes);   



            // JMeter Engine
            StandardJMeterEngine jmeter = new StandardJMeterEngine();


            // Initialize Properties, logging, locale, etc.
            JMeterUtils.loadJMeterProperties("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/jmeter.properties");
            JMeterUtils.setJMeterHome("F:/Required_Setup_Softwares/apache-jmeter-3.3");
            JMeterUtils.initLogging();// you can comment this line out to see extra log messages of i.e. DEBUG level
            JMeterUtils.initLocale();

            // Initialize JMeter SaveService
            SaveService.loadProperties();

            // Load existing .jmx Test Plan
            FileInputStream in = new FileInputStream("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/test.jmx");
            HashTree testPlanTree = SaveService.loadTree(in);
            in.close();

            // Run JMeter Test
            jmeter.configure(testPlanTree);
            jmeter.run();
        }   


}

虽然 运行 我收到如下 Xstream 安全错误

Security framework of XStream not initialized, XStream is probably vulnerable.
Exception in thread "main" java.lang.NullPointerException
    at org.apache.jmeter.engine.StandardJMeterEngine.configure(StandardJMeterEngine.java:176)
    at com.jmeter.runner.JMeterFromExistingJMX.main(JMeterFromExistingJMX.java:46)

jmeter.configure(测试计划树);此行在内部使用 Xstream 导致问题。所以我尝试了下面的代码来克服但它不起作用。

 Class<?>[] classes = new Class[] { JMeterFromExistingJMX.class };
         XStream xStream = new XStream();
         XStream.setupDefaultSecurity(xStream);
         xStream.allowTypes(classes);   

请帮我做同样的事情。我也尝试了下面的代码,但它也不起作用

XStream xstream = new XStream();
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] {
    "com.your.package.**"
});

我无法重现您的问题,但是您的代码看起来有点不稳定:

  • 查看 F:/Required_Setup_Softwares/apache-jmeter-3.3 看来您正在使用 JMeter 3.3
  • 查看 SaveService.loadTree() function as per JMeter 3.3 it requires File,而不是 FileInputStream

因此,我建议执行以下故障排除步骤:

  1. 确保您的项目依赖项中有 JMeter 3.3 libraries
  2. 确保删除以下代码:

    // Load existing .jmx Test Plan
    FileInputStream in = new FileInputStream("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/test.jmx");
    HashTree testPlanTree = SaveService.loadTree(in);
    in.close();
    

    并将其替换为以下行:

    HashTree testPlanTree = SaveService.loadTree(new File("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/test.jmx"));
    
  3. 对您的项目执行全新构建 - 该问题应该会消失。