通过 java 代码和 运行 JMX 测试文件调用 JMETER 导致 Xstream 安全异常
Invoking JMETER through java code and running the JMX test file causing Xstream Security Exception
但是在做同样的事情时我得到了 "Security framework of XStream not initialized, XStream is probably vulnerable." 下面是代码片段
package com.jmeter.runner;
import java.io.FileInputStream;
import org.apache.jmeter.engine.StandardJMeterEngine;
import org.apache.jmeter.save.SaveService;
import org.apache.jmeter.util.JMeterUtils;
import org.apache.jorphan.collections.HashTree;
import com.thoughtworks.xstream.XStream;
public class JMeterFromExistingJMX {
public static void main(String[] argv) throws Exception {
Class<?>[] classes = new Class[] { JMeterFromExistingJMX.class };
XStream xStream = new XStream();
XStream.setupDefaultSecurity(xStream);
xStream.allowTypes(classes);
// JMeter Engine
StandardJMeterEngine jmeter = new StandardJMeterEngine();
// Initialize Properties, logging, locale, etc.
JMeterUtils.loadJMeterProperties("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/jmeter.properties");
JMeterUtils.setJMeterHome("F:/Required_Setup_Softwares/apache-jmeter-3.3");
JMeterUtils.initLogging();// you can comment this line out to see extra log messages of i.e. DEBUG level
JMeterUtils.initLocale();
// Initialize JMeter SaveService
SaveService.loadProperties();
// Load existing .jmx Test Plan
FileInputStream in = new FileInputStream("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/test.jmx");
HashTree testPlanTree = SaveService.loadTree(in);
in.close();
// Run JMeter Test
jmeter.configure(testPlanTree);
jmeter.run();
}
}
虽然 运行 我收到如下 Xstream 安全错误
Security framework of XStream not initialized, XStream is probably vulnerable.
Exception in thread "main" java.lang.NullPointerException
at org.apache.jmeter.engine.StandardJMeterEngine.configure(StandardJMeterEngine.java:176)
at com.jmeter.runner.JMeterFromExistingJMX.main(JMeterFromExistingJMX.java:46)
jmeter.configure(测试计划树);此行在内部使用 Xstream 导致问题。所以我尝试了下面的代码来克服但它不起作用。
Class<?>[] classes = new Class[] { JMeterFromExistingJMX.class };
XStream xStream = new XStream();
XStream.setupDefaultSecurity(xStream);
xStream.allowTypes(classes);
请帮我做同样的事情。我也尝试了下面的代码,但它也不起作用
XStream xstream = new XStream();
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] {
"com.your.package.**"
});
我无法重现您的问题,但是您的代码看起来有点不稳定:
- 查看
F:/Required_Setup_Softwares/apache-jmeter-3.3
看来您正在使用 JMeter 3.3
- 查看 SaveService.loadTree() function as per JMeter 3.3 it requires File,而不是 FileInputStream
因此,我建议执行以下故障排除步骤:
- 确保您的项目依赖项中有 JMeter 3.3 libraries
确保删除以下代码:
// Load existing .jmx Test Plan
FileInputStream in = new FileInputStream("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/test.jmx");
HashTree testPlanTree = SaveService.loadTree(in);
in.close();
并将其替换为以下行:
HashTree testPlanTree = SaveService.loadTree(new File("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/test.jmx"));
对您的项目执行全新构建 - 该问题应该会消失。
但是在做同样的事情时我得到了 "Security framework of XStream not initialized, XStream is probably vulnerable." 下面是代码片段
package com.jmeter.runner;
import java.io.FileInputStream;
import org.apache.jmeter.engine.StandardJMeterEngine;
import org.apache.jmeter.save.SaveService;
import org.apache.jmeter.util.JMeterUtils;
import org.apache.jorphan.collections.HashTree;
import com.thoughtworks.xstream.XStream;
public class JMeterFromExistingJMX {
public static void main(String[] argv) throws Exception {
Class<?>[] classes = new Class[] { JMeterFromExistingJMX.class };
XStream xStream = new XStream();
XStream.setupDefaultSecurity(xStream);
xStream.allowTypes(classes);
// JMeter Engine
StandardJMeterEngine jmeter = new StandardJMeterEngine();
// Initialize Properties, logging, locale, etc.
JMeterUtils.loadJMeterProperties("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/jmeter.properties");
JMeterUtils.setJMeterHome("F:/Required_Setup_Softwares/apache-jmeter-3.3");
JMeterUtils.initLogging();// you can comment this line out to see extra log messages of i.e. DEBUG level
JMeterUtils.initLocale();
// Initialize JMeter SaveService
SaveService.loadProperties();
// Load existing .jmx Test Plan
FileInputStream in = new FileInputStream("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/test.jmx");
HashTree testPlanTree = SaveService.loadTree(in);
in.close();
// Run JMeter Test
jmeter.configure(testPlanTree);
jmeter.run();
}
}
虽然 运行 我收到如下 Xstream 安全错误
Security framework of XStream not initialized, XStream is probably vulnerable.
Exception in thread "main" java.lang.NullPointerException
at org.apache.jmeter.engine.StandardJMeterEngine.configure(StandardJMeterEngine.java:176)
at com.jmeter.runner.JMeterFromExistingJMX.main(JMeterFromExistingJMX.java:46)
jmeter.configure(测试计划树);此行在内部使用 Xstream 导致问题。所以我尝试了下面的代码来克服但它不起作用。
Class<?>[] classes = new Class[] { JMeterFromExistingJMX.class };
XStream xStream = new XStream();
XStream.setupDefaultSecurity(xStream);
xStream.allowTypes(classes);
请帮我做同样的事情。我也尝试了下面的代码,但它也不起作用
XStream xstream = new XStream();
// clear out existing permissions and set own ones
xstream.addPermission(NoTypePermission.NONE);
// allow some basics
xstream.addPermission(NullPermission.NULL);
xstream.addPermission(PrimitiveTypePermission.PRIMITIVES);
xstream.allowTypeHierarchy(Collection.class);
// allow any type from the same package
xstream.allowTypesByWildcard(new String[] {
"com.your.package.**"
});
我无法重现您的问题,但是您的代码看起来有点不稳定:
- 查看
F:/Required_Setup_Softwares/apache-jmeter-3.3
看来您正在使用 JMeter 3.3 - 查看 SaveService.loadTree() function as per JMeter 3.3 it requires File,而不是 FileInputStream
因此,我建议执行以下故障排除步骤:
- 确保您的项目依赖项中有 JMeter 3.3 libraries
确保删除以下代码:
// Load existing .jmx Test Plan FileInputStream in = new FileInputStream("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/test.jmx"); HashTree testPlanTree = SaveService.loadTree(in); in.close();
并将其替换为以下行:
HashTree testPlanTree = SaveService.loadTree(new File("F:/Required_Setup_Softwares/apache-jmeter-3.3/bin/test.jmx"));
对您的项目执行全新构建 - 该问题应该会消失。