(8.4.2) Background task for Merge Request analysis takes forever as soon as bad code is commited

Analysis of a merge request works and sonarqubes adds the comment in the merge request. Background task finishes after a few seconds.
As soon as a PHP file with a lot bad code (Styling issues, security vulns, code smell) is added the scanning takes forever. I had to restart sonarqube after 2hours waiting for it to finish.
This is reproducable with the same file. After doing a new commit which deletes that file, the analysis is working fine again.

Adding the same file directly to the master - no merge request scanning - works also and detects the errors in that file.

Sonarqube Developer edition - Version: 8.4.2.36762
Database: PostgreSQL 12.3 (AWS RDS)

Here is the problematic code:

<?php

declare(strict_types=1);

# just another change yeah
#

new \MyHammer\User\Entity\User();
$user = new \MyHammer\User\Entity\User();
$user->getId();

function sdfalfdsajfjkd4344343434343dfsjkldsfjkljfklsdjlkfdsjkl2323LONG($a, $b, $c = false, $d, $e, $f, $jfgdjiodfgijogjoifdjoig4343mmogfogfdoigfjoidjfgdojoi = array(), $g, $i, $j, $k)

{

    switch ($d) {
        case 1:
            return false;
        case 2:
            return false;
        case 3:
            return false;
        case 3:
            return false;
        case 4:
            return false;
        case 5:
            return false;
        case 6:
            $something = time();
            $something - 123;
            break;
        case 7:
            $something = time();
            $something - 123;
        case 8:
            return false;
        case 9:
            return false;
        case 10:
            return false;
    }

    return true;
}

\mysqli_query(mysqli_connect(''), "INSERT INTO table (val) VALUES (" . $_GET['hidden'] . ")");


function anotherfunctioninparadise($input)
{
    \mysqli_query(mysqli_connect(''), "INSERT INTO table (val) VALUES (" . $input . ")");
}

anotherfunctioninparadise($_POST['danger']);

$user = 'bar';
$pasword='foo';

Scanner Context of a broken run:

SonarQube plugins:
 - SonarCSS 1.2.0.1325 (cssfamily)
 - Svn 1.10.0.1917 (scmsvn)
 - SonarPLSQL 3.4.1.2576 (plsql)
 - SonarScala 1.5.0.315 (sonarscala)
 - C# Code Quality and Security 8.9.0.19135 (csharp)
 - Vulnerability Analysis 8.4.0.2759 (security)
 - Java Code Quality and Security 6.5.1.22586 (java)
 - SonarHTML 3.2.0.2082 (web)
 - SonarFlex 2.5.1.1831 (flex)
 - SonarXML 2.0.1.2020 (xml)
 - SonarTS 2.1.0.4359 (typescript)
 - VB.NET Code Quality and Security 8.9.0.19135 (vbnet)
 - SonarSwift 4.2.2.77 (swift)
 - CFamily Code Quality and Security 6.11.0.19130 (cpp)
 - Python Code Quality and Security 2.13.0.7236 (python)
 - JaCoCo 1.1.0.898 (jacoco)
 - SonarGo 1.6.0.719 (go)
 - SonarKotlin 1.5.0.315 (kotlin)
 - ShellCheck Analyzer 2.3.0 (shellcheck)
 - SonarTSQL 1.4.0.3334 (tsql)
 - SonarJS 6.2.1.12157 (javascript)
 - SonarRuby 1.5.0.315 (ruby)
 - Vulnerability Rules for C# 8.4.0.2759 (securitycsharpfrontend)
 - Vulnerability Rules for Java 8.4.0.2759 (securityjavafrontend)
 - License for SonarLint 8.4.2.36762 (license)
 - Vulnerability Rules for Python 8.4.0.2759 (securitypythonfrontend)
 - Git 1.12.0.2034 (scmgit)
 - PHP Code Quality and Security 3.5.0.5655 (php)
 - SonarABAP 3.8.0.2034 (abap)
 - Vulnerability Rules for PHP 8.4.0.2759 (securityphpfrontend)
Global server settings:
 - email.from=noreply@myhammer.de
 - email.smtp_host.secured=******
 - email.smtp_password.secured=******
 - email.smtp_port.secured=******
 - email.smtp_secure_connection.secured=******
 - email.smtp_username.secured=******
 - sonar.auth.gitlab.applicationId=xxxxx
 - sonar.auth.gitlab.enabled=true
 - sonar.auth.gitlab.groupsSync=true
 - sonar.auth.gitlab.secret=xxxxx
 - sonar.auth.gitlab.url=xxxx
 - sonar.core.id=xxxx
 - sonar.core.serverBaseURL=xxxx
 - sonar.core.startTime=2020-10-08T09:02:20+0200
 - sonar.dbcleaner.branchesToKeepWhenInactive=master,develop,trunk

Project scanner properties:
 - sonar.host.url=xxx
 - sonar.projectBaseDir=xxx
 - sonar.projectKey=xxx
 - sonar.qualitygate.wait=false
 - sonar.scanner.app=ScannerCLI
 - sonar.scanner.appVersion=4.4.0.2170
 - sonar.sourceEncoding=UTF-8
 - sonar.working.directory=xxx

Hey there.

If you’re using Gitlab, please see SONAR-13290, which describes an issue where decorating a Merge Request causes a background task to never complete, and a workaround.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.