Analysis of a merge request works and sonarqubes adds the comment in the merge request. Background task finishes after a few seconds.
As soon as a PHP file with a lot bad code (Styling issues, security vulns, code smell) is added the scanning takes forever. I had to restart sonarqube after 2hours waiting for it to finish.
This is reproducable with the same file. After doing a new commit which deletes that file, the analysis is working fine again.
Adding the same file directly to the master - no merge request scanning - works also and detects the errors in that file.
Sonarqube Developer edition - Version: 8.4.2.36762
Database: PostgreSQL 12.3 (AWS RDS)
Here is the problematic code:
<?php
declare(strict_types=1);
# just another change yeah
#
new \MyHammer\User\Entity\User();
$user = new \MyHammer\User\Entity\User();
$user->getId();
function sdfalfdsajfjkd4344343434343dfsjkldsfjkljfklsdjlkfdsjkl2323LONG($a, $b, $c = false, $d, $e, $f, $jfgdjiodfgijogjoifdjoig4343mmogfogfdoigfjoidjfgdojoi = array(), $g, $i, $j, $k)
{
switch ($d) {
case 1:
return false;
case 2:
return false;
case 3:
return false;
case 3:
return false;
case 4:
return false;
case 5:
return false;
case 6:
$something = time();
$something - 123;
break;
case 7:
$something = time();
$something - 123;
case 8:
return false;
case 9:
return false;
case 10:
return false;
}
return true;
}
\mysqli_query(mysqli_connect(''), "INSERT INTO table (val) VALUES (" . $_GET['hidden'] . ")");
function anotherfunctioninparadise($input)
{
\mysqli_query(mysqli_connect(''), "INSERT INTO table (val) VALUES (" . $input . ")");
}
anotherfunctioninparadise($_POST['danger']);
$user = 'bar';
$pasword='foo';
Scanner Context of a broken run:
SonarQube plugins:
- SonarCSS 1.2.0.1325 (cssfamily)
- Svn 1.10.0.1917 (scmsvn)
- SonarPLSQL 3.4.1.2576 (plsql)
- SonarScala 1.5.0.315 (sonarscala)
- C# Code Quality and Security 8.9.0.19135 (csharp)
- Vulnerability Analysis 8.4.0.2759 (security)
- Java Code Quality and Security 6.5.1.22586 (java)
- SonarHTML 3.2.0.2082 (web)
- SonarFlex 2.5.1.1831 (flex)
- SonarXML 2.0.1.2020 (xml)
- SonarTS 2.1.0.4359 (typescript)
- VB.NET Code Quality and Security 8.9.0.19135 (vbnet)
- SonarSwift 4.2.2.77 (swift)
- CFamily Code Quality and Security 6.11.0.19130 (cpp)
- Python Code Quality and Security 2.13.0.7236 (python)
- JaCoCo 1.1.0.898 (jacoco)
- SonarGo 1.6.0.719 (go)
- SonarKotlin 1.5.0.315 (kotlin)
- ShellCheck Analyzer 2.3.0 (shellcheck)
- SonarTSQL 1.4.0.3334 (tsql)
- SonarJS 6.2.1.12157 (javascript)
- SonarRuby 1.5.0.315 (ruby)
- Vulnerability Rules for C# 8.4.0.2759 (securitycsharpfrontend)
- Vulnerability Rules for Java 8.4.0.2759 (securityjavafrontend)
- License for SonarLint 8.4.2.36762 (license)
- Vulnerability Rules for Python 8.4.0.2759 (securitypythonfrontend)
- Git 1.12.0.2034 (scmgit)
- PHP Code Quality and Security 3.5.0.5655 (php)
- SonarABAP 3.8.0.2034 (abap)
- Vulnerability Rules for PHP 8.4.0.2759 (securityphpfrontend)
Global server settings:
- email.from=noreply@myhammer.de
- email.smtp_host.secured=******
- email.smtp_password.secured=******
- email.smtp_port.secured=******
- email.smtp_secure_connection.secured=******
- email.smtp_username.secured=******
- sonar.auth.gitlab.applicationId=xxxxx
- sonar.auth.gitlab.enabled=true
- sonar.auth.gitlab.groupsSync=true
- sonar.auth.gitlab.secret=xxxxx
- sonar.auth.gitlab.url=xxxx
- sonar.core.id=xxxx
- sonar.core.serverBaseURL=xxxx
- sonar.core.startTime=2020-10-08T09:02:20+0200
- sonar.dbcleaner.branchesToKeepWhenInactive=master,develop,trunk
Project scanner properties:
- sonar.host.url=xxx
- sonar.projectBaseDir=xxx
- sonar.projectKey=xxx
- sonar.qualitygate.wait=false
- sonar.scanner.app=ScannerCLI
- sonar.scanner.appVersion=4.4.0.2170
- sonar.sourceEncoding=UTF-8
- sonar.working.directory=xxx