(8.4.2) Background task for Merge Request analysis takes forever as soon as bad code is commited

Analysis of a merge request works and sonarqubes adds the comment in the merge request. Background task finishes after a few seconds.
As soon as a PHP file with a lot bad code (Styling issues, security vulns, code smell) is added the scanning takes forever. I had to restart sonarqube after 2hours waiting for it to finish.
This is reproducable with the same file. After doing a new commit which deletes that file, the analysis is working fine again.

Adding the same file directly to the master - no merge request scanning - works also and detects the errors in that file.

Sonarqube Developer edition - Version:
Database: PostgreSQL 12.3 (AWS RDS)

Here is the problematic code:



# just another change yeah

new \MyHammer\User\Entity\User();
$user = new \MyHammer\User\Entity\User();

function sdfalfdsajfjkd4344343434343dfsjkldsfjkljfklsdjlkfdsjkl2323LONG($a, $b, $c = false, $d, $e, $f, $jfgdjiodfgijogjoifdjoig4343mmogfogfdoigfjoidjfgdojoi = array(), $g, $i, $j, $k)


    switch ($d) {
        case 1:
            return false;
        case 2:
            return false;
        case 3:
            return false;
        case 3:
            return false;
        case 4:
            return false;
        case 5:
            return false;
        case 6:
            $something = time();
            $something - 123;
        case 7:
            $something = time();
            $something - 123;
        case 8:
            return false;
        case 9:
            return false;
        case 10:
            return false;

    return true;

\mysqli_query(mysqli_connect(''), "INSERT INTO table (val) VALUES (" . $_GET['hidden'] . ")");

function anotherfunctioninparadise($input)
    \mysqli_query(mysqli_connect(''), "INSERT INTO table (val) VALUES (" . $input . ")");


$user = 'bar';

Scanner Context of a broken run:

SonarQube plugins:
 - SonarCSS (cssfamily)
 - Svn (scmsvn)
 - SonarPLSQL (plsql)
 - SonarScala (sonarscala)
 - C# Code Quality and Security (csharp)
 - Vulnerability Analysis (security)
 - Java Code Quality and Security (java)
 - SonarHTML (web)
 - SonarFlex (flex)
 - SonarXML (xml)
 - SonarTS (typescript)
 - VB.NET Code Quality and Security (vbnet)
 - SonarSwift (swift)
 - CFamily Code Quality and Security (cpp)
 - Python Code Quality and Security (python)
 - JaCoCo (jacoco)
 - SonarGo (go)
 - SonarKotlin (kotlin)
 - ShellCheck Analyzer 2.3.0 (shellcheck)
 - SonarTSQL (tsql)
 - SonarJS (javascript)
 - SonarRuby (ruby)
 - Vulnerability Rules for C# (securitycsharpfrontend)
 - Vulnerability Rules for Java (securityjavafrontend)
 - License for SonarLint (license)
 - Vulnerability Rules for Python (securitypythonfrontend)
 - Git (scmgit)
 - PHP Code Quality and Security (php)
 - SonarABAP (abap)
 - Vulnerability Rules for PHP (securityphpfrontend)
Global server settings:
 - email.from=noreply@myhammer.de
 - email.smtp_host.secured=******
 - email.smtp_password.secured=******
 - email.smtp_port.secured=******
 - email.smtp_secure_connection.secured=******
 - email.smtp_username.secured=******
 - sonar.auth.gitlab.applicationId=xxxxx
 - sonar.auth.gitlab.enabled=true
 - sonar.auth.gitlab.groupsSync=true
 - sonar.auth.gitlab.secret=xxxxx
 - sonar.auth.gitlab.url=xxxx
 - sonar.core.id=xxxx
 - sonar.core.serverBaseURL=xxxx
 - sonar.core.startTime=2020-10-08T09:02:20+0200
 - sonar.dbcleaner.branchesToKeepWhenInactive=master,develop,trunk

Project scanner properties:
 - sonar.host.url=xxx
 - sonar.projectBaseDir=xxx
 - sonar.projectKey=xxx
 - sonar.qualitygate.wait=false
 - sonar.scanner.app=ScannerCLI
 - sonar.scanner.appVersion=
 - sonar.sourceEncoding=UTF-8
 - sonar.working.directory=xxx

Hey there.

If you’re using Gitlab, please see SONAR-13290, which describes an issue where decorating a Merge Request causes a background task to never complete, and a workaround.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.