Background Tasks → Show Scanner Context returns 403 when Execute Analysis permission is not granted

Hello,
I administer some projects on the SonarQube EE server. I don’t have the System Administer permission. I also don’t have the Execute Analysis permission because I shouldn’t push any analysis to the server. When developers hit some problems I try to support them. Usually, the first step is to check the scanner context (Project Settings → Background Tasks → Show Scanner Context). Unfortunately, the created popup is empty. The browser’s console shows 403 error code:

GET https://<server.url>/api/ce/task?id=AXvQkfIPx6HAqP697_qB&additionalFields=scannerContext 403 (request.js:84)

t.submit	@	request.js:84
O	@	request.js:151
n.getJSON	@	request.js:156
c	@	ce.ts:52
loadScannerContext	@	ScannerContext.tsx:49
componentDidMount	@	ScannerContext.tsx:41
il	@	react-dom.production.min.js:212
du	@	react-dom.production.min.js:255
t.unstable_runWithPriority	@	scheduler.production.min.js:19
Ho	@	react-dom.production.min.js:122
pu	@	react-dom.production.min.js:248
Jl	@	react-dom.production.min.js:239
(anonymous)	@	react-dom.production.min.js:123
t.unstable_runWithPriority	@	scheduler.production.min.js:19
Ho	@	react-dom.production.min.js:122
Ko	@	react-dom.production.min.js:123
Vo	@	react-dom.production.min.js:122
ne	@	react-dom.production.min.js:287
Yt	@	react-dom.production.min.js:68

Uncaught (in promise) Response {type: 'basic', url: 'https://<server.url>/api/ce/task?id=AXvQkfIPx6HAqP697_qB&additionalFields=scannerContext', redirected: false, status: 403, ok: false, …} (background_tasks:1)

Promise.then (async)		
loadScannerContext	@	ScannerContext.tsx:49
componentDidMount	@	ScannerContext.tsx:41
il	@	react-dom.production.min.js:212
du	@	react-dom.production.min.js:255
t.unstable_runWithPriority	@	scheduler.production.min.js:19
Ho	@	react-dom.production.min.js:122
pu	@	react-dom.production.min.js:248
Jl	@	react-dom.production.min.js:239
(anonymous)	@	react-dom.production.min.js:123
t.unstable_runWithPriority	@	scheduler.production.min.js:19
Ho	@	react-dom.production.min.js:122
Ko	@	react-dom.production.min.js:123
Vo	@	react-dom.production.min.js:122
ne	@	react-dom.production.min.js:287
Yt	@	react-dom.production.min.js:68

When I grant my user the Execute Analysis permission the popup is filled with data. For me it sounds like a bug because the permission suggests that it is needed for write operations. The same like I’m able to see issues and security hotspots without having the Administer Issues and Administer Security Hotspots permissions.

SonarQube Enterprise Edition 8.9.1 (build 44547)

Cheers

Hi Adam,

I’ve moved this into Suggest new features since it’s currently working as designed.

I believe the original thinking here was that sensitive values can be exposed in the Scanner Context and if you didn’t have permission to see them while executing analysis, you shouldn’t see them after analysis.

That said, some work in this area was done in 9.1 (I notice you’re on 8.9.1), so if this restriction is still in place it should, IMO, probably be removed.

 
Ann

Hi Ann,
I see here two threads now:

• new feature proposal: grant admins permissions to see the analysis details
• bug: the Show Scanner Context button is displayed when people don’t have permissions to see the details (403 error is thrown)

I would prefer as a project admin to be able to see everything. However when the button is not added, users shouldn’t be confused why no data is displayed. If you agree it would be nice to move it back as a bug with a little modified description (the button is visible, but shouldn’t).

Cheers

Hi Adam,

Sorry I didn’t respond to this earlier. Fall is a blur, but I guess this just slipped past me. You should have edit rights on this topic as the OP (tell me if I’m wrong!). Feel free to move it back and update the title.

 
Ann

I don’t see the Edit button. Maybe the thread is too old… Or maybe I cannot modify posts when somebody already answered to it

Ps. at this moment I’m able to edit this message only.

Hi,

Sorry. I didn’t realize you wouldn’t have perms. I’ve moved it back.

 
Ann