- versions used: SonarQube 8.0
- error observed: see https://github.com/sbaudoin/sonar-shellcheck/issues/16. SQ cannot start because of a security error:
2019.10.22 08:43:46 ERROR ce[][o.s.ce.app.CeServer] Compute Engine startup failed
java.lang.IllegalStateException: Fail to load plugin ShellCheck Analyzer [shellcheck]
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:88)
at org.sonar.ce.container.ComputeEngineContainerImpl.startLevel4(ComputeEngineContainerImpl.java:230)
at org.sonar.ce.container.ComputeEngineContainerImpl.start(ComputeEngineContainerImpl.java:196)
at org.sonar.ce.ComputeEngineImpl.startup(ComputeEngineImpl.java:45)
at org.sonar.ce.app.CeServer$CeMainThread.attemptStartup(CeServer.java:163)
at org.sonar.ce.app.CeServer$CeMainThread.run(CeServer.java:141)
Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getenv.*")
at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
at java.base/java.lang.System.getenv(System.java:1042)
at com.github.sbaudoin.sonar.plugins.shellcheck.ShellCheckPlugin.define(ShellCheckPlugin.java:31)
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:78)
... 5 common frames omitted
- steps to reproduce: install a plugin that access an environment variable (
System.getenv("XXX")) and start SQ 8.0 - potential workaround: none found so far
The cause is the new security manager that do not grant access to the environment variables. The fix could be to add “getenv.*” to the allowed permissions. If this is not a suitable solution, can you give some guidance to a workaround, please?