CLI Scanner failed to scan project where some directories inaccessible for current user

Here is output from console (partial, for readability):

sonar-scanner \
  …
  -Dsonar.exclusions=./var

INFO: SonarQube Scanner 4.2.0.1873
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 5.4.7-1-default amd64
…
INFO: Indexing files...
INFO: Project configuration:
INFO:   Excluded sources: ./var
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 6.269s
INFO: Final Memory: 7M/30M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: Failed to index files
        at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexFiles(ProjectFileIndexer.java:203)
        at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.index(ProjectFileIndexer.java:159)
        at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexModulesRecursively(ProjectFileIndexer.java:138)
        at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.index(ProjectFileIndexer.java:105)
        at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:341)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
        at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:141)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
        at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
        at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
        at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
        at com.sun.proxy.$Proxy0.execute(Unknown Source)
        at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
        at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.nio.file.AccessDeniedException: <here-was-full-project-root-path>/var/pgdata
        at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
        at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
        at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
        at java.base/sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(Unknown Source)
        at java.base/java.nio.file.Files.newDirectoryStream(Unknown Source)
        at java.base/java.nio.file.FileTreeWalker.visit(Unknown Source)
        at java.base/java.nio.file.FileTreeWalker.next(Unknown Source)
        at java.base/java.nio.file.Files.walkFileTree(Unknown Source)
        at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexDirectory(ProjectFileIndexer.java:210)
        at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexFiles(ProjectFileIndexer.java:197)
        ... 23 more
ERROR: 
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.

Current user has no permissions for read ./var/pgdata, it’s ok and I’ve expected that scanner just skip those directories. Anyways there is nothing for analysis inside it. But scanner keep failing even when I’m trying to explicitly ignore this unreadable dir (also, this dir in project’s .gitignore).

Also I’ve tried -Dsonar.exclusions=./var/pgdata, -Dsonar.exclusions=./var/* and -Dsonar.exclusions=./var/** but no luck and error was the same.

With -X option it’s just many DEBUG messages before like:

17:53:40.418 DEBUG: File '<here-was-full-project-root-path>/var/cache/<path-to-file>' is excluded by the scm ignore settings.

It looks strange for me: why it iterates over files inside ignored ./var folder? What does “ignore” means for scanner?

Finally I’ve temporarily moved pgdata dir out and scan was executed successfully, so I suppose it’s a bug.

What do you think, is it a bug or feature?

Hi @somebody,

The dot is not taken in account while specifying a relative path for sonar exclusions.

You should try either

 -Dsonar.exclusions=var/**

or

-Dsonar.exclusions=**/var/**

Hi @mickaelcaro
I’ve tried both but unfortunately output was the same as above. And also with -X option it looks like scanner iterates through ./var directory despite of passed exclusion.

Has this issue been resolved yet? I think I’m hitting the same issue too.
sonar.exclusions=tests/**/*

java.lang.IllegalStateException: Failed to index files
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexFiles(ProjectFileIndexer.java:203)
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.index(ProjectFileIndexer.java:159)
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.indexModulesRecursively(ProjectFileIndexer.java:138)
at org.sonar.scanner.scan.filesystem.ProjectFileIndexer.index(ProjectFileIndexer.java:105)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:353)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:141)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:73)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:67)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:185)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:137)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.nio.file.AccessDeniedException: full-path-to-a-file-under-tests-directory
at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)