java.lang.IndexOutOfBoundsException: Index 0 out of bounds for length 0
at java.base/jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64)
at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Preconditions.java:70)
at java.base/jdk.internal.util.Preconditions.checkIndex(Preconditions.java:266)
at java.base/java.util.Objects.checkIndex(Objects.java:359)
at java.base/java.util.ArrayList.get(ArrayList.java:427)
at o.sl.ij.editor.EditorDecorator.highlight(EditorDecorator.kt:85)
at o.sl.ij.ui.vulnerabilities.TaintVulnerabilitiesPanel.updateRulePanelContent(TaintVulnerabilitiesPanel.kt:257)
at o.sl.ij.ui.vulnerabilities.TaintVulnerabilitiesPanel.TREE_SELECTION_LISTENER$lambda-2(TaintVulnerabilitiesPanel.kt:263)
at java.desktop/javax.swing.JTree.fireValueChanged(JTree.java:3020)
at java.desktop/javax.swing.JTree$TreeSelectionRedirector.valueChanged(JTree.java:3521)
at java.desktop/javax.swing.tree.DefaultTreeSelectionModel.fireValueChanged(DefaultTreeSelectionModel.java:650)
at c.ij.ui.treeStructure.Tree$MySelectionModel.fireValueChanged(Tree.java:647)
at java.desktop/javax.swing.tree.DefaultTreeSelectionModel.notifyPathChange(DefaultTreeSelectionModel.java:1120)
at java.desktop/javax.swing.tree.DefaultTreeSelectionModel.setSelectionPaths(DefaultTreeSelectionModel.java:306)
at java.desktop/javax.swing.tree.DefaultTreeSelectionModel.setSelectionPath(DefaultTreeSelectionModel.java:200)
at java.desktop/javax.swing.JTree.setSelectionPath(JTree.java:1709)
I am really puzzled. The vulnerabilities shown in your screenshot seem to come from a third-party plugin (SpotBugs ? FindBugs ?). Could you have a look at what is returned by <url-to-your-SQ-server>/api/plugins/installed and see if it is installed ?
Vulnerabilities from this plugin are not supposed to be considered as taint vulnerabilities, they should not even appear in this view.
Could you try to enable verbose traces, make sure you update the binding (Settings > SonarLint > Project Settings > Update local storage) and share the logs with us please ?
The rule related to the error is findsecbugs:CRLF_INJECTION_LOGS.
I enabled the logs and it seems nothing is written when the exception occurs. I’d prefer not to share them because it’s quite difficult to anonymize them (more than 10.000 rows to read).
I understand, and you could also send me a private message to make it more secure. Could you try to run the following query on your SQ and see if some rules from find-sec-bugs are returned please ?
We cache the server issues locally and it appears this cache might be corrupted. Could you share with me what is in your IDE System folder, in sonarlint/storage/XXXX/projects/YYYY/issues/backup.tar.gz ? This could help me understand what happened.
As a workaround you could delete this file and go to Settings > Tools > SonarLint > Project Settings > Update local storage.