Hello.
I tested Sonar and njsscan. I try to upload njsscan report to SonarQube. I use SonarQube 8.7 and sonar-scanner-cli:latest into docker
My error:
ERROR: Error during SonarScanner execution
java.lang.IllegalArgumentException: 9 is not a valid line offset for pointer. File routes/search.js has 8 character(s) at line 58
at org.sonar.api.utils.Preconditions.checkArgument(Preconditions.java:43)
at org.sonar.api.batch.fs.internal.DefaultInputFile.checkValid(DefaultInputFile.java:339)
at org.sonar.api.batch.fs.internal.DefaultInputFile.newPointer(DefaultInputFile.java:272)
at org.sonar.scanner.externalissue.ExternalIssueImporter.fillLocation(ExternalIssueImporter.java:132)
at org.sonar.scanner.externalissue.ExternalIssueImporter.importIssue(ExternalIssueImporter.java:81)
at org.sonar.scanner.externalissue.ExternalIssueImporter.execute(ExternalIssueImporter.java:57)
at org.sonar.scanner.externalissue.ExternalIssuesImportSensor.execute(ExternalIssuesImportSensor.java:74)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:85)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:59)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:389)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:385)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:354)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:144)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
step to reproduce:
git clone GitHub - juice-shop/juice-shop: OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
sudo pip install njsscan
cd juice-shop && njsscan --sonarqube -o JuceShop.json ./
docker run --rm -e SONAR_HOST_URL=“https://sonar-host” \
-e SONAR_LOGIN=“token_here”
-v “$(pwd):/usr/src” sonarsource/sonar-scanner-cli -D sonar.projectKey=“JuiceShop_test”
-D sonar.c.file.suffixes=- -D sonar.cpp.file.suffixes=- -D sonar.objc.file.suffixes=-
-D sonar.externalIssuesReportPaths=JuceShop.json
Befor this step was created a clear project JuiceShop_test
njsscan gave the report as described here: Generic issue import format
I attached report of njscan.
JuceShop.json (15.9 KB)