Getting error java.lang.IndexOutOfBoundsException: Index: -1

Must-share information (formatted with Markdown):

• Running Version 8.9.10 (build 61524) of Sonarqube, with the Solidity plugin 1.0.1 as well. The plugin is in the extensions/plugins/ folder, is this the correct place for it to be? The other extensions for python and ruby etc are in lib/extensions. Sonar scanner version is 4.6.2.2472-linux

• Zip file on an EC2 instance

• Trying to run a scan of a file directory

• My sonarqube files are located in an EC2 instance, and point to a URL sonarqube.orgname.com. I created a project, and that part succeeded using the web API. I then run the scan, and it runs for a few minutes and then at the end gives the following error:

19:48:41.259 DEBUG: stylelint-bridge server will shutdown
19:48:46.297 INFO: ------------------------------------------------------------------------
19:48:46.297 INFO: EXECUTION FAILURE
19:48:46.298 INFO: ------------------------------------------------------------------------
19:48:46.298 INFO: Total time: 4:01.504s
19:48:46.588 INFO: Final Memory: 212M/724M
19:48:46.590 INFO: ------------------------------------------------------------------------
19:48:46.590 ERROR: Error during SonarScanner execution
java.lang.IndexOutOfBoundsException: Index: -1
        at java.base/java.util.Collections$EmptyList.get(Unknown Source)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitForStatement(CurlyBraceCheck.java:81)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitForStatement(CurlyBraceCheck.java:21)
        at org.sonarsource.solidity.frontend.SolidityParser$ForStatementContext.accept(SolidityParser.java:4020)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitStatement(SolidityBaseVisitor.java:300)
        at org.sonarsource.solidity.frontend.SolidityParser$StatementContext.accept(SolidityParser.java:3452)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitBlock(SolidityBaseVisitor.java:293)
        at org.sonarsource.solidity.frontend.SolidityParser$BlockContext.accept(SolidityParser.java:3355)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitFunctionDefinition(SolidityBaseVisitor.java:153)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitFunctionDefinition(CurlyBraceCheck.java:72)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitFunctionDefinition(CurlyBraceCheck.java:21)
        at org.sonarsource.solidity.frontend.SolidityParser$FunctionDefinitionContext.accept(SolidityParser.java:1812)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitContractPart(SolidityBaseVisitor.java:97)
        at org.sonarsource.solidity.frontend.SolidityParser$ContractPartContext.accept(SolidityParser.java:1060)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitContractDefinition(SolidityBaseVisitor.java:83)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitContractDefinition(CurlyBraceCheck.java:32)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitContractDefinition(CurlyBraceCheck.java:21)
        at org.sonarsource.solidity.frontend.SolidityParser$ContractDefinitionContext.accept(SolidityParser.java:847)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitSourceUnit(SolidityBaseVisitor.java:20)
        at org.sonarsource.solidity.frontend.SolidityParser$SourceUnitContext.accept(SolidityParser.java:214)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visit(AbstractParseTreeVisitor.java:18)
        at org.sonarsource.solidity.SoliditySensor.saveIssues(SoliditySensor.java:102)
        at org.sonarsource.solidity.SoliditySensor.analyzeFiles(SoliditySensor.java:88)
        at org.sonarsource.solidity.SoliditySensor.execute(SoliditySensor.java:73)
        at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
        at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:85)
        at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:59)
        at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
        at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:59)
        at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
        at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:392)
        at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:388)
        at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:357)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
        at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:150)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
        at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
        at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
        at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
        at com.sun.proxy.$Proxy0.execute(Unknown Source)
        at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
        at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)

Any clues as to what might be the problem?

Hey there.

I suggest raising an issue with the maintainer here: GitHub - sagap/sonar-solidity: SonarQube Analyzer for Solidity

Make sure you upgrade to SonarQube v9.9 LTS soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported.

Hi

So this is a problem with the Solidity plugin?

That’s what the stracktrace would tell me.

Thanks.

Are there usually compatibility issues with third party plugins when a new LTS is launched?

APIs are deprecated/removed in major versions of SonarQube, so it is important to check compatability.

Where can I check the compatibilty of third party plugins?

The compatibility matrix on the sonarqube documentation does not have all of them I believe

We don’t know about all of them, and that includes this one. That’s why it’s a good idea to raise an issue on their GitHub repository.

Thanks.

I have raised the issue on their repo, let’s hope I get an answer!

Justo confirm though, if I do not have the solidity plugin installed, then the scanner will not be able to scan code written in solidity?

That’s correct. SonarQube does not natively support Solidity.

Are there any plans in the pipeline to bring this functionality?

It’s not on our roadmap.