Getting error java.lang.IndexOutOfBoundsException: Index: -1

abe410 · March 16, 2023, 12:56am

Must-share information (formatted with Markdown):

Running Version 8.9.10 (build 61524) of Sonarqube, with the Solidity plugin 1.0.1 as well. The plugin is in the extensions/plugins/ folder, is this the correct place for it to be? The other extensions for python and ruby etc are in lib/extensions. Sonar scanner version is 4.6.2.2472-linux
Zip file on an EC2 instance
Trying to run a scan of a file directory
My sonarqube files are located in an EC2 instance, and point to a URL sonarqube.orgname.com. I created a project, and that part succeeded using the web API. I then run the scan, and it runs for a few minutes and then at the end gives the following error:

19:48:41.259 DEBUG: stylelint-bridge server will shutdown
19:48:46.297 INFO: ------------------------------------------------------------------------
19:48:46.297 INFO: EXECUTION FAILURE
19:48:46.298 INFO: ------------------------------------------------------------------------
19:48:46.298 INFO: Total time: 4:01.504s
19:48:46.588 INFO: Final Memory: 212M/724M
19:48:46.590 INFO: ------------------------------------------------------------------------
19:48:46.590 ERROR: Error during SonarScanner execution
java.lang.IndexOutOfBoundsException: Index: -1
        at java.base/java.util.Collections$EmptyList.get(Unknown Source)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitForStatement(CurlyBraceCheck.java:81)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitForStatement(CurlyBraceCheck.java:21)
        at org.sonarsource.solidity.frontend.SolidityParser$ForStatementContext.accept(SolidityParser.java:4020)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitStatement(SolidityBaseVisitor.java:300)
        at org.sonarsource.solidity.frontend.SolidityParser$StatementContext.accept(SolidityParser.java:3452)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitBlock(SolidityBaseVisitor.java:293)
        at org.sonarsource.solidity.frontend.SolidityParser$BlockContext.accept(SolidityParser.java:3355)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitFunctionDefinition(SolidityBaseVisitor.java:153)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitFunctionDefinition(CurlyBraceCheck.java:72)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitFunctionDefinition(CurlyBraceCheck.java:21)
        at org.sonarsource.solidity.frontend.SolidityParser$FunctionDefinitionContext.accept(SolidityParser.java:1812)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitContractPart(SolidityBaseVisitor.java:97)
        at org.sonarsource.solidity.frontend.SolidityParser$ContractPartContext.accept(SolidityParser.java:1060)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitContractDefinition(SolidityBaseVisitor.java:83)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitContractDefinition(CurlyBraceCheck.java:32)
        at org.sonarsource.solidity.checks.CurlyBraceCheck.visitContractDefinition(CurlyBraceCheck.java:21)
        at org.sonarsource.solidity.frontend.SolidityParser$ContractDefinitionContext.accept(SolidityParser.java:847)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visitChildren(AbstractParseTreeVisitor.java:46)
        at org.sonarsource.solidity.frontend.SolidityBaseVisitor.visitSourceUnit(SolidityBaseVisitor.java:20)
        at org.sonarsource.solidity.frontend.SolidityParser$SourceUnitContext.accept(SolidityParser.java:214)
        at org.antlr.v4.runtime.tree.AbstractParseTreeVisitor.visit(AbstractParseTreeVisitor.java:18)
        at org.sonarsource.solidity.SoliditySensor.saveIssues(SoliditySensor.java:102)
        at org.sonarsource.solidity.SoliditySensor.analyzeFiles(SoliditySensor.java:88)
        at org.sonarsource.solidity.SoliditySensor.execute(SoliditySensor.java:73)
        at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:48)
        at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:85)
        at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:59)
        at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
        at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:59)
        at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
        at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:392)
        at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:388)
        at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:357)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
        at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:150)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
        at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
        at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
        at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
        at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
        at com.sun.proxy.$Proxy0.execute(Unknown Source)
        at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
        at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)

Any clues as to what might be the problem?

Colin · March 16, 2023, 12:47pm

Hey there.

I suggest raising an issue with the maintainer here: GitHub - sagap/sonar-solidity: SonarQube Analyzer for Solidity

Make sure you upgrade to SonarQube v9.9 LTS soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported.

abe410 · March 16, 2023, 2:49pm

Hi

So this is a problem with the Solidity plugin?

Colin · March 16, 2023, 2:52pm

That’s what the stracktrace would tell me.

abe410 · March 16, 2023, 3:13pm

Thanks.

Are there usually compatibility issues with third party plugins when a new LTS is launched?

Colin · March 16, 2023, 3:14pm

APIs are deprecated/removed in major versions of SonarQube, so it is important to check compatability.

abe410 · March 16, 2023, 8:05pm

Where can I check the compatibilty of third party plugins?

The compatibility matrix on the sonarqube documentation does not have all of them I believe

Colin · March 16, 2023, 8:46pm

We don’t know about all of them, and that includes this one. That’s why it’s a good idea to raise an issue on their GitHub repository.

abe410 · March 17, 2023, 3:27am

Thanks.

I have raised the issue on their repo, let’s hope I get an answer!

Justo confirm though, if I do not have the solidity plugin installed, then the scanner will not be able to scan code written in solidity?

Colin · March 17, 2023, 8:18am

That’s correct. SonarQube does not natively support Solidity.

abe410 · March 18, 2023, 11:38pm

Are there any plans in the pipeline to bring this functionality?

Colin · March 21, 2023, 9:50am

It’s not on our roadmap.