Java issue- WARNING: An illegal reflective access operation has occurred

arickels · February 22, 2019, 3:25pm

Running a SonarCloud code analysis through Azure DevOps results in some unpleasant errors when using openjdk-11 (Java 10.0.2):

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.protobuf.UnsafeUtil (file:/opt/vsts-agent/.sonar/cache/e62315a34b56db679102b0a9639a11d9/sonar-scanner-engine-shaded-developer-7.7.0.22010-all.jar) to field java.nio.Buffer.address
WARNING: Please consider reporting this to the maintainers of com.google.protobuf.UnsafeUtil
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

The analysis process works as intended, but the errors are alarming to viewers.

Using Azul Java 1.8.0_202 does not alarm to those deprecated operations, but is unfortunately not an option for us.

Any guidance as to the recommended JDK for code analysis through a CI tool?

saberduck · February 22, 2019, 5:00pm

Hello,

this is expected. We are using protobuf and there is no solution available for the time being (see here https://github.com/protocolbuffers/protobuf/issues/5549 )

You can safely use Java 11 and ignore these warnings. Once there is newer version of protobuf we will upgrade to it.

120GBSSD · April 23, 2019, 3:40am

Is there any movement with this or is there a way to disable it a im currently using java11 and im getting the same issue?

Andy.Nelsen · August 9, 2019, 5:17pm

I’m still seeing this issue with Java11, Sonar 7.9.1, and SonarC# 7.15. However, it appears protobuf might have this issue fixed based on the github link above?

hakimio · January 6, 2020, 7:37am

It was fixed in protobuf. Can you upgrade your dependencies now?

robert · November 19, 2021, 4:15pm

Reviving topic, because the protobuf fix hasn’t reached sonar-maven-plugin:3.9.1.2184
Apparently this was fixed in Protocol Buffers v3.7.0 released 28 Feb 2019
The issue was tracked as issue #3781

Colin · November 24, 2021, 1:14pm

Hey @robert

Are you using SonarQube (if so, what version?) or SonarCloud? What exactly are you seeing in the logs? Such warnings should have been suppressed by now.

robert · November 24, 2021, 4:53pm

I am using sonar-maven-plugin:3.9.1.2184 with jdk-11.0.12.7-openj9

I have a maven project with a pom.xml that sets the properties

        <sonar.host.url>http://internal-sonar:9000</sonar.host.url>
        <sonar.login>somelongid</sonar.login>
        <sonar.projectKey>${project.group}.${project.artifactId}</sonar.projectKey>

If I run
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar
on this, it works, but I see some WARNINGS on stderr:

...
[INFO] Executing post-job 'Forbidden Configuration Breaker'
[INFO] Executing post-job 'Quality Gate Breaker'
[INFO] Waiting for report processing to complete...
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.google.protobuf.UnsafeUtil (file:/C:/Users/Foobar/.sonar/cache/7e63d042b87426eb4623b4e172f5f812/sonar-buildbreaker-plugin.jar_unzip/META-INF/lib/protobuf-java-3.5.1.jar) to field java.nio.Buffer.address
WARNING: Please consider reporting this to the maintainers of com.google.protobuf.UnsafeUtil
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO] Quality gate status: ERROR
[ERROR] Coverage on New Code: 0.0 < 80
[ERROR] [BUILD BREAKER] Project did not meet 1 conditions