java.lang.NoClassDefFoundError: org/apache/xerces/jaxp/DocumentBuilderFactoryImpl while running sonar-scanner

Background

I deploy gitlab/gitlab-ce:12.0.0-ce.0 and sonarqube:7.6-community with docker in kubernetes.
I use gitlab/gitlab-runner:v12.0.0 for continuous integration.

I install sonar plugins for different languages through the Marketplace in SonarQube.

  • SonarPython 1.14.1.3143 (python)
  • SonarCSS 1.1.1.1010 (cssfamily)
  • SonarGo 1.1.1.2000 (go)
  • SonarKotlin 1.5.0.315 (kotlin)
  • ShellCheck Analyzer 2.1.0 (shellcheck)
  • SonarJS 5.2.1.7778 (javascript)
  • GitLab Auth 1.3.2 (authgitlab)
  • SonarRuby 1.5.0.315 (ruby)
  • SonarScala 1.5.0.315 (sonarscala)
  • SonarC# 7.15.0.8572 (csharp)
  • SonarJava 5.13.1.18282 (java)
  • SonarHTML 3.1.0.1615 (web)
  • SonarPHP 3.0.0.4537 (php)
  • SonarTS 1.9.0.3766 (typescript)

I have a python project with .gitlab-ci.yml.
One of the jobs is for testing, running in python:3.6.5.
Below is the after_script part of that job.

after_script:
  - wget -q "http://10.0.0.11/sonar-scanner.tar.gz"
  - tar -xf sonar-scanner.tar.gz -C /opt
  - rm sonar-scanner.tar.gz
  - /opt/sonar-scanner/bin/sonar-scanner

I have tried sonar-scanner-cli for linux with version 3.0.3.778, 3.3.0.1492, and 4.0.0.1744, but the same error happens during SonarQube Scanner execution.

Phenomenon

Here is the error message

ERROR: Error during SonarQube Scanner execution
java.lang.NoClassDefFoundError: org/apache/xerces/jaxp/DocumentBuilderFactoryImpl
	at org.sonar.plugins.python.pylint.PylintRuleParser.<init>(PylintRuleParser.java:42)
	at org.sonar.plugins.python.pylint.PylintImportSensor.<clinit>(PylintImportSensor.java:48)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
	at org.picocontainer.injectors.AbstractInjector.newInstance(AbstractInjector.java:145)
	at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:342)
	at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
	at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.java:364)
	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(AbstractInjectionFactory.java:56)
	at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
	at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
	at org.picocontainer.DefaultPicoContainer.getLocalInstance(DefaultPicoContainer.java:606)
	at org.picocontainer.DefaultPicoContainer.getComponents(DefaultPicoContainer.java:587)
	at org.sonar.core.platform.ComponentContainer.getComponentsByType(ComponentContainer.java:290)
	at org.sonar.scanner.bootstrap.AbstractExtensionDictionnary.completeScannerExtensions(AbstractExtensionDictionnary.java:82)
	at org.sonar.scanner.bootstrap.AbstractExtensionDictionnary.getExtensions(AbstractExtensionDictionnary.java:77)
	at org.sonar.scanner.bootstrap.AbstractExtensionDictionnary.getFilteredExtensions(AbstractExtensionDictionnary.java:67)
	at org.sonar.scanner.sensor.ModuleSensorExtensionDictionnary.selectSensors(ModuleSensorExtensionDictionnary.java:40)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$0(ModuleSensorsExecutor.java:52)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:77)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:52)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:408)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:403)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:360)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:126)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:73)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:67)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:185)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:137)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:111)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.ClassNotFoundException: org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
	at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
	at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:87)
	at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76)
	... 48 more

I download xercesImpl-2.12.0.jar, which contains org/apache/xerces/jaxp/DocumentBuilderFactoryImpl.class.
I change the last lines of sonar-scanner/bin/sonar-scanner, but the error remains,

export CLASSPATH="$sonar_scanner_home/lib/xercesImpl-2.12.0.jar"
extra_jar=$sonar_scanner_home/lib/xercesImpl-2.12.0.jar

"$java_cmd" \
  -Djava.awt.headless=true \
  $SONAR_SCANNER_OPTS \
  $SONAR_SCANNER_DEBUG_OPTS \
  -classpath  "$jar_file:$extra_jar" \
  -Dscanner.home="$sonar_scanner_home" \
  -Dproject.home="$project_home" \
  org.sonarsource.scanner.cli.Main \
	-Dsonar.projectKey="$CI_PROJECT_NAMESPACE:$CI_PROJECT_NAME" \
	-Dsonar.projectName="$CI_PROJECT_NAMESPACE $CI_PROJECT_NAME" \
	-Dsonar.login="$SONAR_LOGIN" \
	-Dsonar.password="$SONAR_PASSWORD" \

Question

How can I get rid of the java.lang.NoClassDefFoundError: org/apache/xerces/jaxp/DocumentBuilderFactoryImpl?

How to set CLASSPATH for sonar-scanner and plugins?

Thanks!

PS:

  • It seems that the GitLab Auth plugin does not support SonarQube 7.7, so I fix the version of SonarQube to 7.6
  • Some variables in sonar-scanner/bin/sonar-scanner are set in GitLab as CI variables, such as SONAR_LOGIN.
1 Like

Hi Ben,

Thanks for this feedback.
I did a test without your docker/kubernetes/gitlab context but with the same sonarqube 7.6 version and SonarPython 1.14.1.3143 version, and I can not reproduce the NoClassDefFoundError, so I assume that it comes from the docker/kubernetes/gitlab context or the jvm configuration.

I checked sonar-python-plugin-1.14.1.3143.jar and it contains DocumentBuilderFactoryImpl:

$ jar tf sonar-python-plugin-1.14.1.3143.jar | grep org/apache/xerces/jaxp/DocumentBuilderFactoryImpl
org/apache/xerces/jaxp/DocumentBuilderFactoryImpl.class

So I assume SonarPython 1.14 uses the wrong ClassLoader to resolve this class.

We changed the way SonarPython parses xml files between the SonarPython 1.11 and SonarPython 1.12.

Could you confirm that you have the NoClassDefFoundError using sonar-python-plugin-1.12.0.2726.jar but you do not have this error using sonar-python-plugin-1.11.0.2473.jar?

And could you please indicate the jvm version?

Hi Alban,

Thanks for your reply!

Currently, I use sonar-scanner-cli-4.0.0.1744-linux.
It uses an embedded jre.

$ ./jre/bin/java -version
openjdk version "11.0.3" 2019-04-16
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.3+7)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.3+7, mixed mode)

After I replace SonarPython 1.14 with sonar-python-plugin-1.12.0.2726.jar or sonar-python-plugin-1.11.0.2473.jar, ANALYSIS SUCCESSFUL and I can find Code Smells.
Before replacing the plugin, I retried the job and still found NoClassDefFoundError.

The sonar-scanner is running in a docker image derived from python:3.6.5.
There is supposed to be no java component in such docker image except the embedded jre with sonar-scanner.

I guess the error is not related to SonarPython 1.12

I clone my python project in my ubuntu server, export some used variables (such as CI_PROJECT_NAME), and run the command defined in the after_script part.
I still have NoClassDefFoundError with SonarPython 1.14 and sonar-scanner 4.0.0.1744. :frowning:

For the system,

$ uname -a
Linux VM-0-46-ubuntu 4.4.0-104-generic #127-Ubuntu SMP Mon Dec 11 12:16:42 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

java is not installed in this server. After installing openjdk-8-jre-headless, the error remains.

I find the error message I gave is not produced by sonar-scanner 4.0.0.1744.
I have to apologize if it was misleading.
The error message produced by sonar-scanner 4.0.0.1744 is

ERROR: Error during SonarQube Scanner execution
java.lang.NoClassDefFoundError: org/apache/xerces/jaxp/DocumentBuilderFactoryImpl
		at org.sonar.plugins.python.pylint.PylintRuleParser.<init>(PylintRuleParser.java:42)
		at org.sonar.plugins.python.pylint.PylintImportSensor.<clinit>(PylintImportSensor.java:48)
		at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
		at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
		at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source
		at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
		at org.picocontainer.injectors.AbstractInjector.newInstance(AbstractInjector.java:145)
		at org.picocontainer.injectors.ConstructorInjector$1.run(ConstructorInjector.java:342)
		at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(Abstr
		at org.picocontainer.injectors.ConstructorInjector.getComponentInstance(ConstructorInjector.ja
		at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.getComponentInstance(
		at org.picocontainer.behaviors.AbstractBehavior.getComponentInstance(AbstractBehavior.java:64)
		at org.picocontainer.behaviors.Stored.getComponentInstance(Stored.java:91)
		at org.picocontainer.DefaultPicoContainer.getLocalInstance(DefaultPicoContainer.java:606)
		at org.picocontainer.DefaultPicoContainer.getComponents(DefaultPicoContainer.java:587)
		at org.sonar.core.platform.ComponentContainer.getComponentsByType(ComponentContainer.java:290)
		at org.sonar.scanner.bootstrap.AbstractExtensionDictionnary.completeScannerExtensions(Abstract
		at org.sonar.scanner.bootstrap.AbstractExtensionDictionnary.getExtensions(AbstractExtensionDic
		at org.sonar.scanner.bootstrap.AbstractExtensionDictionnary.getFilteredExtensions(AbstractExte
		at org.sonar.scanner.sensor.ModuleSensorExtensionDictionnary.selectSensors(ModuleSensorExtensi
		at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$0(ModuleSensorsExecutor.java:
		at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.jav
		at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:52)
		at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:82)
		at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
		at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
		at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:408)
		at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:403)
		at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:360)
		at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
		at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
		at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:126)
		at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
		at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
		at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:73)
		at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:67)
		at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLaunc
		at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
		at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
		at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
		at java.base/java.lang.reflect.Method.invoke(Unknown Source)
		at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.jav
		at com.sun.proxy.$Proxy0.execute(Unknown Source)
		at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:185)
		at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:137)
		at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
		at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
		at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.ClassNotFoundException: org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
		at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
		at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:87)
		at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76)
		... 48 more

Hi Ben,

Thanks for all those details. Unfortunately, I failed to reproduce. I tested on a similar configuration (except the exact same version of Ubuntu):

INFO: SonarQube Scanner 4.0.0.1744
INFO: Java 11.0.3 AdoptOpenJDK (64-bit)
INFO: Linux 4.4.0-154-generic amd64
...
INFO: SonarQube server 7.6.0
...
15:54:59.395 INFO: Sensor PylintImportSensor [python]
15:54:59.398 INFO: Sensor PylintImportSensor [python] (done) | time=3ms
...

If your version of SonarPython 1.14.1 is not corrupted (compare to sonar-python-plugin-1.14.1.3143.jar ), I have no idea about why you are facing this error.

$ md5sum sonar-python-plugin-1.14.1.3143.jar
5246ba7166e8e9ab17d08a6514e9a086  sonar-python-plugin-1.14.1.3143.jar
$ jar tf sonar-python-plugin-1.14.1.3143.jar | grep org/apache/xerces/jaxp/DocumentBuilderFactoryImpl
org/apache/xerces/jaxp/DocumentBuilderFactoryImpl.class
1 Like

My SonarPython 1.14.1 is corrupted. The .jar file has the same size but different md5sum.

Thanks!