JavaXmlSensor NPE on XML parsing with <![CDATA[]]>

Hello,

We faced a problem few days ago after upgrading sonarjava plugin to 5.10.1.16922.

  • SonarQube Version 6.7.6 (build 38781)
  • mvn: Apache Maven 3.6.0
  • Plugins:
    • SonarJS 5.0.0.6962 (javascript)
    • Findbugs 3.9.1 (findbugs)
    • SonarJava 5.10.1.16922 (java)
    • SonarXML 2.0.1.2020 (xml)
    • […]

The following XML leads to a NPE during the JavaXMLSensor:

<?xml version="1.0" encoding="UTF-8"?>
<a>
    <b>
        <![CDATA[]]>
    </b>
</a>

or

<?xml version="1.0" encoding="UTF-8"?>
<a>
    <b> <![CDATA[]]>
    </b>
</a>

When the following doesn’t:

<?xml version="1.0" encoding="UTF-8"?>
<a>
    <b><![CDATA[]]>
    </b>
</a>

Hereafter is mvn -e -X extract:

[INFO] 12:58:52.592 Sensor JavaXmlSensor [java]
[INFO] 12:58:52.595 2 source files to be analyzed
[DEBUG] 12:58:52.597 'pom.xml' generated metadata  with charset 'UTF-8'
[DEBUG] 12:58:52.772 'src/main/java/pack/ressources/buggy.xml' generated metadata  with charset 'UTF-8'
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  15.814 s
[INFO] Finished at: 2019-01-21T12:58:52+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar (default-cli) on project parserbug: null: MojoExecutionException: NullPointerException -> [Help 1]                                                                                                                           
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.6.0.1398:sonar (default-cli) on project parserbug: null                                                                                                                                     
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: org.apache.maven.plugin.MojoExecutionException
    at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:67)
    at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:104)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
Caused by: java.lang.NullPointerException
    at org.sonarsource.analyzer.commons.xml.XmlParser.setLocation (XmlParser.java:254)
    at org.sonarsource.analyzer.commons.xml.XmlParser.finalizePreviousNode (XmlParser.java:172)
    at org.sonarsource.analyzer.commons.xml.XmlParser.parseXml (XmlParser.java:114)
    at org.sonarsource.analyzer.commons.xml.XmlParser.<init> (XmlParser.java:68)
    at org.sonarsource.analyzer.commons.xml.XmlFile.create (XmlFile.java:90)
    at org.sonar.plugins.java.XmlFileSensor.scanFile (XmlFileSensor.java:99)
    at org.sonar.plugins.java.XmlFileSensor.execute (XmlFileSensor.java:83)
    at org.sonar.scanner.sensor.SensorWrapper.analyse (SensorWrapper.java:53)
    at org.sonar.scanner.phases.SensorsExecutor.executeSensor (SensorsExecutor.java:88)
    at org.sonar.scanner.phases.SensorsExecutor.execute (SensorsExecutor.java:82)
    at org.sonar.scanner.phases.SensorsExecutor.execute (SensorsExecutor.java:68)
    at org.sonar.scanner.phases.AbstractPhaseExecutor.execute (AbstractPhaseExecutor.java:88)
    at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart (ModuleScanContainer.java:177)
    at org.sonar.core.platform.ComponentContainer.startComponents (ComponentContainer.java:135)
    at org.sonar.core.platform.ComponentContainer.execute (ComponentContainer.java:121)
    at org.sonar.scanner.scan.ProjectScanContainer.scan (ProjectScanContainer.java:291)
    at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively (ProjectScanContainer.java:286)
    at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart (ProjectScanContainer.java:264)
    at org.sonar.core.platform.ComponentContainer.startComponents (ComponentContainer.java:135)
    at org.sonar.core.platform.ComponentContainer.execute (ComponentContainer.java:121)
    at org.sonar.scanner.task.ScanTask.execute (ScanTask.java:48)

    at org.sonar.scanner.task.TaskContainer.doAfterStart (TaskContainer.java:84)
    at org.sonar.core.platform.ComponentContainer.startComponents (ComponentContainer.java:135)
    at org.sonar.core.platform.ComponentContainer.execute (ComponentContainer.java:121)
    at org.sonar.scanner.bootstrap.GlobalContainer.executeTask (GlobalContainer.java:121)
    at org.sonar.batch.bootstrapper.Batch.doExecuteTask (Batch.java:116)
    at org.sonar.batch.bootstrapper.Batch.execute (Batch.java:71)
    at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute (BatchIsolatedLauncher.java:46)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke (IsolatedLauncherProxy.java:60)
    at com.sun.proxy.$Proxy24.execute (Unknown Source)
    at org.sonarsource.scanner.api.EmbeddedScanner.doExecute (EmbeddedScanner.java:185)
    at org.sonarsource.scanner.api.EmbeddedScanner.execute (EmbeddedScanner.java:137)
    at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:65)
    at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:104)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
[ERROR]
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

I created a simple project to reproduce the problem with a mvn clean package sonar:sonar.

To work around the problem we have to remove all spaces(or tabs) between the opening <b> and the <![CDATA[]]>.

Best regards and many thanks for your help.

Hey @fr33ky,

Thanks a lot for the feedback. It’s a pretty bad bug you identified here… And also a misconfiguration of the plugin. We should definitely allow the analysis to continue whatever the result of the parsing of the XML file…

Thanks a lot for the small project you created as reproducer.

From it, I created the following tickets to improve the analyzer:

Note that there is also another possible workaround, which might be simpler to execute at larger scale:

  • Adding a space character inside the empty CDATA: <![CDATA[]]> :arrow_right: <![CDATA[ ]]>

Completely out of curiosity, because you are not mentioning it and to better anticipate these cases in the future, did you experienced the same issue with non-empty CDATA? And why are you using empty CDATA?

Cheers,
Michael

Hi @Michael,

Actually, I didn’t mentioned non empty CDATA as they do not lead to the NPE.
We tested, as an example, with:

<?xml version="1.0" encoding="UTF-8"?>
<a>
    <b>
        <![CDATA[{value} kb]]>
    </b>
</a>

and it works like a charm.

Regarding the empty <![CDATA[]]>, I unfortunately have no real answer from our dev team but a “it’s a so old project you know…”, I’m sorry for the inconvenience…

1 Like

Hey @fr33ky,

Just a small message to tell you that we are going to proceed to a bugfix release of SonarJava to handle the issue and stop failing. Version 5.10.2 should be publicly available in the incoming hours.

Regards,
Michael

1 Like

Hi @Michael,

I confirm this now properly warns us about parsing problem (related to SONARJAVA-3021) but doesn’t fail the job anymore.

Many thanks for your help!

1 Like