NPE when trying to analyze Java code

vmax · January 14, 2020, 12:27pm

Versions used:
SonarCloud: SonarQube server 8.0.0
SonarQube: SonarQube server 8.1.0
Error observed:

org.sonar.java.AnalysisException: SonarQube is unable to analyze file : 'Test.java'
	at org.sonar.java.ast.JavaAstScanner.simpleScan(JavaAstScanner.java:108)
	at org.sonar.java.ast.JavaAstScanner.scan(JavaAstScanner.java:65)
	at org.sonar.java.JavaSquid.scanSources(JavaSquid.java:111)
	at org.sonar.java.JavaSquid.scan(JavaSquid.java:105)
	at org.sonar.plugins.java.JavaSquidSensor.execute(JavaSquidSensor.java:88)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:34)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:71)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:45)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:63)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:45)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:68)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:108)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:379)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:375)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:338)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:108)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:127)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:122)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:108)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.NullPointerException
	at org.sonar.java.model.JSymbol.variableEnclosingClass(JSymbol.java:379)
	at org.sonar.java.model.JSymbol.enclosingClass(JSymbol.java:340)
	at org.sonar.java.checks.security.StandardInputReadCheck.checkIdentifier(StandardInputReadCheck.java:65)
	at org.sonar.java.checks.security.StandardInputReadCheck.visitNode(StandardInputReadCheck.java:60)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.lambda$visit$7(VisitorsBridge.java:271)
	at java.util.ArrayList.forEach(ArrayList.java:1257)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit(VisitorsBridge.java:274)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.visitChildren(VisitorsBridge.java:256)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit(VisitorsBridge.java:278)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.visitChildren(VisitorsBridge.java:256)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit(VisitorsBridge.java:278)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.visitChildren(VisitorsBridge.java:256)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit(VisitorsBridge.java:278)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.visitChildren(VisitorsBridge.java:256)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit(VisitorsBridge.java:278)
	at org.sonar.java.model.VisitorsBridge$ScannerRunner.run(VisitorsBridge.java:247)
	at org.sonar.java.model.VisitorsBridge.visitFile(VisitorsBridge.java:137)
	at org.sonar.java.ast.JavaAstScanner.simpleScan(JavaAstScanner.java:99)
	... 34 more

Steps to reproduce:

Create Test.java with the following content:

public interface Main {
    <V> AttributeType<V> putAttributeType(AttributeType.DataType<V> dataType, Label x) {
    }
}

Run sonar-scanner

Potential workaround: use self-hosted (8.1.0) version
Scanner command used when applicable:

sonar-scanner -Dsonar.login=<>-Dsonar.java.binaries=. -Dsonar.host.url=https://sonarcloud.io -Dsonar.projectKey=<> -Dsonar.sources=Test.java -Dsonar.organization=<> -Dsonar.java.source=1.8

Additional info:

removing Label x makes it not fail
substituting interface with class also makes it not fail

Michael · January 16, 2020, 5:21pm

Hey @vmax,

Thanks for the feedback. I’m trying to reproduce the issue, but the example code you are providing is not at all valid java code.

This code simply dose not compile:

> javac Test.java 
Test.java:1: error: interface Main is public, should be declared in a file named Main.java
public interface Main {
       ^
Test.java:2: error: package AttributeType does not exist
    <V> AttributeType<V> putAttributeType(AttributeType.DataType<V> dataType, Label x) {
                                                       ^
Test.java:2: error: cannot find symbol
    <V> AttributeType<V> putAttributeType(AttributeType.DataType<V> dataType, Label x) {
                                                                              ^
  symbol:   class Label
  location: interface Main
Test.java:2: error: cannot find symbol
    <V> AttributeType<V> putAttributeType(AttributeType.DataType<V> dataType, Label x) {
        ^
  symbol:   class AttributeType
  location: interface Main
Test.java:2: error: interface abstract methods cannot have body
    <V> AttributeType<V> putAttributeType(AttributeType.DataType<V> dataType, Label x) {
                                                                                       ^
5 errors

While I’m able to reproduce the issue, this does not correspond to a valid use case of our analyzer. SonarJava does not support non-valid java code, and it is a prerequisite to run analysis that code compiles. This is also a reasons why it is highly discouraged to use sonar-scanner to analyse Java projects. It is much safer to rely on some maven/gradle projects with their respective sonar plugins.

I guess that you might have reduced your use case a bit too much. Could you provide a code snippet which compiles which reproduce the issue? It would help me to understand what’s going on in our engine.

Cheers,
Michael