NullPointer Exception

vkulov · February 28, 2023, 8:14am

SonarCloud started failing with a NullPointer exception. It says the scan is successful but it terminates in 1 minute instead of the 10 minutes it used to take before.

java.lang.NullPointerException: null
	at com.sonar.security.frontend.php.ucfg.H.A(na:1559)
	at com.sonar.security.frontend.php.ucfg.H.serializePredefinedTypes(na:1357)
	at com.sonar.security.frontend.php.ucfg.H.terminate(na:1250)
	at com.sonar.security.frontend.php.rules.A.terminate(na:2072)
	at com.sonar.security.frontend.php.rules.SQLInjectionCheck.terminate(na:988)
	at org.sonar.php.PHPAnalyzer.terminate(PHPAnalyzer.java:121)
	at org.sonar.plugins.php.AnalysisScanner.onEnd(AnalysisScanner.java:310)
	at org.sonar.plugins.php.Scanner.execute(Scanner.java:79)
	at org.sonar.plugins.php.Scanner.execute(Scanner.java:62)
	at org.sonar.plugins.php.AnalysisScanner.execute(AnalysisScanner.java:104)
	at org.sonar.plugins.php.PHPSensor.execute(PHPSensor.java:109)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:62)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:75)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:48)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:66)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:48)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:64)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:468)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:464)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:420)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:130)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)

sonarlog.txt (19.1 KB)

ganncamp · February 28, 2023, 2:09pm

Hi,

Can you post your full analysis log? Or at a minimum the… 10? lines leading up to the NPE?

vkulov · February 28, 2023, 2:42pm

It’s all in the attached file…

INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics is restricted to changed files only
INFO: Sensor CSS Metrics [javascript] (done) | time=2ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=7ms
INFO: Sensor Python HTML templates processing [securitypythonfrontend]
INFO: HTML files are not indexed : you may want to add them in the scanned files of this project to detect Python XSS vulnerabilities
INFO: Sensor Python HTML templates processing [securitypythonfrontend] (done) | time=50ms
INFO: Sensor PHP sensor [php]
INFO: Starting PHP symbol indexer
INFO: 2613 source files to be analyzed
INFO: 2613/2613 source files have been analyzed
INFO: Cached information of global symbols will be used for 2613 out of 2613 files. Global symbols were recomputed for the remaining files.
INFO: Starting PHP rules
INFO: 2613 source files to be analyzed
WARN: An error occurred while trying to terminate checks:
java.lang.NullPointerException: null
	at com.sonar.security.frontend.php.ucfg.H.A(na:1559)
	at com.sonar.security.frontend.php.ucfg.H.serializePredefinedTypes(na:1357)
	at com.sonar.security.frontend.php.ucfg.H.terminate(na:1250)
	at com.sonar.security.frontend.php.rules.A.terminate(na:2072)

ganncamp · February 28, 2023, 2:44pm

Hi,

Thanks & sorry; I didn’t notice it there.

I’ve flagged this for the team.

Ann

Nils_Werner · March 15, 2023, 2:32pm

Hi Ves, thanks for your patience.

We have recently added support for incremental pull request analysis. This means that we try to analyze only changed and new files in a pull request, and use caching to retrieve relevant information from unchanged files. I can see from your logs that there was a cache entry for all PHP files. So the analyst does not have to re-analyze any of the 2613 PHP files. The analysis is therefore much faster, and you should have no drop in the quality of your result.

However, your logs also show a problem with the serialization of predefined types that are used for security analysis. These types are also cached. If we don’t get a cache hit for this information, it will simply be regenerated. Again, this has no negative impact on your analyzer result.
We should investigate why a NullPointerException is thrown in this case. This should not be the case, even if it has no negative impact. I will start an investigation. However, if you find a negative impact, please feel free to contact me.

Best,
Nils

jaba · March 21, 2023, 12:32pm

Hi, did you manage to get anywhere with this? I’m now getting the same issue that you are experiencing. It crashes on the same line:

INFO: Starting PHP rules
INFO: 105 source files to be analyzed
WARN: An error occurred while trying to terminate checks:
java.lang.NullPointerException: null

Sonar scanner is “passing” and sending the result to SonarCloud. The difference is that before code coverage used to be sent, but it doesn’t seem to be any longer.