NullPointer Exception

SonarCloud started failing with a NullPointer exception. It says the scan is successful but it terminates in 1 minute instead of the 10 minutes it used to take before.

java.lang.NullPointerException: null
	at com.sonar.security.frontend.php.ucfg.H.A(na:1559)
	at com.sonar.security.frontend.php.ucfg.H.serializePredefinedTypes(na:1357)
	at com.sonar.security.frontend.php.ucfg.H.terminate(na:1250)
	at com.sonar.security.frontend.php.rules.A.terminate(na:2072)
	at com.sonar.security.frontend.php.rules.SQLInjectionCheck.terminate(na:988)
	at org.sonar.php.PHPAnalyzer.terminate(PHPAnalyzer.java:121)
	at org.sonar.plugins.php.AnalysisScanner.onEnd(AnalysisScanner.java:310)
	at org.sonar.plugins.php.Scanner.execute(Scanner.java:79)
	at org.sonar.plugins.php.Scanner.execute(Scanner.java:62)
	at org.sonar.plugins.php.AnalysisScanner.execute(AnalysisScanner.java:104)
	at org.sonar.plugins.php.PHPSensor.execute(PHPSensor.java:109)
	at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:62)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:75)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:48)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:66)
	at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:48)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:64)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:468)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:464)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:420)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:130)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
	at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy0.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
	at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
	at org.sonarsource.scanner.cli.Main.main(Main.java:61)

sonarlog.txt (19.1 KB)

Hi,

Can you post your full analysis log? Or at a minimum the… 10? lines leading up to the NPE?

It’s all in the attached file…

INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics is restricted to changed files only
INFO: Sensor CSS Metrics [javascript] (done) | time=2ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=7ms
INFO: Sensor Python HTML templates processing [securitypythonfrontend]
INFO: HTML files are not indexed : you may want to add them in the scanned files of this project to detect Python XSS vulnerabilities
INFO: Sensor Python HTML templates processing [securitypythonfrontend] (done) | time=50ms
INFO: Sensor PHP sensor [php]
INFO: Starting PHP symbol indexer
INFO: 2613 source files to be analyzed
INFO: 2613/2613 source files have been analyzed
INFO: Cached information of global symbols will be used for 2613 out of 2613 files. Global symbols were recomputed for the remaining files.
INFO: Starting PHP rules
INFO: 2613 source files to be analyzed
WARN: An error occurred while trying to terminate checks:
java.lang.NullPointerException: null
	at com.sonar.security.frontend.php.ucfg.H.A(na:1559)
	at com.sonar.security.frontend.php.ucfg.H.serializePredefinedTypes(na:1357)
	at com.sonar.security.frontend.php.ucfg.H.terminate(na:1250)
	at com.sonar.security.frontend.php.rules.A.terminate(na:2072)

1 Like

Hi,

Thanks & sorry; I didn’t notice it there.

I’ve flagged this for the team.

 
Ann

Hi Ves, thanks for your patience.

We have recently added support for incremental pull request analysis. This means that we try to analyze only changed and new files in a pull request, and use caching to retrieve relevant information from unchanged files. I can see from your logs that there was a cache entry for all PHP files. So the analyst does not have to re-analyze any of the 2613 PHP files. The analysis is therefore much faster, and you should have no drop in the quality of your result.

However, your logs also show a problem with the serialization of predefined types that are used for security analysis. These types are also cached. If we don’t get a cache hit for this information, it will simply be regenerated. Again, this has no negative impact on your analyzer result.
We should investigate why a NullPointerException is thrown in this case. This should not be the case, even if it has no negative impact. I will start an investigation. However, if you find a negative impact, please feel free to contact me.

Best,
Nils

1 Like

Hi, did you manage to get anywhere with this? I’m now getting the same issue that you are experiencing. It crashes on the same line:

INFO: Starting PHP rules
INFO: 105 source files to be analyzed
WARN: An error occurred while trying to terminate checks:
java.lang.NullPointerException: null

Sonar scanner is “passing” and sending the result to SonarCloud. The difference is that before code coverage used to be sent, but it doesn’t seem to be any longer.