SonarCloud started failing with a NullPointer exception. It says the scan is successful but it terminates in 1 minute instead of the 10 minutes it used to take before.
java.lang.NullPointerException: null
at com.sonar.security.frontend.php.ucfg.H.A(na:1559)
at com.sonar.security.frontend.php.ucfg.H.serializePredefinedTypes(na:1357)
at com.sonar.security.frontend.php.ucfg.H.terminate(na:1250)
at com.sonar.security.frontend.php.rules.A.terminate(na:2072)
at com.sonar.security.frontend.php.rules.SQLInjectionCheck.terminate(na:988)
at org.sonar.php.PHPAnalyzer.terminate(PHPAnalyzer.java:121)
at org.sonar.plugins.php.AnalysisScanner.onEnd(AnalysisScanner.java:310)
at org.sonar.plugins.php.Scanner.execute(Scanner.java:79)
at org.sonar.plugins.php.Scanner.execute(Scanner.java:62)
at org.sonar.plugins.php.AnalysisScanner.execute(AnalysisScanner.java:104)
at org.sonar.plugins.php.PHPSensor.execute(PHPSensor.java:109)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:62)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:75)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:66)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:48)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:64)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:468)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:464)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:420)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:130)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:58)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:52)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
INFO: Sensor CSS Metrics [javascript]
INFO: Sensor CSS Metrics is restricted to changed files only
INFO: Sensor CSS Metrics [javascript] (done) | time=2ms
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend]
INFO: Sensor ThymeLeaf template sensor [securityjavafrontend] (done) | time=7ms
INFO: Sensor Python HTML templates processing [securitypythonfrontend]
INFO: HTML files are not indexed : you may want to add them in the scanned files of this project to detect Python XSS vulnerabilities
INFO: Sensor Python HTML templates processing [securitypythonfrontend] (done) | time=50ms
INFO: Sensor PHP sensor [php]
INFO: Starting PHP symbol indexer
INFO: 2613 source files to be analyzed
INFO: 2613/2613 source files have been analyzed
INFO: Cached information of global symbols will be used for 2613 out of 2613 files. Global symbols were recomputed for the remaining files.
INFO: Starting PHP rules
INFO: 2613 source files to be analyzed
WARN: An error occurred while trying to terminate checks:
java.lang.NullPointerException: null
at com.sonar.security.frontend.php.ucfg.H.A(na:1559)
at com.sonar.security.frontend.php.ucfg.H.serializePredefinedTypes(na:1357)
at com.sonar.security.frontend.php.ucfg.H.terminate(na:1250)
at com.sonar.security.frontend.php.rules.A.terminate(na:2072)
We have recently added support for incremental pull request analysis. This means that we try to analyze only changed and new files in a pull request, and use caching to retrieve relevant information from unchanged files. I can see from your logs that there was a cache entry for all PHP files. So the analyst does not have to re-analyze any of the 2613 PHP files. The analysis is therefore much faster, and you should have no drop in the quality of your result.
However, your logs also show a problem with the serialization of predefined types that are used for security analysis. These types are also cached. If we don’t get a cache hit for this information, it will simply be regenerated. Again, this has no negative impact on your analyzer result.
We should investigate why a NullPointerException is thrown in this case. This should not be the case, even if it has no negative impact. I will start an investigation. However, if you find a negative impact, please feel free to contact me.
Hi, did you manage to get anywhere with this? I’m now getting the same issue that you are experiencing. It crashes on the same line:
INFO: Starting PHP rules
INFO: 105 source files to be analyzed
WARN: An error occurred while trying to terminate checks:
java.lang.NullPointerException: null
Sonar scanner is “passing” and sending the result to SonarCloud. The difference is that before code coverage used to be sent, but it doesn’t seem to be any longer.
Also experiencing the same issue on a PHP app, also preventing code coverage reporting:
INFO: Sensor PHP sensor [php]
INFO: Starting PHP symbol indexer
INFO: 73 source files to be analyzed
INFO: 73/73 source files have been analyzed
INFO: Cached information of global symbols will be used for 73 out of 73 files. Global symbols were recomputed for the remaining files.
INFO: Starting PHP rules
INFO: 73 source files to be analyzed
WARN: An error occurred while trying to terminate checks:
java.lang.NullPointerException: null
at com.sonar.security.frontend.php.ucfg.H.A(na:1559)
at com.sonar.security.frontend.php.ucfg.H.serializePredefinedTypes(na:1357)
at com.sonar.security.frontend.php.ucfg.H.terminate(na:1250)
at com.sonar.security.frontend.php.rules.A.terminate(na:2072)
at com.sonar.security.frontend.php.rules.SQLInjectionCheck.terminate(na:988)
at org.sonar.php.PHPAnalyzer.terminate(PHPAnalyzer.java:121)
at org.sonar.plugins.php.AnalysisScanner.onEnd(AnalysisScanner.java:295)
at org.sonar.plugins.php.Scanner.execute(Scanner.java:79)
at org.sonar.plugins.php.Scanner.execute(Scanner.java:62)
at org.sonar.plugins.php.AnalysisScanner.execute(AnalysisScanner.java:103)
at org.sonar.plugins.php.PHPSensor.execute(PHPSensor.java:109)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:62)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:75)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:66)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:48)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:64)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:468)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:464)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:420)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:130)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:57)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:51)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
at org.sonarsource.scanner.cli.Main.main(Main.java:62)
INFO: 73/73 source files have been analyzed
INFO: The PHP analyzer was able to leverage cached data from previous analyses for 51 out of 73 files. These files were not parsed.
The fix is released and deployed on SonarCloud. Feel free to test if the issue still appears especially if the code coverage is still missing. Happy to receive any feedback.
Thanks for your help on this! It initially looked like it was working, but the old behavior has now returned on a run from last night:
INFO: Sensor PHP sensor [php]
INFO: Starting PHP symbol indexer
INFO: 73 source files to be analyzed
INFO: 73/73 source files have been analyzed
INFO: Cached information of global symbols will be used for 73 out of 73 files. Global symbols were recomputed for the remaining files.
INFO: Starting PHP rules
INFO: 73 source files to be analyzed
WARN: An error occurred while trying to terminate checks:
java.lang.NullPointerException: null
at com.sonar.security.frontend.php.ucfg.H.terminate(na:2172)
at com.sonar.security.frontend.php.rules.A.terminate(na:2072)
at com.sonar.security.frontend.php.rules.SQLInjectionCheck.terminate(na:988)
at org.sonar.php.PHPAnalyzer.terminate(PHPAnalyzer.java:130)
at org.sonar.plugins.php.AnalysisScanner.onEnd(AnalysisScanner.java:318)
at org.sonar.plugins.php.Scanner.execute(Scanner.java:79)
at org.sonar.plugins.php.Scanner.execute(Scanner.java:62)
at org.sonar.plugins.php.AnalysisScanner.execute(AnalysisScanner.java:104)
at org.sonar.plugins.php.PHPSensor.execute(PHPSensor.java:95)
at org.sonar.scanner.sensor.AbstractSensorWrapper.analyse(AbstractSensorWrapper.java:62)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:75)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.lambda$execute$1(ModuleSensorsExecutor.java:48)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.withModuleStrategy(ModuleSensorsExecutor.java:66)
at org.sonar.scanner.sensor.ModuleSensorsExecutor.execute(ModuleSensorsExecutor.java:48)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:64)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:470)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:466)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:422)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:130)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:123)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:109)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:57)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:51)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:126)
at org.sonarsource.scanner.cli.Main.execute(Main.java:81)
at org.sonarsource.scanner.cli.Main.main(Main.java:62)
INFO: 73/73 source files have been analyzed
INFO: The PHP analyzer was able to leverage cached data from previous analyses for 51 out of 73 files. These files were not parsed.
INFO: Sensor PHP sensor [php] (done) | time=1352ms
INFO: Sensor Analyzer for "php.ini" files [php]
INFO: Sensor Analyzer for "php.ini" files [php] (done) | time=2ms
INFO: Sensor PHPUnit report sensor [php]
INFO: Importing /github/workspace/junit.xml
INFO: Importing /github/workspace/coverage.xml
INFO: Sensor PHPUnit report sensor [php] (done) | time=145ms
Even though it mentions the import of the coverage XML, it doesn’t actually seem to do anything with it. Any thoughts?
The investigation was successful (fingers crossed). We were able to identify the new issue and implemented a fix. It will be available on SonarCloud quite soon.
Regarding your coverage issue, it took me some time to reproduce this behavior. So I’ve created this GitHub project and set up a SonarCloud analysis with a coverage report. SonarCloud only shows you the coverage of new or changed files when analyzing a PR. Based on your logs, you’re not modifying any PHP files in the pull request. If no file is changed or added, there will be a simple - character for the coverage of the PR. However, your main branch will show you the coverage of your code as defined in your project’s new code definition. I agree that it looks like the coverage report for the PR is not being processed. I will take this to our UI/UX team.
Thanks for your help, Nils! I’ll look at your sample project once the NullPointerException issue is resolved (I was still seeing it this morning). Appreciate all your time and assistance.