Since this morning the analysis on VSTS (Azure Devops) is failing. We’re using the VS2017 Hosted build machines, provided by Microsoft. Comparing the version numbers (as posted in the log below) with the last successful check reveals no changes.
Disabling rule S2631 allows the analysis to complete successfully.
2018-12-19T19:45:55.8429209Z ##[section]Starting: Run Code Analysis
2018-12-19T19:45:55.8432751Z ==============================================================================
2018-12-19T19:45:55.8432827Z Task : Run Code Analysis
2018-12-19T19:45:55.8432879Z Description : Run scanner and upload the results to the SonarCloud server.
2018-12-19T19:45:55.8432943Z Version : 1.5.1
2018-12-19T19:45:55.8432989Z Author : sonarsource
2018-12-19T19:45:55.8433062Z Help : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.
[More Information](http://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html)
2018-12-19T19:45:55.8433134Z ==============================================================================
2018-12-19T19:45:56.4131537Z [command]D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe end
2018-12-19T19:45:56.4727592Z SonarScanner for MSBuild 4.5
2018-12-19T19:45:56.4728332Z Using the .NET Framework version of the Scanner for MSBuild
2018-12-19T19:45:56.5194924Z Default properties file was found at D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2018-12-19T19:45:56.5195514Z Loading analysis properties from D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2018-12-19T19:45:56.5198320Z Post-processing started.
2018-12-19T19:45:56.7723078Z 19:45:56.767 Fetching code coverage report information from TFS...
2018-12-19T19:45:56.7723282Z 19:45:56.769 Attempting to locate a test results (.trx) file...
2018-12-19T19:45:57.9241691Z 19:45:57.923 Looking for TRX files in: D:\a\1\TestResults
2018-12-19T19:45:57.9244021Z 19:45:57.923 No test results files found
2018-12-19T19:45:58.9215329Z WARNING: File 'D:\a\1\s\Source\...' does not exist.
2018-12-19T19:45:58.9502913Z WARNING: File 'D:\a\1\s\Source\...' does not exist.
2018-12-19T19:45:58.9871927Z SONAR_SCANNER_OPTS is not configured. Setting it to the default value of -Xmx1024m
2018-12-19T19:45:58.9872421Z Calling the SonarQube Scanner...
2018-12-19T19:46:13.0606476Z INFO: Scanner configuration file: D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\sonar-scanner-3.2.0.1227\bin\..\conf\sonar-scanner.properties
2018-12-19T19:46:13.1607437Z INFO: Project root configuration file: D:\a\1\.sonarqube\out\sonar-project.properties
2018-12-19T19:46:13.9057074Z INFO: SonarQube Scanner 3.2.0.1227
2018-12-19T19:46:13.9057906Z INFO: Java 1.8.0_181 Oracle Corporation (64-bit)
2018-12-19T19:46:13.9060734Z INFO: Windows Server 2016 10.0 amd64
2018-12-19T19:46:13.9060878Z INFO: SONAR_SCANNER_OPTS=-Xmx1024m
2018-12-19T19:46:19.2821217Z INFO: User cache: C:\Users\VssAdministrator\.sonar\cache
2018-12-19T19:46:25.6417510Z INFO: SonarQube server 7.5.0
Thank you for the feedback! We will have a look at this rule to see what is going on and fix it.
Would you mind re-running an analysis with sonar.verbose=true in the begin step and provide us with the full end step logs? And ideally, if you could zip and share the content of the .sonarqube/out/ucfg_cs2 folder (located at the root of your project on the build agent) that would really help us to narrow down the issue.
22:18:55.1941 22:18:55.193 INFO: EXECUTION FAILURE
22:18:55.1941 22:18:55.193 INFO: ------------------------------------------------------------------------
22:18:55.1945 22:18:55.194 INFO: Total time: 1:05.672s
22:18:55.2932 22:18:55.292 INFO: Final Memory: 34M/592M
22:18:55.2932 22:18:55.292 INFO: ------------------------------------------------------------------------
22:18:55.2934 22:18:55.292 ERROR: Error during SonarQube Scanner execution
22:18:55.2939 java.lang.NullPointerException
22:18:55.2939 at org.A.D.get(Unknown Source)
22:18:55.2943 at java.util.Map.getOrDefault(Map.java:588)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.F(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.D(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.B(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.C(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.A(Unknown Source)
22:18:55.2943 at java.lang.Iterable.forEach(Iterable.java:75)
22:18:55.2943 at com.sonar.security.analysis.taint.A.B.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.B(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.H.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.A.B.A(Unknown Source)
22:18:55.2943 at com.sonar.security.E.A(Unknown Source)
22:18:55.2943 at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
22:18:55.2946 at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
22:18:55.2946 at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
22:18:55.2947 at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
22:18:55.2947 at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
22:18:55.2947 at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
22:18:55.2947 at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
22:18:55.2947 at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
22:18:55.2947 at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
22:18:55.2947 at com.sonar.security.E.execute(Unknown Source)
22:18:55.2947 at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:45)
22:18:55.2947 at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:88)
22:18:55.2951 at org.sonar.scanner.phases.SensorsExecutor.lambda$execute$1(SensorsExecutor.java:65)
22:18:55.2952 at org.sonar.scanner.phases.SensorsExecutor.withGlobalStrategy(SensorsExecutor.java:80)
22:18:55.2952 at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:65)
22:18:55.2952 at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:74)
22:18:55.2952 at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:164)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
22:18:55.2952 at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:319)
22:18:55.2952 at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:314)
22:18:55.2952 at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:288)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
22:18:55.2952 at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
22:18:55.2952 at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:82)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
22:18:55.2952 at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:131)
22:18:55.2952 at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
22:18:55.2953 at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
22:18:55.2956 at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
22:18:55.2956 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
22:18:55.2956 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
22:18:55.2956 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
22:18:55.2956 at java.lang.reflect.Method.invoke(Method.java:498)
22:18:55.2956 at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
22:18:55.2956 at com.sun.proxy.$Proxy0.execute(Unknown Source)
22:18:55.2956 at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:171)
22:18:55.2956 at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:128)
22:18:55.2956 at org.sonarsource.scanner.cli.Main.execute(Main.java:111)
22:18:55.2956 at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
22:18:55.2956 at org.sonarsource.scanner.cli.Main.main(Main.java:61)
22:18:55.3764 Process returned exit code 1
22:18:55.3766 The SonarQube Scanner did not complete successfully
22:18:55.3826 22:18:55.382 Creating a summary markdown file…
22:18:55.3835 22:18:55.383 Post-processing failed. Exit code: 1
Any chance you could share with us the files located in .sonarqube/out/ucfg_cs2 of your build agent? This would really help us to narrow down the problem.
@bouke@sapleu I am sorry to ping you but we are a bit stuck in trying to understand the problem so that we can fix it. We would really appreciate if you could share with us the files located in the folder .sonarqube/out/ucfg_cs2 of your build agent.
You can reach me privately by email if you want to.
I’m working on getting these files; we’re running on a shared build box, so getting the files is somewhat more involved. I can’t seem to find your e-mail address for sharing these files with you. What’s included in these files? How will those files be used? Do they (parts of) our codebase?
You can drop me an email at amaury [dot] leve [at] sonarsource [dot] com
These files contains some kind of intermediate representation of your code that we use to run the security analysis so yes it gives some idea of your codebase. So I wouldn’t recommend to publish them publicly here if you don’t have an open source project.
We have deployed a new version on SonarCloud, which should fix the issue you are experiencing. Would you mind re-enabling the rule and give it a new go?
Sure! As I was explaining we create our own kind of IL that we use to detect vulnerabilities and there was a translation problem when reaching implicit array creation as the right side of a foreach.
Hi,
I have this issue and didnt help deactivating rule S2631 from my quality profile. What should I do?
Here is the build log and the error i see.
2019-01-30T21:19:08.7129975Z ##[section]Starting: Run Code Analysis
2019-01-30T21:19:08.7132781Z ==============================================================================
2019-01-30T21:19:08.7132852Z Task : Run Code Analysis
2019-01-30T21:19:08.7132900Z Description : Run scanner and upload the results to the SonarCloud server.
2019-01-30T21:19:08.7132963Z Version : 1.5.1
2019-01-30T21:19:08.7133004Z Author : sonarsource
2019-01-30T21:19:08.7133076Z Help : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.
More Information
2019-01-30T21:19:08.7133163Z ==============================================================================
2019-01-30T21:19:08.9982429Z [command]D:\a_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe end
2019-01-30T21:19:09.0596885Z SonarScanner for MSBuild 4.5
2019-01-30T21:19:09.0597150Z Using the .NET Framework version of the Scanner for MSBuild
2019-01-30T21:19:09.1147388Z Default properties file was found at D:\a_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2019-01-30T21:19:09.1147590Z Loading analysis properties from D:\a_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2019-01-30T21:19:09.1150868Z Post-processing started.
2019-01-30T21:19:10.3359202Z 21:19:10.323 Fetching code coverage report information from TFS…
2019-01-30T21:19:10.3379008Z 21:19:10.323 Attempting to locate a test results (.trx) file…
2019-01-30T21:19:10.3461709Z 21:19:10.338 Looking for TRX files in: D:\a\3\TestResults
2019-01-30T21:19:10.3466044Z 21:19:10.338 No test results files found
2019-01-30T21:19:10.3863314Z WARNING: The following projects do not have a valid ProjectGuid and were not built using a valid solution (.sln) thus will be skipped from analysis…
2019-01-30T21:19:10.3863593Z D:\a\3\s\Today.Core\Today.Core.csproj, D:\a\3\s\TodayLogging\Today.Logging.csproj, D:\a\3\s\TodayServerWeb\Today.ServerWeb.csproj, D:\a\3\s\Today.Core\Today.Core.csproj, D:\a\3\s\TodayLogging\Today.Logging.csproj, D:\a\3\s\TodayServerWeb\Today.ServerWeb.csproj
2019-01-30T21:19:10.4277189Z WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “D:\a\3\s\Today.Core\Today.Core.csproj”
2019-01-30T21:19:10.4277490Z WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “D:\a\3\s\TodayLogging\Today.Logging.csproj”
2019-01-30T21:19:10.4278297Z WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “D:\a\3\s\TodayServerWeb\Today.ServerWeb.csproj”
2019-01-30T21:19:10.4340460Z ##[error]No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.
2019-01-30T21:19:10.4349361Z No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.
2019-01-30T21:19:10.4360103Z Generation of the sonar-properties file failed. Unable to complete SonarQube analysis.
2019-01-30T21:19:10.4409487Z 21:19:10.432 Creating a summary markdown file…
2019-01-30T21:19:10.4420425Z ##[error]21:19:10.432 Post-processing failed. Exit code: 1
2019-01-30T21:19:10.4421307Z 21:19:10.432 Post-processing failed. Exit code: 1
2019-01-30T21:19:10.4527563Z ##[error]D:\a_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe failed with return code: 1
2019-01-30T21:19:10.4581914Z ##[section]Finishing: Run Code Analysis