S2631 crashes analyzer

Since this morning the analysis on VSTS (Azure Devops) is failing. We’re using the VS2017 Hosted build machines, provided by Microsoft. Comparing the version numbers (as posted in the log below) with the last successful check reveals no changes.

Disabling rule S2631 allows the analysis to complete successfully.

2018-12-19T19:45:55.8429209Z ##[section]Starting: Run Code Analysis
2018-12-19T19:45:55.8432751Z ==============================================================================
2018-12-19T19:45:55.8432827Z Task         : Run Code Analysis
2018-12-19T19:45:55.8432879Z Description  : Run scanner and upload the results to the SonarCloud server.
2018-12-19T19:45:55.8432943Z Version      : 1.5.1
2018-12-19T19:45:55.8432989Z Author       : sonarsource
2018-12-19T19:45:55.8433062Z Help         : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](http://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html)
2018-12-19T19:45:55.8433134Z ==============================================================================
2018-12-19T19:45:56.4131537Z [command]D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe end
2018-12-19T19:45:56.4727592Z SonarScanner for MSBuild 4.5
2018-12-19T19:45:56.4728332Z Using the .NET Framework version of the Scanner for MSBuild
2018-12-19T19:45:56.5194924Z Default properties file was found at D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2018-12-19T19:45:56.5195514Z Loading analysis properties from D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2018-12-19T19:45:56.5198320Z Post-processing started.
2018-12-19T19:45:56.7723078Z 19:45:56.767  Fetching code coverage report information from TFS...
2018-12-19T19:45:56.7723282Z 19:45:56.769  Attempting to locate a test results (.trx) file...
2018-12-19T19:45:57.9241691Z 19:45:57.923  Looking for TRX files in: D:\a\1\TestResults
2018-12-19T19:45:57.9244021Z 19:45:57.923  No test results files found
2018-12-19T19:45:58.9215329Z WARNING: File 'D:\a\1\s\Source\...' does not exist.
2018-12-19T19:45:58.9502913Z WARNING: File 'D:\a\1\s\Source\...' does not exist.
2018-12-19T19:45:58.9871927Z SONAR_SCANNER_OPTS is not configured. Setting it to the default value of -Xmx1024m
2018-12-19T19:45:58.9872421Z Calling the SonarQube Scanner...
2018-12-19T19:46:13.0606476Z INFO: Scanner configuration file: D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\sonar-scanner-3.2.0.1227\bin\..\conf\sonar-scanner.properties
2018-12-19T19:46:13.1607437Z INFO: Project root configuration file: D:\a\1\.sonarqube\out\sonar-project.properties
2018-12-19T19:46:13.9057074Z INFO: SonarQube Scanner 3.2.0.1227
2018-12-19T19:46:13.9057906Z INFO: Java 1.8.0_181 Oracle Corporation (64-bit)
2018-12-19T19:46:13.9060734Z INFO: Windows Server 2016 10.0 amd64
2018-12-19T19:46:13.9060878Z INFO: SONAR_SCANNER_OPTS=-Xmx1024m
2018-12-19T19:46:19.2821217Z INFO: User cache: C:\Users\VssAdministrator\.sonar\cache
2018-12-19T19:46:25.6417510Z INFO: SonarQube server 7.5.0

(snip)

2018-12-19T19:48:09.1633587Z INFO: rule: S3649, entrypoints: 0
2018-12-19T19:48:09.3957171Z INFO: rule: S3649 done
2018-12-19T19:48:09.5487578Z INFO: rule: S2076, entrypoints: 0
2018-12-19T19:48:09.5489604Z INFO: rule: S2076 done
2018-12-19T19:48:09.5574889Z INFO: rule: S2091, entrypoints: 0
2018-12-19T19:48:09.5575215Z INFO: rule: S2091 done
2018-12-19T19:48:10.1089929Z INFO: rule: S2078, entrypoints: 0
2018-12-19T19:48:10.1093492Z INFO: rule: S2078 done
2018-12-19T19:48:10.1094171Z INFO: rule: S2631, entrypoints: 14
2018-12-19T19:48:13.7952724Z INFO: ------------------------------------------------------------------------
2018-12-19T19:48:13.7953369Z INFO: EXECUTION FAILURE
2018-12-19T19:48:13.7953576Z INFO: ------------------------------------------------------------------------
2018-12-19T19:48:13.7953859Z INFO: Total time: 2:02.576s
2018-12-19T19:48:14.0818154Z INFO: Final Memory: 35M/545M
2018-12-19T19:48:14.0818965Z INFO: ------------------------------------------------------------------------
2018-12-19T19:48:14.0821117Z ##[error]ERROR: Error during SonarQube Scanner execution
ERROR: null
ERROR:
2018-12-19T19:48:14.0821751Z ERROR: Error during SonarQube Scanner execution
2018-12-19T19:48:14.0822167Z ERROR: null
2018-12-19T19:48:14.0822535Z ERROR: 
2018-12-19T19:48:14.2307046Z ##[error]The SonarQube Scanner did not complete successfully
19:48:14.229  Post-processing failed. Exit code: 1
2018-12-19T19:48:14.2309863Z The SonarQube Scanner did not complete successfully
2018-12-19T19:48:14.2310210Z 19:48:14.229  Post-processing failed. Exit code: 1

The last successful analysis ended with the following log:

2018-12-19T06:44:00.3360371Z INFO: Analyzing 8075 ucfgs to detect vulnerabilities.
2018-12-19T06:44:00.4053035Z INFO: rule: S3649, entrypoints: 0
2018-12-19T06:44:01.0048436Z INFO: rule: S3649 done
2018-12-19T06:44:01.0506913Z INFO: rule: S2076, entrypoints: 0
2018-12-19T06:44:01.0507485Z INFO: rule: S2076 done
2018-12-19T06:44:01.0507797Z INFO: rule: S2091, entrypoints: 0
2018-12-19T06:44:01.0665539Z INFO: rule: S2091 done
2018-12-19T06:44:01.1357574Z INFO: rule: S2078, entrypoints: 0
2018-12-19T06:44:01.1722170Z INFO: rule: S2078 done
2018-12-19T06:44:01.2612505Z INFO: rule: S2631, entrypoints: 11
2018-12-19T06:44:11.7347514Z INFO: rule: S2631 done
2018-12-19T06:44:12.0103539Z INFO: rule: S2083, entrypoints: 1
2018-12-19T06:44:12.5108434Z INFO: rule: S2083 done
2018-12-19T06:44:12.5560624Z INFO: Sensor CSharpSecuritySensor [security] (done) | time=14640ms
2018-12-19T06:44:12.5971732Z INFO: 174 files had no CPD blocks
2018-12-19T06:44:12.5972108Z INFO: Calculating CPD for 2038 files
2018-12-19T06:44:13.9482516Z INFO: CPD calculation finished
2018-12-19T06:44:16.9673097Z INFO: Analysis report generated in 2627ms, dir size=14 MB
2018-12-19T06:44:21.3667342Z INFO: Analysis reports compressed in 4399ms, zip size=7 MB
2018-12-19T06:44:22.0332823Z INFO: Analysis report uploaded in 667ms
2018-12-19T06:44:22.0719069Z INFO: ANALYSIS SUCCESSFUL, you can browse https://sonarcloud.io/dashboard?id=XXX
2018-12-19T06:44:22.0720551Z INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2018-12-19T06:44:22.0720942Z INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=XXX
2018-12-19T06:44:25.0050848Z INFO: Task total time: 1:36.966 s
2018-12-19T06:44:25.6842487Z INFO: ------------------------------------------------------------------------
2018-12-19T06:44:25.6843166Z INFO: EXECUTION SUCCESS
2018-12-19T06:44:25.6843367Z INFO: ------------------------------------------------------------------------
2018-12-19T06:44:25.6843595Z INFO: Total time: 2:13.164s
2018-12-19T06:44:25.8389954Z INFO: Final Memory: 32M/424M
2018-12-19T06:44:25.8390148Z INFO: ------------------------------------------------------------------------
2018-12-19T06:44:25.9729850Z The SonarQube Scanner has finished
2018-12-19T06:44:25.9805177Z 06:44:25.977  Creating a summary markdown file...
2018-12-19T06:44:25.9805520Z 06:44:25.978  Analysis results: https://sonarcloud.io/dashboard/index/XXX
2018-12-19T06:44:25.9805753Z 06:44:25.978  Post-processing succeeded.
2018-12-19T06:44:26.0024980Z ##[section]Finishing: Run Code Analysis
1 Like

Hi,

Could you specify your versions, please? Or is this (as hinted by your logs) on SonarCloud?

 
Ann

This is on SonarCloud.

Hi @bouke,

Thank you for the feedback! We will have a look at this rule to see what is going on and fix it.

Would you mind re-running an analysis with sonar.verbose=true in the begin step and provide us with the full end step logs? And ideally, if you could zip and share the content of the .sonarqube/out/ucfg_cs2 folder (located at the root of your project on the build agent) that would really help us to narrow down the issue.

Cheers,
Amaury

Same issue with SonarCloud:

22:18:55.1941 22:18:55.193 INFO: EXECUTION FAILURE
22:18:55.1941 22:18:55.193 INFO: ------------------------------------------------------------------------
22:18:55.1945 22:18:55.194 INFO: Total time: 1:05.672s
22:18:55.2932 22:18:55.292 INFO: Final Memory: 34M/592M
22:18:55.2932 22:18:55.292 INFO: ------------------------------------------------------------------------
22:18:55.2934 22:18:55.292 ERROR: Error during SonarQube Scanner execution
22:18:55.2939 java.lang.NullPointerException
22:18:55.2939 at org.A.D.get(Unknown Source)
22:18:55.2943 at java.util.Map.getOrDefault(Map.java:588)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.F(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.D(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.B(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.C(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.A(Unknown Source)
22:18:55.2943 at java.lang.Iterable.forEach(Iterable.java:75)
22:18:55.2943 at com.sonar.security.analysis.taint.A.B.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.B(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.H.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.A.B.A(Unknown Source)
22:18:55.2943 at com.sonar.security.E.A(Unknown Source)
22:18:55.2943 at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
22:18:55.2946 at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
22:18:55.2946 at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
22:18:55.2947 at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
22:18:55.2947 at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
22:18:55.2947 at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
22:18:55.2947 at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
22:18:55.2947 at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
22:18:55.2947 at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
22:18:55.2947 at com.sonar.security.E.execute(Unknown Source)
22:18:55.2947 at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:45)
22:18:55.2947 at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:88)
22:18:55.2951 at org.sonar.scanner.phases.SensorsExecutor.lambda$execute$1(SensorsExecutor.java:65)
22:18:55.2952 at org.sonar.scanner.phases.SensorsExecutor.withGlobalStrategy(SensorsExecutor.java:80)
22:18:55.2952 at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:65)
22:18:55.2952 at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:74)
22:18:55.2952 at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:164)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
22:18:55.2952 at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:319)
22:18:55.2952 at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:314)
22:18:55.2952 at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:288)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
22:18:55.2952 at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
22:18:55.2952 at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:82)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
22:18:55.2952 at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:131)
22:18:55.2952 at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
22:18:55.2953 at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
22:18:55.2956 at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
22:18:55.2956 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
22:18:55.2956 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
22:18:55.2956 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
22:18:55.2956 at java.lang.reflect.Method.invoke(Method.java:498)
22:18:55.2956 at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
22:18:55.2956 at com.sun.proxy.$Proxy0.execute(Unknown Source)
22:18:55.2956 at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:171)
22:18:55.2956 at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:128)
22:18:55.2956 at org.sonarsource.scanner.cli.Main.execute(Main.java:111)
22:18:55.2956 at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
22:18:55.2956 at org.sonarsource.scanner.cli.Main.main(Main.java:61)
22:18:55.3764 Process returned exit code 1
22:18:55.3766 The SonarQube Scanner did not complete successfully
22:18:55.3826 22:18:55.382 Creating a summary markdown file…
22:18:55.3835 22:18:55.383 Post-processing failed. Exit code: 1

@sapleu,

Any chance you could share with us the files located in .sonarqube/out/ucfg_cs2 of your build agent? This would really help us to narrow down the problem.

Thank you

@bouke @sapleu I am sorry to ping you but we are a bit stuck in trying to understand the problem so that we can fix it. We would really appreciate if you could share with us the files located in the folder .sonarqube/out/ucfg_cs2 of your build agent.

You can reach me privately by email if you want to.

I’m working on getting these files; we’re running on a shared build box, so getting the files is somewhat more involved. I can’t seem to find your e-mail address for sharing these files with you. What’s included in these files? How will those files be used? Do they (parts of) our codebase?

Awesome! Thank you @bouke

You can drop me an email at amaury [dot] leve [at] sonarsource [dot] com

These files contains some kind of intermediate representation of your code that we use to run the security analysis so yes it gives some idea of your codebase. So I wouldn’t recommend to publish them publicly here if you don’t have an open source project.

The project is not open source and I don’t feel comfortable sharing files containing my employer’s IP. Is there any other way I can help?

Hi @bouke,

We have deployed a new version on SonarCloud, which should fix the issue you are experiencing. Would you mind re-enabling the rule and give it a new go?

Cheers,
Amaury

Seems to be working fine again, thanks! Care to share any information on what the issue was?

2019-01-29T09:15:33.4821475Z INFO: rule: S2631, entrypoints: 26
2019-01-29T09:15:37.5764020Z INFO: Visited 831 ucfgs in 4017 ms, 29118 steps
2019-01-29T09:15:37.5764397Z INFO: rule: S2631 done
2 Likes

Hi @bouke,

Sure! As I was explaining we create our own kind of IL that we use to detect vulnerabilities and there was a translation problem when reaching implicit array creation as the right side of a foreach.

foreach (var a in new[] { "a", "b" })
{
...
}
1 Like

Hi,
I have this issue and didnt help deactivating rule S2631 from my quality profile. What should I do?

Here is the build log and the error i see.
2019-01-30T21:19:08.7129975Z ##[section]Starting: Run Code Analysis
2019-01-30T21:19:08.7132781Z ==============================================================================
2019-01-30T21:19:08.7132852Z Task : Run Code Analysis
2019-01-30T21:19:08.7132900Z Description : Run scanner and upload the results to the SonarCloud server.
2019-01-30T21:19:08.7132963Z Version : 1.5.1
2019-01-30T21:19:08.7133004Z Author : sonarsource
2019-01-30T21:19:08.7133076Z Help : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

More Information
2019-01-30T21:19:08.7133163Z ==============================================================================
2019-01-30T21:19:08.9982429Z [command]D:\a_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe end
2019-01-30T21:19:09.0596885Z SonarScanner for MSBuild 4.5
2019-01-30T21:19:09.0597150Z Using the .NET Framework version of the Scanner for MSBuild
2019-01-30T21:19:09.1147388Z Default properties file was found at D:\a_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2019-01-30T21:19:09.1147590Z Loading analysis properties from D:\a_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2019-01-30T21:19:09.1150868Z Post-processing started.
2019-01-30T21:19:10.3359202Z 21:19:10.323 Fetching code coverage report information from TFS…
2019-01-30T21:19:10.3379008Z 21:19:10.323 Attempting to locate a test results (.trx) file…
2019-01-30T21:19:10.3461709Z 21:19:10.338 Looking for TRX files in: D:\a\3\TestResults
2019-01-30T21:19:10.3466044Z 21:19:10.338 No test results files found
2019-01-30T21:19:10.3863314Z WARNING: The following projects do not have a valid ProjectGuid and were not built using a valid solution (.sln) thus will be skipped from analysis…
2019-01-30T21:19:10.3863593Z D:\a\3\s\Today.Core\Today.Core.csproj, D:\a\3\s\TodayLogging\Today.Logging.csproj, D:\a\3\s\TodayServerWeb\Today.ServerWeb.csproj, D:\a\3\s\Today.Core\Today.Core.csproj, D:\a\3\s\TodayLogging\Today.Logging.csproj, D:\a\3\s\TodayServerWeb\Today.ServerWeb.csproj
2019-01-30T21:19:10.4277189Z WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “D:\a\3\s\Today.Core\Today.Core.csproj”
2019-01-30T21:19:10.4277490Z WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “D:\a\3\s\TodayLogging\Today.Logging.csproj”
2019-01-30T21:19:10.4278297Z WARNING: Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000”. The project will not be analyzed by SonarQube. Project file: “D:\a\3\s\TodayServerWeb\Today.ServerWeb.csproj”
2019-01-30T21:19:10.4340460Z ##[error]No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.
2019-01-30T21:19:10.4349361Z No analysable projects were found. SonarQube analysis will not be performed. Check the build summary report for details.
2019-01-30T21:19:10.4360103Z Generation of the sonar-properties file failed. Unable to complete SonarQube analysis.
2019-01-30T21:19:10.4409487Z 21:19:10.432 Creating a summary markdown file…
2019-01-30T21:19:10.4420425Z ##[error]21:19:10.432 Post-processing failed. Exit code: 1
2019-01-30T21:19:10.4421307Z 21:19:10.432 Post-processing failed. Exit code: 1
2019-01-30T21:19:10.4527563Z ##[error]D:\a_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe failed with return code: 1
2019-01-30T21:19:10.4581914Z ##[section]Finishing: Run Code Analysis

Regards,
Doviana

@Doviana_Tollaku, this thread is about a bug that crashed the analyzer. Your issue is quite different.

Please search the forum for issues similar to yours (e.g. Duplicate ProjectGuid: “00000000-0000-0000-0000-000000000000” on dotnet core scan ).

If you don’t find an answer, please create a new thread in the Get Help category.

Thanks,
Duncan

1 Like