S2631 crashes analyzer

sonarcloud
sonarsecurity

(Bouke) #1

Since this morning the analysis on VSTS (Azure Devops) is failing. We’re using the VS2017 Hosted build machines, provided by Microsoft. Comparing the version numbers (as posted in the log below) with the last successful check reveals no changes.

Disabling rule S2631 allows the analysis to complete successfully.

2018-12-19T19:45:55.8429209Z ##[section]Starting: Run Code Analysis
2018-12-19T19:45:55.8432751Z ==============================================================================
2018-12-19T19:45:55.8432827Z Task         : Run Code Analysis
2018-12-19T19:45:55.8432879Z Description  : Run scanner and upload the results to the SonarCloud server.
2018-12-19T19:45:55.8432943Z Version      : 1.5.1
2018-12-19T19:45:55.8432989Z Author       : sonarsource
2018-12-19T19:45:55.8433062Z Help         : This task is not needed for Maven and Gradle projects since the scanner should be run as part of the build.

[More Information](http://redirect.sonarsource.com/doc/install-configure-scanner-tfs-ts.html)
2018-12-19T19:45:55.8433134Z ==============================================================================
2018-12-19T19:45:56.4131537Z [command]D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarScanner.MSBuild.exe end
2018-12-19T19:45:56.4727592Z SonarScanner for MSBuild 4.5
2018-12-19T19:45:56.4728332Z Using the .NET Framework version of the Scanner for MSBuild
2018-12-19T19:45:56.5194924Z Default properties file was found at D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2018-12-19T19:45:56.5195514Z Loading analysis properties from D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\SonarQube.Analysis.xml
2018-12-19T19:45:56.5198320Z Post-processing started.
2018-12-19T19:45:56.7723078Z 19:45:56.767  Fetching code coverage report information from TFS...
2018-12-19T19:45:56.7723282Z 19:45:56.769  Attempting to locate a test results (.trx) file...
2018-12-19T19:45:57.9241691Z 19:45:57.923  Looking for TRX files in: D:\a\1\TestResults
2018-12-19T19:45:57.9244021Z 19:45:57.923  No test results files found
2018-12-19T19:45:58.9215329Z WARNING: File 'D:\a\1\s\Source\...' does not exist.
2018-12-19T19:45:58.9502913Z WARNING: File 'D:\a\1\s\Source\...' does not exist.
2018-12-19T19:45:58.9871927Z SONAR_SCANNER_OPTS is not configured. Setting it to the default value of -Xmx1024m
2018-12-19T19:45:58.9872421Z Calling the SonarQube Scanner...
2018-12-19T19:46:13.0606476Z INFO: Scanner configuration file: D:\a\_tasks\SonarCloudPrepare_14d9cde6-c1da-4d55-aa01-2965cd301255\1.5.1\classic-sonar-scanner-msbuild\sonar-scanner-3.2.0.1227\bin\..\conf\sonar-scanner.properties
2018-12-19T19:46:13.1607437Z INFO: Project root configuration file: D:\a\1\.sonarqube\out\sonar-project.properties
2018-12-19T19:46:13.9057074Z INFO: SonarQube Scanner 3.2.0.1227
2018-12-19T19:46:13.9057906Z INFO: Java 1.8.0_181 Oracle Corporation (64-bit)
2018-12-19T19:46:13.9060734Z INFO: Windows Server 2016 10.0 amd64
2018-12-19T19:46:13.9060878Z INFO: SONAR_SCANNER_OPTS=-Xmx1024m
2018-12-19T19:46:19.2821217Z INFO: User cache: C:\Users\VssAdministrator\.sonar\cache
2018-12-19T19:46:25.6417510Z INFO: SonarQube server 7.5.0

(snip)

2018-12-19T19:48:09.1633587Z INFO: rule: S3649, entrypoints: 0
2018-12-19T19:48:09.3957171Z INFO: rule: S3649 done
2018-12-19T19:48:09.5487578Z INFO: rule: S2076, entrypoints: 0
2018-12-19T19:48:09.5489604Z INFO: rule: S2076 done
2018-12-19T19:48:09.5574889Z INFO: rule: S2091, entrypoints: 0
2018-12-19T19:48:09.5575215Z INFO: rule: S2091 done
2018-12-19T19:48:10.1089929Z INFO: rule: S2078, entrypoints: 0
2018-12-19T19:48:10.1093492Z INFO: rule: S2078 done
2018-12-19T19:48:10.1094171Z INFO: rule: S2631, entrypoints: 14
2018-12-19T19:48:13.7952724Z INFO: ------------------------------------------------------------------------
2018-12-19T19:48:13.7953369Z INFO: EXECUTION FAILURE
2018-12-19T19:48:13.7953576Z INFO: ------------------------------------------------------------------------
2018-12-19T19:48:13.7953859Z INFO: Total time: 2:02.576s
2018-12-19T19:48:14.0818154Z INFO: Final Memory: 35M/545M
2018-12-19T19:48:14.0818965Z INFO: ------------------------------------------------------------------------
2018-12-19T19:48:14.0821117Z ##[error]ERROR: Error during SonarQube Scanner execution
ERROR: null
ERROR:
2018-12-19T19:48:14.0821751Z ERROR: Error during SonarQube Scanner execution
2018-12-19T19:48:14.0822167Z ERROR: null
2018-12-19T19:48:14.0822535Z ERROR: 
2018-12-19T19:48:14.2307046Z ##[error]The SonarQube Scanner did not complete successfully
19:48:14.229  Post-processing failed. Exit code: 1
2018-12-19T19:48:14.2309863Z The SonarQube Scanner did not complete successfully
2018-12-19T19:48:14.2310210Z 19:48:14.229  Post-processing failed. Exit code: 1

The last successful analysis ended with the following log:

2018-12-19T06:44:00.3360371Z INFO: Analyzing 8075 ucfgs to detect vulnerabilities.
2018-12-19T06:44:00.4053035Z INFO: rule: S3649, entrypoints: 0
2018-12-19T06:44:01.0048436Z INFO: rule: S3649 done
2018-12-19T06:44:01.0506913Z INFO: rule: S2076, entrypoints: 0
2018-12-19T06:44:01.0507485Z INFO: rule: S2076 done
2018-12-19T06:44:01.0507797Z INFO: rule: S2091, entrypoints: 0
2018-12-19T06:44:01.0665539Z INFO: rule: S2091 done
2018-12-19T06:44:01.1357574Z INFO: rule: S2078, entrypoints: 0
2018-12-19T06:44:01.1722170Z INFO: rule: S2078 done
2018-12-19T06:44:01.2612505Z INFO: rule: S2631, entrypoints: 11
2018-12-19T06:44:11.7347514Z INFO: rule: S2631 done
2018-12-19T06:44:12.0103539Z INFO: rule: S2083, entrypoints: 1
2018-12-19T06:44:12.5108434Z INFO: rule: S2083 done
2018-12-19T06:44:12.5560624Z INFO: Sensor CSharpSecuritySensor [security] (done) | time=14640ms
2018-12-19T06:44:12.5971732Z INFO: 174 files had no CPD blocks
2018-12-19T06:44:12.5972108Z INFO: Calculating CPD for 2038 files
2018-12-19T06:44:13.9482516Z INFO: CPD calculation finished
2018-12-19T06:44:16.9673097Z INFO: Analysis report generated in 2627ms, dir size=14 MB
2018-12-19T06:44:21.3667342Z INFO: Analysis reports compressed in 4399ms, zip size=7 MB
2018-12-19T06:44:22.0332823Z INFO: Analysis report uploaded in 667ms
2018-12-19T06:44:22.0719069Z INFO: ANALYSIS SUCCESSFUL, you can browse https://sonarcloud.io/dashboard?id=XXX
2018-12-19T06:44:22.0720551Z INFO: Note that you will be able to access the updated dashboard once the server has processed the submitted analysis report
2018-12-19T06:44:22.0720942Z INFO: More about the report processing at https://sonarcloud.io/api/ce/task?id=XXX
2018-12-19T06:44:25.0050848Z INFO: Task total time: 1:36.966 s
2018-12-19T06:44:25.6842487Z INFO: ------------------------------------------------------------------------
2018-12-19T06:44:25.6843166Z INFO: EXECUTION SUCCESS
2018-12-19T06:44:25.6843367Z INFO: ------------------------------------------------------------------------
2018-12-19T06:44:25.6843595Z INFO: Total time: 2:13.164s
2018-12-19T06:44:25.8389954Z INFO: Final Memory: 32M/424M
2018-12-19T06:44:25.8390148Z INFO: ------------------------------------------------------------------------
2018-12-19T06:44:25.9729850Z The SonarQube Scanner has finished
2018-12-19T06:44:25.9805177Z 06:44:25.977  Creating a summary markdown file...
2018-12-19T06:44:25.9805520Z 06:44:25.978  Analysis results: https://sonarcloud.io/dashboard/index/XXX
2018-12-19T06:44:25.9805753Z 06:44:25.978  Post-processing succeeded.
2018-12-19T06:44:26.0024980Z ##[section]Finishing: Run Code Analysis

SonarQube Scanner execution error
Scanner for MSBUILD Failed to publish results when no errors are raised after analysis
(G Ann Campbell) #2

Hi,

Could you specify your versions, please? Or is this (as hinted by your logs) on SonarCloud?

 
Ann


(Bouke) #3

This is on SonarCloud.


(Amaury Levé) #5

Hi @bouke,

Thank you for the feedback! We will have a look at this rule to see what is going on and fix it.

Would you mind re-running an analysis with sonar.verbose=true in the begin step and provide us with the full end step logs? And ideally, if you could zip and share the content of the .sonarqube/out/ucfg_cs2 folder (located at the root of your project on the build agent) that would really help us to narrow down the issue.

Cheers,
Amaury


(Anatol Sapleu) #6

Same issue with SonarCloud:

22:18:55.1941 22:18:55.193 INFO: EXECUTION FAILURE
22:18:55.1941 22:18:55.193 INFO: ------------------------------------------------------------------------
22:18:55.1945 22:18:55.194 INFO: Total time: 1:05.672s
22:18:55.2932 22:18:55.292 INFO: Final Memory: 34M/592M
22:18:55.2932 22:18:55.292 INFO: ------------------------------------------------------------------------
22:18:55.2934 22:18:55.292 ERROR: Error during SonarQube Scanner execution
22:18:55.2939 java.lang.NullPointerException
22:18:55.2939 at org.A.D.get(Unknown Source)
22:18:55.2943 at java.util.Map.getOrDefault(Map.java:588)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.F(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.D(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.B(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.A.C(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.A(Unknown Source)
22:18:55.2943 at java.lang.Iterable.forEach(Iterable.java:75)
22:18:55.2943 at com.sonar.security.analysis.taint.A.B.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.B(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.taint.A.E.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.H.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.analysis.D.A(Unknown Source)
22:18:55.2943 at com.sonar.security.A.B.A(Unknown Source)
22:18:55.2943 at com.sonar.security.E.A(Unknown Source)
22:18:55.2943 at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
22:18:55.2946 at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
22:18:55.2946 at java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:948)
22:18:55.2947 at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
22:18:55.2947 at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
22:18:55.2947 at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
22:18:55.2947 at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
22:18:55.2947 at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
22:18:55.2947 at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
22:18:55.2947 at com.sonar.security.E.execute(Unknown Source)
22:18:55.2947 at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:45)
22:18:55.2947 at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:88)
22:18:55.2951 at org.sonar.scanner.phases.SensorsExecutor.lambda$execute$1(SensorsExecutor.java:65)
22:18:55.2952 at org.sonar.scanner.phases.SensorsExecutor.withGlobalStrategy(SensorsExecutor.java:80)
22:18:55.2952 at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:65)
22:18:55.2952 at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:74)
22:18:55.2952 at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:164)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
22:18:55.2952 at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:319)
22:18:55.2952 at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:314)
22:18:55.2952 at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:288)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
22:18:55.2952 at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
22:18:55.2952 at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:82)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
22:18:55.2952 at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:122)
22:18:55.2952 at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:131)
22:18:55.2952 at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
22:18:55.2953 at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
22:18:55.2956 at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
22:18:55.2956 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
22:18:55.2956 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
22:18:55.2956 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
22:18:55.2956 at java.lang.reflect.Method.invoke(Method.java:498)
22:18:55.2956 at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
22:18:55.2956 at com.sun.proxy.$Proxy0.execute(Unknown Source)
22:18:55.2956 at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:171)
22:18:55.2956 at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:128)
22:18:55.2956 at org.sonarsource.scanner.cli.Main.execute(Main.java:111)
22:18:55.2956 at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
22:18:55.2956 at org.sonarsource.scanner.cli.Main.main(Main.java:61)
22:18:55.3764 Process returned exit code 1
22:18:55.3766 The SonarQube Scanner did not complete successfully
22:18:55.3826 22:18:55.382 Creating a summary markdown file…
22:18:55.3835 22:18:55.383 Post-processing failed. Exit code: 1


(Amaury Levé) #7

@sapleu,

Any chance you could share with us the files located in .sonarqube/out/ucfg_cs2 of your build agent? This would really help us to narrow down the problem.

Thank you


(Amaury Levé) #8

@bouke @sapleu I am sorry to ping you but we are a bit stuck in trying to understand the problem so that we can fix it. We would really appreciate if you could share with us the files located in the folder .sonarqube/out/ucfg_cs2 of your build agent.

You can reach me privately by email if you want to.