Scanning the code is failing

SonarQube Cloud
, , ,
1

Hi everybody. Since yesterday our Sonar integration is failing. We use the Sonar Scanner, called from Circle CI. It is crashing for no reason . We tried to update the scanner, without success. Below is the top of the stacktrace.

We also tried an autoscan from Sonar, it also fails: " The last analysis has failed. If it keeps on failing after several attempts, please contact us on Community forum and provide the following failing analysis ID: “AXGhTxelvEpjR1CYu8JN”."

INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 3:25.641s
INFO: Final Memory: 45M/187M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
java.lang.IndexOutOfBoundsException: Index 0 out of bounds for length 0
at java.base/jdk.internal.util.Preconditions.outOfBounds(Unknown Source)
at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Unknown Source)
at java.base/jdk.internal.util.Preconditions.checkIndex(Unknown Source)
at java.base/java.util.Objects.checkIndex(Unknown Source)
at java.base/java.util.ArrayList.get(Unknown Source)
at com.sonar.security.analysis.taint.A.E.B(na:1802)
at com.sonar.security.analysis.taint.A.E.A(na:2474)
at B.A.A.B.B$_B.B(na:1492)
at B.A.A.D.B(na:2092)
at B.A.A.D.A(na:1433)

7

Hello Eric,

Welcome to the comunity forum!

I found your analysis and it appears your are not the only one to have this issue.

We are looking at it.

Thanks.

8

This is impacting all of our scans, any ETA on a fix. Everything was working fine on the 20th, scans started failing yesterday.

1 Like
9

Any update on this? Our scans are continuing to be affected by this.

10

Olivier,

Do you have an update on this? Or can you let me know how might get this issue escalated? Scans that were passing on April 20th, started failing on April 21st with the same exception that is listed in this issue.

Do you know if it is a particular rule that is causing this issue? If so, we could disable the rule temporarily until y’all resolve the underlying issue.

Looking forward to an update,

Chris Romack
The Container Store
clromack@containerstore.com

11

Hi,

This issue is due to the latest deployment of security analysis. It is actually a complex and (somewhat) old bug that was made visible by the delivery of a new feature in the core of the analysis.
In short, the way the analyzer considers equality of location of instruction in file has a subtle bug and we can end up mixing those locations and making fail some assumptions down the analysis.
The good news is that we have a reproducer, a fix is about to be merge and release of the analyzer is bound to happen.
We expect this fix to deployed shortly afterwards (within next week if everything goes well).
Sorry for the inconvenience.

13

Hello all,

the fix is already deployed on SonarCloud. Please report if you are still experiencing any issue. Sorry for the inconvenience this might have caused.

2 Likes
14

Hi @saberduck Could you please guide how to find the fix on sonarcloud?

thank you

15

@Li_Dai
Fixes are automatically deployed on SonarCloud.

If you are facing a similar issue, please open another thread with additional information.