Sonar-findbugs-plugin-4.0.4 causing sonarqube to crash

himanshu.pathak · September 17, 2021, 7:04am

I was using sonarqube-8.9.1.44547 LTS since a while and everything was working great. This morning i upgraded the sonar-findbugs-plugin from 4.0.3 to 4.0.4 and post that sonar failed to start. I upgraded to sonarqube-8.9.2.46101. The server started fine and the setup (DB upgrade) was also successful. However, as soon as i installed sonar-findbugs-plugin-4.0.4.jar, this instance also crashed.

In my view a plugin failure shouldn’t result in a complete failure of SonarQube.

2021.09.17 06:47:41 INFO  web[][o.r.Reflections] Reflections took 14 ms to scan 1 urls, producing 193 keys and 193 values
2021.09.17 06:47:49 INFO  web[][o.s.s.q.BuiltInQProfileRepositoryImpl] Load quality profiles
2021.09.17 06:47:50 INFO  web[][o.s.s.q.RegisterQualityProfiles] Register quality profiles
2021.09.17 06:47:50 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile css/Sonar way
2021.09.17 06:47:50 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile scala/Sonar way
2021.09.17 06:47:50 INFO  web[][o.s.s.q.RegisterQualityProfiles] Update profile jsp/FindBugs Security JSP
2021.09.17 06:47:50 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
org.sonar.server.exceptions.BadRequestException: java rule findsecbugs:XSS_JSP_PRINT cannot be activated on jsp profile FindBugs Security JSP
        at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:57)
        at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:61)
        at org.sonar.server.exceptions.BadRequestException.checkRequest(BadRequestException.java:44)
        at org.sonar.server.qualityprofile.RuleActivationContext.doSwitch(RuleActivationContext.java:227)
        at org.sonar.server.qualityprofile.RuleActivationContext.reset(RuleActivationContext.java:208)
        at org.sonar.server.qualityprofile.RuleActivator.activate(RuleActivator.java:76)
        at org.sonar.server.qualityprofile.BuiltInQProfileUpdateImpl.update(BuiltInQProfileUpdateImpl.java:73)
        at org.sonar.server.qualityprofile.RegisterQualityProfiles.update(RegisterQualityProfiles.java:132)
        at org.sonar.server.qualityprofile.RegisterQualityProfiles.lambda$start$1(RegisterQualityProfiles.java:93)
        at com.google.common.collect.ImmutableList.forEach(ImmutableList.java:405)
        at org.sonar.server.qualityprofile.RegisterQualityProfiles.start(RegisterQualityProfiles.java:88)
        at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
        at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
        at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
        at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
        at org.picocontainer.behaviors.Stored.start(Stored.java:110)
        at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
        at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
        at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
        at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
        at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
        at org.sonar.server.platform.platformlevel.PlatformLevelStartup.access$001(PlatformLevelStartup.java:49)
        at org.sonar.server.platform.platformlevel.PlatformLevelStartup$1.doPrivileged(PlatformLevelStartup.java:87)
        at org.sonar.server.user.DoPrivileged.execute(DoPrivileged.java:45)
        at org.sonar.server.platform.platformlevel.PlatformLevelStartup.start(PlatformLevelStartup.java:84)
        at org.sonar.server.platform.PlatformImpl.executeStartupTasks(PlatformImpl.java:198)
        at org.sonar.server.platform.PlatformImpl.access$400(PlatformImpl.java:46)
        at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$1(PlatformImpl.java:122)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370)
        at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:122)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:354)
        at java.base/java.lang.Thread.run(Thread.java:834)
2021.09.17 06:47:50 INFO  web[][o.s.p.ProcessEntryPoint] Hard stopping process
2021.09.17 06:47:51 WARN  web[][o.s.p.ProcessEntryPoint$HardStopperThread] Can not stop in 1000ms
2021.09.17 06:54:33 WARN  web[][o.a.c.u.SessionIdGeneratorBase] Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [417,091] milliseconds.
2021.09.17 06:54:33 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.platform.web.WebServiceFilter@147092d4 [pattern=UrlPattern{inclusions=[/api/system/migrate_db.*, ...], exclusions=[/api/components/update_key, ...]}]
2021.09.17 06:54:33 INFO  web[][o.s.s.a.EmbeddedTomcat] HTTP connector enabled on port 9000
2021.09.17 06:54:33 INFO  web[][o.s.s.n.NotificationDaemon] Notification service stopped

reitzmichnicht · September 17, 2021, 1:17pm

You need to revert to 4.0.3

github.com/spotbugs/sonar-findbugs

Exception with SonarQube 8.9.2

opened 07:23AM - 10 Sep 21 UTC

gerrieg

I'm updating our SonarQube installation from 7.9.5 (sonar-findbugs-plugin-3.11.1….jar) -> 8.9.2 (sonar-findbugs-plugin-4.0.4.jar) When i add the sonar-findbugs-plugin-4.0.4.jar, i get an exception on startup and SonarQube stops. When i remove the plugin, SonarQube works as expected. ``` 2021.09.10 08:31:38 INFO web[][o.s.s.q.RegisterQualityProfiles] Update profile jsp/FindBugs Security JSP 2021.09.10 08:31:38 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube org.sonar.server.exceptions.BadRequestException: java rule findsecbugs:XSS_JSP_PRINT cannot be activated on jsp profile FindBugs Security JSP at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:57) at org.sonar.server.exceptions.BadRequestException.create(BadRequestException.java:61) at org.sonar.server.exceptions.BadRequestException.checkRequest(BadRequestException.java:44) at org.sonar.server.qualityprofile.RuleActivationContext.doSwitch(RuleActivationContext.java:227) at org.sonar.server.qualityprofile.RuleActivationContext.reset(RuleActivationContext.java:208) at org.sonar.server.qualityprofile.RuleActivator.activate(RuleActivator.java:76) at org.sonar.server.qualityprofile.BuiltInQProfileUpdateImpl.update(BuiltInQProfileUpdateImpl.java:73) at org.sonar.server.qualityprofile.RegisterQualityProfiles.update(RegisterQualityProfiles.java:132) at org.sonar.server.qualityprofile.RegisterQualityProfiles.lambda$start$1(RegisterQualityProfiles.java:93) at com.google.common.collect.ImmutableList.forEach(ImmutableList.java:405) at org.sonar.server.qualityprofile.RegisterQualityProfiles.start(RegisterQualityProfiles.java:88) at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40) at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84) at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169) at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132) at org.picocontainer.behaviors.Stored.start(Stored.java:110) at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016) at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009) at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767) at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136) at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90) at org.sonar.server.platform.platformlevel.PlatformLevelStartup.access$001(PlatformLevelStartup.java:49) at org.sonar.server.platform.platformlevel.PlatformLevelStartup$1.doPrivileged(PlatformLevelStartup.java:87) at org.sonar.server.user.DoPrivileged.execute(DoPrivileged.java:45) at org.sonar.server.platform.platformlevel.PlatformLevelStartup.start(PlatformLevelStartup.java:84) at org.sonar.server.platform.PlatformImpl.executeStartupTasks(PlatformImpl.java:198) at org.sonar.server.platform.PlatformImpl.access$400(PlatformImpl.java:46) at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$1(PlatformImpl.java:122) at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370) at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:122) at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:354) at java.base/java.lang.Thread.run(Thread.java:834) ```

The only reason for 4.0.4 was to make it compatible with Sonarqube 9.x

himanshu.pathak · September 22, 2021, 12:42pm

Thanks @reitzmichnicht . Already done it. My bigger concern is around SonarQube not handling the issue gracefully. From now onwards, i am going to backup my extensions before upgrades for sure.