Sonar scanner failed with Invalid Hash error

June 28, 2020, 4:41 PM System Activated “eval” and “arguments” should not be bound or assigned

Severity set to Major

June 28, 2020, 4:41 PM System Deactivated Boolean literals should not be redundant

In Sonar we see above

The following built-in profiles have been updated:

“Sonar way” - JavaScript: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fillin5566.corp.amdocs.com%3A19090%2F%2Fprofiles%2Fchangelog%3Flanguage%3Djs%26name%3DSonar%2Bway%26since%3D2020-06-28%26to%3D2020-06-28&data=02|01|Bismaya.Mohapatra%40amdocs.com|d7d7b49ad92940c28f0008d81b54467f|c8eca3ca127646d59d9da0f2a028920f|0|0|637289396067338450&sdata=djKg2NT9iz5VneFZLT2Dfcg99FCbJU%2FGueYbkEgjfm4%3D&reserved=0

1 new rule

14 rules removed

“Sonar way Recommended” - JavaScript: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fillin5566.corp.amdocs.com%3A19090%2F%2Fprofiles%2Fchangelog%3Flanguage%3Djs%26name%3DSonar%2Bway%2BRecommended%26since%3D2020-06-28%26to%3D2020-06-28&data=02|01|Bismaya.Mohapatra%40amdocs.com|d7d7b49ad92940c28f0008d81b54467f|c8eca3ca127646d59d9da0f2a028920f|0|0|637289396067338450&sdata=k0JS7KBabISSiPHCwrWYArnYrWLlINbDO0%2FhEh8SFgg%3D&reserved=0

1 new rule

1 rule removed

This is a good time to review your quality profiles and update them to benefit from the latest evolutions: https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fillin5566.corp.amdocs.com%3A19090%2F%2Fprofiles&data=02|01|Bismaya.Mohapatra%40amdocs.com|d7d7b49ad92940c28f0008d81b54467f|c8eca3ca127646d59d9da0f2a028920f|0|0|637289396067348447&sdata=xO3%2FvuqXsFtylIS5srVtXdvmAqwMdGqgVTvTAFeXSJI%3D&reserved=0

Hello @bismayam,

Welcome to the community.
You are maybe unaware but if you post links to your SonarQube internal platform, we can’t access them ! :crazy_face:
Maybe all the problem you want to describe is self-explicit from the screens but we can’t see them. Therefore:

  • Can you post screenshots in the thread
  • Can you explain where you get this Invalid hash error, is this on the SonarQube server (which I would guess from your links) or in the SonarQube scanner which your headline suggest ?

Olivier

Hi Olivier,

In sonar server we see few rules are getting changed for “Sonar way” - JavaScript plugin. As you see in above post, 1 rule activated and 14 rules deactivated. Due to this the hash of some file getting changed in sonarqube I guess. Also these changes are done by System user.

Due to this hash change in sonar side our Jenkins builds are getting failed with Invalid Hash error. If we rerun that build it passed.

We checked and found that during any plugin upgrade or restart of Sonar,

Regarding rules whatever we mentioned in that link, you can check with below url.

http://://profiles/changelog?language=js&name=Sonar+way&since=2020-06-28&to=2020-06-28

Hello Bismaya,

Please read my post: I can’t see the screens you are mentioning.
With your 2nd post, now i understand that this thread has something to do with changes in the JavaScript Sonar Way quality profile. And I confirm: Yes we sometimes change the scope of the built-in quality profiles when we notice that a rule should be added or removed. That is to be expected.

What I don’t understand is why you correlate this to an “Invalid hash” error from the scanner. Please send me what I am asking otherwise I will not be able to help:

  • The screenshots (not URLs) of SonarQube where you see something odd, or anything that may contribute to the troubleshooting of your problem
  • The full log of your scanner execution in debug mode (sonar-scanner -X)

Olivier

Hi Olivier,

Thanks for the prompt response. I will try to explain our issue and what we suspect.

  1. In our Jenkins build we see below failure twice last week.

“Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.7.0.1746:sonar (default-cli) on project attachmentmanagement-referencedata-reactor: INVALID HASH: File /home/jenkins/.sonar/cache/_tmp/fileCache1199996484676905533.tmp was expected to have hash cc8ad346e85db9d3735898b533d37d34 but was downloaded with hash c3ba66fc956a083c064baa66d71be17f”

  1. Around same time we got email from Sonar that few rules are added and few were removed. So we suspected that might be due to these quality profile changed, the builds are failing.

The following built-in profiles have been updated:

“Sonar way” - JavaScript:
1 new rule
14 rules removed

“Sonar way Recommended” - JavaScript:
1 new rule
1 rule removed

  1. In Sonar server also we see below during the same time. Rules were added/removed by system user.

June 28, 2020, 4:41 PM System Activated “eval” and “arguments” should not be bound or assigned
Severity set to Major
June 28, 2020, 4:41 PM System Deactivated Boolean literals should not be redundant

So my question is is this Invalid Hash and change of Quality profile related ?
Are we investigating in correct direction or not ?

And one more thing we did before 2-3 days of this issue, we had downloaded java script plugin (4.x version) for Sonar and placed under plugins directory. Later we reverted that plugin to 3.x version as we didn’t have downtime to restart our application.

Our issue is coming randomly. We faced twice last week and we are not able to find the root cause of that.

Hello @bismayam,

We should assume that everything is possible, but without any other evidence, I would think that there is little chance that the “Invalid Hash” error is linked to the quality profile stuff.

Your last comment is the much more likely source of the problem.

Whenever you change a plugin on the platform you have to restart SonarQube and clearly is is likely to explain the problems you have on the scanner side.
Please restart SonarQube and it is very likely that the issue will disappear.

Olivier

Thanks Olivier for the valuable help.
We already restarted Sonar and it is working from last 3 days. We will monitor this for any further failures due to this.
Also we noted that we have to immediately restart the Sonar after any plugin upgrade.