SonarCloud scan started failing with no code changes or rules set changes made for Angular project

Template for a good new topic, formatted with Markdown:

  • ALM used Azure DevOps

  • CI system used Azure DevOps

  • Scanner command used when applicable (private details masked)

  • Languages of the repository Typescript/Html

  • Steps to reproduce
    Run main branch or PR build. This issue also affects older code base builds which passed have pasted just two weeks ago.

  • Potential workaround None as of yet

Removed the inline logs due to character limit and upload text files containing both run logs.

SonarCloudErrorLogs.txt (211.9 KB)

*few edits to clean up post

Hey @Arni !

Thank you for your report. We deployed a new version of the analyzer that is failing for you (according to your logs) on SonarCloud at the end of February. This new version specifically addresses some performance and memory issues that we observed in the context of JS/TS. Can you confirm that you are still seeing the same problem as of today?

Hey @Malte!
Thanks for your reply. Yes I can confirm we are still seeing this same problem as of today.

Thank you for confirming, @Arni !

First thing I would like to explore whether there is an infinite recursion somewhere or just a deep one that is exceeding the standard stack size.

To test this, could you try to run the analysis with a huge stack size? For this you would need to set the environment variable SONAR_SCANNER_OPTS="-Xss10m" when running the scanner command.

I have attemted both with SONAR_SCANNER_OPTS=“-Xss10m” and SONAR_SCANNER_OPTS=“-Xmx2048m”. Confirmed by logs these variables were set correctly.

The pipelines ran for ~ minutes before being automatically cancelled by Azure due to hitting the upper time limit of a pipeline.

Both options logs ended with:


INFO: Reading UCFGs from: /home/vsts/work/1/s/.scannerwork/ucfg2/js
INFO: 10:56:11.596314 Building Runtime Type propagation graph
INFO: 10:56:11.648208 Running Tarjan on 6593 nodes
INFO: 10:56:11.662695 Tarjan found 6593 components
INFO: 10:56:11.684438 Variable type analysis: done
INFO: 10:56:11.687874 Building Runtime Type propagation graph
INFO: 10:56:11.769924 Running Tarjan on 6593 nodes
INFO: 10:56:11.782668 Tarjan found 6593 components
INFO: 10:56:11.795936 Variable type analysis: done
INFO: Analyzing 1198 ucfgs to detect vulnerabilities.
INFO: Taint analysis starting. Entrypoints: 127
INFO: Running symbolic analysis for ‘JS’
##[error]The operation was canceled.


Hello @Arni,

Thanks for coming back to us with more details.

Now that we confirmed that something is not behaving as expected, it would be super useful if you could provide the content of the /home/vsts/work/1/s/.scannerwork/ucfg2/js folder. It will enable us to understand exactly what is happening and be sure we find an appropriate solution.

Please do not post them here, I will reach out to you privately.

1 Like

Hi Quentin, it seems that Arno has sent you the requested JavaScript folder contents via email. Have you had the opportunity to review and analyze them?

Hello @Omp

We had the opportunity to review them, and we managed to reproduce the error.
We had a look from different points of view, unfortunately, it was not enough to understand exactly what is happening.

We still keep this task in our backlog, we will keep you posted as soon as we have a better understanding of what is happening.

Best,
Quentin