SonarJava 5.9.1 LDAPDeserializationCheck crashes with ArrayIndexOutOfBoundsException

Versions: SonarJava 5.9.1, SonarQube 6.7.3

throws an error during Maven analysis

Caused by: org.sonar.java.AnalysisException: SonarQube is unable to analyze file : '/home/ahubold/git/sonar-test/src/main/java/com/example/NamedSearchControls.java'
    at org.sonar.java.ast.JavaAstScanner.simpleScan (JavaAstScanner.java:105)
    at org.sonar.java.ast.JavaAstScanner.scan (JavaAstScanner.java:68)
    at org.sonar.java.JavaSquid.scanSources (JavaSquid.java:116)
    at org.sonar.java.JavaSquid.scan (JavaSquid.java:110)
    at org.sonar.plugins.java.JavaSquidSensor.execute (JavaSquidSensor.java:93)
    at org.sonar.scanner.sensor.SensorWrapper.analyse (SensorWrapper.java:53)
    at org.sonar.scanner.phases.SensorsExecutor.executeSensor (SensorsExecutor.java:88)
    at org.sonar.scanner.phases.SensorsExecutor.execute (SensorsExecutor.java:82)
    at org.sonar.scanner.phases.SensorsExecutor.execute (SensorsExecutor.java:68)
    at org.sonar.scanner.phases.AbstractPhaseExecutor.execute (AbstractPhaseExecutor.java:88)
    at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart (ModuleScanContainer.java:180)
    at org.sonar.core.platform.ComponentContainer.startComponents (ComponentContainer.java:135)
    at org.sonar.core.platform.ComponentContainer.execute (ComponentContainer.java:121)
    at org.sonar.scanner.scan.ProjectScanContainer.scan (ProjectScanContainer.java:288)
    at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively (ProjectScanContainer.java:283)
    at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart (ProjectScanContainer.java:261)
    at org.sonar.core.platform.ComponentContainer.startComponents (ComponentContainer.java:135)
    at org.sonar.core.platform.ComponentContainer.execute (ComponentContainer.java:121)
    at org.sonar.scanner.task.ScanTask.execute (ScanTask.java:48)
    at org.sonar.scanner.task.TaskContainer.doAfterStart (TaskContainer.java:84)
    at org.sonar.core.platform.ComponentContainer.startComponents (ComponentContainer.java:135)
    at org.sonar.core.platform.ComponentContainer.execute (ComponentContainer.java:121)
    at org.sonar.scanner.bootstrap.GlobalContainer.executeTask (GlobalContainer.java:121)
    at org.sonar.batch.bootstrapper.Batch.doExecuteTask (Batch.java:116)
    at org.sonar.batch.bootstrapper.Batch.execute (Batch.java:71)
    at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute (BatchIsolatedLauncher.java:46)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke (IsolatedLauncherProxy.java:60)
    at com.sun.proxy.$Proxy23.execute (Unknown Source)
    at org.sonarsource.scanner.api.EmbeddedScanner.doExecute (EmbeddedScanner.java:171)
    at org.sonarsource.scanner.api.EmbeddedScanner.execute (EmbeddedScanner.java:128)
    at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:65)
    at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:104)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:208)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:154)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:146)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:290)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:194)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:289)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:415)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.ArrayIndexOutOfBoundsException: 0
    at com.google.common.collect.RegularImmutableList.get (RegularImmutableList.java:60)
    at org.sonar.java.ast.parser.ListTreeImpl.get (ListTreeImpl.java:186)
    at org.sonar.java.ast.parser.ListTreeImpl.get (ListTreeImpl.java:38)
    at org.sonar.java.checks.security.LDAPDeserializationCheck.onMethodInvocationFound (LDAPDeserializationCheck.java:55)
    at org.sonar.java.checks.methods.AbstractMethodDetection.checkInvocation (AbstractMethodDetection.java:54)
    at org.sonar.java.checks.methods.AbstractMethodDetection.visitNode (AbstractMethodDetection.java:45)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.lambda$visit$7 (VisitorsBridge.java:293)
    at java.util.ArrayList.forEach (ArrayList.java:1249)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit (VisitorsBridge.java:296)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visitChildren (VisitorsBridge.java:278)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit (VisitorsBridge.java:300)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visitChildren (VisitorsBridge.java:278)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit (VisitorsBridge.java:300)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visitChildren (VisitorsBridge.java:278)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit (VisitorsBridge.java:300)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visitChildren (VisitorsBridge.java:278)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit (VisitorsBridge.java:300)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visitChildren (VisitorsBridge.java:278)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.visit (VisitorsBridge.java:300)
    at org.sonar.java.model.VisitorsBridge$ScannerRunner.run (VisitorsBridge.java:269)
    at org.sonar.java.model.VisitorsBridge.visitFile (VisitorsBridge.java:140)
    at org.sonar.java.ast.JavaAstScanner.simpleScan (JavaAstScanner.java:96)
    at org.sonar.java.ast.JavaAstScanner.scan (JavaAstScanner.java:68)

when analyzing the following class

package com.example;

import javax.naming.directory.SearchControls;

public class NamedSearchControls extends SearchControls {
  public NamedSearchControls() {
    super();
  }
}

Hello Andreas,

Thanks a lot for the feedback and extremely precise reproducer. I created the following ticket to fix it: SONARJAVA-2977

Note that we are actually working on releasing a bugfix version for SonarJava (5.9.2). I’m going to include this one. Release should happen in the upcoming hours. As it’s interrupting analysis.

Cheers,
Michael

1 Like