Sonarlint 3.12.0 or 3.11.0 in VS Code - Scan fails because of insufficient privileges

  • Operating system: Windows
  • SonarLint plugin version: 3.12.0
  • Programming language you’re coding in: PL/SQL
  • Is connected mode used: SonarQube (and which version): * Version 8.9.8 (build 54436)

Problem / question:
After upgrading extension from 3.11.0 to 3.12.0, scans fail with the below error:
[EDIT]
Downgrading to 3.11.0, the issue is the same.
Think it is linked to the move of extension folder from C drive to a network location.
[EDIT]

[Info - 08:32:36.938] Started request handler on port 64120
The ‘file:///v:/Personal/SEG/pkg_tc_pnl.sql’ file is not in a git repo, consider as not ignored
[Error - 08:32:43.280] Analysis failed
java.lang.IllegalStateException: Insufficient privileges
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.handleError(ServerApiHelper.java:125)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processPage(ServerApiHelper.java:186)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.lambda$getPaginated$3(ServerApiHelper.java:175)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.lambda$consumeTimed$6(ServerApiHelper.java:251)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processTimed(ServerApiHelper.java:226)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.consumeTimed(ServerApiHelper.java:250)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.getPaginated(ServerApiHelper.java:173)
at org.sonarsource.sonarlint.core.serverapi.component.ComponentApi.getAllFileKeys(ComponentApi.java:45)
at org.sonarsource.sonarlint.core.serverconnection.ProjectFileListDownloader.get(ProjectFileListDownloader.java:29)
at org.sonarsource.sonarlint.core.serverconnection.ProjectStorageUpdateExecutor.updateComponents(ProjectStorageUpdateExecutor.java:62)
at org.sonarsource.sonarlint.core.serverconnection.ProjectStorageUpdateExecutor.lambda$update$0(ProjectStorageUpdateExecutor.java:54)
at org.sonarsource.sonarlint.core.serverconnection.FileUtils.replaceDir(FileUtils.java:113)
at org.sonarsource.sonarlint.core.serverconnection.ProjectStorageUpdateExecutor.update(ProjectStorageUpdateExecutor.java:53)
at org.sonarsource.sonarlint.core.serverconnection.ServerConnection.updateProject(ServerConnection.java:218)
at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.updateProject(ConnectedSonarLintEngineImpl.java:468)
at org.sonarsource.sonarlint.ls.connected.ProjectBindingManager.computeProjectBinding(ProjectBindingManager.java:202)
at org.sonarsource.sonarlint.ls.connected.ProjectBindingManager.lambda$getBinding$0(ProjectBindingManager.java:170)
at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1705)
at org.sonarsource.sonarlint.ls.connected.ProjectBindingManager.getBinding(ProjectBindingManager.java:163)
at org.sonarsource.sonarlint.ls.connected.ProjectBindingManager.getBinding(ProjectBindingManager.java:137)
at org.sonarsource.sonarlint.ls.AnalysisTaskExecutor.analyze(AnalysisTaskExecutor.java:155)
at org.sonarsource.sonarlint.ls.AnalysisTaskExecutor.lambda$analyze$4(AnalysisTaskExecutor.java:139)
at java.base/java.util.HashMap.forEach(HashMap.java:1336)
at org.sonarsource.sonarlint.ls.AnalysisTaskExecutor.analyze(AnalysisTaskExecutor.java:139)
at org.sonarsource.sonarlint.ls.AnalysisTaskExecutor.run(AnalysisTaskExecutor.java:116)
at org.sonarsource.sonarlint.ls.AnalysisScheduler.lambda$analyzeAsync$1(AnalysisScheduler.java:186)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)

The ‘file:///v:/Personal/SEG/install_stats.sql’ file is not in a git repo, consider as not ignored
[Error - 08:32:43.299] Analysis failed
java.lang.IllegalStateException: Insufficient privileges
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.handleError(ServerApiHelper.java:125)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processPage(ServerApiHelper.java:186)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.lambda$getPaginated$3(ServerApiHelper.java:175)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.lambda$consumeTimed$6(ServerApiHelper.java:251)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processTimed(ServerApiHelper.java:226)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.consumeTimed(ServerApiHelper.java:250)
at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.getPaginated(ServerApiHelper.java:173)
at org.sonarsource.sonarlint.core.serverapi.component.ComponentApi.getAllFileKeys(ComponentApi.java:45)
at org.sonarsource.sonarlint.core.serverconnection.ProjectFileListDownloader.get(ProjectFileListDownloader.java:29)
at org.sonarsource.sonarlint.core.serverconnection.ProjectStorageUpdateExecutor.updateComponents(ProjectStorageUpdateExecutor.java:62)
at org.sonarsource.sonarlint.core.serverconnection.ProjectStorageUpdateExecutor.lambda$update$0(ProjectStorageUpdateExecutor.java:54)
at org.sonarsource.sonarlint.core.serverconnection.FileUtils.replaceDir(FileUtils.java:113)
at org.sonarsource.sonarlint.core.serverconnection.ProjectStorageUpdateExecutor.update(ProjectStorageUpdateExecutor.java:53)
at org.sonarsource.sonarlint.core.serverconnection.ServerConnection.updateProject(ServerConnection.java:218)
at org.sonarsource.sonarlint.core.ConnectedSonarLintEngineImpl.updateProject(ConnectedSonarLintEngineImpl.java:468)
at org.sonarsource.sonarlint.ls.connected.ProjectBindingManager.computeProjectBinding(ProjectBindingManager.java:202)
at org.sonarsource.sonarlint.ls.connected.ProjectBindingManager.lambda$getBinding$0(ProjectBindingManager.java:170)
at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1705)
at org.sonarsource.sonarlint.ls.connected.ProjectBindingManager.getBinding(ProjectBindingManager.java:163)
at org.sonarsource.sonarlint.ls.connected.ProjectBindingManager.getBinding(ProjectBindingManager.java:137)
at org.sonarsource.sonarlint.ls.AnalysisTaskExecutor.analyze(AnalysisTaskExecutor.java:155)
at org.sonarsource.sonarlint.ls.AnalysisTaskExecutor.lambda$analyze$4(AnalysisTaskExecutor.java:139)
at java.base/java.util.HashMap.forEach(HashMap.java:1336)
at org.sonarsource.sonarlint.ls.AnalysisTaskExecutor.analyze(AnalysisTaskExecutor.java:139)
at org.sonarsource.sonarlint.ls.AnalysisTaskExecutor.run(AnalysisTaskExecutor.java:116)
at org.sonarsource.sonarlint.ls.AnalysisScheduler.lambda$analyzeAsync$1(AnalysisScheduler.java:186)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)

Which privileges are required ?
Please could you advice ?
thanks
Sebastien

1 Like

Issue occurs with PL/SQL or Python source files

1 Like

Trying to find the root cause, I checked in extension code and identified that the error is a HTTP_FORBIDDEN (see below)
in

Is there a way to identify which http request failed? Or is it possible to enable more trace to have more detail when fails ?

Thanks

I’m progressing.
I found this option (i read 2 times all setup before to see it … :woozy_face:)
image

And now I have more information:

I’m sharing here if someone else face the same issue

This is because with a recent version of extension, it was proposed to migrate credentials in secure storage.
I did it with extension in previous location.
image

As I moved the extension into another folder it seems that the credentials previously used were not available or valid for extensions into the new location.

As I did not find a way to update secure storage of extension, So I re-put the token in extension settings in settings.json file:

"sonarlint.connectedMode.connections.sonarqube" : [
{ "serverUrl" : "http://sonar.xxx.com:9000/" ,
"token" : "d9ca6b2b712xxxxxxxxxxxxxxxxxxxxxx17ddcaa15" }
] ,
"sonarlint.disableTelemetry" : true ,
"sonarlint.ls.javaHome" : "C:\\Program Files\\OpenJDK\\jdk-11.0.2"

After restarting VS Code, it asked me to migrate credentials in secure storage.

So, if Sonarlint team can explain how to update secure storage to change the token used by the extension it will be helpful. It can also help if we want to change the token for any reasons.
Thanks in advance.

Hello, thanks for the detailed investigation!

As far as I can tell, it should be possible to update the token for a connection using the “SonarLint Connected Mode” view:

image

The “pen” icon should trigger the “Edit SonarQube Connection” action, which will open a view that allows you to update the parameters for a given connection, including the token:

Hi Jean-Baptiste,
Thanks for the explanation. :+1: