SonarQube crashing on bad xml report on startup ( community edition 7.5)

Goodday SonarSource community

My name is Ralph de Groot I work currently at vbairsuspension as a software engineer.
I created a custom quality profile and quality gate. Also in the analyse properties I added external rules/ report.
These I pointed to a generated custom_misra.xml. This xml is validated by multiple validation tools and I conclude as correct.
Whenever I try to load this, sonar qube stops working and crashes with the following log from web.log

2019.04.04 09:29:16 INFO web[][o.s.s.t.TelemetryDaemon] Sharing of SonarQube statistics is enabled.

2019.04.04 09:29:16 INFO web[][o.s.s.n.NotificationDaemon] Notification service started (delay 60 sec.)

2019.04.04 09:29:16 INFO web[][o.s.s.s.GeneratePluginIndex] Generate scanner plugin index

2019.04.04 09:29:16 INFO web[][o.s.s.s.RegisterPlugins] Register plugins

2019.04.04 09:29:17 INFO web[][o.s.s.s.RegisterMetrics] Register metrics

2019.04.04 09:29:17 INFO web[][o.s.s.r.RegisterRules] Register rules

2019.04.04 09:29:20 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube

java.lang.IllegalStateException: XML is not valid

at org.sonar.api.server.rule.RulesDefinitionXmlLoader.load(RulesDefinitionXmlLoader.java:235)

at org.sonar.cxx.sensors.utils.CxxAbstractRuleRepository.define(CxxAbstractRuleRepository.java:97)

at org.sonar.server.rule.RuleDefinitionsLoader.load(RuleDefinitionsLoader.java:56)

at org.sonar.server.rule.RegisterRules.start(RegisterRules.java:119)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110)

at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89)

at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)

at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)

at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)

at org.picocontainer.behaviors.Stored.start(Stored.java:110)

at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)

at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)

at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)

at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)

at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)

at org.sonar.server.platform.platformlevel.PlatformLevelStartup.access$001(PlatformLevelStartup.java:46)

at org.sonar.server.platform.platformlevel.PlatformLevelStartup$1.doPrivileged(PlatformLevelStartup.java:82)

at org.sonar.server.user.DoPrivileged.execute(DoPrivileged.java:46)

at org.sonar.server.platform.platformlevel.PlatformLevelStartup.start(PlatformLevelStartup.java:79)

at org.sonar.server.platform.Platform.executeStartupTasks(Platform.java:196)

at org.sonar.server.platform.Platform.access$400(Platform.java:46)

at org.sonar.server.platform.Platform$1.lambda$doRun$1(Platform.java:121)

at org.sonar.server.platform.Platform$AutoStarterRunnable.runIfNotAborted(Platform.java:371)

at org.sonar.server.platform.Platform$1.doRun(Platform.java:121)

at org.sonar.server.platform.Platform$AutoStarterRunnable.run(Platform.java:355)

at java.lang.Thread.run(Unknown Source)

Caused by: com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character 'l' (code 108) in prolog; expected '<'

 at [row,col {unknown-source}]: [1,1]

at com.ctc.wstx.sr.StreamScanner.throwUnexpectedChar(StreamScanner.java:647)

at com.ctc.wstx.sr.BasicStreamReader.nextFromProlog(BasicStreamReader.java:2054)

at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1131)

at org.codehaus.staxmate.in.SMHierarchicCursor.getNext(SMHierarchicCursor.java:71)

at org.codehaus.staxmate.in.SMInputCursor.advance(SMInputCursor.java:1631)

at org.sonar.api.server.rule.RulesDefinitionXmlLoader.load(RulesDefinitionXmlLoader.java:226)

... 29 common frames omitted

2019.04.04 09:29:21 INFO web[][o.s.p.StopWatcher] Stopping process  

I fixed it currently myself to connect manually to the database and went into the properties table and removed all .xml report path pointed to custom_misra.xml

But whenever this happen, the web ui is not accesibble anymore because after 3-5 seconds sonarqube shutdown by this exception. while sonarqube must be controlled and configured always using the web ui.

the next problem is after I did this I get this error:

	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:65)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:632)
	at org.picocontainer.parameters.BasicComponentParameter$1.resolveInstance(BasicComponentParameter.java:118)
	at org.picocontainer.parameters.ComponentParameter$1.resolveInstance(ComponentParameter.java:136)
	at org.picocontainer.injectors.SingleMemberInjector.getParameter(SingleMemberInjector.java:78)
	at org.picocontainer.injectors.SingleMemberInjector.getMemberArguments(SingleMemberInjector.java:61)
	at org.picocontainer.injectors.MethodInjector.getMemberArguments(MethodInjector.java:100)
	at org.picocontainer.injectors.MethodInjector$2.run(MethodInjector.java:112)
	at org.picocontainer.injectors.AbstractInjector$ThreadLocalCyclicDependencyGuard.observe(AbstractInjector.java:270)
	at org.picocontainer.injectors.MethodInjector.decorateComponentInstance(MethodInjector.java:120)
	at org.picocontainer.injectors.CompositeInjector.decorateComponentInstance(CompositeInjector.java:58)
	at org.picocontainer.injectors.Reinjector.reinject(Reinjector.java:142)
	at org.picocontainer.injectors.ProviderAdapter.getComponentInstance(ProviderAdapter.java:96)
	at org.picocontainer.DefaultPicoContainer.getInstance(DefaultPicoContainer.java:699)
	at org.picocontainer.DefaultPicoContainer.getComponent(DefaultPicoContainer.java:647)
	at org.sonar.core.platform.ComponentContainer$ExtendedDefaultPicoContainer.getComponent(ComponentContainer.java:63)
	... 69 more
Caused by: No branches currently exist in this project. Please scan the main branch without passing any branch parameters. 

This I currenlty didnt solve yet

Used software :
C (Community)

Enable analysis and reporting on c projects. 1.2.2 (build 1653)
7.5 community edtion

ps: I can give the .sql file in good and bad condition and I can include the 2 xml files. called
cppcheck.xml
and custom_misra.xml

edit: the database prop_key that I removed the xml from where:
sonar.cxx.cpphcheck.reportPath
sonar.c.cppcheck.reportPath
sonar.cxx.other.reportPath
sonar.c.clangtidy.customRules

Another question:
Does sonarqube anaylze or does external tools I use analyze, like when I run cppcheck it generates cppcheck.xml that I provide to sonarqube. is this the anaylse moment or does sonarqube a own cppcheck on the source.

Hi,

I find your report rather confusing, but there are a couple things I can tell you:

• There’s no XML file that is valid to feed SonarQube at startup as far as I know
• It is possible to export a profile to XML format, but to re-import/restore it you have to perform a file upload via the UI after server startup
• In no case should you configure analysis inputs in your server configuration
• Last but not least, cxx appears in your error messages. That analyzer is not supported in this community. You need to go to its community for problems with it.

 
Ann

Hi Ann,

Thanks for your answer, but why it is possible that sonar qube crashes when settings are wrong in the database table properties?

I suspect, that sonarqube tries to load somehow the xml file and then like in the log it fails todo and then ignore or stop loading it, but in this case sonar qube crashes totally.

It is possible to export a profile to XML format, but to re-import/restore it you have to perform a file upload via the UI after server startup

this steps is impossible because the web ui is not accessible anymore after 2-5 sec.

and even if its not supported, I think and I hope more devs, that it shouldnt crash on this.

@ganncamp Would it be possible that we have a telephone conversation about this problem?
You could call me on this number: 0315 241 075 its a dutch number.
Then ask for Ralph de Groot.

Goodmorning Ann,

I want to inform u that sonarsource is hard crashing… your product is crashing…

org.sonar.api.server.rule.RulesDefinitionXmlLoader.load(RulesDefinitionXmlLoader.java:235)
com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character 'l' (code 108) in prolog;

Hi Ralph,

What happens if you remove the Cxx plugin and your “generated custom_misra.xml”?

 
Ann

I will try out and let u know
I didnt remove the plugin yet, but I did a other test now I get this.
I would like to know if this log tells us that sonarqube is hard crashing on missing or invalid xml input?

java.lang.IllegalStateException: One of HTML description or Markdown description must be defined for rule [repository=other-c, key=misra-c2012-5.7]
	at org.sonar.api.server.rule.RulesDefinition$NewRule.validate(RulesDefinition.java:1006)
	at org.sonar.api.server.rule.RulesDefinition$NewRule.access$1000(RulesDefinition.java:719)
	at org.sonar.api.server.rule.RulesDefinition$RepositoryImpl.<init>(RulesDefinition.java:616)
	at org.sonar.api.server.rule.RulesDefinition$RepositoryImpl.<init>(RulesDefinition.java:589)
	at org.sonar.api.server.rule.RulesDefinition$Context.registerRepository(RulesDefinition.java:457)
	at org.sonar.api.server.rule.RulesDefinition$Context.access$600(RulesDefinition.java:389)
	at org.sonar.api.server.rule.RulesDefinition$NewRepositoryImpl.done(RulesDefinition.java:555)
	at org.sonar.cxx.sensors.other.CxxOtherRepository.define(CxxOtherRepository.java:75)
	at org.sonar.server.rule.RuleDefinitionsLoader.load(RuleDefinitionsLoader.java:56)
	at org.sonar.server.rule.RegisterRules.start(RegisterRules.java:119)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)

a link of same like problem?

more info:
this database record
sonar.c.cppcheck.customRules
when I remove this one with its text value sonarqube works again. but I dont have misra checks then.
the xml text is:

<?xml version="1.0" encoding="ASCII"?>
 <rules>
 <rule><key>misra-c2012-1.1</key><name>The program shall contain no violations of the standard C syntax and constraints, and shall not exceed the implementation&apos;s translation limits </name><severity>MAJOR</severity><type>BUG</type><description><![CDATA[]]></description><descriptionFormat>HTML</descriptionFormat><cardinality>SINGLE</cardinality><status>READY</status><tag>misra</tag><remediationFunction>LINEAR_OFFSET</remediationFunction><gapDescription>Effort to test one uncovered condition</gapDescription><remediationFunctionGapMultiplier>10min</remediationFunctionGapMultiplier><remediationFunctionBaseEffort>2min</remediationFunctionBaseEffort></rule>
</rules>

Hi Ralph,

As much as you want it to, feeding in a list of rules in a custom XML file isn’t going to allow you check your code by MISRA rules. Those XML files are simply meant to provide the metadata to describe the rule implementations provided by a plugin. And oh yeah, the XML should be provided by that same plugin.

 
Ann

Hey Ann,

I will provide more information:
This is a rule xml file containing like 100+ misra rules.

<?xml version="1.0" encoding="ASCII"?>
<rules>
<rule><key>misra-c2012-1.1</key><name>misra text is protected so cant post here sry </name><severity>MAJOR</severity><type>BUG</type><description><![CDATA[]]></description><descriptionFormat>HTML</descriptionFormat><cardinality>SINGLE</cardinality><status>READY</status><tag>misra</tag><remediationFunction>LINEAR_OFFSET</remediationFunction><gapDescription>Effort to test one uncovered condition</gapDescription><remediationFunctionGapMultiplier>10min</remediationFunctionGapMultiplier><remediationFunctionBaseEffort>2min</remediationFunctionBaseEffort></rule>

This is a part of the custom mira.xml that is generated by a parser that complaint on the external rules link

<element name="results" xmlns="http://relaxng.org/ns/structure/1.0" >
  <zeroOrMore>
    <element name="Warning">
      <attribute name="source/Buzzer.c"/>
      <attribute name=" detected issue [misra-c2012-5.3]"/>
      <attribute name="misra-c2012-5.3"/>
      <attribute name="40">
        <data type="integer" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" />
      </attribute>
      <text/>
    </element>

then Also a cppcheck generated misra detection file called

<?xml version="1.0"?>
<results>
  <error file="source/Buzzer.c" line="40" id="misra-c2012-5.3"
               severity="Warning" msg="detected issue [misra-c2012-5.3]"/>

This is exaclty followed from
how to define custom rules for C code?

whenever I insert the xml in the database or in the web ui .
Sonarqube wont stay online…

Please tell me if im wrong but I suspect that when I provide the element zeroOrMore as xml input cppcheck report path I should see the found misra violations right?

because the rules.xml most top one, will contain the rules?

Then in sonarqube admin c project I listed

Cppcheck report(s)

Path to a Cppcheck analysis XML report, relative to projects root. Both XML formats (version 1 and version 2) are supported. If neccessary, Ant-style wildcards are at your service.

Key: sonar.c.cppcheck.reportPath = misra.xml

add on that same page there is also

• External checkers report(s)

Path to a code analysis report, which is generated by some unsupported code analyser, relative to projects root. Use Ant-style wildcards if neccessary. See here for details.

Key: sonar.c.other.reportPath

ResetDefault: <no value>

• External rules

Rule sets for ‘external’ code analysers. Use one value per rule set. See this page for details.

Key: sonar.c.other.rules

Hi,

Then no one here can help you. As stated earlier in this thread, the Cxx plugin is not supported in this community.

 
Ann

hmm but can u tell me that the above log tell us that sonarqube is hard crashing? Because the web ui is not available unless I remove the xml in the database properties table.

Shouldn’t the web ui stay available to undo this mistake? Like if other users do this and dont know about sql as example they are pointless on what to do right?

After a lot of effort, I got it working myself. All misra violations are found and displayed in sonarqube now.

To prevent this crash at other sonarqube users, please add “try catches” somewhere here, this prevents sonarqube service to crash when corrupt xml files are used.

	at org.sonar.api.server.rule.RulesDefinitionXmlLoader.load(RulesDefinitionXmlLoader.java:226)