SonarQube Error - Unable to parse xml file

xml
sonarqube

(Dennis Hsu) #1

Hi,

I am trying to use SoanrQube to scan a vulnerable Angular web app called “Juice Shop”. I do the npm install and npm build steps, but at SonarQube - run Code analysis step, i got an error " ##[error]ERROR: Unable to parse xml file: D:\a\1\s\frontend\node_modules\sax\examples\big-not-pretty.xml" .

I believe the big-not-pretty.xml file in NPM’s sax library may not have correct XML syntax, which is causing the scanning issue. I could ignore SonarQube to scan .xml file, but would be good if we don’t do that.

Any suggestion/information is appreciated!

Juice shop app source code: https://github.com/bkimminich/juice-shop
SonarQube server: 7.1
SonarQube Scanner: 3.2.0.1227
SonarXML:1.5 (build 1373)

Error log:
019-01-28T18:25:49.3830634Z INFO: Quality profile for xml: Sonar way

2019-01-28T18:25:50.7182282Z INFO: Sensor C# Properties [csharp]

2019-01-28T18:25:50.7248062Z ##[error]WARN: Property missing: ‘sonar.cs.analyzer.projectOutPaths’. No protobuf files will be loaded for this project.

2019-01-28T18:25:50.7260636Z

2019-01-28T18:25:50.7260943Z ##[error]WARN: No roslyn issues report not found for this project.

2019-01-28T18:25:50.7261449Z

2019-01-28T18:25:50.7261608Z INFO: Sensor C# Properties [csharp] (done) | time=0ms

2019-01-28T18:25:50.7261785Z INFO: Sensor Python Squid Sensor [python]

2019-01-28T18:26:00.8794049Z INFO: Sensor Python Squid Sensor [python] (done) | time=10188ms

2019-01-28T18:26:00.8794949Z INFO: Sensor PythonXUnitSensor [python]

2019-01-28T18:26:01.8716357Z INFO: Sensor PythonXUnitSensor [python] (done) | time=987ms

2019-01-28T18:26:01.8944803Z INFO: Sensor SonarJavaXmlFileSensor [java]

2019-01-28T18:26:02.0836673Z INFO: 26 source files to be analyzed

2019-01-28T18:26:03.3512254Z ##[error]ERROR: Unable to parse xml file: D:\a\1\s\frontend\node_modules\sax\examples\big-not-pretty.xml

2019-01-28T18:26:03.3513548Z

2019-01-28T18:26:03.3513937Z ##[error]ERROR: Unable to parse xml file: D:\a\1\s\frontend\node_modules\sax\examples\not-pretty.xml

2019-01-28T18:26:03.3514980Z

2019-01-28T18:26:03.3988455Z ##[error]ERROR: Unable to parse xml file: D:\a\1\s\frontend\node_modules\sax\examples\test.xml

2019-01-28T18:26:03.3989863Z

2019-01-28T18:26:03.4510636Z ##[error]ERROR: Unable to parse xml file: D:\a\1\s\node_modules\libxmljs\test\fixtures\errors\comment.xml

2019-01-28T18:26:03.4511782Z

2019-01-28T18:26:04.0478502Z ##[error]ERROR: Unable to parse xml file: D:\a\1\s\node_modules\libxmljs\test\fixtures\sax_parser.xml

2019-01-28T18:26:04.0490774Z ERROR: Unable to parse xml file: D:\a\1\s\node_modules\libxmljs\test\fixtures\sax_parser.xml

2019-01-28T18:26:04.0496363Z ##[error]ERROR: Unable to parse xml file: D:\a\1\s\test\files\xxeBillionLaughs.xml

2019-01-28T18:26:04.0500529Z ERROR: Unable to parse xml file: D:\a\1\s\test\files\xxeBillionLaughs.xml

2019-01-28T18:26:04.0502666Z INFO: Sensor SonarJavaXmlFileSensor [java] (done) | time=2028ms

2019-01-28T18:26:04.0503190Z INFO: Sensor XML Sensor [xml]

2019-01-28T18:26:04.0503472Z INFO: 26/26 source files have been analyzed

2019-01-28T18:26:04.8751860Z ##[error]WARN: Unable to parse file D:/a/1/s/frontend/node_modules/sax/examples/big-not-pretty.xml

2019-01-28T18:26:04.8752550Z

2019-01-28T18:26:04.8752717Z ##[error]WARN: Cause: org.xml.sax.SAXParseException; lineNumber: 7; columnNumber: 19; The element type “slurm” must be terminated by the matching end-tag “”.

2019-01-28T18:26:04.8753037Z

2019-01-28T18:26:04.8753181Z ##[error]WARN: Unable to parse file D:/a/1/s/frontend/node_modules/sax/examples/not-pretty.xml

2019-01-28T18:26:04.8753503Z

2019-01-28T18:26:04.8753658Z ##[error]WARN: Cause: org.xml.sax.SAXParseException; lineNumber: 6; columnNumber: 19; The element type “slurm” must be terminated by the matching end-tag “”.

2019-01-28T18:26:04.8754006Z

2019-01-28T18:26:05.0403789Z ##[error]WARN: Unable to parse file D:/a/1/s/frontend/node_modules/sax/examples/test.xml

2019-01-28T18:26:05.0902937Z

2019-01-28T18:26:05.0903184Z ##[error]WARN: Cause: org.xml.sax.SAXParseException; lineNumber: 10; columnNumber: 30; The string “–” is not permitted within comments.

2019-01-28T18:26:05.0903603Z

2019-01-28T18:26:05.1854190Z ##[error]WARN: Unable to parse file D:/a/1/s/node_modules/libxmljs/test/fixtures/errors/comment.xml

2019-01-28T18:26:05.1856149Z

2019-01-28T18:26:05.1856460Z ##[error]WARN: Cause: org.xml.sax.SAXParseException; lineNumber: 5; columnNumber: 10; An invalid XML character (Unicode: 0xe) was found in the comment.

2019-01-28T18:26:05.1857058Z

2019-01-28T18:26:05.3726787Z ##[error]WARN: Unable to parse file D:/a/1/s/node_modules/libxmljs/test/fixtures/sax_parser.xml

2019-01-28T18:26:05.3728908Z

2019-01-28T18:26:05.3729342Z ##[error]WARN: Cause: org.xml.sax.SAXParseException; lineNumber: 15; columnNumber: 1; XML document structures must start and end within the same entity.

2019-01-28T18:26:05.3731402Z

2019-01-28T18:36:12.1323273Z ##[error]WARN: [JOURNAL_FLUSHER] WARNING Journal flush operation took 3,896ms last 8 cycles average is 487ms

2019-01-28T18:36:12.1325091Z WARN: [JOURNAL_FLUSHER] WARNING Journal flush operation took 3,896ms last 8 cycles average is 487ms

2019-01-28T18:37:50.9737823Z ##[error]WARN: [JOURNAL_FLUSHER] WARNING Journal flush operation took 6,486ms last 8 cycles average is 1,297ms

2019-01-28T18:37:50.9740703Z


(G Ann Campbell) #2

Hi,

At a minimum, please consider upgrading SonarXML. The current version is 2.0.1. (You might also consider upgrading SonarQube itself. Its current version is 7.6.) If your problem persists after upgrade, please come back with fresh error details.

 
Ann


(Dennis Hsu) #3

Thanks. Will upgrade SonarXML to 2.0.1 and SonarQube to 7.6 then do the test.


(Elena Vilchik) #4

Your parsing error comes from SonarJava (which also analyzes XML), you should upgrade both SonarJava and SonarXML. Also, these parsing errors are not failing analysis as far as I understand, so not a blocker problem for you.

P.S. If after upgrade these files are still not parsed, run analysis with debug option (-X) to see full logs.