SonarQubeAnalyse spurious errors in Azure DevOps: "No message found for this issue"

I have a SonarQubeAnalyze@4 task in 2 different Azure DevOps build pipeline yaml files: one for Windows and Python, another for Linux and C++. In both cases the builds succeed but:

  1. The automated notification [Build succeeded] email I receive from DevOps has a red cross with no message next to the corresponding job and…
  2. The build results page will report an error with “No message found for this issue” next to it. Example screenshot:

image

This is more of an annoyance as it makes it looks like the build has failed, when it hasn’t!

This may be unrelated but if I look at the logs for the SonarQubeAnalyze task in DevOps, the only mention of ‘error’ is this, from a Linux build:

##[debug]WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/home/vsts/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/home/vsts/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
##[debug]Processed: WARNING: All illegal access operations will be denied in a future release##vso[task.logissue type=error;]

Similarly for a Windows build:

##[debug]WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/C:/Users/VssAdministrator/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/C:/Users/VssAdministrator/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
##[debug]Processed: WARNING: All illegal access operations will be denied in a future release##vso[task.logissue type=error;]

Looking through the results for several builds, I don’t always see the “No message found for this issue” error for SonarQubeAnalyze. But every time I do I also see the above warning/error in the logs. So the 2 probably are related.

The Microsoft-hosted build agents I use are the ‘ubuntu-18.04’ and ‘windows-2019’ VM images.

1 Like

Same here when analyze Javascript proyect, but still works! btw I’m using Sonar plugin for Azure DevOps


INFO: Load project repositories (done) | time=96ms
INFO: 90 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for css: Sonar way
INFO: Quality profile for js: Sonar way
INFO: ------------- Run sensors on module asdasdasd
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=119ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/home/vsts/.sonar/cache/52f5340dd05620cd162e2b9a45a57124/sonar-javascript-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations

INFO: Sensor SonarCSS Metrics [cssfamily]
INFO: Sensor SonarCSS Metrics [cssfamily] (done) | time=26ms
INFO: Sensor SonarCSS Rules [cssfamily]
INFO: Sensor SonarCSS Rules [cssfamily] (done) | time=836ms
INFO: Sensor JavaXmlSensor [java]
INFO: Sensor JavaXmlSensor [java] (done) | time=2ms
1 Like

Same here on a PHP project.

INFO: Indexing files...
INFO: Project configuration:
INFO: Load project repositories
INFO: Load project repositories (done) | time=111ms
INFO: 1589 files indexed
INFO: 0 files ignored because of scm ignore settings
INFO: Quality profile for php: AssoConnect-PHP
INFO: ------------- Run sensors on module backend
INFO: Load metrics repository
INFO: Load metrics repository (done) | time=43ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/home/vsts/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations

Same problem here, but not on all runs: some runs have this error message, some others not.
I noticed just one difference in logs in the two cases:

When everything goes ok, I have these log lines with 5 WARNINGS:

[...]
INFO: Load metrics repository (done) | time=289ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/C:/Users/VssAdministrator/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
INFO: Sensor JavaXmlSensor [java]
[...]

When I have the error, the last WARNING is relplaced by en empty line:

INFO: Load metrics repository (done) | time=61ms
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/C:/Users/VssAdministrator/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of net.sf.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
    
INFO: Sensor JavaXmlSensor [java]

May this help?

1 Like

Hi,

Newbie on SonarCloud, I had this issue. For my case, my project/pipeline configuration was wrong.

I changed my pipeline from this :

- task: VSBuild@1
    solution: '$(solution)'
    platform: '$(buildPlatform)'
    configuration: '$(buildConfiguration)'

- task: VSTest@2
  inputs:
    platform: '$(buildPlatform)'
    configuration: '$(buildConfiguration)'

- task: SonarCloudPrepare@1
  inputs:
    SonarCloud: 'https://sonarcloud.io'
    organization: 'floriantanay'
    scannerMode: 'CLI'
    configMode: 'manual'
    cliProjectKey: 'floriantanay:testproject'
    cliProjectName: 'Test de sonar'
    cliSources: './sonarqube-scannermsbuild/CSharpProject/SomeConsoleApplication/*'

- task: SonarCloudAnalyze@1

- task: SonarCloudPublish@1
  inputs:
    pollingTimeoutSec: '300'

to this :

 - task: SonarCloudPrepare@1
   inputs:
     SonarCloud: 'https://sonarcloud.io'
     organization: 'tanay'
     scannerMode: 'MSBuild'
     projectKey: 'tanay_SonarExamples'
     projectName: 'SonarExamples'
 
 - task: VSBuild@1
   inputs:
     solution: '$(solution)'
     platform: '$(buildPlatform)'
     configuration: '$(buildConfiguration)'
 
 - task: VSTest@2
   inputs:
     platform: '$(buildPlatform)'
     configuration: '$(buildConfiguration)'
 
 - task: SonarCloudAnalyze@1
 
 - task: SonarCloudPublish@1
 
   inputs:
     pollingTimeoutSec: '300'

I made 4 changes so I’m not sure the which one solved the issue :
-1- I changed my project policy on Azure from private to public
-2- I had a connection to my Azure account from SonarCloud (with a token)
-3- I changed the scannermode from CLI to MSBuild
-4- I moved SonarCloudPrepare section before the build section

Before these changes I always had the issue and now I had no issue any more.
I hope that can help …

Thanks for sharing! Unfortunately I don’t know which of your changes was significant and I don’t have time to look at this at the moment. But my builds still do suffer from this intermittent issue. It’s an annoyance rather than a blocker because the builds still do pass; but it would be great if someone from SonarSource could start looking at this please.

I’m also seeing this in a number of pipelines we run across our teams. It’s always in the SonarQubeAnalyze@4 task. I believe the “No message found for this issue” string is actually generated by Azure DevOps when the task.logissue logging command doesn’t have a message passed to it. The syntax for it is described here. Posting error syntax here for clarity:

echo "##vso[task.logissue type=error]My message here"

My bet is that the Sonar scanner VSTS task isn’t adding a message when it calls task.logissue somewhere. Searching the GitHub repo, this is the only place where I can see them emitting an error. If I had to take a guess, based on the surrounding code, their tool.on callback is getting an empty string or just a string with whitespace from the standard error stream. After they trim it, the value is an empty string that they pass to the task.logissue command, thus generating the Azure DevOps build output seen in the original post.

1 Like

Sounds promising! Thanks:). Have you part-tested your theory by deliberately issuing a log message with an empty string to see if DevOps says “No message found for this issue”. (I didn’t know about that logging command BTW - looks useful!).

Yes, I tested it with this YAML pipeline config:

trigger: none

pool:
  vmImage: ubuntu-latest

steps:
- script: |
    echo Running test
    echo "##vso[task.logissue type=error]"
  displayName: Emit empty error issue

And this is what shows up on the build results page (note the error issue but the job actually succeeded):

empty-message

1 Like

Thanks for confirming! I guess the next step is to find what’s generating the empty message. When I get the “No message found for this issue” in the SonarQubeAnalyze task I see this in the task’s logs:

WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
##[debug]Processed: WARNING: All illegal access operations will be denied in a future release##vso[task.logissue type=error;]

17:56:04.287 DEBUG: 'JavaSquidSensor' skipped because there is no related file in current project

Note the blank line as @donatogr pointed out before. When I don’t see “No message found for this issue” I see this in the logs:

WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
16:26:40.984 DEBUG: 'JavaSquidSensor' skipped because there is no related file in current project

So it looks like the empty message is causing both the blank line and the “No message found for this issue”. But whether that’s happening inside the code warning about the illegal reflective access operation or not isn’t clear. If it is then maybe this line would help pin it down:

WARNING: Illegal reflective access by net.sf.cglib.core.ReflectUtils$1 (file:/C:/Users/VssAdministrator/.sonar/cache/a89f1943fc75b65becd9fb4ecab8d913/sonar-tsql-plugin.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)

It would be great if a SonarSourcer could look into this issue:).

Hi @cacti77 and all,

Thanks for you insights on this, i logged this ticket to be able to work on it : https://jira.sonarsource.com/browse/VSTS-247

Unfortunately i don’t have any ETA to give yet on that.

Mickaël

1 Like

Thanks for looking at this! I see in the ticket you want to filter out empty messages but surely, in this case, it would be better to find out what’s generating the error in the first place and either fix that or display a more meaningful error message. Anyhow, at least it’s being looked at now:).

We already tried to filter at least the warnings displayed with the IllegalStateExeception, but it was on our analyzer’s side, and this is not currently possible to filter it out, but surely i’ll have a look also at this option on my side !