SonarScanner .net fails when getting server version in https request (wrong character in request)

Massimiliano_Luraghi · June 30, 2023, 8:20am

Please provide

Operating system: Windows Server 2012R2
SonarScanner for .NET: SonarScanner for MSBuild 5.13
Connected to self-hosted SonarQube 10.1 on https

When setting ‘sonar.host.url’ in SonarQube.Analysis.xml file, if url is https then scanner fails in fetching server version, because unexpected character (') is at the end of request:

127.0.0.1 - - [30/Jun/2023:07:16:41 +0000] “GET /api/server/version’ HTTP/1.0” 401

switching back to http fixes the issue

Colin · July 1, 2023, 8:56am

It sounds like whatever is serving your SonarQube over HTTPS is returning the 401 (you can confirm this by checking if the 401 appears in your SonarQube server’s access.log file).

The next step would be consulting the logs of whatever is serving your SonarQube over HTTPS (typically for a Windows server that would be something like IIS)

Massimiliano_Luraghi · July 4, 2023, 7:08am

Hi Colin,s
the address is malformed in the very beginning, the request gets to the SonarQube server (you can see the access.log entry in my first message), but it can not be served:

127.0.0.1 - - [30/Jun/2023:07:16:41 +0000] “GET /api/server/version’ HTTP/1.0” 401

See that ’ at the end of version? That causes the issue.
When I switch back to http, that char disappears and the request is served correctly.

Colin · July 4, 2023, 7:17am

Thanks.

If it’s only happening over HTTPS, it sounds like that “in the middle” thing (IIS?) could be adding the ' to the end of the request. I would review your configuration.

Massimiliano_Luraghi · July 4, 2023, 7:50am

sonarqube server is on ubuntu with nginx as reverse proxy, the scanner is on windows.
“sonar.host.url” has been tested with the same address, one time with ‘https’ and the other time with ‘http’.

I don’t think this is caused by nginx, because I see the scanner trying to connect when the begin command is launched (by gitlab runner), and in the logs the address is already malformed.

Colin · July 4, 2023, 8:22am

Thanks.

Can you post your Gitlab-CI YAML file?

Massimiliano_Luraghi · July 4, 2023, 1:56pm

gitlab.yml extract:

 sonar_test:
     stage: static_test
     only:
         - master 
     script:
         # restore nu-get packages
         - nuget.exe config -set http_proxy=http://XXXXXXXXX
         - nuget.exe restore $CI_PROJECT_DIR\Project.sln
         # enable scanner mode
         - SonarScanner.MSBuild.exe begin /k:"project_master" /n:"Project" /v:"x.x.x"
         - MSBuild.exe $CI_PROJECT_DIR\Project.sln /t:Rebuild /verbosity:quiet /property:Configuration=Release
         - SonarScanner.MSBuild.exe end

on the runner node, where the scanner is installed (SonarQube.Analysis.xml):

<SonarQubeAnalysisProperties  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.sonarsource.com/msbuild/integration/2015/1">

  <Property Name="sonar.host.url">https://sonarqube.mycompany/</Property>
  <Property Name="sonar.token">squ_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</Property>

</SonarQubeAnalysisProperties>