- versions used SonarQube 8.5
- scan from Azure DevOps build pipeline using msbuild scanner 4.11.0
Since upgrading to 8.5 this morning, two of our large C# API projects, which are .NET 4.8, are getting stuck. The task says it is still running, but the logs stop capturing anything until I kill the task.
In the logs, they are all ending like this:
2020-10-12T16:02:07.3728074Z 11:02:07.371 INFO: All rules entrypoints : 537 Retained UCFGs : 14156
2020-10-12T16:02:08.2669892Z 11:02:08.265 INFO: rule: S5131, entrypoints: 15
2020-10-12T16:02:08.2672192Z 11:02:08.266 DEBUG: Running rule roslyn.sonaranalyzer.security.cs:S5131
2020-10-12T16:02:08.2672810Z 11:02:08.266 INFO: Running symbolic analysis
2020-10-12T16:02:08.2707454Z 11:02:08.269 DEBUG: loaded 73 sanitizers for rule S5131
2020-10-12T16:02:08.2730006Z 11:02:08.272 DEBUG: Resource file roslyn.sonaranalyzer.security.cs/passthroughs/S5131.json was not read
2020-10-12T16:02:08.2731274Z 11:02:08.272 DEBUG: loaded 171 passthroughs for rule S5131
2020-10-12T16:02:08.2734260Z 11:02:08.272 DEBUG: Resource file roslyn.sonaranalyzer.security.cs/collectionHandlers/common.json was not read
2020-10-12T16:02:08.2735244Z 11:02:08.272 DEBUG: Resource file roslyn.sonaranalyzer.security.cs/collectionHandlers/S5131.json was not read
2020-10-12T16:02:08.2736333Z 11:02:08.272 DEBUG: loaded 0 collectionHandlers for rule S5131
2020-10-12T16:02:08.4579526Z 11:02:08.456 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argEntity .
2020-10-12T16:02:08.4580611Z 11:02:08.457 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argEntity .
2020-10-12T16:02:08.4581361Z 11:02:08.457 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argAlClientId .
2020-10-12T16:02:08.4658129Z 11:02:08.464 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argEntity .
2020-10-12T16:02:08.4661218Z 11:02:08.465 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argUserKey .
2020-10-12T16:02:08.4666526Z 11:02:08.465 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argUserKey .
2020-10-12T16:02:08.4676962Z 11:02:08.466 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argPersonal .
2020-10-12T16:02:08.4678449Z 11:02:08.467 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argLoginUserId .
2020-10-12T16:02:08.4682987Z 11:02:08.467 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argUserGuid .
2020-10-12T16:02:08.4684422Z 11:02:08.467 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argPersonal .
2020-10-12T16:02:08.4933116Z 11:02:08.492 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argId .
2020-10-12T16:02:08.4934015Z 11:02:08.492 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argDefaultRefreshTokenLifetime .
2020-10-12T16:02:08.4955193Z 11:02:08.494 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argDefaultRefreshTokenLifetime .
2020-10-12T16:02:08.5046792Z 11:02:08.503 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argExternalId .
2020-10-12T16:02:08.5047389Z 11:02:08.504 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with argExternalId .
2020-10-12T16:02:08.5088152Z 11:02:08.507 DEBUG: Did not expect to visit symbol class com.sonar.security.analysis.D.A.N with arghooks .
2020-10-12T20:00:06.2548610Z ##[error]The operation was canceled.
2020-10-12T20:00:06.2556021Z ##[section]Finishing: Run Code Analysis
Edit: I found this post in GitHub which references the same rule. https://github.com/SonarSource/sonar-scanner-msbuild/issues/827. However, I’ve searched the logs generated for some of the key words listed there (ProjectCapability, SonarQubeTestProject, test project) and do not get any hits. These are projects that don’t change very often, and were working prior to updating from 8.4.2 to 8.5.0 yesterday morning.