Unable to run check class org.sonar.java.se.SymbolicExecution

Hi Guys,

I am facing [Unable to run check class org.sonar.java.se.SymbolicExecution] while rune the pipeline. My build pipeline getting passed with Sonar warnings and exceptions. Please let me know if anyone can help me?

please see the following info:

SonarJava - this is an instance plugin:
“filename”: “sonar-java-plugin-6.15.1.26025.jar”,
“version”: “6.15.1 (build 26025)”,

SonarQube - this is the SonarQube instance:
Developer Edition
Version 8.9.1 (build 44547)

Thanks

Hi,

Welcome to the community!

Can you provide the full error stacktrace, please?

 
Thx!
Ann

Hi Ann sorry for the late reply: I am facing different Exceptions. Please check below exceptions:

1-

Exception while analyzing com.mywork.ecommerce.process.threeds.service.MyThreeDSworkService.processSuccessUrl(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V

-java.lang.RuntimeException: Unable to call com/Mycorp/ecommerce/works/threeds/db/MyXThreeDSDataHelper.getInstance()Lcom/Mycorp/ecommerce/works/threeds/db/MyXThreeDSDataHelper;

[5405](-/-/jobs/979597#L5405) At com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitInvoke(TaintFrameModelingVisitor.java:599)
[5406](-/-/jobs/979597#L5406) At com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitINVOKESTATIC(TaintFrameModelingVisitor.java:385)

[5407](-/-/jobs/979597#L5407) At org.apache.bcel.generic.INVOKESTATIC.accept(INVOKESTATIC.java:86)

[5408](-/-/jobs/979597#L5408) At edu.umd.cs.findbugs.ba.AbstractFrameModelingVisitor.analyzeInstruction(AbstractFrameModelingVisitor.java:84)

[5409](-/-/jobs/979597#L5409) At com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.analyzeInstruction(TaintFrameModelingVisitor.java:129)

[5410](-/-/jobs/979597#L5410) At com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis.transferInstruction(TaintAnalysis.java:90)
edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
org.sonar.plugins.findbugs.FindbugsExecutor$FindbugsTask.call(FindbugsExecutor.java:235)
 java.util.concurrent.FutureTask.run(FutureTask.java:277)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
 java.lang.Thread.run(Thread.java:812)

Hi,

I’ve code-formatted your three posts. It’s not clear to me at this point whether they represent 3 errors or one. Nonetheless, it would be better next time to consolidate in one post.

What your 3 posts to make clear is that at least some of the problems are coming from the FindSecBugs plugin.

 
HTH,
Ann

Hi Ann, Yes I have tried to post a single post but due to the new user, there were restrictions and split into 3 posts. Please help me out with FindSecBugs plugin, is this related to Sonar?

1 Like

Hi,

The FindSecBugs plugin is a 3rd-party plugin that was an extra install in your SonarQube instance. You should try running analysis with it uninstalled. Unfortunately, the normal advice to simply disable the rules from your profile doesn’t work with FindBugs (and I presume FindSecBugs as well). It seems that the tool automatically runs all rules and then filters what it reports. So uninstalling is the only way to keep the rule from running.

 
HTH,
Ann

Hi Ann,

First I want to say sorry for the late reply. Due to a health issue, I was on leave.
I have discussed the solution with my DevOps team to remove the 3rd-party plugin. Currently, many applications use sonarQube and we cannot take a risk to remove any plugin that can impact other applications as well. Please let me know we can have any other workaround?

KR,
Jamil

Hi Jamil,

Hopefully you’re feeling better. Don’t worry about the delay. There’s no SLA here in the community, on our side or on yours. :smile:

Unfortunately, I don’t see a workaround. I’ll be honest and say I haven’t tested with these plugins lately, but my experience is that once they’re loaded in an instance, you can’t keep them from running during an analysis - whether or not you have their rules turned on.

You should report this problem to the plugin maintainer, and IMO go back to your DevOps team.

You’re weighing a potential impact on other projects versus a definite analysis failure on your project. I understand their caution, but if their goal is to maintain service… well they’re already failing that with you.

 
FWIW,
Ann

Hi Ann,

Thanks for the detailed response. Could you please guide me on How I can change or report this to the plugin maintainer? Maybe they can provide some workaround!

Regards,
Jamil

Hi,

Just open a ticket on the project: GitHub - spotbugs/sonar-findbugs: SpotBugs plugin for SonarQube

 
Ann