Upgraded to SonarQube 10.4.1, cannot analyse TypeScript code

SonarQube Server / Community Build
1

Versions

Jenkins 2.440.2, declarative Pipeline, Jenkinsfile
SonarQube: Developer Edition Version 10.4.1 (build 88267)
Maven-Plugin: org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922

how is SonarQube deployed:

Docker, Jenkins too

what are you trying to achieve

Scanning of TypeScript fails, bridge cannot be started.

what fails

10:42:56  [INFO] 10:42:55.938 Sensor JavaScript inside HTML analysis [javascript]
10:42:56  [DEBUG] 10:42:55.940 Deploying bundle
10:42:56  [DEBUG] 10:42:55.941 Deploying the bridge server into /var/jenkins_home/workspace/OCSIG-1642-java-17-auf-sonarqube/target/sonar/.sonartmp/bridge-bundle
10:42:59  [DEBUG] 10:42:59.130 Deploying bundle (done) | time=3190ms
10:42:59  [INFO] 10:42:59.130 Detected os: Linux arch: amd64 alpine: false. Platform: LINUX_X64
10:42:59  [DEBUG] 10:42:59.134 Currently installed Node.js version: v20.9.0. Available version in analyzer: v20.9.0
10:42:59  [DEBUG] 10:42:59.134 Skipping node deploy. Deployed node has latest version.
10:42:59  [DEBUG] 10:42:59.136 Launching command /var/jenkins_home/.sonar/js/node-runtime/node -v
10:42:59  [DEBUG] 10:42:59.159 Deployed node version v20.9.0
10:42:59  [DEBUG] 10:42:59.160 Deploying custom rules bundle jar:file:/var/jenkins_home/.sonar/cache/91ab6512fd5d7f04f34afa1cedc7714f/sonar-securityjsfrontend-plugin.jar!/js-vulnerabilities-rules-1.0.0.tgz to /var/jenkins_home/workspace/OCSIG-1642-java-17-auf-sonarqube/target/sonar/.sonartmp/bridge-bundle/package/custom-rules374271307379837562
10:42:59  [DEBUG] 10:42:59.164 Starting server
10:42:59  [DEBUG] 10:42:59.166 Creating Node.js process to start the bridge server on port 43019
10:42:59  [INFO] 10:42:59.167 Configured Node.js --max-old-space-size=4096.
10:42:59  [INFO] 10:42:59.167 Using embedded Node.js runtime
10:42:59  [INFO] 10:42:59.167 Using Node.js executable: '/var/jenkins_home/.sonar/js/node-runtime/node'.
10:42:59  [DEBUG] 10:42:59.167 Checking Node.js version
10:42:59  [DEBUG] 10:42:59.167 Launching command /var/jenkins_home/.sonar/js/node-runtime/node -v
10:42:59  [DEBUG] 10:42:59.179 Using Node.js v20.9.0.
10:42:59  [DEBUG] 10:42:59.179 Launching command /var/jenkins_home/.sonar/js/node-runtime/node --max-old-space-size=4096 /var/jenkins_home/workspace/OCSIG-1642-java-17-auf-sonarqube/target/sonar/.sonartmp/bridge-bundle/package/bin/server 43019 127.0.0.1 /var/jenkins_home/workspace/OCSIG-1642-java-17-auf-sonarqube/client-ui/target/sonar true false false /var/jenkins_home/workspace/OCSIG-1642-java-17-auf-sonarqube/target/sonar/.sonartmp/bridge-bundle/package/custom-rules374271307379837562/package
10:43:02  [INFO] 10:43:01.951 Memory configuration: OS (23947 MB), Node.js (4144 MB).
10:43:02  [DEBUG] 10:43:01.952 Starting the bridge server
10:43:02  [DEBUG] 10:43:01.964 The bridge server is listening on port 43019
10:43:02  [DEBUG] 10:43:02.054 The worker thread is running
10:43:20  [DEBUG] 10:43:16.967 The bridge server shut down
10:43:20  [DEBUG] 10:43:17.010 The worker thread exited with code 1
10:48:11  [ERROR] 10:47:59.211 Failed to start the bridge server (300s timeout)
10:48:11  org.sonar.plugins.javascript.nodejs.NodeCommandException: Failed to start the bridge server (300s timeout)
10:48:11  	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.startServer(BridgeServerImpl.java:197)
10:48:11  	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.startServerLazily(BridgeServerImpl.java:304)

what have you tried so far to achieve this

Jenkinsfile pipeline currently looks like this:

        stage('SonarQube scanner analysis') {
            steps {
                script {
                    withSonarQubeEnv('Sonar') {
                        nodejs(nodeJSInstallationName: 'NodeJS 20') {
                             withEnv(['NO_PROXY=127.0.0.1,localhost', 'NODE_OPTIONS=--trace-exit']) {
                                sh("""\
                                            echo ${NO_PROXY}
                                            npm config ls
                                            JAVA_HOME=${JDK17_HOME} \
                                            mvn \
                                            ${JENKINS_PROXY} \
                                            -Dsonar.javascript.node.maxspace=4096 \
                                            -Dsonar.verbose=true \
                                            -Dsonar.log.level=DEBUG \
                                            org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922:sonar -X\
                                """)
                            }
                        }
                    }
                }
            }
        }

I am not sure why I am getting “The worker thread exited with code 1”. I cannot see anything in docker logs why the thread exited with code 1.
It might be a networking issue, but I am not able to exclude 127.0.0.1 from being proxied. In the proxy logs I can see requests to 127.0.0.1 with the metioned port.

I tried to exclude it via ${JENKINS_PROXY}:

-Dhttp.proxyHost=xxx -Dhttp.proxyPort=xxx -Dhttps.proxyHost=xxx -Dhttps.proxyPort=xxx -Dhttp.nonProxyHosts=127.0.0.1

I added NO_PROXY environment variable (thought it might work for node binary).

Questions:

  • How can I get more details about what exactly makes the worker thread fail?
  • How can I exclude 127.0.0.1 from being proxied?
  • How could I disable the whole “node”-dependency from being used at all as a quick-fix?
1 Like
2

Hi,

Can you try bumping this

up to 8192?

Node is required to analyze JS/TS, so there’s no way to disable this.

 
Ann

3

Hi

Thanks for the input. I already tried with 8192, the problem persists / no change:

16:36:04  [INFO] 16:36:04.224 Memory configuration: OS (23947 MB), Node.js (8240 MB).
16:36:04  [DEBUG] 16:36:04.224 Starting the bridge server
16:36:04  [DEBUG] 16:36:04.247 The bridge server is listening on port 33265
16:36:04  [DEBUG] 16:36:04.353 The worker thread is running
16:36:19  [DEBUG] 16:36:19.238 The bridge server shut down
16:36:19  [DEBUG] 16:36:19.285 The worker thread exited with code 1

I am suspecting a networking problem, as I can see requests to 127.0.0.1 on our proxy logs. I tried to exclude 127.0.0.1 from being proxied, but I am not sure if that requests are coming from java or node.

4

Hi,

I believe the requests are coming from Node.

 
HTH,
Ann

5

If the requests are coming from Node how can we pass proxy settings?

I tried via maven:

-Dhttp.proxyHost=xxx -Dhttp.proxyPort=xxx -Dhttps.proxyHost=xxx -Dhttps.proxyPort=xxx -Dhttp.nonProxyHosts=127.0.0.1

I tried with an environment variable:

NO_PROXY=127.0.0.1,localhost

Is there a way to see more details / verbose logs about the “worker thread”?

6

Hi,

I don’t understand why you’re proxying local / localhost traffic.

 
Ann

7

Hi Ann

Thanks for your answer.

I am trying not to proxy this traffic! Currently it is proxied, this is why I added http.nonProxyHosts and NO_PROXY env variable.

But despite doing this, I still see the requests going to the proxy. I have no idea why… any hint how to debug the issue might help.

For now I had to disable the whole Sonar-Scanning for all projects that contain JavaScript / TypeScript. I could not disable the node requirement with sonar.exclusions.

8

Hi,

Where does the proxy live? Is it on the build agent?

 
Ann

9

Hi Ann,

The proxy is on seperate host, not related to Jenkins.

10

Hi,

If the proxy is on a separate host, then I really don’t understand why/how it’s getting in the middle of localhost requests. You should talk to your network folks.

 
HTH,
Ann

11

We found the problem, it is a mixture of behaviour of the sonar-scan-maven-plugin and a configuration issue.

Currently the sonar-scan-maven-plugin only reads proxy settings from maven settings.xml. It only reads http-proxy settings, not https-proxy settings. There is a PR which changes this: Fix - Extend maven proxy settings usage to https by Eredrim · Pull Request #213 · SonarSource/sonar-scanner-maven · GitHub

To be able to connect to our SonarQube instance via https-proxy we had to add -Dhttps.proxyHost and -Dhttps.proxyPort to the mvn command.

Now, we added -Dhttp.nonProxyHosts to the mvn command and thought that would work. But it didn’t. This is because the sonar-scanner-maven-plugin does not evaluate passed parameters and only inspects maven settings.xml.

In the maven settings.xml, the xml element nonProxyHosts was not set. Alas the plugin does set the java system property to an empty string, which disables the java default value for this property (default value is to exclude localhost, 127.0.0.1).

When setting the nonProxyHosts element in maven settings.xml it started to work.

It works, but there are some improvements that could be done:

  1. Merge the mentioned PR, so at least no mix between settings.xml and parameters is needed, document it that only settings.xml is evaluated
  2. Evaluate the parameters passed, so one may override the settings.xml values
3 Likes
12

Hi,

Thanks for your investigation and for taking the time to document your findings.

What version of SonarScanner for Maven are you using?

 
Thx,
Ann

13

Hi Ann

We are using:

Maven-Plugin: org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922

1 Like
14

Hi,

Thanks for that. I’m going to flag this for the team.

 
Ann

17

Thanks a million, @weisskopf, for the great job investigating the issue!

I’ve created [SCANMAVEN-219] - Jira to implement the provided solution and handle your pull request.

The scanner allows to override system properties with the parameters specified in the mvn command. It may be that you failed to specify the property -Dhttps.nonProxyHosts.

Cheers,
Angelo

1 Like
21

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.