Upgraded to C# 5.3.1, experienced crash
248 views
Skip to first unread message
John M
Jul 8, 2016, 1:01:12 PM7/8/16
to SonarQube
Hi everyone,
When I upgraded the C# plugin to 5.3.1, on build machines that have VS 2015 Update 3, the SonarQube analysis crashed with the following stack:
INFO: ------------------------------------------------------------------------INFO: EXECUTION FAILUREINFO: ------------------------------------------------------------------------INFO: Total time: 15.118sINFO: Final Memory: 41M/105MINFO: ------------------------------------------------------------------------ERROR: Error during SonarQube Scanner executionjava.lang.NullPointerExceptionat org.sonar.plugins.csharp.sarif.SarifParser10.handleIssue(SarifParser10.java:69)at org.sonar.plugins.csharp.sarif.SarifParser10.handleIssues(SarifParser10.java:56)at org.sonar.plugins.csharp.sarif.SarifParser10.parse(SarifParser10.java:48)at org.sonar.plugins.csharp.CSharpSensor.importRoslynReport(CSharpSensor.java:291)at org.sonar.plugins.csharp.CSharpSensor.analyse(CSharpSensor.java:113)at org.sonar.batch.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:58)at org.sonar.batch.phases.SensorsExecutor.execute(SensorsExecutor.java:50)at org.sonar.batch.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:83)at org.sonar.batch.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:192)at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:142)at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:127)at org.sonar.batch.scan.ProjectScanContainer.scan(ProjectScanContainer.java:241)at org.sonar.batch.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:236)at org.sonar.batch.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:234)at org.sonar.batch.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:226)at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:142)at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:127)at org.sonar.batch.task.ScanTask.execute(ScanTask.java:47)at org.sonar.batch.task.TaskContainer.doAfterStart(TaskContainer.java:86)at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:142)at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:127)at org.sonar.batch.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:106)at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:119)at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)at java.lang.reflect.Method.invoke(Unknown Source)at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)at com.sun.proxy.$Proxy0.execute(Unknown Source)at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:240)at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)at org.sonarsource.scanner.cli.Main.runAnalysis(Main.java:110)at org.sonarsource.scanner.cli.Main.execute(Main.java:72)at org.sonarsource.scanner.cli.Main.main(Main.java:60)ERROR:ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
Fortunately, I was able to roll back to the 5.3 plugin (pulled from a backup) and things are back to normal.
Any ideas?
Thanks,
John
Duarte Meneses
Jul 11, 2016, 2:42:53 AM7/11/16
to SonarQube
Hi John,
Would you be able to provide the json file which is the output of Roslyn? It should be in the output folder of the project, and its name ends with "RoslynCA.json".
Duarte Meneses
Jul 11, 2016, 3:35:00 AM7/11/16
to SonarQube
Also, FYI even though you get no error with version 5.3, issues reported by Roslyn are probably not getting imported to SonarQube.
I suspect the problem lies in one of the fields in the JSON report, and I've created the ticket: https://jira.sonarsource.com/browse/SONARCS-608
It would be great if you could confirm it by checking your JSON report, as explained in my last post.
John M
Jul 11, 2016, 9:43:58 AM7/11/16
to SonarQube
I'd be happy to, except that I'd spend more time than I care to count convincing our lawyers that there'd be no risk, seeing as how the file has no IP... sorry. :(
I'll talk with one of my managers, just in case there's some hope - if he's ok with it, I'll post the file privately later today.
Thanks,
John
Duarte Meneses
Jul 14, 2016, 8:19:51 AM7/14/16
to SonarQube
Hi John,
Could you please check the *.RoslynCA.json files in the bin directories of your solution, and look for a "result" without the field "locations"? We believe this is the source of the problem.
If you find it, please provide us the corresponding "ruleId".
Here is an example of the file:
"runs": [
{
"tool": {
"name": "Microsoft (R) Visual Basic Compiler",
"version": "1.3.1.0",
"fileVersion": "1.3.1.60616",
"semanticVersion": "1.3.1",
"language": "en-US"
},
"results": [
{
"ruleId": "S3385",
"level": "warning",
"message": "Remove this \"Exit\" statement.",
"locations": [
{
"resultFile": {
"uri": "file:///C:/git/sonar-examples/projects/languages/vbnet/ConsoleApplication1/Module1.vb",
"region": {
"startLine": 4,
"startColumn": 7,
"endLine": 4,
"endColumn": 15
}
}
}
],
"properties": {
"warningLevel": 1
}
}
],
"rules": {
"S3385": {
"id": "S3385",
"shortDescription": "\"Exit\" statements should not be used",
"fullDescription": "Other than \"Exit Select\", using an \"Exit\" statement is never a good idea. \"Exit Do\", \"Exit For\", \"Exit Try\", and \"Exit While\" will all result in unstructured control flow, i.e.spaghetti code. \"Exit Function\", \"Exit Property\", and \"Exit Sub\" are all poor, less-readable substitutes for a simple return, and if used with code that should return a value (\"Exit Function\" and in some cases \"Exit Property\") they could result in a \"NullReferenceException\". This rule raises an issue for all uses of \"Exit\" except \"Exit Select\" and \"Exit Do\" statements in loops without condition.",
"defaultLevel": "warning",
"properties": {
"category": "Reliability",
"isEnabledByDefault": true
}
}
}
John M
Jul 14, 2016, 2:43:31 PM7/14/16
to SonarQube
Can do, not til next week though ( out of the office remainder of this week).
Thanks for following up on this so quickly!
John M
Jul 18, 2016, 12:15:02 PM7/18/16
to SonarQube
Here's one I found (I hope):
{
"ruleId": "Wintellect008",
"level": "warning",
"message": "Add a filled out AssemblyDescriptionAttribute to the assembly properties",
"properties": {
"warningLevel": 1
}
},
Marcel
Jul 19, 2016, 7:26:49 AM7/19/16
to SonarQube
Hello,
we analyse a C# projects with over 4 million lines and we get also the NullPointerException.
I found the following code in the RoslynCA.json. The rule AssignmentInsideSubExpression throws a NullReferenceException and has no location
We use only SonarLint Roslyn Rules.
I build a new C# Plugin with the location NullPointerException fix and we get NO NullPointerException. So I think that the fix works ;)
{
"ruleId": "AD0001",
"level": "warning",
"message": "Die Analyse \"SonarLint.Rules.CSharp.AssignmentInsideSubExpression\" hat eine Ausnahme vom Typ \"System.NullReferenceException\" mit der Meldung \"Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.\" ausgelöst.",
"properties": {
"warningLevel": 1
}
},
{
"ruleId": "AD0001",
"ruleKey": "AD0001-001",
"level": "warning",
"message": "Die Analyse \"SonarLint.Rules.CSharp.AssignmentInsideSubExpression\" hat eine Ausnahme vom Typ \"System.NullReferenceException\" mit der Meldung \"Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.\" ausgelöst.",
"properties": {
"warningLevel": 1
}
}
Best regards
Marcel
Duarte Meneses
Jul 19, 2016, 7:35:01 AM7/19/16
to Marcel, SonarQube
Thanks for actively testing the fix!
I will release a release candidate today for v5.3.2 with it.
--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/YPMeCNwTm_Q/unsubscribe.
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/6826f2d7-ea7b-4406-92d1-4e66995b4180%40googlegroups.com.
Duarte MENESES | SonarSource
Duarte Meneses
Jul 19, 2016, 10:42:38 AM7/19/16
to SonarQube
RC is out, more info here: https://groups.google.com/forum/#!topic/sonarqube/Ps_z9ddvjJc
Thanks again for reporting the bug and helping on the fix.
To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/6826f2d7-ea7b-4406-92d1-4e66995b4180%40googlegroups.com.
John M
Jul 28, 2016, 1:45:15 PM7/28/16
to SonarQube
Installed 5.3.2, works like a charm - thanks!!
To unsubscribe from this group and all its topics, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/6826f2d7-ea7b-4406-92d1-4e66995b4180%40googlegroups.com.
pay...@gmail.com
Oct 26, 2016, 6:01:12 AM10/26/16
to SonarQube
I am getting the error in 5.3.2 too.
"ERROR: Error during SonarQube Scanner execution
java.lang.NullPointerException
at org.sonar.plugins.csharp.sarif.SarifParser10.handleIssue(SarifParser10.java:72)
at org.sonar.plugins.csharp.sarif.SarifParser10.handleIssues(SarifParser10.java:62)
at org.sonar.plugins.csharp.sarif.SarifParser10.parse(SarifParser10.java:54)
at org.sonar.plugins.csharp.CSharpSensor.importRoslynReport(CSharpSensor.java:248)
at org.sonar.plugins.csharp.CSharpSensor.analyse(CSharpSensor.java:113)
at org.sonar.batch.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:58)
at org.sonar.batch.phases.SensorsExecutor.execute(SensorsExecutor.java:50)
at org.sonar.batch.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:83)
at org.sonar.batch.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:192)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:142)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:127)
at org.sonar.batch.scan.ProjectScanContainer.scan(ProjectScanContainer.java:241)
at org.sonar.batch.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:236)
at org.sonar.batch.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:234)
at org.sonar.batch.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:226)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:142)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:127)
at org.sonar.batch.task.ScanTask.execute(ScanTask.java:47)
at org.sonar.batch.task.TaskContainer.doAfterStart(TaskContainer.java:86)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:142)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:127)
at org.sonar.batch.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:106)
at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:119)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:240)
at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
at org.sonarsource.scanner.cli.Main.runAnalysis(Main.java:110)
at org.sonarsource.scanner.cli.Main.execute(Main.java:72)
at org.sonarsource.scanner.cli.Main.main(Main.java:60)
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
The SonarQube Scanner did not complete successfully
11:56:31.592 Creating a summary markdown file...
Post-processing failed. Exit code: 1"
Tamas Vajk
Oct 31, 2016, 6:43:34 AM10/31/16
to pay...@gmail.com, SonarQube
Hello,
Can you share a minimal repro of this issue?
Would you be able to provide the json file which is the output of Roslyn? It should be in the output folder of the project, and its name ends with "RoslynCA.json".
Also can you share with us the list of plugins on your SQ server and their versions?
Please provide all necessary details in order to reproduce your issue locally.
Thanks,
Tamas
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/e31ee267-fb58-4aa0-998e-8776bb55e874%40googlegroups.com.--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+unsubscribe@googlegroups.com.
Tom Op
Mar 27, 2017, 5:17:49 AM3/27/17
to SonarQube
Hello,
I have SonarQube version 6.1
When I try to run analysis ( MSBuild.SonarQube.Runner ) on my project I am receiving same error.
I am sending my project with only one .cs file
Analysis crash only in case when I put my custom plugin into directory sonarqube\extensions\plugins
My custom plugin has only one analyzer without any functionality ( only empty shell )
My analyzed project: https://drive.google.com/file/d/0B92HJD7Q6r9wRkwyNVd6TnpRNTg/view?usp=sharing
Error message:
INFO: 3/4 files analyzed, starting to analyze: C:\Workspace\csob_security_vurneableapp_net\Csob.TestProject\TestProject\
Vulnerabilities\Xml.cs
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 4.688s
INFO: Final Memory: 45M/353M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
java.lang.NullPointerException
at org.sonar.plugins.csharp.sarif.SarifParser10.handleIssue(SarifParser10.java:69)
at org.sonar.plugins.csharp.sarif.SarifParser10.handleIssues(SarifParser10.java:56)
at org.sonar.plugins.csharp.sarif.SarifParser10.parse(SarifParser10.java:48)
at org.sonar.plugins.csharp.CSharpSensor.importRoslynReport(CSharpSensor.java:291)
at org.sonar.plugins.csharp.CSharpSensor.analyse(CSharpSensor.java:113)
at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:57)
at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:49)
at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:78)
at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:182)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:142)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:127)
at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:247)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:242)
at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:240)
at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:232)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:142)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:127)
at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:47)
at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:86)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:142)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:127)
at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:115)
at org.sonar.batch.bootstrapper.Batch.executeTask(Batch.java:118)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:62)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:233)
at org.sonarsource.scanner.api.EmbeddedScanner.runAnalysis(EmbeddedScanner.java:151)
at org.sonarsource.scanner.cli.Main.runAnalysis(Main.java:110)
at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
ERROR:
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
Picked up JAVA_TOOL_OPTIONS: -Djava.vendor="Sun Microsystems Inc."
The SonarQube Scanner did not complete successfully
11:14:51.75 Creating a summary markdown file...
11:14:51.756 Post-processing failed. Exit code: 1
Dne pátek 8. července 2016 19:01:12 UTC+2 John M napsal(a):
Tom Op
Mar 30, 2017, 6:13:43 AM3/30/17
to SonarQube
After 2 days of analysis I have solution.
It is necessary to remove library Microsoft.CodeAnalysis.CSharp.dll from generated JAR file.
JAR file contains Zipped analyzer and some dependent libraries. It is necessary to remove Microsoft.CodeAnalysis.CSharp.dll from zipped analyzer.
Dne pondělí 27. března 2017 11:17:49 UTC+2 Tom Op napsal(a):
Duarte Meneses
Mar 30, 2017, 7:30:58 AM3/30/17
to Tom Op, SonarQube
Hi,
Could you please send us the json file generated by Roslyn? I would like to make sure our parsing of it is correct.
It should be located in the output directory of the project 'C:\Workspace\csob_security_vurneableapp_net\Csob.TestProject\TestProject\'. It's filename has the suffix "RoslynCA.json".
Thanks.
--
You received this message because you are subscribed to a topic in the Google Groups "SonarQube" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/sonarqube/YPMeCNwTm_Q/unsubscribe.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/29a074e3-506b-4404-8b07-af914cb12b08%40googlegroups.com.To unsubscribe from this group and all its topics, send an email to sonarqube+unsubscribe@googlegroups.com.
Duarte Meneses
Mar 30, 2017, 12:05:31 PM3/30/17
to SonarQube, tomas...@gmail.com
Hi Tom,
The json that you sent to me seems to be parsed correctly by our current parser.
Which version of SonarC# are you using?
Tomáš Oplt
Mar 31, 2017, 9:18:18 AM3/31/17
to Duarte Meneses, SonarQube
Hello Duarte,
There is no error in the json file at all.
Problem is in another place. if you open generated JAR file you will find folder STATIC. In this folder is file Csob.Security.Analyzer.Net.1.0.0.9.zip
If you open ZIP file, you will see folder analyzers\dotnet\cs\
In this folder is my analyzer library Csob.Security.Analyzer.Net.dll and also other dependent assemblies. One of the assemblies is Microsoft.CodeAnalysis.CSharp.dll and this is wrong !
If you have library Microsoft.CodeAnalysis.CSharp.dll no analysis is performed. Solution for this problem is to change nuspec file and exclude this library from packaging into result JAR file.
WRONG !!!
<files>
<file src="*.dll" target="analyzers\dotnet\cs" exclude="**\System.Collections.Immutable.*;**\System.Reflection.Metadata.*;**\System.Composition.*" />
<file src="tools\*.ps1" target="tools\" />
</files>
CORRECT!
<files>
<file src="*.dll" target="analyzers\dotnet\cs" exclude="**\Microsoft.CodeAnalysis.CSharp.*;**\System.Collections.Immutable.*;**\System.Reflection.Metadata.*;**\System.Composition.*" />
<file src="tools\*.ps1" target="tools\" />
</files>
You need alwasy manually remove all Sonar temporary folders because no changes are made by compilation if you don't clear caches manually.
clear directories:
del /s /q C:\Users\xxx\AppData\Local\Temp\1
del /s /q C:\Users\xxx\AppData\Local\Temp\2
del /s /q C:\Users\xxx\AppData\Local\Temp\.sonarqube
del /s /q C:\Users\xxx\AppData\Local\Temp\.sonarqube.sdk
del /s /q C:\Users\xxx\.sonar
del /s /q C:\SONAR_USER_HOME
--
Message has been deleted
G. Ann Campbell
Jun 7, 2017, 10:25:08 AM6/7/17
to SonarQube, duarte....@sonarsource.com
Hi Tom,
Normally I'd counsel you to open a new thread for a new topic, but questions about commercial (closed source) products really belong to Support (or perhaps pre-sales in your case). But I'm not even going to tell you to contact them. Our product page for SonarCFamiliy forObjective-C says we don't yet support custom rules for that language.
Ann
On Wednesday, 7 June 2017 07:11:17 UTC-4, Tom Op wrote:
On Wednesday, 7 June 2017 07:11:17 UTC-4, Tom Op wrote:
Hello Duarte,I have one question. I am from bank company CSOB.cz and we are starting to develop security analyzers for objective C and SWIFT language. We have budget for almost 6 months of development.You have product https://www.sonarsource.com/products/codeanalyzers/sonarcfamilyforobjectivec.html which is not open source and we are now considering which technology now use ( CLang, SonarQube,... )My question is: Is it possible to get source code from you and extend the functionallity of your product ?We can give you internally created analyzers back, so you can have better product with extended functionallity and we will be also happy, because we are using SonarQube also for other project types (Vaading, JSP, C# ) all for finding security bugs like XSS, SQL Injection, CSRF, Path Traversal and many more. If this email is not for you, please forward it to the competent person which can give me an answer.Thanks and best regards.Thomas OpltDevelper at https://www.csob.czTel: 00420 731 400 401
Reply all
Reply to author
Forward
0 new messages