Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-16050

Scanner fails with NPE if user doesn't have permission to analyze project

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9.4
    • Component/s: None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      If a user doesn't have permission to scan a project, the scanner fails with a NullPointerException, giving no hints to what is the cause of the problem:

      Caused by: java.lang.NullPointerException
          at org.sonar.scanner.report.ComponentsPublisher.convert (ComponentsPublisher.java:103)
          at org.sonar.scanner.report.ComponentsPublisher.publish (ComponentsPublisher.java:68)
          at org.sonar.scanner.report.ReportPublisher.generateReportFile (ReportPublisher.java:163)
          at org.sonar.scanner.report.ReportPublisher.execute (ReportPublisher.java:137)
          at org.sonar.scanner.scan.SpringProjectScanContainer.doAfterStart (SpringProjectScanContainer.java:352)
          at org.sonar.scanner.bootstrap.SpringComponentContainer.startComponents (SpringComponentContainer.java:167)
          at org.sonar.scanner.bootstrap.SpringComponentContainer.execute (SpringComponentContainer.java:147)
          at org.sonar.scanner.bootstrap.SpringGlobalContainer.doAfterStart (SpringGlobalContainer.java:133)
          at org.sonar.scanner.bootstrap.SpringComponentContainer.startComponents (SpringComponentContainer.java:167)
          at org.sonar.scanner.bootstrap.SpringComponentContainer.execute (SpringComponentContainer.java:147)
          at org.sonar.batch.bootstrapper.Batch.doExecute (Batch.java:72)
          at org.sonar.batch.bootstrapper.Batch.execute (Batch.java:66)
          at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute (BatchIsolatedLauncher.java:46)
          at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
          at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62)
          at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke (Method.java:566)
          at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke (IsolatedLauncherProxy.java:60)
          at com.sun.proxy.$Proxy23.execute (Unknown Source)
          at org.sonarsource.scanner.api.EmbeddedScanner.doExecute (EmbeddedScanner.java:189)
          at org.sonarsource.scanner.api.EmbeddedScanner.execute (EmbeddedScanner.java:138)
          at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute (ScannerBootstrapper.java:65)
          at org.sonarsource.scanner.maven.SonarQubeMojo.execute (SonarQubeMojo.java:108)
      

      The lack of permission is raises a problem when trying to fetch the project repository. However, the project repository is loaded lazily. It's required when calculating a file's metadata. Since a file metadata is also loaded lazily, it's usually done when a plugin is analyzing a file. When an exception is thrown, with the goal of failing the analysis, plugins will catch and swallow the exception and keep going.

      We should probably load the project repository eagerly, with a Startable class in the project container. Like that we don't run into the lack of permissions when our API is called by a plugin.

      Note: authentication failure happens at different stages depending whether it's the first time the project is analyzed.

      • New project: Happens at the very end, when submitting report
      • Existing project: Happens when getting the project repository (this ticket refers to this situation).

        Attachments

          Activity

            People

            Assignee:
            duarte.meneses Duarte Meneses
            Reporter:
            duarte.meneses Duarte Meneses
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: