Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-9835

Possible NPE in global sensors when some analyzed files are located outside of project baseDir

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.4
    • Fix Version/s: 6.6-M1, 6.6
    • Component/s: Scanner
    • Labels:
      None

      Description

      Prior to 6.4, the only constraint was that files had to be physical children of their parent modules. Modules were only a logical concept. Sensors were able to query files by relative path to their module.

      With the introduction of global Sensors in 6.4, we started to also index files by relative path to project baseDir. This indexing is wrong when files are outside of project basedir. This may result in NullPointerException in global Sensors (see attached reproducer SONAR-9835-sample-cpp.zip, run analysis from the 'root' folder).

      INFO: Sensor C++ [cpp]
      INFO: ------------------------------------------------------------------------
      INFO: EXECUTION FAILURE
      INFO: ------------------------------------------------------------------------
      ERROR: Error during SonarQube Scanner execution
      java.lang.NullPointerException
              at com.sonar.cpp.plugin.I.A(na:2697)
              at com.sonar.cpp.plugin.I.A(na:3572)
              at com.sonar.cpp.plugin.C.execute(na:1575)
              at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
              at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:87)
              at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:81)
              at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:72)
      

      A check was added in 6.6-M1 to avoid this NPE, leading to strongly enforce that all indexed modules/folders/files are located under the project baseDir:
      https://github.com/SonarSource/sonarqube/commit/343758acd64fd2318a35c5f55c6511cf8b2f6467#diff-6bb889e3dc42ff0bc1ebdfa43ec03319R152
      https://github.com/SonarSource/sonarqube/commit/e6b28c1ba4e7627f4599590ddfcc21875843ce87

      However, this change has an unexpected side effect: some Maven projects using a flat layout are no more compatible:

      projectDir/
          module1/pom.xml
          parent/pom.xml (contains <module>../module1</module>)
      

      Running: mvn sonar:sonar -f parent/pom.xml used to work, but will now fail saying that path/to/module1 should be relative to project basedir (which is path/to/parent).

      Note: MSBuild projects are unaffected, because the scanner for MSBuild compute the project baseDir as the nearest ancestor of all projects of the solution.

      Possible solutions:

      • revert the change, and try to support in global Sensors files that are outside project baseDir (having InputFile.relativePath() returning something like '../anotherDir/Foo.cpp')
      • change the scanner for Maven (and possibly Gradle) to ensure project baseDir is an ancestor of all modules paths of the reactor (similar to what is done in the scanner for MSBuild)

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              julien.henry Julien Henry
              Reporter:
              julien.henry Julien Henry
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: