sonar-groovy icon indicating copy to clipboard operation
sonar-groovy copied to clipboard

Published 20 hours ago verified publisher icon Inform-Software

sonarqube 9.4 issue

Open nzin-appdirect opened this issue 3 years ago • 7 comments

  • I just installed Sonarqube 9.4 with the 1.8 groovy plugin
  • when scanning a project (with the latest “sonar-scanner”)
  • if there are some .groovy file (in a test folder), I get the following error
ERROR: Error during SonarScanner execution
org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object ', (comma)' with class 'java.lang.String' to class 'char'
	at org.codehaus.groovy.runtime.typehandling.ShortTypeHandling.castToChar(ShortTypeHandling.java:72)
	at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.charUnbox(DefaultTypeTransformation.java:73)
	at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.castToPrimitive(DefaultTypeTransformation.java:341)
	at org.codehaus.groovy.runtime.typehandling.DefaultTypeTransformation.castToType(DefaultTypeTransformation.java:242)
	at groovy.lang.MetaClassImpl.setProperty(MetaClassImpl.java:2716)
	at groovy.lang.MetaClassImpl.setProperty(MetaClassImpl.java:3785)
...

nzin-appdirect avatar Jun 09 '22 13:06 nzin-appdirect

We are also experiencing this problem, it only appears when using the sonar scanner for gradle. If we scan the same project with the standalone scanner or the maven scanner, it works.

We added the parameter below to the gradle command line to disable scanning of groovy files only on gradle projects. -Dsonar.groovy.file.suffixes=.FOOBAR123

deyanstoykov avatar Jun 09 '22 19:06 deyanstoykov

Any updates on this issue ?

peeyushsurolia avatar Jul 19 '22 15:07 peeyushsurolia

Looking at the SonarQube 9.4 changelog, this looks like a possible root cause:

[SONAR-15966] Use Spring instead of Pico as dependency injection framework in the scanner-engine

deyanstoykov avatar Jul 22 '22 08:07 deyanstoykov

Disabling the "Duplicated string literal" rule fixed the issue for us (the stacktrace is not the same as yours though).

I recommend to carefully inspect the stacktrace for references to specific rules or any other hints.

deyanstoykov avatar Jul 22 '22 10:07 deyanstoykov

I just tested out the groovy plugin with: sonarqube 9.6 plugin 1.8

I'm using the gradle sonarqube plugin in a grails application.

I'm seeing the groovy files in the code coverage, but there's no security/vulnerabilities being found. When inspecting the rules for the groovy language, i also saw none were defined.

is it safe to say that the groovy plugin doesn't identify security hotspots and vulnerabilities in the scans or do i have an environment issue?

dvuke avatar Aug 29 '22 13:08 dvuke

Hi @TobiX , any updates on this issue? We are also experiencing this problem with sonarqube 9.7.1 and 1.8 groovy plugin

Malgosiatobiasz1 avatar Jan 05 '23 12:01 Malgosiatobiasz1

See #179 - Pull requests always welcome!

TobiX avatar Jan 09 '23 13:01 TobiX