sonar-tools
sonar-tools copied to clipboard
okorach
sonar-audit errors
Getting the following error when running either from pip installed sonar-tools or current main branch:
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "C:\Users\sq\AppData\Local\Programs\Python\Python311\Scripts\sonar-audit.exe\_
_main__.py", line 7, in <module>
File "C:\Users\sq\AppData\Local\Programs\Python\Python311\Lib\site-packages\tools\a
udit.py", line 146, in main
util.check_token(args.token)
File "C:\Users\sq\AppData\Local\Programs\Python\Python311\Lib\site-packages\sonar\u
tilities.py", line 215, in check_token
if token_type(token) != "user":
^^^^^^^^^^^^^^^^^
File "C:\Users\sq\AppData\Local\Programs\Python\Python311\Lib\site-packages\sonar\u
tilities.py", line 206, in token_type
if token[0:4] == "sqa_":
~~~~~^^^^^
TypeError: 'NoneType' object is not subscriptable
Hello @smclinden
May I ask you what command line you run?
Do you pass a token with option -t or do you have the environment variable $SONAR_TOKEN set?
My apologies. I was testing against version 8 of SQ. The sq token names weren't introduced until version 9.
I switched to version 9, but now I am getting errors of the form:
File "C:\Users\sq\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\models.py", line 1021, in raise_for_status raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 504 Server Error: Gateway Time-out for url: https://sqtest.com/api/system/info
I suspect that this is redirection problem.
GET Error: squ_8d***8a@https://sq.com/api/system/info HTTP status code 504
Added the relevant roles/permissions to the account running the audit. Still seeing errors:
HTTP error 403 - Insufficient permissions to perform operation: Insufficient privileges
FATAL: For request URL https://sq.com/api/ce/activity?status=SUCCESS%2CPENDING%2CIN_PROGRESS%2CFAILED%2CCANCELED&additionalFields=warnings&onlyCurrents=true&component=sq-project
HTTP error 403 - Insufficient permissions to perform operation: Insufficient privileges
Hello @smclinden ,
Please check the permission required to use the api/ce/activity API and make sure that the user corresponding to the token you use has this permission. Definitely it must miss this permission (the 403 error comes from SonarQube, not sonar-audit).
Generally speaking you must use the token of a user that have full (global and project) admin access to perform all auditing tasks. With lower privilege tokens some auditing tasks can be possible, others cannot. It would be a headache to define what's possible or not depending on the token permissions.
I am closing the issue since I think there is no problem in sonar-tools. It's only a matter of token permissions
I'm getting conflicting messages. I have all the privileges that you require (full Administrative access) but it is looking for a User token (squ) yet I get:
2023-01-15 11:42:54,913 | sonar-tools | CRITICAL | ProjectAudit6 | For request URL https://sonartest.xxx.com/ap
i/ce/activity?status=SUCCESS%2CPENDING%2CIN_PROGRESS%2CFAILED%2CCANCELED&additionalFields=warnings&onlyCurrents=true&com
ponent=boot-loops-react-native
HTTP error 403 - Insufficient permissions to perform operation: Insufficient privileges
Also, this is an Enterprise license, so I don't understand these messages:
2023-01-15 11:42:55,573 | sonar-tools | INFO | ProjectAudit5 | Community edition, binding validation disabled or pr
oject 'com.xxx.pc:vd' has no binding, skipping binding validation...
Suggestions?