search

OtherDevOpsGene / zap-sonar-plugin

Integrates OWASP Zed Attack Proxy reports into SonarQube
GNU General Public License v3.0
69 stars 31 forks source link

Zap plugin not working with Java 11 and SonarCube 8.3 #51

Closed rubaiyyaat closed 3 years ago

rubaiyyaat commented 4 years ago

There was some error related to Javadoc and after fixing it, a jar file was created.

But SonarCube keeps restarting if we use this Jar

edwinhere commented 4 years ago

Some more details from web.log:

java.lang.IllegalStateException: Fail to load plugin ZAP [zap]
    at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:88)
    at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:549)
    at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:213)
    at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:187)
    at org.sonar.server.platform.PlatformImpl.access$500(PlatformImpl.java:46)
    at org.sonar.server.platform.PlatformImpl$1.lambda$doRun$0(PlatformImpl.java:120)
    at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:370)
    at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:120)
    at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:354)
    at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.NoClassDefFoundError: org/sonar/api/web/RubyRailsWidget
    at java.base/java.lang.ClassLoader.defineClass1(Native Method)
    at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017)
    at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:174)
    at java.base/java.net.URLClassLoader.defineClass(URLClassLoader.java:550)
    at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:458)
    at java.base/java.net.URLClassLoader$1.run(URLClassLoader.java:452)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:451)
    at org.sonar.classloader.ClassRealm.loadClassFromSelf(ClassRealm.java:125)
    at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:37)
    at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:87)
    at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76)
    at org.sonar.zaproxy.ZapPlugin.define(ZapPlugin.java:38)
    at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:78)
    ... 9 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.sonar.api.web.RubyRailsWidget
    at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
    at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:87)
    at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76)
    ... 23 common frames omitted
2020.05.20 07:35:36 INFO  web[][o.s.p.ProcessEntryPoint] Hard stopping process

According to http://javadocs.sonarsource.org/8.3.0.34182/apidocs/org/sonar/api/web/package-summary.html SonarQube 8.3 no longer has org.sonar.api.web.RubyRailsWidget which was deprecated as early as version 6.2. It was present in 7.x but not anymore: http://javadocs.sonarsource.org/7.9.2/apidocs/org/sonar/api/web/package-summary.html

@rubaiyyaat @zkkmin @Gauravwagh81 can we not use SonarQube 8.x and go back to SonarQube 7.9.2 until this is fixed.

pethers commented 4 years ago

Same issue as well.

OtherDevOpsGene commented 4 years ago

Please try with sonar-zap-plugin-2.0.2. I did a massive code cleanup to get rid of ignored and deprecated classes, and it looks like it is working on SonarQube 8.5 for me now.