Problem with startup after upgrading 3.3 -> 3.4 on sq 5.6

[pethers]

Get

2016.07.05 01:11:19 ERROR web[o.a.c.c.C.[.[.[/sonar]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.PlatformServletContextListener
org.sonar.server.exceptions.BadRequestException: Rule findbugs:XSS_REQUEST_PARAMETER_TO_JSP_WRITER and profile jsp-findbugs-security-jsp-38343 have different languages

Looks the language changed for rule " Security - JSP reflected cross site scripting vulnerability".

Full startup log below

2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin 3D Code Metrics / 3.3 / 27dbb43e6fbe0f564b50bb647494280a2eab8a89
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin CSS / 1.10 / 4dbbeb4af69a9e0012d05002217f1e6800a9bb7d
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Checkstyle / 2.4 / abe1e23436ed7b227a3a325cbf12e204a7c90fc9
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Findbugs / 3.4.0 / 
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Git / 1.2 / ed0814f835a7e4b5169b6e4b6312a95dc3f71ae5
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin GitHub / 1.3 / a329b577298d259741a3098a80651a59fa180a2e
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin JSON / 1.4 / 0
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Java / 4.0 / 0
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Java Properties / 1.7 / 0
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin JavaMelody / 1.60.0 / 683e1edcbdfd326405e455cd1afbc78f1fd02189
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin JavaScript / 2.14 / 8e37a262d72dd863345f9c6e87421e2d1853a2e6
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Motion Chart / 1.7 / e9c4a5c95c75564b3c3b5a887b63ef50fc59a156
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin PMD / 2.6 / f419f834b4bea51f9b6da33517b7f6186db5c066
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin SVG Badges / 2.0.1
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin SoftVis3D / 0.4.1
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Tab Metrics / 1.4.1 / f575baba797d28be52a4fed5ee23159dd2e4a83a
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Timeline / 1.5 / a9cae1328fd455a128b5d7d603381f47398c6e2a
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Useless Code Tracker / 1.0 / a3ddd97c48de2a4ec5c716484c320b371f4f38f1
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Web / 2.4 / 61c14c00da36f77d18c019ad2bd7942708e99c13
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin Widget Lab / 1.8.1 / d0293be59a6eddb33224d093b8b559490798b7a2
2016.07.05 01:11:12 INFO  web[o.s.s.p.ServerPluginRepository] Deploy plugin XML / 1.4.1 / d2c0388961fcbe78ac597ca3fb3e262d3e733988
2016.07.05 01:11:13 INFO  web[o.s.s.p.RailsAppsDeployer] Deploying Ruby on Rails applications
2016.07.05 01:11:13 INFO  web[o.s.s.p.RailsAppsDeployer] Deploying app: motionchart
2016.07.05 01:11:14 INFO  web[o.s.s.p.UpdateCenterClient] Update center: http://update.sonarsource.org/update-center.properties (no proxy)
2016.07.05 01:11:14 INFO  web[c.q.p.s.b.f.PreferredFontProvider] SVGImageGenerator will be using font 'Verdana' in order to compute SVG badges width.
2016.07.05 01:11:14 INFO  web[c.q.p.s.b.w.SVGImageGenerator] SVGImageGenerator is now ready.
2016.07.05 01:11:14 INFO  web[c.q.p.s.b.w.g.QualityGateBadgeGenerator] QualityGateBadgeGenerator is now ready.
2016.07.05 01:11:14 INFO  web[c.q.p.s.b.w.m.MeasureBadgeGenerator] MeasureBadgeGenerator is now ready.
2016.07.05 01:11:15 WARN  web[o.s.a.s.w.WebService$Action] Since is not set on action api/softVis3D/getVisualization
2016.07.05 01:11:15 WARN  web[o.s.a.s.w.WebService$Action] The response example is not set on action api/softVis3D/getVisualization
2016.07.05 01:11:15 INFO  web[o.s.s.n.NotificationService] Notification service started (delay 60 sec.)
2016.07.05 01:11:15 INFO  web[o.s.s.s.RegisterMetrics] Register metrics
2016.07.05 01:11:15 INFO  web[o.s.s.r.RegisterRules] Register rules
2016.07.05 01:11:17 INFO  web[o.s.s.q.RegisterQualityProfiles] Register quality profiles
2016.07.05 01:11:19 INFO  web[o.s.s.q.RegisterQualityProfiles] Register profile {lang=jsp, name=FindBugs Security JSP}
2016.07.05 01:11:19 INFO  web[o.s.s.n.NotificationService] Notification service stopped
2016.07.05 01:11:19 ERROR web[o.a.c.c.C.[.[.[/sonar]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.PlatformServletContextListener
org.sonar.server.exceptions.BadRequestException: Rule findbugs:XSS_REQUEST_PARAMETER_TO_JSP_WRITER and profile jsp-findbugs-security-jsp-38343 have different languages
    at org.sonar.server.qualityprofile.RuleActivatorContext.verifyForActivation(RuleActivatorContext.java:234) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.qualityprofile.RuleActivator.doActivate(RuleActivator.java:95) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.qualityprofile.RuleActivator.activate(RuleActivator.java:86) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.qualityprofile.RegisterQualityProfiles.register(RegisterQualityProfiles.java:157) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.qualityprofile.RegisterQualityProfiles.registerProfilesForLanguage(RegisterQualityProfiles.java:131) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.qualityprofile.RegisterQualityProfiles.start(RegisterQualityProfiles.java:98) ~[sonar-server-5.6.jar:na]
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_91]
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_91]
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_91]
    at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_91]
    at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.invokeMethod(ReflectionLifecycleStrategy.java:110) ~[picocontainer-2.15.jar:na]
    at org.picocontainer.lifecycle.ReflectionLifecycleStrategy.start(ReflectionLifecycleStrategy.java:89) ~[picocontainer-2.15.jar:na]
    at org.sonar.core.platform.ComponentContainer$1.start(ComponentContainer.java:320) ~[sonar-core-5.6.jar:na]
    at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84) ~[picocontainer-2.15.jar:na]
    at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169) ~[picocontainer-2.15.jar:na]
    at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132) ~[picocontainer-2.15.jar:na]
    at org.picocontainer.behaviors.Stored.start(Stored.java:110) ~[picocontainer-2.15.jar:na]
    at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016) ~[picocontainer-2.15.jar:na]
    at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009) ~[picocontainer-2.15.jar:na]
    at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767) ~[picocontainer-2.15.jar:na]
    at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:141) ~[sonar-core-5.6.jar:na]
    at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:84) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.platform.platformlevel.PlatformLevelStartup.access$001(PlatformLevelStartup.java:45) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.platform.platformlevel.PlatformLevelStartup$1.doPrivileged(PlatformLevelStartup.java:80) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.user.DoPrivileged.execute(DoPrivileged.java:44) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.platform.platformlevel.PlatformLevelStartup.start(PlatformLevelStartup.java:77) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.platform.Platform.executeStartupTasks(Platform.java:201) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.platform.Platform.doStart(Platform.java:114) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.platform.Platform.doStart(Platform.java:99) ~[sonar-server-5.6.jar:na]
    at org.sonar.server.platform.PlatformServletContextListener.contextInitialized(PlatformServletContextListener.java:44) ~[sonar-server-5.6.jar:na]
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4812) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5255) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1408) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1398) [tomcat-embed-core-8.0.30.jar:8.0.30]
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_91]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_91]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_91]

[h3xstream]

Sorry about that, this is definitely not a proper behavior.

@pethers
Did you install the latest version trough the update center?

Repository and profiles from different language.

The rule XSS_REQUEST_PARAMETER_TO_JSP_WRITER is define in the findbugs repository (language Java). It is enable in the profile findbugs-security-jsp (language JSP).

I have built a hot fix for the issue. Let me know if it fix the problem on your instance.
See : https://github.com/SonarQubeCommunity/sonar-findbugs/releases/tag/3.4 (sonar-findbugs-plugin-3.4.1-fix.jar)

How to test

1. Remove/Move the old sonar-findbugs-plugin-X.jar from $SONAR/extensions/plugins/
2. Add sonar-findbugs-plugin-3.4.1-fix.jar in $SONAR/extensions/plugins/
3. Restart SonarQube

[h3xstream]

For reference : SonarQube developper discussion
https://groups.google.com/forum/#!topic/sonarqube/pbHtR6CPrEk

[oliverbrandt]

I directly tried to use the FB 3.4.1-fix plugin and ran into the following problem:

2016.07.05 09:52:07 ERROR web[o.a.c.c.C.[.[.[/sonarqube]] Exception sending context initialized event to listener instance of class org.sonar.server.platform.PlatformServletContextListener org.sonar.server.exceptions.BadRequestException: Rule findsecbugs-jsp:XSS_REQUEST_PARAMETER_TO_JSP_WRITER and profile java-findbugs-+-fb-contrib-10015 have different languages

Starting SQ once using the 3.4.0 FB plugin before upgrading to 3.4.1-fix did fix the issue.

[pethers]

The sonar-findbugs-plugin-3.4.1-fix.jar did resolve the issue for me, did "restore built in profiles" prior to test of 3.4.1-fix.jar.

Did build the sonar-findbugs-plugin-3.4.jar myself from the tag.

Thanks for the rapid response and solving this issue.
best regards

[h3xstream]

@oliverbrandt Thanks for the notification.
I realize that Findbugs profile and Findbugs + Fb-contrib profile still referencing to XSS_REQUEST_PARAMETER_TO_JSP_WRITER. I will make a small adjustment.

[amaltson]

@h3xstream any chance you could get the 3.4.3 release out? Thanks!

[h3xstream]

@amaltson 3.4.3 is already release.

The next release will include additional fixes. Likely to be release in early august.

[amaltson]

@h3xstream I didn't see a release on the release page. I guess I can checkout that tag and create a package myself?

[h3xstream]

Here is the package to install it manually: https://github.com/SonarQubeCommunity/sonar-findbugs/releases/tag/3.4.3 (I just create this tag and "release". It was previously here.)