QA Main action

SQSCANGHA-133 Upgrade the Node version used in UTs + contribution guide #264

Triggered via pull request April 3, 2026 08:14

claire-villard-sonarsource

opened #226

claire/node-version-on-tests

Status Success

Total duration 3m 57s

Artifacts –

qa-main.yml

on: pull_request

'scannerVersion' input

10s

'scannerBinariesUrl' input with invalid URL

35s

'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command

36s

'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command

50s

Don't fail on Gradle project

Don't fail on Kotlin Gradle project

Don't fail on Maven project

runAnalysisTest

1m 45s

runAnalysisWithCacheTest

1m 38s

curl performs redirect when scannerBinariesUrl returns 3xx

29s

Analysis takes into account 'SONAR_ROOT_CERT'

1m 26s

truststore.p12 is updated when present

16s

'scannerVersion' input validation

Matrix: 'args' input with command injection will fail

Matrix: 'args' input

Matrix: 'args' input with backticks injection does not execute command

Matrix: 'args' input with dollar command injection does not execute command

Matrix: No inputs

Matrix: 'args' input with other command injection variants does not execute command

Matrix: 'SONARCLOUD_URL' is used

Matrix: 'projectBaseDir' input

Matrix: 'RUNNER_DEBUG' is used

Matrix: 'SONAR_ROOT_CERT' is converted to truststore

Annotations

12 errors and 48 warnings

'args' input with command injection will fail (macos-latest, -Dsonar.someArg="value\"; whoami; ec...

Action failed: The process '/Users/runner/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/macosx-aarch64/bin/sonar-scanner' failed with exit code 1

'args' input with command injection will fail (macos-latest, -Dsonar.someArg=aValue && echo "Inje...

Action failed: The process '/Users/runner/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/macosx-aarch64/bin/sonar-scanner' failed with exit code 1

'scannerVersion' input validation

Sanity checks failed: Invalid scannerVersion format. Expected format: x.y.z.w (e.g., 7.1.0.4889)

'args' input with command injection will fail (github-ubuntu-latest-s, -Dsonar.someArg=aValue && ...

Action failed: The process '/opt/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/linux-x64/bin/sonar-scanner' failed with exit code 1

'args' input with command injection will fail (github-ubuntu-latest-s, -Dsonar.someArg="value\"; ...

Action failed: The process '/opt/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/linux-x64/bin/sonar-scanner' failed with exit code 1

'scannerBinariesUrl' is escaped with wget so special chars are not injected in the download command

Action failed: Invalid URL

'scannerBinariesUrl' input with invalid URL

Action failed: getaddrinfo EAI_AGAIN invalid_uri

'scannerBinariesUrl' is escaped with curl so special chars are not injected in the download command

Action failed: Invalid URL

Analysis takes into account 'SONAR_ROOT_CERT'

Action failed: The process '/opt/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/linux-x64/bin/sonar-scanner' failed with exit code 1

Analysis takes into account 'SONAR_ROOT_CERT'

Action failed: The process '/opt/hostedtoolcache/sonar-scanner-cli/8.0.1.6346/linux-x64/jre/bin/java' failed with exit code 1

'args' input with command injection will fail (github-windows-latest-s, -Dsonar.someArg=aValue &&...

Action failed: The process 'C:\hostedtoolcache\windows\sonar-scanner-cli\8.0.1.6346\windows-x64\bin\sonar-scanner.bat' failed with exit code 1

'args' input with command injection will fail (github-windows-latest-s, -Dsonar.someArg="value\";...

Action failed: The process 'C:\hostedtoolcache\windows\sonar-scanner-cli\8.0.1.6346\windows-x64\bin\sonar-scanner.bat' failed with exit code 1

'args' input with dollar command injection does not execute command (github-ubuntu-latest-s)