Error in evaluate and the process hangs if collect fails in jsdom

[qzhou1607-zz]

This failed scan is due to an known issue reported in request/request#1777.
But the scan::end emitted at the catch block https://github.com/sonarwhal/sonar/blob/c62ec505c5ea623f460c1d7b89e66aa634246f03/src/lib/connectors/jsdom/jsdom.ts#L382-L386 triggered evaluate to run in no-vulnerable-javascript-libraries. And because the value of _finalHref is never assigned, _finalHref is undefined in https://github.com/sonarwhal/sonar/blob/c62ec505c5ea623f460c1d7b89e66aa634246f03/src/lib/connectors/jsdom/jsdom.ts#L516 A destructuring error is thrown as below and the process hangs for a while before exit.

Please tell us about your:

Environment

• sonar version: 0.13.0
• Node.js version: 8.8.0
• npm version: 5.3.0

sonar configuration

sonar's configuration

{
    "connector": {
        "name": "jsdom",
        "options": {
            "waitFor": 1000
        }
    },
    "formatters": "stylish",
    "rulesTimeout": 120000,
    "rules": {
        "amp-validator": "off",
        "apple-touch-icons": "warning",
        "axe": "warning",
        "content-type": "warning",
        "disown-opener": "warning",
        "highest-available-document-mode": "warning",
        "html-checker": "warning",
        "manifest-exists": "warning",
        "manifest-file-extension": "warning",
        "manifest-is-valid": "warning",
        "meta-charset-utf-8": "warning",
        "no-disallowed-headers": "warning",
        "no-friendly-error-pages": "warning",
        "no-html-only-headers": "warning",
        "no-protocol-relative-urls": "warning",
        "no-vulnerable-javascript-libraries": "warning",
        "ssllabs": "off",
        "strict-transport-security": "warning",
        "x-content-type-options": "warning",
        "validate-set-cookie-header": "warning"
    }
}

URL for which sonar failed

• URL: https://demo.safe.cl/

Output

Please include the raw output generated by sonar, or if possible,
the raw output from running sonar in debug mode: sonar --debug <URL>.

sonar's raw output

- Finishing...C:\github\Sonar.git\node_modules\jsdom\lib\old-api.js:281
    const { fragment } = whatwgURL.parseURL(config.url);
            ^

TypeError: Cannot destructure property `fragment` of 'undefined' or 'null'.
    at handleUrl (C:\github\Sonar.git\node_modules\jsdom\lib\old-api.js:281:36)
    at Object.exports.env.exports.jsdom.env (C:\github\Sonar.git\node_modules\jsdom\lib\old-api.js:229:11)
    at process.run (C:\github\Sonar.git\dist\src\lib\connectors\jsdom\evaluate-runner.js:14:11)
    at emitTwo (events.js:125:13)
    at process.emit (events.js:213:7)
    at emit (internal/child_process.js:774:12)
    at _combinedTickCallback (internal/process/next_tick.js:141:11)
    at process._tickCallback (internal/process/next_tick.js:180:9)

[molant]

@qzhou1607 that url has an invalid certificate and the version without SSL points to a parked domain. Is it the right one?

[qzhou1607-zz]

@molant Yes it was the problem. But the results of the failed rules should be error instead of pending. In the current result page, blank results are shown in each category, which is a result of the pending rules.

[molant]

Can you please update the title to be more descriptive of the problem and detail what you are going to change?