search

forcedotcom / sfdx-code-analyzer-vscode

Salesforce Code Analyzer is a unified tool for source code analysis. Run Code Analyzer to scan multiple languages in your code and add diagnostic info to your code that describes the violations.
BSD 3-Clause "New" or "Revised" License
9 stars 1 forks source link

Giving Apex Violation Error When Run SF SCANNER DFA Run Even Apply with Security Keywords In Queries #44

Open niteshlande opened 9 months ago

niteshlande commented 9 months ago

When I Scan My VS Code Local Code with Salesforce Code Analyzer using the Below Command sf scanner run dfa --format=csv --outfile=CodeAnalyzerDFA.csv --target="./" --projectdir="./" --category="Security"

I Got Salesforce Graph Engine couldn't resolve the parameter passed to [READ] operation with field(s) [Unknown]. Could you confirm that this operation has the necessary FLS checks? Error On Queries Method,
But In Checkmarks Reports it is not showing any error. I am Scanning this Report For a salesforce Security Check for App Exchange.

My Queries Method:

@AuraEnabled(cacheable=true) public static List getOrderItemRelatedToOrder(List newOrders) { Set orderIdSet = new Set(); Set orItemFields = Constants.ORDITM_FIELD_LIST; for(Order orderRecord : newOrders) { if (orderRecord.Id != null) { orderIdSet.add(orderRecord.Id); } }
String query = 'SELECT ' + String.join(new List(orItemFields), ', ') + ' FROM OrderItem WHERE OrderId IN :orderIdSet WITH SECURITY_ENFORCED';
return Database.query(String.escapeSingleQuotes(query)); }

rmohan20 commented 8 months ago

Hi @niteshlande - thanks for reporting. Graph Engine has a known issue where it can't parse String objects constructed with + operator. We'll keep this open and report back when we prioritize and fix this issue.

git2gus[bot] commented 8 months ago

This issue has been linked to a new work item: W-15045083