search

forcedotcom / sfdx-scanner

MIT License
212 stars 49 forks source link

[BUG] InternalExecutionError even /* sfge-disable-stack ApexFlsViolationRule */ were assigned #1181

Closed oldgunner closed 3 months ago

oldgunner commented 12 months ago

Describe the bug Methods check was disabled via / sfge-disable-stack ApexFlsViolationRule /. But InternalExecutionError error were thrown.

To Reproduce Steps to reproduce the behavior:

Run the first scan. sfdx scanner:run --format=csv --outfile=CodeAnalyzerGeneral.csv --target="./" --category="Security"

Run the second scan. sfdx scanner:run:dfa --format=csv --outfile=CodeAnalyzerDFA.csv --target="./" --projectdir="./" --category="Security"

Expected behavior After running the second scan csv file should be empty or with any errors described in documentation link

Screenshots None

Desktop (please complete the following information):

Additional context Stack trace: Error and stacktrace: UnimplementedMethodException: ApexListValue:iterator, vertex=MethodCallExpressionVertex{fullMethodName=idStrings.iterator, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[idStrings], BeginLine=15, DefiningType_CaseSafe=utils, LastChild=true, DefiningType=Utils, EndLine=15, Name_CaseSafe=idstrings, childIdx=0, BeginColumn=37, ReferenceType=METHOD, Name=idStrings}}}, chainedNames=[idStrings], properties={FirstChild=true, FullMethodName=idStrings.iterator, BeginLine=15, FullMethodName_CaseSafe=idstrings.iterator, DefiningType_CaseSafe=utils, LastChild=false, DefiningType=Utils, EndLine=15, MethodName_CaseSafe=iterator, childIdx=0, BeginColumn=47, MethodName=iterator}}: com.salesforce.graph.symbols.apex.ApexListValue.apply(ApexListValue.java:310);com.salesforce.graph.symbols.PathScopeVisitor.handleApexValueMethod(PathScopeVisitor.java:1462);com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:1222);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:749);com.salesforce.graph.vertex.MethodCallExpressionVertex.afterVisit(MethodCallExpressionVertex.java:79);com.salesforce.graph.ops.expander.ApexPathExpander.performAfterVisit(ApexPathExpander.java:577)

"Workaround": Have you found any ways to sidestep the problem?

"Urgency":"Business stopping"

jfeingold35 commented 12 months ago

@oldgunner , Can you please post a snippet of where you've added /* sfge-disable-stack ApexFlsViolationRule */, including the annotation and the method declaration? (Also, does changing the annotation to simply /* sfge-disable-stack */ resolve the error? ApexFlsViolationRule is no longer the only "Security" rule, so you may want the directive to disable rules more broadly instead of just that one specific rule.)

oldgunner commented 12 months ago

@jfeingold35 Can you please post a snippet of where you've added / sfge-disable-stack ApexFlsViolationRule /, including the annotation and the method declaration?

@AuraEnabled
    /* sfge-disable-stack ApexFlsViolationRule */
    public static String saveDefaultOptions(List<String> optionValues, String optionType) {

(Also, does changing the annotation to simply / sfge-disable-stack / resolve the error? I tried it, there was no success

Also I tried 

/* sfge-disable */
public abstract with sharing class ObjectPermissionsController {

error the same - Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: UnimplementedMethodException: ApexListValue:iterator, vertex=MethodCallExpressionVertex{fullMethodName=idStrings.iterator, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[idStrings], BeginLine=15, DefiningType_CaseSafe=utils, LastChild=true, DefiningType=Utils, EndLine=15, Name_CaseSafe=idstrings, childIdx=0, BeginColumn=37, ReferenceType=METHOD, Name=idStrings}}}, chainedNames=[idStrings], properties={FirstChild=true, FullMethodName=idStrings.iterator, BeginLine=15, FullMethodName_CaseSafe=idstrings.iterator, DefiningType_CaseSafe=utils, LastChild=false, DefiningType=Utils, EndLine=15, MethodName_CaseSafe=iterator, childIdx=0, BeginColumn=47, MethodName=iterator}}: com.salesforce.graph.symbols.apex.ApexListValue.apply(ApexListValue.java:310);com.salesforce.graph.symbols.PathScopeVisitor.handleApexValueMethod(PathScopeVisitor.java:1462);com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:1222);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:749);com.salesforce.graph.vertex.MethodCallExpressionVertex.afterVisit(MethodCallExpressionVertex.java:79);com.salesforce.graph.ops.expander.ApexPathExpander.performAfterVisit(ApexPathExpander.java:577)

Thanks!

jfeingold35 commented 12 months ago

@oldgunner , it looks like what's happening here is that the issue is occurring during path expansion, not during path traversal. Since the directive tells the traversal to skip a given rule (or rules) but doesn't impact expansion the directive isn't suppressing the error. So, let's see what's actually causing the error. The exception says it's coming from a vertex at line 15 of Utils.cls. What's going on at that line?

oldgunner commented 12 months ago

@jfeingold35 thanks for response! on the 15th line of Utils.cls we parse to Set<Id> converted to custom Iterable<String> either List<String> or Set<String>. After that we return Set of ids.

static final Pattern idPattern = Pattern.compile('[a-zA-Z0-9]{15}|[a-zA-Z0-9]{18}');

    public static Set<Id> parseIds(List<String> idStrings) {
        return parseIds((Iterable<String>)idStrings);
    }

    public static Set<Id> parseIds(Set<String> idStrings) {
        return parseIds((Iterable<String>)idStrings);
    }

    public static Set<Id> parseIds(Iterable<String> idStrings) {
        Set<Id> ids = new Set<Id>();
> line 15 is below
        Iterator<String> iterator = idStrings.iterator();
        while(iterator.hasNext()) {
            String value = iterator.next();
            if (idPattern.matcher(value).matches()) {
                ids.add(Id.valueOf(value));
            }
        }

        return ids;
    }
stephen-carter-at-sf commented 3 months ago

Marking this as a duplicate of https://github.com/forcedotcom/sfdx-scanner/issues/1497