Open Sourciluss667 opened 10 months ago
@Sourciluss667 , you can document this as a false positive just as you would any others, so this isn't a blocker.
Also, the reason that removing the @AuraEnabled
annotation resolves the issue is because @AuraEnabled
is one of the keywords that marks the method as an entry point for data flow analysis. This is clearly indicated in the documentation.
Also-also, please include what the actual error message is, so we know what the actual problem is.
This issue has been linked to a new work item: W-15080639
Duplicate of #1294
scanner run dfa
Issue TemplateFill out this template to submit your Code Analyzer issue.
Description:
I run
sf scanner run dfa --format=csv --outfile=CodeAnalyzerDFA.csv --target="./force-app/main/default/classes/helpers/LeewayOrganizationName.cls" --projectdir="./" --category="Security" --sfgejvmargs "-Xmx4g"
but gotInternalExecutionError
on a specific function. I tried lot of things (remove path limit, increase heap size, etc) but always have InternalExecutionError. I notice if I remove@AuraEnabled(cacheable=false)
, I don't have the issue anymore!Documentation:
sfge.log
Steps To Reproduce:
My function call 2 others functions with
@AuraEnabled
too, with 2 if statements.NB:
LeewayRecordLeewayMasterAccount.fetchAndSaveOrganizationName()
andLeewayRecordLeewayAccount.fetchAndSaveOrganizationName()
doesn't have error when run scanner on theses files.Expected Behavior:
No problems in output file.
Screenshots:
Desktop:
OS: macOS Sonoma v14.1 Code Analyzer version: latest Salesforce CLI version: @salesforce/cli/2.22.7 darwin-arm64 node-v20.10.0
Additional Context:
Workaround:
Without
@AuraEnabled
, the scan work correctly, but I can't remove it because my code doesn't work without it.Urgency:
This block us to launch our Security review