search

forcedotcom / sfdx-scanner

MIT License
215 stars 49 forks source link

[BUG] InternalExecutionError - UnimplementedMethodException: ApexListValue:iterator #1375

Closed MassiBar closed 4 months ago

MassiBar commented 7 months ago

Description:

Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: UnimplementedMethodException: ApexListValue:iterator, vertex=MethodCallExpressionVertex{fullMethodName=result.iterator, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[result], BeginLine=7, DefiningType_CaseSafe=ifmgetpersons, LastChild=true, DefiningType=IFMGetPersons, EndLine=7, Name_CaseSafe=result, childIdx=0, BeginColumn=44, ReferenceType=METHOD, Name=result}}}, chainedNames=[result], properties={FirstChild=true, FullMethodName=result.iterator, BeginLine=7, FullMethodName_CaseSafe=result.iterator, DefiningType_CaseSafe=ifmgetpersons, LastChild=false, DefiningType=IFMGetPersons, EndLine=7, MethodName_CaseSafe=iterator, childIdx=0, BeginColumn=51, MethodName=iterator}}: com.salesforce.graph.symbols.apex.ApexListValue.apply(ApexListValue.java:310); com.salesforce.graph.symbols.PathScopeVisitor.handleApexValueMethod(PathScopeVisitor.java:1487); com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:1242); com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:800); com.salesforce.graph.vertex.MethodCallExpressionVertex.afterVisit(MethodCallExpressionVertex.java:79); com.salesforce.graph.ops.expander.ApexPathExpander.performAfterVisit(ApexPathExpander.java:577)"

` Documentation:

sfge.log: ... 2024-03-04 13:16:28 ERROR ThreadableRuleExecutor:208 - Internal Error executing rule. submission=RuleRunnerSubmission{pathEntry=Method{properties={FirstChild=false, BeginLine=19, DefiningType_CaseSafe=ifmgetpersons, LastChild=false, DefiningType=IFMGetPersons, Constructor=false, EndLine=19, Name_CaseSafe=getobjectbytelephonews, childIdx=4, ReturnType=IFMGetPersons.WrapperMatchingObjects, Name=getObjectByTelephoneWS, Arity=0, ReturnType_CaseSafe=ifmgetpersons.wrappermatchingobjects, BeginColumn=42}}, rules=[com.salesforce.rules.ApexFlsViolationRule@887b102, com.salesforce.rules.UseWithSharingOnDatabaseOperation@34f7392d]} com.salesforce.exception.UnimplementedMethodException: ApexListValue:iterator, vertex=MethodCallExpressionVertex{fullMethodName=result.iterator, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[result], BeginLine=7, DefiningType_CaseSafe=ifmgetpersons, LastChild=true, DefiningType=IFMGetPersons, EndLine=7, Name_CaseSafe=result, childIdx=0, BeginColumn=44, ReferenceType=METHOD, Name=result}}}, chainedNames=[result], properties={FirstChild=true, FullMethodName=result.iterator, BeginLine=7, FullMethodName_CaseSafe=result.iterator, DefiningType_CaseSafe=ifmgetpersons, LastChild=false, DefiningType=IFMGetPersons, EndLine=7, MethodName_CaseSafe=iterator, childIdx=0, BeginColumn=51, MethodName=iterator}} at com.salesforce.graph.symbols.apex.ApexListValue.apply(ApexListValue.java:310) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.symbols.PathScopeVisitor.handleApexValueMethod(PathScopeVisitor.java:1487) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:1242) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:800) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.vertex.MethodCallExpressionVertex.afterVisit(MethodCallExpressionVertex.java:79) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpander.performAfterVisit(ApexPathExpander.java:577) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:536) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:523) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:523) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:452) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpander.handleMethodCall(ApexPathExpander.java:676) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:532) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:523) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:452) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpanderUtil$ApexPathExpansionHandler.expand(ApexPathExpanderUtil.java:223) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpanderUtil$ApexPathExpansionHandler.expand(ApexPathExpanderUtil.java:162) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpanderUtil$ApexPathExpansionHandler._expand(ApexPathExpanderUtil.java:96) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpanderUtil$ApexPathExpansionHandler.access$100(ApexPathExpanderUtil.java:70) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.expander.ApexPathExpanderUtil.expand(ApexPathExpanderUtil.java:55) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.ApexPathUtil.getPaths(ApexPathUtil.java:201) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.graph.ops.ApexPathUtil.summarizeForwardPaths(ApexPathUtil.java:80) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.rules.PathBasedRuleRunner.getPathSummary(PathBasedRuleRunner.java:222) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.rules.PathBasedRuleRunner.runRules(PathBasedRuleRunner.java:75) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.rules.ThreadableRuleExecutor$CallableExecutor.runRules(ThreadableRuleExecutor.java:230) ~[sfge-1.0.1-pilot.jar:?] at com.salesforce.rules.ThreadableRuleExecutor$CallableExecutor.call(ThreadableRuleExecutor.java:167) [sfge-1.0.1-pilot.jar:?] at com.salesforce.rules.ThreadableRuleExecutor$CallableExecutor.call(ThreadableRuleExecutor.java:127) [sfge-1.0.1-pilot.jar:?] at java.util.concurrent.ForkJoinTask$AdaptedCallable.exec(ForkJoinTask.java:1424) [?:1.8.0_161] at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289) [?:1.8.0_161] at java.util.concurrent.ForkJoinTask.doInvoke(ForkJoinTask.java:401) [?:1.8.0_161] at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:734) [?:1.8.0_161] at java.util.concurrent.ForkJoinTask$AdaptedCallable.run(ForkJoinTask.java:1434) [?:1.8.0_161] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_161] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_161] at java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1402) [?:1.8.0_161] at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289) [?:1.8.0_161] at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056) [?:1.8.0_161] at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692) [?:1.8.0_161] at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157) [?:1.8.0_161] 2024-03-04 13:16:28 INFO ThreadableRuleExecutor:216 - Finished. method=IFMGetPersons:getObjectByTelephoneWS:19 2024-03-04 13:16:28 INFO ThreadableRuleExecutor:119 - Future returned after 1411 ms 2024-03-04 13:16:28 INFO ThreadableRuleExecutor:58 - Wait #1 finished, adding 1 new entries 2024-03-04 13:16:28 INFO ThreadableRuleExecutor:68 - Finishing waiting for futures 2024-03-04 13:16:28 INFO ThreadableRuleExecutor:69 - Shutting down 2024-03-04 13:16:28 INFO ThreadableRuleExecutor:73 - Finished shutdown

Steps To Reproduce:

Run the following scan on the method "getObjectByTelephone": sfdx scanner:run:dfa --target="./....cls" --projectdir="./" --category="Security"

public static bool getObjectByTelephone(String numTel) {
  List<List<SObject>> result = [FIND :numTel IN PHONE FIELDS RETURNING Account(Id, Name), Contact(Id, Name), Lead(Id, Name)];
  List<SObject> allResult = new List<SObject>();
  Iterator<List<SObject>> iter = result.iterator();
  while (iter.hasNext()) {
    allResult.addAll((List<SObject>) iter.next());
  }
  return true;
}

Desktop:

Urgency:

"Urgency": "Not business-stopping".

stephen-carter-at-sf commented 4 months ago

Marking this as a duplicate of https://github.com/forcedotcom/sfdx-scanner/issues/1497