mohan-raheja
commented
4 months ago I'm getting this error, when I use stripinaccessible
SObjectAccessDecision decision = Security.stripInaccessible(
AccessType.READABLE,
records
);
records = decision.getRecords();
Description: Encountered an InternalExecutionError while running the scanner run dfa command on the cp.cls class. The error suggests a problem with handling a null value within the Salesforce Graph Engine, specifically when attempting to invoke "com.salesforce.graph.symbols.apex.AbstractSanitizableValue.getDeclarationVertex()".
Documentation: Attached is the log excerpt from ~/.sfdx-scanner/sfge.log showing the error detail. The error occurs when processing the cp.cls, particularly within the processData method.
php Copy code Error and stack trace: NullPointerException: Cannot invoke "com.salesforce.graph.symbols.apex.AbstractSanitizableValue.getDeclarationVertex()" because "sanitizableValue" is null: com.salesforce.graph.symbols.apex.system.SObjectAccessDecision.buildSanitizedValue(SObjectAccessDecision.java:138);com.salesforce.graph.symbols.apex.system.SObjectAccessDecision.executeMethod(SObjectAccessDecision.java:112);com.salesforce.graph.symbols.PathScopeVisitor.afterMethodCall(PathScopeVisitor.java:659);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterMethodCall(DefaultSymbolProviderVertexVisitor.java:318);com.salesforce.graph.ops.expander.ApexPathExpander.handleMethodCall(ApexPathExpander.java:681);com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:532) Steps To Reproduce:
Run sfdx scanner:run --target /path/to/cp.cls --format xml --engine dfa. Observe the InternalExecutionError in the output. Expected Behavior: Expected the scanner to analyze the Apex class without internal errors, reporting any relevant security issues according to Salesforce best practices and rules.
Screenshots: N/A
Desktop:
Operating System: macOS Ventura 13.5 Code Analyzer version: v3.16.0 Salesforce CLI version: @salesforce/cli/2.0.2 Additional Context: The issue seems related to internal handling of the Salesforce Graph Engine, potentially a bug within the engine's processing of Apex code for security evaluation.
Workaround: Currently, no workaround identified. The issue prevents a complete security assessment of the cp.cls file using the scanner run dfa command.
Urgency: High. This issue blocks thorough security analysis of critical Salesforce Apex code, potentially delaying development workflows and security review processes.