[BUG] Scanning files not included in --target

[MattFaz]

Description:

When running the following command: sf scanner run dfa --target "force-app/main/default/classes/ActionItemTriggerHandler.cls,force-app/main/default/classes/ActionItemTriggerHandlerUtility.cls" -f sarif -o dfa-results.sarif the scanner is running on files that are not included in the --target.

As an example the above gives me:

Error (1): Remove unreachable code to proceed with the analysis: /Users/mfarrell/prod/sq-scs-sf/force-app/main/default/classes/AccountStructure.cls,AccountStructure:387

That AccountStructure.cls file is not part of the classes passed into --target.

Expected Behavior:

Only the 2 classes provided in the example are scanned.

Desktop:

• Operating System. MacOS Sonoma 14.4.1
• Code Analyzer version. @salesforce/sfdx-scanner 3.23.0
• Salesforce CLI version. @salesforce/cli/2.35.6

Urgency: N/A - Have excluded from our pipeline until resolved.

[jfeingold35]

@MattFaz , this is working as designed. scanner run dfa performs graph-based analysis, and the graph must contain all the code in the codebase, not just the files you included in --target, otherwise it can't conduct its analysis properly. If you specify --projectdir, the directory you specify will be used to build the graph. Otherwise, we'll dynamically determine one based on a few different attributes. Regardless, we recommend that you simply remove the unreachable code, as that will resolve the problem.

[MattFaz]

Hi @jfeingold35 , Thanks for the response, that makes sense. Given that it must contain all the codebase, what is the purpose of --target then? I must be confused about its functionality.