Closed saurabh-coinbase closed 1 month ago
@saurabh-coinbase , can you post the file that causes the exception?
Yup @jfeingold35 it's here!
<?xml version="1.0" encoding="UTF-8"?>
<ruleset xmlns="http://pmd.sourceforge.net/ruleset/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Default ruleset used by the CodeClimate Engine for Salesforce.com Apex" xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd">
<description>Salesforce Coinbase ruleset</description>
<exclude-pattern>.*/.sfdx/.*</exclude-pattern>
<!--
* Note on priorities:
* 1: hihgest level
* 5: lowest level
*
* 1: must fix (CI will stop on any of those)
* 2: should fix (CI might refuse the PR). Not fixing those will make the code difficult to understand, test or debug.
* 3: default value
* 4: generic code style, naming conventions, etc..
* 5: for information no immediate action required
-->
<!-- SECURITY -->
<rule ref="category/apex/security.xml/ApexBadCrypto" message="Apex Crypto should use random IV/key">
<priority>3</priority>
</rule>
<rule ref="category/apex/security.xml/ApexDangerousMethods" message="Calling potentially dangerous method">
<priority>1</priority>
</rule>
<rule ref="category/apex/security.xml/ApexInsecureEndpoint" message="Apex callouts should use encrypted communication channels">
<priority>3</priority>
</rule>
<rule ref="category/apex/security.xml/ApexOpenRedirect" message="Apex classes should safely redirect to a known location">
<priority>3</priority>
</rule>
<rule ref="category/apex/security.xml/ApexSuggestUsingNamedCred" message="Consider using named credentials for authenticated callouts">
<priority>1</priority>
</rule>
<rule ref="category/apex/security.xml/ApexXSSFromEscapeFalse" message="Apex classes should escape addError strings">
<priority>3</priority>
</rule>
<rule ref="category/apex/security.xml/ApexXSSFromURLParam" message="Apex classes should escape Strings obtained from URL parameters">
<priority>3</priority>
</rule>
<rule ref="category/apex/security.xml/ApexSharingViolations" message="Apex classes should declare a sharing model if DML or SOQL is used">
<priority>1</priority>
</rule>
<!--Performance-->
<rule ref="category/apex/performance.xml/AvoidDebugStatements" >
<priority>2</priority>
</rule>
<rule ref="category/apex/performance.xml/EagerlyLoadedDescribeSObjectResult" >
<priority>2</priority>
</rule>
<rule ref="category/apex/performance.xml/OperationWithLimitsInLoop" >
<priority>2</priority>
</rule>
</ruleset>
@saurabh-coinbase , if this is an issue with PMD itself instead of our integration with PMD (which is what this certainly seems like), then you might be better off logging this against PMD's repo directly instead of with us.
@jfeingold35 I already created with PMD support team, they had mentioned the issue could be from Salesforce scanner end.
@saurabh-coinbase , I'm unable to reproduce locally with the ruleset you provided. Is there any additional setup that you haven't posted yet? Alternatively, is it only reproducible in a particular file?
@jfeingold35 below is the yml file, custom rule file already shared, that's all I have!
name: Salesforce Code Quality
on:
workflow_dispatch:
workflow_call:
jobs:
PMD:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
- name: Setup Salesforce CLI
run: |
npm install --global @salesforce/cli
sf plugins install @salesforce/sfdx-scanner@latest-beta
- name: SF Code Analyzer - PMD
run: |
sf scanner:run --engine pmd --target src --pmdconfig=pmd/apex-ruleset.xml --format table
@saurabh-coinbase , okay, I've tried running that command with your custom ruleset against some of the sample Apex files we have on hand, and I can't reproduce this. That means it's probably dependent on the contents of the file being scanned. If you can narrow it down to a specific file or set of files and provide the contents of those files, I can continue to assist in debugging. But if not, then I'm afraid there's not much I can do to help.
@jfeingold35 There's another issue with the pipeline where 6 PMD violations were detected, but the PMD check did not fail based on the violations reported.
@saurabh-coinbase , Use the --severity-threshold
flag, as per our documentation.
Thank you so much @jfeingold35, I'm still getting Server_Internal error and not sure what could be the resolution for that.
@saurabh-coinbase , as I've mentioned, I'm unable to reproduce that behavior. If you can narrow it down to one or more specific files being passed into --target
and post those files, then I can continue to help you debug, but if not, then there's really nothing more I can do.
Yeah I too am unable to reproduce. I am getting:
~/temp/tempProj: sf scanner run --pmdconfig customRuleSet.xml --target force-app --format table › Warning: @salesforce/cli update available from 2.40.7 to 2.41.8. › Warning: Plugin @salesforce/sfdx-scanner (4.1.0) differs from the version specified by sf (3.24.0) Warning: We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at https://research.net/r/SalesforceCA Warning: The specified target wasn't processed by any engines. Use the --engine parameter to select a different engine or specify a different target. Specified target: force-app. About to run PMD with custom config in customRuleSet.xml. Please make sure that any custom rule references have already been added to the plugin through scanner:rule:add command. Executed engines: pmd-custom, retire-js. No rule violations found.
So it might be attached to how the rule is running on your specific codebase. @saurabh-coinbase Have you tried using PMD 7 independent of salesforce code analyzer to see if that errors?
Closing this for now since we haven't received a reply.
I'm experiencing something very similar and have some additional information to add:
First, I've decomposed the scanner's execution of PMD and executed PMD directly, using the same options. Specifically:
sf scanner run --engine pmd --pmdconfig pmd/ruleset.xml --target "force-app/main/default/classes/MyClass.cls" --verbose
Translates to:
pmd check -R main.xml --file-list force-app/main/default/classes/MyClass.cls --verbose
What's interesting, is that the PMD command executes without issue. Using PMD 7.2.0. However, the scanner at @salesforce/sfdx-scanner 4.2.0 (latest-beta)
throws this error:
About to run PMD with custom config in pmd/ruleset.xml. Please make sure that any custom rule references have already been added to the plugin through scanner:rule:add command.
Error (1): Attribute without value
Line: 3
Column: 1
Char: >
For the record, my pmd/ruleset.xml file's top ~10 lines are:
<?xml version="1.0" encoding="UTF-8" ?>
<ruleset name="Standard"
xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd" >
<description>Booz Allen Hamilton Salesforce Standard Ruleset</description>
<rule ref="category/apex/design.xml/ExcessiveClassLength" >
<priority>2</priority>
<properties>
<property name="minimum" value="1000" />
</properties>
</rule>
Specifically, line 3, mentioned in the error message:
xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd" >
Presumably relates to the final >
on the line, as that's the only reference to >
but ... this hasn't changed in a long time.
I will admit I expect there's some form of version disconnect between the latest best of the scanner and pmd 7.2...
I've tried debugging this with --verbose, etc. but i'm not getting enough information to figure it out.
@jfeingold35 @stephen-carter-at-sf Just adding y'all back to this
scanner run
Issue TemplateFill out this template to submit your Code Analyzer issue.
Description:
Error (1): Attribute without value
Documentation:
Steps To Reproduce:
Install latest beta version:
sf plugins install @salesforce/sfdx-scanner@latest-beta
Expected Behavior:Should not throw any error! Screenshots:
Desktop: Using in the Git CI/CD Pipeline
Additional Context:
Workaround:
if I use latest then it works fine
sf plugins install @salesforce/sfdx-scanner@latest
Urgency:We are facing some pmd errorException (Scanner Internal) which would be resolved under
pmd 7.0
release version.