[BUG] InternalExecutionError

[GaneshSMC]

Bug Description

Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: TodoException: Support string concatenation. lhs=LiteralExpression{properties={FirstChild=true, BeginLine=514, DefiningType_CaseSafe=humanbodyanatomycontroller, LastChild=false, DefiningType=HumanBodyAnatomyController, EndLine=514, Value=smcorp__Node, childIdx=0, LiteralType=STRING, BeginColumn=36}}: com.salesforce.graph.ops.ApexValueUtil.getTypeValue(ApexValueUtil.java:340);com.salesforce.graph.ops.ApexValueUtil.convertApexValueToString(ApexValueUtil.java:305);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.addField(FlsValidationRepresentation.java:122);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.lambda$addFields$5(FlsValidationRepresentation.java:118);java.base/java.lang.Iterable.forEach(Iterable.java:75);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.addFields(FlsValidationRepresentation.java:118)

            for (Decimal i = startIndex.intValue() ; i <= endIndex.intValue() ; i++) {
                // Construct the field name based on the current node index
                String fieldName = 'smcorp__Node' + i + '__c';        //line 514           
                // Check if the field exists in the metadata
                if (bvMeta.get(fieldName) != null) {
                    // Add the value and field API name to the map
                    dataMap.put(String.valueOf(bvMeta.get(fieldName)),fieldName);
                } 

Output / Logs

Result :

    createAssessment                InternalExecutionError  Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: TodoException: Support string concatenation. lhs=LiteralExpression{properties={FirstChild=true, BeginLine=514, DefiningType_CaseSafe=humanbodyanatomycontroller, LastChild=false, DefiningType=HumanBodyAnatomyController, EndLine=514, Value=smcorp__Node, childIdx=0, LiteralType=STRING, BeginColumn=36}}: com.salesforce.graph.ops.ApexValueUtil.getTypeValue(ApexValueUtil.java:340);com.salesforce.graph.ops.ApexValueUtil.convertApexValueToString(ApexValueUtil.java:305);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.addField(FlsValidationRepresentation.java:122);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.lambda$addFields$5(FlsValidationRepresentation.java:118);java.base/java.lang.Iterable.forEach(Iterable.java:75);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.addFields(FlsValidationRepresentation.java:118)  https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#ApexFlsViolationRule  InternalExecutionError  sfge
    createPatientDetailAndAssessment InternalExecutionError Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: TodoException: Support string concatenation. lhs=LiteralExpression{properties={FirstChild=true, BeginLine=514, DefiningType_CaseSafe=humanbodyanatomycontroller, LastChild=false, DefiningType=HumanBodyAnatomyController, EndLine=514, Value=smcorp__Node, childIdx=0, LiteralType=STRING, BeginColumn=36}}: com.salesforce.graph.ops.ApexValueUtil.getTypeValue(ApexValueUtil.java:340);com.salesforce.graph.ops.ApexValueUtil.convertApexValueToString(ApexValueUtil.java:305);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.addField(FlsValidationRepresentation.java:122);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.lambda$addFields$5(FlsValidationRepresentation.java:118);java.base/java.lang.Iterable.forEach(Iterable.java:75);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.addFields(FlsValidationRepresentation.java:118)  https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#ApexFlsViolationRule  InternalExecutionError  sfge

Steps To Reproduce

1.Ran below Command sf scanner run --engine pmd-appexchange --format csv --outfile CodeAnalyzerPmdAppExchange.csv --target ./

2.Then ran below Command sf scanner run dfa --format csv --outfile CodeAnalyzerDFA_2.csv --target C:\Users\DELL\HBAVersion2Prod\force-app\main\default\classes\HumanBodyAnatomyController.cls#createPatientDetailAndAssessment --projectdir C:\Users\DELL\HBAVersion2Prod --category Security --sfgejvmargs -Xmx20g --pathexplimit -1 --rule-thread-count 2 --rule-thread-timeout 1800000

Expected Behavior

I expect the report should have provide me a valid violation or should be cleared for my attempt

Operating System

Windows 11

Salesforce CLI Version

@salesforce/cli/2.41.8 win32-x64 node-v20.12.2

Code Analyzer Plugin (@salesforce/sfdx-scanner) Version

@salesforce/sfdx-scanner 3.24.0

Java Version

java version "21.0.2"

Additional Context (Screenshots, Files, etc)

No response

Workaround

No response

Urgency

Critical

[jfeingold35]

@GaneshSMC , we can look into this, but could you please clarify why this issue is Critical?

[jfeingold35]

@GaneshSMC , what's happening at line 514 of HumanBodyAnatomyController? That's the line mentioned in the error message.

[GaneshSMC]

Hello @jfeingold35 We have submitted our application for a security review. Salesforce initially identified some violations, which we resolved. However, in the latest scan, new violations have emerged that were not previously detected, even though the code remains unchanged. We now need to address these new issues and resubmit our application.

The Line 514 dynamically constructs a string of metadata field name and gets its field value and puts the field value and field name in dataMap.

[stephen-carter-at-sf]

Marked this as a duplicate of https://github.com/forcedotcom/sfdx-scanner/issues/1497