Closed GaneshSMC closed 1 month ago
@GaneshSMC , we can look into this, but could you please clarify why this issue is Critical?
@GaneshSMC , what's happening at line 514 of HumanBodyAnatomyController
? That's the line mentioned in the error message.
Hello @jfeingold35 We have submitted our application for a security review. Salesforce initially identified some violations, which we resolved. However, in the latest scan, new violations have emerged that were not previously detected, even though the code remains unchanged. We now need to address these new issues and resubmit our application.
The Line 514 dynamically constructs a string of metadata field name and gets its field value and puts the field value and field name in dataMap.
Marked this as a duplicate of https://github.com/forcedotcom/sfdx-scanner/issues/1497
Bug Description
Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: TodoException: Support string concatenation. lhs=LiteralExpression{properties={FirstChild=true, BeginLine=514, DefiningType_CaseSafe=humanbodyanatomycontroller, LastChild=false, DefiningType=HumanBodyAnatomyController, EndLine=514, Value=smcorp__Node, childIdx=0, LiteralType=STRING, BeginColumn=36}}: com.salesforce.graph.ops.ApexValueUtil.getTypeValue(ApexValueUtil.java:340);com.salesforce.graph.ops.ApexValueUtil.convertApexValueToString(ApexValueUtil.java:305);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.addField(FlsValidationRepresentation.java:122);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.lambda$addFields$5(FlsValidationRepresentation.java:118);java.base/java.lang.Iterable.forEach(Iterable.java:75);com.salesforce.rules.fls.apex.operations.FlsValidationRepresentation.addFields(FlsValidationRepresentation.java:118)
Output / Logs
Result :
Steps To Reproduce
1.Ran below Command sf scanner run --engine pmd-appexchange --format csv --outfile CodeAnalyzerPmdAppExchange.csv --target ./
2.Then ran below Command sf scanner run dfa --format csv --outfile CodeAnalyzerDFA_2.csv --target C:\Users\DELL\HBAVersion2Prod\force-app\main\default\classes\HumanBodyAnatomyController.cls#createPatientDetailAndAssessment --projectdir C:\Users\DELL\HBAVersion2Prod --category Security --sfgejvmargs -Xmx20g --pathexplimit -1 --rule-thread-count 2 --rule-thread-timeout 1800000
Expected Behavior
I expect the report should have provide me a valid violation or should be cleared for my attempt
Operating System
Windows 11
Salesforce CLI Version
@salesforce/cli/2.41.8 win32-x64 node-v20.12.2
Code Analyzer Plugin (@salesforce/sfdx-scanner) Version
@salesforce/sfdx-scanner 3.24.0
Java Version
java version "21.0.2"
Additional Context (Screenshots, Files, etc)
No response
Workaround
No response
Urgency
Critical