Open stephen-carter-at-sf opened 1 month ago
Issues where this has been reported:
This issue has been linked to a new work item: W-15923250
I'm facing this same issue and I need to submit my org for a security review this week. Should I go ahead and submit it or will this violation cause me to fail the security review?
Correct me if I'm wrong, but this is a bug in the Salesforce Code Analyzer, right?
@rmohan20 @stephen-carter-at-sf
I just received this error:
Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: NullPointerException: null: java.base/java.util.concurrent.ConcurrentSkipListMap.computeIfAbsent(ConcurrentSkipListMap.java:1459);com.salesforce.graph.vertex.SyntheticTypedVertex.get(SyntheticTypedVertex.java:41);com.salesforce.graph.symbols.apex.ApexMapValue.apply(ApexMapValue.java:188);com.salesforce.graph.symbols.PathScopeVisitor.handleApexValueMethod(PathScopeVisitor.java:1487);com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:1242);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:800)
We received 6 of these, all with identical error and stack:
UnexpectedException:
BooleanExpression{properties={FirstChild=false, Operator=&&, BeginLine=35, DefiningType_CaseSafe=utils, LastChild=false, DefiningType=Utils, EndLine=35, childIdx=1, BeginColumn=14}}: com.salesforce.graph.ops.MethodTypeMatchUtil.getTypeFromSymbol(MethodTypeMatchUtil.java:167);
com.salesforce.graph.ops.MethodTypeMatchUtil.parameterTypesMatch(MethodTypeMatchUtil.java:150);
com.salesforce.graph.ops.MethodUtil.getInvoked(MethodUtil.java:358);
com.salesforce.graph.ops.MethodUtil.getInvoked(MethodUtil.java:158);
com.salesforce.graph.ops.MethodUtil.getPaths(MethodUtil.java:703);
com.salesforce.graph.ops.expander.ApexPathExpander.resolveMethodCall(ApexPathExpander.java:849)
Example code structure (names changed):
public with sharing class SubClass extends BaseClass{
@AuraEnabled
public static CustomApexType[] methodName(
String someId,
String anotherId
) {
return BaseClass.methodName(
new SubClass(null, someId),
anotherId
);
}
}
Side note: adding /* sfge-disable-stack ApexFlsViolationRule */
to these methods has no effect
Have you tried to resolve this issue yourself first?
Yes
Bug Description
The Salesforce Graph Engine has a number of cases that currently not supported. These manifest themselves to users with an error message that says:
Since this is occurring more frequently, we would like to consolidate all user reported cases in this issue to clean up our issue backlog.
If you have received this error. Please add a comment below with your stack trace instead of creating a new issue. Otherwise, the issue you create will just be duplicated to this one.
Output / Logs
No response
Steps To Reproduce
sf scanner run dfa ...
Expected Behavior
People expect this to just work and give proper violation messages instead of telling them to create an issue for our team to look at.
Operating System
Various
Salesforce CLI Version
Various
Code Analyzer Plugin (@salesforce/sfdx-scanner) Version
Various
Java Version
Various
Additional Context (Screenshots, Files, etc)
No response
Workaround
No response
Urgency
Low