[BUG] Sf scanner rule add creates INTERNAL ERROR

quinn-caverly commented 1 month ago

Have you tried to resolve this issue yourself first?

Yes

Bug Description

Adding custom ruleset using "sf scanner rule add" breaks sf scanner.

Output / Logs

$ sf scanner rule list Warning: We're continually improving Salesforce Code Analyzer. Tell us what you think! Give feedback at https://research.net/r/SalesforceCA C:\Users\qcaverly\AppData\Local\sf\node_modules\@salesforce\sfdx-scanner\node_modules\@oclif\core\lib\errors\error.js:37 err = new cli_1.CLIError(input, options); ^

CLIError: INTERNAL ERROR: Unexpected error occurred while cataloging rules: begin 0, end 3, length 0. Please log an issue with us at github.com/forcedotcom/sfdx-scanner. at Object.error (C:\Users\qcaverly\AppData\Local\sf\node_modules\@salesforce\sfdx-scanner\node_modules\@oclif\core\lib\errors\error.js:37:15) at List.error (C:\Users\qcaverly\AppData\Local\sf\node_modules\@salesforce\sfdx-scanner\node_modules\@oclif\core\lib\command.js:177:23) at UxDisplay.displayError (C:\Users\qcaverly\AppData\Local\sf\node_modules\@salesforce\sfdx-scanner\lib\lib\Display.js:32:26) at EventEmitter. (C:\Users\qcaverly\AppData\Local\sf\node_modules\@salesforce\sfdx-scanner\lib\lib\ScannerCommand.js:47:91) at EventEmitter.emit (node:events:519:28) at OutputProcessor.emitUxEvent (C:\Users\qcaverly\AppData\Local\sf\node_modules\@salesforce\sfdx-scanner\lib\lib\services\OutputProcessor.js:141:34) at C:\Users\qcaverly\AppData\Local\sf\node_modules\@salesforce\sfdx-scanner\lib\lib\services\OutputProcessor.js:100:22 at Array.forEach () at OutputProcessor.emitEvents (C:\Users\qcaverly\AppData\Local\sf\node_modules\@salesforce\sfdx-scanner\lib\lib\services\OutputProcessor.js:93:19) at OutputProcessor.processAllOutput (C:\Users\qcaverly\AppData\Local\sf\node_modules\@salesforce\sfdx-scanner\lib\lib\services\OutputProcessor.js:82:21) { code: undefined, oclif: { exit: 1 }, skipOclifErrorHandling: undefined, suggestions: undefined }

Node.js v20.14.0

Steps To Reproduce

Given directory in local containing xml directory, Add custom rule using sf scanner rule add --language xml --path "xml"
Run sf scanner commands including run, rule

Expected Behavior

Register custom rules and refer to them when creating report using sf scanner run

Operating System

Windows 10 Enterprise

Salesforce CLI Version

@salesforce/cli/2.54.6 win32-x64 node-v20.14.0

Code Analyzer Plugin (@salesforce/sfdx-scanner) Version

@salesforce/sfdx-scanner 4.4.0

Additional Context (Screenshots, Files, etc)

.sfdx-scanner/CustomPaths.json contents:

{ "pmd": { "xml": [ "C:\Users\qcaverly\Install\sfca-custom-rulesets\category\xml\sf-workflow-retire.xml" ] } }

Workaround

This works on ubuntu

Urgency

Moderate

jag-j commented 1 month ago

@quinn-caverly - What are the contents of your "xml" folder? Is it possible to share that with us (in a zip) and we can try to reproduce this? Thank you!

quinn-caverly commented 1 month ago

I found what was causing the error here. The category dir was not within a salesforce dx repo. After moving category to a dx repo the scanner worked as expected. Though I have a question.

A developer may be working on 3 different dx repo's and they may want to use org specific rulesets for the scanner. If only one of these projects has a category folder containing all the custom rules for the org, then they can add the custom rules from this single repo, and the rules will be added to sfdx scanner globally meaning they can use the rules on the 2 other repos. Then that means to get the org-wide custom rules to work, there could either be a dedicated repository for the custom rules which must also be a boilerplate dx repo or else the cli has INTERNAL ERROR, or the org wide rules could be replicated in each repository in the org and developers can be told to arbitrarily choose one of the repos to add the custom rules from.

Is this constraint intended? Why are the rulesets not context independent?

Also, if the command "sf scanner rule add -p apex -l apex" is run, then sfdx-scanner searches the contents, say there are 4 files there and saves the exact file location of these 4 files. However, the developer may be unaware of changes happening to the rulesets, so if sometime later there are 6 files under that category/apex/ dir, only the 4 rulesets will be considered. If rulesets are changing, then it shouldn't be necessary to remind developers to continuously run: "sf scanner rule add -p apex -l apex", "sf scanner rule add -p apex -l apex", "sf scanner rule add -p apex -l apex".

stephen-carter-at-sf commented 1 month ago

For your use case, we are subject to the constraints imposed on us by PMD utility as well - which requires the files to be local so that they are available to add the java class path (so that the PMD executable can find these files). This means, you will either need to:

Have your custom rules pulled in via a dependency (for example you can bundle them in an npm package) and then all your salesforce projects could add in this dependency so that your build automatically pulls them in,
or you'll need to have a copy of your custom rulesets and libraries in each repo
or you'll need add a custom build step to do something like a git clone, or a download of sorts to be able to share this. This isn't unique to Salesforce Code Analyzer.

I agree that if you would like to add a folder to the classpath, then we should automatically include this folder each time. This enhancement idea will be able with Code Analyzer 5.x in the future. Until then, with the currently 4.x world - it unfortunately does work at a file level and not a folder level.

Thank you for your feedback. I'll close this issue - but feel free to ask any further questions if you need more help.

forcedotcom / sfdx-scanner