forcedotcom / sfdx-scanner

MIT License
217 stars 50 forks source link

[BUG] Internal Execution Error - Apex #1670

Closed micharozen closed 13 hours ago

micharozen commented 1 day ago

Have you tried to resolve this issue yourself first?

Yes

Bug Description

Error Message:

Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: NullPointerException: Cannot invoke "String.toLowerCase(java.util.Locale)" because the return value of "com.salesforce.rules.fls.apex.operations.ObjectFieldInfo.getObjectName()" is null: com.salesforce.graph.ops.ObjectFieldUtil.regroupByObject(ObjectFieldUtil.java:26);com.salesforce.rules.fls.apex.operations.FlsViolationMessageUtil.consolidateFlsViolations(FlsViolationMessageUtil.java:54);com.salesforce.rules.PathBasedRuleRunner.convertFlsInfoToViolations(PathBasedRuleRunner.java:215);com.salesforce.rules.PathBasedRuleRunner.executeRulesOnPaths(PathBasedRuleRunner.java:189);com.salesforce.rules.PathBasedRuleRunner.runRules(PathBasedRuleRunner.java:88);com.salesforce.rules.ThreadableRuleExecutor$CallableExecutor.runRules(ThreadableRuleExecutor.java:228)

Code:

`global void execute(Database.BatchableContext BC, List scope) { // Vérifier les permissions FLS pour Task if(!PermissionUtils.checkFieldAccessibility('Task', new String[]{ 'Subject', 'Description', 'Status', 'ActivityDate', 'WhatId', 'Type', 'OwnerId' })) { throw new SecurityException('Insufficient permissions to access Task fields'); }

    List<Task> tasks = new List<Task>();
    List<Invoice__c> invoicesToUpdate = new List<Invoice__c>();

    Integer remainingCounter = 0;

    for (Invoice__c invoice : scope) {
        remainingCounter = Integer.valueOf(invoice.NumberOfInstallmentPayment__c - invoice.NumberRemainingPayments__c) + 1;
        tasks.add(TaskManager.createTask(
            'Rappel Relance Paiement N°' + remainingCounter, 
            (System.Label.INVOICE_PAYMENT_REMINDER).replaceAll('XXX', String.valueOf(remainingCounter)), 'Not Started', 
            null, 
            invoice.LastPaymentReminderDate__c == null ? invoice.InvoiceSentDate__c.addMonths(1) : invoice.LastPaymentReminderDate__c.addMonths(1), 
            invoice.Id, 
            'Relance Paiement', 
            invoice.CreatedById));
        invoice.LastPaymentReminderDate__c = invoice.LastPaymentReminderDate__c.addMonths(1);
    }

    // Vérifier les permissions de mise à jour pour Invoice
    if(!PermissionUtils.checkFieldAccessibility('Invoice__c', new String[]{'LastPaymentReminderDate__c'})){
        throw new SecurityException('Insufficient permissions to update Invoice fields');
    }

    if(PermissionUtils.hasCRUDPermissions(tasks, Constants.CREATABLE_OP)){
        Database.insert(tasks, false);
    }

    if(PermissionUtils.hasCRUDPermissions(scope, Constants.UPDATABLE_OP)){
        Database.update(scope, false);
    }
}`

Output / Logs

No response

Steps To Reproduce

1.Have this bloc in sf project

  1. run : sf scanner run dfa --format csv --outfile CodeAnalyzerDFA.csv --target ./ --projectdir ./ --category Security

Expected Behavior

I expect no flag detected in this bloc

Operating System

MacOS SOnoma 14.6.1

Salesforce CLI Version

@salesforce/cli/2.48.6 darwin-arm64 node-v20.15.0

Code Analyzer Plugin (@salesforce/sfdx-scanner) Version

@salesforce/sfdx-scanner 4.3.0

Java Version

java version "17.0.5" 2022-10-18 LTS

Additional Context (Screenshots, Files, etc)

No response

Workaround

No response

Urgency

Moderate

jfeingold35 commented 1 day ago

@micharozen , the error message is talking about a string.toLowerCase() call and an ObjectFieldInfo.getObjectName() call, and those aren't visible in the code you posted. Without seeing those, this looks like what's happening is that string.toLwoercase() is being called on a null value. Is it possible for you to identify that line?

stephen-carter-at-sf commented 13 hours ago

Duplicate of #1497