[BUG] InternalExecutionError when evaluating newSObject() statement in DFA scan

[vc4u]

Describe the bug
Dynamically instantiating an sObject instance in code is causing an error.
Line 253: sObject sObj = objType.newSobject((Id)(recordId));

Error message received in generated report output:

Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: UnexpectedException: MethodCallExpressionVertex{fullMethodName=objType.newSobject, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[objType], BeginLine=253, DefiningType_CaseSafe=ndconnectcontroller, LastChild=false, DefiningType=NDConnectController, EndLine=253, Name_CaseSafe=objtype, childIdx=0, BeginColumn=28, ReferenceType=METHOD, Name=objType}}}, chainedNames=[objType], properties={FirstChild=true, FullMethodName=objType.newSobject, BeginLine=253, FullMethodName_CaseSafe=objtype.newsobject, DefiningType_CaseSafe=ndconnectcontroller, LastChild=false, DefiningType=NDConnectController, EndLine=253, MethodName_CaseSafe=newsobject, childIdx=0, BeginColumn=36, MethodName=newSobject}}: com.salesforce.graph.symbols.apex.ApexValue.validateParameterSize(ApexValue.java:610);com.salesforce.graph.symbols.apex.schema.SObjectType._applyMethod(SObjectType.java:131);com.salesforce.graph.symbols.apex.schema.SObjectType.executeMethod(SObjectType.java:121);com.salesforce.graph.symbols.PathScopeVisitor.afterMethodCall(PathScopeVisitor.java:659);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterMethodCall(DefaultSymbolProviderVertexVisitor.java:318);com.salesforce.graph.ops.expander.ApexPathExpander.handleMethodCall(ApexPathExpander.java:681)

To Reproduce
Ran a DFA scan on single class instance:
sf scanner run dfa -f html -o CodeAnalyzerDFA.html -t ./force-app/main/default/classes/NDConnectController.cls -p ./force-app/main/default/classes --rule-thread-count=12 --sfgejvmargs="-Xmx50g" --category="Security"

Expected behavior
The scan should be able to parse through the line and accurately report the violation if it is found.

Desktop (please complete the following information):

• Windows 10, x64
• Scanner Version: 3.16.0

Additional context
Log file attached.

"Workaround":
None

"Urgency":
Business stopping as we're gearing towards security review submission.
sfge.log

[vc4u]

This error trace is from the logs:

2023-09-12 02:56:15 221d69dd-2c4a-4cf9-bc37-6f63749cb2ab ERROR ApexPathExpanderUtil:100 - Incomplete. Current PathCollector size=0
com.salesforce.exception.UnexpectedException: MethodCallExpressionVertex{fullMethodName=objType.newSobject, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[objType], BeginLine=253, DefiningType_CaseSafe=ndconnectcontroller, LastChild=false, DefiningType=NDConnectController, EndLine=253, Name_CaseSafe=objtype, childIdx=0, BeginColumn=28, ReferenceType=METHOD, Name=objType}}}, chainedNames=[objType], properties={FirstChild=true, FullMethodName=objType.newSobject, BeginLine=253, FullMethodName_CaseSafe=objtype.newsobject, DefiningType_CaseSafe=ndconnectcontroller, LastChild=false, DefiningType=NDConnectController, EndLine=253, MethodName_CaseSafe=newsobject, childIdx=0, BeginColumn=36, MethodName=newSobject}}
	at com.salesforce.graph.symbols.apex.ApexValue.validateParameterSize(ApexValue.java:610) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.symbols.apex.schema.SObjectType._applyMethod(SObjectType.java:131) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.symbols.apex.schema.SObjectType.executeMethod(SObjectType.java:121) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.symbols.PathScopeVisitor.afterMethodCall(PathScopeVisitor.java:659) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterMethodCall(DefaultSymbolProviderVertexVisitor.java:318) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpander.handleMethodCall(ApexPathExpander.java:681) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:532) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:523) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:523) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:452) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpanderUtil$ApexPathExpansionHandler.expand(ApexPathExpanderUtil.java:223) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpanderUtil$ApexPathExpansionHandler.expand(ApexPathExpanderUtil.java:162) ~[sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpanderUtil$ApexPathExpansionHandler._expand(ApexPathExpanderUtil.java:96) [sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpanderUtil$ApexPathExpansionHandler.access$100(ApexPathExpanderUtil.java:70) [sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.expander.ApexPathExpanderUtil.expand(ApexPathExpanderUtil.java:55) [sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.ApexPathUtil.getPaths(ApexPathUtil.java:201) [sfge-1.0.1-pilot.jar:?]
	at com.salesforce.graph.ops.ApexPathUtil.summarizeForwardPaths(ApexPathUtil.java:80) [sfge-1.0.1-pilot.jar:?]
	at com.salesforce.rules.PathBasedRuleRunner.getPathSummary(PathBasedRuleRunner.java:222) [sfge-1.0.1-pilot.jar:?]
	at com.salesforce.rules.PathBasedRuleRunner.runRules(PathBasedRuleRunner.java:75) [sfge-1.0.1-pilot.jar:?]
	at com.salesforce.rules.ThreadableRuleExecutor$CallableExecutor.runRules(ThreadableRuleExecutor.java:230) [sfge-1.0.1-pilot.jar:?]
	at com.salesforce.rules.ThreadableRuleExecutor$CallableExecutor.call(ThreadableRuleExecutor.java:167) [sfge-1.0.1-pilot.jar:?]
	at com.salesforce.rules.ThreadableRuleExecutor$CallableExecutor.call(ThreadableRuleExecutor.java:127) [sfge-1.0.1-pilot.jar:?]
	at java.util.concurrent.ForkJoinTask$AdaptedCallable.exec(ForkJoinTask.java:1428) [?:?]
	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373) [?:?]
	at java.util.concurrent.ForkJoinTask.invoke(ForkJoinTask.java:686) [?:?]
	at java.util.concurrent.ForkJoinTask$AdaptedCallable.run(ForkJoinTask.java:1436) [?:?]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) [?:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java:264) [?:?]
	at java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1395) [?:?]
	at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:373) [?:?]
	at java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1182) [?:?]
	at java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1655) [?:?]
	at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1622) [?:?]
	at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:165) [?:?]

[jfeingold35]

@vc4u , thanks for bringing this to our attention. We'll look into it, see if we can find you a workaround, and let you know if we need any more information from you. We appreciate your patience.

[git2gus]

This issue has been linked to a new work item: W-14106405

[vc4u]

@jfeingold35 Did you found any workaround to this issue?

[jfeingold35]

@vc4u , unfortunately, I haven't had much time to look into this one. I'll do my best to find time for this one and keep you posted.

[jfeingold35]

@vc4u , if you use the 0-parameter version of newSObject(), that should work fine.
E.g., instead of:

SObject o = type.newSObject(myId);

do:

SObject o = type.newSObject();
o.Id = myId;

Please try this workaround and let me know if it works.

[vc4u]

I thought we can't assign Id property directly on sObject instances. I'll try this and let you now.

[vc4u]

@jfeingold35 Thanks Josh! This change resolved the Violation reporting on that line.

[stephen-carter-at-sf]

Marking this as a duplicate of #1497