Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] InternalExecutionError when running dfa scan #1685

Closed
robertwheelerprodly opened this issue Nov 27, 2024 · 1 comment
Closed

[BUG] InternalExecutionError when running dfa scan #1685

robertwheelerprodly opened this issue Nov 27, 2024 · 1 comment
Labels
SFGE Issues related to the Salesforce Graph Engine

Comments

@robertwheelerprodly
Copy link

robertwheelerprodly commented Nov 27, 2024
edited
Loading

Have you tried to resolve this issue yourself first?

Yes

Bug Description

When running the dfa scan it seems to have an issue with a function we have that checks the FLS of the user running the insert , update or delete of a record(s). We are trying to submit for a security review.

Output / Logs

Issue 1 : Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: UnimplementedMethodException: ApexListValue:getSObjectType, vertex=MethodCallExpressionVertex{fullMethodName=sobjects.getSObjectType, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[sobjects], BeginLine=82, DefiningType_CaseSafe=accessvalidationutilities, LastChild=true, DefiningType=AccessValidationUtilities, EndLine=82, Name_CaseSafe=sobjects, childIdx=0, BeginColumn=55, ReferenceType=METHOD, Name=sobjects}}}, chainedNames=[sobjects], properties={FirstChild=true, FullMethodName=sobjects.getSObjectType, BeginLine=82, FullMethodName_CaseSafe=sobjects.getsobjecttype, DefiningType_CaseSafe=accessvalidationutilities, LastChild=true, DefiningType=AccessValidationUtilities, EndLine=82, MethodName_CaseSafe=getsobjecttype, childIdx=0, BeginColumn=64, MethodName=getSObjectType}}: com.salesforce.graph.symbols.apex.ApexListValue.apply(ApexListValue.java:310);com.salesforce.graph.symbols.PathScopeVisitor.handleApexValueMethod(PathScopeVisitor.java:1487);com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:1242);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:800);com.salesforce.graph.vertex.MethodCallExpressionVertex.afterVisit(MethodCallExpressionVertex.java:79);com.salesforce.graph.ops.expander.ApexPathExpander.performAfterVisit(ApexPathExpander.java:577)

Issue 2 :Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: TodoException: MethodCallExpressionVertex{fullMethodName=isCreateable, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, BeginLine=17, DefiningType_CaseSafe=clonecomparisonviewcontroller, LastChild=true, DefiningType=CloneComparisonViewController, EndLine=17, Name_CaseSafe=, childIdx=0, BeginColumn=90, ReferenceType=METHOD, Name=}}}, chainedNames=[], properties={FirstChild=false, FullMethodName=isCreateable, BeginLine=17, FullMethodName_CaseSafe=iscreateable, DefiningType_CaseSafe=clonecomparisonviewcontroller, LastChild=true, DefiningType=CloneComparisonViewController, EndLine=17, MethodName_CaseSafe=iscreateable, childIdx=1, BeginColumn=90, MethodName=isCreateable}}: com.salesforce.graph.symbols.apex.schema.SObjectField._applyMethod(SObjectField.java:155);com.salesforce.graph.symbols.apex.schema.SObjectField.apply(SObjectField.java:124);com.salesforce.graph.symbols.PathScopeVisitor.handleApexValueMethod(PathScopeVisitor.java:1487);com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:1242);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:800);com.salesforce.graph.vertex.MethodCallExpressionVertex.afterVisit(MethodCallExpressionVertex.java:79) 3 26

Steps To Reproduce

Just running the DFA scan on source code.

Expected Behavior

The scan completes without InternalExecutionError for both issues.
Specific for issue 2 if I remove the check for the fields permissions then I get a Sev 1 need to check field level security.

Operating System

Mac OS 15.1.1

Salesforce CLI Version

@salesforce/cli/2.66.7 darwin-x64 node-v22.11.0

Code Analyzer Plugin (@salesforce/sfdx-scanner) Version

@salesforce/sfdx-scanner 4.7.0

Java Version

OpenJDK Runtime Environment Corretto-17.0.12.7.1 (build 17.0.12+7-LTS)

Additional Context (Screenshots, Files, etc)

No response

Workaround

No response

Urgency

High
@stephen-carter-at-sf stephen-carter-at-sf added the SFGE Issues related to the Salesforce Graph Engine label Nov 27, 2024
@stephen-carter-at-sf
Copy link
Collaborator

Duplicate of #1497

@stephen-carter-at-sf stephen-carter-at-sf marked this as a duplicate of #1497 Nov 27, 2024
@stephen-carter-at-sf stephen-carter-at-sf closed this as not planned Won't fix, can't repro, duplicate, stale Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
SFGE Issues related to the Salesforce Graph Engine
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robertwheelerprodly @stephen-carter-at-sf