[BUG] [apex] apexcrudviolation not reported even if SOQL doesn't have permissions check on it

[praful-gupta]

Rule: apexcrudviolation

a link to the rule documentation:
https://docs.pmd-code.org/pmd-doc-6.55.0/pmd_rules_apex_security.html#apexcrudviolation

Even if the SOQL doesn't have any permission check on running the code analyzer for class there is no apexcrudviolation returned.

Code Sample demonstrating the issue:

Expected outcome:

PMD should report a violation at line 10, but doesn't. This is a false-negative.

Running PMD through: [CLI ] VS Code extension for Salesforce Code Analyzer

[jfeingold35]

@praful-gupta , can you reproduce this issue running the Code Analyzer directly against the file via the terminal? i.e., sf scanner run --engine pmd --target path/to/whatever/file?

[praful-gupta]

@jfeingold35
I'm seeing this message, which is basically not giving apexcrudviolation error

[jfeingold35]

Okay, so this is actually an issue with PMD, then, not with us.
I recommend logging the issue with PMD directly, which you can do at this link.