Merge pull request #1037 from forcedotcom/dev

RELEASE: @W-12699834@: Promote dev to release for 3.11.0

README.md

@@ -21,6 +21,6 @@ Instructions [here](CONTRIBUTING.md).
 
 # Usage
 
-Here is the information on [How to Install the plugin](https://forcedotcom.github.io/sfdx-scanner/en/getting-started/install/)
+Here is the information on [How to Install the plugin](https://forcedotcom.github.io/sfdx-scanner/en/v3.x/getting-started/install/)
 
-Please check out the [Salesforce CLI Scanner Plug-In Command Reference](https://forcedotcom.github.io/sfdx-scanner/en/scanner-commands/run/) for usage and demo of the plugin. 
+Please check out the [Salesforce CLI Scanner Plug-In Command Reference](https://forcedotcom.github.io/sfdx-scanner/en/v3.x/scanner-commands/run/) for usage and demo of the plugin. 

messages/run-common.js

@@ -1,5 +1,7 @@
 module.exports = {
 	"flags": {
+		"categoryDescription": "one or more categories of rules to run",
+		"categoryDescriptionLong": "One or more categories of rules to run. Specify multiple values as a comma-separated list.",
 		"formatDescription": "specify results output format",
 		"formatDescriptionLong": "Specifies results output format written directly to the console.",
 		"normalizesevDescription": "return normalized severity 1 (high), 2 (moderate), and 3 (low), and the engine-specific severity",

messages/run-pathless.js

@@ -2,8 +2,6 @@ module.exports = {
 	"commandDescription": "scan a codebase with a selection of rules",
 	"commandDescriptionLong": `Scans a codebase with a selection of rules. You can scan the codebase with all the rules in the registry, or use parameters to filter the rules based on rulename, category, or ruleset. You can specify the format of the output, such as XML or JUnit. You can print the output to the console (default) or to a file using the --outfile parameter.`,
 	"flags": {
-		"categoryDescription": "one or more categories of rules to run",
-		"categoryDescriptionLong": "One or more categories of rules to run. Specify multiple values as a comma-separated list.",
 		"rulesetDescription": "[deprecated] rulesets to run",
 		"rulesetDescriptionLong": "[deprecated] One or more rulesets to run. Specify multiple values as a comma-separated list.",
 		"targetDescription": "source code location",

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "@salesforce/sfdx-scanner",
 	"description": "Static code scanner that applies quality and security rules to Apex code, and provides feedback.",
-	"version": "3.10.0",
+	"version": "3.11.0",
 	"author": "ISV SWAT",
 	"bugs": "https://github.com/forcedotcom/sfdx-scanner/issues",
 	"dependencies": {

pmd-cataloger/build.gradle.kts

@@ -9,7 +9,7 @@ group = "sfdx"
 version = "1.0"
 
 val distDir = "$buildDir/../../dist"
-val pmdVersion = "6.54.0"
+val pmdVersion = "6.55.0"
 val pmdFile = "pmd-bin-$pmdVersion.zip"
 val pmdUrl = "https://github.com/pmd/pmd/releases/download/pmd_releases%2F${pmdVersion}/${pmdFile}"
 val skippableJarRegexes = setOf("""^common_[\d\.-]*\.jar""".toRegex(),

sfge/src/main/java/com/salesforce/Main.java

@@ -85,7 +85,8 @@ int process(String... args) {
         }
         if (args.length == 0) {
             // No args means we can't do anything productive.
-            dependencies.printError(UserFacingMessages.REQUIRES_AT_LEAST_ONE_ARGUMENT);
+            dependencies.printError(
+                    UserFacingMessages.InvocationErrors.REQUIRES_AT_LEAST_ONE_ARGUMENT);
             return EXIT_WITH_INTERNAL_ERROR_NO_VIOLATIONS;
         }
 
@@ -222,7 +223,7 @@ private String formatError(Throwable error) {
         return ERROR_PREFIX
                 + (error.getCause() != null
                         ? String.format(
-                                UserFacingMessages.EXCEPTION_FORMAT_TEMPLATE,
+                                UserFacingMessages.CompilationErrors.EXCEPTION_FORMAT_TEMPLATE,
                                 error.getMessage(),
                                 error.getCause().getMessage())
                         : error.getMessage());

sfge/src/main/java/com/salesforce/apex/jorje/JorjeUtil.java

@@ -87,7 +87,8 @@ public static AstNodeWrapper<?> compileApexFromString(String sourceCode) {
                             .map(
                                     e ->
                                             String.format(
-                                                    UserFacingMessages.INVALID_SYNTAX_TEMPLATE,
+                                                    UserFacingMessages.CompilationErrors
+                                                            .INVALID_SYNTAX_TEMPLATE,
                                                     e.getLoc().getLine(),
                                                     e.getLoc().getColumn(),
                                                     e.getError()))

sfge/src/main/java/com/salesforce/cli/CliArgParser.java

@@ -37,7 +37,8 @@ public CLI_ACTION getCliAction(String... args) {
             return CLI_ACTION.CATALOG;
         } else {
             throw new InvocationException(
-                    String.format(UserFacingMessages.UNRECOGNIZED_ACTION, actionArg));
+                    String.format(
+                            UserFacingMessages.InvocationErrors.UNRECOGNIZED_ACTION, actionArg));
         }
     }
 
@@ -120,7 +121,7 @@ public void parseArgs(String... args) {
             if (args.length != ARG_COUNT) {
                 throw new InvocationException(
                         String.format(
-                                UserFacingMessages.INCORRECT_ARGUMENT_COUNT,
+                                UserFacingMessages.InvocationErrors.INCORRECT_ARGUMENT_COUNT,
                                 ARG_COUNT,
                                 args.length));
             }

sfge/src/main/java/com/salesforce/config/UserFacingMessages.java

@@ -8,11 +8,15 @@
 public final class UserFacingMessages {
 
     public static final class RuleDescriptions {
+        public static final String APEX_NULL_POINTER_EXCEPTION_RULE =
+                "Identfies Apex operations that dereference null objects and throw NullPointerExceptions.";
         public static final String UNIMPLEMENTED_TYPE_RULE =
                 "Identifies abstract classes and interfaces that are non-global and don't have implementations or extensions.";
     }
 
     public static final class RuleViolationTemplates {
+        public static final String APEX_NULL_POINTER_EXCEPTION_RULE =
+                "%s dereferences a null object. Review your code and add a null check.";
         /** CRUD/FLS Violation messages */
         // format: "CRUD" or "FLS", DML operation, Object type, Field information
         public static final String MISSING_CRUD_FLS_CHECK =
@@ -21,46 +25,50 @@ public static final class RuleViolationTemplates {
         //         Second %s is the name of a class or interface.
         public static final String UNIMPLEMENTED_TYPE_RULE = "Extend, implement, or delete %s %s";
         public static final String LIMIT_REACHED_VIOLATION_MESSAGE =
-                "%s. The analysis preemptively stopped running on this path to prevent an OutOfMemory error. Rerun Graph Engine targeting this entry method with a larger heap space.";
+                "%s. The analysis preemptively stopped running on this path to prevent an OutOfMemory error. Rerun Graph Engine and target this entry method with a larger heap space.";
     }
 
     /** Main args and process checks * */
-    public static final String REQUIRES_AT_LEAST_ONE_ARGUMENT =
-            "SFGE invocation requires at least one argument.";
-
-    public static final String UNRECOGNIZED_ACTION = "Unrecognized action to invoke SFGE: %s.";
-    public static final String INCORRECT_ARGUMENT_COUNT =
-            "Wrong number of arguments. Expected %d; received %d";
+    public static final class InvocationErrors {
+        public static final String REQUIRES_AT_LEAST_ONE_ARGUMENT =
+                "SFGE invocation requires at least one argument.";
+        public static final String UNRECOGNIZED_ACTION = "Unrecognized action to invoke SFGE: %s.";
+        public static final String INCORRECT_ARGUMENT_COUNT =
+                "Wrong number of arguments. Expected %d; received %d";
+    }
 
     /** UserActionException * */
+    public static final class UserActionMessage {
+        // format: filename,defined type, line number
+        public static final String UNREACHABLE_CODE =
+                "Remove unreachable code to proceed with the analysis: %s,%s:%d";
+        public static final String VARIABLE_DECLARED_MULTIPLE_TIMES =
+                "Rename or delete this reused variable to proceed with the analysis: %s,%s:%d";
+    }
 
-    // format: filename,defined type, line number
-    public static final String UNREACHABLE_CODE =
-            "Remove unreachable code to proceed with the analysis: %s,%s:%d";
-
-    public static final String VARIABLE_DECLARED_MULTIPLE_TIMES =
-            "This variable is reused. Rename or delete it to proceed with the analysis: %s,%s:%d";
-
-    public static final String INSUFFICIENT_HEAP_SPACE =
-            "There's insufficient heap space (%d bytes) to execute Graph Engine. Increase heap space using --sfgejvmargs option and retry.";
-
-    public static final String STRIP_INACCESSIBLE_READ_WARNING_TEMPLATE =
-            "For stripInaccessible checks on READ operation, Salesforce Graph Engine can't verify that only sanitized data is used after the check. Discard unsanitized data for [%2$s].";
-
-    public static final String UNRESOLVED_CRUD_FLS_TEMPLATE =
-            "Salesforce Graph Engine couldn't resolve the parameter passed to [%2$s] operation%4$s. Confirm that this operation has the necessary %1$s checks.";
-
-    public static final String FIELDS_MESSAGE_TEMPLATE = " with field(s) [%s]";
-    public static final String FIELD_HANDLING_NOTICE =
-            ". Confirm that the objects and fields involved in these segments have FLS checks: [%s]";
+    public static final class PathExpansionTemplates {
+        public static final String INSUFFICIENT_HEAP_SPACE =
+                "There's insufficient heap space (%d bytes) to execute Graph Engine. Increase heap space using the --sfgejvmargs option and retry.";
+        public static final String PATH_EXPANSION_LIMIT_REACHED =
+                "Graph Engine reached the path expansion upper limit (%d)";
+    }
 
-    public static final String INVALID_SYNTAX_TEMPLATE = "Invalid syntax at %d:%d. (%s)";
+    public static final class CrudFlsTemplates {
 
-    public static final String FIX_COMPILATION_ERRORS =
-            "Graph engine encountered compilation errors. Fix the errors in %s and retry.";
+        public static final String STRIP_INACCESSIBLE_READ_WARNING_TEMPLATE =
+                "For stripInaccessible checks on READ operation, Salesforce Graph Engine can't verify that only sanitized data is used after the check. Discard unsanitized data for [%2$s].";
+        public static final String UNRESOLVED_CRUD_FLS_TEMPLATE =
+                "Salesforce Graph Engine couldn't resolve the parameter passed to [%2$s] operation%4$s. Confirm that this operation has the necessary %1$s checks.";
+        public static final String FIELDS_MESSAGE_TEMPLATE = " with field(s) [%s]";
+        public static final String FIELD_HANDLING_NOTICE =
+                ". Confirm that the objects and fields involved in these segments have FLS checks: [%s]";
+    }
 
-    public static final String EXCEPTION_FORMAT_TEMPLATE = "%s, Caused by:\n%s";
+    public static final class CompilationErrors {
 
-    public static final String PATH_EXPANSION_LIMIT_REACHED =
-            "Graph Engine reached the path expansion upper limit (%d).";
+        public static final String INVALID_SYNTAX_TEMPLATE = "Invalid syntax at %d:%d. (%s)";
+        public static final String FIX_COMPILATION_ERRORS =
+                "Graph engine encountered compilation errors. Fix the errors in %s and retry.";
+        public static final String EXCEPTION_FORMAT_TEMPLATE = "%s, Caused by:\n%s";
+    }
 }

sfge/src/main/java/com/salesforce/graph/build/CaseSafePropertyUtil.java

@@ -180,6 +180,17 @@ public static GraphTraversal<Object, Object> hasWithin(
             }
         }
 
+        public static GraphTraversal<Object, Object> hasStartingWith(
+                String nodeType, String property, String value) {
+            String caseSafeVariant = toCaseSafeProperty(property).orElse(null);
+            if (caseSafeVariant != null) {
+                return __.has(
+                        nodeType, caseSafeVariant, TextP.startingWith(toCaseSafeValue(value)));
+            } else {
+                return __.has(nodeType, property, TextP.startingWith(value));
+            }
+        }
+
         public static GraphTraversal<Object, Object> hasEndingWith(
                 String nodeType, String property, String value) {
             if (property.equalsIgnoreCase(Schema.DEFINING_TYPE)) {

sfge/src/main/java/com/salesforce/graph/build/MethodPathBuilderVisitor.java

@@ -597,7 +597,7 @@ private void addEdge(String name, Vertex from, Vertex to) {
             // Ask user to fix unreachable code
             throw new UserActionException(
                     String.format(
-                            UserFacingMessages.UNREACHABLE_CODE,
+                            UserFacingMessages.UserActionMessage.UNREACHABLE_CODE,
                             GremlinUtil.getFileName(g, to),
                             to.value(Schema.DEFINING_TYPE),
                             to.value(Schema.BEGIN_LINE)));