-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Consolidation of InternalExecutionError for "manual verify that you have a sanitizer" issues. #1497
Comments
This issue has been linked to a new work item: W-15923250 |
I'm facing this same issue and I need to submit my org for a security review this week. Correct me if I'm wrong, but this is a bug in the Salesforce Code Analyzer, right? |
I just received this error: Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: NullPointerException: null: java.base/java.util.concurrent.ConcurrentSkipListMap.computeIfAbsent(ConcurrentSkipListMap.java:1459);com.salesforce.graph.vertex.SyntheticTypedVertex.get(SyntheticTypedVertex.java:41);com.salesforce.graph.symbols.apex.ApexMapValue.apply(ApexMapValue.java:188);com.salesforce.graph.symbols.PathScopeVisitor.handleApexValueMethod(PathScopeVisitor.java:1487);com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:1242);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:800) |
We received 6 of these, all with identical error and stack:
Example code structure (names changed):
Side note: adding |
Hey guys, just reporting our issues with the DFA scanner here. Seeing this InternalExecutionError in a few spots: 1. SObjectType.newSObject(recordTypeId, loadDefaultValues)
We were NOT able to find a workaround for this. We attempted to add It seems to be an issue specifically with calling: 2. Decimal.abs()
The offending code seems to be when we use Decimal.abs() like this: private static Boolean canFilterInteger(Decimal value) {
if (value.abs() > 2147483647) {
return false;
}
return true;
} Replacing it with this works around the issue for us: private static Boolean canFilterInteger(Decimal value) {
final Decimal MAX_INTEGER = 2147483647;
if (value > MAX_INTEGER || value < -MAX_INTEGER) {
return false;
}
return true;
} 3. Database.query()
We have a typical Database.query() call that is failing with the error above. Replacing this with Database.queryWithBinds() with an empty binds map seems to get rid of this error, but not entirely sure if that's the root cause. Let me know if you need any additional information for these! Thanks! |
sfdx-scanner: 4.3.2 reproduce: sf scanner run dfa --format csv --outfile CodeAnalyzerDFA.csv --target ./ --projectdir ./force-app --category Security
I try to change the code like this:
still get the same error. |
Hi, |
We have a couple of new bugs created in this category - #1562 and #1568. This is the error text: Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: UnexpectedException: ArrayLoadExpression{properties={FirstChild=false, BeginLine=75, DefiningType_CaseSafe=requestbriefingcontroller, LastChild=true, DefiningType=RequestBriefingController, EndLine=79, childIdx=1, BeginColumn=34}}: com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:761);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:737);com.salesforce.graph.vertex.ArrayLoadExpressionVertex.afterVisit(ArrayLoadExpressionVertex.java:58);com.salesforce.graph.ops.expander.ApexPathExpander.performAfterVisit(ApexPathExpander.java:577);com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:536);com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:523) |
Hi,
|
And another one:
Logs:
|
Hello I am also facing Internal Execution Error: 1- Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: UnexpectedException: ArrayLoadExpression{properties={FirstChild=true, BeginLine=105, DefiningType_CaseSafe=conversationcontroller.conversationwrapper, LastChild=true, DefiningType=ConversationController.ConversationWrapper, EndLine=105, childIdx=0, BeginColumn=84}}: com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:761);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:737);com.salesforce.graph.vertex.ArrayLoadExpressionVertex.afterVisit(ArrayLoadExpressionVertex.java:58);com.salesforce.graph.ops.expander.ApexPathExpander.performAfterVisit(ApexPathExpander.java:577);com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:536);com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:523) 2- Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: UnexpectedException: ApexValue(ApexSingleValue) {status=INDETERMINANT, declarationVertex=com.salesforce.graph.vertex.SyntheticTypedVertex@7905a6eb, valueVertex=null, resolvedValues={}, returnedFrom=ApexValue(ApexMapValue) {status=INDETERMINANT, declarationVertex=VariableDeclaration{properties={FirstChild=false, BeginLine=324, Type=Map<String,Object>, DefiningType_CaseSafe=messagesender, LastChild=true, DefiningType=MessageSender, EndLine=324, Name_CaseSafe=responsedata, childIdx=1, BeginColumn=33, Name=responseData}}, valueVertex=MethodCallExpressionVertex{fullMethodName=JSON.deserializeUntyped, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[JSON], BeginLine=324, DefiningType_CaseSafe=messagesender, LastChild=false, DefiningType=MessageSender, EndLine=324, Name_CaseSafe=json, childIdx=0, BeginColumn=70, ReferenceType=METHOD, Name=JSON}}}, chainedNames=[JSON], properties={FirstChild=true, FullMethodName=JSON.deserializeUntyped, BeginLine=324, FullMethodName_CaseSafe=json.deserializeuntyped, DefiningType_CaseSafe=messagesender, LastChild=true, DefiningType=MessageSender, EndLine=324, MethodName_CaseSafe=deserializeuntyped, childIdx=0, BeginColumn=75, MethodName=deserializeUntyped}}, resolvedValues={}, returnedFrom=null, invocableExpression=null, method=null}, invocableExpression=MethodCallExpressionVertex{fullMethodName=responseData.get, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[responseData], BeginLine=326, DefiningType_CaseSafe=messagesender, LastChild=false, DefiningType=MessageSender, EndLine=326, Name_CaseSafe=responsedata, childIdx=0, BeginColumn=56, ReferenceType=METHOD, Name=responseData}}}, chainedNames=[responseData], properties={FirstChild=true, FullMethodName=responseData.get, BeginLine=326, FullMethodName_CaseSafe=responsedata.get, DefiningType_CaseSafe=messagesender, LastChild=true, DefiningType=MessageSender, EndLine=326, MethodName_CaseSafe=get, childIdx=0, BeginColumn=69, MethodName=get}}, method=null}: com.salesforce.graph.symbols.PathScopeVisitor.getIndeterminantArrayLoadValue(PathScopeVisitor.java:894);com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:810);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:737);com.salesforce.graph.vertex.ArrayLoadExpressionVertex.afterVisit(ArrayLoadExpressionVertex.java:58);com.salesforce.graph.ops.expander.ApexPathExpander.performAfterVisit(ApexPathExpander.java:577);com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:536) 3- Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: ClassCastException: class com.salesforce.graph.vertex.VariableExpressionVertex$Single cannot be cast to class com.salesforce.graph.vertex.SoqlExpressionVertex (com.salesforce.graph.vertex.VariableExpressionVertex$Single and com.salesforce.graph.vertex.SoqlExpressionVertex are in unnamed module of loader 'app'): com.salesforce.graph.symbols.apex.system.SObjectAccessDecision.buildSanitizedValue(SObjectAccessDecision.java:171);com.salesforce.graph.symbols.apex.system.SObjectAccessDecision.executeMethod(SObjectAccessDecision.java:112);com.salesforce.graph.symbols.PathScopeVisitor.afterMethodCall(PathScopeVisitor.java:659);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterMethodCall(DefaultSymbolProviderVertexVisitor.java:318);com.salesforce.graph.ops.expander.ApexPathExpander.handleMethodCall(ApexPathExpander.java:681);com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:532) 4- Graph Engine identified your source and sink, but you must manually verify that you have a sanitizer in this path. Then, add an engine directive to skip the path. Next, create a Github issue for the Code Analyzer team that includes the error and stack trace. After we fix this issue, check the Code Analyzer release notes for more info. Error and stacktrace: UnexpectedException: ApexValue(ApexSingleValue) {status=INDETERMINANT, declarationVertex=com.salesforce.graph.vertex.SyntheticTypedVertex@7905a6eb, valueVertex=null, resolvedValues={}, returnedFrom=ApexValue(ApexMapValue) {status=INDETERMINANT, declarationVertex=VariableDeclaration{properties={FirstChild=false, BeginLine=324, Type=Map<String,Object>, DefiningType_CaseSafe=messagesender, LastChild=true, DefiningType=MessageSender, EndLine=324, Name_CaseSafe=responsedata, childIdx=1, BeginColumn=33, Name=responseData}}, valueVertex=MethodCallExpressionVertex{fullMethodName=JSON.deserializeUntyped, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[JSON], BeginLine=324, DefiningType_CaseSafe=messagesender, LastChild=false, DefiningType=MessageSender, EndLine=324, Name_CaseSafe=json, childIdx=0, BeginColumn=70, ReferenceType=METHOD, Name=JSON}}}, chainedNames=[JSON], properties={FirstChild=true, FullMethodName=JSON.deserializeUntyped, BeginLine=324, FullMethodName_CaseSafe=json.deserializeuntyped, DefiningType_CaseSafe=messagesender, LastChild=true, DefiningType=MessageSender, EndLine=324, MethodName_CaseSafe=deserializeuntyped, childIdx=0, BeginColumn=75, MethodName=deserializeUntyped}}, resolvedValues={VariableExpression{properties={FirstChild=false, BeginLine=324, DefiningType_CaseSafe=messagesender, LastChild=true, DefiningType=MessageSender, EndLine=324, Name_CaseSafe=responsebody, childIdx=1, BeginColumn=94, Name=responseBody}}=MethodCallExpressionVertex{fullMethodName=response.getBody, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[response], BeginLine=102, DefiningType_CaseSafe=messagesender, LastChild=true, DefiningType=MessageSender, EndLine=102, Name_CaseSafe=response, childIdx=0, BeginColumn=20, ReferenceType=METHOD, Name=response}}}, chainedNames=[response], properties={FirstChild=true, FullMethodName=response.getBody, BeginLine=102, FullMethodName_CaseSafe=response.getbody, DefiningType_CaseSafe=messagesender, LastChild=true, DefiningType=MessageSender, EndLine=102, MethodName_CaseSafe=getbody, childIdx=0, BeginColumn=29, MethodName=getBody}}}, returnedFrom=null, invocableExpression=null, method=null}, invocableExpression=MethodCallExpressionVertex{fullMethodName=responseData.get, referenceVertex=LazyVertex{result=ReferenceExpression{properties={FirstChild=true, Names=[responseData], BeginLine=326, DefiningType_CaseSafe=messagesender, LastChild=false, DefiningType=MessageSender, EndLine=326, Name_CaseSafe=responsedata, childIdx=0, BeginColumn=56, ReferenceType=METHOD, Name=responseData}}}, chainedNames=[responseData], properties={FirstChild=true, FullMethodName=responseData.get, BeginLine=326, FullMethodName_CaseSafe=responsedata.get, DefiningType_CaseSafe=messagesender, LastChild=true, DefiningType=MessageSender, EndLine=326, MethodName_CaseSafe=get, childIdx=0, BeginColumn=69, MethodName=get}}, method=null}: com.salesforce.graph.symbols.PathScopeVisitor.getIndeterminantArrayLoadValue(PathScopeVisitor.java:894);com.salesforce.graph.symbols.PathScopeVisitor.afterVisit(PathScopeVisitor.java:810);com.salesforce.graph.symbols.DefaultSymbolProviderVertexVisitor.afterVisit(DefaultSymbolProviderVertexVisitor.java:737);com.salesforce.graph.vertex.ArrayLoadExpressionVertex.afterVisit(ArrayLoadExpressionVertex.java:58);com.salesforce.graph.ops.expander.ApexPathExpander.performAfterVisit(ApexPathExpander.java:577);com.salesforce.graph.ops.expander.ApexPathExpander.visit(ApexPathExpander.java:536) |
Hi, One more error:
Code:
curValues variable type: List<LdSorting.ValueForSort> (list of custom objects). |
One more:
|
Hi, we're getting a few of these. We tried adding Engine Directives, but these had no effect. Thanks for your attention and any help you can lend. We have Security Re-Review coming up...
|
Did not expect NOT_A_MATCH when ranking parameter match.Command
ErrorFull CSV
Error and Stacktrace
Source line
Source columnThe space after |
Cannot handle object value with more than one nameCommand
ErrorFull CSV
Error and Stacktrace
Source line
Source columnThe space after |
Have you tried to resolve this issue yourself first?
Yes
Bug Description
The Salesforce Graph Engine has a number of cases that currently not supported. These manifest themselves to users with an error message that says:
Since this is occurring more frequently, we would like to consolidate all user reported cases in this issue to clean up our issue backlog.
If you have received this error. Please add a comment below with your stack trace instead of creating a new issue. Otherwise, the issue you create will just be duplicated to this one.
Output / Logs
No response
Steps To Reproduce
sf scanner run dfa ...
Expected Behavior
People expect this to just work and give proper violation messages instead of telling them to create an issue for our team to look at.
Operating System
Various
Salesforce CLI Version
Various
Code Analyzer Plugin (@salesforce/sfdx-scanner) Version
Various
Java Version
Various
Additional Context (Screenshots, Files, etc)
No response
Workaround
No response
Urgency
Low
The text was updated successfully, but these errors were encountered: