[BUG] SFGE reports false positives for constructors only called within a given class #1001
Description
Describe the bug
Running the command:
sfdx scanner:run -e sfge -p rollup,plugins/RollupCallback --target 'rollup,plugins,extra-tests,!plugins/ExtraCodeCoverage/**'
In my repo leads to false positives being reported where private/protected constructors are being called:
{
"result": [
{
"engine": "sfge",
"fileName": "./rollup/rollup/core/classes/RollupCalculator.cls",
"violations": [
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class RollupCalculator is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 100,
"column": 13
},
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class RollupCalculator.GroupByCalculator is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 1286,
"column": 13
}
]
},
{
"engine": "sfge",
"fileName": "./rollup/rollup/core/classes/RollupAsyncProcessor.cls",
"violations": [
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class RollupAsyncProcessor.QueueableProcessor is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 366,
"column": 13
},
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class RollupAsyncProcessor.QueueableProcessor is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 398,
"column": 13
},
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class RollupAsyncProcessor.QueueableProcessor is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 370,
"column": 13
}
]
},
{
"engine": "sfge",
"fileName": "./rollup/rollup/core/classes/RollupMetaPicklists.cls",
"violations": [
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class RollupMetaPicklists is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 39,
"column": 11
}
]
},
{
"engine": "sfge",
"fileName": "./rollup/rollup/core/classes/RollupRelationshipFieldFinder.cls",
"violations": [
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class RollupRelationshipFieldFinder.Traversal is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 85,
"column": 13
}
]
},
{
"engine": "sfge",
"fileName": "./rollup/rollup/core/classes/Rollup.cls",
"violations": [
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class Rollup.FlowInputWrapper is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 702,
"column": 13
},
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class Rollup.QueryWrapper is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 2453,
"column": 13
}
]
},
{
"engine": "sfge",
"fileName": "./rollup/rollup/core/classes/RollupLogger.cls",
"violations": [
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class RollupLogger is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 10,
"column": 13
}
]
},
{
"engine": "sfge",
"fileName": "./rollup/rollup/core/classes/RollupParentResetProcessor.cls",
"violations": [
{
"ruleName": "UnusedMethodRule",
"message": "Method <init> in class RollupParentResetProcessor.QueueableResetProcessor is never invoked",
"severity": 3,
"category": "Performance",
"url": "https://forcedotcom.github.io/sfdx-scanner/en/v3.x/salesforce-graph-engine/rules/#UnusedMethodRule",
"line": 11,
"column": 13
}
]
}
]
}To Reproduce
Run the command above.
Expected behavior
These should not be flagged as scan violations because in each and every case the constructor is actually being called.
Desktop (please complete the following information):
- OS: Windows
- Scanner Version 3.10.0
Additional context
The graph engine also chokes if you have multiple files with the same name; why do we need to specific the --target and a --project if the ignore globs in the target arg are going to be ignored? For example, I have a git ignored directory, plugins/ExtraCodeCoverage which I use to generate an unlocked package for orgs that need additional code coverage, but because the classes in this plugin stem from a directory I also want to scan (extra-tests), I can't use the following command:
sfdx scanner:run -e sfge -p rollup,plugins,extra-tests --target 'rollup,plugins,extra-tests,!plugins/ExtraCodeCoverage/**'
And instead have to explicitly list out only the directories in my plugins folder that I do want to scan, which seems duplicative (or, at least, I would expect the ignore glob patterns in the --target arg to be applied properly):
sfdx scanner:run -e sfge -p rollup,plugins/CustomObjectRollupLogger,plugins/NebulaLogger,plugins/RollupCallback,extra-tests --target rollup,plugins,extra-tests