Skip to content

@W-10778080@ Handle unresolved apex value in DML statements gracefully #785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 1, 2022
Merged

@W-10778080@ Handle unresolved apex value in DML statements gracefully #785

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions sfge/src/main/java/com/salesforce/apex/jorje/JorjeUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,10 +135,7 @@ public static class JorjeCompilationException extends SfgeRuntimeException {
}
}

/**
* Increments log level of BaseApexLexer class from jorje jar
* to avoid printing info logs.
*/
/** Increments log level of BaseApexLexer class from jorje jar to avoid printing info logs. */
private static void incrementLogLevel() {
Logger jorjeLogger = Logger.getLogger(BaseApexLexer.class.getName());
jorjeLogger.setLevel(Level.WARNING);
Expand Down
24 changes: 18 additions & 6 deletions sfge/src/main/java/com/salesforce/rules/fls/apex/operations/FlsValidationCentral.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
import com.google.common.collect.Multimap;
import com.google.common.collect.Sets;
import com.salesforce.config.SfgeConfigProvider;
import com.salesforce.exception.TodoException;
import com.salesforce.exception.UnexpectedException;
import com.salesforce.graph.symbols.ScopeUtil;
import com.salesforce.graph.symbols.SymbolProvider;
Expand Down Expand Up @@ -156,18 +155,31 @@ public void createExpectedValidations(DmlStatementVertex vertex, SymbolProvider
final BaseSFVertex childVertex = dmlStatementVertexChildren.get(0);

final ValidationConverter validationConverter = new ValidationConverter(validationType);
final Set<FlsValidationRepresentation> validationReps;
final Set<FlsValidationRepresentation> validationReps = new HashSet<>();
if (childVertex instanceof ChainedVertex) {
final Optional<ApexValue<?>> apexValue =
ScopeUtil.resolveToApexValue(symbols, (ChainedVertex) childVertex);
if (apexValue.isPresent()) {
validationReps = validationConverter.convertToExpectedValidations(apexValue.get());
validationReps.addAll(
validationConverter.convertToExpectedValidations(apexValue.get()));
} else {
throw new TodoException(
"Apex value not detected for dml's child vertex: " + childVertex);
if (LOGGER.isWarnEnabled()) {
LOGGER.warn(
"TODO: Apex value not detected for dml's child vertex: " + childVertex);
// TODO: add telemetry
}
violations.add(
FlsViolationCreatorUtil.createUnresolvedCrudFlsViolation(
validationType, vertex));
Comment on lines +166 to +173
Copy link
Contributor Author

@rmohan20 rmohan20 Aug 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Related action happens here

}
} else {
throw new TodoException("Child vertex of DML is not a chained vertex: " + childVertex);
if (LOGGER.isWarnEnabled()) {
LOGGER.warn("TODO: Child vertex of DML is not a chained vertex: " + childVertex);
// TODO: add telemetry
}
violations.add(
FlsViolationCreatorUtil.createUnresolvedCrudFlsViolation(
validationType, vertex));
Comment on lines +180 to +182
Copy link
Contributor Author

@rmohan20 rmohan20 Aug 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is possibly an unexpected situation - we haven't seen it anywhere or had a repro, but I'm modifying it so that users don't see an internal error for this.

}

expectedValidations.addAll(validationReps);
Expand Down
4 changes: 2 additions & 2 deletions sfge/src/main/java/com/salesforce/rules/fls/apex/operations/FlsViolationCreatorUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
import com.salesforce.graph.ops.ApexValueUtil;
import com.salesforce.graph.symbols.apex.ApexValue;
import com.salesforce.graph.vertex.ChainedVertex;
import com.salesforce.graph.vertex.MethodCallExpressionVertex;
import com.salesforce.graph.vertex.SFVertex;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
Expand Down Expand Up @@ -85,7 +85,7 @@ static FlsViolationInfo getFlsViolationInfo(
}

static FlsViolationInfo createUnresolvedCrudFlsViolation(
FlsConstants.FlsValidationType validationType, MethodCallExpressionVertex sinkVertex) {
FlsConstants.FlsValidationType validationType, SFVertex sinkVertex) {
final FlsViolationInfo violationInfo = new UnresolvedCrudFlsViolationInfo(validationType);
violationInfo.setSinkVertex(sinkVertex);

Expand Down
81 changes: 81 additions & 0 deletions sfge/src/test/java/com/salesforce/rules/fls/apex/UnresolvedCrudFlsTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,4 +138,85 @@ public void testReadWithUnresolvedBinaryExpression() {
sourceCode,
expectUnresolvedCrudFls(3, FlsConstants.FlsValidationType.READ));
}

Copy link
Contributor Author

@rmohan20 rmohan20 Aug 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding more test cases to get a repro of how far we can resolve apex values.

@Test
public void testDmlOnSecondLevelObject() {
String sourceCode =
"public class MyClass {\n"
+ " public void foo(My_Obj__c myObj) {\n"
+ " myObj.Custom_Field__c.Name = 'Acme Inc.';\n"
+ " update myObj.Custom_Field__c;\n"
+ " }\n"
+ "}\n";

assertViolations(
ApexFlsViolationRule.getInstance(),
sourceCode,
expect(4, FlsConstants.FlsValidationType.UPDATE, "Custom_Field__c"));
}

@Test
public void testDmlOnReferenceObject() {
String sourceCode =
"public class MyClass {\n"
+ " public void foo(My_Obj__c myObj) {\n"
+ " myObj.Custom_Field__c.Reference__r.Name = 'Acme Inc.';\n"
+ " update myObj.Custom_Field__c.Reference__r;\n"
+ " }\n"
+ "}\n";

assertViolations(
ApexFlsViolationRule.getInstance(),
sourceCode,
expectUnresolvedCrudFls(4, FlsConstants.FlsValidationType.UPDATE));
}

@Test
public void testDmlOnMethodReturnValue() {
String sourceCode =
"public class MyClass {\n"
+ " public void foo() {\n"
+ " /* sfge-disable-next-line ApexFlsViolationRule */\n"
+ " List<SObject> accounts = [SELECT Id, Name FROM Account WHERE Type='something'];\n"
+ " Map<String, List<SObject>> listByType = new Map<String, List<SObject>>();\n"
+ " listByType.put('Account', accounts);\n"
+ " delete listByType.get('Account');\n"
+ " }\n"
+ "}\n";

assertViolations(
ApexFlsViolationRule.getInstance(),
sourceCode,
expect(7, FlsConstants.FlsValidationType.DELETE, "Account"));
}

@Test
public void testDmlOnMethodReturnValueIndeterminant() {
String sourceCode =
"public class MyClass {\n"
+ " public void foo(Map<String, List<SObject>> listByType) {\n"
+ " delete listByType.get('Account');\n"
+ " }\n"
+ "}\n";

assertViolations(
ApexFlsViolationRule.getInstance(),
sourceCode,
expect(3, FlsConstants.FlsValidationType.DELETE, "SObject"));
}

@Test
public void testDmlOnMethodInvokedbyMethod() {
String sourceCode =
"public class MyClass {\n"
+ " public void foo(Map<String, List<SObject>> listByType, Schema.SObjectType sObjectType) {\n"
+ " delete listByType.get(sObjectType.getDescribe().getName());\n"
+ " }\n"
+ "}\n";

assertViolations(
ApexFlsViolationRule.getInstance(),
sourceCode,
expect(3, FlsConstants.FlsValidationType.DELETE, "SObject"));
}
}