[apex] ApexCRUDViolation false positive reported

[BrunoS4G]

Affects PMD Version: 6.38

Rule: ApexCRUDViolation

Please provide the rule name and a link to the rule documentation:
https://pmd.github.io/latest/pmd_rules_apex_security.html#apexcrudviolation

Description:
PMD is reporting an error when checking if it possible to update it or not and the example in documentation does not resolve it. If you change that line by Case.SObjectType.getDescribe().isUpdateable() which is almost the same PMD does not report the issue.

Code Sample demonstrating the issue:

public with sharing class CaseSafeInitialQueueWorker extends AbstractWorker {

    private List<Case> casesToSetInitialQueue = new List<Case>();
    private Set<String> caseIdsToProcess = new Set<String>();
    @TestVisible
    private Map<String, Group> queueNameByQueueId = new Map<String, Group>([
            SELECT Id, Name
            FROM Group
            WHERE Type = 'Queue'
    ]);

    public override void bulkBeforeInsert() {
        Set<String> caseIds = new Set<String>();
        for (AgentWork agentWork : (List<AgentWork>) super.getNewRecords()) {
            if (agentWork.WorkItemId.getSobjectType() == Case.getSObjectType()) {
                caseIds.add(agentWork.WorkItemId);
            }
        }
        if (!caseIds.isEmpty()) {
            for (Case theCase : [SELECT Id, InitialQueue__c FROM Case WHERE Id IN :caseIds WITH SECURITY_ENFORCED]) {
                if (String.isBlank(theCase.InitialQueue__c)) {
                    this.caseIdsToProcess.add(theCase.Id);
                }
            }
        }
    }

    public override void beforeInsert(SObject so) {
        AgentWork agentWork = (AgentWork) so;
        if (this.caseIdsToProcess.contains(agentWork.WorkItemId)) {
            this.casesToSetInitialQueue.add(
                    new Case(
                            Id = agentWork.WorkItemId
                            , InitialQueue__c = this.queueNameByQueueId.get(agentWork.OriginalQueueId).Name
                    )
            );
        }
    }

    public override void andFinallyBefore() {
        if (!this.casesToSetInitialQueue.isEmpty() && Schema.SObjectType.Case.isUpdateable()) {
            update this.casesToSetInitialQueue;
        }
    }

}

Expected outcome:

PMD reports a violation at line 42, but that's wrong. That's a false positive.

Running PMD through: [Other] IntelliJ using Illuminated Cloud

[jonathanwiesel]

According to the docs it would seem that we currently asume the only way to obtain the DescribeSObjectResult from which to collect the CRUD checks from is from the getDescribe() method; however, the sObjectType static member variable also returns it:

Obtaining sObject Describe Results Using Tokens
To access the describe result for an sObject, use one of the following methods:

• Call the getDescribe method on an sObject token.
• Use the Schema sObjectType static variable with the name of the sObject. For example, Schema.sObjectType.Lead.
  
  Schema.DescribeSObjectResult is the data type for an sObject describe result.
  
  The following example uses the getDescribe method on an sObject token:
  Schema.DescribeSObjectResult dsr = Account.sObjectType.getDescribe();
  
  The following example uses the Schema sObjectType static member variable:
  Schema.DescribeSObjectResult dsr = Schema.SObjectType.Account;