New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[apex] AvoidHardcodingId false positives #776
Comments
@JAertgeerts didn't you add this rule. Can you make the regexp a bit smarter as describe here https://stackoverflow.com/questions/9742913/validating-a-salesforce-id? |
@up2go-rsoesemann @JAertgeerts @parksungrin the rule is implemented based on this description which is actually a little more strict on 15 chars ids. The rule is flawed for ids longer than 15 (it would allow, 16 and 17 chars "ids", and the 18 char ones are not validated). However, for this scenario of a 15 char string, it would still match. I don't think we can safely detect this as a FP and avoid it... |
The rule would need to incorporate also a checksum check as described here https://gist.github.com/jeriley/36b29f7c46527af4532aaf092c90dd56 A simple regex doesn't do the magic. |
@up2go-rsoesemann that checksum applies only to 18 digit ids. 15 digit ids would still be flagged as long as the sixth position is a 0. |
While not a solution for the false positive scenario where a 15 digit string is considered a Salesforce ID, the current pattern could be made stricter. pmd/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/errorprone/AvoidHardcodingIdRule.java Line 13 in e7e5e13
The following pattern:
Pattern.compile("^[a-zA-Z0-9]{5}0[a-zA-Z0-9]{9}([a-zA-Z0-5]{3})?$"); Also is |
@alan-morey thanks, that's exactly what I was going after. The checksum check can be done too. I'm flagging this for 6.1.0 release. |
- IDs are only 15, or 18 digits long - 18 digits long IDs are actually 15 digit IDs + checksum, which is now validated - Resolves pmd#776
Note: only solution right now is supressing the rule for the string.
Note: only solution for the specific string is right now to suppress the rule, like that:
|
Please, prefix the report title with the language it applies to within brackets, such as [java] or [apex]. If not specific to a language, you can use [core]
Rule Set:
6.0.0 Snapshoot
AvoidHardcodingId
Description:
15 digit number is indicated as Salesforce Id.
objAssetDevice.IMEI__c = '359040082913024';
Code Sample demonstrating the issue:
359040082913024 is not Salesforce Id but below code indicated as violation of AvoidHardcodingId
objAssetDevice.IMEI__c = '359040082913024';
Running PMD through: [CLI | Ant | Maven | Gradle | Designer | Other]
CLI
The text was updated successfully, but these errors were encountered: