[apex] Fix ApexCRUDViolation for triggers

2024-09-06 18:41:25 +02:00 · 2024-09-06 18:41:25 +02:00 · 6b0a2a1ffa
commit 6b0a2a1ffa
parent 92bab6a38f
2 changed files with 59 additions and 1 deletions
--- a/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexCRUDViolationRule.java
+++ b/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexCRUDViolationRule.java
@ -823,9 +823,30 @@ public class ApexCRUDViolationRule extends AbstractApexRule {
                    StringBuilder typeCheck = new StringBuilder().append(variableDeclFor.getDefiningType())
                            .append(":").append(type);

-                    validateCRUDCheckPresent(node, data, ANY, typeCheck.toString());
+                    violationAdded = validateCRUDCheckPresent(node, data, ANY, typeCheck.toString());
                }

+            } else {
+                for (String typeFromSOQL : typesFromSOQL) {
+                    violationAdded |= validateCRUDCheckPresent(node, data, ANY, typeFromSOQL);
+                }
+            }
+        }
+
+        // If the node's already in violation, we don't need to keep checking.
+        if (violationAdded) {
+            return;
+        }
+
+        final ASTFieldDeclarationStatements fieldDeclarationStatements = node.ancestors(ASTFieldDeclarationStatements.class).first();
+        if (fieldDeclarationStatements != null) {
+            String type = fieldDeclarationStatements.getTypeName();
+            type = getSimpleType(type);
+            StringBuilder typeCheck = new StringBuilder().append(fieldDeclarationStatements.getDefiningType())
+                    .append(":").append(type);
+
+            if (typesFromSOQL.isEmpty()) {
+                validateCRUDCheckPresent(node, data, ANY, typeCheck.toString());
            } else {
                for (String typeFromSOQL : typesFromSOQL) {
                    validateCRUDCheckPresent(node, data, ANY, typeFromSOQL);
--- a/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexCRUDViolation.xml
+++ b/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexCRUDViolation.xml
@ -1823,6 +1823,43 @@ public void coverAllCasesWithTest() {
    update as user c2;
 }
 }
+]]></code>
+    </test-code>
+
+    <test-code>
+        <description>SOQL and Update within trigger (#5138)</description>
+        <expected-problems>2</expected-problems>
+        <expected-linenumbers>6,14</expected-linenumbers>
+        <code><![CDATA[
+// from https://github.com/certinia/orizuru-sample-app/blob/master/src/apex/force-app/main/default/triggers/DataGeneratorStepTrigger.trigger
+trigger DataGeneratorStepTrigger on DataGeneratorStep__e (after insert) {
+
+    List<GenerateDataTask__c> tasks = new List<GenerateDataTask__c>();
+    for (DataGeneratorStep__e event : Trigger.New) {
+        GenerateDataTask__c task = [SELECT Id, TaskStatus__c FROM GenerateDataTask__c WHERE Id=:event.SObjectId__c LIMIT 1];
+
+        if (task.TaskStatus__c != 'CREATED_ORDERS') {
+            task.TaskStatus__c = event.Status__c;
+            tasks.add(task);
+        }
+    }
+
+    update tasks;
+}
+]]></code>
+    </test-code>
+
+    <test-code>
+        <description>SOQL in trigger (#5138)</description>
+        <expected-problems>1</expected-problems>
+        <expected-linenumbers>3</expected-linenumbers>
+        <code><![CDATA[
+// https://github.com/afawcett/dependencies-sample/blob/master/force-app/main/default/triggers/WidgetTrigger.trigger
+trigger WidgetTrigger on Widget__c (before insert) {
+    Widget__c w = [select Id, SomeFieldOnWidget2__c from Widget__c];
+    String test = Label.Test;
+    Type c = MyTest.class;
+}
 ]]></code>
    </test-code>
 </test-data>