hutte-recipes · mmoyaferrer · Mar 1, 2024 · Feb 28, 2024 · Feb 28, 2024 · Feb 28, 2024
diff --git a/.github/workflows/code-analyze.yml b/.github/workflows/code-analyze.yml
@@ -8,15 +8,22 @@ jobs:
     PMD:
         runs-on: ubuntu-latest
         steps:
-            - uses: actions/checkout@v4
-            - uses: actions/setup-node@v3
-            - name: Setup Salesforce CLI
-              run: |
-                  yarn global add @salesforce/cli
-                  sf plugins:install @salesforce/sfdx-scanner
-            - name: SF Code Analyzer - PMD
-              run: |
-                  sf scanner:run --engine pmd --target force-app --pmdconfig=config/pmd/ruleset.xml --format table --severity-threshold 3
+          - uses: actions/checkout@v4
+          - uses: actions/setup-node@v3
+          - name: Setup Salesforce CLI
+            run: |
+                yarn global add @salesforce/cli
+                sf plugins:install @salesforce/sfdx-scanner
+          - name: SF Code Analyzer - PMD - Report findings as comments
+            uses: mitchspano/[email protected]
+            with:
+              report-mode: comments
+              engine: pmd
+              pmdconfig: config/pmd/ruleset.xml
+              severity-threshold: 4
+              strictly-enforced-rules: '[{ "engine": "pmd", "category": "Performance", "rule": "AvoidDebugStatements" }]'
+            env:
+              GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     RetireJS:
         runs-on: ubuntu-latest
@@ -27,11 +34,16 @@ jobs:
               run: |
                   yarn global add @salesforce/cli
                   sf plugins:install @salesforce/sfdx-scanner
-            - name: SF Code Analyzer - RetireJS
-              run: |
-                  sf scanner:run --engine "retire-js" --target force-app --format table --severity-threshold 3
+            - name: SF Code Analyzer - RetireJS - Report findings as comments
+              uses: mitchspano/[email protected]
+              with:
+                report-mode: comments
+                engine: retire-js
+                severity-threshold: 4
+              env:
+                GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-    GraphEngine:
+    ESLint:
         runs-on: ubuntu-latest
         steps:
             - uses: actions/checkout@v4
@@ -40,11 +52,20 @@ jobs:
               run: |
                   yarn global add @salesforce/cli
                   sf plugins:install @salesforce/sfdx-scanner
-            - name: SF Code Analyzer - Data Flow Analysis
+            - name: Install deps
               run: |
-                  sf scanner:run:dfa --target force-app --projectdir force-app --format table --severity-threshold 3
+                  yarn install
+            - name: SF Code Analyzer - ESLint - Report findings as comments
+              uses: mitchspano/[email protected]
+              with:
+                report-mode: comments
+                engine: eslint
+                eslintconfig: .eslintrc.json
+                severity-threshold: 4
+              env:
+                GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-    ESLint:
+    GraphEngine:
         runs-on: ubuntu-latest
         steps:
             - uses: actions/checkout@v4
@@ -53,9 +74,6 @@ jobs:
               run: |
                   yarn global add @salesforce/cli
                   sf plugins:install @salesforce/sfdx-scanner
-            - name: Install deps
-              run: |
-                  yarn install
-            - name: SF Code Analyzer - ESLint
+            - name: SF Code Analyzer - Data Flow Analysis
               run: |
-                  sf scanner:run --engine eslint --eslintconfig=.eslintrc.json --target "force-app/**/*.js" --format table --severity-threshold 3
+                  sf scanner:run:dfa --target force-app --projectdir force-app --format table --severity-threshold 3
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -4,6 +4,8 @@ on:
     push:
         branches:
             - main
+        paths:
+            - force-app/**
 
 jobs:
     code-analyze:

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -2,6 +2,10 @@ name: Pull Request
 
 on:
     pull_request:
+        branches:
+            - main
+        paths:
+            - force-app/**
 
 jobs:
     code-analyze:

diff --git a/force-app/main/default/classes/Greeter.cls b/force-app/main/default/classes/Greeter.cls
@@ -0,0 +1,6 @@
+public class Greeter {
+  // this is another test
+  public static String greet(String name) {
+    return 'Hello ' + name + ' from Greeter';
+  }
+}
diff --git a/force-app/main/default/classes/Greeter.cls-meta.xml b/force-app/main/default/classes/Greeter.cls-meta.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<ApexClass xmlns="http://soap.sforce.com/2006/04/metadata">
+    <apiVersion>50.0</apiVersion>
+    <status>Active</status>
+</ApexClass>
diff --git a/force-app/main/default/classes/Test_Greeter.cls b/force-app/main/default/classes/Test_Greeter.cls
@@ -0,0 +1,7 @@
+@isTest
+private class Test_Greeter {
+  @isTest
+  static void greet() {
+    System.assertEquals(Greeter.greet('John'), 'Hello John from Greeter');
+  }
+}
diff --git a/force-app/main/default/classes/Test_Greeter.cls-meta.xml b/force-app/main/default/classes/Test_Greeter.cls-meta.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<ApexClass xmlns="http://soap.sforce.com/2006/04/metadata">
+    <apiVersion>50.0</apiVersion>
+    <status>Active</status>
+</ApexClass>
diff --git a/force-app/main/default/classes/UglyUpdateCtrl.cls b/force-app/main/default/classes/UglyUpdateCtrl.cls
@@ -0,0 +1,8 @@
+// Note: This class contains a FLS vulnerability to demo Salesforce Code Analyzer
+public without sharing class UglyUpdateCtrl {
+    @AuraEnabled
+    public void execute(Account account) {
+        account.Description = 'My code should not perform DML without enforcing field level security';
+        update account;
+    }
+}
diff --git a/force-app/main/default/classes/UglyUpdateCtrl.cls-meta.xml b/force-app/main/default/classes/UglyUpdateCtrl.cls-meta.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ApexClass xmlns="http://soap.sforce.com/2006/04/metadata">
+    <apiVersion>57.0</apiVersion>
+    <status>Active</status>
+</ApexClass>
diff --git a/force-app/main/default/lwc/helloWorld/__tests__/helloWorld.test.js b/force-app/main/default/lwc/helloWorld/__tests__/helloWorld.test.js
@@ -22,4 +22,4 @@ describe('c-hello-world', () => {
         // const div = element.shadowRoot.querySelector('div');
         expect(1).toBe(1);
     });
-});
+});
diff --git a/force-app/main/default/lwc/helloWorld/helloWorld.html b/force-app/main/default/lwc/helloWorld/helloWorld.html
@@ -1 +1,3 @@
-<template> Hello World </template>
+<template>
+
+</template>
diff --git a/force-app/main/default/lwc/helloWorld/helloWorld.js b/force-app/main/default/lwc/helloWorld/helloWorld.js
@@ -1,3 +1,10 @@
 import { LightningElement } from 'lwc';
 
-export default class HelloWorld extends LightningElement {}
+export default class HelloWorld extends LightningElement {
+
+    connectedCallback() {
+        // Vulnerable code snippet
+        var userInput = "<script>alert('XSS vulnerability!');</script>";
+        document.getElementById("output").innerHTML = userInput;
+    }
+}
diff --git a/force-app/main/default/lwc/helloWorld/helloWorld.js-meta.xml b/force-app/main/default/lwc/helloWorld/helloWorld.js-meta.xml
@@ -1,5 +1,5 @@
-<?xml version="1.0" encoding="UTF-8" ?>
+<?xml version="1.0" encoding="UTF-8"?>
 <LightningComponentBundle xmlns="http://soap.sforce.com/2006/04/metadata">
-    <apiVersion>58.0</apiVersion>
+    <apiVersion>57.0</apiVersion>
     <isExposed>false</isExposed>
-</LightningComponentBundle>
+</LightningComponentBundle>
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,8 @@ on: @@
         push:
             branches:
                 - main
+            paths:
+                - force-app/**
     jobs:
         code-analyze:
@@ Expand Down @@