@flow-scanner/lightning-flow-scanner-core 6.17.1 → 6.17.2

package/src/main/rules/FlowDescription.ts

@@ -1,34 +0,0 @@
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-
-export class FlowDescription extends RuleCommon implements IRuleDefinition {
-  constructor() {
-    super({
-      ruleId: "missing-flow-description",
-      category: "layout",
-      description: "Flow descriptions are essential for documentation and maintainability. Include a description for each Flow, explaining its purpose and where it's used.",
-      summary: "Flow descriptions improve documentation and maintainability",
-      docRefs: [],
-      label: "Missing Flow Description",
-      name: "FlowDescription",
-      supportedTypes: [...core.FlowType.backEndTypes, ...core.FlowType.visualTypes],
-    }, { severity: "error" });
-  }
-
-  protected check(
-    flow: core.Flow,
-    _options: object | undefined,
-    _suppressions: Set<string>
-  ): core.Violation[] {
-    if (flow.xmldata?.description) {
-      return [];
-    }
-
-    return [
-      new core.Violation(
-        new core.FlowAttribute("undefined", "description", "!==null")
-      )
-    ];
-  }
-}

package/src/main/rules/FlowName.ts

@@ -1,49 +0,0 @@
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-import { NamingConvention } from "@flow-scanner/regex-scanner";
-import { toMetadataFile, toViolations } from "../config/RegexAdapter";
-
-/**
- * Flow naming convention rule.
- * This is a wrapper around the regex-scanner's NamingConvention rule,
- * maintaining backward compatibility with the core scanner interface.
- */
-export class FlowName extends RuleCommon implements IRuleDefinition {
-  private regexRule = new NamingConvention();
-
-  constructor() {
-    super({
-      ruleId: "invalid-naming-convention",
-      category: "layout",
-      description: "Using clear and consistent Flow names improves readability, discoverability, and maintainability. A good naming convention helps team members quickly understand a Flow's purpose—for example, including a domain and brief description like Service_OrderFulfillment. Adopt a naming pattern that aligns with your organization's standards.",
-      summary: "Consistent naming improves Flow discoverability and maintainability",
-      docRefs: [
-        {
-          label: "Naming your Flows is more critical than ever. By Stephen Church",
-          path: "https://www.linkedin.com/posts/stephen-n-church_naming-your-flows-this-is-more-critical-activity-7099733198175158274-1sPx",
-        },
-      ],
-      label: "Flow Naming Convention",
-      name: "FlowName",
-      supportedTypes: core.FlowType.allTypes(),
-    }, { severity: "error" });
-  }
-
-  protected check(
-    flow: core.Flow,
-    options: { expression?: string } | undefined,
-    _suppressions: Set<string>
-  ): core.Violation[] {
-    // Convert Flow to MetadataFile for regex-scanner
-    const metadataFile = toMetadataFile(flow);
-
-    // Execute regex rule
-    const regexViolations = this.regexRule.execute(metadataFile, {
-      expression: options?.expression,
-    });
-
-    // Convert back to core Violations
-    return toViolations(regexViolations);
-  }
-}

package/src/main/rules/GetRecordAllFields.ts

@@ -1,65 +0,0 @@
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-
-export class GetRecordAllFields extends RuleCommon implements IRuleDefinition {
-  constructor() {
-    super(
-      {
-        ruleId: "get-record-all-fields",
-        category: "suggestion",
-        description: "Avoid using Get Records to retrieve all fields unless necessary. This improves performance, reduces processing time, and limits exposure of unnecessary data.",
-        summary: "Retrieving all fields harms performance and security",
-        docRefs: [
-          {
-            label: "Get Records Stores All Fields",
-            path: "https://developer.salesforce.com/docs/atlas.en-us.salesforce_large_data_volumes_bp.meta/salesforce_large_data_volumes_bp/ldv_deployments_best_practices_soql_and_sosl.htm",
-          },
-          {
-            label: "Indexes | Best Practices",
-            path: "https://developer.salesforce.com/docs/atlas.en-us.salesforce_large_data_volumes_bp.meta/salesforce_large_data_volumes_bp/ldv_deployments_infrastructure_indexes.htm",
-          },
-        ],
-        label: "Get Record All Fields",
-        name: "GetRecordAllFields",
-        supportedTypes: core.FlowType.allTypes(),
-      },
-      { severity: "warning" }
-    );
-  }
-
-  protected check(
-    flow: core.Flow,
-    _options: object | undefined,
-    _suppressions: Set<string>
-  ): core.Violation[] {
-    const lookupNodes = flow.elements?.filter(
-      (e) => e.subtype === "recordLookups"
-    ) ?? [];
-
-    const violations = lookupNodes
-      .filter((node) => {
-        const el = (node as core.FlowNode).element as core.FlowElement;
-
-        const storeAllFields =
-          typeof el === "object" &&
-          "storeOutputAutomatically" in el &&
-          el.storeOutputAutomatically;
-
-        // Handle both single field (string) and multiple fields (array)
-        const queriedFields = (el as any).queriedFields;
-        const hasQueriedFields =
-          queriedFields &&
-          (
-            (Array.isArray(queriedFields) && queriedFields.length > 0) ||
-            typeof queriedFields === "string"
-          );
-
-        return storeAllFields && !hasQueriedFields;
-      })
-      .map((node) => new core.Violation(node));
-
-    return violations;
-  }
-
-}

package/src/main/rules/HardcodedId.ts

@@ -1,51 +0,0 @@
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-import { HardcodedId as RegexHardcodedId } from "@flow-scanner/regex-scanner";
-import { toMetadataFile, toViolations } from "../config/RegexAdapter";
-
-/**
- * Hardcoded Salesforce ID detection rule.
- * This is a wrapper around the regex-scanner's HardcodedId rule,
- * maintaining backward compatibility with the core scanner interface.
- */
-export class HardcodedId extends RuleCommon implements IRuleDefinition {
-  private regexRule = new RegexHardcodedId();
-
-  constructor() {
-    super({
-      ruleId: "hardcoded-id",
-      name: "HardcodedId",
-      category: "problem",
-      label: "Hardcoded Salesforce Id",
-      description: "Avoid hard-coding record IDs, as they are unique to a specific org and will not work in other environments. Instead, store IDs in variables—such as merge-field URL parameters or a **Get Records** element—to make the Flow portable, maintainable, and flexible.",
-      summary: "Hardcoded IDs break portability across environments",
-      supportedTypes: core.FlowType.allTypes(),
-      docRefs: [
-        {
-          label: "Flow Best Practices",
-          path: "https://help.salesforce.com/s/articleView?id=sf.flow_prep_bestpractices.htm&type=5",
-        },
-        {
-          label: "Don't hard code Record Type IDs in Flow. By Stephen Church.",
-          path: "https://www.linkedin.com/feed/update/urn:li:activity:6947530300012826624/",
-        },
-      ],
-    }, { severity: "error" });
-  }
-
-  protected check(
-    flow: core.Flow,
-    _options: object | undefined,
-    _suppressions: Set<string>
-  ): core.Violation[] {
-    // Convert Flow to MetadataFile for regex-scanner
-    const metadataFile = toMetadataFile(flow);
-
-    // Execute regex rule
-    const regexViolations = this.regexRule.execute(metadataFile);
-
-    // Convert back to core Violations
-    return toViolations(regexViolations);
-  }
-}

package/src/main/rules/HardcodedSecret.ts

@@ -1,51 +0,0 @@
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-import { HardcodedSecret as RegexHardcodedSecret } from "@flow-scanner/regex-scanner";
-import { toMetadataFile, toViolations } from "../config/RegexAdapter";
-
-/**
- * Hardcoded secrets detection rule.
- * This is a wrapper around the regex-scanner's HardcodedSecret rule,
- * maintaining backward compatibility with the core scanner interface.
- */
-export class HardcodedSecret extends RuleCommon implements IRuleDefinition {
-  private regexRule = new RegexHardcodedSecret();
-
-  constructor() {
-    super({
-      ruleId: "hardcoded-secret",
-      name: "HardcodedSecret",
-      category: "problem",
-      label: "Hardcoded Secret",
-      description: "Avoid hardcoding secrets, API keys, tokens, or credentials in Flows. These should be stored securely in Named Credentials, Custom Settings, Custom Metadata, or external secret management systems.",
-      summary: "Hardcoded secrets pose security risks",
-      supportedTypes: core.FlowType.allTypes(),
-      docRefs: [
-        {
-          label: "Salesforce Named Credentials",
-          path: "https://help.salesforce.com/s/articleView?id=sf.named_credentials_about.htm",
-        },
-        {
-          label: "OWASP Secrets Management Cheat Sheet",
-          path: "https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html",
-        },
-      ],
-    }, { severity: "error" });
-  }
-
-  protected check(
-    flow: core.Flow,
-    _options: object | undefined,
-    _suppressions: Set<string>
-  ): core.Violation[] {
-    // Convert Flow to MetadataFile for regex-scanner
-    const metadataFile = toMetadataFile(flow);
-
-    // Execute regex rule
-    const regexViolations = this.regexRule.execute(metadataFile);
-
-    // Convert back to core Violations
-    return toViolations(regexViolations);
-  }
-}

package/src/main/rules/HardcodedUrl.ts

@@ -1,54 +0,0 @@
-import { Flow, FlowType, Violation } from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-import { HardcodedUrl as RegexHardcodedUrl } from "@flow-scanner/regex-scanner";
-import { toMetadataFile, toViolations } from "../config/RegexAdapter";
-
-/**
- * Hardcoded Salesforce URL detection rule.
- * This is a wrapper around the regex-scanner's HardcodedUrl rule,
- * maintaining backward compatibility with the core scanner interface.
- */
-export class HardcodedUrl extends RuleCommon implements IRuleDefinition {
-  private regexRule = new RegexHardcodedUrl();
-
-  constructor() {
-    super(
-      {
-        ruleId: "hardcoded-url",
-        category: "problem",
-        description: "Avoid hard-coding URLs, as they may change between environments or over time. Instead, store URLs in variables or custom settings to make the Flow adaptable, maintainable, and environment-independent.",
-        summary: "Hardcoded URLs break across different environments",
-        docRefs: [
-          {
-            label: "The Ultimate Guide to Salesforce Flow Best Practices",
-            path: "https://admin.salesforce.com/blog/2021/the-ultimate-guide-to-flow-best-practices-and-standards",
-          },
-          {
-            label: "Why You Should Avoid Hard Coding and Three Alternative Solutions",
-            path: "https://admin.salesforce.com/blog/2021/why-you-should-avoid-hard-coding-and-three-alternative-solutions",
-          },
-        ],
-        label: "Hardcoded Salesforce Url",
-        name: "HardcodedUrl",
-        supportedTypes: FlowType.allTypes(),
-      },
-      { severity: "error" }
-    );
-  }
-
-  protected check(
-    flow: Flow,
-    _options: object | undefined,
-    _suppressions: Set<string>
-  ): Violation[] {
-    // Convert Flow to MetadataFile for regex-scanner
-    const metadataFile = toMetadataFile(flow);
-
-    // Execute regex rule
-    const regexViolations = this.regexRule.execute(metadataFile);
-
-    // Convert back to core Violations
-    return toViolations(regexViolations);
-  }
-}

package/src/main/rules/InactiveFlow.ts

@@ -1,33 +0,0 @@
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-
-export class InactiveFlow extends RuleCommon implements IRuleDefinition {
-  constructor() {
-    super({
-      ruleId: "inactive-flow",
-      category: "suggestion",
-      name: "InactiveFlow",
-      label: "Inactive Flow",
-      description: "Inactive Flows should be deleted or archived to reduce risk. Even when inactive, they can cause unintended record changes during testing or be activated as subflows. Keeping only active, relevant Flows improves safety and maintainability.",
-      summary: "Inactive Flows should be deleted or archived",
-      supportedTypes: core.FlowType.allTypes(),
-      docRefs: [],
-    });
-  }
-
-  protected check(
-    flow: core.Flow,
-    _options: object | undefined,
-    _suppressions: Set<string>
-  ): core.Violation[] {
-    if (flow.status !== "Active") {
-      return [
-        new core.Violation(
-          new core.FlowAttribute(flow.status, "status", "!= Active")
-        ),
-      ];
-    }
-    return [];
-  }
-}

package/src/main/rules/MissingFaultPath.ts

@@ -1,105 +0,0 @@
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-
-export class MissingFaultPath extends RuleCommon implements IRuleDefinition {
-  protected applicableElements: string[] = [
-    "recordLookups",
-    "recordDeletes",
-    "recordUpdates",
-    "recordCreates",
-    "waits",
-    "actionCalls",
-    "apexPluginCalls",
-  ];
-
-  constructor() {
-    super({
-      ruleId: "missing-fault-path",
-      category: "problem",
-      description: "Elements that can fail should include a Fault Path to handle errors gracefully. Without it, failures show generic errors to users. Fault Paths improve reliability and user experience.",
-      summary: "Fault Paths enable graceful error handling",
-      docRefs: [
-        {
-          label: "Flow Best Practices",
-          path: "https://help.salesforce.com/s/articleView?id=sf.flow_prep_bestpractices.htm&type=5",
-        },
-      ],
-      label: "Missing Fault Path",
-      name: "MissingFaultPath",
-      supportedTypes: [...core.FlowType.backEndTypes, ...core.FlowType.visualTypes],
-    });
-  }
-
-  private isValidSubtype(proxyNode: core.FlowNode): boolean {
-    if (!this.applicableElements.includes(proxyNode.subtype)) {
-      return false;
-    }
-    
-    // Exclude specific wait element subtypes that don't need fault paths
-    if (proxyNode.subtype === "waits") {
-      const elementSubtype: string = (proxyNode.element as Record<string, unknown>)?.["elementSubtype"] as string;
-      const excludedSubtypes: string[] = ["WaitDuration", "WaitDate"];
-      return !excludedSubtypes.includes(elementSubtype);
-    }
-    
-    return true;
-  }
-
-  protected check(
-    flow: core.Flow,
-    _options: object | undefined,
-    suppressions: Set<string>
-  ): core.Violation[] {
-    const results: core.Violation[] = [];
-    
-    const elementsWhereFaultPathIsApplicable = (
-      flow.elements.filter((node) => {
-        const proxyNode = node as unknown as core.FlowNode;
-        return this.isValidSubtype(proxyNode);
-      }) as core.FlowNode[]
-    ).map((e) => e.name);
-
-    // Check if this is a RecordBeforeSave flow
-    const isRecordBeforeSave = this.isRecordBeforeSaveFlow(flow);
-
-    const visitCallback = (element: core.FlowNode) => {
-      if (
-        !element?.connectors?.find((connector) => connector.type === "faultConnector") &&
-        elementsWhereFaultPathIsApplicable.includes(element.name)
-      ) {
-        // Skip record updates in before-save flows (they're safe by design)
-        if (isRecordBeforeSave && element.subtype === "recordUpdates") {
-          return;
-        }
-        
-        if (!this.isPartOfFaultHandlingFlow(element, flow)) {
-          if (!suppressions.has(element.name)) {
-            results.push(new core.Violation(element));
-          }
-        }
-      }
-    };
-
-    flow.graph?.forEachReachable(visitCallback);
-
-    return results;
-  }
-
-  /**
-   *  Determine if this is a RecordBeforeSave flow.
-   */
-  private isRecordBeforeSaveFlow(flow: core.Flow): boolean {
-    if (flow.startNode?.element) {
-      const triggerType = (flow.startNode.element as Record<string, unknown>)?.["triggerType"];
-      if (triggerType === "RecordBeforeSave") {
-        return true;
-      }
-    }
-    return false;
-  }
-
-  private isPartOfFaultHandlingFlow(element: core.FlowNode, flow: core.Flow): boolean {
-    return flow.graph?.isPartOfFaultHandling(element.name) || false;
-  }
-}

package/src/main/rules/MissingMetadataDescription.ts

@@ -1,42 +0,0 @@
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-
-export class MissingMetadataDescription extends RuleCommon implements IRuleDefinition {
-  constructor() {
-    super({
-      ruleId: "missing-metadata-description",
-      category: "layout",
-      description: "Elements and metadata without a description reduce clarity and maintainability. Adding descriptions improves readability and makes your automation easier to understand.",
-      summary: "Element descriptions improve clarity and maintainability",
-      docRefs: [],
-      label: "Missing Metadata Description",
-      name: "MissingMetadataDescription",
-      supportedTypes: core.FlowType.allTypes(),
-    }, { severity: "warning" });
-  }
-
-  protected check(
-    flow: core.Flow,
-    _options: object | undefined,
-    _suppression: Set<string>
-  ): core.Violation[] {
-    const violations: core.Violation[] = [];
-
-    flow.elements
-      .filter((elem) => {
-        if (
-          elem.metaType !== "attribute" &&
-          !elem.element["description"] &&
-          elem.subtype !== "start"
-        ) {
-          return elem;
-        }
-      })
-      .forEach((elem) => {
-        return violations.push(new core.Violation(elem));
-      });
-
-    return violations;
-  }
-}

package/src/main/rules/MissingNullHandler.ts

@@ -1,126 +0,0 @@
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-export class MissingNullHandler extends RuleCommon implements IRuleDefinition {
-  constructor() {
-    super({
-      ruleId: "missing-null-handler",
-      category: "problem",
-      description: "Get Records operations return null when no data is found. Without handling these null values, Flows can fail or produce unintended results. Adding a null check improves reliability and ensures the Flow behaves as expected.",
-      summary: "Null checks prevent failures from missing records",
-      docRefs: [],
-      label: "Missing Null Handler",
-      name: "MissingNullHandler",
-      supportedTypes: [...core.FlowType.backEndTypes, ...core.FlowType.visualTypes],
-    });
-  }
-
-  protected check(
-    flow: core.Flow,
-    _options: object | undefined,
-    suppressions: Set<string>
-  ): core.Violation[] {
-    const getOperations = ["recordLookups"];
-    const getOperationElements: core.FlowNode[] = flow.elements.filter(
-      (node) => node.metaType === "node" && getOperations.includes(node.subtype)
-    ) as core.FlowNode[];
-
-    const decisionElements: core.FlowNode[] = flow.elements.filter(
-      (node) => node.metaType === "node" && node.subtype === "decisions"
-    ) as core.FlowNode[];
-
-    const violations: core.FlowNode[] = [];
-
-    for (const getElement of getOperationElements) {
-      if (suppressions.has(getElement.name)) continue;
-
-      const elementName = getElement.name;
-      const assignNulls = String(getElement.element["assignNullValuesIfNoRecordsFound"]).toLowerCase() === "true";
-
-      const hasFaultConnector =
-        !!getElement.element["faultConnector"] ||
-        getElement.connectors?.some((c) => c.type === "faultConnector");
-
-      // Only skip if NOT assigning nulls AND has fault connector
-      // (because fault will catch the "no records" error)
-      if (!assignNulls && hasFaultConnector) {
-        continue;
-      }
-
-      const resultReferences: string[] = [];
-      if (getElement.element["storeOutputAutomatically"]) {
-        resultReferences.push(elementName);
-      } else if (getElement.element["outputReference"]) {
-        resultReferences.push(getElement.element["outputReference"] as string);
-      } else if (getElement.element["outputAssignments"]) {
-        const assignments = getElement.element["outputAssignments"] as any[];
-        for (const a of assignments) {
-          resultReferences.push(a.assignToReference);
-        }
-      }
-
-      const resultIsUsed = flow.elements.some((el) => {
-        if (el.name === getElement.name) return false;
-        const json = JSON.stringify(el.element);
-        return resultReferences.some(
-          (ref) => json.includes(`"${ref}"`) || json.includes(`"${ref}.`)
-        );
-      });
-
-      if (!resultIsUsed) continue;
-
-      // If assignNullValuesIfNoRecordsFound is TRUE, we need a null check decision
-      if (!assignNulls) {
-        // If FALSE and no fault connector, that's also a problem
-        // (already handled above)
-        continue;
-      }
-
-      let nullCheckFound = false;
-      for (const decision of decisionElements) {
-        let rules = decision.element["rules"];
-        if (!Array.isArray(rules)) rules = [rules];
-
-        for (const rule of rules) {
-          let conditions = rule.conditions;
-          if (!Array.isArray(conditions)) conditions = [conditions];
-
-          for (const condition of conditions) {
-            let referenceFound = false;
-            let isNullOperator = false;
-            let checksFalse = false;
-
-            if (condition.leftValueReference) {
-              const ref = condition.leftValueReference as string;
-              if (resultReferences.some((r) => ref.startsWith(r))) {
-                referenceFound = true;
-              }
-            }
-
-            if (condition.operator === "IsNull") {
-              isNullOperator = true;
-            }
-
-            const rightBool = condition.rightValue?.booleanValue;
-            if (rightBool != null && String(rightBool).toLowerCase() === "false") {
-              checksFalse = true;
-            }
-
-            if (referenceFound && isNullOperator && checksFalse) {
-              nullCheckFound = true;
-              break;
-            }
-          }
-          if (nullCheckFound) break;
-        }
-        if (nullCheckFound) break;
-      }
-
-      if (!nullCheckFound) {
-        violations.push(getElement);
-      }
-    }
-
-    return violations.map((det) => new core.Violation(det));
-  }
-}

package/src/main/rules/MissingRecordTriggerFilter.ts

@@ -1,51 +0,0 @@
-import * as core from "../internals/internals";
-import { RuleCommon } from "../models/RuleCommon";
-import { IRuleDefinition } from "../interfaces/IRuleDefinition";
-
-export class MissingRecordTriggerFilter extends RuleCommon implements IRuleDefinition {
-  constructor() {
-    super({
-      ruleId: "missing-record-trigger-filter",
-      category: "suggestion",
-      name: "MissingRecordTriggerFilter",
-      label: "Missing Filter Record Trigger",
-      description: "Record-triggered Flows without filters on changed fields or entry conditions execute on every record change. Adding filters ensures the Flow runs only when needed, improving performance.",
-      summary: "Filters ensure Flows run only when needed",
-      supportedTypes: [core.FlowType.autolaunchedType],
-      docRefs: [],
-    }, { severity: "warning" });
-  }
-
-  protected check(
-  flow: core.Flow,
-  _options: object | undefined,
-  _suppressions: Set<string>
-): core.Violation[] {
-  const violations: core.Violation[] = [];
-  // Check if this is a record-triggered flow
-  const triggerType = this.getStartProperty(flow, 'triggerType');
-  // Only check flows with record trigger types
-  if (!triggerType || !["RecordAfterSave", "RecordBeforeSave"].includes(triggerType)) {
-    return violations;
-  }
-  // Check if the flow has filters or entry conditions at the flow level
-  const filters = this.getStartProperty(flow, 'filters');
-
-  const hasFilters = !!filters;
-  const scheduledPaths = flow.xmldata?.start?.scheduledPaths;
-  const hasScheduledPaths = !!scheduledPaths;
-  // If no filters or scheduled paths (which have their own conditions), flag as violation
-  if (!hasFilters && !hasScheduledPaths) {
-    violations.push(
-      new core.Violation(
-        new core.FlowAttribute(
-          triggerType,
-          "triggerType",
-          "autolaunched && triggerType"
-        )
-      )
-    );
-  }
-  return violations;
-}
-}