@flow-scanner/lightning-flow-scanner-core 6.6.2 → 6.6.4

package/tests/ExportSarif.test.ts

@@ -0,0 +1,61 @@
+import { describe, expect, it } from "@jest/globals";
+import * as path from "path";
+import * as core from "../src";
+
+describe("exportSarif()", () => {
+  const badFlowPath = path.join(__dirname, "../../../assets/example-flows/force-app/main/default/flows/demo/DML_Statement_In_A_Loop.flow-meta.xml");
+  const goodFlowPath = path.join(__dirname, "../../../assets/example-flows/force-app/main/default/flows/testing/Duplicate_DML_Operation_Fixed.flow-meta.xml");
+  const config = {
+    rules: {
+      DMLStatementInLoop: { severity: "error" },
+    },
+  };
+  it("generates valid SARIF with real file path and line numbers", async () => {
+    const flows = await core.parse([badFlowPath]);
+    const results = core.scan(flows, config);
+    const sarif = core.exportSarif(results);
+   
+    const json = JSON.parse(sarif);
+    // SARIF structure
+    expect(json.version).toBe("2.1.0");
+    expect(json.runs).toHaveLength(1);
+    expect(json.runs[0].tool.driver.name).toBe("Lightning Flow Scanner");
+    // Artifacts: real path (relative or absolute containing the substring)
+    const artifactUri = json.runs[0].artifacts[0].location.uri;
+    expect(artifactUri).toContain("force-app/main/default/flows/demo/DML_Statement_In_A_Loop.flow-meta.xml");
+    // Results: one issue
+    const resultsArray = json.runs[0].results;
+    expect(resultsArray).toHaveLength(1);
+    expect(resultsArray[0].ruleId).toBe("DMLStatementInLoop");
+    expect(resultsArray[0].level).toBe("error");
+    // Location: has region
+    const region = resultsArray[0].locations[0].physicalLocation.region;
+    expect(region).toBeDefined();
+    expect(typeof region.startLine).toBe("number");
+    expect(typeof region.startColumn).toBe("number");
+    expect(region.startLine).toBeGreaterThanOrEqual(1);
+    expect(region.startColumn).toBeGreaterThanOrEqual(1);
+    // Message
+    expect(resultsArray[0].message.text).toContain("createNewCase");
+  });
+  it("generates empty results for fixed flow", async () => {
+    const flows = await core.parse([goodFlowPath]);
+    const results = core.scan(flows, config);
+    const sarif = core.exportSarif(results);
+   
+    const json = JSON.parse(sarif);
+    expect(json.runs[0].results).toHaveLength(0);
+  });
+  it("falls back to virtual URI when no fsPath", async () => {
+    const flows = await core.parse([badFlowPath]);
+    // Simulate browser: remove fsPath and set virtual uri with subdir structure
+    flows[0].flow.fsPath = undefined;
+    flows[0].flow.uri = "flows/demo/DML_Statement_In_A_Loop.flow-meta.xml";
+    const results = core.scan(flows, config);
+    const sarif = core.exportSarif(results);
+    const json = JSON.parse(sarif);
+   
+    const uri = json.runs[0].artifacts[0].location.uri;
+    expect(uri).toBe("flows/demo/DML_Statement_In_A_Loop.flow-meta.xml");
+  });
+});

package/tests/FlowDescription.test.ts

@@ -0,0 +1,42 @@
+import * as core from "../src";
+import * as path from "path";
+
+import { describe, it, expect } from "@jest/globals";
+
+describe("FlowDescription", () => {
+  const example_uri = path.join(__dirname, "../../../assets/example-flows/force-app/main/default/flows/demo/Missing_Flow_Description.flow-meta.xml");
+  const fixed_uri = path.join(__dirname, "../../../assets/example-flows/force-app/main/default/flows/testing/Missing_Flow_Description_Fixed.flow-meta.xml");
+
+  it("should return a result when missing a description", async () => {
+    const flows = await core.parse([example_uri]);
+    const ruleConfig = {
+      rules: {
+        FlowDescription: {
+          severity: "error",
+        },
+      },
+    };
+
+    const results: core.ScanResult[] = core.scan(flows, ruleConfig);
+    const occurringResults = results[0].ruleResults.filter((rule) => rule.occurs);
+    expect(occurringResults).toHaveLength(1);
+    expect(occurringResults[0].ruleName).toBe("FlowDescription");
+  });
+
+  it("should have no result when provided a description", async () => {
+    const flows = await core.parse([fixed_uri]);
+    const ruleConfig = {
+      rules: {
+        FlowDescription: {
+          severity: "error",
+        },
+      },
+    };
+
+    const results: core.ScanResult[] = core.scan(flows, ruleConfig);
+
+    expect(results[0].ruleResults).toHaveLength(1);
+    expect(results[0].ruleResults[0].ruleName).toBe("FlowDescription");
+    expect(results[0].ruleResults[0].occurs).toBe(false);
+  });
+});

package/tests/FlowName.test.ts

@@ -0,0 +1,62 @@
+import * as core from "../src";
+import * as path from "path";
+
+import { describe, it, expect } from "@jest/globals";
+
+describe("FlowName", () => {
+  const example_uri = path.join(__dirname, "../../../assets/example-flows/force-app/main/default/flows/demo/FlowNamingConvention.flow-meta.xml");
+  const fixed_uri = path.join(__dirname, "../../../assets/example-flows/force-app/main/default/flows/testing/Flow_Naming_Convention_Fixed.flow-meta.xml");
+
+  it("should have a result when not in line with conventions", async () => {
+    const flows = await core.parse([example_uri]);
+    const ruleConfig = {
+      rules: {
+        FlowName: {
+          severity: "error",
+          expression: "[A-Za-z0-9]+_[A-Za-z0-9]+",
+        },
+      },
+    };
+
+    const results: core.ScanResult[] = core.scan(flows, ruleConfig);
+    expect(results[0].ruleResults).toHaveLength(1);
+    expect(results[0].ruleResults[0].ruleName).toBe("FlowName");
+    expect(results[0].ruleResults[0].occurs).toBe(true);
+  });
+
+  it("should have no result when defined as exception", async () => {
+    const flows = await core.parse([example_uri]);
+    const ruleConfig = {
+      rules: {
+        FlowName: {
+          severity: "error",
+          expression: "[0-9]",
+        },
+      },
+      exceptions: {
+        FlowNamingConvention: { FlowName: ["FlowNamingConvention"] },
+      },
+    };
+
+    const results: core.ScanResult[] = core.scan(flows, ruleConfig);
+    expect(results[0].ruleResults).toHaveLength(1);
+    expect(results[0].ruleResults[0].ruleName).toBe("FlowName");
+    expect(results[0].ruleResults[0].occurs).toBe(false);
+  });
+
+  it("should not have a result when in line with conventions", async () => {
+    const flows = await core.parse([fixed_uri]);
+    const ruleConfig = {
+      rules: {
+        FlowName: {
+          severity: "error",
+          expression: "[A-Za-z0-9]+_[A-Za-z0-9]+",
+        },
+      },
+    };
+
+    const results: core.ScanResult[] = core.scan(flows, ruleConfig);
+    const occurringResults = results[0].ruleResults.filter((rule) => rule.occurs);
+    expect(occurringResults).toHaveLength(0);
+  });
+});

package/tests/GetRecordElementAllFields.test.ts

@@ -0,0 +1,180 @@
+import { ParsedFlow } from "../src/main/models/ParsedFlow";
+import { RuleResult, Flow, scan, ScanResult } from "../src";
+import { GetRecordAllFields } from "../src/main/rules/GetRecordAllFields";
+
+import { describe, it, expect } from "@jest/globals";
+
+describe("GetRecordAllFields", () => {
+  it("should be defined", () => {
+    expect(GetRecordAllFields).toBeDefined();
+  });
+
+  let rule: GetRecordAllFields;
+  beforeEach(() => {
+    rule = new GetRecordAllFields();
+  });
+
+  describe("e2e", () => {
+    it("should be empty when no Get Record elements are present", () => {
+      const config = {
+        rules: {
+          GetRecordAllFields: {
+            severity: "error",
+          },
+        },
+      };
+
+      const flows: ParsedFlow[] = [
+        {
+          flow: {
+            type: "AutoLaunchedFlow",
+          },
+        } as Partial<ParsedFlow> as ParsedFlow,
+      ];
+
+      const results: ScanResult[] = scan(flows, config);
+      const scanResults = results.pop();
+      const ruleResults = scanResults?.ruleResults.filter((rule) => {
+        return rule.ruleDefinition.name === "GetRecordAllFields" && rule.occurs;
+      });
+      expect(ruleResults).toHaveLength(0);
+    });
+
+    it("should error when getRecord element has storeOutputAutomatically", () => {
+      const config = {
+        rules: {
+          GetRecordAllFields: {
+            severity: "error",
+          },
+        },
+      };
+
+      const flows: ParsedFlow[] = [
+        {
+          flow: {
+            type: "AutoLaunchedFlow",
+            elements: [
+              {
+                name: "GetRecord",
+                subtype: "recordLookups",
+                metaType: "node",
+                element: {
+                  storeOutputAutomatically: true,
+                },
+              },
+            ],
+          },
+        } as Partial<ParsedFlow> as ParsedFlow,
+      ];
+
+      const results: ScanResult[] = scan(flows, config);
+      const scanResults = results.pop();
+      const ruleResults = scanResults?.ruleResults.filter((rule) => {
+        return rule.ruleDefinition.name === "GetRecordAllFields" && rule.occurs;
+      });
+      expect(ruleResults).toHaveLength(1);
+    });
+  });
+
+  describe("empty unit", () => {
+    it("should be empty results when no Get Record elements are present", () => {
+      const flow: Flow = {
+        type: "AutoLaunchedFlow",
+      } as Partial<Flow> as Flow;
+      const result: RuleResult = rule.execute(flow);
+      expect(result.occurs).toBeFalsy();
+    });
+
+    it("should be empty when no qualified node", () => {
+      const flow: Flow = {
+        type: "AutoLaunchedFlow",
+        elements: [
+          {
+            name: "GetRecord",
+            subtype: "recordLookups",
+            metaType: "node",
+            element: "attribute",
+          },
+        ],
+      } as Partial<Flow> as Flow;
+      const result: RuleResult = rule.execute(flow);
+      expect(result.occurs).toBeFalsy();
+    });
+
+    it("should be empty when outputReference and queriedFields are present", () => {
+      const flow: Flow = {
+        type: "AutoLaunchedFlow",
+        elements: [
+          {
+            name: "GetRecord",
+            subtype: "recordLookups",
+            metaType: "node",
+            element: {
+              queriedFields: ["Id", "AccountId"],
+              outputReference: "outputReference",
+            },
+          },
+        ],
+      } as Partial<Flow> as Flow;
+      const result: RuleResult = rule.execute(flow);
+      expect(result.occurs).toBeFalsy();
+    });
+
+    it("should be empty when outputAssignments are present", () => {
+      const flow: Flow = {
+        type: "AutoLaunchedFlow",
+        elements: [
+          {
+            name: "GetRecord",
+            subtype: "recordLookups",
+            metaType: "node",
+            element: {
+              outputAssignments: [{ assignToReference: "testVar", field: "AccountId" }],
+            },
+          },
+        ],
+      } as Partial<Flow> as Flow;
+      const result: RuleResult = rule.execute(flow);
+      expect(result.occurs).toBeFalsy();
+    });
+
+    it("should be empty when storeOutputAutomatically and queriedFields", () => {
+      const flow: Flow = {
+        type: "AutoLaunchedFlow",
+        elements: [
+          {
+            name: "GetRecord",
+            subtype: "recordLookups",
+            metaType: "node",
+            element: {
+              storeOutputAutomatically: true,
+              queriedFields: ["Id", "AccountId"],
+            },
+          },
+        ],
+      } as Partial<Flow> as Flow;
+      const result: RuleResult = rule.execute(flow);
+      expect(result.occurs).toBeFalsy();
+    });
+  });
+
+  describe("error unit", () => {
+    it("should error when Get Record element has storeOutputAutomatically and no queriedFields", () => {
+      const flow: Flow = {
+        type: "AutoLaunchedFlow",
+        elements: [
+          {
+            name: "GetRecord",
+            subtype: "recordLookups",
+            metaType: "node",
+            element: {
+              storeOutputAutomatically: true,
+            },
+          },
+        ],
+      } as Partial<Flow> as Flow;
+      const result: RuleResult = rule.execute(flow);
+      expect(result.occurs).toBe(true);
+    });
+  });
+});

package/tests/HardcodedId.test.ts

@@ -0,0 +1,16 @@
+import * as core from "../src";
+import * as path from "path";
+
+import { describe, it, expect } from "@jest/globals";
+
+describe("HardcodedId", () => {
+  const example_uri = path.join(__dirname, "../../../assets/example-flows/force-app/main/default/flows/demo/Hardcoded_Id.flow-meta.xml");
+
+  it("there should be one result for the rule HardcodedIds", async () => {
+    const flows = await core.parse([example_uri]);
+    const results: core.ScanResult[] = core.scan(flows);
+    const occurringResults = results[0].ruleResults.filter((rule) => rule.occurs);
+    expect(occurringResults).toHaveLength(1);
+    expect(occurringResults[0].ruleName).toBe("HardcodedId");
+  });
+});

package/tests/HardcodedUrl.test.ts

@@ -0,0 +1,252 @@
+import { describe, it, expect } from "@jest/globals";
+import { HardcodedUrl } from "../src/main/rules/HardcodedUrl";
+import { Flow, ParsedFlow, ScanResult } from "../src/main/internals/internals";
+import { scan } from "../src";
+
+describe("HardcodedUrl", () => {
+  it("should be defined", () => {
+    expect(HardcodedUrl).toBeDefined();
+  });
+
+  let rule: HardcodedUrl;
+
+  beforeEach(() => {
+    rule = new HardcodedUrl();
+  });
+
+  describe("e2e", () => {
+    it("should scan for hardcoded urls", () => {
+      const config = {
+        rules: {
+          HardcodedUrl: {
+            severity: "error",
+          },
+        },
+      };
+
+      const parsedFlows: ParsedFlow[] = [
+        {
+          flow: {
+            type: "AutoLaunchedFlow",
+            elements: [
+              {
+                name: "hardcodedUrl",
+                subtype: "formulas",
+                metaType: "variable",
+                element: {
+                  name: "hardcodedUrl",
+                  dataType: "String",
+                  expression:
+                    ""https://mydomain.sandbox.my.salesforce.com/"&{!$User.Id}",
+                },
+              },
+            ],
+          },
+        } as Partial<ParsedFlow> as ParsedFlow,
+      ];
+
+      const results: ScanResult[] = scan(parsedFlows, config);
+      const scanResults = results.pop();
+      const ruleResults = scanResults?.ruleResults.filter((rule) => {
+        return rule.ruleDefinition.name === "HardcodedUrl" && rule.occurs;
+      });
+      expect(ruleResults).toBeTruthy();
+      expect(ruleResults).toHaveLength(1);
+    });
+  });
+
+  describe("empty unit", () => {
+    it("should return empty results when flow has no elements", () => {
+      const flow = {
+        type: "AutoLaunchedFlow",
+        elements: [],
+      } as Partial<Flow> as Flow;
+
+      const result = rule.execute(flow);
+      expect(result).toBeDefined();
+      expect(result.occurs).toBe(false);
+    });
+
+    it("should return empty results when flow has no element property", () => {
+      const flow = {
+        type: "AutoLaunchedFlow",
+      } as Partial<Flow> as Flow;
+
+      const result = rule.execute(flow);
+      expect(result).toBeDefined();
+      expect(result.occurs).toBe(false);
+    });
+
+    it("should return empty results when url is generic", () => {
+      const flow = {
+        type: "AutoLaunchedFlow",
+        elements: [
+          {
+            name: "genericUrl",
+            subtype: "formulas",
+            metaType: "variable",
+            element: {
+              name: "genericUrl",
+              dataType: "String",
+              expression: "&quot;https://www.google.com/&quot;&amp;{!$User.Id}",
+            },
+          },
+        ],
+      } as Partial<Flow> as Flow;
+
+      const result = rule.execute(flow);
+      expect(result).toBeDefined();
+      expect(result.occurs).toBe(false);
+    });
+
+    it("should return empty results when url is like jira", () => {
+      const flow = {
+        type: "AutoLaunchedFlow",
+        elements: [
+          {
+            name: "jiraUrl",
+            subtype: "formulas",
+            metaType: "variable",
+            element: {
+              name: "jiraUrl",
+              dataType: "String",
+              expression: "&quot;https://mydomain.atlassian.net/browse/TEST-123",
+            },
+          },
+        ],
+      } as Partial<Flow> as Flow;
+
+      const result = rule.execute(flow);
+      expect(result).toBeDefined();
+      expect(result.occurs).toBe(false);
+    });
+
+    it("should return empty results when url is like confluence", () => {
+      const flow = {
+        type: "AutoLaunchedFlow",
+        elements: [
+          {
+            name: "confluenceUrl",
+            subtype: "formulas",
+            metaType: "variable",
+            element: {
+              name: "confluenceUrl",
+              dataType: "String",
+              expression:
+                "&quot;https://mydomain.atlassian.net/wiki/spaces/TEST/pages/123456789/Test+Page&quot;",
+            },
+          },
+        ],
+      } as Partial<Flow> as Flow;
+
+      const result = rule.execute(flow);
+      expect(result).toBeDefined();
+      expect(result.occurs).toBe(false);
+    });
+  });
+
+  describe("error unit", () => {
+    describe("flow formula", () => {
+      it("should return results when hardcoding sandbox org url", () => {
+        const flow = {
+          type: "AutoLaunchedFlow",
+          elements: [
+            {
+              name: "hardcodedUrl",
+              subtype: "formulas",
+              metaType: "variable",
+              element: {
+                name: "hardcodedUrl",
+                dataType: "String",
+                expression:
+                  "&quot;https://mydomain.sandbox.my.salesforce.com/&quot;&amp;{!$User.Id}",
+              },
+            },
+          ],
+        } as Partial<Flow> as Flow;
+
+        const result = rule.execute(flow);
+        expect(result).toBeDefined();
+        expect(result.occurs).toBe(true);
+      });
+
+      it("should return results when hardcoding prod org url", () => {
+        const flow = {
+          type: "AutoLaunchedFlow",
+          elements: [
+            {
+              name: "hardcodedUrl",
+              subtype: "formulas",
+              metaType: "variable",
+              element: {
+                name: "hardcodedUrl",
+                dataType: "String",
+                expression: "&quot;https://mydomain.my.salesforce.com/&quot;&amp;{!$User.Id}",
+              },
+            },
+          ],
+        } as Partial<Flow> as Flow;
+
+        const result = rule.execute(flow);
+        expect(result).toBeDefined();
+        expect(result.occurs).toBe(true);
+      });
+    });
+
+    describe("flow variable", () => {
+      it("should return results when hardcoding sandbox org url", () => {
+        const flow = {
+          type: "AutoLaunchedFlow",
+          elements: [
+            {
+              name: "hardcodedFlowVariable",
+              subtype: "variables",
+              metaType: "variable",
+              element: {
+                name: "hardcodedFlowVariable",
+                dataType: "String",
+                isCollection: false,
+                isInput: false,
+                isOutput: false,
+                value: {
+                  stringValue: "https://mydomain.sandbox.my.salesforce.com/",
+                },
+              },
+            },
+          ],
+        } as Partial<Flow> as Flow;
+
+        const result = rule.execute(flow);
+        expect(result).toBeDefined();
+        expect(result.occurs).toBe(true);
+      });
+
+      it("should return results when hardcoding prod org url", () => {
+        const flow = {
+          type: "AutoLaunchedFlow",
+          elements: [
+            {
+              name: "hardcodedFlowVariable",
+              subtype: "variables",
+              metaType: "variable",
+              element: {
+                name: "hardcodedFlowVariable",
+                dataType: "String",
+                isCollection: false,
+                isInput: false,
+                isOutput: false,
+                value: {
+                  stringValue: "https://mydomain.my.salesforce.com/",
+                },
+              },
+            },
+          ],
+        } as Partial<Flow> as Flow;
+
+        const result = rule.execute(flow);
+        expect(result).toBeDefined();
+        expect(result.occurs).toBe(true);
+      });
+    });
+  });
+});