CHANGE(pmd): @W-17310954@: Comment out DetectUseLwcDomManual rule unt…

…il Product Security can make it more stable
forcedotcom · Jan 22, 2025 · b5fb1a5 · b5fb1a5
1 parent 32d8344
commit b5fb1a5
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 19 deletions.
diff --git a/.../code-analyzer-pmd-engine/pmd-rules/src/main/resources/sfca/rulesets/AppExchange_html.xml b/.../code-analyzer-pmd-engine/pmd-rules/src/main/resources/sfca/rulesets/AppExchange_html.xml
@@ -25,7 +25,9 @@
         <priority>2</priority>
     </rule>
 
-
+    <!-- Until further notice, the Product Security team feels it is best to remove this rule until they can make it
+        more stable since the PMD HTML parser seems to throw errors on a number of LWC HTML files. -->
+    <!--
     <rule name="DetectUseLwcDomManual"
           language="html"
           class="net.sourceforge.pmd.lang.rule.xpath.XPathRule"
@@ -41,5 +43,6 @@
             </property>
         </properties>
     </rule>
+    -->
 
 </ruleset>
diff --git a/...ine/pmd-rules/src/test/java/sfca/rulesets/appexchange_html/DetectUseLwcDomManualTest.java b/...ine/pmd-rules/src/test/java/sfca/rulesets/appexchange_html/DetectUseLwcDomManualTest.java
@@ -11,6 +11,10 @@ protected void setUp() {
         // In this case "sfca.rulesets.appexchange_html" is the package name of this test file. Thus, the associated
         // test data xml file for this rule must be found at:
         //      "resource/sfca/rulesets/appexchange_html/xml/DetectUseLwcDomManual.xml"
-        addRule("sfca/rulesets/AppExchange_html.xml", "DetectUseLwcDomManual");
+
+
+        // Until further notice, the Product Security team feels it is best to remove this rule until they can make it
+        // more stable since the PMD HTML parser seems to throw errors on a number of LWC HTML files.
+        // addRule("sfca/rulesets/AppExchange_html.xml", "DetectUseLwcDomManual");
     }
 }
diff --git a/packages/code-analyzer-pmd-engine/src/pmd-rule-mappings.ts b/packages/code-analyzer-pmd-engine/src/pmd-rule-mappings.ts
@@ -408,10 +408,12 @@ export const RULE_MAPPINGS: Record<string, {severity: SeverityLevel, tags: strin
         tags: [/* NOT RECOMMENDED */  APP_EXCHANGE_TAG, COMMON_TAGS.CATEGORIES.SECURITY, COMMON_TAGS.LANGUAGES.HTML]
     },
 
-    "DetectUseLwcDomManual": {
-        severity: SeverityLevel.Moderate,
-        tags: [/* NOT RECOMMENDED */  APP_EXCHANGE_TAG, COMMON_TAGS.CATEGORIES.SECURITY, COMMON_TAGS.LANGUAGES.HTML]
-    },
+    // Until further notice, the Product Security team feels it is best to remove this rule until they can make it
+    // more stable since the PMD HTML parser seems to throw errors on a number of LWC HTML files.
+    // "DetectUseLwcDomManual": {
+    //     severity: SeverityLevel.Moderate,
+    //     tags: [/* NOT RECOMMENDED */  APP_EXCHANGE_TAG, COMMON_TAGS.CATEGORIES.SECURITY, COMMON_TAGS.LANGUAGES.HTML]
+    // },
 
 
     // =================================================================================================================

diff --git a/...ges/code-analyzer-pmd-engine/test/test-data/pmdGoldfiles/rules_allLanguages.goldfile.json b/...ges/code-analyzer-pmd-engine/test/test-data/pmdGoldfiles/rules_allLanguages.goldfile.json
@@ -603,19 +603,6 @@
       "https://docs.pmd-code.org/pmd-doc-{{PMD_VERSION}}/pmd_rules_apex_bestpractices.html#debugsshoulduselogginglevel"
     ]
   },
-  {
-    "name": "DetectUseLwcDomManual",
-    "severityLevel": 3,
-    "tags": [
-      "AppExchange",
-      "Security",
-      "Html"
-    ],
-    "description": "Detects instances of lwc:dom=\"manual\" that could allow unintentional or malicious user input. Don't allow user input on these elements.",
-    "resourceUrls": [
-      "https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/rules-pmd-appexchange.html#detectuselwcdommanual"
-    ]
-  },
   {
     "name": "EagerlyLoadedDescribeSObjectResult",
     "severityLevel": 2,