fix the bad url detection #634

VinceFINET · VinceFINET · commit cf7a4239ce9b · 2026-02-18T17:35:57.000+01:00
diff --git a/build/src/api/core/orgcheck-api-codescanner.js b/build/src/api/core/orgcheck-api-codescanner.js
@@ -9,7 +9,7 @@ const REGEX_XML_COMMENTS_AND_NEWLINES = new RegExp('(<!--[\\s\\S]*?-->|\\n)', 'g
 const REGEX_HARDCODEDURLS = new RegExp("([A-Za-z0-9-]{1,63}\\.)+[A-Za-z]{2,6}", 'ig');
 const REGEX_HARDCODEDIDS = new RegExp("[,\"'\\s][a-zA-Z0-9]{5}0[a-zA-Z0-9]{9}([a-zA-Z0-9]{3})?[,\"'\\s]", 'ig');
 const SALESFORCE_DOMAINS = [ 'salesforce.com', '.force.' ];
-const SALESFORCE_MY_DOMAIN = '.my.salesforce.com';
+const SALESFORCE_WITH_INSTANCE = new RegExp("(^|[^A-Za-z])[A-Za-z]{1,4}[0-9]{1,4}S{0,1}\.", 'ig');
 
 /**
  * @description Code Scanner class
@@ -72,7 +72,7 @@ export class CodeScanner {
             ?.filter((domain) => SALESFORCE_DOMAINS.findIndex((sfdomain) => domain.indexOf(sfdomain) >= 0) >= 0)  // filter only the salesforce domains
             .sort() // sorting the domains (if any)
             .filter((e, i, s) => i === s.indexOf(e)) // unique domains
-            .filter((domain) => domain.indexOf(SALESFORCE_MY_DOMAIN) < 0); // remove the my.salesforce.com domains
+            .filter((domain) => domain?.match(SALESFORCE_WITH_INSTANCE) !== null || false); // finally only the url with instances
     }
 
     /**
diff --git a/build/test/api/unit/orgcheck-api-codescanner.unit.test.js b/build/test/api/unit/orgcheck-api-codescanner.unit.test.js
@@ -34,7 +34,6 @@ describe('tests.api.unit.CodeScanner', () => {
   });
 
   describe('Test the feature "IsInterface"', () => {
-
     it('checks if the source code is an interface', () => {
       expect(CodeScanner.IsInterfaceFromApexCode('public interface MyInterface {')).toBe(true);
       expect(CodeScanner.IsInterfaceFromApexCode('global interface MyInterface {')).toBe(true);
@@ -48,7 +47,6 @@ describe('tests.api.unit.CodeScanner', () => {
   });
 
   describe('Test the feature "IsEnum"', () => {
-
     it('checks if the source code is an enum', () => {
       expect(CodeScanner.IsEnumFromApexCode('public enum MyEnum {')).toBe(true);
       expect(CodeScanner.IsEnumFromApexCode('global enum MyEnum {')).toBe(true);
@@ -73,32 +71,68 @@ describe('tests.api.unit.CodeScanner', () => {
       expect(hardCodedUrls.length).toBe(0);
     });
 
-    it('checks if the hard coded url is detected in a code that contains only one sfdc url', () => {
-      const hardCodedUrls = CodeScanner.FindHardCodedURLs('String url = "https://www.salesforce.com";');
-      expect(hardCodedUrls).toBeDefined();
-      expect(hardCodedUrls.length).toBe(1);
-      expect(hardCodedUrls[0]).toBe('www.salesforce.com');
+    it('checks if generic salesforce urls are not detected and tagged as BAD', () => {
+      [ 
+        'lightning.force.com',
+        'file.force.com',
+        'www.salesforce.com',
+        'salesforce.com',
+        'test.salesforce.com',
+        'login.salesforce.com',
+        'visual.force.com',
+      ].forEach((domain) => {
+        const hardCodedUrls = CodeScanner.FindHardCodedURLs(`String url = "https://${domain}";`);
+        expect(hardCodedUrls).toBeDefined();
+        if (hardCodedUrls.length > 0) {
+          console.error(`Found: domain: ${domain}, length: ${hardCodedUrls.length} and first url: ${hardCodedUrls[0]}`);
+        }
+        expect(hardCodedUrls.length).toBe(0);
+      });
     });
 
-    it('checks if the hard coded url is detected in a code that contains only one sfdc url with instance', () => {
-      const hardCodedUrls = CodeScanner.FindHardCodedURLs('String url = "https://na1.salesforce.com";');
-      expect(hardCodedUrls).toBeDefined();
-      expect(hardCodedUrls.length).toBe(1);
-      expect(hardCodedUrls[0]).toBe('na1.salesforce.com');
+    it('checks if "my" salesforce urls are not detected and tagged as BAD', () => {
+      [ 
+        'xyz.file.force.com',
+        'xyz.lightning.force.com',
+        'xyz.my.salesforce.com',
+        'xyz--abc.sandbox.my.salesforce.com',
+        'orgcheck.my.salesforce.com'
+      ].forEach((domain) => {
+        const hardCodedUrls = CodeScanner.FindHardCodedURLs(`String url = "https://${domain}";`);
+        expect(hardCodedUrls).toBeDefined();
+        if (hardCodedUrls.length > 0) {
+          console.error(`Found: domain: ${domain}, length: ${hardCodedUrls.length} and first url: ${hardCodedUrls[0]}`);
+        }
+        expect(hardCodedUrls.length).toBe(0);
+      });
     });
 
-    it('checks if the hard coded url is NOT detected in a code that contains only one sfdc my-domain url', () => {
-      const hardCodedUrls = CodeScanner.FindHardCodedURLs('String url = "https://orgcheck.my.salesforce.com";');
-      expect(hardCodedUrls).toBeDefined();
-      expect(hardCodedUrls.length).toBe(0);
+    it('checks if real hard coded salesforce url are detected and tagged as BAD', () => {
+      [ 
+        'na1.salesforce.com',
+        'na2.salesforce.com',
+        'na3.salesforce.com',
+        'eu1.salesforce.com',
+        'eu2.salesforce.com',
+        'eu3.salesforce.com',
+        'xyz--c.na1.content.force.com',
+        'xyz--c.na2.content.force.com',
+        'xyz--c.eu3.content.force.com',
+        'xyz--c.na89.content.force.com'
+      ].forEach((domain) => {
+        const hardCodedUrls = CodeScanner.FindHardCodedURLs(`String url = "https://${domain}";`);
+        expect(hardCodedUrls).toBeDefined();
+        expect(hardCodedUrls.length).toBe(1);
+        expect(hardCodedUrls[0]).toBe(domain);
+      });
     });
 
-    it('checks if the hard coded url is detected in a code that contains two sfdc urls', () => {
-      const hardCodedUrls = CodeScanner.FindHardCodedURLs('String url1 = "https://www.salesforce.com"; String url2 = "https://na1.salesforce.com";');
+    it('checks if the hard coded url is detected in a code that contains two bad sfdc urls', () => {
+      const hardCodedUrls = CodeScanner.FindHardCodedURLs('String url1 = "https://xyz--c.na89.content.force.com"; String url2 = "https://na1.salesforce.com";');
       expect(hardCodedUrls).toBeDefined();
       expect(hardCodedUrls.length).toBe(2);
       expect(hardCodedUrls[0]).toBe('na1.salesforce.com'); // array is alphabetically sorted!!
-      expect(hardCodedUrls[1]).toBe('www.salesforce.com');
+      expect(hardCodedUrls[1]).toBe('xyz--c.na89.content.force.com');
     });
 
     it('checks if the hard coded url is detected in a code that contains two sfdc urls the first one being a my domain', () => {
@@ -109,18 +143,16 @@ describe('tests.api.unit.CodeScanner', () => {
     });
 
     it('checks if the hard coded url is detected in a code that contains two sfdc urls the second one being a my domain', () => {
-      const hardCodedUrls = CodeScanner.FindHardCodedURLs('String url1 = "https://www.salesforce.com"; String url2 = "https://orgcheck.my.salesforce.com";');
+      const hardCodedUrls = CodeScanner.FindHardCodedURLs('String url1 = "https://na1.salesforce.com"; String url2 = "https://orgcheck.my.salesforce.com";');
       expect(hardCodedUrls).toBeDefined();
       expect(hardCodedUrls.length).toBe(1);
-      expect(hardCodedUrls[0]).toBe('www.salesforce.com');
+      expect(hardCodedUrls[0]).toBe('na1.salesforce.com');
     });
 
     it('checks if the hard coded url is detected in a code that contains multiple urls with one force domain and on salesforce domain', () => {
       const hardCodedUrls = CodeScanner.FindHardCodedURLs('String url1 = "https://abc.force.com"; String url2 = "https://www.salesforce.com";');
       expect(hardCodedUrls).toBeDefined();
-      expect(hardCodedUrls.length).toBe(2);
-      expect(hardCodedUrls[0]).toBe('abc.force.com');
-      expect(hardCodedUrls[1]).toBe('www.salesforce.com');
+      expect(hardCodedUrls.length).toBe(0);
     });
   });
 
