[BUG] ApexFlsViolationRule on dynamic queries with values passed in as parameter

[jaelee125]

ApexFlsViolationRule is flagged on this example code

public static List exampleMethod(String exampleParam) {
String dynamicQuery = 'SOME dynamic Query' + ' WHERE Name = :exampleParam';
return Database.query(String.escapeSingleQuotes(dynamicQuery), AccessLevel.USER_MODE);
}

However, if you do queryWithBinds and pass in a Map with exampleParam, ApexFlsViolationRule is not flagged.

[nwcm]

You may find return Database.query() rather than assigning to variable may cause this. I would expect any SOQL or DML applying USER_MODE not to hit ApexFlsViolationRule

[git2gus]

This issue has been linked to a new work item: W-15488279

[stephen-carter-at-sf]

Ok, I verified that this seems to now be fixed with our latest-beta.

@jaelee125 Can you please install the following and try again:
sf plugins install @salesforce/sfdx-scanner@latest-beta

Will mark this as fixed for now.