Scans include the <description> tags, which can lead to false positives

[j-fischer]

Describe the bug
The <description> tag can be used to describe Flow elements and can contain links and IDs. These can trigger errors in the scanner that should be ignored.

Steps to reproduce

1. Check out the RFLIB repository: https://github.com/j-fischer/rflib
2. Run flow scanner

Expected behavior
Scanner should not return any errors.

Actual behavior

[20:33:09] Starting 'scan-flow'...
=== Flow: RFLIB Application Event Occurred Handler (RFLIB_Application_Event_Occurred_Handler.flow-meta.xml) (2 results)

Type: AutoLaunchedFlow

┌───────────────┬──────────┬─────────────┬────────────────────────┬──────┬────────┬─────────────────────────────────────────────────────┬─────────────────────────────────────────────────────────────────────────────────┐
│ Rule          │ Severity │ Type        │ Name                   │ Line │ Column │ Message                                             │ Url                                    
                                         │
├───────────────┼──────────┼─────────────┼────────────────────────┼──────┼────────┼─────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────────┤
│ hardcoded-id  │ error    │ actionCalls │ Save_Application_Event │ 1    │ 1      │ Hardcoded IDs break portability across environments │ https://flow-scanner.github.io/lightning-flow-scanner/#hardcoded-salesforce-id  │
│ hardcoded-url │ error    │ actionCalls │ Save_Application_Event │ 1    │ 1      │ Hardcoded URLs break across different environments  │ https://flow-scanner.github.io/lightning-flow-scanner/#hardcoded-salesforce-url │
└───────────────┴──────────┴─────────────┴────────────────────────┴──────┴────────┴─────────────────────────────────────────────────────┴─────────────────────────────────────────────────────────────────────────────────┘


=== Total: 2 Results in 3 Flows.

- error: 2
- warning: 0
- note: 0


 »   Warning: rflib-plugin is a linked ESM module and cannot be 
 »   auto-transpiled. Existing compiled source will be used instead.
Loading Lightning Flow Scanner...
Identified 3 flows to scan... done

Environment

• Platform: CLI
• Version: lightning-flow-scanner 6.18.2

Extract of the flow causing the error (see description)
The link in the description is causing the errors.
Direct link to the file

    <actionCalls>
        <description>Saves the Application Event. See https://ideas.salesforce.com/s/idea/a0B8W00000J8A6cUAF/long-text-areas-in-flow</description>
        <name>Save_Application_Event</name>
        <label>Save Application Event</label>
        <locationX>176</locationX>
        <locationY>194</locationY>
        <actionName>rflib_SaveAppEventOccurrenceAction</actionName>
        <actionType>apex</actionType>
        <faultConnector>
            <targetReference>Log_Application_Event_Insertion_Error</targetReference>
        </faultConnector>
        <flowTransactionModel>CurrentTransaction</flowTransactionModel>
        <inputParameters>
            <name>events</name>
            <value>
                <elementReference>$Record</elementReference>
            </value>
        </inputParameters>
    </actionCalls>

[RubenHalman]

Hi @j-fischer , thank you for reporting the false positives. Very exciting to see flow scanner used with rflib! Descriptions are now ignored in regex based rules starting from the latest release, please see https://github.com/Flow-Scanner/lightning-flow-scanner/releases/tag/action-v3.7.0