Apex PMD: Problem: Validate CRUD permission before SOQL/DML operation
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
2
down vote
favorite
Background
I am using the Apex PMD plugin for VS Code and it's giving me this problem:
Validate CRUD permission before SOQL/DML operation
For this line of code:
insert contentVersion;
Which is part of this method:
private void attachReport(Id recordId)
ContentVersion contentVersion = new ContentVersion(
versionData = Blob.valueOf(buffer.toStr()),
title = 'Import Report',
pathOnClient = StringUtils.format('/Import-Report-0.txt', DateTime.now().getTime()),
FirstPublishLocationId = recordId);
insert contentVersion;
Questions
- Why am I getting the problem?
- What should I do to not get the problem?
Reference
- Github: VS Code Apex PMD
- PMD Project
apex visualstudiocode pmd static-code-analysis
add a comment |Â
up vote
2
down vote
favorite
Background
I am using the Apex PMD plugin for VS Code and it's giving me this problem:
Validate CRUD permission before SOQL/DML operation
For this line of code:
insert contentVersion;
Which is part of this method:
private void attachReport(Id recordId)
ContentVersion contentVersion = new ContentVersion(
versionData = Blob.valueOf(buffer.toStr()),
title = 'Import Report',
pathOnClient = StringUtils.format('/Import-Report-0.txt', DateTime.now().getTime()),
FirstPublishLocationId = recordId);
insert contentVersion;
Questions
- Why am I getting the problem?
- What should I do to not get the problem?
Reference
- Github: VS Code Apex PMD
- PMD Project
apex visualstudiocode pmd static-code-analysis
1
prior to that line of code are you checking that the running user has permission to create that type of record? (i.e.Schema.sObjectType.Contact.isCreatable()
)
â Mark Pond
5 hours ago
@MarkPond I've added additional code. As you can now see, I am not running that line of code. Should I always be doing this?
â Robs
5 hours ago
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
Background
I am using the Apex PMD plugin for VS Code and it's giving me this problem:
Validate CRUD permission before SOQL/DML operation
For this line of code:
insert contentVersion;
Which is part of this method:
private void attachReport(Id recordId)
ContentVersion contentVersion = new ContentVersion(
versionData = Blob.valueOf(buffer.toStr()),
title = 'Import Report',
pathOnClient = StringUtils.format('/Import-Report-0.txt', DateTime.now().getTime()),
FirstPublishLocationId = recordId);
insert contentVersion;
Questions
- Why am I getting the problem?
- What should I do to not get the problem?
Reference
- Github: VS Code Apex PMD
- PMD Project
apex visualstudiocode pmd static-code-analysis
Background
I am using the Apex PMD plugin for VS Code and it's giving me this problem:
Validate CRUD permission before SOQL/DML operation
For this line of code:
insert contentVersion;
Which is part of this method:
private void attachReport(Id recordId)
ContentVersion contentVersion = new ContentVersion(
versionData = Blob.valueOf(buffer.toStr()),
title = 'Import Report',
pathOnClient = StringUtils.format('/Import-Report-0.txt', DateTime.now().getTime()),
FirstPublishLocationId = recordId);
insert contentVersion;
Questions
- Why am I getting the problem?
- What should I do to not get the problem?
Reference
- Github: VS Code Apex PMD
- PMD Project
apex visualstudiocode pmd static-code-analysis
apex visualstudiocode pmd static-code-analysis
edited 5 hours ago
asked 5 hours ago
Robs
1,196323
1,196323
1
prior to that line of code are you checking that the running user has permission to create that type of record? (i.e.Schema.sObjectType.Contact.isCreatable()
)
â Mark Pond
5 hours ago
@MarkPond I've added additional code. As you can now see, I am not running that line of code. Should I always be doing this?
â Robs
5 hours ago
add a comment |Â
1
prior to that line of code are you checking that the running user has permission to create that type of record? (i.e.Schema.sObjectType.Contact.isCreatable()
)
â Mark Pond
5 hours ago
@MarkPond I've added additional code. As you can now see, I am not running that line of code. Should I always be doing this?
â Robs
5 hours ago
1
1
prior to that line of code are you checking that the running user has permission to create that type of record? (i.e.
Schema.sObjectType.Contact.isCreatable()
)â Mark Pond
5 hours ago
prior to that line of code are you checking that the running user has permission to create that type of record? (i.e.
Schema.sObjectType.Contact.isCreatable()
)â Mark Pond
5 hours ago
@MarkPond I've added additional code. As you can now see, I am not running that line of code. Should I always be doing this?
â Robs
5 hours ago
@MarkPond I've added additional code. As you can now see, I am not running that line of code. Should I always be doing this?
â Robs
5 hours ago
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
3
down vote
PMD's Apex ruleset is checking to see that you are enforcing/respecting security in your code.
ISV's Managed packages released to the AppExchange must do this as mandatory criteria in the security review process. The spirit of the requirement is to honor the access control configuration choices that org admins make within ISV application offerings. If an admin explicitly restricts access control for sharing/CRUD/FLS then ISV offerings should respect that.
Theoretically, you should be able to remove this rule from the VS Code PMD ruleset (or build a custom ruleset xml which doesn't include it), if you don't want to be warned about a concern that may not apply to your application's situation.
Looks like the VS Code PMD plugin allows for a custom ruleset. You could take this one here and customize it, removing the rules which are not important to you such as this one:
<rule ref="category/apex/security.xml/ApexCRUDViolation"
message="Validate CRUD permission before SOQL/DML operation">
https://github.com/pmd/pmd/blob/master/pmd-apex/src/main/resources/rulesets/apex/ruleset.xml
Related:
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_perms_enforcing.htm
https://developer.salesforce.com/docs/atlas.en-us.secure_coding_guide.meta/secure_coding_guide/secure_coding_authorization_access_control.htm
https://trailhead.salesforce.com/en/modules/data-leak-prevention/units/prevent-crud-and-fls-violations
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
PMD's Apex ruleset is checking to see that you are enforcing/respecting security in your code.
ISV's Managed packages released to the AppExchange must do this as mandatory criteria in the security review process. The spirit of the requirement is to honor the access control configuration choices that org admins make within ISV application offerings. If an admin explicitly restricts access control for sharing/CRUD/FLS then ISV offerings should respect that.
Theoretically, you should be able to remove this rule from the VS Code PMD ruleset (or build a custom ruleset xml which doesn't include it), if you don't want to be warned about a concern that may not apply to your application's situation.
Looks like the VS Code PMD plugin allows for a custom ruleset. You could take this one here and customize it, removing the rules which are not important to you such as this one:
<rule ref="category/apex/security.xml/ApexCRUDViolation"
message="Validate CRUD permission before SOQL/DML operation">
https://github.com/pmd/pmd/blob/master/pmd-apex/src/main/resources/rulesets/apex/ruleset.xml
Related:
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_perms_enforcing.htm
https://developer.salesforce.com/docs/atlas.en-us.secure_coding_guide.meta/secure_coding_guide/secure_coding_authorization_access_control.htm
https://trailhead.salesforce.com/en/modules/data-leak-prevention/units/prevent-crud-and-fls-violations
add a comment |Â
up vote
3
down vote
PMD's Apex ruleset is checking to see that you are enforcing/respecting security in your code.
ISV's Managed packages released to the AppExchange must do this as mandatory criteria in the security review process. The spirit of the requirement is to honor the access control configuration choices that org admins make within ISV application offerings. If an admin explicitly restricts access control for sharing/CRUD/FLS then ISV offerings should respect that.
Theoretically, you should be able to remove this rule from the VS Code PMD ruleset (or build a custom ruleset xml which doesn't include it), if you don't want to be warned about a concern that may not apply to your application's situation.
Looks like the VS Code PMD plugin allows for a custom ruleset. You could take this one here and customize it, removing the rules which are not important to you such as this one:
<rule ref="category/apex/security.xml/ApexCRUDViolation"
message="Validate CRUD permission before SOQL/DML operation">
https://github.com/pmd/pmd/blob/master/pmd-apex/src/main/resources/rulesets/apex/ruleset.xml
Related:
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_perms_enforcing.htm
https://developer.salesforce.com/docs/atlas.en-us.secure_coding_guide.meta/secure_coding_guide/secure_coding_authorization_access_control.htm
https://trailhead.salesforce.com/en/modules/data-leak-prevention/units/prevent-crud-and-fls-violations
add a comment |Â
up vote
3
down vote
up vote
3
down vote
PMD's Apex ruleset is checking to see that you are enforcing/respecting security in your code.
ISV's Managed packages released to the AppExchange must do this as mandatory criteria in the security review process. The spirit of the requirement is to honor the access control configuration choices that org admins make within ISV application offerings. If an admin explicitly restricts access control for sharing/CRUD/FLS then ISV offerings should respect that.
Theoretically, you should be able to remove this rule from the VS Code PMD ruleset (or build a custom ruleset xml which doesn't include it), if you don't want to be warned about a concern that may not apply to your application's situation.
Looks like the VS Code PMD plugin allows for a custom ruleset. You could take this one here and customize it, removing the rules which are not important to you such as this one:
<rule ref="category/apex/security.xml/ApexCRUDViolation"
message="Validate CRUD permission before SOQL/DML operation">
https://github.com/pmd/pmd/blob/master/pmd-apex/src/main/resources/rulesets/apex/ruleset.xml
Related:
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_perms_enforcing.htm
https://developer.salesforce.com/docs/atlas.en-us.secure_coding_guide.meta/secure_coding_guide/secure_coding_authorization_access_control.htm
https://trailhead.salesforce.com/en/modules/data-leak-prevention/units/prevent-crud-and-fls-violations
PMD's Apex ruleset is checking to see that you are enforcing/respecting security in your code.
ISV's Managed packages released to the AppExchange must do this as mandatory criteria in the security review process. The spirit of the requirement is to honor the access control configuration choices that org admins make within ISV application offerings. If an admin explicitly restricts access control for sharing/CRUD/FLS then ISV offerings should respect that.
Theoretically, you should be able to remove this rule from the VS Code PMD ruleset (or build a custom ruleset xml which doesn't include it), if you don't want to be warned about a concern that may not apply to your application's situation.
Looks like the VS Code PMD plugin allows for a custom ruleset. You could take this one here and customize it, removing the rules which are not important to you such as this one:
<rule ref="category/apex/security.xml/ApexCRUDViolation"
message="Validate CRUD permission before SOQL/DML operation">
https://github.com/pmd/pmd/blob/master/pmd-apex/src/main/resources/rulesets/apex/ruleset.xml
Related:
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_perms_enforcing.htm
https://developer.salesforce.com/docs/atlas.en-us.secure_coding_guide.meta/secure_coding_guide/secure_coding_authorization_access_control.htm
https://trailhead.salesforce.com/en/modules/data-leak-prevention/units/prevent-crud-and-fls-violations
edited 4 hours ago
answered 4 hours ago
Mark Pond
17.8k13083
17.8k13083
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsalesforce.stackexchange.com%2fquestions%2f233319%2fapex-pmd-problem-validate-crud-permission-before-soql-dml-operation%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
prior to that line of code are you checking that the running user has permission to create that type of record? (i.e.
Schema.sObjectType.Contact.isCreatable()
)â Mark Pond
5 hours ago
@MarkPond I've added additional code. As you can now see, I am not running that line of code. Should I always be doing this?
â Robs
5 hours ago