How to avoid apexxssfromurlparam in PMD?
I have the following line of code in my visualforce controller. I am using PMD, which is a static code analyzer. It complains me of ApexXSSFromURLParam: Apex classes should escape/sanitize Strings obtained from URL parameters. I studied a bit on this and found that String.escapeSingleQuotes is a useful way to avoid SOQL injection attacks.
Are there any side effects to using DML in apex?
ApexCSRF: Having DML operations in Apex class constructor or initializers can have unexpected side effects:… AvoidDirectAccessTriggerMap: Avoid directly accessing Trigger.old and Trigger.new as it can lead to a bug. Triggers should be …
How is apexsoqlinjection used in DML queries?
ApexSOQLInjection: Detects the usage of untrusted / unescaped variables in DML queries. ApexSuggestUsingNamedCred: Detects hardcoded credentials used in requests to an endpoint. You should refrain from hardcoding…
What are the apex rules for debug statements?
AvoidDebugStatements: Debug statements contribute to longer transactions and consume Apex CPU time even when debug logs… AvoidDmlStatementsInLoops: Deprecated Avoid DML statements inside loops to avoid hitting the DML governor limit.
Do you need to validate CRUD permission before using APEX?
The spirit of the requirement is to honor the access control configuration choices that org admins make within ISV application offerings. If an admin explicitly restricts access control for sharing/CRUD/FLS then ISV offerings should respect that.
When do apex classes should escape / sanitize strings obtained?
It complains me of ApexXSSFromURLParam: Apex classes should escape/sanitize Strings obtained from URL parameters. I studied a bit on this and found that String.escapeSingleQuotes is a useful way to avoid SOQL injection attacks. So I rewrote it as follows: But PMD is still complaining me about the same issue.