Apex Code Development You need to sign in to do that
Don't have an account?
admintrmp Issues with the security scanner
Is anyone having issues with the security scanner at the moment. I understand it's experiencing delays, but there is nothing new there.
Got a report through mentioning a whole load of critical issues because of exposed decimal and boolean values from an sObject in Visualforce. As far as I'm aware - can't see any issue with that!
Got no issues with text fields however, so that proves that the code is secure but the report is seriously wrong.
Hello!
I'm sorry to hear about the trouble you're having with the scanner. We're always on the lookout for potential issues, and are continually working to improve it.
Would you mind sending me the report that the scanner generated, as well as either the username you used to submit the scan or the package id for the code? You can send those to me at neal.harris@salesforce.com. I'll take a look, and we'll get back to you to let you know what we learn.
Thanks!
Neal Harris
salesforce.com Product Security
Hello Admintrmp,
First, thank you for using our scanner! If you could reply to Neal or email me the username you used when submitting the portal scan, I would be happy to look into this issue for you. I can be reached at rsussland at salesforce dot com.
But without seeing the specifics, there is always a trade off between false positives and false negatives. We try to update the rules to achieve a good balance, but it sounds like in your case this did not occur. We will try to diagnose what happened and incorporate this into our next ruleset update.
Sincerely,
Robert Sussland
Salesforce Product Security Engineer