Apex Code Development You need to sign in to do that
Don't have an account?
BPOOR SOQL Injection Vulnerability
I am working on an assignment where I need to fix a SOQL Injection issue in one of the SOQL in a batch apex. The query is below.
However, I am not sure how this SOQL was flagged as a vulnerable query since it is not querying a specific field with a LIKE or something like that.
Can someone clarify? If this is a vulnerable query, how do I re-write the query?
SELECT Id, Name from Contact where (TrustName__c != null OR Status__c != null OR Title != null OR City__c !- null or Street__c != null or State__c != null) AND Id in (SELECT Contact__c from PP__c)
However, I am not sure how this SOQL was flagged as a vulnerable query since it is not querying a specific field with a LIKE or something like that.
Can someone clarify? If this is a vulnerable query, how do I re-write the query?
Greetings!
I can see that you are trying to use the condition as below:
Id in (SELECT Contact__c from PP__c)
So,can you please confirm if the Contact__c is ID.If not,I would suggest you to query only the Ids as we are comparing the returned values with the ID type.
Kindly let me know if it helps you and close your query by marking it as solved so that it can help others in the future.
Warm Regards,
Shirisha Pathuri
Yes, Contact__c is the ID field. The custom object PP__c is a child to the Contact object with lookup relationship.
Regards,
Balaji.
But,we can still investigate to figure out which part of the query is causing the issue by removing the other crieterias as using the SOQL injection to see,if that works.
Thank you!