Apex Code Development You need to sign in to do that
Don't have an account?
Jakub Mužík CRUD Delete Check in the Force.com Source Scanner
Hello, I am running a Force.com Source Scanner for my AppExchane project and I am still getting this issue even though the logic seems to be correct:
This query looks for Delete operations that are performed without checking for isDeletable(). This may be a false positive if your code accesses only objects whose security is managed by your app and not the admin (for example OAuth states). It may also be a false positive if checks are performed outside of the dataflow (automatically in a visualforce inputfield tag or manually in a constructor), or if this is an enterprise object or other object whose permissions are not set by the admin.
Following code is triggering this issue:
SecurityEnforcer.validateCanDelete(listToDelete); Database.delete(listToDelete, false);
In the SecurityEnforcer class is following logic to check whether the user has delete permission to records that I am trying to delete -> If not an Exception is throwed..
else if(ProcessType.REMOVE.equals(pType) && (!objDescribe.isAccessible() || !objDescribe.isDeletable())) {
throw new Exception(); //example
}
What I think is happeing is that the logic is correct but the Source Scanner just doesn't check it correctly and is throwing these not genuine issues...
Has somebody experienced similar issue or can someobody help me to solve it? Thanks in advance :).
Try to check with isAccessible() method.
https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_perms_enforcing.htm
https://developer.salesforce.com/docs/atlas.en-us.packagingGuide.meta/packagingGuide/security_review_required_materials.htm
Hope above information was helpful.
Please mark as Best Answer so that it can help others in the future.
Thanks,
Vinay Kumar