Apex Code Development You need to sign in to do that
Don't have an account?
S Shaw AppExchange Packaging: SOQL/SOSL Injection error due to the Dynamic query
Hi Experts,
I have developed a functionality on Force.com platform where I have written a VF Page that has Advance Search functionality. To do this, I have used Dynamic Query. It’s actually, building the Query as a String and then hit the Query using Database.Query(‘<String>’) method.
Now we are planning to package this functionality (with few more items) and put it in the App Exchange. We have done all of these and the Managed package is also ready. Now once the package is ready, I run the Security Check using CxViewer which gives the following Error:
1114. private Pagereference FilterSection() //cfmapadminsettings.cls ... 1234. if(strFilterLogic != null && strFilterLogic.trim().length() > 0 && lstCondtionNo.size() > 0) ... 1236. tempFilterLogic = strFilterLogic; ... 1247. strQuery = 'Select Id from Account where '+ tempFilterLogic + ' LIMIT 500 '; ... 1249. database.query(strQuery);
Its SOQL/SOSL Injection error due to the Dynamic query that we have created.
Can someone please suggest me how to resolve this issue or what is the second approach that I take to resolve it?
Check out the Coding Guidelines page on security.force.com: http://wiki.developerforce.com/page/Secure_Coding_Guideline
Section 2 provides more details on SQL Injection
Hi,
Did you find any solution for this Issue? if you find solution for this Please share that solution.
i am also facing same SOQL/SOSL Injection error due to the Dynamic query. Please help me out this.
Error : Severity - Critical
public List<Branch__c> getRecords()
{
return (List<Branch__c>)database.query(FetchBranchRecordsQry+' LIMIT '+PaginationForBranch.queryLimit+' OFFSET' +PaginationForBranch.offset);
}
string FetchBranchRecordsQry='Select id, Name, CreatedBy.Name,Branch__c.CreatedDate,BranchName__c, BranchAdmin__r.Name, BranchEstDate__c, Active__c FROM Branch__c Order by Name DESC';
Please Help me for this.
Thanks,
Yarram