+ Start a Discussion
RupaliJRupaliJ 

Http Callouts Security scanning issue

Hi,

 

When we have submitted our org for security scanning to checkmarx, we got Http_callouts information query in report. I got this message for following code:

public boolean getEx() 
...
req.setEndpoint(URL);

 Please let me know why I am getting this message at setEndpoint line.

Thanks.

sfdcfoxsfdcfox
URL is probably flagged as tainted. This means that some part of URL might be derived from user input. It doesn't mean you'll fail the security review, just that you might have to explain what you're doing with URL.