You need to sign in to do that
Don't have an account?
Hugh Wheeler 46
APEX Checkmarx Scan Issues
Hi there,
I have been trying to get some code to pass the check marks scanner. I have nailed most of it, but am getting two issues that I think may be false positives, but cannot find much information on them.
Issue 1.
The scanner is picking up the following line:
newRecord.Id = currentRecord.Id;
Then it is picking up the upsert line where this object is inserted or updated in the database.
upsert newRecord;
I have this wrapped in tests for
1. isUpdateable() (On the object)
2. isCreatable() (On the Object)
3. isUpdateable() on each field except Id
4. isCreatable() on each field.
It doesn't make much sense to me to wrap the Id field in isCreatable() or isUpdatable(). And when I do wrap the Id field it behaves as I would expect and acts as though you dont have create or update access.
Has anyone else run across this one?
Issue 2.
I have a cross site scripting error on the apex:page tag.
<apex:page controller="SMSPageController" docType="{!HTMLENCODE('html-5.0')}" sidebar="{!HTMLENCODE('false')}" showHeader="{!HTMLENCODE('true')}">
I added the HTML encoding to the parameters, because I thought that was what it was complaining about.
Has anyone else run into this one?
Any help would be greatly appreciated.
Hugh
I have been trying to get some code to pass the check marks scanner. I have nailed most of it, but am getting two issues that I think may be false positives, but cannot find much information on them.
Issue 1.
The scanner is picking up the following line:
newRecord.Id = currentRecord.Id;
Then it is picking up the upsert line where this object is inserted or updated in the database.
upsert newRecord;
I have this wrapped in tests for
1. isUpdateable() (On the object)
2. isCreatable() (On the Object)
3. isUpdateable() on each field except Id
4. isCreatable() on each field.
It doesn't make much sense to me to wrap the Id field in isCreatable() or isUpdatable(). And when I do wrap the Id field it behaves as I would expect and acts as though you dont have create or update access.
Has anyone else run across this one?
Issue 2.
I have a cross site scripting error on the apex:page tag.
<apex:page controller="SMSPageController" docType="{!HTMLENCODE('html-5.0')}" sidebar="{!HTMLENCODE('false')}" showHeader="{!HTMLENCODE('true')}">
I added the HTML encoding to the parameters, because I thought that was what it was complaining about.
Has anyone else run into this one?
Any help would be greatly appreciated.
Hugh
4. isCreatable() on each field except Id.