Sign Up ›
  • Michael_White
  • NEWBIE
  • 106 Points
  • Member since 2015
  • Chatter
    Feed
  • 2
    Best Answers
  • 1
    Likes Received
  • 4
    Likes Given
  • 0
    Questions
  • 9
    Replies
SOLVED
19 replies

Stuck on prevent SOQL injection trailhead

Hi all, I am stuck on the prevent SOQL injection trailhead, where I am looking to determine which portions of the code I would need to invoke escapeSingleQuotes or whitelist to enable. I've made several attempts at investigation to little avail. I have appended my code are there any steps I would need to take. My goal is to assess the code to see how it works and what I would need to do.

Hope it helps.
  
public class Prevent_SOQL_Injection_Challenge {

    public string textOne {get; set;}
    public string textTwo {get; set;}
    public string comparator {get; set;}
    public string numberOne {get; set;}

    public List<Supply__c> whereclause_records {get; set;}


    public PageReference stringSearchOne(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textOne != null && textOne!=''){
                whereClause += 'name like  \'%'+textOne+'%\' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }


    public PageReference stringSearchTwo(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textTwo != null && textTwo!=''){
                whereClause += 'Storage_Location__r.name like  \'%'+textTwo+'%\' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }


    public PageReference numberSearchOne(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(numberOne != null && comparator != null){
            whereClause += 'Quantity__c '+comparator+' '+numberOne+' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }

}

 
SOLVED
10 replies

ISV Dev Trailhead modules, require ISV account?

To complete the ISV modules, are you required to have an ISV account? 
 

Or how do you get a dev org with environment hub?

SOLVED
19 replies

Stuck on prevent SOQL injection trailhead

Hi all, I am stuck on the prevent SOQL injection trailhead, where I am looking to determine which portions of the code I would need to invoke escapeSingleQuotes or whitelist to enable. I've made several attempts at investigation to little avail. I have appended my code are there any steps I would need to take. My goal is to assess the code to see how it works and what I would need to do.

Hope it helps.
  
public class Prevent_SOQL_Injection_Challenge {

    public string textOne {get; set;}
    public string textTwo {get; set;}
    public string comparator {get; set;}
    public string numberOne {get; set;}

    public List<Supply__c> whereclause_records {get; set;}


    public PageReference stringSearchOne(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textOne != null && textOne!=''){
                whereClause += 'name like  \'%'+textOne+'%\' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }


    public PageReference stringSearchTwo(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textTwo != null && textTwo!=''){
                whereClause += 'Storage_Location__r.name like  \'%'+textTwo+'%\' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }


    public PageReference numberSearchOne(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(numberOne != null && comparator != null){
            whereClause += 'Quantity__c '+comparator+' '+numberOne+' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }

}

 
3 replies

Catter

What is going on in trailhead today - logged in to find a new Catter trail - very weird and whats worse doesn't seem to be added to my developer instance so cannot even work through it...
1 replies

Link to test data for lightning experience specialist

The link to the test data on the lightning experience specialist superbadge is not working. Has anyone been able to get to that data?
SOLVED
23 replies

The campingListItem JavaScript controller isn't setting the 'Packed' value correctly.

Working the "Handle Actions with Controllers" trailhead module and I'm not getting past the validation.
If I put the component in a test jig, I can see the button function and set the check box as expected.
 

Here is the code I'm using to set the item as packed...

component.set("v.item.Packed__c", true );

I'm assuming the validator does not like my syntax. Can you give me a hint to get past this?

Thanks.
John

SOLVED
10 replies

ISV Dev Trailhead modules, require ISV account?

To complete the ISV modules, are you required to have an ISV account? 
 

Or how do you get a dev org with environment hub?

SOLVED
19 replies

Stuck on prevent SOQL injection trailhead

Hi all, I am stuck on the prevent SOQL injection trailhead, where I am looking to determine which portions of the code I would need to invoke escapeSingleQuotes or whitelist to enable. I've made several attempts at investigation to little avail. I have appended my code are there any steps I would need to take. My goal is to assess the code to see how it works and what I would need to do.

Hope it helps.
  
public class Prevent_SOQL_Injection_Challenge {

    public string textOne {get; set;}
    public string textTwo {get; set;}
    public string comparator {get; set;}
    public string numberOne {get; set;}

    public List<Supply__c> whereclause_records {get; set;}


    public PageReference stringSearchOne(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textOne != null && textOne!=''){
                whereClause += 'name like  \'%'+textOne+'%\' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }


    public PageReference stringSearchTwo(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textTwo != null && textTwo!=''){
                whereClause += 'Storage_Location__r.name like  \'%'+textTwo+'%\' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }


    public PageReference numberSearchOne(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(numberOne != null && comparator != null){
            whereClause += 'Quantity__c '+comparator+' '+numberOne+' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }

}

 
3 replies

Bug in Prevent a SOQL injection attack challenge?

I've gotten through the first few challenges without any real issue.  I'm stuck on this one, however.  In frustration I've used 'text.escapeSingleQuotes' combined with space replacement and whitelisting for the first 2 methods and then casting for the third since it's a Number.  I fail to see how this isn't enough to prevent SOQL injection, specifically because of the white listing.  I've tested against the whitelisting and it seems to be working correctly.  

I just wonder if this is a case of the challenge looking for a particular answer or I'm just missing something.

 


    public PageReference stringSearchOne(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textOne != null && textOne!=''){
                whereClause += 'name like \'%'+string.escapeSingleQuotes(textOne.replaceAll('[^\\w]', ''))+'%\'';
                // textOne.replaceAll('[^\\w]', '')
        }
        Set<String> n = new Set<String>{'Barley','Beans','Bread','Cheese','Eels','Figs','Herrings','Horses','Malt','Oats','Raisins','Rice','Salt Beef','Salt Pork','Venison','Water','Wine'};
        if(whereClause != ''){
            if(n.contains(textOne)) {
                whereclause_records = database.query(query+' where '+whereClause+' Limit 10');        
            } else {
                whereclause_records = database.query(query+' where name = \'Venison\' Limit 10');
            }
        }

        return null;
    }


    public PageReference stringSearchTwo(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(textTwo != null && textTwo!=''){
                whereClause += 'Storage_Location__r.name like  \'%'+string.escapeSingleQuotes(textTwo.replaceAll('[^\\w]', ''))+'%\' ';
        }

        if(whereClause != ''){
            if(textTwo == 'Storeroom' || textTwo == 'Stables') {
                whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
            }
        }

        return null;
    }


    public PageReference numberSearchOne(){
        string query = 'SELECT Id,Name,Quantity__c,Storage_Location__c,Storage_Location__r.Castle__c,Type__c FROM Supply__c';
        string whereClause = '';

        if(numberOne != null && comparator != null){
            whereClause += 'Quantity__c '+comparator+' '+string.valueOf(numberOne)+' ';
        }

        if(whereClause != ''){
            whereclause_records = database.query(query+' where '+whereClause+' Limit 10');
        }

        return null;
    }
SOLVED
10 replies

ISV Dev Trailhead modules, require ISV account?

To complete the ISV modules, are you required to have an ISV account? 
 

Or how do you get a dev org with environment hub?

8 replies

77 Badges and 57450 Points

Just finished all of the Trails, Modules and Projects that are available up to this point using 3 different Dev Orgs. (2/3/2016)

Keep them coming. More Trails/Modules/Projects on development would be great. (Lightining,Apex,Visual Force, Javascript, Integration and using the Developer Console)

Thanks for providing these valuable resources !