Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge main into feature/pton-donation-attribution-lwc #6599

Open
wants to merge 8,320 commits into
base: feature/pton-donation-attribution-lwc
Choose a base branch
from

Merge pull request #7276 from SalesforceFoundation/feature/256__W-175…

c5fb4eb
Select commit
Loading
Failed to load commit list.
Open

Merge main into feature/pton-donation-attribution-lwc #6599

Merge pull request #7276 from SalesforceFoundation/feature/256__W-175…
c5fb4eb
Select commit
Loading
Failed to load commit list.
AST-SCANNER-APP / FastSAST failed Jan 8, 2025 in 0s

FastSAST Scan Report

Details

Detailed Report

📊 Summary

The latest Fast SAST scan has detected 55 vulnerabilities. They are notified as annotations in the code.

Every annotation has the rule detecting vulnerability in its title. In its contents, there are four things:

  1. Description of the vulnerability.
  2. Suggested Remediation to fix the issue (if available).
  3. Triage Id which will be useful for triaging.
  4. Raw Output section that provides the sample triage.yaml format.

Their usages are described under the Take Action section.

🛠️ Take Action

To address the vulnerabilities identified, follow one of the two options for each annotation:

⚙️ Option 1: Remediation

If you agree that this finding is a true positive, follow this option to remediate:

Steps:

  • 🛠️ Implement the Suggested Remediation to resolve the issue.

    Note: If no Suggested Remediation is provided, review the vulnerability details and apply a suitable fix based on your knowledge and resources.

  • Test changes to confirm the vulnerability is addressed.
  • 🔄 Commit the code changes with the implemented remediation.

🔍 Option 2: Triaging

If you do not agree that this finding is a true positive, follow this option to triage and mark it as False Positive or Not Exploitable:

Category Definition Action
🚫 False Positive A vulnerability identified but not a security issue in the application. Add to false_positive section in triage.yaml.
🔒 Not Exploitable A vulnerability that cannot be exploited due to specific conditions. Add to not_exploitable section in triage.yaml.

Steps:

  • 📝 Review the vulnerability.
  • 🔎 Assess if it is a False Positive or Not Exploitable based on the definition
  • 🗂️ Add the Triage Id to the appropriate section in the triage.yaml file.
  • 📚 Refer to documentation for guidance.
  • 📜 For a sample triage.yaml file format, visit the Raw output section.
  • 🔄 Commit the code changes with the updated triage.yaml file.

💬 Feedback

We value your input! Share your thoughts or report issues using our 📋Feedback Form

🆘 Support

Need assistance? Reach out to our support team 👥 via #fast-sast-service-support

Annotations

Check warning on line 93 in force-app/main/default/classes/BDI_ManageAdvancedMappingCtrl.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/BDI_ManageAdvancedMappingCtrl.cls:a118192d34d2cafd0faead74c26e1e146a9de6fc63c6535e2197070111bd4e86"
Raw output 
false_positive:
  - id: force-app/main/default/classes/BDI_ManageAdvancedMappingCtrl.cls:a118192d34d2cafd0faead74c26e1e146a9de6fc63c6535e2197070111bd4e86
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 56 in force-app/main/default/classes/CON_DeleteContactOverrideSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/CON_DeleteContactOverrideSelector.cls:4521b20c8bb4a1185eca43f21fcc3177db894671df5973d95840cbc370df668c"
Raw output 
false_positive:
  - id: force-app/main/default/classes/CON_DeleteContactOverrideSelector.cls:4521b20c8bb4a1185eca43f21fcc3177db894671df5973d95840cbc370df668c
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 124 in force-app/main/selector/ContactMergeSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/selector/ContactMergeSelector.cls:50851cb5fb0b831e761fdc2a3039f7e569e36105102f581a253c0840e1b2ab0e"
Raw output 
false_positive:
  - id: force-app/main/selector/ContactMergeSelector.cls:50851cb5fb0b831e761fdc2a3039f7e569e36105102f581a253c0840e1b2ab0e
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 233 in force-app/main/default/classes/HH_CampaignDedupeBTN_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/HH_CampaignDedupeBTN_CTRL.cls:659656e2b20c849e35320eb211c1fb3b52e5c537fbb5386f1f983c54a99b0aa1"
Raw output 
false_positive:
  - id: force-app/main/default/classes/HH_CampaignDedupeBTN_CTRL.cls:659656e2b20c849e35320eb211c1fb3b52e5c537fbb5386f1f983c54a99b0aa1
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 520 in force-app/main/default/classes/LD_LeadConvertOverride_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/LD_LeadConvertOverride_CTRL.cls:2349b407635d6de6b3e870530461da4de348b22009ab50d194ebcb82c1d174cf"
Raw output 
false_positive:
  - id: force-app/main/default/classes/LD_LeadConvertOverride_CTRL.cls:2349b407635d6de6b3e870530461da4de348b22009ab50d194ebcb82c1d174cf
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 176 in force-app/main/default/classes/PSC_ManageSoftCredits_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/PSC_ManageSoftCredits_CTRL.cls:8d1cf2de867c95761c2f90a92f031159e568ffb1ee66abc789ee999c9f479ee6"
Raw output 
false_positive:
  - id: force-app/main/default/classes/PSC_ManageSoftCredits_CTRL.cls:8d1cf2de867c95761c2f90a92f031159e568ffb1ee66abc789ee999c9f479ee6
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 227 in force-app/main/default/classes/HH_CampaignDedupeBTN_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/HH_CampaignDedupeBTN_CTRL.cls:961b85cc4f7fcec3841a2bb01c03e33f3ea1237f99dc0284b54fa85c3f4b88b0"
Raw output 
false_positive:
  - id: force-app/main/default/classes/HH_CampaignDedupeBTN_CTRL.cls:961b85cc4f7fcec3841a2bb01c03e33f3ea1237f99dc0284b54fa85c3f4b88b0
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 452 in force-app/main/default/classes/MTCH_FindGifts_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/MTCH_FindGifts_CTRL.cls:de612264b6f253d10423160662622271823fda2a98f50f30215a9385c00b2121"
Raw output 
false_positive:
  - id: force-app/main/default/classes/MTCH_FindGifts_CTRL.cls:de612264b6f253d10423160662622271823fda2a98f50f30215a9385c00b2121
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 292 in force-app/main/default/classes/PSC_ManageSoftCredits_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/PSC_ManageSoftCredits_CTRL.cls:78da47c32b6cafe9f025fd6ec3809564363d14430e552a4834f7b230b6b6bdb2"
Raw output 
false_positive:
  - id: force-app/main/default/classes/PSC_ManageSoftCredits_CTRL.cls:78da47c32b6cafe9f025fd6ec3809564363d14430e552a4834f7b230b6b6bdb2
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 292 in force-app/main/default/classes/RD2_StatusMapper.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/RD2_StatusMapper.cls:47d3ad11c0c2cbac5c92ec5350703cbe5dc4cbb186fbe49c6edf0c68739dd578"
Raw output 
false_positive:
  - id: force-app/main/default/classes/RD2_StatusMapper.cls:47d3ad11c0c2cbac5c92ec5350703cbe5dc4cbb186fbe49c6edf0c68739dd578
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 466 in force-app/main/domain/Addresses.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/domain/Addresses.cls:cd3be8ce42299f383b9e2f4b23f60a0ad097d7c53b132c61c9201b1234918c25"
Raw output 
false_positive:
  - id: force-app/main/domain/Addresses.cls:cd3be8ce42299f383b9e2f4b23f60a0ad097d7c53b132c61c9201b1234918c25
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 77 in force-app/main/default/classes/GiftBatchSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/GiftBatchSelector.cls:22a8adc79edda1ec9568c71081d26a518a43aabbe269a66bf4b7e10d0ed1db88"
Raw output 
false_positive:
  - id: force-app/main/default/classes/GiftBatchSelector.cls:22a8adc79edda1ec9568c71081d26a518a43aabbe269a66bf4b7e10d0ed1db88
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 74 in force-app/main/default/classes/CON_DeleteContactOverrideSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/CON_DeleteContactOverrideSelector.cls:ae449a63d125d4b6de9f8c80b4d4434821e8d79bb375e232951aae8abce2cfee"
Raw output 
false_positive:
  - id: force-app/main/default/classes/CON_DeleteContactOverrideSelector.cls:ae449a63d125d4b6de9f8c80b4d4434821e8d79bb375e232951aae8abce2cfee
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 112 in force-app/main/default/classes/UTIL_UnitTestData_TEST.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/UTIL_UnitTestData_TEST.cls:3c21224ed10252fe4df91020ae6b23d9604cfb4c1050dc905e48d3b7df7cde1d"
Raw output 
false_positive:
  - id: force-app/main/default/classes/UTIL_UnitTestData_TEST.cls:3c21224ed10252fe4df91020ae6b23d9604cfb4c1050dc905e48d3b7df7cde1d
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 151 in force-app/main/default/classes/LD_LeadConvertOverride_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/LD_LeadConvertOverride_CTRL.cls:47c36d5e7f271d8ab35ddb11fe0679aa4a95252a88b2a1926b22447030301b6e"
Raw output 
false_positive:
  - id: force-app/main/default/classes/LD_LeadConvertOverride_CTRL.cls:47c36d5e7f271d8ab35ddb11fe0679aa4a95252a88b2a1926b22447030301b6e
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 692 in force-app/main/default/classes/PMT_PaymentWizard_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/PMT_PaymentWizard_CTRL.cls:55e37a91cec060b0ba7c4d2eeac0d0e7019feb3c4c17a56a5a3d0df2b51b81b2"
Raw output 
false_positive:
  - id: force-app/main/default/classes/PMT_PaymentWizard_CTRL.cls:55e37a91cec060b0ba7c4d2eeac0d0e7019feb3c4c17a56a5a3d0df2b51b81b2
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 90 in force-app/main/default/classes/UTIL_UnitTestData_TEST.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/UTIL_UnitTestData_TEST.cls:fbbf26ee878786d56bd35af3d9708975a9f2d2d9bdec29333569dcf1f4dc0e21"
Raw output 
false_positive:
  - id: force-app/main/default/classes/UTIL_UnitTestData_TEST.cls:fbbf26ee878786d56bd35af3d9708975a9f2d2d9bdec29333569dcf1f4dc0e21
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 129 in force-app/main/default/classes/UTIL_UnitTestData_TEST.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/UTIL_UnitTestData_TEST.cls:f6c8e1f42d53800887037d7900c25d780143f2a90bee82c5ba34e24cf162f01a"
Raw output 
false_positive:
  - id: force-app/main/default/classes/UTIL_UnitTestData_TEST.cls:f6c8e1f42d53800887037d7900c25d780143f2a90bee82c5ba34e24cf162f01a
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 245 in force-app/main/default/classes/BDE_BatchEntry_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/BDE_BatchEntry_CTRL.cls:1db8b5f650d62d547f5fbf8f3e2153390b454e066eff759ea1e317ec119d75b3"
Raw output 
false_positive:
  - id: force-app/main/default/classes/BDE_BatchEntry_CTRL.cls:1db8b5f650d62d547f5fbf8f3e2153390b454e066eff759ea1e317ec119d75b3
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 399 in force-app/main/default/classes/LD_LeadConvertOverride_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/LD_LeadConvertOverride_CTRL.cls:4fe18e03399db1baca84d97bb04e3adbf1c95e76c3e5b32821469cab21bcd0df"
Raw output 
false_positive:
  - id: force-app/main/default/classes/LD_LeadConvertOverride_CTRL.cls:4fe18e03399db1baca84d97bb04e3adbf1c95e76c3e5b32821469cab21bcd0df
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 231 in force-app/main/default/classes/BDE_BatchEntry_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/BDE_BatchEntry_CTRL.cls:bf75e0aa636b0d0a0a6f995c8cc64d17c2151e2eff7ce6a20b3cbdbadae7b331"
Raw output 
false_positive:
  - id: force-app/main/default/classes/BDE_BatchEntry_CTRL.cls:bf75e0aa636b0d0a0a6f995c8cc64d17c2151e2eff7ce6a20b3cbdbadae7b331
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 463 in force-app/main/default/classes/BGE_DataImportBatchEntry_CTRL.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/BGE_DataImportBatchEntry_CTRL.cls:d2705eb683e20a3c10cfff59c896ecb84ce86a2bdd718547b67bfd57fefc55a4"
Raw output 
false_positive:
  - id: force-app/main/default/classes/BGE_DataImportBatchEntry_CTRL.cls:d2705eb683e20a3c10cfff59c896ecb84ce86a2bdd718547b67bfd57fefc55a4
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 840 in force-app/main/default/classes/CON_ContactMerge_TEST.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/CON_ContactMerge_TEST.cls:e71f46e7c03d307e153c0c67e4f7acaf3329b4013b7dd5a0dfd98272496e6161"
Raw output 
false_positive:
  - id: force-app/main/default/classes/CON_ContactMerge_TEST.cls:e71f46e7c03d307e153c0c67e4f7acaf3329b4013b7dd5a0dfd98272496e6161
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 104 in force-app/main/default/classes/GiftBatchSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/GiftBatchSelector.cls:74c73ccd8baf63f2042eb2d58c0c86201732743f5e3fbc383169aaeb8cb7a498"
Raw output 
false_positive:
  - id: force-app/main/default/classes/GiftBatchSelector.cls:74c73ccd8baf63f2042eb2d58c0c86201732743f5e3fbc383169aaeb8cb7a498
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 45 in force-app/main/default/classes/CON_DeleteContactOverrideSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/CON_DeleteContactOverrideSelector.cls:146251018786ca29a278dfd665c85af32610e8f5b5375159a290c8545c21a5c3"
Raw output 
false_positive:
  - id: force-app/main/default/classes/CON_DeleteContactOverrideSelector.cls:146251018786ca29a278dfd665c85af32610e8f5b5375159a290c8545c21a5c3
    justification: <Enter your justification for false positive here>
not_exploitable: []
View more details on AST-SCANNER-APP