-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[apex] ApexCRUDViolation ignores Schema.isDeletable on Delete DML #4997
Comments
@adangel The PMD Security rules have mostly become inconsistent with all the changes around I believe there should be ONE opinionated rule provided and maintained by Salkesforce that:
For sure a quick fix of the existing rule to accept the delete is also possible short term. Related issues: For visibility: @jfeingold35 @johnbelosf @kfidelak94 @anand13s @FishOfPrey |
Related Ticket on the Code Analyser repo is forcedotcom/sfdx-scanner#1458 |
In this particular scenario the best practice would be be Any There are scenarios where Security.stripInaccessible may make more sense, such as being able to selectively handle what occurs if the user doesn't have access. Although for a delete operation that would need to be a schema describe check. |
Schema checks should not be discouraged, as ("managed") code within app-store components (esp. triggers) should not let users with unsufficient access run into errors (worst-case scenario: SF users cannot save their own settings because of crashing User triggers). |
Affects PMD Version:
7.0.1 (and all versions before)
Rule:
ApexCRUDViolation - https://pmd.github.io/pmd/pmd_rules_apex_security.html#apexcrudviolation
Description:
PMD incorrectly reports the need for validation of CRUD permissions before a DML Delete statement although the Schema.isDeletable is called.
This issues was raised in https://salesforce.stackexchange.com/questions/421548/apexcrudviolation-check-for-object-level-delete-permission-does-not-work where the user used PMD inside the Salesforce Code Analyser CLI tool (uses PMD internally)
Code Sample demonstrating the issue:
Expected outcome:
PMD should report no violation.
Running PMD through: Salesforce Code Analyser CLI https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/overview using:
The text was updated successfully, but these errors were encountered: