Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge feature/242 into feature/242__bsdt-load-improv #655

Open
wants to merge 125 commits into
base: feature/242__bsdt-load-improv
Choose a base branch
from

Merge 85930b271e453aaf416acc31afab9b1161463b17 into feature/242

cf7604c
Select commit
Loading
Failed to load commit list.
Open

Merge feature/242 into feature/242__bsdt-load-improv #655

Merge 85930b271e453aaf416acc31afab9b1161463b17 into feature/242
cf7604c
Select commit
Loading
Failed to load commit list.
AST-SCANNER-APP / FastSAST failed Nov 22, 2024 in 0s

FastSAST Scan Report

Details

Detailed Report

📊 Summary

The latest Fast SAST scan has detected 10 vulnerabilities. They are notified as annotations in the code.

Every annotation has the rule detecting vulnerability in its title. In its contents, there are four things:

  1. Description of the vulnerability.
  2. Suggested Remediation to fix the issue (if available).
  3. Triage Id which will be useful for triaging.
  4. Raw Output section that provides the sample triage.yaml format.

Their usages are described under the Take Action section.

🛠️ Take Action

To address the vulnerabilities identified, follow one of the two options for each annotation:

⚙️ Option 1: Remediation

If you agree that this finding is a true positive, follow this option to remediate:

Steps:

  • 🛠️ Implement the Suggested Remediation to resolve the issue.

    Note: If no Suggested Remediation is provided, review the vulnerability details and apply a suitable fix based on your knowledge and resources.

  • Test changes to confirm the vulnerability is addressed.
  • 🔄 Commit the code changes with the implemented remediation.

🔍 Option 2: Triaging

If you do not agree that this finding is a true positive, follow this option to triage and mark it as False Positive or Not Exploitable:

Category Definition Action
🚫 False Positive A vulnerability identified but not a security issue in the application. Add to false_positive section in triage.yaml.
🔒 Not Exploitable A vulnerability that cannot be exploited due to specific conditions. Add to not_exploitable section in triage.yaml.

Steps:

  • 📝 Review the vulnerability.
  • 🔎 Assess if it is a False Positive or Not Exploitable based on the definition
  • 🗂️ Add the Triage Id to the appropriate section in the triage.yaml file.
  • 📚 Refer to documentation for guidance.
  • 📜 For a sample triage.yaml file format, visit the Raw output section.
  • 🔄 Commit the code changes with the updated triage.yaml file.

💬 Feedback

We value your input! Share your thoughts or report issues using our 📋Feedback Form

🆘 Support

Need assistance? Reach out to our support team 👥 via #fast-sast-service-support

Annotations

Check warning on line 60 in force-app/main/default/classes/TestUtil.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/TestUtil.cls:36f75217ab81437591e48db3ee6649b2eeb79f6797b1e42aa05be7a06a05e689"
Raw output 
false_positive:
  - id: force-app/main/default/classes/TestUtil.cls:36f75217ab81437591e48db3ee6649b2eeb79f6797b1e42aa05be7a06a05e689
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 80 in force-app/main/default/classes/ServiceSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/ServiceSelector.cls:516e5f78b9ea5e02dfd65f84d4ea62e456a8955731a8f22ea1b94044729a32d8"
Raw output 
false_positive:
  - id: force-app/main/default/classes/ServiceSelector.cls:516e5f78b9ea5e02dfd65f84d4ea62e456a8955731a8f22ea1b94044729a32d8
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 95 in force-app/main/default/classes/ProgramEngagementSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/ProgramEngagementSelector.cls:9576dbefdd41e65fa1e8baff2bd73590fee96a813bdba83042fe436953aa5c75"
Raw output 
false_positive:
  - id: force-app/main/default/classes/ProgramEngagementSelector.cls:9576dbefdd41e65fa1e8baff2bd73590fee96a813bdba83042fe436953aa5c75
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 42 in force-app/main/default/classes/ServiceSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/ServiceSelector.cls:8d3573190f119b7aaa6c368b4f441df4606b2f6224e2d6c7db5c05cc23b0c0c0"
Raw output 
false_positive:
  - id: force-app/main/default/classes/ServiceSelector.cls:8d3573190f119b7aaa6c368b4f441df4606b2f6224e2d6c7db5c05cc23b0c0c0
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 28 in force-app/main/default/classes/ProgramEngagementSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/ProgramEngagementSelector.cls:3013aa22966ec4f2f5389d25c252f66cda5481d51c9f7bd9176641618b7ae38c"
Raw output 
false_positive:
  - id: force-app/main/default/classes/ProgramEngagementSelector.cls:3013aa22966ec4f2f5389d25c252f66cda5481d51c9f7bd9176641618b7ae38c
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 48 in force-app/main/default/classes/ServiceSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/ServiceSelector.cls:3fe7423ccb09fd2e6cb7c1cca93df500ff3d98cf0205dbf16a82b576098ebff7"
Raw output 
false_positive:
  - id: force-app/main/default/classes/ServiceSelector.cls:3fe7423ccb09fd2e6cb7c1cca93df500ff3d98cf0205dbf16a82b576098ebff7
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 69 in force-app/main/default/classes/ServiceSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/ServiceSelector.cls:318ee346644d62b0a5f239d2ad4ec62346940ac845bd096f97e5dd1d13094e6e"
Raw output 
false_positive:
  - id: force-app/main/default/classes/ServiceSelector.cls:318ee346644d62b0a5f239d2ad4ec62346940ac845bd096f97e5dd1d13094e6e
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 58 in force-app/main/default/classes/ProgramEngagementSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/ProgramEngagementSelector.cls:1ba0ddfc96ade77de852b91514599cd8be17eea388d37cf9dcb6b085543d825d"
Raw output 
false_positive:
  - id: force-app/main/default/classes/ProgramEngagementSelector.cls:1ba0ddfc96ade77de852b91514599cd8be17eea388d37cf9dcb6b085543d825d
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 107 in force-app/main/default/classes/ServiceSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/ServiceSelector.cls:8c86ba3f04d025b214e83186ff4c30e41bb09898c78a3e84a773f64160bd0260"
Raw output 
false_positive:
  - id: force-app/main/default/classes/ServiceSelector.cls:8c86ba3f04d025b214e83186ff4c30e41bb09898c78a3e84a773f64160bd0260
    justification: <Enter your justification for false positive here>
not_exploitable: []

Check warning on line 22 in force-app/main/default/classes/ServiceSelector.cls

See this annotation in the file changed.

@ast-scanner-app ast-scanner-app / FastSAST

Vulnerability found with Rule : base.apex.authorization.soql-missing-security-check . 

Description : SOQL SELECT query is missing a user security directive. Apex generally runs in system context. This means that the current users permissions and field-level security are not taken into account during code execution. This may grant the caller unauthorized access to entity data. Use the WITH USER_MODE clause to enable field- and object-level security permissions when running SOQL SELECT queries in Apex code.

Suggested Remediation : Add a WITH USER_MODE directive to all SOQL SELECT queries in Apex.

Triage Id : "force-app/main/default/classes/ServiceSelector.cls:840e61c4090c269d173d2a9baf28c94756603ac0bca989dd4b18204fc6c555e7"
Raw output 
false_positive:
  - id: force-app/main/default/classes/ServiceSelector.cls:840e61c4090c269d173d2a9baf28c94756603ac0bca989dd4b18204fc6c555e7
    justification: <Enter your justification for false positive here>
not_exploitable: []
View more details on AST-SCANNER-APP