Test imp 001 #378
Test imp 001 #378
Conversation
![clayton-staging[bot]](https://avatars.githubusercontent.com/in/69789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code review not passed
This change adds 4 new problems. See the full report
| @@ -4,6 +4,11 @@ | |||
| <aura:attribute name="displayGrade" type="Boolean" default="false" /> | |||
| <aura:handler name="init" value="{!this}" action="{!c.doInit}"/> | |||
|
|
|||
| <ltng:require | |||
There was a problem hiding this comment.
Security (Orgs): Vulnerable third-party dependency
Severity
Error
Finding
jQuery 1.5.1 is affected by a known vulnerability (XSS with location.hash). Please upgrade jQuery to version 1.6.3 or later.
Why is this a problem?
Using open source components with well-known vulnerabilities is now a part of the OWASP Top 10. Insecure libraries can pose a considerable risk for your application. While some known vulnerabilities lead to only minor impacts, some of the most significant breaches to date have relied on exploiting known vulnerabilities in components.
Help and documentation
|
|
||
| // Build the query | ||
| String selectQueryString = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
| Contact currentContact = Database.query(selectQueryString); |
There was a problem hiding this comment.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
Help and documentation
|
|
||
| // Build the query2 | ||
| String selectQueryString2 = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
| Contact currentContact2 = Database.query(selectQueryString2); |
There was a problem hiding this comment.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
Help and documentation
| @@ -3,12 +3,21 @@ public with sharing class CandidateGradeController { | |||
| } | |||
|
|
|||
| @AuraEnabled | |||
| public static CandidateGradeInfo getCandidateGrade(Id contactId) { | |||
| Contact currentContact = [SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = :contactId]; | |||
| public static CandidateGradeInfo getCandidateGrade(String contactId) { | |||
There was a problem hiding this comment.
Testing Best Practice: Untested method
Severity
Warning
Finding
Method getCandidateGrade is not tested. Please consider adding a test method to ensure it works as expected.
Why is this a problem?
Unit tests ensure that all code meets quality standards before it's deployed. Testing all your code is essential not only to meet Salesforce test coverage requirements but, more importantly, to make sure your logic keeps working as expected as your application evolves.
Help and documentation
clayton-staging
bot
dismissed
their stale review
This code review is obsolete
There was a problem hiding this comment.
Code review not passed
This change adds 3 new problems. See the full report
| @@ -4,6 +4,11 @@ | |||
| <aura:attribute name="displayGrade" type="Boolean" default="false" /> | |||
| <aura:handler name="init" value="{!this}" action="{!c.doInit}"/> | |||
|
|
|||
| <ltng:require | |||
There was a problem hiding this comment.
Security (Orgs): Vulnerable third-party dependency
Severity
Error
Finding
jQuery 1.5.1 is affected by a known vulnerability (XSS with location.hash). Please upgrade jQuery to version 1.6.3 or later.
Why is this a problem?
Using open source components with well-known vulnerabilities is now a part of the OWASP Top 10. Insecure libraries can pose a considerable risk for your application. While some known vulnerabilities lead to only minor impacts, some of the most significant breaches to date have relied on exploiting known vulnerabilities in components.
Help and documentation
| @@ -3,12 +3,21 @@ public with sharing class CandidateGradeController { | |||
| } | |||
|
|
|||
| @AuraEnabled | |||
| public static CandidateGradeInfo getCandidateGrade(Id contactId) { | |||
| Contact currentContact = [SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = :contactId]; | |||
| public static CandidateGradeInfo getCandidateGrade(String contactId) { | |||
There was a problem hiding this comment.
Testing Best Practice: Untested method
Severity
Warning
Finding
Method getCandidateGrade is not tested. Please consider adding a test method to ensure it works as expected.
Why is this a problem?
Unit tests ensure that all code meets quality standards before it's deployed. Testing all your code is essential not only to meet Salesforce test coverage requirements but, more importantly, to make sure your logic keeps working as expected as your application evolves.
Help and documentation
|
|
||
| // Build the query | ||
| String selectQueryString = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
| Contact currentContact = Database.query(selectQueryString); |
There was a problem hiding this comment.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
Help and documentation
There was a problem hiding this comment.
Code review not passed
This change adds 3 new problems. See the full report
| @@ -3,12 +3,21 @@ public with sharing class CandidateGradeController { | |||
| } | |||
|
|
|||
| @AuraEnabled | |||
| public static CandidateGradeInfo getCandidateGrade(Id contactId) { | |||
| Contact currentContact = [SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = :contactId]; | |||
| public static CandidateGradeInfo getCandidateGrade(String contactId) { | |||
There was a problem hiding this comment.
Testing Best Practice: Untested method
Severity
Warning
Finding
Method getCandidateGrade is not tested. Please consider adding a test method to ensure it works as expected.
Why is this a problem?
Unit tests ensure that all code meets quality standards before it's deployed. Testing all your code is essential not only to meet Salesforce test coverage requirements but, more importantly, to make sure your logic keeps working as expected as your application evolves.
Help and documentation
|
|
||
| // Build the query | ||
| String selectQueryString = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
| Contact currentContact = Database.query(selectQueryString); |
There was a problem hiding this comment.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
Help and documentation
| @@ -4,6 +4,11 @@ | |||
| <aura:attribute name="displayGrade" type="Boolean" default="false" /> | |||
| <aura:handler name="init" value="{!this}" action="{!c.doInit}"/> | |||
|
|
|||
| <ltng:require | |||
There was a problem hiding this comment.
Security (Orgs): Vulnerable third-party dependency
Severity
Error
Finding
jQuery 1.5.1 is affected by a known vulnerability (XSS with location.hash). Please upgrade jQuery to version 1.6.3 or later.
Why is this a problem?
Using open source components with well-known vulnerabilities is now a part of the OWASP Top 10. Insecure libraries can pose a considerable risk for your application. While some known vulnerabilities lead to only minor impacts, some of the most significant breaches to date have relied on exploiting known vulnerabilities in components.
Help and documentation
There was a problem hiding this comment.
Code review not passed
This change adds 3 new problems. See the full report
| @@ -3,12 +3,21 @@ public with sharing class CandidateGradeController { | |||
| } | |||
|
|
|||
| @AuraEnabled | |||
| public static CandidateGradeInfo getCandidateGrade(Id contactId) { | |||
| Contact currentContact = [SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = :contactId]; | |||
| public static CandidateGradeInfo getCandidateGrade(String contactId) { | |||
There was a problem hiding this comment.
Testing Best Practice: Untested method
Severity
Warning
Finding
Method getCandidateGrade is not tested. Please consider adding a test method to ensure it works as expected.
Why is this a problem?
Unit tests ensure that all code meets quality standards before it's deployed. Testing all your code is essential not only to meet Salesforce test coverage requirements but, more importantly, to make sure your logic keeps working as expected as your application evolves.
Help and documentation
| @@ -4,6 +4,11 @@ | |||
| <aura:attribute name="displayGrade" type="Boolean" default="false" /> | |||
| <aura:handler name="init" value="{!this}" action="{!c.doInit}"/> | |||
|
|
|||
| <ltng:require | |||
There was a problem hiding this comment.
Security (Orgs): Vulnerable third-party dependency
Severity
Error
Finding
jQuery 1.5.1 is affected by a known vulnerability (XSS with location.hash). Please upgrade jQuery to version 1.6.3 or later.
Why is this a problem?
Using open source components with well-known vulnerabilities is now a part of the OWASP Top 10. Insecure libraries can pose a considerable risk for your application. While some known vulnerabilities lead to only minor impacts, some of the most significant breaches to date have relied on exploiting known vulnerabilities in components.
Help and documentation
|
|
||
| // Build the query | ||
| String selectQueryString = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
| Contact currentContact = Database.query(selectQueryString); |
There was a problem hiding this comment.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
Help and documentation
No description provided.