-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Test imp 001 #378
base: master
Are you sure you want to change the base?
Test imp 001 #378
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code review not passed
This change adds 4 new problems. See the full report
@@ -4,6 +4,11 @@ | |||
<aura:attribute name="displayGrade" type="Boolean" default="false" /> | |||
<aura:handler name="init" value="{!this}" action="{!c.doInit}"/> | |||
|
|||
<ltng:require |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security (Orgs): Vulnerable third-party dependency
Severity
Error
Finding
jQuery 1.5.1 is affected by a known vulnerability (XSS with location.hash). Please upgrade jQuery to version 1.6.3 or later.
Why is this a problem?
Using open source components with well-known vulnerabilities is now a part of the OWASP Top 10. Insecure libraries can pose a considerable risk for your application. While some known vulnerabilities lead to only minor impacts, some of the most significant breaches to date have relied on exploiting known vulnerabilities in components.
Help and documentation
|
||
// Build the query | ||
String selectQueryString = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
Contact currentContact = Database.query(selectQueryString); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes
.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
Help and documentation
|
||
// Build the query2 | ||
String selectQueryString2 = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
Contact currentContact2 = Database.query(selectQueryString2); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes
.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
Help and documentation
@@ -3,12 +3,21 @@ public with sharing class CandidateGradeController { | |||
} | |||
|
|||
@AuraEnabled | |||
public static CandidateGradeInfo getCandidateGrade(Id contactId) { | |||
Contact currentContact = [SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = :contactId]; | |||
public static CandidateGradeInfo getCandidateGrade(String contactId) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing Best Practice: Untested method
Severity
Warning
Finding
Method getCandidateGrade
is not tested. Please consider adding a test method to ensure it works as expected.
Why is this a problem?
Unit tests ensure that all code meets quality standards before it's deployed. Testing all your code is essential not only to meet Salesforce test coverage requirements but, more importantly, to make sure your logic keeps working as expected as your application evolves.
Help and documentation
This code review is obsolete
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code review not passed
This change adds 3 new problems. See the full report
@@ -4,6 +4,11 @@ | |||
<aura:attribute name="displayGrade" type="Boolean" default="false" /> | |||
<aura:handler name="init" value="{!this}" action="{!c.doInit}"/> | |||
|
|||
<ltng:require |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security (Orgs): Vulnerable third-party dependency
Severity
Error
Finding
jQuery 1.5.1 is affected by a known vulnerability (XSS with location.hash). Please upgrade jQuery to version 1.6.3 or later.
Why is this a problem?
Using open source components with well-known vulnerabilities is now a part of the OWASP Top 10. Insecure libraries can pose a considerable risk for your application. While some known vulnerabilities lead to only minor impacts, some of the most significant breaches to date have relied on exploiting known vulnerabilities in components.
Help and documentation
@@ -3,12 +3,21 @@ public with sharing class CandidateGradeController { | |||
} | |||
|
|||
@AuraEnabled | |||
public static CandidateGradeInfo getCandidateGrade(Id contactId) { | |||
Contact currentContact = [SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = :contactId]; | |||
public static CandidateGradeInfo getCandidateGrade(String contactId) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing Best Practice: Untested method
Severity
Warning
Finding
Method getCandidateGrade
is not tested. Please consider adding a test method to ensure it works as expected.
Why is this a problem?
Unit tests ensure that all code meets quality standards before it's deployed. Testing all your code is essential not only to meet Salesforce test coverage requirements but, more importantly, to make sure your logic keeps working as expected as your application evolves.
Help and documentation
|
||
// Build the query | ||
String selectQueryString = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
Contact currentContact = Database.query(selectQueryString); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes
.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
Help and documentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code review not passed
This change adds 3 new problems. See the full report
@@ -3,12 +3,21 @@ public with sharing class CandidateGradeController { | |||
} | |||
|
|||
@AuraEnabled | |||
public static CandidateGradeInfo getCandidateGrade(Id contactId) { | |||
Contact currentContact = [SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = :contactId]; | |||
public static CandidateGradeInfo getCandidateGrade(String contactId) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing Best Practice: Untested method
Severity
Warning
Finding
Method getCandidateGrade
is not tested. Please consider adding a test method to ensure it works as expected.
Why is this a problem?
Unit tests ensure that all code meets quality standards before it's deployed. Testing all your code is essential not only to meet Salesforce test coverage requirements but, more importantly, to make sure your logic keeps working as expected as your application evolves.
Help and documentation
|
||
// Build the query | ||
String selectQueryString = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
Contact currentContact = Database.query(selectQueryString); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes
.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
Help and documentation
@@ -4,6 +4,11 @@ | |||
<aura:attribute name="displayGrade" type="Boolean" default="false" /> | |||
<aura:handler name="init" value="{!this}" action="{!c.doInit}"/> | |||
|
|||
<ltng:require |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security (Orgs): Vulnerable third-party dependency
Severity
Error
Finding
jQuery 1.5.1 is affected by a known vulnerability (XSS with location.hash). Please upgrade jQuery to version 1.6.3 or later.
Why is this a problem?
Using open source components with well-known vulnerabilities is now a part of the OWASP Top 10. Insecure libraries can pose a considerable risk for your application. While some known vulnerabilities lead to only minor impacts, some of the most significant breaches to date have relied on exploiting known vulnerabilities in components.
Help and documentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code review not passed
This change adds 3 new problems. See the full report
@@ -3,12 +3,21 @@ public with sharing class CandidateGradeController { | |||
} | |||
|
|||
@AuraEnabled | |||
public static CandidateGradeInfo getCandidateGrade(Id contactId) { | |||
Contact currentContact = [SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = :contactId]; | |||
public static CandidateGradeInfo getCandidateGrade(String contactId) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Testing Best Practice: Untested method
Severity
Warning
Finding
Method getCandidateGrade
is not tested. Please consider adding a test method to ensure it works as expected.
Why is this a problem?
Unit tests ensure that all code meets quality standards before it's deployed. Testing all your code is essential not only to meet Salesforce test coverage requirements but, more importantly, to make sure your logic keeps working as expected as your application evolves.
Help and documentation
@@ -4,6 +4,11 @@ | |||
<aura:attribute name="displayGrade" type="Boolean" default="false" /> | |||
<aura:handler name="init" value="{!this}" action="{!c.doInit}"/> | |||
|
|||
<ltng:require |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security (Orgs): Vulnerable third-party dependency
Severity
Error
Finding
jQuery 1.5.1 is affected by a known vulnerability (XSS with location.hash). Please upgrade jQuery to version 1.6.3 or later.
Why is this a problem?
Using open source components with well-known vulnerabilities is now a part of the OWASP Top 10. Insecure libraries can pose a considerable risk for your application. While some known vulnerabilities lead to only minor impacts, some of the most significant breaches to date have relied on exploiting known vulnerabilities in components.
Help and documentation
|
||
// Build the query | ||
String selectQueryString = 'SELECT Name, Salary__c, NextAvailableDate__c FROM Contact where Id = \'' + contactId + '\''; | ||
Contact currentContact = Database.query(selectQueryString); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Security (Orgs): SOQL injection
Severity
Critical
Finding
This statement may be vulnerable to SOQL/SOSL injection. Please sanitize any unsafe expressions using String.escapeSingleQuotes
.
Why is this a problem?
SOQL/SOSL injection is a serious security vulnerability that results from the insecure construction of a database query, with user-supplied data. When queries are built unsafely from user input, instead of using type-safe bind parameters, malicious input may be used to change the structure of the query and bypass or change the application logic.
No description provided.