-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[apex] ApexSOQLInjection does not recognise SObjectType or SObjectField as safe variable types #4646
Comments
If this is a quick fix I'll have a go, though I've not tried locally building and running PMD. I'll clone the repository and have a look. |
@all-contributors please add @rcorfieldffdc for code I'm struggling to get the merge in a mergeable state. I think my local build environment is upset, as it's started failing on files I've not touched and can't (should not!!) depend on the one file I have touched. I have a branch in a local fork. It looks like I can create a work in progress pull request so it is attached. |
https://github.com/all-contributors please add @m0rjc for code,bug Looks like I can only have one command in a comment, sorry. |
@all-contributors please add @m0rjc for code |
I've put up a pull request to add @rcorfieldffdc! 🎉 I've put up a pull request to add @m0rjc! 🎉 |
Rule: ApexSOQLInjection
Could this also add SObjectType and SObjectField as safe types?
pmd/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexSOQLInjectionRule.java
Line 163 in 8681e8d
This contrived code example demonstrates the issue.
The text was updated successfully, but these errors were encountered: