Package net.sourceforge.pmd.lang.apex.rule.security
See: Description
-
Class Summary Class Description ApexSOQLInjectionRule Detects if variables in Database.query(variable) or Database.countQuery is escaped with String. ApexSharingViolationsRule Finds Apex class that do not define sharing ApexInsecureEndpointRule Insecure HTTP endpoints passed to (req.setEndpoint) req. ApexCRUDViolationRule Finding missed CRUD checks for SOQL and DML operations. ApexSuggestUsingNamedCredRule Flags usage of http request.setHeader('Authorization',..) and suggests using named credentials which helps store credentials for the callout in a safe place. ApexOpenRedirectRule Looking for potential Open redirect via PageReference variable input ApexDangerousMethodsRule Flags dangerous method calls, e.g. ApexXSSFromURLParamRule Detects potential XSS when controller extracts a variable from URL query and uses it without escaping first ApexBadCryptoRule Finds encryption schemes using hardcoded IV, hardcoded key ApexXSSFromEscapeFalseRule Finds all .