| ApexBadCryptoRule |
Finds encryption schemes using hardcoded IV, hardcoded key
|
| ApexCRUDViolationRule |
Finding missed CRUD checks for SOQL and DML operations.
|
| ApexCSRFRule |
Constructor and init method might contain DML, which constitutes a CSRF
vulnerability
|
| ApexDangerousMethodsRule |
Flags dangerous method calls, e.g.
|
| ApexInsecureEndpointRule |
Insecure HTTP endpoints passed to (req.setEndpoint)
req.setHeader('Authorization') should use named credentials
|
| ApexOpenRedirectRule |
Looking for potential Open redirect via PageReference variable input
|
| ApexSharingViolationsRule |
Finds Apex class that do not define sharing
|
| ApexSOQLInjectionRule |
Detects if variables in Database.query(variable) is escaped with
String.escapeSingleQuotes
|
| ApexSuggestUsingNamedCredRule |
Flags usage of http request.setHeader('Authorization',..) and suggests using
named credentials which helps store credentials for the callout in a safe
place.
|
| ApexXSSFromEscapeFalseRule |
Finds all .addError method calls that are not HTML escaped on purpose
|
| ApexXSSFromURLParamRule |
Detects potential XSS when controller extracts a variable from URL query and
uses it without escaping first
|
| Helper |
Helper methods
|