-
Notifications
You must be signed in to change notification settings - Fork 3.1k
/
ruleset.xml
73 lines (72 loc) · 2.27 KB
/
ruleset.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?xml version="1.0" encoding="UTF-8" ?>
<ruleset
name="Apex Security"
xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd"
>
<description>Security Rules for Apex</description>
<rule
ref="category/apex/security.xml/ApexSharingViolations"
message="Apex classes should declare a sharing model if DML or SOQL is used"
>
<priority>3</priority>
</rule>
<rule
ref="category/apex/security.xml/ApexInsecureEndpoint"
message="Apex callouts should use encrypted communication channels"
>
<priority>3</priority>
</rule>
<rule ref="category/apex/errorprone.xml/ApexCSRF">
<priority>3</priority>
</rule>
<rule
ref="category/apex/security.xml/ApexOpenRedirect"
message="Apex classes should safely redirect to a known location"
>
<priority>3</priority>
</rule>
<rule
ref="category/apex/security.xml/ApexSOQLInjection"
message="Apex classes should escape variables merged in DML query"
>
<priority>3</priority>
</rule>
<rule
ref="category/apex/security.xml/ApexXSSFromURLParam"
message="Apex classes should escape Strings obtained from URL parameters"
>
<priority>3</priority>
</rule>
<rule
ref="category/apex/security.xml/ApexXSSFromEscapeFalse"
message="Apex classes should escape addError strings"
>
<priority>3</priority>
</rule>
<rule
ref="category/apex/security.xml/ApexBadCrypto"
message="Apex Crypto should use random IV/key"
>
<priority>3</priority>
</rule>
<rule
ref="category/apex/security.xml/ApexCRUDViolation"
message="Validate CRUD permission before SOQL/DML operation"
>
<priority>3</priority>
</rule>
<rule
ref="category/apex/security.xml/ApexDangerousMethods"
message="Calling potentially dangerous method"
>
<priority>3</priority>
</rule>
<rule
ref="category/apex/security.xml/ApexSuggestUsingNamedCred"
message="Consider using named credentials for authenticated callouts"
>
<priority>3</priority>
</rule>
</ruleset>