Rules

Rules

ApexFlsViolationRule

ApexFlsViolationRule detects Create, Read, Update, and Delete (CRUD) and Field-Level Security (FLS) violations.

Definitions

Rule Component Definition
Source  
  @AuraEnabled-annotated methods
  @InvocableMethod-annotated methods
  @NamespaceAccessible-annotated methods
  @RemoteAction-annotated methods
  Any method returning a PageReference object
  public-scoped methods on Visualforce Controllers
  global-scoped methods on any class
  Messaging.InboundEmailResult handleInboundEmail() methods on implementations of Messaging.InboundEmailHandler
  Any method specifically targeted during invocation
Sink  
  All DML operations and their Database.method() counterparts:
  * delete
  * insert
  * merge
  * undelete
  * update
  * upsert
  SOQL queries and Database.query counterpart
Sanitizer  
  Access check performed using Schema.DescribeSObjectResult
  Acceptable only for operations that require CRUD-level checks such as DELETE, UNDELETE, and MERGE.
  Access check performed using Schema.DescribeFieldResult
  Acceptable for operations that require FLS-level checks. Includes READ, INSERT, UPDATE, UPSERT for Standard data objects and Custom Objects
  SOQL queries that use WITH SECURITY_ENFORCED
  Lists filtered by Security.stripInaccessible

Have a look at related FAQ to understand the results generated.

See Also

Roadmap

We’re working on adding more rules. In the meantime, give us your feedback.

Feedback or Bugs | Edit this Article