Insecure Access Control
Why is this important?
Access Control is one of the most fundamental security requirements. Any problems with managing access control can allow attackers to bypass business logic and access data from other users.
Check out this video for a high-level explanation:
Fixing Insecure Access Control
Option A: Use ESAPI Access Control
In APEX it is important to check for permissions before any SOQL/SOSL/DML operation, which includes classes declared without explicit sharing mode if DML methods are used. Since Apex runs in system mode, not having proper permissions checks results in escalation of privilege and may produce runtime errors. It is considered a security best practice to always handle such scenarios.
Follow the steps below:
- Go through the issues that GuardRails identified in the PR.
- Identify patterns like below and ensure that the ACL is not NULL.
public class Foo {
public Contact foo(String status, String ID) {
Contact c = [SELECT Status__c FROM Contact WHERE Id=:ID];
// Make sure we can update the database before even trying
if (!Schema.sObjectType.Contact.fields.Name.isUpdateable()) {
return null;
}
c.Status__c = status;
update c;
return c;
}
}
or:
public without sharing class Foo {
// DML operation here
}
- Ensure that the
ESAPI.accessController()methods are added to ensure proper access control. - Test it
- Ship it 🚢 and relax 🌴