Closed Rogeriohsjr closed 5 months ago
@Rogeriohsjr sorry about the delay in response This rule attempts to flag permissionset assignments that an administrator may not aware of; technically a new PermissionSetAssignment() is the first step for a follow up DML insert effectively assigning the permissionset to a user.
The permission set name or permission set Id or user Id should not be tainted input. I realize this is not necessarily a high confidence rule; this rule was built primarily for security reviewers to dig deep when the pattern is flagged to look for:
If you believe none of the conditions apply for your code, then feel free to mark this as a false +ve FYI - We have suppressed this rule in the new release so that we can turn this into a high confidence rule later
Thanks, I will update my sfdx scanner and see if that goes away or if I can suppress that.
Hi There,
I am getting a message saying: "Ensure that DML operations against PermissionSetAssignment use trusted input." https://github.com/forcedotcom/sfdx-scanner/blob/dev/pmd-appexchange/docs/LimitPermissionSetAssignment.md
What does the "use trusted input." means?
I am not sure what is the issue, and here is my code:
The line code that is complaining is:
Thank in advanced!