Affects PMD Version:
7.0.0-rc3
Rule:
ApexCRUDViolation - https://pmd.github.io/pmd/pmd_rules_apex_security.html#apexcrudviolation
Description:
PMD incorrectly clears the validate CRUD permissions error when WITH SECURITY_ENFORCED is added to the query by commented out.
Code Sample demonstrating the issue:
This query is not highlighted by PMD because the query includes WITH SECURITY_ENFORCED (correct):
public List<Account> myMethod()
{
List<Account> accounts = [
SELECT Id, Name
FROM Account
WITH SECURITY_ENFORCED
];
return accounts;
}
This query is not highlighted by PMD even though the WITH SECURITY_ENFORCED statement is commented out (incorrect):
public List<Account> myMethod2()
{
List<Account> accounts = [
SELECT Id, Name
FROM Account
// WITH SECURITY_ENFORCED
];
return accounts;
}
Expected outcome:
PMD should report a violation for the second example as the WITH SECURITY_ENFORCED statement is commented out. This is a false-negative.
Running PMD through: VSCode using https://marketplace.visualstudio.com/items?itemName=chuckjonas.apex-pmd (v0.6.2)
Affects PMD Version:
7.0.0-rc3
Rule:
ApexCRUDViolation - https://pmd.github.io/pmd/pmd_rules_apex_security.html#apexcrudviolation
Description:
PMD incorrectly clears the validate CRUD permissions error when
WITH SECURITY_ENFORCEDis added to the query by commented out.Code Sample demonstrating the issue:
This query is not highlighted by PMD because the query includes
WITH SECURITY_ENFORCED(correct):This query is not highlighted by PMD even though the
WITH SECURITY_ENFORCEDstatement is commented out (incorrect):Expected outcome:
PMD should report a violation for the second example as the
WITH SECURITY_ENFORCEDstatement is commented out. This is a false-negative.Running PMD through: VSCode using https://marketplace.visualstudio.com/items?itemName=chuckjonas.apex-pmd (v0.6.2)