How can I properly handle unused metadata that triggers 'Insecure Storage of Sensitive Data' violations?
Answer
To handle unused metadata that triggers "Insecure Storage of Sensitive Data" violations:
1. Remove all references to the unused metadata in your codebase.
2. If the metadata is no longer required, delete it completely from the package.
3. If the metadata contains sensitive information, ensure it is encrypted or securely stored in protected custom settings or protected custom metadata before removal.
4. Document these changes and, if needed, provide a false positive report during the security review process.
How can I properly handle unused metadata that triggers 'Insecure Storage of Sensitive Data' violations?
Recommended Answer Update
To handle unused metadata that triggers "Insecure Storage of Sensitive Data" violations:
1. Remove all references to the unused metadata in your codebase.
2. If the metadata is no longer required, delete it completely from the package.
3. If the metadata contains sensitive information, ensure it's encrypted or securely stored in protected custom settings or protected custom metadata before removal.
4. Document these changes and, if needed, provide a false positive report during the security review process.
Reasoning
The FAQ is well-structured and provides accurate guidance for handling unused metadata that triggers security violations. The content aligns with security best practices and doesn't contain outdated information. The answer effectively addresses the core issue of managing sensitive data in metadata.
Related security rules:
- ProtectSensitiveData: This rule directly relates to the FAQ's focus on handling sensitive data stored in metadata. The FAQ's guidance on encrypting or securely storing sensitive information before removal aligns with this rule's purpose of protecting sensitive data from exposure.
- AvoidHardcodedCredentialsInFieldDecls: This rule relates to the FAQ's mention of metadata containing sensitive information, as unused metadata fields could contain hardcoded credentials that need to be properly handled.
- AvoidHardcodedCredentialsInVarDecls: Similar to field declarations, unused metadata might include variable declarations with hardcoded credentials that trigger security violations.
- AvoidHardcodedCredentialsInVarAssign: This rule applies when unused metadata contains variable assignments with sensitive information that could trigger the 'Insecure Storage of Sensitive Data' violations mentioned in the FAQ.
The FAQ's step-by-step approach (remove references, delete if unused, secure sensitive data, document changes) provides a comprehensive solution that addresses the various ways sensitive data can be improperly stored in metadata.