FAQ-001011 - File Upload Security / Managed Package File Upload Security

To properly handle user-generated content and user-uploaded static resources in managed packages in Salesforce, follow these comprehensive guidelines: **User-Generated Content Handling:** 1. **Input Validation and Sanitization**: Validate and sanitize all user input to prevent vulnerabilities like SQL injection or Cross-Site Scripting (XSS). Ensure user input doesn't reach the DOM without sanitization. 2. **CRUD/FLS and Sharing Checks**: Implement these checks in Apex code to restrict data access based on user permissions. Use modern approaches like `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods when possible. 3. **Sensitive Data Storage**: Avoid storing sensitive data (e.g., authentication credentials) in custom objects or public custom settings. Use protected custom settings, protected custom metadata, or encrypted fields with securely stored encryption keys. 4. **Web Services and Callouts**: Protect authentication data in web service or callout code to prevent exposure. Use Named Credentials instead of hardcoded credentials. 5. **Dynamic SOQL Queries**: Avoid using dynamic SOQL queries with sensitive data to prevent information disclosure. 6. **Transient Keyword**: Use the `transient` keyword to prevent sensitive data from being stored in the viewstate when updating protected custom settings. 7. **Documentation**: Properly document and address any false positives during security reviews to comply with Salesforce's security guidelines. **User-Uploaded Static Resources:** 1. **Review for Vulnerabilities**: Ensure all static resources are reviewed for potential security issues. 2. **JavaScript Code**: If the resources include JavaScript, provide both unminified and minified versions. The unminified version should have the same name as the minified one, minus the ".min" suffix, to facilitate static analysis during security reviews. 3. **Compressed Archives**: Unzip and examine compressed archives containing JavaScript for vulnerabilities. 4. **Avoid Relying on File Extensions**: Don't depend solely on file extensions or declared MIME types, as these aren't enforced at runtime. These practices ensure secure handling of user-generated content and static resources in managed packages.

Made minor improvements for clarity and modern best practices without changing the content structure. Changed 'does not reach' to 'doesn't reach' for conversational tone, 'Do not depend' to 'Don't depend' for consistency, and 'are not enforced' to 'aren't enforced' to match the brand guide's preference for contractions. Added a mention of modern security approaches (WITH USER_MODE and AccessLevel.USER_MODE) per the security approaches guidelines while preserving the existing content about CRUD/FLS checks. Added a specific recommendation to use Named Credentials to align with security best practices. All rule associations are based on the technical security content the FAQ teaches: ApexCRUDViolation and ApexSharingViolations relate to the CRUD/FLS and sharing checks guidance; ApexSOQLInjection relates to the dynamic SOQL queries warning; ApexXSSFromEscapeFalse and ApexXSSFromURLParam relate to XSS prevention and input sanitization; AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, and AvoidHardcodedCredentialsInVarAssign relate to avoiding hardcoded credentials in web services; ProtectSensitiveData relates to the sensitive data storage guidance; ApexSuggestUsingNamedCred relates to the web services authentication protection guidance.