FAQ-001570 - SDK and Framework Security / SDK Security Rules and Example Code

Security rules for example code or code meant to be extended by developers in a developer SDK or framework are applied by: 1. **Access Control Logic**: Ensuring proper access control logic is implemented, especially for classes running "without sharing." Explicit access control checks are required to prevent unauthorized operations. 2. **Permission Validation**: Including mechanisms like custom permission checks or feature management checks to validate user permissions before performing sensitive operations. 3. **Documentation and Justification**: Any code bypassing sharing rules or CRUD/FLS checks must have justified use cases and thorough documentation to comply with security guidelines. Let me know if you need further clarification!

The existing FAQ content is accurate and well-structured, addressing the core security concerns for SDK and framework code. No significant changes are needed to the content itself. I selected ApexSharingViolations because the FAQ specifically discusses "classes running without sharing" and "code bypassing sharing rules," which directly relates to this rule that detects sharing violations in Apex code. I also selected ApexCRUDViolation because the FAQ mentions "CRUD/FLS checks" and permission validation, which directly corresponds to this rule that identifies CRUD (Create, Read, Update, Delete) violations in Apex code. Both rules are highly relevant to the security practices that SDK and framework developers need to implement in their example code.