FAQ-001586 - SQL Injection and Input Validation / Best Practices and Prevention Strategies

To prevent SOQL injection vulnerabilities in dynamic queries, follow these comprehensive best practices: 1. **Use Bind Variables**: Safely insert user-supplied input into queries to treat it as data, not executable code. This is the most secure approach. 2. **Sanitize Input**: Use methods like `String.escapeSingleQuotes()` to escape single quotes in user-supplied strings, preventing them from breaking out of their quoted context. 3. **Whitelist Validation**: Validate object or field names against a whitelist of acceptable values using `Schema.getGlobalDescribe()` to retrieve valid object and field names for comparison. 4. **Perform CRUD/FLS Checks**: Ensure users have the necessary permissions for the specified objects or fields by performing CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks. Consider using `WITH USER_MODE` for SOQL queries or `AccessLevel.USER_MODE` for Database methods to automatically enforce these permissions. 5. **Avoid User-Generated Queries**: Limit user-supplied portions of SOQL queries to object names, field names, and WHERE clause inputs. Don't execute user-generated queries in Apex system mode as they bypass user permissions. 6. **Use Secure APIs**: For complex client-side SOQL, use the REST or SOAP API for secure handling. 7. **Restrict Query Scope**: Limit queries to only the required objects and fields to reduce exposure to sensitive data. 8. **Avoid Dynamic Query Construction**: Refrain from constructing dynamic SOQL queries with user-supplied strings. Use `sObjectType` or `sObjectFields` for secure query building. 9. **Minimize System Mode Execution**: Avoid executing user-generated queries in Apex system mode to respect user permissions. These practices help mitigate SOQL injection risks and ensure secure query execution while maintaining flexibility in dynamic query scenarios.

The FAQ content is accurate and comprehensive. I made minimal refinements to improve clarity and modernize the security approach guidance: 1. **Minor wording improvements**: Changed "Do not execute" to "Don't execute" for a more conversational tone per the brand guidelines, and made similar small adjustments for readability. 2. **Security approach modernization**: Enhanced point #4 to mention modern security enforcement features (`WITH USER_MODE` and `AccessLevel.USER_MODE`) while preserving the existing manual CRUD/FLS check guidance. This follows the FAQ review guidelines to "prioritize modern features" while maintaining that "old approaches...remain valid and as secure as modern approaches." For the security rules selected: **ApexSOQLInjection**: This rule directly applies because the entire FAQ is about preventing SOQL injection vulnerabilities. The FAQ content covering bind variables, input sanitization, avoiding dynamic query construction with user-supplied strings, and whitelist validation all directly relate to what this rule detects and prevents. **ApexCRUDViolation**: This rule applies because the FAQ explicitly discusses "Perform CRUD/FLS Checks" in point #4, recommending that developers "ensure users have the necessary permissions for the specified objects or fields by performing CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks." The rule detects missing CRUD permission checks, which the FAQ is teaching developers to implement.