FAQ-001590 - SQL Injection and Input Validation / Dynamic SOQL Query Construction

To build secure dynamic SOQL queries in Salesforce, follow these recommendations: 1. **Use Bind Variables**: Safely include user-supplied input in the query using bind variables to prevent it from breaking out of its quoted context and ensure inputs are treated as parameters, not executable code. 2. **Sanitize Input**: If bind variables aren't an option, use `String.escapeSingleQuotes()` to sanitize input. This is suitable for simple string comparisons but should be combined with other methods for comprehensive protection. 3. **Validate Permissions**: Perform CRUD (Create, Read, Update, Delete) and FLS (Field-Level Security) checks to ensure users have the necessary permissions for the objects and fields being queried. Use `WITH USER_MODE` for SOQL queries to automatically enforce these permissions. 4. **Whitelist Object and Field Names**: Validate object and field names against a whitelist of acceptable values, such as those retrieved through `Schema.getGlobalDescribe()`. 5. **Restrict Query Components**: Limit user-supplied input to object names, field names, and WHERE clause inputs. Avoid allowing users to supply other parts of the query. 6. **Avoid User-Generated Queries in Apex**: Don't execute user-generated queries directly in Apex, as they run in system mode. For complex queries, consider using the REST or SOAP API for safer execution. 7. **Use `sObjectType` and `sObjectFields`**: Leverage these directly instead of constructing queries with strings to prevent SOQL injection and enable permission checks. 8. **Sanitize Parameters in Public Methods**: Ensure all public methods with database operations sanitize their parameters. These practices will help you construct secure dynamic SOQL queries while mitigating risks.

The main improvement needed was modernizing the security guidance to prioritize `WITH USER_MODE` as the preferred approach for enforcing permissions. I updated point 3 to mention this modern feature while preserving the existing recommendation about CRUD and FLS checks. I also made minor wording improvements: changed 'are not an option' to 'aren't an option' for conversational tone, and changed 'Do not execute' to 'Don't execute' to maintain consistency with the conversational style guidelines. For security rules selected: ApexSOQLInjection directly relates to the core topic of preventing SOQL injection through bind variables (points 1, 2), input sanitization (point 8), and avoiding user-generated queries (point 6). ApexCRUDViolation relates to point 3's emphasis on performing CRUD checks and the mention of WITH USER_MODE for permission enforcement. ApexSharingViolations relates to point 3's discussion of validating permissions and the overall security context of ensuring proper access controls in dynamic queries.