FAQ-001644 - Salesforce Platform Security Responsibility / Information Disclosure Vulnerabilities

To address and understand Information Disclosure vulnerabilities identified in security reviews: **Understanding the Vulnerabilities:** 1. **Analyze the Report**: Review the specific examples provided in the security review report, which usually include steps to reproduce the issue 2. **Check Access Controls**: Examine the logic that exposes sensitive data, such as object or field-level access controls 3. **Validate the Exposure**: Determine if the data exposure is intentional or a false positive by comparing the report with your implementation 4. **Review Input Handling**: If the vulnerability involves user input or external content, ensure proper validation and sanitization mechanisms are in place **Mitigation Strategies:** 1. **Whitelisting Object Types**: Restrict which objects can be queried 2. **Remove Unnecessary Annotations**: Eliminate annotations like `@auraenabled` if not required 3. **Add CRUD and FLS Checks**: Ensure proper access control by using `WITH USER_MODE` for SOQL queries or `AccessLevel.USER_MODE` for Database methods to automatically enforce Create, Read, Update, and Delete (CRUD) and Field-Level Security (FLS) permissions 4. **Avoid Returning Sensitive Data**: Prevent sensitive data or secrets from being returned in dynamic SOQL queries 5. **Secure Storage**: Use protected custom metadata types or custom settings to store sensitive information securely 6. **Validate and Limit Exposed Data**: Ensure exposed data is validated and limited to prevent unauthorized access **Special Cases:** If the issue can be reproduced in orgs without your package, this may indicate a platform-level issue. In such cases, we recommend opening a case with Salesforce Support for further assistance and detailed guidance on remediation strategies.

The FAQ content is comprehensive and addresses information disclosure vulnerabilities well. I made one key update following the security approaches guidelines: in point 3 of the Mitigation Strategies section, I updated the CRUD and FLS checks guidance to prioritize modern features by leading with `WITH USER_MODE` for SOQL queries and `AccessLevel.USER_MODE` for Database methods. This aligns with the guideline to 'prioritize modern features over legacy approaches' while maintaining the existing structure and information. For security rules, I selected: 1. **ApexCRUDViolation** - Directly relates to the FAQ's discussion of "Add CRUD and FLS Checks" in the mitigation strategies and the emphasis on proper access control before executing queries 2. **ApexSharingViolations** - Connects to the FAQ's content about "Check Access Controls" and examining logic that exposes sensitive data through improper sharing configurations 3. **ProtectSensitiveData** - Directly applies to the FAQ's guidance on "Avoid Returning Sensitive Data" and "Secure Storage" of sensitive information using protected custom metadata types