I have a query similar to this in one of our apps,
List<Account> accountList = Database.query('SELECT Id,Name FROM Account WHERE Id IN:accIds');
But Checkmarx always gives SOQL Injection Error in report even when we are using variable binding. I also tried eascaping every single element in accIds, but still checkmarx gives SOQL Injection error. Can someone help in resolving this issue?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
This sample code should not result in a SOQL injection finding as the scanner knows about bound variables — if it does, please forward your code to [email protected] and we will investigate the issue.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0