As such this is a Checkmarx false positive and must be addressed by explaining the scenario in your submission documentation. This answer covers how you can also best to comment the relevant code …

Feb 10, 2023 · I want to find the best way to address false positives in the Checkmarx report. One of the points I am investigating is how to make the Checkmarx report to display the false positive comment …

Apr 18, 2024 · Checkmarx is reporting "Client_DOM_XSS" attack for code "value=" {!v.currentAccount.FirstName}" which we do not understand how this is a "Client_DOM_XSS" attack …

Mar 16, 2021 · Checkmarx is correctly warning you that this is a dangerous operation since someone could craft the content of the SVG element to include some form of hack. What you need to do is …

Sep 11, 2024 · Force.com code scanner [checkMarx] is not recognize these checks as valid for the actual object type (QuoteLineItem), due to the dynamic nature of SObject. The tool relies on static …

May 28, 2015 · Can someone please advise how Checkmarx/ Force.com Security Source Scanner will be performing code review Is code review happening within Salesforce servers or code get ported to …

Nov 11, 2020 · I run the checkmarx scanner for app and received ~250 FLS issues, which is understood, because when the app developed it simply was not checked. However I have noticed …

Aug 13, 2020 · Checkmarx FLS Update validation checkmarx exception for dynamic DML, Ex: insert operation on input from method param Fix checkmarx report issue Client DOM XSRF Checkmarx …

Mar 4, 2022 · 0 After execution of checkmarx report we are facing injection issue for one of our aura lightning component Issue reported : The application's <aura:component …

Sep 12, 2024 · Q&A for Salesforce administrators, implementation experts, developers and anybody in-between