Apex PMD: Problem: Validate CRUD permission before SOQL/DML operation

Background

I am using the Apex PMD plugin for VS Code and it’s giving me this problem:

Validate CRUD permission before SOQL/DML operation

For this line of code:

insert contentVersion;

Which is part of this method:

private void attachReport(Id recordId) {

    ContentVersion contentVersion = new ContentVersion(
        versionData = Blob.valueOf(buffer.toStr()),
        title = 'Import Report',
        pathOnClient =  StringUtils.format('/Import-Report-{0}.txt', DateTime.now().getTime()),
        FirstPublishLocationId = recordId);

    insert contentVersion;
}

Questions

  1. Why am I getting the problem?
  2. What should I do to not get the problem?

Reference

  1. Github: VS Code Apex PMD
  2. PMD Project

Answer

PMD’s Apex ruleset is checking to see that you are enforcing/respecting security in your code.

ISV’s Managed packages released to the AppExchange must do this as mandatory criteria in the security review process. The spirit of the requirement is to honor the access control configuration choices that org admins make within ISV application offerings. If an admin explicitly restricts access control for sharing/CRUD/FLS then ISV offerings should respect that.

Theoretically, you should be able to remove this rule from the VS Code PMD ruleset (or build a custom ruleset xml which doesn’t include it), if you don’t want to be warned about a concern that may not apply to your application’s situation.

Looks like the VS Code PMD plugin allows for a custom ruleset. You could take this one here and customize it, removing the rules which are not important to you such as this one:

<rule ref="category/apex/security.xml/ApexCRUDViolation" 
    message="Validate CRUD permission before SOQL/DML operation">

Related:

Attribution
Source : Link , Question Author : Robs , Answer Author : Robs

Leave a Comment