├── .forceignore ├── .gitignore ├── .prettierignore ├── .prettierrc ├── .vscode ├── extensions.json └── launch.json ├── CODEOWNERS ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── SECURITY.md ├── UPGRADING.md ├── config └── project-scratch-def.json ├── doc ├── ESAPI.html ├── SFDCAccessControlException.ExceptionReason.html ├── SFDCAccessControlException.ExceptionType.html ├── SFDCAccessControlException.html ├── SFDCAccessControlResults.DeleteResults.html ├── SFDCAccessControlResults.InsertResults.html ├── SFDCAccessControlResults.UpdateResults.html ├── SFDCAccessControlResults.html ├── SFDCAccessController.AccessControlDmlException.html ├── SFDCAccessController.OperationMode.html ├── SFDCAccessController.SharingMode.html ├── SFDCAccessController.html ├── SFDCEncoder.html ├── SFDCPatterns.html ├── SFDCPlugins.SFDCIDescribeInfoCache.html ├── SFDCPlugins.html ├── SFDCValidator.html ├── allclasses-frame.html ├── allclasses-noframe.html ├── constant-values.html ├── index.html ├── resources │ └── inherit.gif └── stylesheet.css ├── force-app └── main │ └── default │ ├── classes │ ├── ESAPI.cls │ ├── ESAPI.cls-meta.xml │ ├── SFDCAccessControlException.cls │ ├── SFDCAccessControlException.cls-meta.xml │ ├── SFDCAccessControlResults.cls │ ├── SFDCAccessControlResults.cls-meta.xml │ ├── SFDCAccessController.cls │ ├── SFDCAccessController.cls-meta.xml │ ├── SFDCBaseValidationRule.cls │ ├── SFDCBaseValidationRule.cls-meta.xml │ ├── SFDCCharacter.cls │ ├── SFDCCharacter.cls-meta.xml │ ├── SFDCCreditCardValidationRule.cls │ ├── SFDCCreditCardValidationRule.cls-meta.xml │ ├── SFDCEncoder.cls │ ├── SFDCEncoder.cls-meta.xml │ ├── SFDCEncoderConstants.cls │ ├── SFDCEncoderConstants.cls-meta.xml │ ├── SFDCIntegerValidationRule.cls │ ├── SFDCIntegerValidationRule.cls-meta.xml │ ├── SFDCNumberValidationRule.cls │ ├── SFDCNumberValidationRule.cls-meta.xml │ ├── SFDCPatterns.cls │ ├── SFDCPatterns.cls-meta.xml │ ├── SFDCPlugins.cls │ ├── SFDCPlugins.cls-meta.xml │ ├── SFDCStringUtils.cls │ ├── SFDCStringUtils.cls-meta.xml │ ├── SFDCStringValidationRule.cls │ ├── SFDCStringValidationRule.cls-meta.xml │ ├── SFDCValidator.cls │ ├── SFDCValidator.cls-meta.xml │ ├── testAccessController.cls │ ├── testAccessController.cls-meta.xml │ ├── testCharacter.cls │ ├── testCharacter.cls-meta.xml │ ├── testEncoder.cls │ ├── testEncoder.cls-meta.xml │ ├── testStringUtils.cls │ ├── testStringUtils.cls-meta.xml │ ├── testStringValidationRule.cls │ ├── testStringValidationRule.cls-meta.xml │ ├── testValidator.cls │ └── testValidator.cls-meta.xml │ └── staticresources │ ├── New_BSD_License.resource │ └── New_BSD_License.resource-meta.xml └── sfdx-project.json /.forceignore: -------------------------------------------------------------------------------- 1 | # List files or directories below to ignore them when running force:source:push, force:source:pull, and force:source:status 2 | # More information: https://developer.salesforce.com/docs/atlas.en-us.sfdx_dev.meta/sfdx_dev/sfdx_dev_exclude_source.htm 3 | # 4 | 5 | package.xml 6 | 7 | # LWC configuration files 8 | **/jsconfig.json 9 | **/.eslintrc.json 10 | 11 | # LWC Jest 12 | **/__tests__/** -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # This file is used for Git repositories to specify intentionally untracked files that Git should ignore. 2 | # If you are not using git, you can delete this file. For more information see: https://git-scm.com/docs/gitignore 3 | # For useful gitignore templates see: https://github.com/github/gitignore 4 | 5 | # Salesforce cache 6 | .sfdx/ 7 | .vscode/settings.json 8 | 9 | # Logs 10 | logs 11 | *.log 12 | npm-debug.log* 13 | yarn-debug.log* 14 | yarn-error.log* 15 | 16 | # Dependency directories 17 | node_modules/ 18 | 19 | # Eslint cache 20 | .eslintcache 21 | 22 | # MacOS system files 23 | .DS_Store 24 | 25 | # Windows system files 26 | Thumbs.db 27 | ehthumbs.db 28 | [Dd]esktop.ini 29 | $RECYCLE.BIN/ -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | # List files or directories below to ignore them when running prettier 2 | # More information: https://prettier.io/docs/en/ignore.html 3 | # 4 | 5 | .sfdx -------------------------------------------------------------------------------- /.prettierrc: -------------------------------------------------------------------------------- 1 | { 2 | "trailingComma": "none", 3 | "overrides": [ 4 | { 5 | "files": "**/lwc/**/*.html", 6 | "options": { "parser": "lwc" } 7 | }, 8 | { 9 | "files": "*.{cmp,page,component}", 10 | "options": { "parser": "html" } 11 | } 12 | ] 13 | } 14 | -------------------------------------------------------------------------------- /.vscode/extensions.json: -------------------------------------------------------------------------------- 1 | { 2 | "recommendations": [ 3 | "salesforce.salesforcedx-vscode", 4 | "redhat.vscode-xml", 5 | "dbaeumer.vscode-eslint", 6 | "esbenp.prettier-vscode" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /.vscode/launch.json: -------------------------------------------------------------------------------- 1 | { 2 | // Use IntelliSense to learn about possible attributes. 3 | // Hover to view descriptions of existing attributes. 4 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387 5 | "version": "0.2.0", 6 | "configurations": [ 7 | { 8 | "name": "Launch Apex Replay Debugger", 9 | "type": "apex-replay", 10 | "request": "launch", 11 | "logFile": "${command:AskForLogFileName}", 12 | "stopOnEntry": true, 13 | "trace": true 14 | } 15 | ] 16 | } 17 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Comment line immediately above ownership line is reserved for related gus information. Please be careful while editing. 2 | #ECCN:Open Source 3 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Salesforce Open Source Community Code of Conduct 2 | 3 | ## About the Code of Conduct 4 | 5 | Equality is a core value at Salesforce. We believe a diverse and inclusive 6 | community fosters innovation and creativity, and are committed to building a 7 | culture where everyone feels included. 8 | 9 | Salesforce open-source projects are committed to providing a friendly, safe, and 10 | welcoming environment for all, regardless of gender identity and expression, 11 | sexual orientation, disability, physical appearance, body size, ethnicity, nationality, 12 | race, age, religion, level of experience, education, socioeconomic status, or 13 | other similar personal characteristics. 14 | 15 | The goal of this code of conduct is to specify a baseline standard of behavior so 16 | that people with different social values and communication styles can work 17 | together effectively, productively, and respectfully in our open source community. 18 | It also establishes a mechanism for reporting issues and resolving conflicts. 19 | 20 | All questions and reports of abusive, harassing, or otherwise unacceptable behavior 21 | in a Salesforce open-source project may be reported by contacting the Salesforce 22 | Open Source Conduct Committee at ossconduct@salesforce.com. 23 | 24 | ## Our Pledge 25 | 26 | In the interest of fostering an open and welcoming environment, we as 27 | contributors and maintainers pledge to making participation in our project and 28 | our community a harassment-free experience for everyone, regardless of gender 29 | identity and expression, sexual orientation, disability, physical appearance, 30 | body size, ethnicity, nationality, race, age, religion, level of experience, education, 31 | socioeconomic status, or other similar personal characteristics. 32 | 33 | ## Our Standards 34 | 35 | Examples of behavior that contributes to creating a positive environment 36 | include: 37 | 38 | * Using welcoming and inclusive language 39 | * Being respectful of differing viewpoints and experiences 40 | * Gracefully accepting constructive criticism 41 | * Focusing on what is best for the community 42 | * Showing empathy toward other community members 43 | 44 | Examples of unacceptable behavior by participants include: 45 | 46 | * The use of sexualized language or imagery and unwelcome sexual attention or 47 | advances 48 | * Personal attacks, insulting/derogatory comments, or trolling 49 | * Public or private harassment 50 | * Publishing, or threatening to publish, others' private information—such as 51 | a physical or electronic address—without explicit permission 52 | * Other conduct which could reasonably be considered inappropriate in a 53 | professional setting 54 | * Advocating for or encouraging any of the above behaviors 55 | 56 | ## Our Responsibilities 57 | 58 | Project maintainers are responsible for clarifying the standards of acceptable 59 | behavior and are expected to take appropriate and fair corrective action in 60 | response to any instances of unacceptable behavior. 61 | 62 | Project maintainers have the right and responsibility to remove, edit, or 63 | reject comments, commits, code, wiki edits, issues, and other contributions 64 | that are not aligned with this Code of Conduct, or to ban temporarily or 65 | permanently any contributor for other behaviors that they deem inappropriate, 66 | threatening, offensive, or harmful. 67 | 68 | ## Scope 69 | 70 | This Code of Conduct applies both within project spaces and in public spaces 71 | when an individual is representing the project or its community. Examples of 72 | representing a project or community include using an official project email 73 | address, posting via an official social media account, or acting as an appointed 74 | representative at an online or offline event. Representation of a project may be 75 | further defined and clarified by project maintainers. 76 | 77 | ## Enforcement 78 | 79 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 80 | reported by contacting the Salesforce Open Source Conduct Committee 81 | at ossconduct@salesforce.com. All complaints will be reviewed and investigated 82 | and will result in a response that is deemed necessary and appropriate to the 83 | circumstances. The committee is obligated to maintain confidentiality with 84 | regard to the reporter of an incident. Further details of specific enforcement 85 | policies may be posted separately. 86 | 87 | Project maintainers who do not follow or enforce the Code of Conduct in good 88 | faith may face temporary or permanent repercussions as determined by other 89 | members of the project's leadership and the Salesforce Open Source Conduct 90 | Committee. 91 | 92 | ## Attribution 93 | 94 | This Code of Conduct is adapted from the [Contributor Covenant][contributor-covenant-home], 95 | version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html. 96 | It includes adaptions and additions from [Go Community Code of Conduct][golang-coc], 97 | [CNCF Code of Conduct][cncf-coc], and [Microsoft Open Source Code of Conduct][microsoft-coc]. 98 | 99 | This Code of Conduct is licensed under the [Creative Commons Attribution 3.0 License][cc-by-3-us]. 100 | 101 | [contributor-covenant-home]: https://www.contributor-covenant.org (https://www.contributor-covenant.org/) 102 | [golang-coc]: https://golang.org/conduct 103 | [cncf-coc]: https://github.com/cncf/foundation/blob/master/code-of-conduct.md 104 | [microsoft-coc]: https://opensource.microsoft.com/codeofconduct/ 105 | [cc-by-3-us]: https://creativecommons.org/licenses/by/3.0/us/ -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2018, Salesforce.com, inc. 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | * Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | * Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | * Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Getting started with Force.com ESAPI 2 | 3 | ## Overview 4 | This page is intended to give a basic understanding of how to use the Force.com ESAPI library. 5 | This library is published by Salesforce.com under the New BSD license. 6 | You should read and accept the license before you use, modify, and/or redistribute this software. 7 | 8 | Follow the steps below to get started. For more detailed documentation on this library, please refer to the doc folder. 9 | 10 | ## Getting started 11 | 12 | __We reccomend using a release tag instead of the master branch unless you intend to contribute to ESAPI or need unreleased features.__ 13 | 14 | 1. Download the latest release from the download page. 15 | 2. Make any modifications in the code if you need additional functionality not covered by the library. 16 | 3. Upload the classes to your Force.com Org. 17 | 4. Start using it in your other classes. 18 | 19 | OR 20 | 21 | One-click deployment of the latest stable release ("stable" tag): 22 | 23 | Deploy to Salesforce 25 | 26 | 27 | ## Package Installation 28 | 29 | - Go to the [releases](https://github.com/forcedotcom/force-dot-com-esapi/releases) section to get the installation link for both managed and un-managed versions of the ESAPI package. 30 | 31 | ## Example Code 32 | 33 | ### Input Validation: 34 | 35 | The Validator module defines a set of methods for validating untrusted input. This allows server side validation in apex. 36 | 37 | Example using exceptions (the get... function will throw an exception if fail, and return the input if no error has occurred): 38 | 39 | ```Java 40 | String creditCard = ApexPages.currentPage().getParameters().get('creditcard'); 41 | try { 42 | creditCard = ESAPI.validator().getValidCreditCard(creditCard, false); 43 | } catch (Exception e) { 44 | /* 45 | report error here using e.getMessage(). Make sure you escape the string before 46 | displaying it back on page, and also be careful not to expose any internal information. 47 | */ 48 | } 49 | ``` 50 | Example using return value (the is... function will never throw exceptions, instead it will return false in case of error): 51 | 52 | ```Java 53 | String creditCard = ApexPages.currentPage().getParameters().get('creditcard'); 54 | if (ESAPI.validator().isValidCreditCard(creditCard, false) == false) 55 | // do something here 56 | ``` 57 | 58 | ### Output Encoding 59 | 60 | The Encoder module contains a number of methods for encoding output so that it will be safe for display in visual force pages. 61 | These functions are equivalent to the visual force JSENCODE, HTMLENCODE, JSINHTMLENCODE and URLENCODE functions. 62 | 63 | ```Java 64 | String usertext = ApexPages.currentPage().getParameters().get('usertext'); 65 | // the next line encodes the usertext similar to the VisualForce HTMLENCODE function but within an Apex class. 66 | usertext = ESAPI.encoder().SFDC_HTMLENCODE(usertext); 67 | ``` 68 | 69 | ### Access Control 70 | The access control module provides functionality to enforce the Force.com built in access control mechanisms: CRUD, FLS, and Sharing. As described in the apex documentation, apex classes execute in system context and not in the current user context. This is why the platform can't enforce any of the security models. For more details please see Enforcing CRUD and FLS. 71 | This ESAPI module allows apex classes execute statements such as insert object; as if operating in user context. 72 | 73 | For example, if we want to update an object in user context, enforcing sharing rules as well as CRUD and FLS we will use the module in this way: 74 | 75 | ```Java 76 | // s is a modified SObject 77 | 78 | try { 79 | ESAPI.accessController().setSharingMode(SFDCAccessController.SharingMode.WITH); 80 | ESAPI.accessController().updateAsUser(s, new List{'data'}); 81 | } catch (SFDCAccessControlException e) { 82 | message = 'Access Control violation - Type: ' + e.getExceptionType() + ' Reason: ' 83 | + e.getExceptionReason() + ' Object: ' + e.getExceptionObject() + ' Field: ' 84 | + e.getExceptionField() + ' Text: ' + e.getText(); 85 | } 86 | ``` 87 | 88 | You can use Access Control also to check which objects fields the current user can read/update etc before presenting the page and not just on the insert/update/delete operation. 89 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | ## Security 2 | 3 | Please report any security issue to [security@salesforce.com](mailto:security@salesforce.com) 4 | as soon as it is discovered. This library limits its runtime dependencies in 5 | order to reduce the total cost of ownership as much as can be, but all consumers 6 | should remain vigilant and have their security stakeholders review all third-party 7 | products (3PP) like this one and their dependencies. 8 | -------------------------------------------------------------------------------- /UPGRADING.md: -------------------------------------------------------------------------------- 1 | == v1.7 === 2 | Notable API Changes: 3 | - The SFDCAccessController.fieldsToStringSetMaintainCase method has been changed from public to private to allow implementation changes as needed by the ESAPI library. 4 | - CRUD violations are bubbled up from Security.stripInaccessible as Apex system exception types, rather than the custom SFDCAccessControlException type. 5 | -------------------------------------------------------------------------------- /config/project-scratch-def.json: -------------------------------------------------------------------------------- 1 | { 2 | "orgName": "ESAPI Dev Org", 3 | "edition": "Developer", 4 | "features": [], 5 | "settings": { 6 | "lightningExperienceSettings": { 7 | "enableS1DesktopEnabled": true 8 | } 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /doc/ESAPI.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | ESAPI 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 66 | DETAIL: FIELD | CONSTR | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Class ESAPI

76 |
77 |
78 | 
public class ESAPI
79 | 80 | 81 |

82 | ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use.
83 | For example you can use the validator() function to access the validator methods. (i.e. ESAPI.validator().isValidCreditCard(creditcard, false)) 84 |

85 | 86 |

87 |

88 | 89 |

90 | 91 | 92 | 93 | 94 | 95 | 96 | 98 | 99 | 100 | 102 | 106 | 107 | 108 | 110 | 114 | 115 | 116 | 118 | 122 | 123 |
97 | Method Summary
101 | static SFDCAccessControlleraccessController() 103 | 104 |
105 |            
109 | static SFDCEncoderencoder() 111 | 112 |
113 |            
117 | static SFDCValidatorvalidator() 119 | 120 |
121 |            
124 |
125 |

126 | 127 | 128 | 129 | 130 | 131 | 132 | 134 | 135 |
133 | Method Detail
136 | 137 |

138 | validator

139 | 
140 | public static SFDCValidator validator()
141 |
142 |
143 | 144 |
Returns:
the current ESAPI SFDCValidator being used to validate data in this application.
145 |
146 |
147 |
148 | 149 |

150 | encoder

151 | 
152 | public static SFDCEncoder encoder()
153 |
154 |
155 | 156 |
Returns:
the current SFDCEncoder object. This gives the basic encoding functionality as those availabel in VisualForce (HTMLENCODE, JSENCODE, JSINHTMLENCODE and URLENCODE)
157 |
158 |
159 |
160 | 161 |

162 | accessController

163 | 
164 | public static SFDCAccessController accessController()
165 |
166 |
167 | 168 |
Returns:
the current ESAPI SFDCAccessController object being used to maintain the access control rules for this application.
169 |
170 |
171 | 172 |
173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 183 | 184 | 185 | 186 | 189 | 205 | 206 | 207 | 209 | 211 | 212 |
181 | 182 |
187 |  PREV CLASS  188 |  NEXT CLASS 190 | FRAMES   191 |  NO FRAMES   192 |   199 | 202 | 203 | 204 |
208 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 210 | DETAIL: FIELD | CONSTR | METHOD
213 | 214 | 215 | 216 |
217 | 218 | 219 | 220 | -------------------------------------------------------------------------------- /doc/SFDCAccessControlException.ExceptionReason.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCAccessControlException.ExceptionReason 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD 66 | DETAIL: ENUM CONSTANTS | FIELD | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Enum SFDCAccessControlException.ExceptionReason

76 |
77 |
Enclosing class:
SFDCAccessControlException
78 |
79 |
80 | 81 |

82 | ExceptionReason - this enum defines the different reasons for the exception type. 83 |

84 | 85 |

86 |

87 | 88 |

89 | 90 | 91 | 92 | 93 | 94 | 96 | 97 | 98 | 102 | 103 | 104 | 108 | 109 | 110 | 114 | 115 | 116 | 120 | 121 | 122 | 126 | 127 |
95 | Enum Constant Summary
GENERIC 99 | 100 |
101 |           This is a generic reason.
NO_CREATE 105 | 106 |
107 |           This error is due to the user not having the create permission on the specific object/field/record.
NO_DELETE 111 | 112 |
113 |           This error is due to the user not having the delete permission on the specific object/field/record.
NO_READ 117 | 118 |
119 |           This error is due to the user not having the read permission on the specific object/field/record.
NO_UPDATE 123 | 124 |
125 |           This error is due to the user not having the update permission on the specific object/field/record.
128 |   129 | 130 | 131 | 132 | 133 | 134 | 135 | 137 | 138 |
136 | Enum Constant Detail
139 | 140 |

141 | GENERIC

142 | 
143 | public static final SFDCAccessControlException.ExceptionReason GENERIC
144 |
145 |
This is a generic reason. 146 |

147 |

148 |
149 |
150 |
151 | 152 |

153 | NO_CREATE

154 | 
155 | public static final SFDCAccessControlException.ExceptionReason NO_CREATE
156 |
157 |
This error is due to the user not having the create permission on the specific object/field/record. 158 |

159 |

160 |
161 |
162 |
163 | 164 |

165 | NO_READ

166 | 
167 | public static final SFDCAccessControlException.ExceptionReason NO_READ
168 |
169 |
This error is due to the user not having the read permission on the specific object/field/record. 170 |

171 |

172 |
173 |
174 |
175 | 176 |

177 | NO_UPDATE

178 | 
179 | public static final SFDCAccessControlException.ExceptionReason NO_UPDATE
180 |
181 |
This error is due to the user not having the update permission on the specific object/field/record. 182 |

183 |

184 |
185 |
186 |
187 | 188 |

189 | NO_DELETE

190 | 
191 | public static final SFDCAccessControlException.ExceptionReason NO_DELETE
192 |
193 |
This error is due to the user not having the delete permission on the specific object/field/record. 194 |

195 |

196 |
197 |
198 | 199 | 200 |
201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 211 | 212 | 213 | 214 | 217 | 233 | 234 | 235 | 237 | 239 | 240 |
209 | 210 |
215 |  PREV CLASS  216 |  NEXT CLASS 218 | FRAMES   219 |  NO FRAMES   220 |   227 | 230 | 231 | 232 |
236 | SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD 238 | DETAIL: ENUM CONSTANTS | FIELD | METHOD
241 | 242 | 243 | 244 |
245 | 246 | 247 | 248 | 249 | -------------------------------------------------------------------------------- /doc/SFDCAccessControlException.ExceptionType.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCAccessControlException.ExceptionType 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD 66 | DETAIL: ENUM CONSTANTS | FIELD | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Enum SFDCAccessControlException.ExceptionType

76 |
77 |
Enclosing class:
SFDCAccessControlException
78 |
79 | 80 |
81 | 82 |

83 | ExceptionType - this enum defines the different types of access control exceptions. 84 |

85 | 86 |

87 |

88 | 89 |

90 | 91 | 92 | 93 | 94 | 95 | 97 | 98 | 99 | 103 | 104 | 105 | 109 | 110 | 111 | 115 | 116 | 117 | 121 | 122 | 123 | 127 | 128 | 129 | 133 | 134 |
96 | Enum Constant Summary
FIELD_ACCESS_VIOLATION 100 | 101 |
102 |           This error type is a field level access violation.
GENERIC 106 | 107 |
108 |           This error is a generic error type.
NO_RECORD_FOUND 112 | 113 |
114 |           This error type is a generic record not found error.
FIELD_NOT_FOUND 118 | 119 |
120 |           This error type is a generic field not found error.
OBJECT_ACCESS_VIOLATION 124 | 125 |
126 |           This error type is an object level access violation.
SHARING_ACCESS_VIOLATION 130 | 131 |
132 |           This error type is a sharing access violation.
135 |   136 | 137 | 138 | 139 | 140 | 141 | 143 | 144 |
142 | Enum Constant Detail
145 | 146 |

147 | GENERIC

148 | 
149 | public static final SFDCAccessControlException.ExceptionType GENERIC
150 |
151 |
This error is a generic error type. 152 |

153 |

154 |
155 |
156 |
157 | 158 |

159 | OBJECT_ACCESS_VIOLATION

160 | 
161 | public static final SFDCAccessControlException.ExceptionType OBJECT_ACCESS_VIOLATION
162 |
163 |
This error type is an object level access violation. 164 |

165 |

166 |
167 |
168 |
169 | 170 |

171 | FIELD_ACCESS_VIOLATION

172 | 
173 | public static final SFDCAccessControlException.ExceptionType FIELD_ACCESS_VIOLATION
174 |
175 |
This error type is a field level access violation. 176 |

177 |

178 |
179 |
180 |
181 | 182 |

183 | SHARING_ACCESS_VIOLATION

184 | 
185 | public static final SFDCAccessControlException.ExceptionType SHARING_ACCESS_VIOLATION
186 |
187 |
This error type is a sharing access violation. 188 |

189 |

190 |
191 |
192 |
193 | 194 |

195 | NO_RECORD_FOUND

196 | 
197 | public static final SFDCAccessControlException.ExceptionType NO_RECORD_FOUND
198 |
199 |
This error type is a generic record not found error. This can be due to record does not exist, sharing violation, or other errors. 200 |

201 |

202 |
203 |
204 |
205 | 206 |

207 | FIELD_NOT_FOUND

208 | 
209 | public static final SFDCAccessControlException.ExceptionType FIELD_NOT_FOUND
210 |
211 |
This error type is a generic field not found error. 212 |

213 |

214 |
215 |
216 | 217 | 218 |
219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 229 | 230 | 231 | 232 | 235 | 251 | 252 | 253 | 255 | 257 | 258 |
227 | 228 |
233 |  PREV CLASS  234 |  NEXT CLASS 236 | FRAMES   237 |  NO FRAMES   238 |   245 | 248 | 249 | 250 |
254 | SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD 256 | DETAIL: ENUM CONSTANTS | FIELD | METHOD
259 | 260 | 261 | 262 |
263 | 264 | 265 | 266 | -------------------------------------------------------------------------------- /doc/SFDCAccessControlResults.DeleteResults.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCAccessControlResults.DeleteResults 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 66 | DETAIL: FIELD | CONSTR | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Class SFDCAccessControlResults.DeleteResults

76 | 
 77 | SFDCAccessControlResults
 78 |    extended by SFDCAccessControlResults.DeleteResults
 79 |
80 |
81 |
Enclosing class:
SFDCAccessControlResults
82 |
83 |
84 |
85 | 
public class SFDCAccessControlResults.DeleteResults
extends SFDCAccessControlResults
86 | 87 | 88 |

89 | This class provides results info and functionality for delete operations. 90 |

91 | 92 |

93 |

94 | 95 |

96 | 97 | 98 | 99 | 100 | 101 | 103 | 104 | 105 | 109 | 110 |
102 | Constructor Summary
SFDCAccessControlResults.DeleteResults(Database.DeleteResult[] results) 106 | 107 |
108 |           This constructor sets the results from the delete operation.
111 |   112 | 113 | 114 | 115 | 116 | 117 | 119 | 120 | 121 | 123 | 127 | 128 | 129 | 131 | 135 | 136 |
118 | Method Summary
122 |  Database.DeleteResult[]getResults() 124 | 125 |
126 |           Get the Database.DeleteResult [] returned by the delete operation.
130 |  BooleanwasSuccessful() 132 | 133 |
134 |           Did the delete operation succeed for all objects in the array?
137 |   138 |

139 | 140 | 141 | 142 | 143 | 144 | 145 | 147 | 148 |
146 | Constructor Detail
149 | 150 |

151 | SFDCAccessControlResults.DeleteResults

152 | 
153 | public SFDCAccessControlResults.DeleteResults(Database.DeleteResult[] results)
154 |
155 |
This constructor sets the results from the delete operation. 156 |

157 |

158 | 159 | 160 | 161 | 162 | 163 | 164 | 166 | 167 |
165 | Method Detail
168 | 169 |

170 | getResults

171 | 
172 | public Database.DeleteResult[] getResults()
173 |
174 |
Get the Database.DeleteResult [] returned by the delete operation. 175 |

176 |

177 |
178 |
179 |
180 |
181 | 182 |

183 | wasSuccessful

184 | 
185 | public Boolean wasSuccessful()
186 |
187 |
Did the delete operation succeed for all objects in the array?
188 | Note that if array operation mode was set to BEST_EFFORT, we will not get an exception even if some
189 | of the objects fail to delete. 190 |

191 |

192 |
193 |
194 |
195 | 196 |
197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 207 | 208 | 209 | 210 | 213 | 229 | 230 | 231 | 233 | 235 | 236 |
205 | 206 |
211 |  PREV CLASS  212 |  NEXT CLASS 214 | FRAMES   215 |  NO FRAMES   216 |   223 | 226 | 227 | 228 |
232 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 234 | DETAIL: FIELD | CONSTR | METHOD
237 | 238 | 239 | 240 |
241 | 242 | 243 | 244 | -------------------------------------------------------------------------------- /doc/SFDCAccessControlResults.InsertResults.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCAccessControlResults.InsertResults 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 66 | DETAIL: FIELD | CONSTR | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Class SFDCAccessControlResults.InsertResults

76 | 
 77 | SFDCAccessControlResults
 78 |    extended by SFDCAccessControlResults.InsertResults
 79 |
80 |
81 |
Enclosing class:
SFDCAccessControlResults
82 |
83 |
84 |
85 | 
public class SFDCAccessControlResults.InsertResults
extends SFDCAccessControlResults
86 | 87 | 88 |

89 | This class provides results info and functionality for insert operations. 90 |

91 | 92 |

93 |

94 | 95 |

96 | 97 | 98 | 99 | 100 | 101 | 103 | 104 | 105 | 110 | 111 |
102 | Constructor Summary
SFDCAccessControlResults.InsertResults(SObject[] objects, 106 | Database.SaveResult[] results) 107 | 108 |
109 |           This constructor sets the objects that were actually inserted into the db, and also sets the results from that insert operation.
112 |   113 | 114 | 115 | 116 | 117 | 118 | 120 | 121 | 122 | 124 | 128 | 129 | 130 | 132 | 136 | 137 | 138 | 140 | 144 | 145 |
119 | Method Summary
123 |  SObject[]getInsertedObjects() 125 | 126 |
127 |           Get the objects that were actually inserted into the db.
131 |  Database.SaveResult[]getResults() 133 | 134 |
135 |           Get the Database.SaveResult [] returned by the insert operation.
139 |  BooleanwasSuccessful() 141 | 142 |
143 |           Did the insert operation succeed for all objects in the array?
146 |   147 |

148 | 149 | 150 | 151 | 152 | 153 | 154 | 156 | 157 |
155 | Constructor Detail
158 | 159 |

160 | SFDCAccessControlResults.InsertResults

161 | 
162 | public SFDCAccessControlResults.InsertResults(SObject[] objects,
163 |                                               Database.SaveResult[] results)
164 |
165 |
This constructor sets the objects that were actually inserted into the db, and also sets the results from that insert operation. 166 |

167 |

168 | 169 | 170 | 171 | 172 | 173 | 174 | 176 | 177 |
175 | Method Detail
178 | 179 |

180 | getResults

181 | 
182 | public Database.SaveResult[] getResults()
183 |
184 |
Get the Database.SaveResult [] returned by the insert operation. 185 |

186 |

187 |
188 |
189 |
190 |
191 | 192 |

193 | getInsertedObjects

194 | 
195 | public SObject[] getInsertedObjects()
196 |
197 |
Get the objects that were actually inserted into the db.
198 | Note that these objects might not be the same as the objects you provided to the insertAsUser function.
199 | Depending on the current user permissions, the operation mode, and the fields you requested to set, this might
200 | not be all the fields you have in your original objects. 201 |

202 |

203 |
204 |
205 |
206 |
207 | 208 |

209 | wasSuccessful

210 | 
211 | public Boolean wasSuccessful()
212 |
213 |
Did the insert operation succeed for all objects in the array?
214 | Note that if array operation mode was set to BEST_EFFORT, we will not get an exception even if some
215 | of the objects fail to insert. 216 |

217 |

218 |
219 |
220 |
221 | 222 |
223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 233 | 234 | 235 | 236 | 239 | 255 | 256 | 257 | 259 | 261 | 262 |
231 | 232 |
237 |  PREV CLASS  238 |  NEXT CLASS 240 | FRAMES   241 |  NO FRAMES   242 |   249 | 252 | 253 | 254 |
258 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 260 | DETAIL: FIELD | CONSTR | METHOD
263 | 264 | 265 | 266 |
267 | 268 | 269 | 270 | -------------------------------------------------------------------------------- /doc/SFDCAccessControlResults.UpdateResults.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCAccessControlResults.UpdateResults 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 66 | DETAIL: FIELD | CONSTR | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Class SFDCAccessControlResults.UpdateResults

76 | 
 77 | SFDCAccessControlResults
 78 |    extended by SFDCAccessControlResults.UpdateResults
 79 |
80 |
81 |
Enclosing class:
SFDCAccessControlResults
82 |
83 |
84 |
85 | 
public class SFDCAccessControlResults.UpdateResults
extends SFDCAccessControlResults
86 | 87 | 88 |

89 | This class provides results info and functionality for update operations. 90 |

91 | 92 |

93 |

94 | 95 |

96 | 97 | 98 | 99 | 100 | 101 | 103 | 104 | 105 | 110 | 111 |
102 | Constructor Summary
SFDCAccessControlResults.UpdateResults(SObject[] objects, 106 | Database.SaveResult[] results) 107 | 108 |
109 |           This constructor sets the objects that were actually used to update the db, and also sets the results from that update operation.
112 |   113 | 114 | 115 | 116 | 117 | 118 | 120 | 121 | 122 | 124 | 128 | 129 | 130 | 132 | 136 | 137 | 138 | 140 | 144 | 145 |
119 | Method Summary
123 |  Database.SaveResult[]getResults() 125 | 126 |
127 |           Get the Database.SaveResult [] returned by the update operation.
131 |  SObject[]getUpdatedObjects() 133 | 134 |
135 |           Get the objects that were actually updated into the db.
139 |  BooleanwasSuccessful() 141 | 142 |
143 |           Did the update operation succeed for all objects in the array?
146 |   147 |

148 | 149 | 150 | 151 | 152 | 153 | 154 | 156 | 157 |
155 | Constructor Detail
158 | 159 |

160 | SFDCAccessControlResults.UpdateResults

161 | 
162 | public SFDCAccessControlResults.UpdateResults(SObject[] objects,
163 |                                               Database.SaveResult[] results)
164 |
165 |
This constructor sets the objects that were actually used to update the db, and also sets the results from that update operation. 166 |

167 |

168 | 169 | 170 | 171 | 172 | 173 | 174 | 176 | 177 |
175 | Method Detail
178 | 179 |

180 | getResults

181 | 
182 | public Database.SaveResult[] getResults()
183 |
184 |
Get the Database.SaveResult [] returned by the update operation. 185 |

186 |

187 |
188 |
189 |
190 |
191 | 192 |

193 | getUpdatedObjects

194 | 
195 | public SObject[] getUpdatedObjects()
196 |
197 |
Get the objects that were actually updated into the db.
198 | Note that these objects might not be the same as the objects you provided to the updateAsUser function.
199 | Depending on the current user permissions, the operation mode, and the fields you requested to set, this might
200 | not be all the fields you have in your original objects. 201 |

202 |

203 |
204 |
205 |
206 |
207 | 208 |

209 | wasSuccessful

210 | 
211 | public Boolean wasSuccessful()
212 |
213 |
Did the update operation succeed for all objects in the array?
214 | Note that if array operation mode was set to BEST_EFFORT, we will not get an exception even if some
215 | of the objects fail to update. 216 |

217 |

218 |
219 |
220 |
221 | 222 |
223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 233 | 234 | 235 | 236 | 239 | 255 | 256 | 257 | 259 | 261 | 262 |
231 | 232 |
237 |  PREV CLASS  238 |  NEXT CLASS 240 | FRAMES   241 |  NO FRAMES   242 |   249 | 252 | 253 | 254 |
258 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 260 | DETAIL: FIELD | CONSTR | METHOD
263 | 264 | 265 | 266 |
267 | 268 | 269 | 270 | -------------------------------------------------------------------------------- /doc/SFDCAccessControlResults.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCAccessControlResults 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 66 | DETAIL: FIELD | CONSTR | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Class SFDCAccessControlResults

76 |
77 |
78 | 
public class SFDCAccessControlResults
79 | 80 | 81 |

82 | This class provides access control results functionality. 83 | This will help to encapsulate and provide more functionality in processing 84 | results from access control function calls such as insertAsUser and updateAsUser. 85 |

86 | 87 |

88 |

89 | 90 |

91 | 92 | 93 | 94 | 95 | 96 | 98 | 99 | 100 | 102 | 106 | 107 | 108 | 110 | 114 | 115 | 116 | 118 | 122 | 123 |
97 | Nested Class Summary
101 |  classSFDCAccessControlResults.DeleteResults 103 | 104 |
105 |           This class provides results info and functionality for delete operations.
109 |  classSFDCAccessControlResults.InsertResults 111 | 112 |
113 |           This class provides results info and functionality for insert operations.
117 |  classSFDCAccessControlResults.UpdateResults 119 | 120 |
121 |           This class provides results info and functionality for update operations.
124 |   125 |

126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 136 | 137 | 138 | 139 | 142 | 158 | 159 | 160 | 162 | 164 | 165 |
134 | 135 |
140 |  PREV CLASS  141 |  NEXT CLASS 143 | FRAMES   144 |  NO FRAMES   145 |   152 | 155 | 156 | 157 |
161 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 163 | DETAIL: FIELD | CONSTR | METHOD
166 | 167 | 168 | 169 |
170 | 171 | 172 | 173 | -------------------------------------------------------------------------------- /doc/SFDCAccessController.AccessControlDmlException.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCAccessController.AccessControlDmlException 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 66 | DETAIL: FIELD | CONSTR | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Class SFDCAccessController.AccessControlDmlException

76 | 
 77 | Exception
 78 |     extended by SFDCAccessController.AccessControlDmlException
 79 |
80 |
81 |
Enclosing class:
SFDCAccessController
82 |
83 |
84 |
85 | 
public class SFDCAccessController.AccessControlDmlException
86 | 87 | 88 |

89 |

90 | 91 |

92 | 93 | 94 | 95 | 96 | 97 | 98 | 100 | 101 | 102 | 106 | 107 |
99 | Constructor Summary
SFDCAccessController.AccessControlDmlException() 103 | 104 |
105 |            
108 |   109 | 110 | 111 | 112 | 113 | 114 | 116 | 117 |
115 | Method Summary
118 |   119 |

120 | 121 | 122 | 123 | 124 | 125 | 126 | 128 | 129 |
127 | Constructor Detail
130 | 131 |

132 | SFDCAccessController.AccessControlDmlException

133 | 
134 | public SFDCAccessController.AccessControlDmlException()
135 |
136 |
137 | 138 |
139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 149 | 150 | 151 | 152 | 155 | 171 | 172 | 173 | 175 | 177 | 178 |
147 | 148 |
153 |  PREV CLASS  154 |  NEXT CLASS 156 | FRAMES   157 |  NO FRAMES   158 |   165 | 168 | 169 | 170 |
174 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 176 | DETAIL: FIELD | CONSTR | METHOD
179 | 180 | 181 | 182 |
183 | 184 | 185 | 186 | -------------------------------------------------------------------------------- /doc/SFDCAccessController.OperationMode.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCAccessController.OperationMode 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD 66 | DETAIL: ENUM CONSTANTS | FIELD | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Enum SFDCAccessController.OperationMode

76 |
77 |
Enclosing class:
SFDCAccessController
78 |
79 |
80 |
81 | 
public static enum SFDCAccessController.OperationMode
82 | 83 | 84 |

85 | OperationMode - this enum defines the DB operations mode to be used. 86 |
87 | You can set the operation mode in the constructor or later using the setOperatoinMode() method. 88 | If you use the default constructor, we will set it to ALL_OR_NONE. 89 |

90 | 91 |

92 |

93 | 94 |

95 | 96 | 97 | 98 | 99 | 100 | 102 | 103 | 104 | 108 | 109 | 110 | 114 | 115 |
101 | Enum Constant Summary
ALL_OR_NONE 105 | 106 |
107 |           Will make sure all required fields have the proper permissions before any operation takes place.
BEST_EFFORT 111 | 112 |
113 |           Will only set fields that are allowed.
116 |   117 |

118 | 119 | 120 | 121 | 122 | 123 | 124 | 126 | 127 |
125 | Enum Constant Detail
128 | 129 |

130 | ALL_OR_NONE

131 | 
132 | public static final SFDCAccessController.OperationMode ALL_OR_NONE
133 |
134 |
Will make sure all required fields have the proper permissions before any operation takes place. 135 |

136 |

137 |
138 |
139 |
140 | 141 |

142 | BEST_EFFORT

143 | 
144 | public static final SFDCAccessController.OperationMode BEST_EFFORT
145 |
146 |
Will only set fields that are allowed. Other fields will be omitted from operation, but operation will continue. 147 |

148 |

149 |
150 |
151 | 152 | 153 |
154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 164 | 165 | 166 | 167 | 170 | 186 | 187 | 188 | 190 | 192 | 193 |
162 | 163 |
168 |  PREV CLASS  169 |  NEXT CLASS 171 | FRAMES   172 |  NO FRAMES   173 |   180 | 183 | 184 | 185 |
189 | SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD 191 | DETAIL: ENUM CONSTANTS | FIELD | METHOD
194 | 195 | 196 | 197 |
198 | 199 | 200 | 201 | -------------------------------------------------------------------------------- /doc/SFDCAccessController.SharingMode.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCAccessController.SharingMode 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD 66 | DETAIL: ENUM CONSTANTS | FIELD | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Enum SFDCAccessController.SharingMode

76 |
77 |
Enclosing class:
SFDCAccessController
78 |
79 |
80 |
81 | 
public static enum SFDCAccessController.SharingMode
82 | 83 | 84 |

85 | SharingMode - this enum defines the sharing mode to be used. 86 |
87 | You can set the sharing mode in the constructor or later using the setSharingMode() method. 88 | If you use the default constructor, we will set it to WITH. 89 |

90 | 91 |

92 |

93 | 94 |

95 | 96 | 97 | 98 | 99 | 100 | 102 | 103 | 104 | 108 | 109 | 110 | 114 | 115 | 116 | 120 | 121 |
101 | Enum Constant Summary
INHERIT 105 | 106 |
107 |           Will use the class instance that just inherits from the class that calls this class.
WITH 111 | 112 |
113 |           Will use the class instance that enforces "with sharing".
WITHOUT 117 | 118 |
119 |           Will use the class instance that enforces "without sharing".
122 |   123 | 124 | 125 | 126 | 127 | 128 | 130 | 131 |
129 | Enum Constant Detail
132 | 133 |

134 | WITH

135 | 
136 | public static final SFDCAccessController.SharingMode WITH
137 |
138 |
Will use the class instance that enforces "with sharing". 139 |

140 |

141 |
142 |
143 |
144 | 145 |

146 | WITHOUT

147 | 
148 | public static final SFDCAccessController.SharingMode WITHOUT
149 |
150 |
Will use the class instance that enforces "without sharing". 151 |

152 |

153 |
154 |
155 |
156 | 157 |

158 | INHERIT

159 | 
160 | public static final SFDCAccessController.SharingMode INHERIT
161 |
162 |
Will use the class instance that just inherits from the class that calls this class. 163 |

164 |

165 |
166 |
167 | 168 | 169 |
170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 180 | 181 | 182 | 183 | 186 | 202 | 203 | 204 | 206 | 208 | 209 |
178 | 179 |
184 |  PREV CLASS  185 |  NEXT CLASS 187 | FRAMES   188 |  NO FRAMES   189 |   196 | 199 | 200 | 201 |
205 | SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD 207 | DETAIL: ENUM CONSTANTS | FIELD | METHOD
210 | 211 | 212 | 213 |
214 | 215 | 216 | 217 | -------------------------------------------------------------------------------- /doc/SFDCEncoder.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCEncoder 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 66 | DETAIL: FIELD | CONSTR | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Class SFDCEncoder

76 |
77 |
78 | 
public class SFDCEncoder
79 | 80 | 81 |

82 | This class is a basic encoder/escaper to help prevent some XSS attacks etc. 83 |

84 | 85 |

86 |

87 | 88 |

89 | 90 | 91 | 92 | 93 | 94 | 95 | 97 | 98 | 99 | 103 | 104 |
96 | Constructor Summary
SFDCEncoder() 100 | 101 |
102 |            
105 |   106 | 107 | 108 | 109 | 110 | 111 | 113 | 114 | 115 | 117 | 121 | 122 | 123 | 125 | 129 | 130 | 131 | 133 | 137 | 138 | 139 | 141 | 145 | 146 | 147 | 149 | 155 | 156 |
112 | Method Summary
116 |  StringSFDC_HTMLENCODE(String input) 118 | 119 |
120 |           Similar to the VisualForce HTMLENCODE function.
124 |  StringSFDC_JSENCODE(String input) 126 | 127 |
128 |           Similar to the VisualForce JSENCODE function.
132 |  StringSFDC_JSINHTMLENCODE(String input) 134 | 135 |
136 |           Similar to the VisualForce JSINHTMLENCODE function.
140 |  StringSFDC_URLENCODE(String input) 142 | 143 |
144 |           Similar to the VisualForce URLENCODE function.
148 |  StringSFDC_URLENCODE(String input, 150 | String encoding) 151 | 152 |
153 |           Similar to SFDC_URLENCODE(String input) but 154 | allows to set specific encoding type.
157 |   158 |

159 | 160 | 161 | 162 | 163 | 164 | 165 | 167 | 168 |
166 | Constructor Detail
169 | 170 |

171 | SFDCEncoder

172 | 
173 | public SFDCEncoder()
174 |
175 |
176 | 177 | 178 | 179 | 180 | 181 | 182 | 184 | 185 |
183 | Method Detail
186 | 187 |

188 | SFDC_HTMLENCODE

189 | 
190 | public String SFDC_HTMLENCODE(String input)
191 |
192 |
Similar to the VisualForce HTMLENCODE function.

193 | 194 | Example:
195 | 
196 |  //htmlstr is going to be sent to visualforce as html code
197 |  htmlstr = '<div>' + ESAPI.encoder().SFDC_HTMLENCODE(unsafe_text) + '</div>';
198 |
199 |

200 |

201 |
202 |
203 |
204 |
205 | 206 |

207 | SFDC_JSENCODE

208 | 
209 | public String SFDC_JSENCODE(String input)
210 |
211 |
Similar to the VisualForce JSENCODE function.

212 | 213 | Example:
214 | 
215 |  //htmlstr is going to be sent to visualforce as html code
216 |  htmlstr = '<script> var str = "' + ESAPI.encoder().SFDC_JSENCODE(unsafe_text) + '";</script>';
217 |
218 |

219 |

220 |
221 |
222 |
223 |
224 | 225 |

226 | SFDC_JSINHTMLENCODE

227 | 
228 | public String SFDC_JSINHTMLENCODE(String input)
229 |
230 |
Similar to the VisualForce JSINHTMLENCODE function.

231 | 232 | Example:
233 | 
234 |  //htmlstr is going to be sent to visualforce as html code
235 |  htmlstr = '<div onclick=\'alert("' + ESAPI.encoder().SFDC_JSINHTMLENCODE(unsafe_text) + '");\'>some text</div>';
236 |
237 |

238 |

239 |
240 |
241 |
242 |
243 | 244 |

245 | SFDC_URLENCODE

246 | 
247 | public String SFDC_URLENCODE(String input)
248 |
249 |
Similar to the VisualForce URLENCODE function.

250 | 251 | Note : This function always encodes into UTF-8 URL encoding 252 | - if you need another encoding type, 253 | use the second function which allows to set the encoding.

254 | 255 | Note : Even when using this function you should still not trust the input as a full 256 | URL because it may have JS or load data from other domains. this function just makes 257 | sure the input is encoded as proper URL.

258 | 259 | Example:
260 | 
261 |  //htmlstr is going to be sent to visualforce as html code
262 |  htmlstr = '<img src=\'http://domain/' + ESAPI.encoder().SFDC_URLENCODE(unsafe_text) + '\' />';
263 |
264 |

265 |

266 |
267 |
268 |
269 |
270 | 271 |

272 | SFDC_URLENCODE

273 | 
274 | public String SFDC_URLENCODE(String input,
275 |                                        String encoding)
276 |
277 |
Similar to SFDC_URLENCODE(String input) but 278 | allows to set specific encoding type.

279 | 280 | Example:
281 | 
282 |  //htmlstr is going to be sent to visualforce as html code
283 |  htmlstr = '<img src=\'http://domain/' + ESAPI.encoder().SFDC_URLENCODE(unsafe_text, 'ISO-8859-1') + '\' />';
284 |
285 |

286 |

287 |
288 |
289 |
290 | 291 |
292 | 293 | 294 | 295 | 296 | 297 | 298 | 299 | 302 | 303 | 304 | 305 | 308 | 324 | 325 | 326 | 328 | 330 | 331 |
300 | 301 |
306 |  PREV CLASS  307 |  NEXT CLASS 309 | FRAMES   310 |  NO FRAMES   311 |   318 | 321 | 322 | 323 |
327 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 329 | DETAIL: FIELD | CONSTR | METHOD
332 | 333 | 334 | 335 |
336 | 337 | 338 | 339 | -------------------------------------------------------------------------------- /doc/SFDCPlugins.SFDCIDescribeInfoCache.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCPlugins.SFDCIDescribeInfoCache 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 66 | DETAIL: FIELD | CONSTR | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Interface SFDCPlugins.SFDCIDescribeInfoCache

76 |
77 |
Enclosing class:
SFDCPlugins
78 |
79 |
80 |
81 | 
public interface SFDCPlugins.SFDCIDescribeInfoCache
82 | 83 | 84 |

85 | This interface defines the methods for a describe info cache implementation. 86 |

87 | 88 |

89 |

90 | 91 |

92 | 93 | 94 | 95 | 96 | 97 | 98 | 100 | 101 | 102 | 104 | 108 | 109 |
99 | Method Summary
103 |  Map<String,Schema.SObjectType>fieldMapFor(Schema.SObjectType objectType) 105 | 106 |
107 |           Returns a field map for a given sobject type.
110 |   111 |

112 | 113 | 114 | 115 | 116 | 117 | 118 | 120 | 121 |
119 | Method Detail
122 | 123 |

124 | fieldMapFor

125 | 
126 | Map<String,Schema.SObjectType> fieldMapFor(Schema.SObjectType objectType)
127 |
128 |
Returns a field map for a given sobject type. 129 |

130 |

131 |
Parameters:
objectType - sobject type for ex. Contact.getSObjectType()
132 |
133 |
134 | 135 |
136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 146 | 147 | 148 | 149 | 152 | 168 | 169 | 170 | 172 | 174 | 175 |
144 | 145 |
150 |  PREV CLASS  151 |  NEXT CLASS 153 | FRAMES   154 |  NO FRAMES   155 |   162 | 165 | 166 | 167 |
171 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 173 | DETAIL: FIELD | CONSTR | METHOD
176 | 177 | 178 | 179 |
180 | 181 | 182 | 183 | -------------------------------------------------------------------------------- /doc/SFDCPlugins.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | SFDCPlugins 8 | 9 | 10 | 11 | 12 | 13 | 14 | 22 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 39 | 40 | 41 | 42 | 45 | 61 | 62 | 63 | 65 | 67 | 68 |
37 | 38 |
43 |  PREV CLASS  44 |  NEXT CLASS 46 | FRAMES   47 |  NO FRAMES   48 |   55 | 58 | 59 | 60 |
64 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 66 | DETAIL: FIELD | CONSTR | METHOD
69 | 70 | 71 | 72 |
73 | 74 |

75 | Class SFDCPlugins

76 |
77 |
78 | 
public class SFDCPlugins
79 | 80 | 81 |

82 | This class contains plugins for use in the ESAPI. 83 | The DescribeInfoCache plugin provides caching functionality for describe info. 84 |

85 | 86 |

87 |

88 | 89 |

90 | 91 | 92 | 93 | 94 | 95 | 97 | 98 | 99 | 101 | 105 | 106 |
96 | Nested Class Summary
100 | public interfaceSFDCPlugins.SFDCIDescribeInfoCache 102 | 103 |
104 |           This interface defines the methods for a describe info cache implementation.
107 |   108 | 109 | 110 | 111 | 112 | 113 | 115 | 116 | 117 | 121 | 122 |
114 | Constructor Summary
SFDCPlugins() 118 | 119 |
120 |            
123 |   124 | 125 | 126 | 127 | 128 | 129 | 131 | 132 | 133 | 135 | 139 | 140 |
130 | Method Summary
134 | static voidregisterDescribeInfoCache(SFDCPlugins.SFDCIDescribeInfoCache impl) 136 | 137 |
138 |           Register your own function to handle the describe cache.
141 |   142 |

143 | 144 | 145 | 146 | 147 | 148 | 149 | 151 | 152 |
150 | Constructor Detail
153 | 154 |

155 | SFDCPlugins

156 | 
157 | public SFDCPlugins()
158 |
159 |
160 | 161 | 162 | 163 | 164 | 165 | 166 | 168 | 169 |
167 | Method Detail
170 | 171 |

172 | registerDescribeInfoCache

173 | 
174 | public static void registerDescribeInfoCache(SFDCPlugins.SFDCIDescribeInfoCache impl)
175 |
176 |
Register your own function to handle the describe cache. 177 |

178 |

179 |
Parameters:
impl - an object of your SFDCIDescribeInfoCache implementation
180 |
181 |
182 | 183 |
184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 194 | 195 | 196 | 197 | 200 | 216 | 217 | 218 | 220 | 222 | 223 |
192 | 193 |
198 |  PREV CLASS  199 |  NEXT CLASS 201 | FRAMES   202 |  NO FRAMES   203 |   210 | 213 | 214 | 215 |
219 | SUMMARY: NESTED | FIELD | CONSTR | METHOD 221 | DETAIL: FIELD | CONSTR | METHOD
224 | 225 | 226 | 227 |
228 | 229 | 230 | 231 | -------------------------------------------------------------------------------- /doc/allclasses-frame.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | All Classes 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | All Classes 20 |
21 | 22 | 23 | 24 | 57 | 58 |
ESAPI 25 |
26 | SFDCAccessControlException 27 |
28 | SFDCAccessControlException.ExceptionReason 29 |
30 | SFDCAccessControlException.ExceptionType 31 |
32 | SFDCAccessController 33 |
34 | SFDCAccessController.OperationMode 35 |
36 | SFDCAccessController.SharingMode 37 |
38 | SFDCAccessControlResults 39 |
40 | SFDCAccessControlResults.DeleteResults 41 |
42 | SFDCAccessControlResults.InsertResults 43 |
44 | SFDCAccessControlResults.UpdateResults 45 |
46 | SFDCEncoder 47 |
48 | SFDCPatterns 49 |
50 | SFDCPlugins 51 |
52 | SFDCPlugins.SFDCIDescribeInfoCache 53 |
54 | SFDCValidator 55 |
56 |
59 | 60 | 61 | 62 | -------------------------------------------------------------------------------- /doc/allclasses-noframe.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | All Classes 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | All Classes 20 |
21 | 22 | 23 | 24 | 57 | 58 |
ESAPI 25 |
26 | SFDCAccessControlException 27 |
28 | SFDCAccessControlException.ExceptionReason 29 |
30 | SFDCAccessControlException.ExceptionType 31 |
32 | SFDCAccessController 33 |
34 | SFDCAccessController.OperationMode 35 |
36 | SFDCAccessController.SharingMode 37 |
38 | SFDCAccessControlResults 39 |
40 | SFDCAccessControlResults.DeleteResults 41 |
42 | SFDCAccessControlResults.InsertResults 43 |
44 | SFDCAccessControlResults.UpdateResults 45 |
46 | SFDCEncoder 47 |
48 | SFDCPatterns 49 |
50 | SFDCPlugins 51 |
52 | SFDCPlugins.SFDCIDescribeInfoCache 53 |
54 | SFDCValidator 55 |
56 |
59 | 60 | 61 | 62 | -------------------------------------------------------------------------------- /doc/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | Generated Documentation (Untitled) 9 | 10 | 21 | 23 | 24 | 25 | 26 | 27 | 28 | <H2> 29 | Frame Alert</H2> 30 | 31 | <P> 32 | This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client. 33 | <BR> 34 | Link to<A HREF="ESAPI.html">Non-frame version.</A> 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /doc/resources/inherit.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/forcedotcom/force-dot-com-esapi/471d4d9dc06c1505ecaf52766d0a8ad2d46d598a/doc/resources/inherit.gif -------------------------------------------------------------------------------- /doc/stylesheet.css: -------------------------------------------------------------------------------- 1 | /* Javadoc style sheet */ 2 | 3 | /* Define colors, fonts and other style attributes here to override the defaults */ 4 | 5 | /* Page background color */ 6 | body { background-color: #FFFFFF; color:#000000 } 7 | 8 | /* Headings */ 9 | h1 { font-size: 145% } 10 | 11 | /* Table colors */ 12 | .TableHeadingColor { background: #CCCCFF; color:#000000 } /* Dark mauve */ 13 | .TableSubHeadingColor { background: #EEEEFF; color:#000000 } /* Light mauve */ 14 | .TableRowColor { background: #FFFFFF; color:#000000 } /* White */ 15 | 16 | /* Font used in left-hand frame lists */ 17 | .FrameTitleFont { font-size: 100%; font-family: Helvetica, Arial, sans-serif; color:#000000 } 18 | .FrameHeadingFont { font-size: 90%; font-family: Helvetica, Arial, sans-serif; color:#000000 } 19 | .FrameItemFont { font-size: 90%; font-family: Helvetica, Arial, sans-serif; color:#000000 } 20 | 21 | /* Navigation bar fonts and colors */ 22 | .NavBarCell1 { background-color:#EEEEFF; color:#000000} /* Light mauve */ 23 | .NavBarCell1Rev { background-color:#00008B; color:#FFFFFF} /* Dark Blue */ 24 | .NavBarFont1 { font-family: Arial, Helvetica, sans-serif; color:#000000;color:#000000;} 25 | .NavBarFont1Rev { font-family: Arial, Helvetica, sans-serif; color:#FFFFFF;color:#FFFFFF;} 26 | 27 | .NavBarCell2 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF; color:#000000} 28 | .NavBarCell3 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF; color:#000000} 29 | 30 | -------------------------------------------------------------------------------- /force-app/main/default/classes/ESAPI.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * ESAPI locator class is provided to make it easy to gain access to the current ESAPI classes in use.
19 | * For example you can use the validator() function to access the validator methods. (i.e. ESAPI.validator().isValidCreditCard(creditcard, false)) 20 | */ 21 | global with sharing class ESAPI { 22 | 23 | private static SFDCValidator SFDC_validator = null; 24 | private static SFDCEncoder SFDC_encoder = null; 25 | private static SFDCAccessController SFDC_accessController = null; 26 | 27 | /** 28 | * prevent instantiation of this class 29 | */ 30 | private ESAPI() { 31 | } 32 | 33 | /** 34 | * @return the current ESAPI SFDCValidator being used to validate data in this application. 35 | */ 36 | global static SFDCValidator validator() { 37 | if (SFDC_validator == null) { 38 | SFDC_validator = new SFDCValidator(); 39 | } 40 | return SFDC_validator; 41 | } 42 | 43 | /** 44 | * @return the current SFDCEncoder object. This gives the basic encoding functionality as those availabel in VisualForce (HTMLENCODE, JSENCODE, JSINHTMLENCODE and URLENCODE) 45 | */ 46 | global static SFDCEncoder encoder() { 47 | if (SFDC_encoder == null) { 48 | SFDC_encoder = new SFDCEncoder(); 49 | } 50 | return SFDC_encoder; 51 | } 52 | 53 | /** 54 | * @return the current ESAPI SFDCAccessController object being used to maintain the access control rules for this application. 55 | */ 56 | global static SFDCAccessController accessController() { 57 | if (SFDC_accessController == null) { 58 | SFDC_accessController = new SFDCAccessController(); 59 | } 60 | return SFDC_accessController; 61 | } 62 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/ESAPI.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCAccessControlException.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * This class provides access control exception functionality. You might not want to expose the details of the exception to the users. 19 | * Note : to avoid XSS, make sure to escape text before presenting it to the user. 20 | */ 21 | global with sharing class SFDCAccessControlException extends Exception { 22 | 23 | /** 24 | * ExceptionType - this enum defines the different types of access control exceptions. 25 | */ 26 | global enum ExceptionType { 27 | /** 28 | * This error is a generic error type. 29 | */ 30 | GENERIC, 31 | /** 32 | * This error type is an object level access violation. 33 | */ 34 | OBJECT_ACCESS_VIOLATION, 35 | /** 36 | * This error type is a field level access violation. 37 | */ 38 | FIELD_ACCESS_VIOLATION, 39 | /** 40 | * This error type is a sharing access violation. 41 | */ 42 | SHARING_ACCESS_VIOLATION, 43 | /** 44 | * This error type is a generic record not found error. This can be due to record does not exist, sharing violation, or other errors. 45 | */ 46 | NO_RECORD_FOUND, 47 | /** 48 | * This error type is a generic field not found error. 49 | */ 50 | FIELD_NOT_FOUND} 51 | 52 | /** 53 | * ExceptionReason - this enum defines the different reasons for the exception type. 54 | */ 55 | global enum ExceptionReason { 56 | /** 57 | * This is a generic reason. 58 | */ 59 | GENERIC, 60 | /** 61 | * This error is due to the user not having the create permission on the specific object/field/record. 62 | */ 63 | NO_CREATE, 64 | /** 65 | * This error is due to the user not having the read permission on the specific object/field/record. 66 | */ 67 | NO_READ, 68 | /** 69 | * This error is due to the user not having the update permission on the specific object/field/record. 70 | */ 71 | NO_UPDATE, 72 | /** 73 | * This error is due to the user not having the delete permission on the specific object/field/record. 74 | */ 75 | NO_DELETE} 76 | 77 | private ExceptionType eType; 78 | private ExceptionReason eReason; 79 | private String eObject; 80 | private String eField; 81 | private String eText; 82 | 83 | /** 84 | * Constructor for SFDCAccessControlException. 85 | * @param eText Error text 86 | * @param eType ExceptionType for this error 87 | * @param eReason ExceptionReason for this error 88 | * @param eObject The object name this error was triggered on 89 | * @param eField The field name this error was triggered on 90 | */ 91 | global SFDCAccessControlException(String eText, ExceptionType eType, ExceptionReason eReason, String eObject, String eField) { 92 | this.eText = eText; 93 | this.eType = eType; 94 | this.eReason = eReason; 95 | this.eObject = eObject; 96 | this.eField = eField; 97 | } 98 | 99 | /** 100 | * Get the exception type - Object Access Violation, Field Access Violation, etc. 101 | * You might not want to expose the details of the exception to the users. 102 | * Note : to avoid XSS, make sure to escape text before presenting it to the user. 103 | */ 104 | global ExceptionType getExceptionType() { 105 | return this.eType; 106 | } 107 | 108 | /** 109 | * Get the exception reason - no create, no update, etc. 110 | * You might not want to expose the details of the exception to the users. 111 | * Note : to avoid XSS, make sure to escape text before presenting it to the user. 112 | */ 113 | global ExceptionReason getExceptionReason() { 114 | return this.eReason; 115 | } 116 | 117 | /** 118 | * Get the object on which the exception occurred. 119 | * You might not want to expose the details of the exception to the users. 120 | * Note : to avoid XSS, make sure to escape text before presenting it to the user. 121 | */ 122 | global String getExceptionObject() { 123 | return this.eObject; 124 | } 125 | 126 | /** 127 | * Get the field on which the exception occurred. 128 | * You might not want to expose the details of the exception to the users. 129 | * Note : to avoid XSS, make sure to escape text before presenting it to the user. 130 | */ 131 | global String getExceptionField() { 132 | return this.eField; 133 | } 134 | 135 | /** 136 | * Get the error text. 137 | * You might not want to expose the details of the exception to the users. 138 | * Note : to avoid XSS, make sure to escape text before presenting it to the user. 139 | */ 140 | global String getText() { 141 | return this.eText; 142 | } 143 | 144 | /** 145 | * Override the getMessage method to avoid getting only script-thrown exception as the exception message 146 | * Note : to avoid XSS, make sure to escape text before presenting it to the user. 147 | */ 148 | global override String getMessage() { 149 | return this.eText; 150 | } 151 | 152 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCAccessControlException.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCAccessControlResults.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * This class provides access control results functionality. 19 | * This will help to encapsulate and provide more functionality in processing 20 | * results from access control function calls such as insertAsUser and updateAsUser. 21 | */ 22 | global with sharing virtual class SFDCAccessControlResults { 23 | 24 | private Database.SaveResult [] saveResultsArr; // this object will hold the results for upadte and insert operations 25 | private Database.DeleteResult [] deleteResultsArr; // this object will hold the results for delete operations 26 | private SObject [] cleanObjectsArr; // this object will hold the actual objects used to insert/update into db 27 | 28 | global class AccessControlResultsException extends Exception {} 29 | 30 | private SFDCAccessControlResults() { 31 | // declare this function as private so it can't be used. 32 | // the specific Insert/Update/Delete classes should be constructed instead. 33 | 34 | saveResultsArr = null; 35 | deleteResultsArr = null; 36 | cleanObjectsArr = null; 37 | } 38 | 39 | /** 40 | * This class provides results info and functionality for insert operations. 41 | */ 42 | global with sharing class InsertResults extends SFDCAccessControlResults { 43 | 44 | /** 45 | * This constructor sets the objects that were actually inserted into the db, and also sets the results from that insert operation. 46 | */ 47 | global InsertResults(SObject [] objects, Database.SaveResult [] results) { 48 | super(); 49 | setCleanObjectsArr(objects); 50 | setSaveResultsArr(results); 51 | } 52 | 53 | /** 54 | * Get the Database.SaveResult [] returned by the insert operation. 55 | */ 56 | global Database.SaveResult [] getResults() { 57 | return saveResultsArr; 58 | } 59 | 60 | /** 61 | * Get the objects that were actually inserted into the db.
62 | * Note that these objects might not be the same as the objects you provided to the insertAsUser function.
63 | * Depending on the current user permissions, the operation mode, and the fields you requested to set, this might
64 | * not be all the fields you have in your original objects. 65 | */ 66 | global SObject [] getInsertedObjects() { 67 | return cleanObjectsArr; 68 | } 69 | 70 | /** 71 | * Did the insert operation succeed for all objects in the array?
72 | * Note that if array operation mode was set to BEST_EFFORT, we will not get an exception even if some
73 | * of the objects fail to insert. 74 | */ 75 | global Boolean wasSuccessful() { 76 | return wasSaveSuccessful(); 77 | } 78 | } 79 | 80 | /** 81 | * This class provides results info and functionality for update operations. 82 | */ 83 | global with sharing class UpdateResults extends SFDCAccessControlResults { 84 | 85 | /** 86 | * This constructor sets the objects that were actually used to update the db, and also sets the results from that update operation. 87 | */ 88 | global UpdateResults(SObject [] objects, Database.SaveResult [] results) { 89 | super(); 90 | setCleanObjectsArr(objects); 91 | setSaveResultsArr(results); 92 | } 93 | 94 | /** 95 | * Get the Database.SaveResult [] returned by the update operation. 96 | */ 97 | global Database.SaveResult [] getResults() { 98 | return saveResultsArr; 99 | } 100 | 101 | /** 102 | * Get the objects that were actually updated into the db.
103 | * Note that these objects might not be the same as the objects you provided to the updateAsUser function.
104 | * Depending on the current user permissions, the operation mode, and the fields you requested to set, this might
105 | * not be all the fields you have in your original objects. 106 | */ 107 | global SObject [] getUpdatedObjects() { 108 | return cleanObjectsArr; 109 | } 110 | 111 | /** 112 | * Did the update operation succeed for all objects in the array?
113 | * Note that if array operation mode was set to BEST_EFFORT, we will not get an exception even if some
114 | * of the objects fail to update. 115 | */ 116 | global Boolean wasSuccessful() { 117 | return wasSaveSuccessful(); 118 | } 119 | } 120 | 121 | /** 122 | * This class provides results info and functionality for delete operations. 123 | */ 124 | global with sharing class DeleteResults extends SFDCAccessControlResults { 125 | 126 | /** 127 | * This constructor sets the results from the delete operation. 128 | */ 129 | global DeleteResults(Database.DeleteResult [] results) { 130 | super(); 131 | setDeleteResultsArr(results); 132 | } 133 | 134 | /** 135 | * Get the Database.DeleteResult [] returned by the delete operation. 136 | */ 137 | global Database.DeleteResult [] getResults() { 138 | return deleteResultsArr; 139 | } 140 | 141 | /** 142 | * Did the delete operation succeed for all objects in the array?
143 | * Note that if array operation mode was set to BEST_EFFORT, we will not get an exception even if some
144 | * of the objects fail to delete. 145 | */ 146 | global Boolean wasSuccessful() { 147 | return wasDeleteSuccessful(); 148 | } 149 | } 150 | 151 | // main class private functions 152 | 153 | private void setCleanObjectsArr(SObject [] objects) { 154 | if (objects == null) 155 | throw new AccessControlResultsException('objects must not be set to null'); 156 | cleanObjectsArr = objects; 157 | } 158 | 159 | private void setSaveResultsArr(Database.SaveResult [] results) { 160 | if (results == null) 161 | throw new AccessControlResultsException('results must not be set to null'); 162 | saveResultsArr = results; 163 | } 164 | 165 | private void setDeleteResultsArr(Database.DeleteResult [] results) { 166 | if (results == null) 167 | throw new AccessControlResultsException('results must not be set to null'); 168 | deleteResultsArr = results; 169 | } 170 | 171 | private Boolean wasSaveSuccessful() { 172 | if (saveResultsArr == null) 173 | throw new AccessControlResultsException('saveResultsArr must not be null'); 174 | Integer i; 175 | for (i = 0; i < saveResultsArr.size(); i++) { 176 | if (saveResultsArr[i].isSuccess() == false) 177 | return false; 178 | } 179 | return true; 180 | } 181 | 182 | private Boolean wasDeleteSuccessful() { 183 | if (deleteResultsArr == null) 184 | throw new AccessControlResultsException('deleteResultsArr must not be null'); 185 | Integer i; 186 | for (i = 0; i < deleteResultsArr.size(); i++) { 187 | if (deleteResultsArr[i].isSuccess() == false) 188 | return false; 189 | } 190 | return true; 191 | } 192 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCAccessControlResults.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCAccessController.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCBaseValidationRule.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * This is a base class it is only inteneded to help other classes so we don't have the same code in all of them. 19 | */ 20 | global with sharing virtual class SFDCBaseValidationRule { 21 | 22 | private String typeName = null; 23 | private boolean allowNull = false; 24 | 25 | private SFDCBaseValidationRule() { 26 | // prevent use of no-arg constructor 27 | } 28 | 29 | public SFDCBaseValidationRule( String typeName ) { 30 | this(); 31 | setTypeName( typeName ); 32 | } 33 | 34 | /** 35 | * {@inheritDoc} 36 | */ 37 | public void setAllowNull( boolean flag ) { 38 | allowNull = flag; 39 | } 40 | 41 | /** 42 | * {@inheritDoc} 43 | */ 44 | public String getTypeName() { 45 | return typeName; 46 | } 47 | 48 | /** 49 | * {@inheritDoc} 50 | */ 51 | public void setTypeName( String typeName ) { 52 | this.typeName = typeName; 53 | } 54 | 55 | public boolean isAllowNull() { 56 | return allowNull; 57 | } 58 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCBaseValidationRule.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCCharacter.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * This class adds basic character functionality to the Apex language. We need this because in Apex we don't have access to the bytes and byte arrays. 19 | * It uses two maps that link between the integer value and the string representation of each character. 20 | */ 21 | global class SFDCCharacter { 22 | 23 | /** 24 | * This is the SFDCInvalidCharacterException class. It does not add any functionality to the generic Exception class. 25 | * However, in Apex we must extend the Exception class before using it. 26 | */ 27 | public with sharing class SFDCInvalidCharacterException extends Exception{ } 28 | 29 | private static final Map strToInt = new Map(); 30 | private static final Map intToStr = new Map(); 31 | 32 | private Integer valInt = 0; 33 | private String valStr = null; 34 | 35 | private SFDCCharacter() { 36 | // this will not allow using the default constructor 37 | } 38 | 39 | global SFDCCharacter(Integer x) { 40 | valStr = toStr(x); 41 | valInt = x; 42 | } 43 | 44 | global SFDCCharacter(String x) { 45 | valInt = toInt(x); 46 | valStr = x; 47 | } 48 | 49 | global void updateVal(Integer x) { 50 | valStr = toStr(x); 51 | valInt = x; 52 | } 53 | 54 | global void updateVal(String x) { 55 | valInt = toInt(x); 56 | valStr = x; 57 | } 58 | 59 | global static String toStr(Integer x) { 60 | if(intToStr.containsKey(x) == false) 61 | // be carefull not to throw any user input value that might cause XSS if the developer will not catch and escape 62 | throw new SFDCInvalidCharacterException('Invalid charcter integer'); 63 | return intToStr.get(x); 64 | } 65 | 66 | global static Integer toInt(String x) { 67 | if(SFDCStringUtils.isEmpty(x)) 68 | throw new SFDCInvalidCharacterException('Invalid charcter string empty string'); 69 | 70 | if(strToInt.containsKey(x) == false) 71 | // be carefull not to throw any user input value that might cause XSS if the developer will not catch and escape 72 | throw new SFDCInvalidCharacterException('Invalid charcter string'); 73 | return strToInt.get(x); 74 | } 75 | 76 | global String toStr(){ 77 | return valStr; 78 | } 79 | 80 | global Integer toInt(){ 81 | return valInt; 82 | } 83 | 84 | global Boolean equals(SFDCCharacter x) { 85 | return valInt == x.toInt(); 86 | } 87 | 88 | static { 89 | strToInt.put(null, 0); 90 | strToInt.put('\t', 9); 91 | strToInt.put('\n', 10); 92 | strToInt.put('\f', 12); 93 | strToInt.put('\r', 13); 94 | strToInt.put(' ', 32); 95 | strToInt.put('!', 33); 96 | strToInt.put('"', 34); 97 | strToInt.put('#', 35); 98 | strToInt.put('$', 36); 99 | strToInt.put('%', 37); 100 | strToInt.put('&', 38); 101 | strToInt.put('\'', 39); 102 | strToInt.put('(', 40); 103 | strToInt.put(')', 41); 104 | strToInt.put('*', 42); 105 | strToInt.put('+', 43); 106 | strToInt.put(',', 44); 107 | strToInt.put('-', 45); 108 | strToInt.put('.', 46); 109 | strToInt.put('/', 47); 110 | strToInt.put('0', 48); 111 | strToInt.put('1', 49); 112 | strToInt.put('2', 50); 113 | strToInt.put('3', 51); 114 | strToInt.put('4', 52); 115 | strToInt.put('5', 53); 116 | strToInt.put('6', 54); 117 | strToInt.put('7', 55); 118 | strToInt.put('8', 56); 119 | strToInt.put('9', 57); 120 | strToInt.put(':', 58); 121 | strToInt.put(';', 59); 122 | strToInt.put('<', 60); 123 | strToInt.put('=', 61); 124 | strToInt.put('>', 62); 125 | strToInt.put('?', 63); 126 | strToInt.put('@', 64); 127 | strToInt.put('A', 65); 128 | strToInt.put('B', 66); 129 | strToInt.put('C', 67); 130 | strToInt.put('D', 68); 131 | strToInt.put('E', 69); 132 | strToInt.put('F', 70); 133 | strToInt.put('G', 71); 134 | strToInt.put('H', 72); 135 | strToInt.put('I', 73); 136 | strToInt.put('J', 74); 137 | strToInt.put('K', 75); 138 | strToInt.put('L', 76); 139 | strToInt.put('M', 77); 140 | strToInt.put('N', 78); 141 | strToInt.put('O', 79); 142 | strToInt.put('P', 80); 143 | strToInt.put('Q', 81); 144 | strToInt.put('R', 82); 145 | strToInt.put('S', 83); 146 | strToInt.put('T', 84); 147 | strToInt.put('U', 85); 148 | strToInt.put('V', 86); 149 | strToInt.put('W', 87); 150 | strToInt.put('X', 88); 151 | strToInt.put('Y', 89); 152 | strToInt.put('Z', 90); 153 | strToInt.put('[', 91); 154 | strToInt.put('\\', 92); 155 | strToInt.put(']', 93); 156 | strToInt.put('^', 94); 157 | strToInt.put('_', 95); 158 | strToInt.put('`', 96); 159 | strToInt.put('a', 97); 160 | strToInt.put('b', 98); 161 | strToInt.put('c', 99); 162 | strToInt.put('d', 100); 163 | strToInt.put('e', 101); 164 | strToInt.put('f', 102); 165 | strToInt.put('g', 103); 166 | strToInt.put('h', 104); 167 | strToInt.put('i', 105); 168 | strToInt.put('j', 106); 169 | strToInt.put('k', 107); 170 | strToInt.put('l', 108); 171 | strToInt.put('m', 109); 172 | strToInt.put('n', 110); 173 | strToInt.put('o', 111); 174 | strToInt.put('p', 112); 175 | strToInt.put('q', 113); 176 | strToInt.put('r', 114); 177 | strToInt.put('s', 115); 178 | strToInt.put('t', 116); 179 | strToInt.put('u', 117); 180 | strToInt.put('v', 118); 181 | strToInt.put('w', 119); 182 | strToInt.put('x', 120); 183 | strToInt.put('y', 121); 184 | strToInt.put('z', 122); 185 | strToInt.put('{', 123); 186 | strToInt.put('|', 124); 187 | strToInt.put('}', 125); 188 | strToInt.put('~', 126); 189 | 190 | for(String key : strToInt.keySet()) { 191 | intToStr.put(strToInt.get(key), key); 192 | } 193 | } 194 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCCharacter.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCCreditCardValidationRule.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * A credit card validator class. This class only validates Visa and MasterCard 16 digits cards. 19 | * It will check their length, characters used, and perform the Luhn algorithm check on the number. 20 | */ 21 | public with sharing class SFDCCreditCardValidationRule extends SFDCBaseValidationRule { 22 | 23 | // The maximum credit card length is 16 digits + 3 separators (like dash or space) 24 | private Integer maxCardLength = 19; 25 | 26 | private static final Pattern CREDIT_CARD_PATTERN = null; 27 | 28 | static { 29 | CREDIT_CARD_PATTERN = Pattern.compile(SFDCPatterns.CreditCard); 30 | } 31 | 32 | private SFDCStringValidationRule ccrule = null; 33 | 34 | /** 35 | * Creates a CreditCardValidator using the default RegEx pattern from SFDCPatterns.CreditCard 36 | * @param typeName a description of the type of card being validated 37 | */ 38 | public SFDCCreditCardValidationRule( String typeName) { 39 | super(typeName); 40 | ccrule = readDefaultCreditCardRule(); 41 | } 42 | 43 | private SFDCStringValidationRule readDefaultCreditCardRule() { 44 | SFDCStringValidationRule ccr = new SFDCStringValidationRule( 'ccrule', CREDIT_CARD_PATTERN.pattern() ); 45 | ccr.setMaximumLength(getMaxCardLength()); 46 | ccr.setAllowNull( false ); 47 | return ccr; 48 | } 49 | 50 | /** 51 | * This function will perform the following tests, and throw an exception if any of them fail. 52 | * - is null or zero bytes and allow null was set to false 53 | * - maximum length 54 | * - input matches the credit card pattern we use 55 | * If all tests passed it will just finish without any exceptions 56 | */ 57 | public void assertValid(String input ) { 58 | 59 | if ( SFDCStringUtils.isEmpty(input) ) { 60 | if (isAllowNull()) 61 | return; 62 | throw new SFDCValidator.SFDCValidationException('Input credit card required'); 63 | } 64 | 65 | try { 66 | ccrule.assertValid(input); 67 | } catch (Exception e) { 68 | // Card did not match the regex pattern or other basic string rule checks 69 | throw new SFDCValidator.SFDCValidationException('Invalid credit card input'); 70 | } 71 | 72 | if( ! validCreditCardFormat(input)) { 73 | throw new SFDCValidator.SFDCValidationException('Invalid credit card input'); 74 | } 75 | 76 | // all tests passed 77 | } 78 | 79 | /** 80 | * Performs additional validation on the card nummber. 81 | * This implementation performs Luhn algorithm checking 82 | * @param ccNum number to be validated 83 | * @return true if the ccNum passes the Luhn Algorithm 84 | */ 85 | private boolean validCreditCardFormat(String ccNum) { 86 | 87 | String digitsOnly = ''; 88 | String log = ''; 89 | SFDCCharacter c = new SFDCCharacter('a'); // start with a temp value that we don't care about - we will overwrite it for each character in the string 90 | for (Integer i = 0; i < ccNum.length(); i++) { 91 | c.updateVal(ccNum.substring(i, i + 1)); 92 | if (SFDCEncoderConstants.DIGITS.contains(c.toInt())) { 93 | digitsOnly += c.toStr(); 94 | } 95 | } 96 | 97 | Integer sum = 0; 98 | Integer digit = 0; 99 | Integer addend = 0; 100 | Boolean timesTwo = false; 101 | 102 | for (Integer i = digitsOnly.length() - 1; i >= 0; i--) { 103 | // guaranteed to be an integer because the previous loop only adds digits to the digitsOnly string 104 | digit = Integer.valueOf(digitsOnly.substring(i, i + 1)); 105 | if (timesTwo) { 106 | addend = digit * 2; 107 | if (addend > 9) { 108 | addend -= 9; 109 | } 110 | } else { 111 | addend = digit; 112 | } 113 | sum += addend; 114 | timesTwo = !timesTwo; 115 | } 116 | 117 | return Math.mod(sum, 10) == 0; 118 | } 119 | 120 | /** 121 | * @param maxCardLength the maxCardLength to set 122 | */ 123 | public void setMaxCardLength(Integer maxCardLength) { 124 | this.maxCardLength = maxCardLength; 125 | } 126 | 127 | /** 128 | * @return the maxCardLength 129 | */ 130 | public Integer getMaxCardLength() { 131 | return maxCardLength; 132 | } 133 | 134 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCCreditCardValidationRule.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCEncoder.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * This class is a basic encoder/escaper to help prevent some XSS attacks etc. 19 | */ 20 | global with sharing class SFDCEncoder { 21 | 22 | /* TODO Yoel - all these functions should be converted into a white list aproach - I am using blacklist to be consistent with the VISUALFORCE functions */ 23 | /* TODO Yoel - Do we need to encode ASCII/Unicode white-space/new-line characters? These used to cause some security issues in some browsers not sure if this is still the case */ 24 | 25 | /* Note - the order of these encoding strings is very important so we don't end up with double encoding. 26 | Each string we search for, must not be found as a result of a previous encoded string replacement */ 27 | 28 | private static final String[] HTML_DECODED = new String[]{ '&', '<', '>', '"', '\''}; 29 | private static final String[] HTML_ENCODED = new String[]{ '&', '<', '>', '"', ''' }; 30 | 31 | private static final String[] JS_DECODED = new String[] { '\\', '\'', '\n', '\r', '"', '!--', '/', '<', '>' }; 32 | private static final String[] JS_ENCODED = new String[] { '\\\\', '\\\'', '\\n', '\\r', '\\"', '\\!--', '\\/', '\\u003C', '\\u003E' }; 33 | 34 | private static final String[] JSINHTML_DECODED = new String[] { '&', '\\', '\'', '"', '\r', '\n', '<', '>' }; 35 | private static final String[] JSINHTML_ENCODED = new String[] { '\\&', '\\\\', '\\'', '\\"', '\\r', '\\n', '<', '>' }; 36 | 37 | /** 38 | * Similar to the VisualForce HTMLENCODE function.

39 | * 40 | * Example:
41 | * 
 42 | 	 * //htmlstr is going to be sent to visualforce as html code
 43 | 	 * htmlstr = '<div>' + ESAPI.encoder().SFDC_HTMLENCODE(unsafe_text) + '</div>';
 44 | 	 *
45 | */ 46 | global String SFDC_HTMLENCODE(String input) { 47 | return ENCODE(input, HTML_DECODED, HTML_ENCODED); 48 | } 49 | 50 | /** 51 | * Similar to the VisualForce JSENCODE function.

52 | * 53 | * Example:
54 | * 
 55 | 	 * //htmlstr is going to be sent to visualforce as html code
 56 | 	 * htmlstr = '<script> var str = "' + ESAPI.encoder().SFDC_JSENCODE(unsafe_text) + '";</script>';
 57 | 	 *
58 | */ 59 | global String SFDC_JSENCODE(String input) { 60 | return ENCODE(input, JS_DECODED, JS_ENCODED); 61 | } 62 | 63 | /** 64 | * Similar to the VisualForce JSINHTMLENCODE function.

65 | * 66 | * Example:
67 | * 
 68 | 	 * //htmlstr is going to be sent to visualforce as html code
 69 | 	 * htmlstr = '<div onclick=\'alert("' + ESAPI.encoder().SFDC_JSINHTMLENCODE(unsafe_text) + '");\'>some text</div>';
 70 | 	 *
71 | */ 72 | global String SFDC_JSINHTMLENCODE(String input) { 73 | return ENCODE(input, JSINHTML_DECODED, JSINHTML_ENCODED); 74 | } 75 | 76 | /** 77 | * Similar to the VisualForce URLENCODE function.

78 | * 79 | * Note : This function always encodes into UTF-8 URL encoding 80 | * - if you need another encoding type, 81 | * use the second function which allows to set the encoding.

82 | * 83 | * Note : Even when using this function you should still not trust the input as a full 84 | * URL because it may have JS or load data from other domains. this function just makes 85 | * sure the input is encoded as proper URL.

86 | * 87 | * Example:
88 | * 
 89 | 	 * //htmlstr is going to be sent to visualforce as html code
 90 | 	 * htmlstr = '<img src=\'http://domain/' + ESAPI.encoder().SFDC_URLENCODE(unsafe_text) + '\' />';
 91 | 	 *
92 | */ 93 | global String SFDC_URLENCODE(String input) { 94 | return EncodingUtil.urlEncode(input, 'UTF-8'); 95 | } 96 | 97 | /** 98 | * Similar to {@link #SFDC_URLENCODE(String) SFDC_URLENCODE}(String input) but 99 | * allows to set specific encoding type.

100 | * 101 | * Example:
102 | * 
103 | 	 * //htmlstr is going to be sent to visualforce as html code
104 | 	 * htmlstr = '<img src=\'http://domain/' + ESAPI.encoder().SFDC_URLENCODE(unsafe_text, 'ISO-8859-1') + '\' />';
105 | 	 *
106 | * 107 | */ 108 | global String SFDC_URLENCODE(String input, String encoding) { 109 | return EncodingUtil.urlEncode(input, encoding); 110 | } 111 | 112 | /** 113 | * Note : This function always encodes into UTF-8 URL encoding

114 | * 115 | * Note : Even when using this function you should still not trust the input as a full 116 | * URL because it may have JS or load data from other domains. this function just makes 117 | * sure the input is encoded as proper URL.

118 | * 119 | * Example:
120 | * 
121 | 	 * //htmlstr is going to be sent to visualforce as html code
122 | 	 * htmlstr = '<img src="data:image/gif;base64,"" + ESAPI.encoder().SFDC_BASE64_URLENCODE(unsafe_text) + '"\' />';
123 | 	 *
124 | */ 125 | global String SFDC_BASE64_URLENCODE(final Blob input){ 126 | if(input == null) { 127 | return null; 128 | } 129 | return EncodingUtil.base64Encode(input) 130 | .replace('/', '_') 131 | .replace('+', '-') 132 | .replaceAll('=+$', ''); 133 | } 134 | 135 | private String ENCODE(String input, String[] fromArr, String[] toArr) { 136 | if (input == null || input.length() == 0) 137 | return input; 138 | 139 | for (Integer i = 0; i < fromArr.size(); ++i) { 140 | input = input.replace(fromArr[i], toArr[i]); 141 | } 142 | 143 | return input; 144 | } 145 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCEncoder.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCEncoderConstants.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * Common character classes used for input validation, output encoding, verifying password strength 19 | * CSRF token generation, generating salts, etc. I removed all the constatnts that are not used so we 20 | * don't burn governor limits. 21 | */ 22 | public with sharing class SFDCEncoderConstants { 23 | 24 | private SFDCEncoderConstants() { 25 | // prevent instantiation 26 | } 27 | 28 | /** 29 | * 0-9 30 | */ 31 | public static final String[] CHAR_DIGITS = new String[]{ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' }; 32 | public static final Set DIGITS; 33 | static { 34 | DIGITS = SFDCStringUtils.stringArrayToIntegerSet(CHAR_DIGITS); 35 | } 36 | 37 | /** 38 | * 39 | */ 40 | public static final String[] VALID_FILE_EXTENSIONS = new String[]{ '.zip', '.pdf', '.txt', '.html', '.xml', '.jpg', '.jpeg', '.png', '.gif', '.bmp'}; 41 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCEncoderConstants.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCIntegerValidationRule.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * A class to verify integer values 19 | */ 20 | global with sharing class SFDCIntegerValidationRule extends SFDCBaseValidationRule { 21 | 22 | private Integer minValue = 0; 23 | private Integer maxValue = 0; 24 | 25 | // Set maximum string length to be more than enough for any integer value we can handle 26 | private Integer maxStrLength = 50; 27 | 28 | private static final Pattern INTEGER_PATTERN = null; 29 | 30 | static { 31 | INTEGER_PATTERN = Pattern.compile(SFDCPatterns.IntegerStr); 32 | } 33 | 34 | private SFDCStringValidationRule svrule = null; 35 | 36 | private SFDCIntegerValidationRule(String typeName) { 37 | // prevent use of this constructor - so that minValue and maxValue are guaranteed to be set 38 | super(typeName); 39 | } 40 | 41 | public SFDCIntegerValidationRule(String typeName, Integer minValue, Integer maxValue) { 42 | super(typeName); 43 | 44 | if (minValue > maxValue) 45 | throw new SFDCValidator.SFDCValidationException('maxValue must be larger than minValue'); 46 | 47 | this.minValue = minValue; 48 | this.maxValue = maxValue; 49 | 50 | // get default regex string validator for integer 51 | svrule = readDefaultIntegerRule(); 52 | } 53 | 54 | private SFDCStringValidationRule readDefaultIntegerRule() { 55 | SFDCStringValidationRule svr = new SFDCStringValidationRule( 'integerrule', INTEGER_PATTERN.pattern() ); 56 | svr.setMaximumLength(getMaxIntegerStrLength()); 57 | svr.setAllowNull( false ); 58 | return svr; 59 | } 60 | 61 | /** 62 | * This function will perform the following tests, and throw an exception if any of them fail. 63 | * - is null or zero bytes and allow null was set to false 64 | * - value is larger than maxValue 65 | * - value is smaller than minValue 66 | * - value is not a valid integer number 67 | * If all tests passed it will return the input as Integer 68 | */ 69 | public Integer getValid(String input ) { 70 | return safelyParse(input); 71 | } 72 | 73 | private Integer safelyParse(String input) { 74 | if ( SFDCStringUtils.isEmpty(input) ) { 75 | if (isAllowNull()) { 76 | return null; 77 | } 78 | throw new SFDCValidator.SFDCValidationException('Input integer required'); 79 | } 80 | 81 | // make sure string contains only valid integer characters using regex 82 | try { 83 | svrule.assertValid(input); 84 | } catch (Exception e) { 85 | // String did not match the regex pattern or other basic string rule checks 86 | throw new SFDCValidator.SFDCValidationException('Invalid integer input'); 87 | } 88 | 89 | // RegEx is ok , so try to convert string to integer 90 | Integer i; 91 | try { 92 | i = Integer.valueOf(input); 93 | } catch (Exception e) { 94 | throw new SFDCValidator.SFDCValidationException('Invalid integer input format'); 95 | } 96 | 97 | // validate min and max 98 | if (i < minValue) { 99 | throw new SFDCValidator.SFDCValidationException('Invalid integer input must be between ' + minValue + ' and ' + maxValue); 100 | } 101 | if (i > maxValue) { 102 | throw new SFDCValidator.SFDCValidationException('Invalid integer input must be between ' + minValue + ' and ' + maxValue); 103 | } 104 | 105 | return i; 106 | } 107 | 108 | /** 109 | * @return the max integer string length 110 | */ 111 | private Integer getMaxIntegerStrLength() { 112 | return maxStrLength; 113 | } 114 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCIntegerValidationRule.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCNumberValidationRule.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * A class to verify number (double) values 19 | */ 20 | global with sharing class SFDCNumberValidationRule extends SFDCBaseValidationRule { 21 | 22 | private Double minValue = 0; // The minimum value allowed 23 | private Double maxValue = 0; // The maximum value allowed 24 | 25 | // Set maximum string length to be more than enough for any double value we can handle 26 | private Integer maxStrLength = 50; 27 | 28 | private static final Pattern DOUBLE_PATTERN = null; 29 | 30 | static { 31 | DOUBLE_PATTERN = Pattern.compile(SFDCPatterns.DoubleStr); 32 | } 33 | 34 | private SFDCStringValidationRule svrule = null; 35 | 36 | private SFDCNumberValidationRule( String typeName) { 37 | // prevent use of this constructor - so that minValue and maxValue are guaranteed to be set 38 | super(typeName); 39 | } 40 | 41 | public SFDCNumberValidationRule( String typeName, Double minValue, Double maxValue ) { 42 | super(typeName); 43 | 44 | if (minValue > maxValue) 45 | throw new SFDCValidator.SFDCValidationException('maxValue must be larger than minValue'); 46 | 47 | this.minValue = minValue; 48 | this.maxValue = maxValue; 49 | 50 | // get default regex string validator for double 51 | svrule = readDefaultDoubleRule(); 52 | } 53 | 54 | private SFDCStringValidationRule readDefaultDoubleRule() { 55 | SFDCStringValidationRule svr = new SFDCStringValidationRule( 'doublerule', DOUBLE_PATTERN.pattern() ); 56 | svr.setMaximumLength(getMaxDoubleStrLength()); 57 | svr.setAllowNull( false ); 58 | return svr; 59 | } 60 | 61 | /** 62 | * This function will perform the following tests, and throw an exception if any of them fail. 63 | * - is null or zero bytes and allow null was set to false 64 | * - value is larger than maxValue 65 | * - value is smaller than minValue 66 | * - value is not a valid double number 67 | * If all tests passed it will return the input as Double 68 | */ 69 | public Double getValid(String input ) { 70 | return safelyParse(input); 71 | } 72 | 73 | private Double safelyParse(String input) { 74 | if ( SFDCStringUtils.isEmpty(input) ) { 75 | if (isAllowNull()) { 76 | return null; 77 | } 78 | throw new SFDCValidator.SFDCValidationException('Input number required'); 79 | } 80 | 81 | // make sure string contains only valid double characters using regex 82 | try { 83 | svrule.assertValid(input); 84 | } catch (Exception e) { 85 | // String did not match the regex pattern or other basic string rule checks 86 | throw new SFDCValidator.SFDCValidationException('Invalid number input'); 87 | } 88 | 89 | // RegEx is ok , so try to convert string to double 90 | Double d; 91 | try { 92 | d = Double.valueOf(input); 93 | } catch (Exception e) { 94 | throw new SFDCValidator.SFDCValidationException('Invalid number input'); 95 | } 96 | 97 | // validate min and max 98 | if (d < minValue) { 99 | throw new SFDCValidator.SFDCValidationException('Invalid number input must be between ' + minValue + ' and ' + maxValue); 100 | } 101 | if (d > maxValue) { 102 | throw new SFDCValidator.SFDCValidationException('Invalid number input must be between ' + minValue + ' and ' + maxValue); 103 | } 104 | return d; 105 | } 106 | 107 | /** 108 | * @return the max double string length 109 | */ 110 | private Integer getMaxDoubleStrLength() { 111 | return maxStrLength; 112 | } 113 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCNumberValidationRule.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCPatterns.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * This class contains default RegEx patterns used in this library. 19 | */ 20 | global with sharing class SFDCPatterns { 21 | 22 | /** 23 | * dd/mm/yy 24 | */ 25 | global static final String Date1 = '^([123]0|[012][1-9]|31)/(0[1-9]|1[012])/(\\d{2})$'; 26 | 27 | /** 28 | * dd/mm/yyyy 29 | */ 30 | global static final String Date2 = '^([123]0|[012][1-9]|31)/(0[1-9]|1[012])/(19[0-9]{2}|2[0-9]{3})$'; 31 | 32 | /** 33 | * dd/mm/(yy)yy 34 | */ 35 | global static final String Date3 = '^([123]0|[012][1-9]|31)/(0[1-9]|1[012])/(19[0-9]{2}|2[0-9]{3}|\\d{2})$'; 36 | 37 | /** 38 | * (d)d/-.(m)m/-.(yy)yy 39 | */ 40 | global static final String Date4 = '^([123]0|[012]?[1-9]|31)[\\/\\.\\-](0?[1-9]|1[012])[\\/\\.\\-](19[0-9]{2}|2[0-9]{3}|\\d{2})$'; 41 | 42 | /** 43 | * mm/dd/yy 44 | */ 45 | global static final String Date5 = '^(0[1-9]|1[012])/([123]0|[012][1-9]|31)/(\\d{2})$'; 46 | 47 | /** 48 | * mm/dd/yyyy 49 | */ 50 | global static final String Date6 = '^(0[1-9]|1[012])/([123]0|[012][1-9]|31)/(19[0-9]{2}|2[0-9]{3})$'; 51 | 52 | /** 53 | * mm/dd/(yy)yy 54 | */ 55 | global static final String Date7 = '^(0[1-9]|1[012])/([123]0|[012][1-9]|31)/(19[0-9]{2}|2[0-9]{3}|\\d{2})$'; 56 | 57 | /** 58 | * (m)m/-.(d)d/-.(yy)yy 59 | */ 60 | global static final String Date8 = '^(0?[1-9]|1[012])[\\/\\.\\-]([123]0|[012]?[1-9]|31)[\\/\\.\\-](19[0-9]{2}|2[0-9]{3}|\\d{2})$'; 61 | 62 | /** 63 | * yyyy/mm/dd 64 | */ 65 | global static final String Date9 = '^(19[0-9]{2}|2[0-9]{3})/(0[1-9]|1[012])/([123]0|[012][1-9]|31)$'; 66 | 67 | /** 68 | * (yy)yy/-.(m)m/-.(d)d 69 | */ 70 | global static final String Date10 = '^(19[0-9]{2}|2[0-9]{3}|\\d{2})[\\/\\.\\-](0?[1-9]|1[012])[\\/\\.\\-]([123]0|[012]?[1-9]|31)$'; 71 | 72 | 73 | /** 74 | * hh:mm AM/PM 75 | */ 76 | global static final String Time1 = '^(0[1-9]|1[012]):([0-5]\\d) [APap][mM]$'; 77 | 78 | /** 79 | * (h)h:mm AM/PM 80 | */ 81 | global static final String Time2 = '^(0?[1-9]|1[012]):([0-5]\\d) [APap][mM]$'; 82 | 83 | /** 84 | * hh:mm:ss AM/PM 85 | */ 86 | global static final String Time3 = '^(0?[1-9]|1[012])(:[0-5]\\d){2} [APap][mM]$'; 87 | 88 | /** 89 | * hh:mm 24 90 | */ 91 | global static final String Time4 = '^([0-1]\\d|2[0-3]):([0-5]\\d)$'; 92 | 93 | /** 94 | * (h)h:mm 24 95 | */ 96 | global static final String Time5 = '^([0-1]?\\d|2[0-3]):([0-5]\\d)$'; 97 | 98 | /** 99 | * hh:mm:ss 24 100 | */ 101 | global static final String Time6 = '^([0-1]\\d|2[0-3])(:[0-5]\\d){2}$'; 102 | 103 | /** 104 | * yyyy(-/)mm(-/)dd(T )hh(:)mm(:)ss(Z)( +-)(hh:mm) 105 | */ 106 | global static final String DateTime1 = '^((\\d{4})[/-]?(0[1-9]|1[012])[/-]?([123]0|[012][1-9]|31))([T ])(([0-1]\\d|2[0-3])(:?[0-5]\\d){2})(Z|( ([+-]([0-1]\\d|2[0-3])(:?[0-5]\\d)?)))$'; 107 | 108 | /** 109 | * File name. Allowed characters are alpha numeric and: ()+. '&,-=_ 110 | */ 111 | global static final String FileName = '^[\\(\\)\\+\\. \'&,-=_\\da-zA-Z]{1,255}$'; 112 | 113 | /** 114 | * Domain. Allowed characters are alpha numeric and dash. Domain can have between two and 127 levels. 115 | * Each level can contain between one and 63 characters. 116 | */ 117 | global static final String Domain = '^([a-zA-Z0-9-]{1,63})((\\.([a-zA-Z0-9-]{1,63})){1,127})$'; 118 | 119 | /** 120 | * URL. Allowed characters are alpha numeric and: .&+/=?#\. Percentage can only be used preceding two valid HEX characters. 121 | */ 122 | global static final String URL = '^([a-zA-Z0-9\\.\\&\\+\\/\\=\\?\\#\\\\]|%([0-9A-Fa-f]{2}))*$'; 123 | 124 | /** 125 | * Credit card. Allowed characters are numeric spaces and dashes. The format must be four groups of four digits each. 126 | * They may have space or dash between the groups. 127 | */ 128 | global static final String CreditCard = '^(\\d{4}[- ]?){3}\\d{4}$'; 129 | 130 | /** 131 | * Double. Any valid double string including with exponent. 132 | */ 133 | global static final String DoubleStr = '^([+-]?\\d+\\.\\d+[eE][+-]?\\d{1,3})|([+-]?\\.\\d+[eE][+-]?\\d{1,3})|([+-]?\\d+\\.?[eE][+-]?\\d{1,3})|([+-]?\\d+\\.\\d+)|([+-]?\\.\\d+)|([+-]?\\d+\\.?)$'; 134 | 135 | /** 136 | * Integer. Any valid integer string. 137 | */ 138 | global static final String IntegerStr = '^([+-]?\\d+)$'; 139 | 140 | // this inner class is used for connecting a pattern name to a pattern string 141 | // I use it for testing only 142 | /* 143 | global with sharing class SFDCPattern { 144 | global String name; 145 | global String value; 146 | 147 | global SFDCPattern(String name, String value) { 148 | this.name = name; 149 | this.value = value; 150 | } 151 | } 152 | */ 153 | 154 | // The following adds all date patterns to the allDatePatterns array. 155 | // I am disabling this so it does not burn governor limits when not in testing mode. Enable if needed. 156 | /* 157 | global static final SFDCPattern [] allDatePatterns; 158 | 159 | static { 160 | allDatePatterns = new SFDCPattern[]{}; 161 | 162 | allDatePatterns.add(new SFDCPattern('dd/mm/yy', Date1)); 163 | allDatePatterns.add(new SFDCPattern('dd/mm/yyyy', Date2)); 164 | allDatePatterns.add(new SFDCPattern('dd/mm/(yy)yy', Date3)); 165 | allDatePatterns.add(new SFDCPattern('(d)d/-.(m)m/-.(yy)yy', Date4)); 166 | allDatePatterns.add(new SFDCPattern('mm/dd/yy', Date5)); 167 | allDatePatterns.add(new SFDCPattern('mm/dd/yyyy', Date6)); 168 | allDatePatterns.add(new SFDCPattern('mm/dd/(yy)yy', Date7)); 169 | allDatePatterns.add(new SFDCPattern('(m)m/-.(d)d/-.(yy)yy', Date8)); 170 | allDatePatterns.add(new SFDCPattern('yyyy/mm/dd', Date9)); 171 | allDatePatterns.add(new SFDCPattern('(yy)yy/-.(m)m/-.(d)d', Date10)); 172 | 173 | allDatePatterns.add(new SFDCPattern('hh:mm AM/PM', Time1)); 174 | allDatePatterns.add(new SFDCPattern('(h)h:mm AM/PM', Time2)); 175 | allDatePatterns.add(new SFDCPattern('hh:mm:ss AM/PM', Time3)); 176 | allDatePatterns.add(new SFDCPattern('hh:mm 24', Time4)); 177 | allDatePatterns.add(new SFDCPattern('(h)h:mm 24', Time5)); 178 | allDatePatterns.add(new SFDCPattern('hh:mm:ss 24', Time6)); 179 | 180 | allDatePatterns.add(new SFDCPattern('yyyy(-/)mm(-/)dd(T )hh(:)mm(:)ss(Z)( +-)(hh:mm)', DateTime1)); 181 | } 182 | */ 183 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCPatterns.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCPlugins.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2011 15 | */ 16 | 17 | /** 18 | * This class contains plugins for use in the ESAPI. 19 | * The DescribeInfoCache plugin provides caching functionality for describe info. 20 | */ 21 | public with sharing class SFDCPlugins { 22 | public static SFDCIDescribeInfoCache SFDC_DescribeInfoCache = new SFDCDefaultDescribeInfoCache(); 23 | 24 | /** 25 | * This interface defines the methods for a describe info cache implementation. 26 | */ 27 | public interface SFDCIDescribeInfoCache { 28 | /** 29 | * Returns a field map for a given sobject type. 30 | * 31 | * @param objectType sobject type for ex. Contact.getSObjectType() 32 | * @returns FieldMap [Key:FieldName,Value:Schema.SObjectField] 33 | */ 34 | Map fieldMapFor(Schema.SObjectType objectType); 35 | } 36 | 37 | /** 38 | * Register your own function to handle the describe cache. 39 | * 40 | * @param impl an object of your SFDCIDescribeInfoCache implementation 41 | */ 42 | public static void registerDescribeInfoCache(SFDCIDescribeInfoCache impl){ 43 | SFDC_DescribeInfoCache = impl; 44 | } 45 | 46 | /** 47 | * Default implementation for describe caching. You can use your existing cache by 48 | * implementing the SFDCIDescribeInfoCache interface and registering it with the ESAPI 49 | * library by calling registerDescribeInfoCache(). 50 | */ 51 | public virtual class SFDCDefaultDescribeInfoCache implements SFDCIDescribeInfoCache { 52 | // Key : SobjectAPIName For ex. Account 53 | // Value : Map, field map (k:fieldname, v:Schema.Sobjectfield) 54 | final Map> FIELD_CACHE = new Map>(); 55 | 56 | /** 57 | * Returns a field map for a given sobject type. 58 | * 59 | * Note : this method is kept public for Test cases to share the same field map info, without requiring a field desribe. 60 | * 61 | * @param objectType sobject type for ex. Contact.getSObjectType() 62 | * @returns FieldMap [Key:FieldName,Value:Schema.SObjectField] 63 | */ 64 | public virtual Map fieldMapFor(Schema.SObjectType objectType) { 65 | Map fieldMap = null; 66 | Schema.DescribeSObjectResult d = objectType.getDescribe(); // added since we use this more than once 67 | String sobjName = d.getName(); 68 | //String normalizedObjectType = sobjName.toLowerCase(); // not needed 69 | if (FIELD_CACHE.containsKey(sobjName)) { 70 | fieldMap = FIELD_CACHE.get(sobjName); 71 | } else { 72 | fieldMap = d.fields.getMap(); 73 | // cache it for next use 74 | FIELD_CACHE.put(sobjName, fieldMap); 75 | } 76 | 77 | return fieldMap; 78 | } 79 | 80 | } 81 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCPlugins.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCStringUtils.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * A collection of utility methods to perform String analysis and transformations 19 | */ 20 | public with sharing class SFDCStringUtils { 21 | 22 | private SFDCStringUtils() { 23 | // prevent instantiation 24 | } 25 | 26 | /** 27 | * Check to ensure that a {@code String} is not null or empty (after optional 28 | * trimming of leading and trailing whitespace). 29 | * 30 | * @param str The {@code String} to be checked. 31 | * @param trim If {@code true}, the string is first trimmed before checking 32 | * to see if it is empty, otherwise it is not. 33 | * @return True if the string is null or empty (after possible 34 | * trimming); otherwise false. 35 | */ 36 | public static boolean notNullOrEmpty(String str, boolean trim) { 37 | if ( trim ) { 38 | return !( str == null || str.trim().equals('') ); 39 | } else { 40 | return !( str == null || str.equals('') ); 41 | } 42 | } 43 | 44 | /** 45 | * Returns true if String is empty ('') or null. 46 | */ 47 | public static boolean isEmpty(String str) { 48 | return str == null || str.length() == 0; 49 | } 50 | 51 | /** 52 | * Converts an array of Strings to a Set of Integers. 53 | * @param array the contents of the new Set 54 | * @return a Set containing the elements in the array 55 | */ 56 | public static Set stringArrayToIntegerSet(String[] arr) { 57 | Set toReturn = new Set(); 58 | for (String c : arr) { 59 | toReturn.add(SFDCCharacter.toInt(c)); 60 | } 61 | return toReturn; 62 | } 63 | 64 | public static String[] unionStringArrays(String[] a, String[] b) { 65 | 66 | Set tmp = new Set(); 67 | String[] ret; 68 | Integer i; 69 | 70 | // add all unique strings 71 | tmp.addAll(a); 72 | tmp.addAll(b); 73 | 74 | List tmpList = new List(); 75 | tmpList.addAll(tmp); 76 | tmpList.sort(); 77 | 78 | // get all strings into an array of strings 79 | ret = new String[tmpList.size()]; 80 | i = 0; 81 | for (String s : tmpList) { 82 | ret[i] = s; 83 | i++; 84 | } 85 | 86 | return ret; 87 | } 88 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCStringUtils.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCStringValidationRule.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * A string validator class. This will check the string against black list and white list RegEx patterns, 19 | * check null, min length, and max length. 20 | */ 21 | global with sharing class SFDCStringValidationRule extends SFDCBaseValidationRule { 22 | 23 | private List whitelistPatterns = new List(); 24 | private List blacklistPatterns = new List(); 25 | private Integer minLength = 0; 26 | private Integer maxLength = 0; 27 | 28 | public SFDCStringValidationRule( String typeName ) { 29 | super( typeName ); 30 | } 31 | 32 | public SFDCStringValidationRule( String typeName, String whitelistPattern ) { 33 | super( typeName ); 34 | addWhitelistPattern( whitelistPattern ); 35 | } 36 | 37 | /** 38 | * Add pattern p to the whitelist patterns. throw an exception if failed to add. 39 | */ 40 | public void addWhitelistPattern( String p ) { 41 | if (p == null) { 42 | throw new SFDCValidator.SFDCValidationException('Pattern cannot be null'); 43 | } 44 | try { 45 | whitelistPatterns.add( Pattern.compile( p ) ); 46 | } catch( Exception e ) { 47 | throw new SFDCValidator.SFDCValidationException( 'Validation misconfiguration, problem with specified pattern'); 48 | } 49 | } 50 | 51 | 52 | /** 53 | * Add pattern p to the whitelist patterns. throw an exception if failed to add. 54 | */ 55 | public void addWhitelistPattern( Pattern p ) { 56 | if (p == null) { 57 | throw new SFDCValidator.SFDCValidationException('Pattern cannot be null'); 58 | } 59 | whitelistPatterns.add( p ); 60 | } 61 | 62 | /** 63 | * Add pattern p to the blacklist patterns. throw an exception if failed to add. 64 | */ 65 | public void addBlacklistPattern( String p ) { 66 | if (p == null) { 67 | throw new SFDCValidator.SFDCValidationException('Pattern cannot be null'); 68 | } 69 | try { 70 | blacklistPatterns.add( Pattern.compile( p ) ); 71 | } catch( Exception e ) { 72 | throw new SFDCValidator.SFDCValidationException( 'Validation misconfiguration, problem with specified pattern'); 73 | } 74 | } 75 | 76 | /** 77 | * Add pattern p to the blacklist patterns. throw an exception if failed to add. 78 | */ 79 | public void addBlacklistPattern( Pattern p ) { 80 | if (p == null) { 81 | throw new SFDCValidator.SFDCValidationException('Pattern cannot be null'); 82 | } 83 | blacklistPatterns.add( p ); 84 | } 85 | 86 | public void setMinimumLength( Integer length ) { 87 | minLength = length; 88 | } 89 | 90 | public void setMaximumLength( Integer length ) { 91 | maxLength = length; 92 | } 93 | 94 | /** 95 | * This function will perform the following tests, and throw an exception if any of them fail. 96 | * - is null or zero bytes and allow null was set to false 97 | * - minimum length 98 | * - maximum length 99 | * - input matches all whitelist patterns added 100 | * - input does not match any blacklist patterns added 101 | * If all tests passed it will just finish without any exceptions 102 | */ 103 | public void assertValid(String input ) { 104 | 105 | if ( SFDCStringUtils.isEmpty(input) ) { 106 | if (isAllowNull()) 107 | return; 108 | throw new SFDCValidator.SFDCValidationException('SFDCStringValidationRule - Input required'); 109 | } 110 | 111 | // check length 112 | if (input.length() < minLength) { 113 | throw new SFDCValidator.SFDCValidationException('SFDCStringValidationRule - Input is too short'); 114 | } 115 | 116 | if (input.length() > maxLength) { 117 | throw new SFDCValidator.SFDCValidationException('SFDCStringValidationRule - Input is too long'); 118 | } 119 | 120 | // check whitelist patterns - the input must match each white list pattern 121 | // TODO - should we change this so it is ok if matches one? 122 | for (Pattern p : whitelistPatterns) { 123 | if ( !p.matcher(input).matches() ) { 124 | throw new SFDCValidator.SFDCValidationException('SFDCStringValidationRule - Invalid input, please conform to pattern.'); 125 | } 126 | } 127 | 128 | // check blacklist patterns - fail if it matches any of the patterns 129 | for (Pattern p : blacklistPatterns) { 130 | if ( p.matcher(input).matches() ) { 131 | throw new SFDCValidator.SFDCValidationException('SFDCStringValidationRule - Invalid input, dangerous input matching detected.'); 132 | } 133 | } 134 | 135 | // validation passed - don't throw exception 136 | } 137 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCStringValidationRule.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/SFDCValidator.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/testAccessController.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/testCharacter.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * This class contains unit tests for validating the behavior of Apex classes 19 | * and triggers. 20 | * 21 | * Unit tests are class methods that verify whether a particular piece 22 | * of code is working properly. Unit test methods take no arguments, 23 | * commit no data to the database, and are flagged with the testMethod 24 | * keyword in the method definition. 25 | * 26 | * All test methods in an organization are executed whenever Apex code is deployed 27 | * to a production organization to confirm correctness, ensure code 28 | * coverage, and prevent regressions. All Apex classes are 29 | * required to have at least 75% code coverage in order to be deployed 30 | * to a production organization. In addition, all triggers must have some code coverage. 31 | * 32 | * The @isTest class annotation indicates this class only contains test 33 | * methods. Classes defined with the @isTest annotation do not count against 34 | * the organization size limit for all Apex scripts. 35 | * 36 | * See the Apex Language Reference for more information about Testing and Code Coverage. 37 | */ 38 | @isTest 39 | private class testCharacter { 40 | static testMethod void testCharacter1() { 41 | SFDCCharacter ch = new SFDCCharacter('a'); 42 | String errStr; 43 | try { 44 | ch.updateVal('©'); 45 | System.assert(false, 'Should never get here'); 46 | } catch (SFDCCharacter.SFDCInvalidCharacterException e) { 47 | // should fail - so all good 48 | errStr = e.getMessage(); 49 | } 50 | } 51 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/testCharacter.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/testEncoder.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/testStringUtils.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * This class contains unit tests for validating the behavior of Apex classes 19 | * and triggers. 20 | * 21 | * Unit tests are class methods that verify whether a particular piece 22 | * of code is working properly. Unit test methods take no arguments, 23 | * commit no data to the database, and are flagged with the testMethod 24 | * keyword in the method definition. 25 | * 26 | * All test methods in an organization are executed whenever Apex code is deployed 27 | * to a production organization to confirm correctness, ensure code 28 | * coverage, and prevent regressions. All Apex classes are 29 | * required to have at least 75% code coverage in order to be deployed 30 | * to a production organization. In addition, all triggers must have some code coverage. 31 | * 32 | * The @isTest class annotation indicates this class only contains test 33 | * methods. Classes defined with the @isTest annotation do not count against 34 | * the organization size limit for all Apex scripts. 35 | * 36 | * See the Apex Language Reference for more information about Testing and Code Coverage. 37 | */ 38 | @isTest 39 | private class testStringUtils { 40 | 41 | static testMethod void testStringUtils1() { 42 | String a = 'abc'; 43 | String b = ' '; 44 | 45 | System.assert(SFDCStringUtils.isEmpty(a) == false, 'Should be true - SFDCStringUtils.isEmpty(a)'); 46 | System.assert(SFDCStringUtils.notNullOrEmpty(a, false) == true, 'Should be true - SFDCStringUtils.notNullOrEmpty(a, false)'); 47 | System.assert(SFDCStringUtils.notNullOrEmpty(b, true) == false, 'Should be false - SFDCStringUtils.notNullOrEmpty(b, true)'); 48 | 49 | String[] digit_arr = new String[]{ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9' }; 50 | Set digits = SFDCStringUtils.stringArrayToIntegerSet(digit_arr); 51 | System.assert(digits.size() == 10, 'Should be 10 - digits.size()'); 52 | System.assert(digits.contains(48) == true, 'Should be true - digits.contains(48)'); 53 | 54 | String[] arr1 = new String[]{ '0', '1'}; 55 | String[] arr2 = new String[]{ '2', '3'}; 56 | 57 | String[] arr3 = SFDCStringUtils.unionStringArrays(arr1, arr2); 58 | System.assert(arr3.size() == 4, 'Should be 4 - arr3.size()'); 59 | } 60 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/testStringUtils.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/testStringValidationRule.cls: -------------------------------------------------------------------------------- 1 | /** 2 | * OWASP Enterprise Security API (ESAPI) 3 | * 4 | * This file is part of the Open Web Application Security Project (OWASP) 5 | * Enterprise Security API (ESAPI) project. For details, please see 6 | * http://www.owasp.org/index.php/ESAPI. 7 | * 8 | * Copyright (c) 2010 - Salesforce.com 9 | * 10 | * The Apex ESAPI implementation is published by Salesforce.com under the New BSD license. You should read and accept the 11 | * LICENSE before you use, modify, and/or redistribute this software. 12 | * 13 | * @author Yoel Gluck (securecloud .at. salesforce.com) Salesforce.com 14 | * @created 2010 15 | */ 16 | 17 | /** 18 | * This class contains unit tests for validating the behavior of Apex classes 19 | * and triggers. 20 | * 21 | * Unit tests are class methods that verify whether a particular piece 22 | * of code is working properly. Unit test methods take no arguments, 23 | * commit no data to the database, and are flagged with the testMethod 24 | * keyword in the method definition. 25 | * 26 | * All test methods in an organization are executed whenever Apex code is deployed 27 | * to a production organization to confirm correctness, ensure code 28 | * coverage, and prevent regressions. All Apex classes are 29 | * required to have at least 75% code coverage in order to be deployed 30 | * to a production organization. In addition, all triggers must have some code coverage. 31 | * 32 | * The @isTest class annotation indicates this class only contains test 33 | * methods. Classes defined with the @isTest annotation do not count against 34 | * the organization size limit for all Apex scripts. 35 | * 36 | * See the Apex Language Reference for more information about Testing and Code Coverage. 37 | */ 38 | @isTest 39 | private class testStringValidationRule { 40 | 41 | static testMethod void testStringValidationRule1() { 42 | SFDCStringValidationRule svr = new SFDCStringValidationRule('test', '^[\\d]*$'); 43 | 44 | svr.addBlacklistPattern('((.)*)[0]((.)*)'); 45 | svr.setMaximumLength(20); 46 | svr.setMinimumLength(2); 47 | svr.setAllowNull(false); 48 | 49 | svr.assertValid('567'); 50 | 51 | svr = new SFDCStringValidationRule('test2'); 52 | 53 | svr.addWhitelistPattern(pattern.compile('^[\\d]*$')); 54 | svr.addBlacklistPattern(pattern.compile('((.)*)[0]((.)*)')); 55 | svr.setMaximumLength(20); 56 | svr.setMinimumLength(2); 57 | svr.setAllowNull(true); 58 | 59 | svr.assertValid('567'); 60 | 61 | try { 62 | svr.assertValid('405'); // should fail because of the zero 63 | System.assert(false, 'Should never get here - 405'); 64 | } catch (SFDCValidator.SFDCValidationException e) { 65 | // should fail - so all good 66 | } 67 | 68 | try { 69 | svr.assertValid('abc'); // should fail because not digits 70 | System.assert(false, 'Should never get here - abc'); 71 | } catch (SFDCValidator.SFDCValidationException e) { 72 | // should fail - so all good 73 | } 74 | 75 | try { 76 | svr.assertValid('1'); // should fail because shorter than minimum 77 | System.assert(false, 'Should never get here - 1'); 78 | } catch (SFDCValidator.SFDCValidationException e) { 79 | // should fail - so all good 80 | } 81 | 82 | try { 83 | svr.assertValid('123456789123456789123456789'); // should fail because longer than maximum 84 | System.assert(false, 'Should never get here - 123456789123456789123456789'); 85 | } catch (SFDCValidator.SFDCValidationException e) { 86 | // should fail - so all good 87 | } 88 | 89 | svr.assertValid(null); 90 | svr.assertValid(''); 91 | 92 | svr.setAllowNull(false); 93 | 94 | try { 95 | svr.assertValid(null); // should fail because null 96 | System.assert(false, 'Should never get here - null'); 97 | } catch (SFDCValidator.SFDCValidationException e) { 98 | // should fail - so all good 99 | } 100 | 101 | try { 102 | String a = null; 103 | svr.addWhitelistPattern(a); 104 | System.assert(false, 'Should never get here'); 105 | } catch (SFDCValidator.SFDCValidationException e) { 106 | // should fail - so all good 107 | } 108 | 109 | try { 110 | String a = null; 111 | svr.addBlacklistPattern(a); 112 | System.assert(false, 'Should never get here'); 113 | } catch (SFDCValidator.SFDCValidationException e) { 114 | // should fail - so all good 115 | } 116 | 117 | try { 118 | Pattern a = null; 119 | svr.addWhitelistPattern(a); 120 | System.assert(false, 'Should never get here'); 121 | } catch (SFDCValidator.SFDCValidationException e) { 122 | // should fail - so all good 123 | } 124 | 125 | try { 126 | Pattern a = null; 127 | svr.addBlacklistPattern(a); 128 | System.assert(false, 'Should never get here'); 129 | } catch (SFDCValidator.SFDCValidationException e) { 130 | // should fail - so all good 131 | } 132 | } 133 | } -------------------------------------------------------------------------------- /force-app/main/default/classes/testStringValidationRule.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/classes/testValidator.cls-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 29.0 4 | Active 5 | 6 | -------------------------------------------------------------------------------- /force-app/main/default/staticresources/New_BSD_License.resource: -------------------------------------------------------------------------------- 1 | Copyright (c) 2010, Salesforce.com 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above copyright 10 | notice, this list of conditions and the following disclaimer in the 11 | documentation and/or other materials provided with the distribution. 12 | * Neither the name of the Salesforce.com nor the 13 | names of its contributors may be used to endorse or promote products 14 | derived from this software without specific prior written permission. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 17 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 18 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 | IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 20 | INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 | BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 23 | LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 24 | OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 25 | OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /force-app/main/default/staticresources/New_BSD_License.resource-meta.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | Private 4 | text/plain 5 | New BSD License 6 | 7 | -------------------------------------------------------------------------------- /sfdx-project.json: -------------------------------------------------------------------------------- 1 | { 2 | "packageDirectories": [ 3 | { 4 | "path": "force-app", 5 | "default": true 6 | } 7 | ], 8 | "namespace": "", 9 | "sfdcLoginUrl": "https://login.salesforce.com", 10 | "sourceApiVersion": "29.0" 11 | } 12 | --------------------------------------------------------------------------------