Avoid DML native statements

This product is not supported for your selected Datadog site. ().
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: apex-security/avoid-dml-native-statements

Language: Apex

Severity: Warning

Category: Security

CWE: 863

Description

Native DML code executes in system context by default, which ignores the current user’s object permissions, field-level security (FLS), and sharing rules. In practice, this allows your code to read, update, or delete records and fields that the user wouldn’t normally have access to in the UI or API. If you don’t explicitly add CRUD/FLS and sharing checks, you risk exposing or modifying sensitive data — for example, letting a user indirectly change ownership, flip a restricted flag, or view confidential fields.

When using DML statement, always check if you could not implement this code using traditional CRUD operations.

Non-Compliant Code Examples

Account acc = new Account(External_Id__c = 'EX123', Name = 'Acme Global');
upsert acc External_Id__c;  // specify external Id field

Account acc = [SELECT Id FROM Account WHERE Name = 'Acme Corp Updated' LIMIT 1];
delete acc;


Account acc = new Account(Name = 'Acme Corporation');
insert acc;

Account acc = [SELECT Id, Name FROM Account WHERE Name = 'Acme Corporation' LIMIT 1];
acc.Name = 'Acme Corp Updated';

update acc;
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

원활한 통합. Datadog Code Security를 경험해 보세요

Datadog Code Security