Skip to content

Add SOQL/SOSL injection guidance to differentiate from SQL #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thomas-bartlett merged 2 commits into from
Jan 22, 2026
Merged

Add SOQL/SOSL injection guidance to differentiate from SQL #88

thomas-bartlett merged 2 commits into from
Jan 22, 2026

Conversation

@thomas-bartlett
Copy link
Collaborator

@thomas-bartlett thomas-bartlett commented Jan 20, 2026

Adds a new SOQL/SOSL Injection section to the input validation rule that differentiates Salesforce query injection from traditional SQL injection.

@thomas-bartlett thomas-bartlett self-assigned this Jan 20, 2026
Copilot AI review requested due to automatic review settings January 20, 2026 20:25
@thomas-bartlett thomas-bartlett added enhancement New feature or request rule-feedback Providing feedback about a rule labels Jan 20, 2026
Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds SOQL/SOSL injection guidance to the input validation rule to differentiate Salesforce query injection from traditional SQL injection. The changes include adding Apex language support and documenting security best practices specific to Salesforce's query languages.

Changes:

  • Added Apex language mapping with .cls and .trigger file extensions to src/language_mappings.py
  • Added comprehensive SOQL/SOSL injection prevention guidance to the input validation rule
  • Updated rule description to include SOQL in addition to SQL/LDAP/OS injection types

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
src/language_mappings.py Added Apex language with correct file extensions (.cls, .trigger)
skills/software-security/rules/codeguard-0-input-validation-injection.md Added SOQL/SOSL injection section and updated description to include SOQL

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI reviewed Jan 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

ramraaj25
ramraaj25 approved these changes Jan 22, 2026
View reviewed changes
Copy link
Collaborator

@ramraaj25 ramraaj25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@thomas-bartlett thomas-bartlett merged commit f6bbd06 into develop Jan 22, 2026
1 check passed
@thomas-bartlett thomas-bartlett deleted the fix/differentiate-soql-from-sql-injection branch January 22, 2026 16:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ramraaj25 ramraaj25 ramraaj25 approved these changes

@santosomar santosomar Awaiting requested review from santosomar

@aacarter1 aacarter1 Awaiting requested review from aacarter1

Assignees

@thomas-bartlett thomas-bartlett

Labels

enhancement New feature or request rule-feedback Providing feedback about a rule

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thomas-bartlett @ramraaj25