Salesforce Appexchange Checkmarx Major Issues
Dec19

Salesforce Appexchange Checkmarx Major Issues

Every Organization that creates it’s own App faces this huge challenge of getting the clearance from Salesforce Security Review. After completing the checkmarx clearances we submi the app for a final Security Review to Salesforce. This is the step where your app is human tested in testing org as well as in packaging org. This rigorous testing is mostly on the app security and functinality. I have seen several apps not passing this final Salesforce Security review and that too multiple times. Several of my last projects in 2016 have been just to do a line by line code review of the entire app and suggest changes before submitting for final review. Since a final review takes atleast 4-6 weeks most of the intelligent clients strategize this properly and get the code review and indepth analysis done with Salesforce wizards or experts. Now, in this blog I will explain some of the major issues and their solutions which are found in the Salesforce Security Review. Following are the list of major issues found in the app: 1.SOQL SOSL Injection 2.CRUD 3.Stored  XSS 4.Reflected XSS These four are the major as well as the common issues found in the app. I am sure you guys also must have come across these issues if you have worked on the Salesforce app. Now we will discuss one by one about these issues in detail. I will explain you the reason for the occurence of these issues as well as the possible solutions which could help you in overcoming these issues. SOQL and  SOSL Injection So the first major issue that is faced by the developers for developing any Salesforce App is  SOQL SOSL Injection. Reason For Occurrence: The SOQL SOSL Injection issue occurs when there is need for the user supplied input and if this input is being used for the dynamic SOQL query. In such a scenario what happens is if a user provides an unexcepected value which is not validated then it could change the meaning of whole query. Example: String Str= ‘SELECT Id, Name, Employee__c FROM Contact  WHERE  Employee__c= +StrList’  ConList=database.query(Str); Now In this kind of query where special characters are used for fetching data the meaning of whole query changes. SOLUTION: To remove the SOQL-SOSL Injection error from our code. We have to use the String.EscapeSingleQuotes()  method in the dynamic query wherever an user input has been provided in the query. Now we will use the String.EscapeSingleQuotes() method for correcting the above query So that it does not throw the SOQL-SOSL injection Error. ConList=database.query(String.escapeSingleQuotes(Str)); CRUD ISSUE: CRUD issues occurs in Salesforce when we are trying  to insert, update, or...

Read More
Gravity Forms and Salesforce Integrations
Dec12

Gravity Forms and Salesforce Integrations

Gravity forms are generally the WordPress plugins to create a contact form. It allows site owners to create and gather the information. GRAVITY FORMS + SALESFORCE It forms a great combination to gather the information and add leads to Salesforce automatically. It helps making CRM more easy and simple. To set up it takes few minutes and provide you a way to collect information with much simplicity.  Gravity forms are much more interactive and provides you with easy way to add fields, making them mandatory, email etc. If you already don’t have this plugin installed then get it and make your work much easier. WEB FORMS to SALESFORCE We have several apps which does somthing similar on the context of getting your data drom a Web Form into Salesforce. Ex:- Web2Anything:- http://developer.force.com/codeshare/projectpage?id=a0630000003JS9MAAW formyoula:- https://formyoula.squarespace.com/ Salesforce.com Sites Pages:- You will have to custom build the vfpage with form and make it a publicly accessible URL. INTEGRATION To integrate your Gravity Forms with Salesforce follow the steps below: Go to setup in your Salesforce Org. and type web-to-lead in Quick Find box.                Generate new form. The redirect URL should be the URL where you want your page to be redirected after the submission of the form.   Select the fields you require in your Gravity Form and save the HTML code generated through it.               SYNC YOUR WEB-TO-LEAD FORM WITH GRAVITY FORMS Create your web-to-lead form as described above Look for the Salesforce Add-on tab(Form<Settings) and select Integration Method as Web-to-Lead. Update Settings.   Create your Gravity Form in your WordPress Site.                Add the fields you used while creating your web-to-lead form Save the form. Click the Gravity Form’s name and lookup for the confirmation tab under the settings. Select confirmation tab to redirect Redirect URL should be the URL you got while generating the web-to-lead form.     The URL should not include the “?encoding=UTF-8” since Gravity form do it itself on start of the query string. Check “Pass Field Data Via Query String” Your screen should look like this:       NOTE:  If you are trying to work in your sandbox then do change the Redirect URL to test.salesforce.com instead of www.salesforce.com since web-to-lead form generates form working in Production. Remember you removed “?encoding=UTF-8” from the redirect URL, now make this the first line of your Query String. Start with your oid and retURL to process our Query string. Each value should use “&” in between.   Now it’s time to map your salesforce fields to that of the gravity form you created. Build your query string in the following format:                field_name=field_value&2nd_field_name=2nd_field_value You can take help from...

Read More
Salesforce REST integration JAVA Application
Jun15

Salesforce REST integration JAVA Application

Force.com REST API PROBLEM: How to connect/query/SOQL to any Salesforce.com account using REST API and JSON Payloads. This application will provide a great help in testing all kinds of Salesforce object queries in SOQLs and creating or updating various Salesforce custom as well as standard objects by the help of JSON Stings. SOLUTION: We build a small java based application which will achieve the following objectives. User enters the Client Id, Client Secret and the file name. Connect to the Salesforce Account using the above information. After a Successful connection the User can do any of the below Operations. Enter a SOQL Query to view the Results/Working. Enter a JSON String to Create/Update/Delete a Salesforce Object (Standard/Custom). The Solution is divided into various Blogs having all the Screenshots, Data flow diagrams, Flowcharts and Java/Html source codes. You can easily understand all the steps and can create the application on your end by the help of the various resources. The solution gives an in depth understanding of all the steps of REST authorization from Salesforce and generation of the access Token for further REST calls. The core part of our solution is the initial authorization of the Rest Application. User can also test almost any Salesforce object query and can also transfer the Record information to be created on salesforce in the JSON String format.   REQUIREMENTS: Apache Server, Eclipse IDE and Salesforce Developer Edition account. The User should also have some information about Salesforce force REST cUrls or it can be learnt almost instantly while testing the Rest Application being created in this blog. WE PROVIDE: We provide all the Screenshots, Data flow diagrams, Flowcharts and Java/Html source codes, URLs and Steps to perform. http://developer.force.com/REST   STEP 1. Enable Remote Access in SFDC. Log in to Salesforce.com with your developer account, navigate to Top Right corner, Your Name ➤ Setup ➤ Develop ➤ Remote Access, and click New to create a new remote access application if you have not already done so.   If you are running the application server on your own machine (the most common case for a development environment), then the URL will look like https://localhost:8443/Rest/oauth/_callback. After clicking Save, you will see your new application’s credentials: Click the link to reveal the consumer secret. Note – OAuth 1.0 terminology is currently used in the Remote Access screen. The OAuth 2.0 specification uses ‘client’ in place of ‘consumer’.Copy the consumer key and consumer secret, we will use them inorder to connect and receive the Authorization token.:   STEP 2. Enable SSL in Apache. If you already have an Apache Tomcat server with SSL Enable then Jump to...

Read More