Cross-Site Request Forgery (CSRF)
| Property | |
|---|---|
| Language | apex |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
Having DML operations in Apex class constructor or initializers can have unexpected side effects: By just accessing a page, the DML statements would be executed and the database would be modified. Just querying the database is permitted.