The $100 Million Query Gone Wrong
Do you ever watch those TV shows that start the episode with something like “Five Months Ago” or “One Year Ago?”
Usually these scenes are meant to provide some historical context as to why, in the present, all hell is breaking loose. Let’s paint a TV scene like this:
“One Year Ago”
The CFO of a growing startup company is living large. They just received a round of Series B funding and company financials are looking very promising. On this day, the CFO walks into their brand new office building, sits at their desk, and begins the workday by logging into Salesforce. They click on a report, expecting clean results, but instead, customer data has been manipulated and financial data is missing.
The CFO is panicking and asking around the office to try to get some answers. After two hours of waiting, the security team confirms that an attacker manipulated Salesforce queries, extracted sensitive data, and left behind a big ol’ mess that the CFO, executive leadership, general counsel, and internal stakeholders need to sort out.
What happened? A Salesforce SOQL injection attack - one that could have been prevented.
“Present Day”
The former CFO is participating in a job interview. A member of the interview committee asks them - “Can you tell us more about the cyber attack that you experienced and what steps you took after it occurred? If you’re a member of our executive team, how will you ensure something like this doesn’t happen?”
Keep reading to see the fictional CFO’s answer …. a.k.a this article.
What’s The Point?
The point of the story is this - Salesforce SOQL injection is a hidden threat that many businesses overlook until a disruptive attack has already happened.
In this guide, I’ll show you how to identify, assess, and remediate Salesforce SOQL injection risks. In addition, I’ve included a very simple and straight-forward template to make this process easier for you and your teammates.
Step 1: Inventory Your Codebase for SOQL Queries
Locating your queries is an absolutely critical first step in preventing Salesforce SOQL injection. If you don’t know where your SOQL queries are located, you can’t protect them.
Steps to Take:
- Run a code scan using tools like Salesforce Code Analyzer to find SOQL queries in your Apex code.
- Manually review high-risk areas, especially user-input-driven queries.
- Document your findings using the template below
Step 2: Assess SOQL Queries for Vulnerabilities
Not all SOQL queries are dangerous, but the ones that use user input are prime targets for malicious attacks. Here's what you can do to identify the queries that are the most vulnerable.
Steps to Take:
- Identify queries that concatenate user input directly into SOQL strings.
- Flag queries that don’t use bind variables (: syntax) for safely handling user input.
- Mark queries that lack input validation (e.g., allowing arbitrary text input without checks).
Step 3: Secure SOQL Queries with Best Practices
The key thing to guard against here is untrusted inputs by an attacker. Here's how you can update your SOQL queries to ensure untrusted inputs aren't accepted.
Steps to Take:
- Use bind variables instead of concatenating input.
- Sanitize user input using String.escapeSingleQuotes() to prevent malicious entries.
- Implement allowlisting (e.g., only allowing predefined values in user input).
Example: Fixing a Vulnerable SOQL Query
❌ Bad (Vulnerable to SOQL Injection)
String userInput = ApexPages.currentPage().getParameters().get('search');
String query = 'SELECT Id, Name FROM Account WHERE Name LIKE \'%' + userInput + '%\'';
List<Account> accounts = Database.query(query);
✅ Good (Secure)
String userInput = ApexPages.currentPage().getParameters().get('search');
String query = 'SELECT Id, Name FROM Account WHERE Name LIKE :searchTerm';
List<Account> accounts = Database.query(query);
Step 4: Implement Continuous Security Audits
It's important to recognize that Salesforce is iterative and will evolve with time. As a result, this effort isn't a one-and-done type of thing. It's important to incorporate security audits in your Salesforce strategy. Here's a very simple framework you can follow that will go a very long way.
Steps to Take:
- Conduct quarterly security audits of SOQL queries.
- Train developers and admins on secure SOQL practices.
- Schedule regular security reviews with your certified Salesforce partner.
Final Thoughts: Secure Your Salesforce Before It’s Too Late
SOQL injection is a real threat and exposes your organization to all of the major pitfalls of a data breach like loss of customer trust, financial penalties and legal repercussions, and operational disruption and recovery costs. By inventorying, assessing, securing, and auditing your queries, you significantly reduce your organization’s exposure to these types of risks. Here's a template that will help you get started with these exercises.
Need Help Assessing Your Risk?
Not sure if your Salesforce codebase is secure? Register for a free health check today to understand your risk of a Salesforce data breach.
