+ Start a Discussion
Anuj Joshi 42Anuj Joshi 42 

Visualforce pages in Sites

Hi All,

In our org we have many pages and controllers. Most of the poages are used in sites. When we run a checkmarx report we have encountered Query:sahring issue. Its description is "All entry points to an app (Global or Controller classes) must use the 'with sharing' keyword. Classes without this keyword run without sharing if they are entry points to your code, or with the sharing policy of the caller. Do not omit the sharing declaration as this hides critical security information in side-effects that can change when code is refactored. Only declare classes as 'without sharing' if they are not entry points to your app and if they only modify objects whose security is managed by your code (such as wizard state, or fields in a site). It is a common misconception to believe that batch apex or async apex must run with the global keyword. This is not true, the only classes that must be global are those that expose webservices or are intended to be used by extension packages. All async apex should run as public in order to avoid creating privileged entry points to your app."
I am also checking for FLS in all the controllers. What do I need to eliminate the issue in the report. 
For example some of the controllers are written as:
public virtual class BaseSiteController {}

public without sharing class SiteRegistrationController extends BaseSiteController {

public class SearchMyCaseExt extends BaseSiteController{