Business Rules using eval function

Rule number

SN-0027

Impact

The eval() function evaluates or executes an argument. Improper use of eval() opens up your code for injection attacks and debugging can be more challenging, as no line numbers are displayed with an error.

Remediation

Avoid the use of eval. It encourages the use of non trusted code. If you must execute arbitrary code, use GlideScriptEvaluator which ensures it came from a record.

Time to fix

30 min

References

This rule is linked to Common Weakness Enumeration CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection).