PMD for Salesforce Code Check

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL.
Additionally it includes CPD, the copy-paste-detector. CPD finds duplicated code in Java, C, C++, C#, Groovy, PHP, Ruby, Fortran, JavaScript, PLSQL, Apache Velocity, Scala, Objective C, Matlab, Python, Go, Swift and Salesforce.com Apex and Visualforce.

Please note, that this module requires a Java 8 runtime environment.

Use link – https://dl.bintray.com/pmd/pmd-eclipse-plugin/updates/
to install PMD Software in eclipse from Help->Install New Software->Add Repository.

After installation Just right click on your project and select ‘Check Code‘ in PMD
You can generate PMD report which create Report folder in your project location.

File/folder Permission

Note that mode is not automatically assumed to be an octal value, so strings (such as “g+w”) will not work properly. To ensure the expected operation, you need to prefix mode with a zero (0):

chmod("/somedir/somefile", 755); // decimal; probably incorrect
chmod("/somedir/somefile", "u+rwx,go+rx"); // string; incorrect
chmod("/somedir/somefile", 0755); // octal; correct value of mode

The mode parameter consists of three octal number components specifying access restrictions for the owner, the user group in which the owner is in, and to everybody else in this order.

// Read and write for owner, nothing for everybody else
chmod("/somedir/somefile", 0600);
// Read and write for owner, read for everybody else
chmod("/somedir/somefile", 0644);
// Everything for owner, read and execute for others
chmod("/somedir/somefile", 0755);
// Everything for owner, read and execute for owner's group
chmod("/somedir/somefile", 0750);

Change File Permission Owner

// File name and username to use
$file_name= "foo.php";
$path = "/home/sites/public_html/sandbox/" . $file_name ;
$user_name = "root";

// Set the user
chown($path, $user_name);

// Check the result
$stat = stat($path);
print_r(posix_getpwuid($stat['uid']));

How to Protect a Website From Malware

Owning and designing websites is an exciting experience. The technology allows web designers to create interesting and dynamic websites. However, every website owner knows that security of her website is just as important as the fancy things it can do. Hackers target unprotected websites through password cracking programs, insecure PHP coding and outdated scripts. Malware code is injected into websites’ HTML and PHP files, causing web browsers to display hacked messages or advertisements instead of owner’s intended code. To protect a website, you must remove any vulnerable source that can be exploited by a hacker.

Instructions Website Protection

  1. Change the main website password (also known as the web hosting plan password) once a month. Use a combination of numbers, letters and symbols to form a secure password that is hard to guess or crack through hacking programs. For example, the password “S3409Uh29aa” is harder to guess than “sunshine29,
  2. Log in to each PHP script installed and in use (guestbook, blog, mailing list) and change their administrator passwords. Form difficult administrator password for each script that you’re using on the website.
  3. Update all scripts that are in use and are planned to be parts of the website in the future. Upgrade to latest available and stable versions by downloading them from the developers’ websites. Update any security patches available through the developer. Outdated PHP scripts have insecure coding and are often hacked and injected with malware code.
  4. Remove any scripts that are outdated and no longer in use. Delete the files off the web server or follow uninstall directions if available through your website’s control panel.
  5. Disable global directives and variables (which can be used to gain access to administrator panels and inject malware code) from your web hosting account. Alter the “.htaccess” file to secure the website and protect it from this common malice.
    Disable “php_globals”
  6. Log in to your website’s root directory using an FTP program. Select “Show hidden files” from the FTP display options.
  7. Locate a folder called “public_html” and open it.
  8. Download “.htaccess” from your website to your desktop.
  9. Right-click on the downloaded “.htaccess” file. Select “Open With – Notepad.”
  10. Type on the first line of the .htaccess file the following code: php_flag register_globals off  Save the file and upload back to “public_html.”