From 103a745083e94f026c0e326d9b59ee8c3f9cedfe Mon Sep 17 00:00:00 2001
From: Sergey <sergey.gorbaty@salesforce.com>
Date: Tue, 31 Jan 2017 16:00:53 -0800
Subject: [PATCH 1/2] Integers won't count as SOQL injection

---
 .../apex/rule/security/ApexSOQLInjectionRule.java |  4 ++++
 .../apex/rule/security/xml/ApexSOQLInjection.xml  | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexSOQLInjectionRule.java b/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexSOQLInjectionRule.java
index e45036fb94..2a10dfe2cc 100644
--- a/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexSOQLInjectionRule.java
+++ b/pmd-apex/src/main/java/net/sourceforge/pmd/lang/apex/rule/security/ApexSOQLInjectionRule.java
@@ -96,6 +96,10 @@ public class ApexSOQLInjectionRule extends AbstractApexRule {
         if (literal != null) {
             if (left != null) {
                 Object o = literal.getNode().getLiteral();
+                if (o instanceof Integer || o instanceof Boolean || o instanceof Double) {
+                    safeVariables.add(Helper.getFQVariableName(left));
+                }
+
                 if (o instanceof String) {
                     if (SELECT_PATTERN.matcher((String) o).matches()) {
                         selectContainingVariables.put(Helper.getFQVariableName(left), Boolean.TRUE);
diff --git a/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexSOQLInjection.xml b/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexSOQLInjection.xml
index 8646523332..ae96b8ba38 100644
--- a/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexSOQLInjection.xml
+++ b/pmd-apex/src/test/resources/net/sourceforge/pmd/lang/apex/rule/security/xml/ApexSOQLInjection.xml
@@ -206,4 +206,19 @@ public class Foo {
 }
 		]]></code>
 	</test-code>
+	
+	<test-code>
+		<description>Dynamic SOQL with Integer
+		</description>
+		<expected-problems>0</expected-problems>
+		<code><![CDATA[
+public class Foo {
+	public void test1() {
+		Integer field1 = 4; 
+		Database.query('SELECT Id FROM Account LIMIT ' + field1);		
+	}
+}
+		]]></code>
+	</test-code>
+		
 </test-data>

From 27b2f9f547d84b38cbbab3d42c3478ae8114bd41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Mart=C3=ADn=20Sotuyo=20Dodero?= <jmsotuyo@monits.com>
Date: Thu, 2 Feb 2017 12:32:30 -0300
Subject: [PATCH 2/2] Update changelog

---
 src/site/markdown/overview/changelog.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/site/markdown/overview/changelog.md b/src/site/markdown/overview/changelog.md
index 590869c7ff..371f12ea3b 100644
--- a/src/site/markdown/overview/changelog.md
+++ b/src/site/markdown/overview/changelog.md
@@ -26,4 +26,5 @@ The PMD team is pleased to announce PMD 5.5.4
 
 *   [#227](https://github.com/pmd/pmd/pull/227): \[apex] Improving detection of getters
 *   [#228](https://github.com/pmd/pmd/pull/228): \[apex] Excluding count from CRUD/FLS checks
+*   [#229](https://github.com/pmd/pmd/pull/229): \[apex] Dynamic SOQL is safe against Integer, Boolean, Double