Edit me

List of rulesets and rules contained in each ruleset.

  • Best Practices: Rules which enforce generally accepted best practices.
  • Codestyle: Rules which enforce a specific coding style.
  • Design: Rules that help you discover design issues.
  • Error Prone: Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
  • Performance: Rules that flag suboptimal code.
  • Security: Rules that flag potential security flaws.

Best Practices

Codestyle

  • ClassNamingConventions: Class names should always begin with an upper case character.
  • ForLoopsMustUseBraces: Avoid using ‘for’ statements without using surrounding braces. If the code formatting orindentati…
  • IfElseStmtsMustUseBraces: Avoid using if..else statements without using surrounding braces. If the code formattingor indent…
  • IfStmtsMustUseBraces: Avoid using if statements without using braces to surround the code block. If the codeformatting …
  • MethodNamingConventions: Method names should always begin with a lower case character, and should not contain underscores.
  • VariableNamingConventions: A variable naming conventions rule - customize this to your liking. Currently, itchecks for fina…
  • WhileLoopsMustUseBraces: Avoid using ‘while’ statements without using braces to surround the code block. If the codeformat…

Design

  • AvoidDeeplyNestedIfStmts: Avoid creating deeply nested if-then statements since they are harder to read and error-prone to …
  • CyclomaticComplexity: The complexity of methods directly affects maintenance costs and readability. Concentrating too m…
  • ExcessiveClassLength: Excessive class file lengths are usually indications that the class may be burdened with excessiv…
  • ExcessiveParameterList: Methods with numerous parameters are a challenge to maintain, especially if most of them share th…
  • ExcessivePublicCount: Classes with large numbers of public methods and attributes require disproportionate testing effo…
  • NcssConstructorCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • NcssMethodCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • NcssTypeCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • StdCyclomaticComplexity: Complexity directly affects maintenance costs is determined by the number of decision points in a…
  • TooManyFields: Classes that have too many fields can become unwieldy and could be redesigned to have fewer field…

Error Prone

  • AvoidDirectAccessTriggerMap: Avoid directly accessing Trigger.old and Trigger.new as it can lead to a bug. Triggers should be …
  • AvoidHardcodingId: When deploying Apex code between sandbox and production environments, or installing Force.com App…
  • EmptyCatchBlock: Empty Catch Block finds instances where an exception is caught, but nothing is done. In most cir…
  • EmptyIfStmt: Empty If Statement finds instances where a condition is checked but nothing is done about it.
  • EmptyStatementBlock: Empty block statements serve no purpose and should be removed.
  • EmptyTryOrFinallyBlock: Avoid empty try or finally blocks - what’s the point?
  • EmptyWhileStmt: Empty While Statement finds all instances where a while statement does nothing. If it is a timin…
  • MethodWithSameNameAsEnclosingClass: Non-constructor methods should not have the same name as the enclosing class.

Performance

  • AvoidDmlStatementsInLoops: Avoid DML statements inside loops to avoid hitting the DML governor limit. Instead, try to batch …
  • AvoidSoqlInLoops: New objects created within loops should be checked to see if they can created outside them and re…
  • AvoidSoslInLoops: Sosl calls within loops can cause governor limit exceptions.

Security

  • ApexBadCrypto: The rule makes sure you are using randomly generated IVs and keys for ‘Crypto’ calls.Hard-wiring …
  • ApexCRUDViolation: The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation.Since…
  • ApexCSRF: Check to avoid making DML operations in Apex class constructor/init method. This preventsmodifica…
  • ApexDangerousMethods: Checks against calling dangerous methods.For the time being, it reports: Against ‘FinancialForce’…
  • ApexInsecureEndpoint: Checks against accessing endpoints under plain http. You should always usehttps for security.
  • ApexOpenRedirect: Checks against redirects to user-controlled locations. This prevents attackers fromredirecting us…
  • ApexSharingViolations: Detect classes declared without explicit sharing mode if DML methods are used. Thisforces the dev…
  • ApexSOQLInjection: Detects the usage of untrusted / unescaped variables in DML queries.
  • ApexSuggestUsingNamedCred: Detects hardcoded credentials used in requests to an endpoint.You should refrain from hardcoding …
  • ApexXSSFromEscapeFalse: Reports on calls to ‘addError’ with disabled escaping. The message passed to ‘addError’will be di…
  • ApexXSSFromURLParam: Makes sure that all values obtained from URL parameters are properly escaped / sanitizedto avoid …