Edit me

Best Practices

Rules which enforce generally accepted best practices.

Code Style

Rules which enforce a specific coding style.
  • ClassNamingConventions: Class names should always begin with an upper case character.
  • ForLoopsMustUseBraces: Avoid using ‘for’ statements without using surrounding braces. If the code formatting orindentati…
  • IfElseStmtsMustUseBraces: Avoid using if..else statements without using surrounding braces. If the code formattingor indent…
  • IfStmtsMustUseBraces: Avoid using if statements without using braces to surround the code block. If the codeformatting …
  • MethodNamingConventions: Method names should always begin with a lower case character, and should not contain underscores.
  • VariableNamingConventions: A variable naming conventions rule - customize this to your liking. Currently, itchecks for fina…
  • WhileLoopsMustUseBraces: Avoid using ‘while’ statements without using braces to surround the code block. If the codeformat…

Design

Rules that help you discover design issues.
  • AvoidDeeplyNestedIfStmts: Avoid creating deeply nested if-then statements since they are harder to read and error-prone to …
  • CyclomaticComplexity: The complexity of methods directly affects maintenance costs and readability. Concentrating too m…
  • ExcessiveClassLength: Excessive class file lengths are usually indications that the class may be burdened with excessiv…
  • ExcessiveParameterList: Methods with numerous parameters are a challenge to maintain, especially if most of them share th…
  • ExcessivePublicCount: Classes with large numbers of public methods and attributes require disproportionate testing effo…
  • NcssConstructorCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • NcssMethodCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • NcssTypeCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • StdCyclomaticComplexity: Complexity directly affects maintenance costs is determined by the number of decision points in a…
  • TooManyFields: Classes that have too many fields can become unwieldy and could be redesigned to have fewer field…

Error Prone

Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
  • AvoidDirectAccessTriggerMap: Avoid directly accessing Trigger.old and Trigger.new as it can lead to a bug. Triggers should be …
  • AvoidHardcodingId: When deploying Apex code between sandbox and production environments, or installing Force.com App…
  • EmptyCatchBlock: Empty Catch Block finds instances where an exception is caught, but nothing is done. In most cir…
  • EmptyIfStmt: Empty If Statement finds instances where a condition is checked but nothing is done about it.
  • EmptyStatementBlock: Empty block statements serve no purpose and should be removed.
  • EmptyTryOrFinallyBlock: Avoid empty try or finally blocks - what’s the point?
  • EmptyWhileStmt: Empty While Statement finds all instances where a while statement does nothing. If it is a timin…
  • MethodWithSameNameAsEnclosingClass: Non-constructor methods should not have the same name as the enclosing class.

Performance

Rules that flag suboptimal code.
  • AvoidDmlStatementsInLoops: Avoid DML statements inside loops to avoid hitting the DML governor limit. Instead, try to batch …
  • AvoidSoqlInLoops: New objects created within loops should be checked to see if they can created outside them and re…
  • AvoidSoslInLoops: Sosl calls within loops can cause governor limit exceptions.

Security

Rules that flag potential security flaws.
  • ApexBadCrypto: The rule makes sure you are using randomly generated IVs and keys for ‘Crypto’ calls.Hard-wiring …
  • ApexCRUDViolation: The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation.Since…
  • ApexCSRF: Check to avoid making DML operations in Apex class constructor/init method. This preventsmodifica…
  • ApexDangerousMethods: Checks against calling dangerous methods.For the time being, it reports: Against ‘FinancialForce’…
  • ApexInsecureEndpoint: Checks against accessing endpoints under plain http. You should always usehttps for security.
  • ApexOpenRedirect: Checks against redirects to user-controlled locations. This prevents attackers fromredirecting us…
  • ApexSharingViolations: Detect classes declared without explicit sharing mode if DML methods are used. Thisforces the dev…
  • ApexSOQLInjection: Detects the usage of untrusted / unescaped variables in DML queries.
  • ApexSuggestUsingNamedCred: Detects hardcoded credentials used in requests to an endpoint.You should refrain from hardcoding …
  • ApexXSSFromEscapeFalse: Reports on calls to ‘addError’ with disabled escaping. The message passed to ‘addError’will be di…
  • ApexXSSFromURLParam: Makes sure that all values obtained from URL parameters are properly escaped / sanitizedto avoid …

Additional rulesets