Hi Apex developers,
We are excited to announce the release of a new set of Apex rules focusing on the core concepts of Salesforce:
Security via access control
- S5377: Sharing level should be specified in Apex Classes with SOQL/SOSL Queries or DML statements. (Vulnerability)
- S5378: Executing SOQL, SOSL or DML queries without sharing or with inherited sharing is security sensitive. (Security Hotspot)
Governor limits
- S5382: DML statements should not be used inside loops. (Bug)
Good tests
- S5395: Test methods should not be annotated with “@isTest(SeeAllData=true)”. (Code Smell)
- S5394: Tested code should be enclosed between “Test.StartTest()” and “Test.StopTest()”. (Code Smell)
- S5386: System.runAs should be used to test user permissions. (Code Smell)
Maintainability and bug-free code
- S5376: Triggers should process records in bulk. (Bug)
- S5379: Record IDs should not be hardcoded. (Bug)
- S5387: “getRecordTypeInfosByDeveloperName()” should be used instead of “getRecordTypeInfosByName()”. (Bug)
- S5389: URLs of Salesforce pages should be relative, not absolute. (Bug)
- S5390: Messages should not be hardcoded. (Code Smell)
- S5384: Business logic should not be implemented inside Triggers. (Code Smell)
Here are examples of these rules in action:
-
S5376 Triggers should process records in bulk.
-
S5382 DML statements should not be used inside loops.
-
S5377 Sharing level should be specified in Apex Classes with SOQL/SOSL Queries or DML statements.
-
S5378 Executing SOQL, SOSL or DML queries without sharing or with inherited sharing is security sensitive.
For more information you can read the changelog.
You can already enjoy these new features on SonarCloud. As for SonarQube, this will be built-in the next version (8.0), and meanwhile Enterprise Edition users can get it by updating to v1.7 of the Apex analysis engine.
All feedback is welcome.
Cheers,
Nicolas