Index of all built-in rules available for Apex
Table of Contents

Best Practices

Rules which enforce generally accepted best practices.

Code Style

Rules which enforce a specific coding style.

Design

Rules that help you discover design issues.
  • AvoidDeeplyNestedIfStmts: Avoid creating deeply nested if-then statements since they are harder to read and error-prone to …
  • CognitiveComplexity: Methods that are highly complex are difficult to read and more costly to maintain. If you include…
  • CyclomaticComplexity: The complexity of methods directly affects maintenance costs and readability. Concentrating too m…
  • ExcessiveClassLength: Excessive class file lengths are usually indications that the class may be burdened with excessiv…
  • ExcessiveParameterList: Methods with numerous parameters are a challenge to maintain, especially if most of them share th…
  • ExcessivePublicCount: Classes with large numbers of public methods, attributes, and properties require disproportionate…
  • NcssConstructorCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • NcssMethodCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • NcssTypeCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • StdCyclomaticComplexity: Complexity directly affects maintenance costs is determined by the number of decision points in a…
  • TooManyFields: Classes that have too many fields can become unwieldy and could be redesigned to have fewer field…
  • UnusedMethod: Avoid having unused methods since they make understanding and maintaining code harder. This rule …

Documentation

Rules that are related to code documentation.
  • ApexDoc: This rule validates that: ApexDoc comments are present for classes, methods, and properties th…

Error Prone

Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
  • ApexCSRF: Having DML operations in Apex class constructor or initializers can have unexpected side effects:…
  • AvoidDirectAccessTriggerMap: Avoid directly accessing Trigger.old and Trigger.new as it can lead to a bug. Triggers should be …
  • AvoidHardcodingId: When deploying Apex code between sandbox and production environments, or installing Force.com App…
  • AvoidNonExistentAnnotations: Apex supported non existent annotations for legacy reasons. In the future, use of suc…
  • EmptyCatchBlock: Empty Catch Block finds instances where an exception is caught, but nothing is done. In most circ…
  • EmptyIfStmt: Empty If Statement finds instances where a condition is checked but nothing is done about it.
  • EmptyStatementBlock: Empty block statements serve no purpose and should be removed.
  • EmptyTryOrFinallyBlock: Avoid empty try or finally blocks - what’s the point?
  • EmptyWhileStmt: Empty While Statement finds all instances where a while statement does nothing. If it is a timing…
  • InaccessibleAuraEnabledGetter: In the Summer ‘21 release, a mandatory security update enforces access modifiers on Apex properti…
  • MethodWithSameNameAsEnclosingClass: Non-constructor methods should not have the same name as the enclosing class.
  • OverrideBothEqualsAndHashcode: Override both ‘public Boolean equals(Object obj)’, and ‘public Integer hashCode()’, or override n…
  • TestMethodsMustBeInTestClasses: Test methods marked as a testMethod or annotated with @IsTest, but not residing in a te…

Performance

Rules that flag suboptimal code.

Security

Rules that flag potential security flaws.
  • ApexBadCrypto: The rule makes sure you are using randomly generated IVs and keys for ‘Crypto’ calls. Hard-wiring…
  • ApexCRUDViolation: The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation. Sinc…
  • ApexDangerousMethods: Checks against calling dangerous methods. For the time being, it reports: Against ‘FinancialForc…
  • ApexInsecureEndpoint: Checks against accessing endpoints under plain http. You should always use https for security.
  • ApexOpenRedirect: Checks against redirects to user-controlled locations. This prevents attackers from redirecting u…
  • ApexSharingViolations: Detect classes declared without explicit sharing mode if DML methods are used. This forces the de…
  • ApexSOQLInjection: Detects the usage of untrusted / unescaped variables in DML queries.
  • ApexSuggestUsingNamedCred: Detects hardcoded credentials used in requests to an endpoint. You should refrain from hardcoding…
  • ApexXSSFromEscapeFalse: Reports on calls to ‘addError’ with disabled escaping. The message passed to ‘addError’ will be d…
  • ApexXSSFromURLParam: Makes sure that all values obtained from URL parameters are properly escaped / sanitized to avoid…

Additional rulesets