Index of all built-in rules available for Apex
Edit me

Best Practices

Rules which enforce generally accepted best practices.

Code Style

Rules which enforce a specific coding style.
  • ClassNamingConventions: Configurable naming conventions for type declarations. This rule reports type declarat…
  • FieldNamingConventions: Configurable naming conventions for field declarations. This rule reports variable declarations …
  • ForLoopsMustUseBraces: Avoid using ‘for’ statements without using surrounding braces. If the code formatting orindentati…
  • FormalParameterNamingConventions: Configurable naming conventions for formal parameters of methods. This rule reports fo…
  • IfElseStmtsMustUseBraces: Avoid using if..else statements without using surrounding braces. If the code formattingor indent…
  • IfStmtsMustUseBraces: Avoid using if statements without using braces to surround the code block. If the codeformatting …
  • LocalVariableNamingConventions: Configurable naming conventions for local variable declarations. This rule reports var…
  • MethodNamingConventions: Configurable naming conventions for method declarations. This rule reports method decl…
  • OneDeclarationPerLine: Apex allows the use of several variables declaration of the same type on one line. However, itcan…
  • PropertyNamingConventions: Configurable naming conventions for property declarations. This rule reports property …
  • VariableNamingConventions: Deprecated A variable naming conventions rule - customize this to your liking. Currently, itchecks for fina…
  • WhileLoopsMustUseBraces: Avoid using ‘while’ statements without using braces to surround the code block. If the codeformat…

Design

Rules that help you discover design issues.
  • AvoidDeeplyNestedIfStmts: Avoid creating deeply nested if-then statements since they are harder to read and error-prone to …
  • CyclomaticComplexity: The complexity of methods directly affects maintenance costs and readability. Concentrating too m…
  • ExcessiveClassLength: Excessive class file lengths are usually indications that the class may be burdened with excessiv…
  • ExcessiveParameterList: Methods with numerous parameters are a challenge to maintain, especially if most of them share th…
  • ExcessivePublicCount: Classes with large numbers of public methods and attributes require disproportionate testing effo…
  • NcssConstructorCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • NcssMethodCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • NcssTypeCount: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…
  • StdCyclomaticComplexity: Complexity directly affects maintenance costs is determined by the number of decision points in a…
  • TooManyFields: Classes that have too many fields can become unwieldy and could be redesigned to have fewer field…

Documentation

Rules that are related to code documentation.
  • ApexDoc: This rule validates that: ApexDoc comments are present for classes, methods, and properties that …

Error Prone

Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
  • ApexCSRF: Having DML operations in Apex class constructor or initializers can have unexpected side effects:…
  • AvoidDirectAccessTriggerMap: Avoid directly accessing Trigger.old and Trigger.new as it can lead to a bug. Triggers should be …
  • AvoidHardcodingId: When deploying Apex code between sandbox and production environments, or installing Force.com App…
  • AvoidNonExistentAnnotations: Apex supported non existent annotations for legacy reasons. In the future, use of such…
  • EmptyCatchBlock: Empty Catch Block finds instances where an exception is caught, but nothing is done. In most cir…
  • EmptyIfStmt: Empty If Statement finds instances where a condition is checked but nothing is done about it.
  • EmptyStatementBlock: Empty block statements serve no purpose and should be removed.
  • EmptyTryOrFinallyBlock: Avoid empty try or finally blocks - what’s the point?
  • EmptyWhileStmt: Empty While Statement finds all instances where a while statement does nothing. If it is a timin…
  • MethodWithSameNameAsEnclosingClass: Non-constructor methods should not have the same name as the enclosing class.

Performance

Rules that flag suboptimal code.
  • AvoidDmlStatementsInLoops: Avoid DML statements inside loops to avoid hitting the DML governor limit. Instead, try to batch …
  • AvoidSoqlInLoops: New objects created within loops should be checked to see if they can created outside them and re…
  • AvoidSoslInLoops: Sosl calls within loops can cause governor limit exceptions.

Security

Rules that flag potential security flaws.
  • ApexBadCrypto: The rule makes sure you are using randomly generated IVs and keys for ‘Crypto’ calls.Hard-wiring …
  • ApexCRUDViolation: The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation.Since…
  • ApexCSRF: Deprecated The rule has been moved to another ruleset. Use instead ApexCSRF.
  • ApexDangerousMethods: Checks against calling dangerous methods.For the time being, it reports: Against ‘FinancialForce’…
  • ApexInsecureEndpoint: Checks against accessing endpoints under plain http. You should always usehttps for security.
  • ApexOpenRedirect: Checks against redirects to user-controlled locations. This prevents attackers fromredirecting us…
  • ApexSharingViolations: Detect classes declared without explicit sharing mode if DML methods are used. Thisforces the dev…
  • ApexSOQLInjection: Detects the usage of untrusted / unescaped variables in DML queries.
  • ApexSuggestUsingNamedCred: Detects hardcoded credentials used in requests to an endpoint.You should refrain from hardcoding …
  • ApexXSSFromEscapeFalse: Reports on calls to ‘addError’ with disabled escaping. The message passed to ‘addError’will be di…
  • ApexXSSFromURLParam: Makes sure that all values obtained from URL parameters are properly escaped / sanitizedto avoid …

Additional rulesets