<!-- this highlights the active parent class in the navgoco sidebar. this is critical so that the parent expands when you're viewing a page. This must appear below the sidebar code above. Otherwise, if placed inside customscripts.js, the script runs before the sidebar code runs and the class never gets inserted.-->
<divclass="summary">Index of all built-in rules available for Apex</div>
<!-- this handles the automatic toc. use ## for subheads to auto-generate the on-page minitoc. if you use html tags, you must supply an ID for the heading element in order for it to appear in the minitoc. -->
<!-- DO NOT EDIT THIS FILE. This file is generated. -->
<h2id="best-practices">Best Practices</h2>
<divclass="bs-callout bs-callout-">Rules which enforce generally accepted best practices.</div>
<ul>
<li><ahref="pmd_rules_apex_bestpractices.html#apexassertionsshouldincludemessage">ApexAssertionsShouldIncludeMessage</a>: The second parameter of System.assert/third parameter of System.assertEquals/System.assertNotEqua…</li>
<li><ahref="pmd_rules_apex_bestpractices.html#apexunittestclassshouldhaveasserts">ApexUnitTestClassShouldHaveAsserts</a>: Apex unit tests should include at least one assertion. This makes the tests more robust, and usi…</li>
<li><ahref="pmd_rules_apex_bestpractices.html#apexunittestmethodshouldhaveistestannotation">ApexUnitTestMethodShouldHaveIsTestAnnotation</a>: Apex test methods should have ‘@isTest’ annotation instead of the ‘testMethod’ keyword, as ‘testM…</li>
<li><ahref="pmd_rules_apex_bestpractices.html#apexunittestshouldnotuseseealldatatrue">ApexUnitTestShouldNotUseSeeAllDataTrue</a>: Apex unit tests should not use @isTest(seeAllData=true) because it opens up the existing database…</li>
<li><ahref="pmd_rules_apex_bestpractices.html#avoidglobalmodifier">AvoidGlobalModifier</a>: Global classes should be avoided (especially in managed packages) as they can never be deleted or…</li>
<li><ahref="pmd_rules_apex_bestpractices.html#avoidlogicintrigger">AvoidLogicInTrigger</a>: As triggers do not allow methods like regular classes they are less flexible and suited to apply …</li>
<li><ahref="pmd_rules_apex_bestpractices.html#debugsshoulduselogginglevel">DebugsShouldUseLoggingLevel</a>: The first parameter of System.debug, when using the signature with two parameters, is a LoggingLe…</li>
<li><ahref="pmd_rules_apex_bestpractices.html#unusedlocalvariable">UnusedLocalVariable</a>: Detects when a local variable is declared and/or assigned but not used.</li>
</ul>
<h2id="code-style">Code Style</h2>
<divclass="bs-callout bs-callout-">Rules which enforce a specific coding style.</div>
<ul>
<li><ahref="pmd_rules_apex_codestyle.html#classnamingconventions">ClassNamingConventions</a>: Configurable naming conventions for type declarations. This rule reports type declara…</li>
<li><ahref="pmd_rules_apex_codestyle.html#fielddeclarationsshouldbeatstart">FieldDeclarationsShouldBeAtStart</a>: Field declarations should appear before method declarations within a class.</li>
<li><ahref="pmd_rules_apex_codestyle.html#fieldnamingconventions">FieldNamingConventions</a>: Configurable naming conventions for field declarations. This rule reports variable declarations …</li>
<li><ahref="pmd_rules_apex_codestyle.html#forloopsmustusebraces">ForLoopsMustUseBraces</a>: Avoid using ‘for’ statements without using surrounding braces. If the code formatting or indentat…</li>
<li><ahref="pmd_rules_apex_codestyle.html#formalparameternamingconventions">FormalParameterNamingConventions</a>: Configurable naming conventions for formal parameters of methods. This rule reports f…</li>
<li><ahref="pmd_rules_apex_codestyle.html#ifelsestmtsmustusebraces">IfElseStmtsMustUseBraces</a>: Avoid using if..else statements without using surrounding braces. If the code formatting or inden…</li>
<li><ahref="pmd_rules_apex_codestyle.html#ifstmtsmustusebraces">IfStmtsMustUseBraces</a>: Avoid using if statements without using braces to surround the code block. If the code formatting…</li>
<li><ahref="pmd_rules_apex_codestyle.html#localvariablenamingconventions">LocalVariableNamingConventions</a>: Configurable naming conventions for local variable declarations. This rule reports va…</li>
<li><ahref="pmd_rules_apex_codestyle.html#methodnamingconventions">MethodNamingConventions</a>: Configurable naming conventions for method declarations. This rule reports method dec…</li>
<li><ahref="pmd_rules_apex_codestyle.html#onedeclarationperline">OneDeclarationPerLine</a>: Apex allows the use of several variables declaration of the same type on one line. However, it ca…</li>
<li><ahref="pmd_rules_apex_codestyle.html#propertynamingconventions">PropertyNamingConventions</a>: Configurable naming conventions for property declarations. This rule reports property…</li>
<li><ahref="pmd_rules_apex_codestyle.html#variablenamingconventions">VariableNamingConventions</a>: <spanstyle="border-radius: 0.25em; color: #fff; padding: 0.2em 0.6em 0.3em; display: inline; background-color: #d9534f; font-size: 75%;">Deprecated</span> A variable naming conventions rule - customize this to your liking. Currently, it checks for fin…</li>
<li><ahref="pmd_rules_apex_codestyle.html#whileloopsmustusebraces">WhileLoopsMustUseBraces</a>: Avoid using ‘while’ statements without using braces to surround the code block. If the code forma…</li>
</ul>
<h2id="design">Design</h2>
<divclass="bs-callout bs-callout-">Rules that help you discover design issues.</div>
<ul>
<li><ahref="pmd_rules_apex_design.html#avoiddeeplynestedifstmts">AvoidDeeplyNestedIfStmts</a>: Avoid creating deeply nested if-then statements since they are harder to read and error-prone to …</li>
<li><ahref="pmd_rules_apex_design.html#cognitivecomplexity">CognitiveComplexity</a>: Methods that are highly complex are difficult to read and more costly to maintain. If you include…</li>
<li><ahref="pmd_rules_apex_design.html#cyclomaticcomplexity">CyclomaticComplexity</a>: The complexity of methods directly affects maintenance costs and readability. Concentrating too m…</li>
<li><ahref="pmd_rules_apex_design.html#excessiveclasslength">ExcessiveClassLength</a>: Excessive class file lengths are usually indications that the class may be burdened with excessiv…</li>
<li><ahref="pmd_rules_apex_design.html#excessiveparameterlist">ExcessiveParameterList</a>: Methods with numerous parameters are a challenge to maintain, especially if most of them share th…</li>
<li><ahref="pmd_rules_apex_design.html#excessivepubliccount">ExcessivePublicCount</a>: Classes with large numbers of public methods and attributes require disproportionate testing effo…</li>
<li><ahref="pmd_rules_apex_design.html#ncssconstructorcount">NcssConstructorCount</a>: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…</li>
<li><ahref="pmd_rules_apex_design.html#ncssmethodcount">NcssMethodCount</a>: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…</li>
<li><ahref="pmd_rules_apex_design.html#ncsstypecount">NcssTypeCount</a>: This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of l…</li>
<li><ahref="pmd_rules_apex_design.html#stdcyclomaticcomplexity">StdCyclomaticComplexity</a>: Complexity directly affects maintenance costs is determined by the number of decision points in a…</li>
<li><ahref="pmd_rules_apex_design.html#toomanyfields">TooManyFields</a>: Classes that have too many fields can become unwieldy and could be redesigned to have fewer field…</li>
</ul>
<h2id="documentation">Documentation</h2>
<divclass="bs-callout bs-callout-">Rules that are related to code documentation.</div>
<li><ahref="pmd_rules_apex_documentation.html#apexdoc">ApexDoc</a>: This rule validates that: ApexDoc comments are present for classes, methods, and properties th…</li>
<divclass="bs-callout bs-callout-">Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.</div>
<ul>
<li><ahref="pmd_rules_apex_errorprone.html#apexcsrf">ApexCSRF</a>: Having DML operations in Apex class constructor or initializers can have unexpected side effects:…</li>
<li><ahref="pmd_rules_apex_errorprone.html#avoiddirectaccesstriggermap">AvoidDirectAccessTriggerMap</a>: Avoid directly accessing Trigger.old and Trigger.new as it can lead to a bug. Triggers should be …</li>
<li><ahref="pmd_rules_apex_errorprone.html#avoidhardcodingid">AvoidHardcodingId</a>: When deploying Apex code between sandbox and production environments, or installing Force.com App…</li>
<li><ahref="pmd_rules_apex_errorprone.html#avoidnonexistentannotations">AvoidNonExistentAnnotations</a>: Apex supported non existent annotations for legacy reasons. In the future, use of suc…</li>
<li><ahref="pmd_rules_apex_errorprone.html#emptycatchblock">EmptyCatchBlock</a>: Empty Catch Block finds instances where an exception is caught, but nothing is done. In most circ…</li>
<li><ahref="pmd_rules_apex_errorprone.html#emptyifstmt">EmptyIfStmt</a>: Empty If Statement finds instances where a condition is checked but nothing is done about it.</li>
<li><ahref="pmd_rules_apex_errorprone.html#emptystatementblock">EmptyStatementBlock</a>: Empty block statements serve no purpose and should be removed.</li>
<li><ahref="pmd_rules_apex_errorprone.html#emptytryorfinallyblock">EmptyTryOrFinallyBlock</a>: Avoid empty try or finally blocks - what’s the point?</li>
<li><ahref="pmd_rules_apex_errorprone.html#emptywhilestmt">EmptyWhileStmt</a>: Empty While Statement finds all instances where a while statement does nothing. If it is a timing…</li>
<li><ahref="pmd_rules_apex_errorprone.html#inaccessibleauraenabledgetter">InaccessibleAuraEnabledGetter</a>: In the Summer ‘21 release, a mandatory security update enforces access modifiers on Apex properti…</li>
<li><ahref="pmd_rules_apex_errorprone.html#methodwithsamenameasenclosingclass">MethodWithSameNameAsEnclosingClass</a>: Non-constructor methods should not have the same name as the enclosing class.</li>
<li><ahref="pmd_rules_apex_errorprone.html#overridebothequalsandhashcode">OverrideBothEqualsAndHashcode</a>: Override both ‘public Boolean equals(Object obj)’, and ‘public Integer hashCode()’, or override n…</li>
<li><ahref="pmd_rules_apex_errorprone.html#testmethodsmustbeintestclasses">TestMethodsMustBeInTestClasses</a>: Test methods marked as a testMethod or annotated with @IsTest, but not residing in a te…</li>
</ul>
<h2id="performance">Performance</h2>
<divclass="bs-callout bs-callout-">Rules that flag suboptimal code.</div>
<li><ahref="pmd_rules_apex_performance.html#avoiddebugstatements">AvoidDebugStatements</a>: Debug statements contribute to longer transactions and consume Apex CPU time even when debug logs…</li>
<li><ahref="pmd_rules_apex_performance.html#avoidsoqlinloops">AvoidSoqlInLoops</a>: <spanstyle="border-radius: 0.25em; color: #fff; padding: 0.2em 0.6em 0.3em; display: inline; background-color: #d9534f; font-size: 75%;">Deprecated</span> New objects created within loops should be checked to see if they can created outside them and re…</li>
<li><ahref="pmd_rules_apex_performance.html#avoidsoslinloops">AvoidSoslInLoops</a>: <spanstyle="border-radius: 0.25em; color: #fff; padding: 0.2em 0.6em 0.3em; display: inline; background-color: #d9534f; font-size: 75%;">Deprecated</span> Sosl calls within loops can cause governor limit exceptions. This rule is deprecated and will be …</li>
<divclass="bs-callout bs-callout-">Rules that flag potential security flaws.</div>
<ul>
<li><ahref="pmd_rules_apex_security.html#apexbadcrypto">ApexBadCrypto</a>: The rule makes sure you are using randomly generated IVs and keys for ‘Crypto’ calls. Hard-wiring…</li>
<li><ahref="pmd_rules_apex_security.html#apexcrudviolation">ApexCRUDViolation</a>: The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation. Sinc…</li>
<li><ahref="pmd_rules_apex_security.html#apexcsrf">ApexCSRF</a>: <spanstyle="border-radius: 0.25em; color: #fff; padding: 0.2em 0.6em 0.3em; display: inline; background-color: #d9534f; font-size: 75%;">Deprecated</span> The rule has been moved to another ruleset. Use instead <ahref="pmd_rules_apex_errorprone.html#apexcsrf">ApexCSRF</a>.</li>
<li><ahref="pmd_rules_apex_security.html#apexdangerousmethods">ApexDangerousMethods</a>: Checks against calling dangerous methods. For the time being, it reports: Against ‘FinancialForc…</li>
<li><ahref="pmd_rules_apex_security.html#apexinsecureendpoint">ApexInsecureEndpoint</a>: Checks against accessing endpoints under plain http. You should always use https for security.</li>
<li><ahref="pmd_rules_apex_security.html#apexopenredirect">ApexOpenRedirect</a>: Checks against redirects to user-controlled locations. This prevents attackers from redirecting u…</li>
<li><ahref="pmd_rules_apex_security.html#apexsharingviolations">ApexSharingViolations</a>: Detect classes declared without explicit sharing mode if DML methods are used. This forces the de…</li>
<li><ahref="pmd_rules_apex_security.html#apexsoqlinjection">ApexSOQLInjection</a>: Detects the usage of untrusted / unescaped variables in DML queries.</li>
<li><ahref="pmd_rules_apex_security.html#apexsuggestusingnamedcred">ApexSuggestUsingNamedCred</a>: Detects hardcoded credentials used in requests to an endpoint. You should refrain from hardcoding…</li>
<li><ahref="pmd_rules_apex_security.html#apexxssfromescapefalse">ApexXSSFromEscapeFalse</a>: Reports on calls to ‘addError’ with disabled escaping. The message passed to ‘addError’ will be d…</li>
<li><ahref="pmd_rules_apex_security.html#apexxssfromurlparam">ApexXSSFromURLParam</a>: Makes sure that all values obtained from URL parameters are properly escaped / sanitized to avoid…</li>
<p>Default ruleset used by the CodeClimate Engine for Salesforce.com Apex (<codeclass="language-plaintext highlighter-rouge">rulesets/apex/ruleset.xml</code>):</p>
<p><spanstyle="border-radius: 0.25em; color: #fff; padding: 0.2em 0.6em 0.3em; display: inline; background-color: #d9534f; font-size: 75%;">Deprecated</span> This ruleset is for backwards compatibility.</p>