4.0 LTS

CodeScan Article Author Icon
Will O'brien
  • Updated

Version 4.0 is a LTS (Long Term Service) release and will be maintained for at least 18 months.

Upgrade notes

  • We’ve made a lot of changes to the Quality Profiles. If you don’t want to use the new rules, you should make a copy of the current Quality Profile and use that.

Release notes

New Apex rules:

  1. Avoid Calling aggregate functions on non grouped query.
    • Calling aggregate functions can easily overrun governor limits that limit the total number of rows accessed.
  2. Remove Commented TODO and FIXME.
  3. Variable Declaration Hides Another.
    • Variables defined within a method scope should not hide class fields.
  4. Unreachable Code
    • Code that will never execute should be removed.
  5. Method Could be Static
    • Methods that can be called outside an object being created can be converted to static.
  6. Commented Out Code
    • Commented out code should be removed.
  7. Avoid Using For Loops to just add Elements to a Collection
    • Consider using the .addAll method instead.
  8. Exception Class Naming
    • A Class name that extends an exception should have a name that ends in “Exception”.
  9. Exception Classes Should Extend an Exception
    • A Class name that ends in “Exception” should extend an exception.
  10. Class does not have a corresponding test class
    • Every Class should have a corresponding Test Class which is named appropriately.
  11. Throw from Finally Block
    • Avoid throwing from a finally block, this can discard exceptions.
  12. Opening Brace Spacing
    • Opening brace spacing should be consistent.
  13. Opening Brace Line Position
    • Opening brace line position should be consistent.
  14. Closing Brace Spacing
    • Closing brace spacing should be consistent.
  15. Closing Brace Line Position
    • Closing brace line position should be consistent.
  16. Class Without Test Class
    • Every class should have a corresponding test class which is named appropriately.
  17. Avoid Get and Set Methods
    • Accessors should be defined with the field where possible.

Improved Apex rules:

  1. Only One Return
    • Now marks all a method’s return statements in a single violation.
  2. Avoid Assignment in Operand
    • A new parameter allows or disallows assignments in method arguments
  3. Unit tests should include assert
    • You can now pass a parameter to identify helper classes which does an assert
  4. Return empty array rather than null
    • Now checks for null returns on Set and List results.
  5. God class rule
    • Variable matching not being done case-insensitive
  6. Unnecessary Case Change rule
    • Checks for foo.equals(bar.toLowerCase()); instead of only foo.toLowerCase().equals(‘foo’);
  7. Broken null check
    • Checks for parentheses if ( (x==null) || (x.equals('something')) ) {} correctly
  8. Assignment has no effect
    • Checks for a few more scenarios like this.variable = this.variable
    • Renamed this rule from ‘Idempotent Operation’
  9. Law of Demeter
    • Now allows replace method chaining.
  10. Comment is Required
    • Now includes parameter for accessors.
  11. API is too old
    • Now shows the current and required versions in the violation message.
  12. Useless Parentheses
    • Reduced strictness and fixed several scenarios: insert(DML)a || (b && c)('a' + b).substring(0,3).
  13. Unnecessary Parentheses
    • This Rule has been deprecated. The Useless Parentheses rule now covers all occurences.
  • Test Class Without Test Cases
    • This rule now ignores classes that extend WebServiceMock and HttpCalloutMock.

New Visual Force rules:

  1. Avoid Hard-Coded Resource References
    • Identifies files that have been referenced with a hard-coded path instead of uploading the files as a Static Resource.
  2. Avoid hard-coded Page Links
    • Page links should use {!$Page.otherPage} instead of hard-coded links such as /apex/otherpage.html.
  3. Avoid hard-coded Resources
    • Files should be uploaded as a static resource and referenced using {!$Resource.something} instead of hard-coded links such as /resources/something.jpg

Updated Visual Force rules:

  1. Avoid HTML Comments
    • Now includes a parameter to ignore header comments.

Improvements:

  • Compatibility for SonarQube™ 7.1 - v4.0.8
  • Various rule documentation improvements
  • Multiple rules around public classes/methods now take global into account
  • Severity level improvements
  • Rule tag improvements
  • Aligned rule defaults with Google’s Style Guide. Using the “CodeScan strict way” Quality Profile will include all these coding guidelines.
  • Removed all deprecated rules
  • Updated the “CodeScan way” default Quality Profile to include important new rules.
  • Added “CodeScan strict way” Quality Profile to extend the new “CodeScan way”.
  • New formatting for violations spread over multiple lines.
  • Added violation rule to track unit test failures.
  • Support SFDX oauth credentials - v4.0.9
  • Added support for switch statements - v4.0.12
  • Added support for aura:unescapedHtml in vf:UnescapedAttributes - v4.0.14

Bug Fixes:

  • Unit Test Contains Too Many Asserts - fixed false positive.
  • SuppressWarnings - changed to case-insensitive
  • History Unit Test - deleted tests were being reported incorrectly
  • Dataflow analysis for Database.getQueryLocator correctly resolves used parameters (like Database.query)
  • Avoid InstanceOf in Catch Block - changed to case-insensitive
  • Unused Local Variable - fixed false positive.
  • Comment rules - fixed multiple false positives/negatives.
  • Constructor Calls Overridable Method - false positives around virtual vs final
  • Possible DAA Analysis bug fix when split over multiple lines - v4.0.4
  • False negatives on Unit Test Should Include Assert - v4.0.4
  • suppressUnitTestViolations reported violations in tests for certain rules
  • Unit tests should include assert - extraAssertFunctions parameter was not finding all possible assert functions.
  • Fixed unit tests incorrectly showing old failures.
  • Fixed error caused by file encoding mismatches.
  • Fixed errors preventing use of the IntelliJ plugin.
  • Fixed bug in Avoid Duplicate Literals rule - violations appearing after first scan v4.0.6.
  • Fixed bug in Avoid Unused Private Methods - methods would be seen as unused when a parameters namespaces were different v4.0.8.
  • Fixed potential bug in SQL Injection Rule - v4.0.10
  • Fixed potential bug in Unit tests - v4.0.13
  • Fixed parsing error that occurred when using enums inside triggers - v4.0.13
  • Fixed parsing error that occurred in lightning components - v4.0.13
  • Fixed parsing error in symbol highlithing - v4.0.13
  • Fixed bug in vf:UnescapedAttributes - v4.0.14