Version 4.0 is a LTS (Long Term Service) release and will be maintained for at least 18 months.
Upgrade notes
- We’ve made a lot of changes to the Quality Profiles. If you don’t want to use the new rules, you should make a copy of the current Quality Profile and use that.
Release notes
New Apex rules:
- Avoid Calling aggregate functions on non grouped query.
- Calling aggregate functions can easily overrun governor limits that limit the total number of rows accessed.
- Remove Commented TODO and FIXME.
- Variable Declaration Hides Another.
- Variables defined within a method scope should not hide class fields.
- Unreachable Code
- Code that will never execute should be removed.
- Method Could be Static
- Methods that can be called outside an object being created can be converted to static.
- Commented Out Code
- Commented out code should be removed.
- Avoid Using For Loops to just add Elements to a Collection
- Consider using the .addAll method instead.
- Exception Class Naming
- A Class name that extends an exception should have a name that ends in “Exception”.
- Exception Classes Should Extend an Exception
- A Class name that ends in “Exception” should extend an exception.
- Class does not have a corresponding test class
- Every Class should have a corresponding Test Class which is named appropriately.
- Throw from Finally Block
- Avoid throwing from a finally block, this can discard exceptions.
- Opening Brace Spacing
- Opening brace spacing should be consistent.
- Opening Brace Line Position
- Opening brace line position should be consistent.
- Closing Brace Spacing
- Closing brace spacing should be consistent.
- Closing Brace Line Position
- Closing brace line position should be consistent.
- Class Without Test Class
- Every class should have a corresponding test class which is named appropriately.
- Avoid Get and Set Methods
- Accessors should be defined with the field where possible.
Improved Apex rules:
- Only One Return
- Now marks all a method’s return statements in a single violation.
- Avoid Assignment in Operand
- A new parameter allows or disallows assignments in method arguments
- Unit tests should include assert
- You can now pass a parameter to identify helper classes which does an assert
- Return empty array rather than null
- Now checks for null returns on Set and List results.
- God class rule
- Variable matching not being done case-insensitive
- Unnecessary Case Change rule
- Checks for foo.equals(bar.toLowerCase()); instead of only foo.toLowerCase().equals(‘foo’);
- Broken null check
- Checks for parentheses
if ( (x==null) || (x.equals('something')) ) {}
correctly
- Checks for parentheses
- Assignment has no effect
- Checks for a few more scenarios like
this.variable = this.variable
- Renamed this rule from ‘Idempotent Operation’
- Checks for a few more scenarios like
- Law of Demeter
- Now allows replace method chaining.
- Comment is Required
- Now includes parameter for accessors.
- API is too old
- Now shows the current and required versions in the violation message.
- Useless Parentheses
- Reduced strictness and fixed several scenarios:
insert(DML)
,a || (b && c)
,('a' + b).substring(0,3)
.
- Reduced strictness and fixed several scenarios:
- Unnecessary Parentheses
- This Rule has been deprecated. The Useless Parentheses rule now covers all occurences.
- Test Class Without Test Cases
- This rule now ignores classes that extend WebServiceMock and HttpCalloutMock.
New Visual Force rules:
- Avoid Hard-Coded Resource References
- Identifies files that have been referenced with a hard-coded path instead of uploading the files as a Static Resource.
- Avoid hard-coded Page Links
- Page links should use
{!$Page.otherPage}
instead of hard-coded links such as/apex/otherpage.html
.
- Page links should use
- Avoid hard-coded Resources
- Files should be uploaded as a static resource and referenced using
{!$Resource.something}
instead of hard-coded links such as/resources/something.jpg
- Files should be uploaded as a static resource and referenced using
Updated Visual Force rules:
- Avoid HTML Comments
- Now includes a parameter to ignore header comments.
Improvements:
- Compatibility for SonarQube™ 7.1 - v4.0.8
- Various rule documentation improvements
- Multiple rules around public classes/methods now take global into account
- Severity level improvements
- Rule tag improvements
- Aligned rule defaults with Google’s Style Guide. Using the “CodeScan strict way” Quality Profile will include all these coding guidelines.
- Removed all deprecated rules
- Updated the “CodeScan way” default Quality Profile to include important new rules.
- Added “CodeScan strict way” Quality Profile to extend the new “CodeScan way”.
- New formatting for violations spread over multiple lines.
- Added violation rule to track unit test failures.
- Support SFDX oauth credentials - v4.0.9
- Added support for switch statements - v4.0.12
- Added support for aura:unescapedHtml in vf:UnescapedAttributes - v4.0.14
Bug Fixes:
- Unit Test Contains Too Many Asserts - fixed false positive.
- SuppressWarnings - changed to case-insensitive
- History Unit Test - deleted tests were being reported incorrectly
- Dataflow analysis for Database.getQueryLocator correctly resolves used parameters (like Database.query)
- Avoid InstanceOf in Catch Block - changed to case-insensitive
- Unused Local Variable - fixed false positive.
- Comment rules - fixed multiple false positives/negatives.
- Constructor Calls Overridable Method - false positives around virtual vs final
- Possible DAA Analysis bug fix when split over multiple lines - v4.0.4
- False negatives on Unit Test Should Include Assert - v4.0.4
- suppressUnitTestViolations reported violations in tests for certain rules
- Unit tests should include assert - extraAssertFunctions parameter was not finding all possible assert functions.
- Fixed unit tests incorrectly showing old failures.
- Fixed error caused by file encoding mismatches.
- Fixed errors preventing use of the IntelliJ plugin.
- Fixed bug in Avoid Duplicate Literals rule - violations appearing after first scan v4.0.6.
- Fixed bug in Avoid Unused Private Methods - methods would be seen as unused when a parameters namespaces were different v4.0.8.
- Fixed potential bug in SQL Injection Rule - v4.0.10
- Fixed potential bug in Unit tests - v4.0.13
- Fixed parsing error that occurred when using enums inside triggers - v4.0.13
- Fixed parsing error that occurred in lightning components - v4.0.13
- Fixed parsing error in symbol highlithing - v4.0.13
- Fixed bug in vf:UnescapedAttributes - v4.0.14