Release notes

New rules:

• AvoidUsingSeeAllData rule - don’t use SeeAllData annotation
• AvoidUsingTestIsRunningTest rule - flag usage of Test.isRunningTest()

New security rules:

Note these are all experimental still and do not cover all use-cases yet. We are hoping to be able to capture more scenarios, but this is a minimal proof of concept.

• CrossSiteScriptingReflected rule - checks for XSS in javascript
• UnescapedSourceRule rule - checks for unescaped $CurrentPage.parameters.username passed to parameters which could cause XSS
• UnescapedOutputRule rule - checks for unescaped usage of $CurrentPage.parameters.username

Improvements:

• Lots of improvements and false-positive fixes to SimplifyBooleanReturns rule
• Lots of improvements and false-positive fixes to UselessParentheses rule
• Rule language names use better names instead of short names
• Updated testing to use version 34.0 of Salesforce API
• Now supports SonarQube 5.2
• Aura support (in 3.4-aura only)

Parsing fixes:

• Supports annotations properly. For example: @InvocableMethod(label=‘a’ description=‘b’)
• Fix casted DML statements. For example fix upsert (Account)obj;
• Fix usage of Select type label. For example: System.Label.Select

Bug Fixes

• Fixed a licensing issue experienced by some users
• Fixed a bug where testmethods are identified wrongly
• Fixed a bug causing a parse error when the comment ends with /*/ (3.4a)
• Fixed a bug where reporting issues to the interface was failing on SonarQube 5.2+ (3.4b)