Release notes
New rules:
- AvoidUsingSeeAllData rule - don’t use SeeAllData annotation
- AvoidUsingTestIsRunningTest rule - flag usage of Test.isRunningTest()
New security rules:
Note these are all experimental still and do not cover all use-cases yet. We are hoping to be able to capture more scenarios, but this is a minimal proof of concept.
- CrossSiteScriptingReflected rule - checks for XSS in javascript
- UnescapedSourceRule rule - checks for unescaped $CurrentPage.parameters.username passed to parameters which could cause XSS
- UnescapedOutputRule rule - checks for unescaped usage of $CurrentPage.parameters.username
Improvements:
- Lots of improvements and false-positive fixes to SimplifyBooleanReturns rule
- Lots of improvements and false-positive fixes to UselessParentheses rule
- Rule language names use better names instead of short names
- Updated testing to use version 34.0 of Salesforce API
- Now supports SonarQube™ 5.2
- Aura support (in 3.4-aura only)
Parsing fixes:
- Supports annotations properly. For example: @InvocableMethod(label=‘a’ description=‘b’)
- Fix casted DML statements. For example fix upsert (Account)obj;
- Fix usage of Select type label. For example: System.Label.Select
Bug Fixes
- Fixed a licensing issue experienced by some users
- Fixed a bug where testmethods are identified wrongly
- Fixed a bug causing a parse error when the comment ends with /*/ (3.4a)
- Fixed a bug where reporting issues to the interface was failing on SonarQube™ 5.2+ (3.4b)