Companies across various industries use Salesforce for marketing, collaboration, sales, and other critical business functions. When developers write codes for Salesforce daily, they may make errors. These mistakes are often hard to detect manually because they require many files to be inspected at once. Standard detection tools that check source file syntax may also miss these errors.
Here is what to look for in a Salesforce code review to ensure your code is free of common errors.
Let’s dig deeper into 6 Easy-to-Miss Salesforce Code Mistakes:
- Salesforce Naming Conventions Best Practices
- CRUD/FLS Violations
- Code Injection Vulnerabilities
- Empty Description Boxes
- Testing Only Once
- Hardcoding
1. Salesforce Naming Conventions Best Practices
Naming conventions for Salesforce are rules that help users identify certain information about Salesforce components. A lack of Salesforce naming conventions can make it difficult for new users to audit fields and understand the context. It’s vital to choose a consistent class naming standard and acronym abbreviation pattern for the description fields and always fill it out.
2. CRUD/FLS Violations
When there is a CRUD/FLS violation, the object and field-level security permissions can be bypassed. Security bypass is a concern for internal orgs if external users can access sensitive data. CRUD/FLS violations risk customer data leaks.
3. Code Injection Vulnerabilities
Though open-source libraries such as third-party JavaScript libraries can aid with development, they are a security risk. Companies that bundle third-party libraries with their static resources leave their data vulnerable to code injection. Security flaws in these libraries may remain hidden, risking the integrity of the data.
4. Empty Description Boxes
Description boxes identify the purpose of each field, so completing description boxes helps users understand their value and determine if the field is necessary. Fill in these areas with concise, consistent, and comprehensible information.
5. Testing Only Once
Salesforce developers must test the fields in several ways to ensure they work correctly. Though one test may be successful, the other tests may result in failure, indicating the need for further development before shipping to production. Testing identifies potential risks, reduces production bugs, and improves confidence in the final product.
6. Hardcoding
Hardcoding prevents the apex class name from being modified in the production environment. If a URL is hardcoded in a report, and the production environment sees changes, the URL may stop working. Salesforce developers should avoid hardcoding to prevent this issue.
CodeScan Finds Common Errors in Salesforce
CodeScan is our static code analysis tool that verifies code health in the AutoRABIT DevSecOps platform. Analyzing code with CodeScan enables you to find human errors and problem areas and correct them to follow best practices. As a result, your team can produce and maintain high-quality code.
CodeScan’s capabilities include:
- Security and compliance support for OWASP, SANS, and CWE standards.
- Flexible deployment models to reduce risks and control costs.
- Salesforce metadata management to propagate and nest metadata properties.
Schedule a Demo of CodeScan Today
CodeScan helps teams using Salesforce produce high-quality work while maintaining security and speed. Our CodeScan tool can take your DevSecOps processes to the next level by identifying easy-to-miss Salesforce code mistakes and correcting them before production. With this code review, your team can produce stronger code with fewer security vulnerabilities.
Schedule a demo of CodeScan online to see how it works.