CodeScan Shield logo

6 Easy-to-Miss Salesforce Code Mistakes

Easy to Miss Salesforce Code Mistakes graphic

Companies across various industries use Salesforce for marketing, collaboration, sales, and other critical business functions. When developers write codes for Salesforce daily, they may make errors. These mistakes are often hard to detect manually because they require many files to be inspected at once. Standard detection tools that check source file syntax may also miss these errors.

Here is what to look for in a Salesforce code review to ensure your code is free of common errors.

1. No Naming Conventions

Naming conventions for Salesforce are rules that help users identify certain information about Salesforce components. A lack of naming conventions can make it difficult for new users to audit fields and understand the context. It’s vital to choose a consistent naming pattern for the description fields and always fill it out.

2. CRUD/FLS Violations

When there is a CRUD/FLS violation, the object and field-level security permissions can be bypassed. Security bypass is a concern for internal orgs if external users can access sensitive data. CRUD/FLS violations risk customer data leaks.

3. Code Injection Vulnerabilities

Though open-source libraries such as third-party JavaScript libraries can aid with development, they are a security risk. Companies that bundle third-party libraries with their static resources leave their data vulnerable to code injection. Security flaws in these libraries may remain hidden, risking the integrity of the data.

4. Empty Description Boxes

Description boxes identify the purpose of each field, so completing description boxes helps users understand their value and determine if the field is necessary. Fill in these areas with concise, consistent, and comprehensible information.

5. Testing Only Once

Salesforce developers must test the fields in several ways to ensure they work correctly. Though one test may be successful, the other tests may result in failure, indicating the need for further development before shipping to production. Testing identifies potential risks, reduces production bugs, and improves confidence in the final product.

6. Hardcoding

Hardcoding prevents the apex class from being modified in the production environment. If a URL is hardcoded in a report, and the production environment sees changes, the URL may stop working. Salesforce developers should avoid hardcoding to prevent this issue.

CodeScan by AutoRABIT Finds Common Errors in Salesforce

CodeScan is our static code analysis tool that verifies code health in the AutoRABIT DevSecOps platform. Analyzing code with CodeScan enables you to find human errors and problem areas and correct them to follow best practices. As a result, your team can produce and maintain high-quality code. The AutoRABIT CodeScan capabilities include:
  • Security and compliance support for OWASP, SANS, and CWE standards.
  • Flexible deployment models to reduce risks and control costs.
  • Salesforce metadata management to propagate and nest metadata properties.

Schedule a Demo of CodeScan by AutoRABIT Today

AutoRABIT helps teams using Salesforce produce high-quality work while maintaining security and speed. Our CodeScan tool can take your DevSecOps processes to the next level by identifying easy-to-miss Salesforce code mistakes and correcting them before production. With this code review, your team can produce stronger code with fewer security vulnerabilities. Schedule a demo of CodeScan online to see how it works.

Develop high quality, secure code!

Setting Up and Using CodeScan Effectively
Setting up and CodeScan in your salesforce org

Running CodeScan on your Salesforce Org is a great first step towards quality code, but maintaining that quality is a Read more

Estimating ROI with CodeScan
Estimate ROI using static code analysis tool CodeScan

Every Software Development Professional knows the following fact: the later bugs are found, the more expensive they are to fix. Read more

Tutorial | Setting Up CodeScan with Saleforce DX
CodeScan with Salesforce DX

Salesforce DX is a new focus on source-driven, collaborative development. The Salesforce CLI (Command Line Interface) easily integrates into your Read more

CodeScan and Visual Studio Team Services
CodeScan and Visual Studio integrationCI/CD for your projects

Visual Studio Team Services (VSTS) is a quick and powerful tool to set up continuous integration and continuous delivery for Read more