6 Easy-to-Miss Salesforce Code Mistakes

salesforce naming conventions

Companies across various industries use Salesforce for marketing, collaboration, sales, and other critical business functions. When developers write codes for Salesforce daily, they may make errors. These mistakes are often hard to detect manually because they require many files to be inspected at once. Standard detection tools that check source file syntax may also miss these errors.

Here is what to look for in a Salesforce code review to ensure your code is free of common errors.

1. Salesforce Naming Conventions Best Practices

Naming conventions for Salesforce are rules that help users identify certain information about Salesforce components. A lack of Salesforce naming conventions can make it difficult for new users to audit fields and understand the context. It’s vital to choose a consistent class naming standard and acronym abbreviation pattern for the description fields and always fill it out.

2. CRUD/FLS Violations

When there is a CRUD/FLS violation, the object and field-level security permissions can be bypassed. Security bypass is a concern for internal orgs if external users can access sensitive data. CRUD/FLS violations risk customer data leaks.

3. Code Injection Vulnerabilities

Though open-source libraries such as third-party JavaScript libraries can aid with development, they are a security risk. Companies that bundle third-party libraries with their static resources leave their data vulnerable to code injection. Security flaws in these libraries may remain hidden, risking the integrity of the data.

4. Empty Description Boxes

Description boxes identify the purpose of each field, so completing description boxes helps users understand their value and determine if the field is necessary. Fill in these areas with concise, consistent, and comprehensible information.

5. Testing Only Once

Salesforce developers must test the fields in several ways to ensure they work correctly. Though one test may be successful, the other tests may result in failure, indicating the need for further development before shipping to production. Testing identifies potential risks, reduces production bugs, and improves confidence in the final product.

6. Hardcoding

Hardcoding prevents the apex class name from being modified in the production environment. If a URL is hardcoded in a report, and the production environment sees changes, the URL may stop working. Salesforce developers should avoid hardcoding to prevent this issue.

CodeScan Finds Common Errors in Salesforce

CodeScan is our static code analysis tool that verifies code health in the AutoRABIT DevSecOps platform. Analyzing code with CodeScan enables you to find human errors and problem areas and correct them to follow best practices. As a result, your team can produce and maintain high-quality code.

CodeScan’s capabilities include:

  • Security and compliance support for OWASP, SANS, and CWE standards.
  • Flexible deployment models to reduce risks and control costs.
  • Salesforce metadata management to propagate and nest metadata properties.

Schedule a Demo of CodeScan Today

CodeScan helps teams using Salesforce produce high-quality work while maintaining security and speed. Our CodeScan tool can take your DevSecOps processes to the next level by identifying easy-to-miss Salesforce code mistakes and correcting them before production. With this code review, your team can produce stronger code with fewer security vulnerabilities.

Schedule a demo of CodeScan online to see how it works.

Develop high quality, secure code!

Setting Up and Using CodeScan Effectively
Setting up and CodeScan in your salesforce org

Running CodeScan on your Salesforce Org is a great first step towards quality code, but maintaining that quality is a Read more

Estimating ROI with CodeScan
Estimate ROI using static code analysis tool CodeScan

Every Software Development Professional knows the following fact: the later bugs are found, the more expensive they are to fix. Read more

SFDX Tutorial | Setting Up CodeScan
CodeScan with Salesforce DX

Salesforce DX is a new focus on source-driven, collaborative development. The Salesforce CLI (Command Line Interface) easily integrates into your Read more

CodeScan and Visual Studio Team Services
continuous integration visual studio

Visual Studio Continuous IntegrationVisual Studio Team Services (VSTS) is a quick and powerful tool to set up continuous integration and Read more