PMD AppExchange Rules Reference

The PMD AppExchange rules help you prepare your second-generation managed packages (managed 2GP) for security review. To select these rules, use --rule-selector AppExchange. For example, to run the AppExchange rules:

Description: Detects use of Api.Session_ID or GETSESSIONID() to retrieve a session ID.

Severity: High (2)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Bad] Code that causes a violation:

  • [Bad] Code that causes a violation:

Description: Detects use of API versions with Lightning Locker disabled in Aura components. Use API version 40 or greater.

Severity: Critical (1)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects potential misuse of FeatureManagement.changeProtection.

Severity: Critical (1)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects if "Disable Protocol Security" setting is true.

Severity: Moderate (3)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects use of getInstance(userId)/getInstance(profileId). Hierarchy Custom Settings return the record owned by the current user when getInstance() is invoked without any parameters. But if a tainted or end-user controlled userId or profileId is passed as a parameter to getInstance() that will allow the code to access records owned by other users on... Learn more: https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/rules-pmd-appexchange.html#avoidgetinstancewithtaint

Severity: Moderate (3)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects Install and Uninstall handlers declared as global. Install and Uninstall Handlers don't need to be global classes. Using global for these handlers means global methods in these classes act as controllers and can be invoked by untrusted code outside the context of post-install/uninstall scenarios. Depending on the logic in these... Learn more: https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/rules-pmd-appexchange.html#avoidglobalinstalluninstallhandlers

Severity: Critical (1)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

  • [Good] Code that does not cause a violation:

Description: Detects use of hard coded credentials in Aura components.

Severity: High (2)

Tags: AppExchange, Security, HTML

Example(s):

  • [Bad] Code that causes a violation:

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

  • [Good] Code that does not cause a violation:

Description: Identifies hard-coded credentials in source code that must be protected using Protected Custom metadata or Protected Custom settings. Protected custom settings or protected custom metadata should be used to store secrets. Refer to the Protect Secrets Using Platform Features Trailhead module for more guidance.

Severity: Moderate (3)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

Description: Identifies hard-coded credentials in source code that must be protected using Protected Custom metadata or Protected Custom settings. Protected custom settings or protected custom metadata should be used to store secrets. Refer to the Protect Secrets Using Platform Features Trailhead module for more guidance.

Severity: Moderate (3)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

Description: Detects hard-coded credentials in the call to setPassword().

Severity: Critical (1)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

Description: Identifies hard-coded credentials in source code that must be protected using Protected Custom metadata or Protected Custom settings. Protected custom settings or protected custom metadata should be used to store secrets. Refer to the Protect Secrets Using Platform Features Trailhead module for more guidance.

Severity: Moderate (3)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

Description: Identifies hard-coded credentials in source code that must be protected using Protected Custom metadata or Protected Custom settings. Protected custom settings or protected custom metadata should be used to store secrets. Refer to the Protect Secrets Using Platform Features Trailhead module for more guidance.

Severity: Moderate (3)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

Description: Detects instances of a Remote Site Settings that use HTTP. Use HTTPS instead.

Severity: Moderate (3)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects the use of Schema.DescribeSObjectResult methods to enforce CRUD check on ContentDistribution. Developers should use USER MODE operations or use the custom below to enforce CRUD check against the ContentDistribution object.

Severity: Moderate (3)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

Description: Detects use of custom JavaScript actions in custom rules.

Severity: High (2)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects use of custom JavaScript actions in home page components.

Severity: High (2)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects use of JavaScript-style URLs (javascript:) in components, such as web links and buttons. Avoid JavaScript-style URLs in managed packages.

Severity: Critical (1)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects use of custom JavaScript actions in web links.

Severity: High (2)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects a Lightning Message Channel with isExposed=true, which isn’t allowed in managed packages.

Severity: High (2)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects Lightning Web Component event configurations where bubbles and composed are both set to true. To avoid sharing sensitive information unintentionally, use this configuration with caution.

Severity: Moderate (3)

Tags: AppExchange, Security, JavaScript

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects if S-Controls are used since they should not be used in managed packages.

Severity: Critical (1)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

Description: Detects use of WITH SECURITY_ENFORCED in API version less than 48.0

Severity: Moderate (3)

Tags: AppExchange, Security, Apex

Description: Detects use of ${API.Session_Id} to retrieve a session ID. For more guidance on approved use cases, read the Session Id Guidance document.

Severity: Moderate (3)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects use of UserInfo.getSessionId() to retrieve a session ID. For more guidance on approved use cases, read the Session Id Guidance document.

Severity: Moderate (3)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects use of aura,which should be used cautiously. Developers should ensure that the unescapedHtml should not use tainted input to protect against XSS.

Severity: High (2)

Tags: AppExchange, Security, HTML

Example(s):

  • [Bad] Code that causes a violation:

Description: Detects where System.setPassword() exists in Apex code. Use this method with caution.

Severity: Critical (1)

Tags: AppExchange, Security, Apex

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects if a connected app uses full scope instead of limited scope. Explain this use case in your AppExchange security review submission.

Severity: Moderate (3)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation:

Description: Detects where sensitive data must be stored with Protected Custom metadata or Protected Custom settings. Protected custom settings or protected custom metadata should be used to store secrets. Refer to the "Protect Secrets Using Platform Features" Trailhead module for more guidance.

Severity: Moderate (3)

Tags: AppExchange, Security, XML

Description: Detects instances of an OAuth callback URL that uses HTTP. Use HTTPS instead.

Severity: Moderate (3)

Tags: AppExchange, Security, XML

Example(s):

  • [Bad] Code that causes a violation:

  • [Bad] Code that causes a violation:

  • [Good] Code that does not cause a violation: