Salesforce Graph Engine Rules
Salesforce Graph Engine includes path-based and data-flow analysis rules.
| Rule | Type | Category | Status | Description |
|---|---|---|---|---|
| ApexFlsViolationRule | Path-based analysis | Security | Generally Available (GA) | Detects Create, Read, Update, and Delete (CRUD) and Field-Level Security violations. |
| ApexNullPointerExceptionRule | Path-based analysis | Error-Prone | GA | Identifies Apex operations that dereference null objects and throw NullPointerExceptions. |
| AvoidDatabaseOperationInLoop | Path-based analysis | Performance | GA | Detects database operations in loops that degrade performance. |
| AvoidMultipleMassSchemaLookups | Path-based analysis | Performance | GA | Detects scenarios where expensive schema lookups are made more than one time in a path. |
| PerformNullCheckOnSoqlVariables | Path-based analysis | Performance | GA | Identifies SOQL queries with variables in WHERE clauses that lack null checks. |
| RemoveUnusedMethod | Path-based analysis | Performance | Pilot | Detects methods contained in your code that aren’t invoked from any entry points that Graph Engine recognizes. |
| UnimplementedTypeRule | Graph-based analysis | Performance | GA | Detects abstract classes and interfaces that are non-global and missing implementations or extensions. |
| UseWithSharingOnDatabaseOperation | Path-based analysis | Security | GA | Detects database operations outside with-sharing-annotated classes. |
Run all Graph Engine rules against your code, or run a subset of rules by type or by category.
To run the path-based rules, run scanner run dfa --projectdir MyDirectory. For example:
sf scanner run dfa --projectdir /project/dir --target /project/dir/target1
To run graph-based analysis rules, run scanner run --engine sfge --projectdir MyDirectory. For example:
sf scanner run --engine sfge --projectdir /project/dir --target /project/dir/target1
To run a specific category of rules, include the category. For example:
sf scanner run dfa --category Security --projectdir /project/dir --target /project/dir/target
To run each Graph Engine pilot rule, include the --with-pilot flag in your request.
To run all Graph Engine rules and all pilot rules, run: sf scanner run dfa --with-pilot --engine sfge --projectdir MyDirectory. For example:
sf scanner run dfa --with-pilot --engine sfge --projectdir /project/dir --target /project/dir/target1
To run a specific category of rules including the pilot rules in that category, include the category and the --with-pilot flag. For example:
sf scanner run dfa --category Performance --with-pilot --engine sfge --projectdir /project/dir --target /project/dir/target1
We’re working on adding more rules. In the meantime, give us your feedback.