PMD

PMD is a source code analyzer that performs static analysis of code written in a number of supported languages, including JavaScript, Apex, and Visualforce. Its bundled rules detect common flaws in code, such as empty catch blocks or unused variables.

Code Analyzer supports PMD rules for these languages:

Run this command to view detailed information about the PMD rules for the languages you've configured; the default languages are apex and visualforce.

To configure the PMD languages for your environment, such as adding html or javascript, update your code-analyzer.yml file and add the rule_languages option under the pmd engine section. For example, this code-analyzer.yml snippet adds all the supported languages:

For information on how to modify rule settings, such as their severity or tags, see Customize Your Configuration. While the examples show modifying rules for the ESLint and Regex engines, you use the same process to modify PMD rules.

PMD allows you to create your own custom rules to check for patterns specific to your codebase, or the coding practices of your team. You can then add these custom rules to the list of PMD rules that Code Analyzer runs.

Follow these steps to add custom PMD rules to Code Analyzer.

Create your custom PMD rule by following the instructions in Extending PMD.

PMD supports the ability to create custom Java rules classes. It also provides the ability to reuse its XPathRule class by supplying your own XPath expression to match against the DOM view of the AST.
- If you create a custom Java rule, then you must bundle your Java class into a JAR file. A ruleset xml file must then contain your rule definition and can either be contained within the same JAR file or as a separate XML file separate from the JAR file.
- If you create an XPath based rule, then you define this rule directly inside of a ruleset xml file.
Update your code-analyzer.yml file and specify the location of the XML ruleset file in the custom_rulesets option of the pmd engine. You can put this XML file in two types of locations:
- On disk. Provide either an absolute path or a relative path to the config_root option of the code-analyzer.yml config file.
- As a relative resource in your Java classpath, such as bundled in a JAR file.
  
  For example:
If you have one or more JAR files that contain custom JAVA rules and/or ruleset files, then add the JAR files, or the folder in which they live, to the java_classpath_entries option; each file or folder must be either an absolute path or relative to config_root.

For example:
Ensure that the rule_language option includes the language that applies to your custom PMD rule, such as xml and html in our example. See this section.

Run the rules command to ensure that Code Analyzer knows about your rule:

The name of your new rule is the same as the name attribute of the associated <rule> element in the XML ruleset file. For example, in this snippet of a ruleset file, the rule name is CheckForBadVariableNames:

<ruleset name="Custom Rules"
 xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 https://pmd.sourceforge.io/ruleset_2_0_0.xsd">

 <rule name="CheckForBadVariableNames"
       language="apex"
..

Then, to view details about the CheckForBadVariableNames PMD rule, run this command:

sf code-analyzer rules --rule-selector pmd:CheckForBadVariableNames --view detail

Run the run command to see your custom rule in action:

Field	Type	Description
`disable_engine`	boolean	Whether to turn off the 'pmd' engine so that it is not included when running Code Analyzer commands. Default value is `false`.
`java_command`	string	Indicates the specific 'java' command associated with the JRE or JDK to use for the 'pmd' engine. May be provided as the name of a command that exists on the path, or an absolute file path location. If unspecified, or specified as null, then an attempt will be made to automatically discover a 'java' command from your environment. Default value is `null`.
`rule_languages`	array	List of languages associated with the PMD rules to be made available for 'pmd' engine rule selection. The languages that you may choose from are: 'apex', 'html', 'javascript' (or 'ecmascript'), 'visualforce', 'xml'. See https://pmd.github.io/pmd/tag_rule_references.html to learn about the PMD rules available for each language. Default value is `["apex","visualforce"]`.
`java_classpath_entries`	array	List of jar files and/or folders to add the Java classpath when running PMD. Each entry may be given as an absolute path or a relative path to 'config_root'. This field is primarily used to supply custom Java based rule definitions to PMD. See https://pmd.github.io/pmd/pmd_userdocs_extending_writing_java_rules.html Default value is `[]`.
`custom_rulesets`	array	List of xml ruleset files containing custom PMD rules to be made available for rule selection. Each ruleset must be an xml file that is either: on disk (provided as an absolute path or a relative path to 'config_root') or a relative resource found on the Java classpath. Not all custom rules can be fully defined within an xml ruleset file. For example, Java based rules may be defined in jar files. In these cases, you will need to also add your additional files to the Java classpath using the 'java_classpath_entries' field. See https://pmd.github.io/pmd/pmd_userdocs_making_rulesets.html to learn more about PMD rulesets. Default value is `[]`.

PMD Source Analyzer