- 03 Nov 2022
- 3 Minutes to read
- Contributors
- DarkLight
- PDF
Release Notes 22.4
- Updated on 03 Nov 2022
- 3 Minutes to read
- Contributors
- DarkLight
- PDF
May 2022 - New Features, Enhancements, and Improvements
New Features
Added new nCino rules
The following are the "ncino-goldstandard" nCino-related rules that have been added to the current Apex/Salesforce Metadata rule sets.
Rule | Description |
---|---|
Avoid Excess Workflow Rules per Object | This rule is required as the objects which contain too many decisions, are complex and difficult to maintain |
Flow Decision Limits | Flows which contain too many decisions are complex and difficult to maintain. This rule will consider reducing the number of decisions or utilizing Apex. |
Potential Overuse - Cross-Object Formulas | This rule is required as Salesforce does not allow more than 15 cross-object formulas per object |
Potential Overuse - Object Lookups | This rule is required as Salesforce does not allow more than 25 lookup relationships on a single custom object |
Potential Overuse - Relationship Objects | This rule is required as Salesforce does not allow more than 40 relationships per object |
Potential Overuse - External IDs | This rule is required as Salesforce does not allow more than 5 External IDs per object |
Test Class Names Should Include 'Test' | This rule is required as Test classes should include the word 'Test' in their class names |
Hard Coded Email Address | This rule is required as to avoid hardcoded email addresses |
SonarQube compatible
CodeScan self-hosted is compatible with SonarQube™ 8.9 and SonarJS 6.2+. For more information, see Installing CodeScan Self-Hosted
Enhancements
Updated existing nCino rules
Below are the exisitng CodeScan rules key that are tagged as “ncino-goldstandard.”
Rule Key |
---|
sf:AvoidUsingHardCodedId |
sf:MultipleTriggersOnObject |
sf:LongMethodName |
sf:LongClassName |
sf:LongTriggerName |
sf:VariableNamingConventions |
vf:HeaderCheck |
sf:UncommentedEmptyMethod |
sf:UncommentedEmptyConstructor |
sf:CommentRequired |
sf:UnitTestContainsTooManyAsserts |
sf:AvoidUsingTestIsRunningTest |
sf:OnlyOneReturn |
sf:UnusedLocalVariable |
sf:EmptyTryBlock |
sf:EmptyFinallyBlock |
sf:AvoidSoqlInLoops |
sfmeta:ExcessiveWorkflowsOrgWide |
sfmeta:RequireDescriptionComponent |
sfmeta:LimitCustomFields |
Improvements
- Updated all third-party libraries to the most recent versions to address security, stability, and reliability issues.
- The CodeScan portal has been updated to include minor speed, bug fixes, and security enhancements.
Changelog
CodeScan v22.6.2
(12 July 2022)
This is a maintenance release. The following items were fixed and/or added:
- Fixed an issue where Codescan and Visual Studio Code's rule and file-type issue counts were out of sync. We have updated Codescan Visual Studio Code extension to version 1.6.9, which fixes the issue with analysing metadata files (46480)
- Writing XPath rules based on filename on SFMeta is now supported (44685).
- There was an issue that prevented users from editing the settings for Branches and caused an error message that said,
Cannot read properties of undefined (reading "config")
(46575). - Resolved an issue where the Project Analysis jobs were stuck in the queue and were not triggered at the scheduled time (46552).
- Fixed an issue where the CodeScan-Visual Studio Code plugin failed to detect javascript errors even though SonarQube have identified it at the Salesforce Lightning web component (46104).
CodeScan v22.6.1
(23 June 2022)
This is a maintenance release. The following items were fixed and/or added:
- The
sf:UnusedFormalParameter
rule's false positive issue has been resolved (45282) - Fixed an issue that prevented
SonarQube 9.4.0
from functioning properly withJava 11
version. - The
sonar-java-plugin
has been updated to version7.6.0.28201
. - Fixed an issue for all child rule violations that happen when files are crossed (rule violation location in two different files).. This was fixed by setting the correct file location for child rule violations.
- Fixed an issue where users were experiencing an expired token error that appeared on the master branch every time a comparison branch was analysed before it (44492).
CodeScan v22.6
(13 June 2022)
This is a maintenance release. The following items were fixed and/or added:
- Fixed an issue that prevented the CodeScan and Azure DevOps integration from functioning as expected. The
Azure DevOps plugin
was updated to version1.6.8
to overcome these issues. - Fixed an issue where the Field Level Security Rule displayed a false negative for the code below:
update Security.stripInaccessible(AccessType.UPDATABLE, new List<vlocity_ins__ContactEmployment__c> { ceLst.get(0) }).getRecords();
CodeScan v22.5
(30 May 2022)
This is a maintenance release. The following items were fixed and/or added:
- Fixed an issue that prevented the user from logging into the CodeScan instance.
- Fixed an issue that prevented the user from creating the Salesforce project in their CodeScan instance.
- The issue where the user were not able to create a CodeScan project using the Gitlab plugin has been resolved.
- Fixed an issue where the codeScan rules which were not a part of active Quality Profiles were getting applied.
- Fixed a bug where, after logging out from the CodeScan application, the user was directed to the CodeScan's Project screen rather than being asked for their login information (username and password) when they selected the Login with AuthO button.
- Fixed an issue where the Field Level Security Rule shows false negative for the below cases:
- Vulnerability detection in For-each loop. for eg., for(Contact c : [SELECT Name FROM Contact])
- Vulnerability detection in Database method calls. for eg., Database.insert([SELECT Name FROM Contact]);
- Migrated
IntelliJPluginErrorAction
web servlet to Spring MVC.