Creating Custom Rules with XPath for Self-Hosted CodeScan
  • 2 Minutes to read
  • Contributors
  • Dark
    Light

Creating Custom Rules with XPath for Self-Hosted CodeScan

  • Dark
    Light

CodeScan allows you to create custom rules using XPath. You can use these rules to trigger violations based on any special requirements you may have.

Note:
  1. The custom XPath Visualforce rule template uses XPath version 2 whereas the custom XPath Apex rule template uses XPath version 1.
  2. This needs to be changed in the designer as the rules are being developed or could introduce bugs.

Before you begin

  • You will need a good working knowledge of XPath to get this working.
  • Head over to the downloads page and download the Apex-Custom Rule Designer.
Installing the Apex-Custom Rule Designer

Please run the following command to install the downloaded Apex-Custom Rule Designer:

java -jar <jar-file-name>.jar

Apex

Here are some examples of XPath queries for Apex.

Naming:

  • XPath queries can be used to catch unwanted trends or enforce standards in the naming of your Classes, Methods, and Variables.

  • This query will catch any Class names that do not start with PREFIX_

//ClassOrInterfaceDeclaration
[
  not(starts-with(@Image, ‘PREFIX_’))
]

This example would catch the first class here:

class NewClass{}
class PREFIX_NewClass{}

starts-with can also be replaced with:

  • ends-with - This checks for a string at the end of the @Image name.
  • matches - This uses regular expression in the place of the string to check for patterns in the @Image name.

Visualforce and Aura Lightning

You can also use this some technique for VisualForce (in the Apex-Custom Rule designer, select the VisualForce language and use XPath 2.0 instead of XPath 1.0).

Naming:

XPath queries can be used to catch unwanted trends or enforce standards in the naming of your Pages.

This query will catch any Page names that do not start with PREFIX_

//Document [@Filename[not(starts-with(.,“PREFIX_”))]]

This example would catch the first Filename here, but ignore the second:

NewPage.page
PREFIX_NewPage.page

starts-with can also be replaced with:

  • ends-with - This checks for a string at the end of the @Image name.
  • matches - This uses regular expression in the place of the string to check for patterns in the @Image name.

Other Salesforce metadata

Most other metadata types come out of Salesforce in XML format. To scan these types, you can add any metadata you want to the list of file suffixes as seen in the Enabling Metadata Rules article.

XPath expressions for Salesforce metadata should start with double-slashes (“//”).
For example-

//ValidationRule
Point to Note:

In CodeScan Designer, one should verify the XPath expressions. Using an XPath expression generated by any other online tool may not work because the XPath expression is dependent on how the AST is generated, which varies per tool.

If you are looking to create a rule for a new metadata type, spend time looking at the xml to determine where your fields, rules, decisions, or subtasks are and then look into how to validate them.
For example, if you want to limit a flow to 20 decision points, the XPath would look something like this:

//Flow[
 count(./decisions)>20
]

The type of component we're looking at is flow. Decisions exist within that flow; they are a direct child of the flow within the XML. Finally, the count () method can be used to determine if there are too many flows.


Was this article helpful?