Salesforce Best Practice rules

Quality Clouds Best Practices for Salesforce - Categories

In order to provide a comprehensive view of the overall quality of your Salesforce Org, Quality Clouds checks for Best Practices at three different levels:

  • Best Practices on individual elements: These are best practices which apply to a single configuration element, such as a Lightning Component, Apex Class, Apex Trigger, etc
  • General Org configuration / customisation Best Practices: These are Best Practices which apply to the Org as a whole. For instance, having a high ratio of Custom Objects to Standard Objects is considered an over-customisation, and will be reported as an issue.
  • Code duplication: Every block of duplicated code also generates an issue. The severity of the issue depends on the total number of code lines which are repeated in the Org (size of repeated block x number of lines in the block x number of repetitions)

Best Practices on Individual Elements

The table below lists the Best Practices which Quality Clouds will check on individual code elements in a Salesforce Org, together with the element type to which each one applies. The severity and area of impact of the issues raised when a Best Practice is not followed is also shown in the table.


Best Practice Description Configuration Element Type Issue Severity Issue Impact Area
 Apex unit tests should include at least one assertion.     Apex Class    HIGH     Manageability 
 Apex unit tests should not use @isTest(seeAllData=true) because it opens up the existing database data for unexpected modification by tests.  Apex Class    HIGH     Manageability 
 New objects created within loops should be checked to see if they can be created outside them and reused.     Apex Class    HIGH     Performance
 Avoid DML statements inside loops to avoid hitting the DML governor limit    Apex Class    HIGH     Performance
 Detect classes declared without explicit sharing mode if DML methods are used.     Apex Class    HIGH     Security
 Checks against redirects to user-controlled locations. This prevents attackers from redirecting users to phishing sites.     Apex Class    HIGH     Security
 Checks against accessing endpoints under plain http. You should always use https for security.    Apex Class    HIGH     Security
 Reports on calls to addError with disabled escaping.    Apex Class    HIGH     Security
 The rule makes sure you are using randomly generated IVs and keys for Crypto calls.  Apex Class    HIGH     Security
 Check to avoid making DML operations in Apex class constructor/init method.     Apex Class    HIGH     Security
 Detects the usage of untrusted / unescaped variables in DML queries.  Apex Class    HIGH     Security
 Checks against calling dangerous methods.  Apex Class    HIGH     Security
 Detects hardcoded credentials used in requests to an endpoint.  Apex Class    HIGH     Security
 Non-constructor methods should not have the same name as the enclosing class.  Apex Class    HIGH     Manageability 
 As triggers do not allow methods like regular classes they are less flexible and suited to apply good encapsulation style.  Apex Trigger     HIGH     Manageability 
 Global classes should be avoided (especially in managed packages) as they can never be deleted or changed in signature.  Apex Class    HIGH     Manageability 
 Avoid using with - it's bad news  Lightning     HIGH     Manageability 
 Avoid using accidentally global variables by simply missing the var declaration    Lightning     HIGH     Manageability 
 In a for-in loop in the variable name is not explicitly scoped to the enclosing scope with the var keyword     Lightning     HIGH     Manageability 
 Checks for usages of parseInt  Lightning     HIGH     Manageability 
 Improve code portability due to differences in browser treatment of trailing commas in object or array literals.    Lightning     HIGH     Manageability 
 The numeric literal will have a different value at runtime, which can happen if you provide too much precision in a floating point number.     Lightning     HIGH     Manageability 
 Possible extra-sensitive PII usage in configuration element  Apex Class    HIGH     Security
 Possible extra-sensitive PII usage in configuration element  Apex Trigger     HIGH     Security
 Possible extra-sensitive PII usage in configuration element  Custom Field     HIGH     Security
 Possible extra-sensitive PII usage in configuration element  Apex Class    HIGH     Security
 Possible extra-sensitive PII usage in configuration element  Apex Trigger     HIGH     Security
 Possible extra-sensitive PII usage in configuration element  Custom Field     HIGH     Security
 Component id must be unique     Apex Page     HIGH     Scalability
 Increase the time interval for calling Apex    Apex Page     HIGH     Performance
 Use the render attribute on Visualforce components to update the component without updating the entire page.     Apex Page     HIGH     Performance
 Whenever you can, choose the My... or My Team's... options rather than All in the "Show" filter.     Report     HIGH     Performance
 Ratio of Custom Objects to Standard Objects    Snapshot  HIGH     Manageability 
 Avoid using if statements without using braces to surround the code block.  Apex Class    MEDIUM  Manageability 
 Avoid using while statements without using braces to surround the code block.    Apex Class    MEDIUM  Manageability 
 Avoid using if..else statements without using surrounding braces.  Apex Class    MEDIUM  Manageability 
 Avoid using for statements without using surrounding braces.  Apex Class    MEDIUM  Manageability 
 Avoid creating deeply nested if-then statements since they are harder to read and error-prone to maintain.    Apex Class    MEDIUM  Manageability 
 Methods with numerous parameters are a challenge to maintain, especially if most of them share the same datatype.  Apex Class    MEDIUM  Manageability 
 Excessive class file lengths are usually indications that the class may be burdened with excessive responsibilities    Apex Class    MEDIUM  Manageability 
 This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of lines of code for a given method.     Apex Class    MEDIUM  Manageability 
 This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of lines of code for a given type.    Apex Class    MEDIUM  Manageability 
 This rule uses the NCSS (Non-Commenting Source Statements) algorithm to determine the number of lines of code for a given constructor.  Apex Class    MEDIUM  Manageability 
 Too much cyclomatic complexity.    Apex Class    MEDIUM  Manageability 
 Classes that have too many fields can become unwieldy and could be redesigned to have fewer fields.     Apex Class    MEDIUM  Scalability
 Classes with large numbers of public methods and attributes require disproportionate testing efforts.  Apex Class    MEDIUM  Manageability 
 A variable naming conventions rule - customize this to your liking.    Apex Class    MEDIUM  Manageability 
 Method names should always begin with a lower case character, and should not contain underscores.    Apex Class    MEDIUM  Manageability 
 Class names should always begin with an upper case character.    Apex Class    MEDIUM  Manageability 
 The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation.  Apex Class    MEDIUM  Manageability 
 Method names should always begin with a lower case character, and should not contain underscores.    Apex Class    MEDIUM  Manageability 
 It is essential to avoid hardcoding IDs     Apex Class    MEDIUM  Manageability 
 Empty block statements serve no purpose and should be removed.  Apex Class    MEDIUM  Manageability 
 it checks for final variables that should be fully capitalized and non-final variables that should not include underscores.     Apex Class    MEDIUM  Manageability 
 Avoid directly accessing Trigger.old and Trigger.new as it can lead to a bug.  Apex Trigger     MEDIUM  Manageability 
 Empty Catch Block finds instances where an exception is caught, but nothing is done  Apex Class    MEDIUM  Manageability 
 Empty If Statement finds instances where a condition is checked but nothing is done about it.     Apex Class    MEDIUM  Manageability 
 Avoid empty try or finally blocks     Apex Class    MEDIUM  Manageability 
 Sosl calls within loops can cause governor limit exceptions.     Apex Class    MEDIUM  Manageability 
 Avoid empty while statements    Apex Class    MEDIUM  Manageability 
 Complexity directly affects maintenance costs is determined by the number of decision points in a method plus one for the method entry.     Apex Class    MEDIUM  Manageability 
 Makes sure that all values obtained from URL parameters are properly escaped / sanitized to avoid XSS attacks.  Apex Class    MEDIUM  Manageability 
 it checks for final variables that should be fully capitalized and non-final variables that should not include underscores.     Apex Class    MEDIUM  Manageability 
 The rule validates you are checking for access permissions before a SOQL/SOSL/DML operation.  Apex Trigger     MEDIUM  Manageability 
 Too much cyclomatic complexity.    Apex Trigger     MEDIUM  Manageability 
 Complexity directly affects maintenance costs is determined by the number of decision points in a method plus one for the method entry.     Apex Trigger     MEDIUM  Manageability 
 Variables should start with a lowercase character    Apex Trigger     MEDIUM  Manageability 
 Issue not identified     All     MEDIUM  Manageability 
 When a function does use returns they should all have a value, or all with no value.     Lightning     MEDIUM  Manageability 
 Avoid assignments in operands; this can make code more complicated and harder to read.  Lightning     MEDIUM  Manageability 
 Avoid using for statements without using curly braces.  Lightning     MEDIUM  Manageability 
 Avoid using if..else statements without using curly braces.  Lightning     MEDIUM  Manageability 
 Avoid using if statements without using curly braces.  Lightning     MEDIUM  Manageability 
 The else block in a if-else-construct is unnecessary if the if block contains a return. Then the content of the else block can be put outside.   Lightning     MEDIUM  Manageability 
 An unnecessary Block is present.  Lightning     MEDIUM  Manageability 
 A return , break , continue , or throw statement should be the last in a block.     Lightning     MEDIUM  Manageability 
 Avoid using while statements without using curly braces.    Lightning     MEDIUM  Manageability 
 Using == in condition may lead to unexpected results, as the variables are automatically casted to be of the same type.  Lightning     MEDIUM  Manageability 
 Use only one <apex:form> tag on a page  Apex Page     MEDIUM  Manageability 
 Avoid using data grids  Apex Page     MEDIUM  Performance
 Combine all CSS files into a single file    Apex Page     MEDIUM  Performance
 Combine all JavaScript files into a single file  Apex Page     MEDIUM  Performance
 Include JavaScript files using a standard HTML <script> tag right before your closing </apex:page> tag instead of using <apex:includeScript>;.   Apex Page     MEDIUM  Manageability 
 Include JavaScript files using a standard HTML <script> tag right before your closing </apex:page> tag instead of using <apex:includeScript>;.   Apex Component  MEDIUM  Manageability 
 Displaying the Content of a Static Resource    Apex Page     MEDIUM  Performance
 Unnecessary HTML increases the size of the component tree and the processing time for Ajax requests.    Apex Component  MEDIUM  Performance
 Unnecessary HTML increases the size of the component tree and the processing time for Ajax requests.    Apex Page     MEDIUM  Performance
 Reduce the number of records displayed on the page  Apex Page     MEDIUM  Performance
 Use fewer images  Apex Page     MEDIUM  Performance
 Use static resources to serve CSS files, as well as images, JavaScript, and other non-changing files.  Apex Page     MEDIUM  Performance
 Use static resources to serve images, as well as CSS, JavaScript, and other non-changing files.  Apex Page     MEDIUM  Performance
 Use static resources to serve CSS files, as well as images, JavaScript, and other non-changing files.  Apex Page     MEDIUM  Performance
 Use a static resource to upload content that it can be referenced in a Visualforce page     Apex Page     MEDIUM  Manageability 
 Use the equals or not equal to operators instead of contains or does not contain  Report     MEDIUM  Performance
 Choose AND rather than OR for filter logic     Report     MEDIUM  Performance
 Always use the starting and ending date values to limit the report scope.    Report     MEDIUM  Performance
 Try using relative date values such as THIS WEEK, NEXT MONTH, or TOMORROW.  Report     MEDIUM  Performance
 Select Hide Details in Advanced Filters if you only need a summary of the data and to reduce loading time.    Report     MEDIUM  Performance
 Unnecessary parentheses should be removed.     Lightning     LOW  Manageability 
 Create a custom component to show and hide data  Apex Page     LOW  Performance
 Page names should always begin with an upper case character.     Apex Page     LOW  Manageability 
 Ratio of Custom Objects to Standard Objects    Snapshot  LOW  Manageability 
 Possible PII usage in configuration element    Apex Class    WARNING     Security
 Possible PII usage in configuration element    Apex Trigger     WARNING     Security
 Possible PII usage in configuration element    Custom Field     WARNING     Security
 Possible PII usage in configuration element    Apex Class    WARNING     Security
 Possible PII usage in configuration element    Apex Trigger     WARNING     Security
 Possible PII usage in configuration element    Custom Field     WARNING     Security
 Possible PII usage in configuration element    Apex Class    WARNING     Security
 Possible PII usage in configuration element    Apex Trigger     WARNING     Security
 Possible PII usage in configuration element    Custom Field     WARNING     Security
 Possible PII usage in configuration element    Apex Class    WARNING     Security
 Possible PII usage in configuration element    Apex Trigger     WARNING     Security
 Possible PII usage in configuration element    Custom Field     WARNING     Security
 Reduce the number of fields in the report by removing unnecessary columns or fields.     Report     WARNING     Performance




Org Customisation Best Practices


The table below lists the overall Org customisation Best Practices which Quality Clouds will check on a Salesforce Org. The severity and area of impact of the issues raised when a Best Practice is not followed is also shown in the table. Some of the issues have a varying Severity depending on the amount of customisation detected.



Best Practice Description Configuration Element Type Issue Severity Issue Impact Area
Ratio of Custom Objects to Standard Objects. Object

HIGH (if ratio is over 30%)

MEDIUM (if ratio is over between 20% 30%)

LOW (if ratio is between 10% and 20%)

MANAGEABILITY
Too many Apex Classes (Over 50 - Does not include Test Classes or Dowloaded Apps) Apex Class MEDIUM MANAGEABILITY
Too many Roles (over 20) Role MEDIUM MANAGEABILITY


Code Duplication

Code duplication issues are raised whenever duplicated code is detected across Apex Classes and Apex Triggers. The severity of the issue depends on the total number of duplicated lines of code.


Best Practice Description Configuration Element Type Issue Severity Issue Impact Area
Code Duplication Apex Class

HIGH (if total number of duplicated lines is over 1000)

MEDIUM (if total number of duplicated lines is between 100 and 1000)

LOW (if total number of duplicated lines is between 10 and 100)

MANAGEABILITY
Code Duplication Apex Trigger

HIGH (if total number of duplicated lines is over 1000)

MEDIUM (if total number of duplicated lines is between 100 and 1000)

LOW (if total number of duplicated lines is between 10 and 100)

MANAGEABILITY




What's here


Related content