Gearset Help Center

Code Reviews Rule Documentation

Learn everything about our rules, and how to leverage them drive absolute quality in your development team.

Code Reviews Rules - Common Weakness Enumeration mapping

Code Reviews Rules - Use native ZIP functions over Zippex

Understanding Policy Updates in Code Reviews

Managing Naming Convention Rules in Code Reviews

Unbound SOQL Statement

Multiple Forms in Visualforce Page

Use native ZIP functions over Zippex

Excessive Code Complexity

Unspecified JavaScript cookie accessibility

Use of JSON serialization of exceptions

Inconsistent Naming Conventions

Use of Deprecated: Salesforce API (21-30)

Minimum number of assertion

Excessive Flow Complexity

Inconsistent naming custom fields

Use of sendEmail in Loops

Use of @future Method in Loop

Objects with an excessive number of custom fields

Excessive Method Complexity

Missing Descriptions

Use of spaces in attribute class selectors

Use of weak Encryption Algorithms

Exposure of sensitive information in logs

Missed Opportunity: defaultValue and placeholderText Modifiers

Test Methods with Full Data Access

Inactive Workflow Rules

CRUD and FLS bypass

Hard Coded IDs in Code, Configuration, and Flows

Update roleAndSubordinates to roleAndSubordinatesInternal

Use of deprecated Salesforce instance URL

Security best practices

Code Reviews Rules - Hardcoded secret

Code Reviews Rules - Passwords set programmatically

Code Reviews Rules - Avoid Using HTTP Referer Headers

Code Reviews Rules - Email spamming risk

Insecure sharing to external users

Code Reviews Rules - Server-side Payload Injection

Code Reviews Rules - User Registration Without Limits

Code Reviews Rules - LWC Clickjacking on CSS

Code Reviews Rules - Import of sensitive fields in Lightning Web Components (LWC)

Code Reviews Rules - Direct DOM manipulation in Lightning Web Components (LWC)

Code Review Rules - Sensitive information storage

Sensitive information logging

Code Review Rules - Excessive data access permissions

Subresource integrity

Content Security Policy (CSP)

Insecure endpoints

Named credentials

Randomization of cryptographic keys

Use of Session storage and Local storage

Use of Session ID in Visualforce

Coding best practices

Multiple automation on the same object

Multiple record-triggered flows on the same object

Call to blocklisted method

Missing fault path in Flows

Identify methods with global visibility

Asynchronous methods in loops

Boundaries on SOQL statements

Bulkification of triggers

Business logic in triggers

Metadata API recency

Multiple triggers per object

Number of arguments per method

Number of methods per class

Send email in loops

Inefficient Calls to Schema.getGlobalDescribe

Database operations

Non-selective SOQL queries on large objects

Database changes in Flow loop paths

Direct access utility class

Data manipulation utility class

CRUD and Field-Level Security

Exception handling

Data access in loops

Data manipulation in constructors

Incorrect sharing clauses

Transaction control

Flows without description

Description on custom objects

Description on custom fields

How to Adjust the Severity of a Rule in Code Reviews

Code Reviews Rules - Hardcoded ID (flows)

Hardcoded IDs in Configuration

Lightning best practices

Code Reviews Rules - Unsafe JavaScript

Naming conventions

Code Reviews Rules - Naming conventions on Aura Controller Property

Code Reviews Rules -Naming conventions on Apex inner classes

Code Reviews Rules - Naming conventions on Apex triggers

Naming conventions for Apex variables

Naming conventions on Apex methods

Naming conventions on sObjects

Code Reviews Rules - Naming conventions on sObjects fields

Inactive Workflows

Optimized loading of resources

Unnecessary code detection

Testing best practices

Code Reviews rules - Identify test coverage cheats

Untested Lightning Web Components

Assertions with comments

Code Reviews rules - Test data isolation

Code Reviews Rules - Untested methods

Code Reviews Rules - Use of @IsTest annotation

Code Reviews - Use of test data factories

Visualforce best practices

Code Reviews Rules - Salesforce1 compatibility in Visualforce

Code Reviews Rules - Visualforce view state optimization

Code Reviews Rules - User friendly messages in Visualforce

Vulnerability protection

Code Reviews Rules - Vulnerable third-party component

Code Reviews Rules - No autocompletion on password field

Code Reviews Rules - No insecure cookies

Code Reviews Rules - Arbitrary Page Redirect

Code Reviews Rules - Cross-Site Scripting (XSS)

Code Reviews Rules - Insecure Direct Object References

Code Reviews Rules - Cross-Site Request Forgery (CSRF)

Maintainability

Code Reviews Rules - Inactive flows and processes

Code Reviews Rules - Inactive validation rules

Code Reviews Rules - High complex flows and processes

Code Reviews Rules - High complex Apex methods

Code Reviews Rules - High complex Apex files

Code Reviews Rules - Use of outdated API version for ICU locale

Release readiness

Code Reviews Rules - Retirement of AccountInsights and OpportunityInsights Settings

Code Reviews rules - Retirement of Streaming API versions

Code Reviews Rules - Deprecated methods in URL Class

Code Reviews Rules - Deprecated SiteSetting

Code Reviews Rules - Changed behavior on Type.forName

Code Reviews Rules - Retirement of Salesforce Functions

Code Reviews Rules - JsonAccess Annotation

Code Reviews Rules - Use of deprecated list view resources

Code Reviews Rules - Use of Retired Workflows and Process Builders

Code Reviews Rules - Missed opportunity: Static SOQL for Data Cloud DMOs

Code Reviews Rules - Untested Flows

Code Reviews Rules - Use of JavaScript in WebLinks

Code Reviews Rules - Breaking Change in LWC host access

Code Reviews Rules - Breaking change in LWC import and export statements

Code Reviews Rules - Breaking change in LWC style access

Code Reviews Rules - Missed opportunity: Null Coalescing Operator