This repository has been archived by the owner on Sep 4, 2020. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 21
/
rules-pmd.xml
101 lines (97 loc) · 3.85 KB
/
rules-pmd.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
<?xml version="1.0"?>
<ruleset xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
name="PMD rules"
xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd">
<description>Custom ruleset for java application</description>
<exclude-pattern>.*/.mvn/.*</exclude-pattern>
<exclude-pattern>.*/test/.*</exclude-pattern>
<exclude-pattern>.*/.sfdx/.*</exclude-pattern>
<rule ref="category/java/errorprone.xml" />
<rule ref="category/java/multithreading.xml" />
<rule ref="category/java/security.xml" />
<rule ref="category/jsp/errorprone.xml" />
<rule ref="category/jsp/security.xml" />
<rule ref="category/plsql/errorprone.xml" />
<rule ref="category/vm/errorprone.xml" />
<rule ref="category/xml/errorprone.xml" />
<rule ref="category/xsl/performance.xml" />
<!-- COMPLEXITY -->
<rule ref="category/apex/design.xml/CognitiveComplexity">
<properties>
<property name="classReportLevel" value="50" />
<property name="methodReportLevel" value="15" />
</properties>
</rule>
<rule ref="category/apex/errorprone.xml/AvoidNonExistentAnnotations">
<properties>
</properties>
</rule>
<rule ref="category/apex/errorprone.xml/AvoidHardcodingId" message="Avoid hardcoding ID's">
<priority>3</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/errorprone.xml/ApexCSRF" message="Avoid making DML operations in Apex class constructor/init method">
<priority>3</priority>
<properties>
</properties>
</rule>
<!-- SECURITY -->
<rule ref="category/apex/security.xml/ApexSharingViolations" message="Apex classes should declare a sharing model if DML or SOQL is used">
<priority>8</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/security.xml/ApexInsecureEndpoint" message="Apex callouts should use encrypted communication channels">
<priority>8</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/security.xml/ApexOpenRedirect" message="Apex classes should safely redirect to a known location">
<priority>8</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/security.xml/ApexSOQLInjection" message="Apex classes should escape variables merged in DML query">
<priority>8</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/security.xml/ApexXSSFromURLParam" message="Apex classes should escape Strings obtained from URL parameters">
<priority>8</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/security.xml/ApexXSSFromEscapeFalse" message="Apex classes should escape addError strings">
<priority>8</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/security.xml/ApexBadCrypto" message="Apex Crypto should use random IV/key">
<priority>8</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/security.xml/ApexCRUDViolation" message="Validate CRUD permission before SOQL/DML operation">
<priority>3</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/security.xml/ApexDangerousMethods" message="Calling potentially dangerous method">
<priority>8</priority>
<properties>
</properties>
</rule>
<rule ref="category/apex/security.xml/ApexSuggestUsingNamedCred" message="Consider using named credentials for authenticated callouts">
<priority>3</priority>
<properties>
</properties>
</rule>
<rule ref="category/vf/security.xml/VfCsrf" >
<priority>8</priority>
</rule>
<rule ref="category/vf/security.xml/VfUnescapeEl" >
<priority>8</priority>
</rule>
</ruleset>