Loading...
Back to Blog
3 things most Salesforce teams miss during code review

3 things most Salesforce teams miss during code review

Lorenzo Frattini

I have been working with dozen of Salesforce teams throughout my career. As I look at how they manage their code reviews, there are 3 things that most of them miss. In this short blog post, I will share them with you.

CRUD/FLS violations

This simply means that the object and field-level security permissions you set can by bypassed. Many believe this is not a big deal for internal Orgs, but it is - especially when you keep sensitive data or when you have external users.

Primary impact: risk of customer data leaks.

Vulnerable third-party JavaScript libraries

Using open source libraries is a great way to accelerate development, but it often comes at the expense of security. Most teams bundle third-party JS in their static resources. When vulnerabilities are discovered for those libraries (it happens all the times) no one notices and the security flaw stays hidden.

Primary impact: code injection vulnerabilities.

Creating data with new in test methods

Not centralising how test objects are created is one of the easiest way to cause rework. All test methods that instantiate sObjects directly via new will break as soon a new validation rule is introduced. Depending on how many tests you have, this could easily cause tens of hours of rework.

Primary impact: regressions.

These problems are sneaky: they require inspecting many files at once, and cannot be detected by tools like PMD, that simply check the syntax of your source files. We have built Clayton to automate these and many more problems out of existence, so you can build more, and worry less.

Share on social media: 

Get ahead.

Join 1000+ Salesforce professionals who receive critical reading, insights and expertise written just for them, from the team at Clayton. Once a week.
Unsubscribe with one click.

More from the Blog

We are expanding in the US market, and welcome Brian Olearczyk.

We are excited to welcome Brian Olearczyk as Chief Growth Officer and drive our expansion in the US market. We are now at a point where we continue to build awareness of the fantastic things we've done with the rest of the Salesforce ecosystem.

Read Story

OWASP Top 10: A Guide for Salesforce Experts

If you're among the many interested in safeguarding your Salesforce ecosystem and find the OWASP recommendations too abstract, this exploration is for you. Join us to decode the complexities and the practical implications of merging Salesforce security with OWASP's Top 10 Guidance.

Read Story

We are SOC 2 Compliant.

We are thrilled to announce that Clayton has achieved SOC 2 Type 1 compliance. This significant milestone underscores our commitment to ensuring our platform's security, availability, and confidentiality.

Read Story