SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
Apex

Apex static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your APEX code

  • All rules 56
  • Vulnerability1
  • Bug12
  • Security Hotspot3
  • Code Smell40
Filtered: 2 rules found
governor-limits
    Impact
      Clean code attribute
        1. Tested code should be enclosed between "Test.StartTest()" and "Test.StopTest()"

           Code Smell
        2. DML statements should not be used inside loops

           Bug

        DML statements should not be used inside loops

        intentionality - complete
        reliability
        Bug
        • governor-limits

        Why is this an issue?

        More Info

        In order to protect shared resources, Salesforce enforces a maximum number of DML statements which can be executed inside a single transaction. This is part of Governor limits. If a DML statement is nested inside a loop’s body (For/While/Do-While) it might be executed more times than the Governor limit allows, making the code fail.

        Thus it is a best practice to not have DML statements nested in the body of loops and instead perform the DML operation on a list of sObjects.

        This rule raises an issue when it detects DML statements inside a loop.

        Noncompliant code example

        public class myDMLLoop {
            public static void myFunction() {
                for (Task task: [Select Id, subject from Task]) {
                    if (task.subject == 'foo') {
                        task.subject = 'bar';
                        update task; // Noncompliant
                    }
                }
            }
        }
        // Query in a while loop
        public class myDMLLoop {
            public static void myFunction(Task[] tasks) {
                Integer i = 0;
                while ( i < 1000) {
                    Task task = tasks[i];
                    if (task.subject == 'foo') {
                        task.subject = 'bar';
                        update task; // Noncompliant
                    }
                }
            }
        }
        
        // Query in a do-while loop
        public class myDMLLoop {
            public static void myFunction(Task[] tasks) {
                Integer i = 0;
                do {
                    Task task = tasks[i];
                    if (task.subject == 'foo') {
                        task.subject = 'bar';
                        update task; // Noncompliant
                    }
                    i++;
                } while (i < 1000);
            }
        }
        

        Compliant solution

        public class myDMLLoop {
          	public static void myFunction() {
        		List<Task> updatedTasks = new List<Task>();
                for (Task task: [Select Id, subject from Task]) {
                    if (task.subject == 'foo') {
                        task.subject = 'bar';
                        updatedTasks.add(task);
                    }
                }
                update updatedTasks;
            }
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Enterprise
          Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use