Is there documentation on how rules work?

I have 2 rules that I feel are producing incorrect detections. The logic, in particular, is around CRUD and FLS permissions and SOQL/SOSL injection risks for dynamic queries. In both cases, I have helper classes that do the work of ensuring that the CRUD, FLS, and SOQL/SOQL is handled appropriately.

I am curious as to what the rule is looking for specifically so that I can better understand why it isn’t recognizing the effort in my code to protect against these vulnerabilities.

In general, though I think it would be beneficial to see or at least have some documentation on what a given rule sees as the best practices that is it is testing for.

1 Like

Dear John, thanks for sharing your message.

I’ve spent some time with the team discussing a solution to address the incorrect detections you are mentioning adequately.

I will send you a personal message to organize a quick call and get your feedback before proceeding with the implementation.

Many thanks for your feedback! :+1:

Note: All our rules are documented on our official help page here:

1 Like