function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
ManjeetManjeet 

Code coverage VS Testing ?

Hi All,

 

           Is it right to just cover the code of  apex class or We will be forced to do proper testing during security review ?

           what i do to make a class deployable to production env , i just call its methods from a testmethod method and the work is done (code coverage reach about 90-95 %).

 

           I want to know whether its a acceptable approach in force.com or i need to change the approach . whether i should use sandbox data to cover the code or  i must create the data in testclass itself before running the methods to cover the code ?

 

Thanks ...

 

Best Answer chosen by Admin (Salesforce Developers) 
Ankit AroraAnkit Arora

Just creating a test class to cover the code so you can go with deployment look fine but the problem is there may be failures after deployment if your test methods are not written properly.

 

As far as security is concerned, salesforce will not see that you have covered all the cases including positive and negative. They are more concerned with the issues like 

 

1) SOQL SOSL Injection

2) Stored XSS

3) XSRF

4) Queries with no where or limit clause

5) Bulkify Apex Method using collection in method

6) Async future method inside loops

7) Test method with no assert

 

etc...

 

So writing a good test cases are beneficial for your application.

 

 

Thanks
Ankit Arora

 

All Answers

kiranmutturukiranmutturu

For the best Test class you have to test the postive as we all negative test cases also. As well as single and bulk mode also.

 

 some of the tips are

 

run for specific user or profile .. u can achive this by using system.runas() method

 

use system.assert functions 

 

use test.starttest and test.stoptest methods....
Ankit AroraAnkit Arora

Just creating a test class to cover the code so you can go with deployment look fine but the problem is there may be failures after deployment if your test methods are not written properly.

 

As far as security is concerned, salesforce will not see that you have covered all the cases including positive and negative. They are more concerned with the issues like 

 

1) SOQL SOSL Injection

2) Stored XSS

3) XSRF

4) Queries with no where or limit clause

5) Bulkify Apex Method using collection in method

6) Async future method inside loops

7) Test method with no assert

 

etc...

 

So writing a good test cases are beneficial for your application.

 

 

Thanks
Ankit Arora

 

This was selected as the best answer
Ankit AroraAnkit Arora

You can also submit your code for scan here :

 

http://security.force.com/sourcescanner

 

 

Thanks
Ankit Arora

 
ManjeetManjeet

Thanks Ankit..
ManjeetManjeet

Hi Ankit

 

     As you said force.com is concerned about where and limit clause . then how i will find results based on some criteria . Is there any other option to do criteria based queries ?

 

thanks..
Ankit AroraAnkit Arora

Where clause is just raised as warning and not error, but you need to put limits in each query.

 

 

Thanks
Ankit Arora