Transcript
Hi, everybody. This is Davide, and today I'm gonna demo the Visual Studio Code extension for Clayton. So let's jump into it.
This is Visual Studio Code, and I already installed the Clayton extension and already checked out a demo project.
So, this is the main branch.
I already created the feature branch because what I'm gonna demonstrate today is essentially the main use case is to show you how it works, the Clayton Visual Studio Code extension for new development.
So here, since I already connected this project and already created this branch, I have immediately one scan of the latest commit.
And if we see the history, the git history, we can see that I have this new controller and, essentially, Clayton detected eleven issues.
So I can open the Clayton report directly in my IDE. I can navigate the list of issues by the location. So in this case, the file or the rules.
So we have essentially two main problems, one about CRUD/FLS bypass and one about SOQL statements.
Now for the sake of the demo, I created also another branch where I will essentially — that is starting from this branch that I just showed you.
But, I'm gonna try to fix some of these issues to demonstrate how the extension works and the development experience.
So I will start with these CRUD/FLS issues.
As I said, here, you can navigate directly in your IDE, or, obviously, you can still go from here directly to the web UI and access all the information that are available in the reports, all the resources, and more details about the issue itself.
But, directly from here, actually, it's pretty easy to go through all the issues and try to fix them once, obviously, you have awareness about the actual fix. So in this case, there is this operation here that is performed without any check.
So the first thing that obviously, I have very handy the fix for this. So the first thing I'm gonna fix is this CRUD/FLS issue and we can quickly show.
How. So let's — in order to trigger the scan I need to essentially commit and push the changes. So first of all, I need to save them, then commit and push.
And then I would get, since I'm tracking this branch in Clayton, I would get quickly a scan directly in my IDE.
Now in the meantime, we wait for the scan. We could also go through the other issues.
So, essentially, I have here a very similar issue, but for this other method. So I would copy the same fix.
In this case, I need to fix this for the object broker. Okay. So I can delete these other checks that are not relevant.
And let's do the same also here.
So in the meantime, I got the result of the previous commit. So let's do this.
So just for the sake of the demo I will not be very specific in the git comments, but anyway. So I got here a new scan.
Okay.
Now if I open the scan I can see that there are less issues. Actually you can see also more details in here. I fixed three — actually, sorry, four issues in the secure policy and specifically the one that I was expecting about the CRUD/FLS.
Here, one interesting detail is that the scan is not performed locally, but actually is performed in the cloud by the Clayton engine.
And the reason is that it's not just a scan of the current file, but actually is a scan of the full code base because the type of scan that Clayton can perform takes into consideration the whole context of the code base.
And it's not like just a linting rule of, let's say, this line.
So in this case, actually, I wanted also to show I didn't fix the issue as I expected.
And mainly because here, actually, even if it's the same object here, the same object is the right object, the check is performed on the right object.
Here I should create a check. Since it's an insert, I should check for these permissions and I guess the same is here.
Insert.
Actually, there is one more here.
Okay.
I should check and now everything should be good for these CRUD/FLS issues. So one, two, three.
I should have addressed all of them.
And I get now a new scan. In the meantime I will start to work on an unbounded SOQL statement. So here, yeah, another issue is that these statements have no limit — they are unbounded essentially, so I will do something a little bit silly but just for the purpose of the demo I will add limit one thousand.
Here we got the scan and as I expected I fixed all the issues for the CRUD/FLS violation.
And now the missing one is this SOQL statement. So I will fix them.
Adding a limit to unbounded queries and push the last change. So now I should be done with my work because, essentially, I added the new feature.
And, thanks to the VS Code extension directly from my IDE, I was able to essentially move forward and already fix some of the potential issues that I was going to introduce, directly in my IDE without even opening a pull request.
So, one yeah.
Here you go. Oh, sorry.
Ah, yeah. There is nothing to open actually because there are no issues.
And, yeah, and my file looks good. No complaints.
I was adding one last comment is that this project was configured — here there is the extension configuration.
So here my project is configured to essentially exclude legacy code. So this is a filter that we have on top of the scan so that I can essentially ignore — if I'm focusing on new development, I can ignore issues that were introduced before the adoption of Clayton, in a nutshell.
So now it looks good but this extension could be good also to be used to tackle technical debt.
Okay, I guess that's all.
Hopefully this was helpful and informative, so let us know. Thank you.
