# ======================================================================
# CODE ANALYZER CONFIGURATION
# To learn more about this configuration, visit:
#   https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/config-custom.html
# ======================================================================

# The absolute folder path to which all other path values in this configuration may be relative to.
# If unspecified, or if specified as null, then the value is automatically chosen to be the parent folder of your Code Analyzer
# configuration file if it exists, or the current working directory otherwise.
config_root: null # Last calculated by the config command as: "/Users/tim.paulaskas/Code/SalesforceCI"

# Folder where to store log files. May be an absolute path or a path relative to config_root.
# If unspecified, or if specified as null, then the value is automatically chosen to be your machine's default temporary directory.
log_folder: code-analyzer-logs # Modified from: null

# Rule override settings of the format rules.{engine_name}.{rule_name}.{property_name} = {override_value} where:
#   {engine_name} is the name of the engine containing the rule that you want to override.
#   {rule_name} is the name of the rule that you want to override.
#   {property_name} can either be:
#     'severity' - [Optional] The severity level value that you want to use to override the default severity level for the rule
#                  Possible values: 1 or 'Critical', 2 or 'High', 3 or 'Moderate', 4 or 'Low', 5 or 'Info'
#     'tags'     - [Optional] The string array of tag values that you want to use to override the default tags for the rule
# ---- [Example usage]: ---------------------
# rules:
#   eslint:
#     sort-vars:
#       severity: "Info"
#       tags: ["Recommended", "Suggestion"]
# -------------------------------------------
rules:
  # ======================================================================
  # ESLINT ENGINE RULE OVERRIDES
  # ======================================================================
  eslint:
    '@lwc/lwc-platform/no-aura':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc-platform/no-aura-libs':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc-platform/no-community-import':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc-platform/no-create-context-provider':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-deprecated-module-import':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-dynamic-import-identifier':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-forcegen-namespace':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc-platform/no-inline-disable':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-create':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-dispatch':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-execute':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-execute-privileged':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-execute-raw-response':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-get-event':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-get-module':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-is-external-definition':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-load-definitions':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-module-instrumentation':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-module-storage':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-register':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-render':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-interop-sanitize':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-process-env':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc-platform/no-site-import':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc-platform/no-wire-service':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc-platform/valid-dynamic-import-hint':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc/no-api-reassignments':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc/no-async-operation':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc/no-attributes-during-construction':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc/no-deprecated':
      severity: 3
      tags: # Modified from: ["Recommended","LWC","BestPractices","Javascript"]
        - Recommended
    '@lwc/lwc/no-disallowed-lwc-imports':
      severity: 3
      tags: # Modified from: ["Recommended","LWC","BestPractices","Javascript"]
        - Recommended
    '@lwc/lwc/no-document-query':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc/no-inner-html':
      severity: 3 # Modified from: 2
      tags:
        - Recommended
        - LWC
        - Security
        - Javascript
    '@lwc/lwc/no-leading-uppercase-api-name':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc/no-template-children':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc/no-unexpected-wire-adapter-usages':
      severity: 3
      tags: # Modified from: ["Recommended","LWC","BestPractices","Javascript"]
        - Recommended
    '@lwc/lwc/no-unknown-wire-adapters':
      severity: 3
      tags: # Modified from: ["Recommended","LWC","BestPractices","Javascript"]
        - Recommended
    '@lwc/lwc/prefer-custom-event':
      severity: 3
      tags:
        - Recommended
        - LWC
        - BestPractices
        - Javascript
    '@lwc/lwc/valid-api':
      severity: 3
      tags: # Modified from: ["Recommended","LWC","ErrorProne","Javascript"]
        - Recommended
    '@lwc/lwc/valid-graphql-wire-adapter-callback-parameters':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@lwc/lwc/valid-track':
      severity: 3
      tags: # Modified from: ["Recommended","LWC","ErrorProne","Javascript"]
        - Recommended
    '@lwc/lwc/valid-wire':
      severity: 3
      tags: # Modified from: ["Recommended","LWC","ErrorProne","Javascript"]
        - Recommended
    '@salesforce/lightning/valid-apex-method-invocation':
      severity: 3
      tags:
        - Recommended
        - LWC
        - ErrorProne
        - Javascript
    '@typescript-eslint/ban-ts-comment':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Typescript"]
        - Recommended
        - problem
    '@typescript-eslint/no-array-constructor':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Typescript"]
        - Recommended
        - suggestion
    '@typescript-eslint/no-duplicate-enum-values':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Typescript"]
        - Recommended
        - problem
    '@typescript-eslint/no-empty-object-type':
      severity: 3
      tags:
        - Recommended
        - BestPractices
        - Typescript
    '@typescript-eslint/no-explicit-any':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Typescript"]
        - Recommended
        - suggestion
    '@typescript-eslint/no-extra-non-null-assertion':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Typescript"]
        - Recommended
        - problem
    '@typescript-eslint/no-misused-new':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Typescript"]
        - Recommended
        - problem
    '@typescript-eslint/no-namespace':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Typescript"]
        - Recommended
        - suggestion
    '@typescript-eslint/no-non-null-asserted-optional-chain':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Typescript"]
        - Recommended
        - problem
    '@typescript-eslint/no-require-imports':
      severity: 3 # Modified from: 2
      tags:
        - Recommended
        - ErrorProne
        - Typescript
    '@typescript-eslint/no-this-alias':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Typescript"]
        - Recommended
        - suggestion
    '@typescript-eslint/no-unnecessary-type-constraint':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Typescript"]
        - Recommended
        - suggestion
    '@typescript-eslint/no-unsafe-declaration-merging':
      severity: 2
      tags: # Modified from: ["Recommended","ErrorProne","Typescript"]
        - Recommended
        - problem
    '@typescript-eslint/no-unsafe-function-type':
      severity: 2
      tags:
        - Recommended
        - ErrorProne
        - Typescript
    '@typescript-eslint/no-unused-expressions':
      severity: 3
      tags:
        - Recommended
        - BestPractices
        - Typescript
    '@typescript-eslint/no-unused-vars':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Typescript"]
        - Recommended
        - problem
    '@typescript-eslint/no-wrapper-object-types':
      severity: 3 # Modified from: 2
      tags:
        - Recommended
        - ErrorProne
        - Typescript
    '@typescript-eslint/prefer-as-const':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Typescript"]
        - Recommended
        - suggestion
    '@typescript-eslint/prefer-namespace-keyword':
      severity: 3
      tags:
        - Recommended
        - BestPractices
        - Typescript
    '@typescript-eslint/triple-slash-reference':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Typescript"]
        - Recommended
        - suggestion
    'constructor-super':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'for-direction':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'getter-return':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-async-promise-executor':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-case-declarations':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-class-assign':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-compare-neg-zero':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-cond-assign':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-const-assign':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-constant-condition':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-control-regex':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-debugger':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-delete-var':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-dupe-args':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-dupe-class-members':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-dupe-else-if':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-dupe-keys':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-duplicate-case':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-empty':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-empty-character-class':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-empty-pattern':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-ex-assign':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-extra-boolean-cast':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-fallthrough':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-func-assign':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-global-assign':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-import-assign':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-inner-declarations':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-invalid-regexp':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-irregular-whitespace':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-loss-of-precision':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-misleading-character-class':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-new-symbol':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-nonoctal-decimal-escape':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-obj-calls':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-octal':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-prototype-builtins':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-redeclare':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript"]
        - Recommended
        - suggestion
    'no-regex-spaces':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-restricted-imports':
      severity: 3
      tags: # Modified from: ["BestPractices","Javascript"]
        - Recommended
        - suggestion
    'no-self-assign':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-setter-return':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-shadow-restricted-names':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-sparse-arrays':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-this-before-super':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-undef':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-unexpected-multiline':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-unreachable':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-unsafe-finally':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-unsafe-negation':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-unsafe-optional-chaining':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-unused-labels':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-unused-vars':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript"]
        - Recommended
        - problem
    'no-useless-backreference':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'no-useless-catch':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-useless-escape':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-var':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'no-with':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'prefer-const':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'prefer-rest-params':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'prefer-spread':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'require-yield':
      severity: 3
      tags: # Modified from: ["Recommended","BestPractices","Javascript","Typescript"]
        - Recommended
        - suggestion
    'use-isnan':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem
    'valid-typeof':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","ErrorProne","Javascript","Typescript"]
        - Recommended
        - problem

  # ======================================================================
  # RETIRE-JS ENGINE RULE OVERRIDES
  # ======================================================================
  retire-js:
    'LibraryWithKnownCriticalSeverityVulnerability':
      severity: 1
      tags: # Modified from: ["Recommended","Security","Javascript"]
        - Recommended
    'LibraryWithKnownHighSeverityVulnerability':
      severity: 2
      tags: # Modified from: ["Recommended","Security","Javascript"]
        - Recommended
    'LibraryWithKnownMediumSeverityVulnerability':
      severity: 3
      tags: # Modified from: ["Recommended","Security","Javascript"]
        - Recommended
    'LibraryWithKnownLowSeverityVulnerability':
      severity: 4
      tags: # Modified from: ["Recommended","Security","Javascript"]
        - Recommended

  # ======================================================================
  # REGEX ENGINE RULE OVERRIDES
  # ======================================================================
  regex:
    'NoTrailingWhitespace':
      severity: 5
      tags: # Modified from: ["Recommended","CodeStyle","Apex"]
        - Recommended
        - CodeStyle
    'AvoidTermsWithImplicitBias':
      severity: 5
      tags: # Modified from: ["Recommended","BestPractices"]
        - Recommended
    'AvoidOldSalesforceApiVersions':
      severity: 3 # Modified from: 2
      tags: # Modified from: ["Recommended","Security","Xml"]
        - Recommended
        - Security
    'AvoidGetHeapSizeInLoop':
      severity: 3 # Modified from: 2
      tags:
        - Recommended
        - Performance
        - Apex
    'MinVersionForAbstractVirtualClassesWithPrivateMethod':
      severity: 3 # Modified from: 2
      tags:
        - Recommended
        - BestPractices
        - Apex

  # ======================================================================
  # FLOWTEST ENGINE RULE OVERRIDES
  # ======================================================================
  flowtest:
    'PreventPassingUserDataIntoElementWithoutSharing':
      severity: 2
      tags:
        - Recommended
        - Security
        - Xml
    'PreventPassingUserDataIntoElementWithSharing':
      severity: 4
      tags:
        - Recommended
        - Security
        - Xml

  # ======================================================================
  # PMD ENGINE RULE OVERRIDES
  # ======================================================================
  pmd:
    # Severity 1 - Critical Issues
    # Security Vulnerabilities: Hardcoded credentials, insecure API usage, injection risks, improper handling of authentication/authorization.
    # Breaking Functional Bugs: Code patterns that lead to runtime exceptions (e.g., null pointer dereferences, infinite loops), incorrect handling of exceptions (e.g., swallowing exceptions).
    # Regulatory Compliance Violations: Code violating legal/compliance policies (e.g., data exposure, GDPR/PII risks).
    'ApexBadCrypto': # Hardcoded cryptographic keys/IVs.
      severity: 1
      tags:
        - Security
        - Apex
    'ApexDangerousMethods': # Use of insecure methods.
      severity: 1
      tags:
        - Security
        - Apex
    'ApexInsecureEndpoint': # HTTP usage instead of HTTPS.
      severity: 1
      tags:
        - Security
        - Apex
    'ApexSharingViolations': # Missing explicit sharing settings in DML classes.
      severity: 1
      tags:
        - Security
        - Apex
    'ApexSOQLInjection': # Dynamic SOQL/SOSL with untrusted variables.
      severity: 1
      tags:
        - Security
        - Apex
    'ApexXSSFromEscapeFalse': # Disabling escaping in addError messages.
      severity: 1
      tags:
        - Security
        - Apex
    'ApexXSSFromURLParam': # Unescaped/sanitized user input from URL parameters.
      severity: 1
      tags:
        - Security
        - Apex
    'ApexCSRF': # DML operations in class constructors or initializers.
      severity: 1
      tags:
        - BreakingFunctionalBugs
        - Apex
    'AvoidHardcodingId': # Hardcoded record IDs affecting deployments.
      severity: 1
      tags:
        - RegulatoryCompliance
        - Apex
    'VfCsrf': # Cross-Site Request Forgery in Visualforce.
      severity: 1
      tags:
        - Security
        - Apex
    'VfHtmlStyleTagXss': # XSS vulnerabilities in Visualforce <style> tags.
      severity: 1
      tags:
        - Security
        - Apex
    'VfUnescapeEl': # Unescaped EL in Visualforce leading to injection vulnerabilities.
      severity: 1
      tags:
        - Security
        - Apex

    'EqualComparison': # Using == in condition may lead to unexpected results.
      severity: 1
      tags:
        - Security
        - Javascript

    # Severity 2 - High Issues
    # Stability & Reliability Risks: Race conditions, improper thread handling, use of deprecated/unsupported APIs.
    # Data Integrity Risks: Improper database transaction handling (e.g., lack of rollback), loss of precision in financial calculations.
    # Major Performance Bottlenecks: Inefficient loops, excessive resource consumption, unoptimized large object creation, memory leaks.
    'ApexCRUDViolation': # Missing access permission checks before SOQL/SOSL/DML.
      severity: 2
      tags:
        - Recommended
        - ErrorProne
        - Apex
    'ApexOpenRedirect': # User-controlled redirections.
      severity: 2
      tags:
        - Security
        - Compliance
        - Apex
    'ApexSuggestUsingNamedCred': # Hardcoded credentials in API requests.
      severity: 2
      tags:
        - Security
        - Compliance
        - Apex
    'AvoidGlobalModifier': # global classes can never be deleted (especially in managed packages).
      severity: 2
      tags:
        - Stability
        - Reliability
        - Apex
    'AvoidNonExistentAnnotations': # Use of non-existent or outdated annotations.
      severity: 2
      tags:
        - Stability
        - Reliability
        - Apex
    'InaccessibleAuraEnabledGetter': # Missing required access modifiers in Summer ‘21+.
      severity: 2
      tags:
        - Stability
        - Reliability
        - Apex
    'AvoidNonRestrictiveQueries': # Unfiltered SOQL/SOSL queries on large data sets.
      severity: 2
      tags:
        - Performance
        - Apex
    'AvoidWithStatement':
      severity: 2
      tags:
        - Security,
        - Javascript

    # Severity 3 - Medium Issues
    # Maintainability & Readability Concerns: Excessively long methods/classes, unused variables, dead code, lack of modularization.
    # Performance Optimizations: Inefficient collection usage (e.g., iterating through a large list instead of using a Set/Map), avoidable object instantiations.
    # Testability Concerns: Lack of dependency injection, excessive coupling, non-deterministic tests (e.g., time-dependent tests).
    'AvoidDirectAccessTriggerMap': # Accessing Trigger.old and Trigger.new directly.
      severity: 3
      tags:
        - BreakingFunctionalBugs
        - Apex
    'AvoidLogicInTrigger': # Business logic inside triggers instead of handler classes.
      severity: 3
      tags:
        - DataIntegrity
        - Apex
    'EagerlyLoadedDescribeSObjectResult': # Using getDescribe() without lazy loading.
      severity: 3
      tags:
        - Performance
        - Apex
    'ExcessiveClassLength': # Large, overloaded classes.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex
    'ExcessiveParameterList': # Methods with too many parameters.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex
    'ExcessivePublicCount': # Classes with excessive public attributes/methods.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex
    'OperationWithHighCostInLoop': # Costly operations inside loops.
      severity: 3
      tags:
        - Performance
        - Apex
    'OperationWithLimitsInLoop': # DML, SOQL, SOSL, Email calls inside loops.
      severity: 3
      tags:
        - Performance
        - Apex
    'UnusedMethod': # Unused methods making code harder to maintain.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex
    'QueueableWithoutFinalizer': # Missing finalizers in Queueable jobs.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex
    'CognitiveComplexity': # Overly complex methods.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex
    'CyclomaticComplexity': # High branching complexity in methods.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex
    'StdCyclomaticComplexity': # Complexity exceeding recommended limits.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex
    'TooManyFields': # Classes with too many instance variables.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex
    'AvoidDebugStatements': # Excessive debug logging affecting performance.
      severity: 3
      tags:
        - Performance
        - Apex
    'ApexUnitTestClassShouldHaveAsserts': # Unit tests without assertions.
      severity: 3
      tags:
        - Testability
        - Apex
    'ApexUnitTestClassShouldHaveRunAs': # Unit tests without runAs.
      severity: 3
      tags:
        - Testability
        - Apex
    'ApexUnitTestMethodShouldHaveIsTestAnnotation': # Missing @isTest annotations.
      severity: 3
      tags:
        - Testability
        - Apex
    'ApexUnitTestShouldNotUseSeeAllDataTrue': # Test classes exposing real data.
      severity: 3
      tags:
        - Testability
        - Apex
    'MethodWithSameNameAsEnclosingClass': # Non-constructor methods should not have the same name as the enclosing class.
      severity: 3
      tags:
        - Maintainability
        - Readability
        - Apex

    'ScopeForInVariable': # Poor variable scoping reduces readability and increases logical errors.
      severity: 3
      tags:
        - BestPractices
        - Apex

    'TestMethodsMustBeInTestClasses': # Test methods should reside in @isTest classes for better organization.
      severity: 3
      tags:
        - BestPractices
        - Testability
        - Apex

    'UnreachableCode': # Code that will never be executed increases technical debt.
      severity: 3
      tags:
        - BestPractices
        - Maintainability
        - Apex

    'UseBaseWithParseInt': # Failing to specify a base in parseInt() may lead to unexpected behavior.
      severity: 3
      tags:
        - BestPractices
        - Maintainability
        - Apex

    # Severity 4 - Low Issues
    # Coding Standards Violations: Inconsistent naming conventions, lack of method documentation, missing comments.
    # Minor Efficiency Issues: Unnecessary computations (e.g., redundant calculations), use of incorrect data structures (e.g., using a List instead of a Set for uniqueness).
    # Warnings for Future Issues: Methods/classes that might become problematic as the codebase scales.
    'ClassNamingConventions': # Enforcing class naming conventions.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex
    'FieldNamingConventions': # Standardized variable naming.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex
    'MethodNamingConventions': # Proper naming conventions for methods.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex
    'FormalParameterNamingConventions': # Naming consistency for method parameters.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex
    'PropertyNamingConventions': # Enforcing naming conventions for properties.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex
    'LocalVariableNamingConventions': # Standardization of local variables.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex
    'FieldDeclarationsShouldBeAtStart': # Fields should appear before methods.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex
    'OneDeclarationPerLine': # Only one variable per line.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex
    'DebugsShouldUseLoggingLevel': # System.debug should use LoggingLevel.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex
    'AvoidDeeplyNestedIfStmts': # Prevents difficult-to-read nested conditions.
      severity: 4
      tags:
        - CodeStyle
        - Readability
        - Apex

    # Severity 5 - Lowest Issues
    # Minor Code Style Issues: Indentation, spacing, unused imports, unnecessary explicit type declarations.
    # Suggestions for Improvement: Encouraging use of Java 8+ features (e.g., lambda expressions), recommended API usage patterns (e.g., StringBuilder instead of String concatenation in loops).
    'IfElseStmtsMustUseBraces': # Enforces {} on if-else statements.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'IfStmtsMustUseBraces': # Requires {} in if statements.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'WhileLoopsMustUseBraces': # Enforces {} in while loops.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'ForLoopsMustUseBraces': # Requires {} in for loops.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'ApexDoc': # Enforces ApexDoc comments on methods, classes, and properties.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'EmptyCatchBlock': # Catches exceptions but does nothing.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'EmptyIfStmt': # if condition exists but does nothing.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'EmptyStatementBlock': # Empty {} blocks should be removed.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'EmptyTryOrFinallyBlock': # Unused try or finally blocks.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'EmptyWhileStmt': # Empty while loops.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
    'GlobalVariable': # Potential false positives for global variables.
      severity: 5
      tags:
        - BestPractices
        - Javascript
    'AvoidTrailingComma': # Trailing commas are a minor formatting issue and do not impact execution.
      severity: 5
      tags:
        - CodeStyle
        - Readability
        - Apex
  # ======================================================================
  # CPD ENGINE RULE OVERRIDES
  # ======================================================================
  cpd:
    'DetectCopyPasteForApex':
      severity: 5
      tags:
        - Recommended
        - Design
        - Apex
    'DetectCopyPasteForJavascript':
      severity: 5
      tags:
        - Recommended
        - Design
        - Javascript
    'DetectCopyPasteForTypescript':
      severity: 5
      tags:
        - Recommended
        - Design
        - Typescript
    'DetectCopyPasteForVisualforce':
      severity: 5
      tags:
        - Recommended
        - Design
        - Visualforce

# Engine specific custom configuration settings of the format engines.{engine_name}.{property_name} = {value} where:
#   {engine_name} is the name of the engine containing the setting that you want to override.
#   {property_name} is the name of a property that you would like to override.
# Each engine may have its own set of properties available to help customize that particular engine's behavior.
engines:
  # ======================================================================
  # ESLINT ENGINE CONFIGURATION
  # To learn more about this configuration, visit:
  #   https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/engine-eslint.html#eslint-configuration-reference
  # ======================================================================
  eslint:
    # Whether to turn off the 'eslint' engine so that it is not included when running Code Analyzer commands.
    disable_engine: false

    # Your project's main ESLint configuration file. May be an absolute path or a path relative to the config_root.
    # If null and auto_discover_eslint_config is true, then Code Analyzer will attempt to discover/apply it automatically.
    # Currently only legacy ESLInt config files are supported.
    # See https://eslint.org/docs/v8.x/use/configure/configuration-files to learn more.
    eslint_config_file: null

    # Your project's ".eslintignore" file. May be an absolute path or a path relative to the config_root.
    # If null and auto_discover_eslint_config is true, then Code Analyzer will attempt to discover/apply it automatically.
    # See https://eslint.org/docs/v8.x/use/configure/ignore#the-eslintignore-file to learn more.
    eslint_ignore_file: null

    # Whether to have Code Analyzer automatically discover/apply any ESLint configuration and ignore files from your workspace.
    auto_discover_eslint_config: true

    # Whether to turn off the default base configuration that supplies the standard ESLint rules for JavaScript files.
    disable_javascript_base_config: false

    # Whether to turn off the default base configuration that supplies the LWC rules for JavaScript files.
    disable_lwc_base_config: false

    # Whether to turn off the default base configuration that supplies the standard rules for TypeScript files.
    disable_typescript_base_config: true

    # Extensions of the files in your workspace that will be used to discover rules.
    # To associate file extensions to the standard ESLint JavaScript rules, LWC rules, or custom JavaScript-based
    # rules, add them under the 'javascript' language. To associate file extensions to the standard TypeScript
    # rules or custom TypeScript-based rules, add them under the 'typescript' language. To allow for the
    # discovery of custom rules that are associated with any other language, then add the associated file
    # extensions under the 'other' language.
    file_extensions:
      javascript:
        - .js
        - .cjs
        - .mjs
      typescript:
        - .ts
      other: []

  # ======================================================================
  # RETIRE-JS ENGINE CONFIGURATION
  # To learn more about this configuration, visit:
  #   https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/engine-retire-js.html#retirejs-configuration-reference
  # ======================================================================
  retire-js:
    # Whether to turn off the 'retire-js' engine so that it is not included when running Code Analyzer commands.
    disable_engine: false

  # ======================================================================
  # REGEX ENGINE CONFIGURATION
  # To learn more about this configuration, visit:
  #   https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/engine-regex.html#regex-configuration-reference
  # ======================================================================
  regex:
    # Whether to turn off the 'regex' engine so that it is not included when running Code Analyzer commands.
    disable_engine: true

    # Custom rules to be added to the 'regex' engine of the format custom_rules.{rule_name}.{rule_property_name} = {value} where:
    #   {rule_name} is the name you would like to give to your custom rule
    #   {rule_property_name} is the name of one of the rule properties. You may specify the following rule properties:
    #     'regex'             - The regular expression that triggers a violation when matched against the contents of a file.
    #     'file_extensions'   - The extensions of the files that you would like to test the regular expression against.
    #     'description'       - A description of the rule's purpose
    #     'violation_message' - [Optional] The message emitted when a rule violation occurs.
    #                           This message is intended to help the user understand the violation.
    #                           Default: 'A match of the regular expression {regex} was found for rule {rule_name}: {description}'
    #     'severity'          - [Optional] The severity level to apply to this rule by default.
    #                           Possible values: 1 or 'Critical', 2 or 'High', 3 or 'Moderate', 4 or 'Low', 5 or 'Info'
    #                           Default: 3
    #     'tags'              - [Optional] The string array of tag values to apply to this rule by default.
    #                           Default: ['Recommended']
    # ---- [Example usage]: ---------------------
    # engines:
    #   regex:
    #     custom_rules:
    #       "NoTodoComments":
    #         regex: /\/\/[ \t]*TODO/gi
    #         file_extensions: [".apex", ".cls", ".trigger"]
    #         description: "Prevents TODO comments from being in apex code."
    #         violation_message: "A comment with a TODO statement was found. Please remove TODO statements from your apex code."
    #         severity: "Info"
    #         tags: ["TechDebt"]
    # -------------------------------------------
    custom_rules:
      PMDSuppressWarningsGlobal:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\b(?!\.)[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags usage of @SuppressWarnings with the global 'PMD' suppression.
        violation_message: >-
          The @SuppressWarnings contains a global 'PMD' suppression, which should be
          reviewed for proper use or bypass approval.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDAvoidGlobalModifier:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.AvoidGlobalModifier\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: >-
          Flags usage of @SuppressWarnings with 'PMD.AvoidGlobalModifier' to ensure
          its use is justified.
        violation_message: >-
          The @SuppressWarnings contains 'PMD.AvoidGlobalModifier', which should be
          reviewed for proper use or bypass approval.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexBadCrypto:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexBadCrypto\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexBadCrypto'.
        violation_message: Review suppression of 'PMD.ApexBadCrypto'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexCSRF:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexCSRF\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexCSRF'.
        violation_message: Review suppression of 'PMD.ApexCSRF'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexCRUDViolation:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexCRUDViolation\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexCRUDViolation'.
        violation_message: Review suppression of 'PMD.ApexCRUDViolation'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexDangerousMethods:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexDangerousMethods\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexDangerousMethods'.
        violation_message: Review suppression of 'PMD.ApexDangerousMethods'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexInsecureEndpoint:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexInsecureEndpoint\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexInsecureEndpoint'.
        violation_message: Review suppression of 'PMD.ApexInsecureEndpoint'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexOpenRedirect:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexOpenRedirect\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexOpenRedirect'.
        violation_message: Review suppression of 'PMD.ApexOpenRedirect'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexSharingViolations:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexSharingViolations\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexSharingViolations'.
        violation_message: Review suppression of 'PMD.ApexSharingViolations'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexSOQLInjection:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexSOQLInjection\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexSOQLInjection'.
        violation_message: Review suppression of 'PMD.ApexSOQLInjection'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexSuggestUsingNamedCred:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexSuggestUsingNamedCred\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexSuggestUsingNamedCred'.
        violation_message: Review suppression of 'PMD.ApexSuggestUsingNamedCred'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexXSSFromEscapeFalse:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexXSSFromEscapeFalse\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexXSSFromEscapeFalse'.
        violation_message: Review suppression of 'PMD.ApexXSSFromEscapeFalse'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDApexXSSFromURLParam:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.ApexXSSFromURLParam\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.ApexXSSFromURLParam'.
        violation_message: Review suppression of 'PMD.ApexXSSFromURLParam'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDVfCsrf:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.VfCsrf\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.VfCsrf'.
        violation_message: Review suppression of 'PMD.VfCsrf'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDVfHtmlStyleTagXss:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.VfHtmlStyleTagXss\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.VfHtmlStyleTagXss'.
        violation_message: Review suppression of 'PMD.VfHtmlStyleTagXss'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger
      PMDVfUnescapeEl:
        regex: >-
          /^@SuppressWarnings\(\s*'([^']*\bPMD\.VfUnescapeEl\b[^']*)'\s*\)(?!\s*\/\/\s*Bypass
          Security:\s+[A-Za-z0-9]+-\d+\s*\(Security-approved\))/gim
        description: Flags suppression of 'PMD.VfUnescapeEl'.
        violation_message: Review suppression of 'PMD.VfUnescapeEl'.
        severity: 1
        tags:
          - Must
          - Security
          - CodeQuality
        file_extensions:
          - .apex
          - .cls
          - .trigger

  # ======================================================================
  # PMD ENGINE CONFIGURATION
  # To learn more about this configuration, visit:
  #   https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/engine-pmd.html#pmd-configuration-reference
  # ======================================================================
  pmd:
    # Whether to turn off the 'pmd' engine so that it is not included when running Code Analyzer commands.
    disable_engine: false

    # Indicates the specific 'java' command associated with the JRE or JDK to use for the 'pmd' engine.
    # May be provided as the name of a command that exists on the path, or an absolute file path location.
    # If unspecified, or specified as null, then an attempt will be made to automatically discover a 'java' command from your environment.
    java_command: null

    # Specifies the list of file extensions to associate to each rule language.
    # The rule(s) associated with a given language will run against all the files in your workspace containing one of
    # the specified file extensions. Each file extension can only be associated to one language. If a specific language
    # is not specified, then a set of default file extensions for that language will be used.
    file_extensions:
      apex:
        - .cls
        - .trigger
      html:
        - .html
        - .htm
        - .xhtml
        - .xht
        - .shtml
        - .cmp
      javascript:
        - .js
        - .cjs
        - .mjs
      typescript:
        - .ts
      visualforce:
        - .page
        - .component
      xml:
        - .xml

    # List of jar files and/or folders to add the Java classpath when running PMD.
    # Each entry may be given as an absolute path or a relative path to 'config_root'.
    # This field is primarily used to supply custom Java based rule definitions to PMD.
    # See https://pmd.github.io/pmd/pmd_userdocs_extending_writing_java_rules.html
    java_classpath_entries: []

    # List of xml ruleset files containing custom PMD rules to be made available for rule selection.
    # Each ruleset must be an xml file that is either:
    #   - on disk (provided as an absolute path or a relative path to 'config_root')
    #   - or a relative resource found on the Java classpath.
    # Not all custom rules can be fully defined within an xml ruleset file. For example, Java based rules may be defined in jar files.
    # In these cases, you will need to also add your additional files to the Java classpath using the 'java_classpath_entries' field.
    # See https://pmd.github.io/pmd/pmd_userdocs_making_rulesets.html to learn more about PMD rulesets.
    custom_rulesets: []

  # ======================================================================
  # CPD ENGINE CONFIGURATION
  # To learn more about this configuration, visit:
  #   https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/engine-cpd.html#cpd-configuration-reference
  # ======================================================================
  cpd:
    # Whether to turn off the 'cpd' engine so that it is not included when running Code Analyzer commands.
    disable_engine: true

    # Indicates the specific 'java' command associated with the JRE or JDK to use for the 'cpd' engine.
    # May be provided as the name of a command that exists on the path, or an absolute file path location.
    # If unspecified, or specified as null, then an attempt will be made to automatically discover a 'java' command from your environment.
    java_command: null

    # Specifies the list of file extensions to associate to each rule language.
    # The rule(s) associated with a given language will run against all the files in your workspace containing one of
    # the specified file extensions. Each file extension can only be associated to one language. If a specific language
    # is not specified, then a set of default file extensions for that language will be used.
    file_extensions:
      apex:
        - .cls
        - .trigger
      html:
        - .html
        - .htm
        - .xhtml
        - .xht
        - .shtml
        - .cmp
      javascript:
        - .js
        - .cjs
        - .mjs
      typescript:
        - .ts
      visualforce:
        - .page
        - .component
      xml:
        - .xml

    # Specifies the minimum tokens threshold for each rule language.
    # The minimum tokens threshold is the number of tokens required to be in a duplicate block of code in order to be
    # reported as a violation. The concept of a token may be defined differently per language, but in general it is a
    # distinct basic element of source code. For example, this could be language specific keywords, identifiers,
    # operators, literals, and more. See https://docs.pmd-code.org/latest/pmd_userdocs_cpd.html to learn more.
    # If a value for a language is unspecified, then the default value of 100 will be used for that language.
    minimum_tokens:
      apex: 100
      html: 100
      javascript: 100
      typescript: 100
      visualforce: 100
      xml: 100

    # Indicates whether to ignore multiple copies of files of the same name and length.
    skip_duplicate_files: false

  # ======================================================================
  # FLOWTEST ENGINE CONFIGURATION
  # To learn more about this configuration, visit:
  #   https://developer.salesforce.com/docs/platform/salesforce-code-analyzer/guide/engine-flowtest.html#flowtest-configuration-reference
  # ======================================================================
  flowtest:
    # Whether to turn off the 'flowtest' engine so that it is not included when running Code Analyzer commands.
    disable_engine: true

    # Indicates the specific Python command to use for the 'flowtest' engine.
    # May be provided as the name of a command that exists on the path, or an absolute file path location.
    # If unspecified, or specified as null, then an attempt will be made to automatically discover a Python command from your environment.
    python_command: null
# ======================================================================
# END OF CODE ANALYZER CONFIGURATION
# ======================================================================
