Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False negative in G-9501 when parameter name is used more than once #73

Open
PhilippSalvisberg opened this issue Aug 8, 2024 · 0 comments
Open

False negative in G-9501 when parameter name is used more than once #73

PhilippSalvisberg opened this issue Aug 8, 2024 · 0 comments
Assignees
@rolandstirnimann
Labels
bug Something isn't working

Comments

@PhilippSalvisberg
Copy link
Collaborator

Here's an example:

create or replace procedure insert_sort(
   in_pk        varchar2,
   in_view_name varchar2,
   in_desc      varchar2
)
is
   sql_stmt varchar2(500);
begin
   sql_stmt := 'INSERT INTO sort_f (sort_id, fk_id, view_name, fk_name, fk_attr_desc, sort_nr) '
               || 'SELECT sort_seq.nextval, x.* '
               || 'FROM (SELECT distinct '
               || in_pk
               || ' fk_id '
               || ', '''
               || in_view_name
               || ''' view_name '
               || ', '''
               || in_pk
               || ''' fk_name '
               || ', '''
               || in_desc
               || ''' fk_attr_desc '
               || ', '
               || in_pk
               || ' sort_nr '
               || 'FROM '
               || in_view_name
               || ' WHERE NOT EXISTS '
               || ' ( SELECT 1 FROM sort_f s '
               || '    WHERE s.fk_id = '
               || sys.dbms_assert.sql_name(in_pk)
               || '      AND s.view_name = '''
               || sys.dbms_assert.sql_name(in_view_name)
               || ''' '
               || '      AND s.fk_attr_desc = '''
               || sys.dbms_assert.sql_name(in_desc)
               || ''' '
               || '  )'
               || ') x';

   execute immediate sql_stmt;
   commit;
end insert_sort;

No violations are reported for the unasserted usages of in_pk , in_view_name, in_desc.

Only the last usage of a parameter is considered for the check.
@PhilippSalvisberg PhilippSalvisberg added the bug Something isn't working label Aug 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rolandstirnimann rolandstirnimann

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PhilippSalvisberg @rolandstirnimann