Critical

Code Rules in Critical Severity

Category Severity Name Description
Maintainability Critical %TYPE and %ROWTYPE should not be used in package specification

The %TYPE and %ROWTYPE should not be used in package specification as they are not allowed in the package specification. These two attributes are used to declare a variable or a column of a table. They are used to store the data type of the variable or the column. The %TYPE attribute is used to store the data type of a variable and the %ROWTYPE attribute is used to store the data type of a column of a table. Using these two attributes in the package specification will result in an error.

Maintainability Critical A primary key should be specified during table creation

When creating a table in PL/SQL, it is important to specify a primary key. A primary key is a column or set of columns that uniquely identifies each row in a table. By specifying a primary key, it ensures that each row in the table is uniquely identified and can be easily referenced. This also helps to ensure data integrity, as it prevents duplicate entries from being created in the table. Additionally, it can help to improve query performance, as the primary key can be used to quickly locate a specific row in the table. Therefore, it is best practice to always specify a primary key when creating a table in PL/SQL.

Maintainability Critical Block labels should appear on the same lines as END

The rule "Block labels should appear on the same lines as END" states that when writing PL/SQL code, the label of a block should be placed on the same line as the END statement that marks the end of the block. This helps to make the code more readable and easier to understand. It also makes it easier to identify the start and end of each block, which can be useful when debugging or troubleshooting.

Maintainability Critical Block start and end labels should match

The rule "Block start and end labels should match" states that when writing PL/SQL code, the labels used to mark the start and end of a block of code should be the same. This helps ensure that the code is properly structured and that all of the code within a block is executed as expected. It also helps to make the code easier to read and understand.

Maintainability Critical Blocks containing EXECUTE IMMEDIATE should trap all exceptions

The rule "Blocks containing EXECUTE IMMEDIATE should trap all exceptions" states that when using the EXECUTE IMMEDIATE command in a PL/SQL block, all exceptions should be trapped. This means that any errors that occur during the execution of the command should be handled by the PL/SQL block. This is done by using the EXCEPTION clause, which allows the programmer to define how the errors should be handled. This ensures that the program can continue to execute even if an error occurs. This is important for ensuring that the program does not crash or produce unexpected results.

Maintainability Critical CASE expressions should end with ELSE clauses

The CASE expression rule states that all CASE expressions should end with an ELSE clause. This clause is used to provide a default value when none of the conditions in the CASE expression are met. This ensures that the CASE expression will always return a value, even if none of the conditions are met. It also helps to make the code more readable and maintainable by making it clear what the default value should be.

Bug Critical Collections should not be iterated in FOR loops

The rule "Collections should not be iterated in FOR loops" in PL/SQL code means that collections should not be used in a FOR loop. Instead, collections should be iterated using a cursor, which is a looping construct that allows for the iteration of a collection. This rule is important because it ensures that the code is efficient and that it does not cause any unnecessary performance issues. Additionally, using a cursor allows for more flexibility when iterating over a collection, as it allows for the use of different types of iterators.

Bug Critical COMMIT and ROLLBACK should not be called from non-autonomous transaction triggers

The rule "COMMIT and ROLLBACK should not be called from non-autonomous transaction triggers" states that when writing PL/SQL code, COMMIT and ROLLBACK should not be used in triggers that are not autonomous transactions. Autonomous transactions are transactions that are independent of the current transaction and can be committed or rolled back without affecting the current transaction. Non-autonomous transactions are transactions that are dependent on the current transaction and any changes made to them will affect the current transaction. Therefore, when writing PL/SQL code, it is important to ensure that COMMIT and ROLLBACK are not called from non-autonomous transaction triggers to avoid any unexpected changes to the current transaction.

Bug Critical COMMIT should not be used inside a loop

The rule "COMMIT should not be used inside a loop" states that the COMMIT statement should not be used inside a loop in PL/SQL code. This is because a COMMIT statement will cause the entire transaction to be committed, and any subsequent changes made within the loop will not be saved. Instead, the COMMIT statement should be used after the loop has been completed, so that all changes are committed at once.

Bug Critical Constant declarations should contain initialization assignments

The rule "Constant declarations should contain initialization assignments" states that when declaring a constant in PL/SQL, it should be initialized with an assignment. This means that when a constant is declared, its value should be set immediately. This ensures that the constant is always initialized with a value and can be used in the code without any unexpected behavior.

Bug Critical Constraints should not be applied to types that cannot be constrained

This rule states that constraints should not be applied to data types that cannot be constrained. This is because applying constraints to data types that cannot be constrained will result in an error. For example, if a constraint is applied to a data type such as a BLOB (Binary Large Object) or CLOB (Character Large Object), the constraint will not be enforced and an error will be thrown. Therefore, it is important to ensure that constraints are only applied to data types that can be constrained.

Maintainability Critical CREATE OR REPLACE should be used instead of CREATE

The CREATE OR REPLACE rule states that when creating or modifying an existing PL/SQL object, the CREATE OR REPLACE statement should be used instead of the CREATE statement. This ensures that any existing object is replaced with the new version, rather than creating a duplicate object with the same name. This rule also applies to other types of objects, such as views, triggers, and stored procedures. By using the CREATE OR REPLACE statement, developers can ensure that their code is always up-to-date and that any existing objects are not duplicated.

Maintainability Critical DBMS_OUTPUT.PUT_LINE should not be used

The DBMS_OUTPUT.PUT_LINE should not be used rule states that the DBMS_OUTPUT.PUT_LINE command should not be used in PL/SQL code. This command is used to display output from PL/SQL code, but it is not recommended for production code due to its limited capabilities and lack of scalability. Instead, it is recommended to use other methods such as writing to a log file or displaying output in a web page.

Bug Critical DELETE and UPDATE statements should contain WHERE clause

The DELETE and UPDATE statements should contain a WHERE clause in order to limit the scope of the operation. Without a WHERE clause, the statement will delete or update all rows in a table, which is not usually the desired outcome. The WHERE clause should specify the criteria for the rows to be affected by the statement. This ensures that only the intended rows are affected and that other rows are not unintentionally modified.

Vulnerability Critical DES or 3DES Used DES or 3DES Used is a rule for encrypting data using the Data Encryption Standard (DES) or Triple DES (3DES) algorithms. DES is an older encryption algorithm that uses a 56-bit key to encrypt data, while 3DES is a more secure algorithm that uses three 56-bit keys for encryption. Both algorithms are widely used for encrypting data, especially for financial and government applications.
SecurityWarning Critical Dynamically executing code is security-sensitive

The rule "Dynamically executing code is security-sensitive" in PL/SQL code means that code which is executed at runtime, rather than being compiled and stored in the database, can pose a security risk. This is because the code is not checked for errors or malicious code before it is executed, and so can potentially be used to gain access to sensitive data or perform malicious actions. As such, it is important to ensure that any code which is executed dynamically is properly checked and secured before it is executed.

Bug Critical END LOOP should be followed by a semicolon The END LOOP should be followed by a semicolon (;) rule in PL/SQL code states that the END LOOP statement must be followed by a semicolon (;) in order for the code to be valid and executable. This is because the END LOOP statement marks the end of a loop, and the semicolon (;) is used to terminate the statement. Without the semicolon (;), the code will not be valid and will not execute correctly.
Maintainability Critical EXCEPTION_INIT -20,NNN calls should be centralized

The EXCEPTION_INIT -20,NNN rule states that all calls to the -20,NNN exception should be centralized in one location. This means that all code that calls the -20,NNN exception should be placed in one specific area of the code, such as a single procedure or function. This helps to ensure that all code that calls the -20,NNN exception is consistent and that any changes to the exception are made in one place. This also helps to reduce the amount of duplicate code that is written, as the same code can be used for all calls to the -20,NNN exception. By centralizing the calls to the -20,NNN exception, the code is easier to maintain and debug.

Vulnerability Critical Exceptions should not be ignored

The rule "Exceptions should not be ignored" in PL/SQL code means that any errors or exceptions that occur during the execution of the code should be handled properly. This means that the code should include appropriate exception handling blocks to catch any errors that may occur. The code should also include appropriate logging and error messages to ensure that any errors are properly recorded and reported. This rule is important to ensure that any errors that occur during the execution of the code are handled properly and do not cause any unexpected or undesired behavior.

Bug Critical FETCH ... BULK COLLECT INTO should not be used without a LIMIT clause

The FETCH ... BULK COLLECT INTO code rule states that the FETCH ... BULK COLLECT INTO statement should not be used without a LIMIT clause. This is because the FETCH ... BULK COLLECT INTO statement can be used to retrieve a large number of rows from a database table, and without a LIMIT clause, it could retrieve an excessive amount of data, which could cause performance issues. Therefore, it is important to always include a LIMIT clause when using the FETCH ... BULK COLLECT INTO statement to ensure that only the necessary amount of data is retrieved.

Bug Critical FORALL statements should use the SAVE EXCEPTIONS clause

The FORALL statement in PL/SQL is used to execute a set of DML statements in a single call, and can improve performance when used correctly. The SAVE EXCEPTIONS clause should be used when using the FORALL statement to ensure that any exceptions encountered during the execution of the DML statements are saved and can be inspected later. This clause allows the user to identify which statements failed and why, and can be used to take corrective action if necessary.

Bug Critical FORMS_DDL('COMMIT') and FORMS_DDL('ROLLBACK') should not be used

The rule "FORMS_DDL('COMMIT') and FORMS_DDL('ROLLBACK') should not be used" states that the PL/SQL code should not use the FORMS_DDL('COMMIT') and FORMS_DDL('ROLLBACK') commands. These commands are used to commit or rollback changes to the database, and should not be used in PL/SQL code as they can cause unexpected results. Instead, the code should use the COMMIT and ROLLBACK commands, which are more reliable and provide better control over the database transactions.

Bug Critical Functions should end with RETURN statements

The Pl_Sql code rule that "Functions should end with RETURN statements" states that all functions should be terminated with a RETURN statement. This RETURN statement should be the last line of code in the function and should return a valid value that is compatible with the function's return type. This ensures that the function returns the expected result and does not cause any unexpected errors.

Maintainability Critical Global public variables should not be defined

The rule "Global public variables should not be defined" states that global variables should not be declared in PL/SQL code. Global variables are variables that are accessible to all parts of the code, and can be changed by any part of the code. This can lead to unexpected behavior and can make it difficult to debug and maintain code. Therefore, it is best practice to avoid using global public variables in PL/SQL code.

Maintainability Critical GOTO should not be used to jump backwards

The Pl_Sql code rule "GOTO should not be used to jump backwards" states that the GOTO statement should not be used to jump to a previous line of code. This is because it can lead to code that is difficult to read and maintain, and can cause unexpected results. Instead, other control flow statements such as IF-THEN-ELSE, WHILE, and FOR should be used to control the flow of the program.

Maintainability Critical IF...ELSEIF constructs should end with ELSE clauses

The IF...ELSEIF code construct should always end with an ELSE clause. This ensures that all possible conditions are accounted for and that the code will execute properly. Without an ELSE clause, the code will not execute correctly if none of the IF or ELSEIF conditions are met. An ELSE clause provides a default action if none of the other conditions are met. This helps to ensure that the code is robust and can handle any situation.

Bug Critical Improper constraint forms should not be used

The rule "Improper constraint forms should not be used" states that any PL/SQL code should not use any forms of constraints that are not supported by the language. This includes using constraints that are not supported by the language, such as using a non-standard syntax or using an unsupported type of constraint. This rule is important to ensure that the code is written correctly and is not prone to errors or unexpected behavior. Additionally, it helps to ensure that the code is compatible with other PL/SQL code and databases.

Bug Critical Individual WHERE clause conditions should not be unconditionally true or false

The rule "Individual WHERE clause conditions should not be unconditionally true or false" states that each condition in a WHERE clause should be evaluated and not be predetermined as either true or false. This means that each condition should be checked against the data and not be assumed to be true or false without any evaluation. This helps to ensure that the results of the query are accurate and that the query is not returning incorrect results due to an assumption that a condition is true or false.

Bug Critical Insert statement values not including Non-Null Columns

The "Insert statement values not including Non-Null Columns" rule in PL/SQL states that when inserting values into a table, any non-null columns must be included in the insert statement. This means that any columns with a non-null constraint must be included in the insert statement, even if the value being inserted is NULL. If a non-null column is not included in the insert statement, an error will be thrown. This rule is important to ensure data integrity and accuracy in the database.

Maintainability Critical INSERT statements should explicitly list the columns to be set

The rule "INSERT statements should explicitly list the columns to be set" states that when using an INSERT statement in PL/SQL, the columns that will be set should be explicitly listed. This helps to ensure that the data is being inserted into the correct columns and that the data is valid for the column type. It also helps to avoid any potential errors that may occur when inserting data into the wrong column. Additionally, explicitly listing the columns to be set can help to improve the readability and maintainability of the code.

Maintainability Critical LIKE clauses should not be used without wildcards

The rule "LIKE clauses should not be used without wildcards" in PL/SQL code means that when using the LIKE operator, it should always be accompanied by a wildcard character. Wildcard characters are used to create patterns in strings and can be used in conjunction with the LIKE operator to search for strings that match the pattern. For example, if you wanted to search for all strings that start with the letter "A", you would use the LIKE operator with the wildcard character "%A". Without the wildcard character, the LIKE operator would only search for strings that are exactly "A".

Maintainability Critical Lines should not end with trailing whitespaces

The Pl/SQL code rule "Lines should not end with trailing whitespaces" states that each line of code should not contain any unnecessary whitespace characters at the end. This helps to ensure that the code is properly formatted and easier to read. Additionally, it can help to prevent errors from occurring due to unexpected whitespace characters.

Maintainability Critical LOOP ... END LOOP; constructs should be avoided

The rule "LOOP ... END LOOP; constructs should be avoided" in PL/SQL code states that loops should not be used in code. Instead, other methods such as cursors should be used to iterate through data. Loops can be inefficient and can lead to performance issues. Additionally, they can be difficult to debug and maintain. Therefore, it is best to avoid using loops in PL/SQL code.

Maintainability Critical Loop start and end labels should match

The rule "Loop start and end labels should match" states that when writing a PL/SQL code block that contains a loop, the labels used to denote the start and end of the loop should be the same. This is important to ensure that the loop is executed correctly and that the code runs as expected. By using the same label for the start and end of the loop, it will be easier to identify the start and end points of the loop and to debug any issues that may arise.

Bug Critical NCHAR and NVARCHAR2 size in bytes The NCHAR and NVARCHAR2 size in bytes rule states that the size of NCHAR and NVARCHAR2 data types must be specified in bytes rather than characters. The maximum size of an NCHAR or NVARCHAR2 column is 2000 bytes. The number of characters that can be stored in an NCHAR or NVARCHAR2 column is dependent on the number of bytes specified for the column. For example, if the size of the column is specified as 10 bytes, then the maximum number of characters that can be stored in the column is 10 characters.
Maintainability Critical Newline and control characters should not be used in string literals

The rule "Newline and control characters should not be used in string literals" in PL/SQL code means that when writing a string literal, the programmer should avoid using any newline or control characters. This is because these characters can cause unexpected results when the code is executed. For example, if a newline character is used in a string literal, it could cause the string to be split into multiple lines when printed. Similarly, if a control character is used, it could cause unexpected behavior when the code is executed. Therefore, it is important to avoid using newline and control characters in string literals when writing PL/SQL code.

Bug Critical Nullable subqueries should not be used in NOT IN conditions

The rule "Nullable subqueries should not be used in NOT IN conditions" states that when using a NOT IN condition in a PL/SQL statement, the subquery should not return any null values. This is because when a subquery returns a null value, the NOT IN condition will always evaluate to false, even if the value being compared is not in the subquery. This can lead to unexpected results and should be avoided.

Bug Critical Overridden Predefined Exceptions

The "Overridden Predefined Exceptions" rule in PL/SQL code states that when a predefined exception is raised, the associated error code and error message should be overridden with a user-defined error code and message. This allows for more precise control over the error handling process, as well as providing more meaningful error messages to the user. This rule also states that the user-defined error code should be unique, and should be used consistently throughout the code. Additionally, the user-defined error message should provide more information about the cause of the error, and should be written in a language that is easily understood by the user.

Bug Critical Pipelined functions should have at least one PIPE ROW statement and not return an expression

The rule states that when writing PL/SQL code for a pipelined function, the function must contain at least one PIPE ROW statement and should not return an expression. A PIPE ROW statement is used to return a row from a pipelined function, and an expression is a statement that evaluates to a single value. This rule ensures that the pipelined function is able to return multiple rows, as opposed to just a single value.

Bug Critical Positional and named arguments should not be mixed in invocations

The rule "Positional and named arguments should not be mixed in invocations" states that when invoking a PL/SQL procedure or function, all arguments should either be passed in using their position in the argument list, or all arguments should be passed in using their named parameters. Mixing positional and named arguments in the same invocation is not allowed.

Maintainability Critical Quoted identifiers should not be used

The rule "Quoted identifiers should not be used" states that when writing PL/SQL code, it is best practice to avoid using quoted identifiers. Quoted identifiers are names of objects in the database that are surrounded by double quotes. These identifiers are case-sensitive and can cause confusion and errors. It is better to use unquoted identifiers, which are not case-sensitive and are easier to read and understand. Unquoted identifiers should be used whenever possible.

Bug Critical RAISE_APPLICATION_ERROR should only be used with error codes from -20,000 to - 20,999

The RAISE_APPLICATION_ERROR code rule states that the RAISE_APPLICATION_ERROR command should only be used with error codes that range from -20,000 to -20,999. This command is used to raise an exception and return an error message to the user. The error message should be meaningful and provide information about the cause of the error. This code rule ensures that the error codes used are specific and meaningful, so that the user can easily understand the cause of the error.

Bug Critical Scale should not be specified for float types

The Pl_Sql code rule "Scale should not be specified for float types" means that when defining a float type in Pl_Sql, the scale (the number of digits after the decimal point) should not be specified. This is because float types are designed to store numbers with a variable number of digits after the decimal point, and specifying a scale would limit the number of digits that can be stored.

Maintainability Critical SELECT statements used as argument of EXISTS statements should be selective

The SELECT statement used as argument of EXISTS statements should be selective, meaning that it should only return a few rows. This is important because the EXISTS statement only checks whether any rows are returned, not the actual number of rows. If the SELECT statement returns too many rows, the EXISTS statement may return a false positive, which can lead to unexpected results. Therefore, it is important to ensure that the SELECT statement is selective and only returns a few rows.

Vulnerability Critical Sensitive SYS owned functions should not be used

The rule "Sensitive SYS owned functions should not be used" in PL/SQL code means that functions owned by the SYS user should not be used in PL/SQL code. These functions are considered sensitive because they can have a significant impact on the system, and can be used to access sensitive information. Therefore, it is important to ensure that these functions are used only when absolutely necessary, and with the proper security measures in place.

Vulnerability Critical SHA-1 and Message-Digest hash algorithms should not be used in secure contexts

The rule "SHA-1 and Message-Digest hash algorithms should not be used in secure contexts" means that these algorithms should not be used when data security is a priority. SHA-1 and Message-Digest are both hashing algorithms, which are used to generate a unique value (or "hash") from a given set of data. These hashes can be used to verify the integrity of data, but they are not considered secure enough for use in secure contexts. As such, they should not be used when security is a priority.

Maintainability Critical SQL JOIN conditions should involve all joined tables

The SQL JOIN condition rule states that when using JOINs in SQL, all tables involved in the JOIN must be specified in the JOIN condition. This ensures that the JOIN is performed correctly and that the results of the query are accurate. This rule also helps to prevent any unexpected results from occurring due to incorrect JOINs. By specifying all tables involved in the JOIN, the query will be more efficient and the results will be more accurate.

Bug Critical String variables with no Size specification

When declaring string variables with no size specification, the maximum size of the string is determined by the database. The maximum size of the string will depend on the database's configuration and the data type of the string. The maximum size of the string can be determined by querying the database for the maximum length of the data type. For example, if the string is of type VARCHAR2, the maximum size of the string can be determined by querying the database for the maximum length of VARCHAR2.

Bug Critical SYNCHRONIZE should not be used

The SYNCHRONIZE rule states that the SYNCHRONIZE keyword should not be used in PL/SQL code. This keyword is used to ensure that all transactions are synchronized with the database, and can cause performance issues if used incorrectly. To avoid this, developers should use other methods to ensure that transactions are properly synchronized with the database. This could include using the COMMIT command, or using the DBMS_LOCK package.

Bug Critical Syntax Errors

A syntax error in PL/SQL code occurs when the code does not follow the rules of the PL/SQL language. This type of error can be caused by incorrect spelling, incorrect punctuation, incorrect capitalization, or incorrect use of reserved words. Syntax errors can prevent the code from being executed, and can cause the code to produce unexpected results. In order to avoid syntax errors, it is important to read and understand the PL/SQL language and to follow the rules of the language when writing code.

Bug Critical The number of variables in a FETCH statement should match the number of columns in the cursor

The rule states that the number of variables in a FETCH statement should match the number of columns in the cursor. This means that when a FETCH statement is used to retrieve data from a cursor, the number of variables used to store the data must be equal to the number of columns in the cursor. This ensures that all the data in the cursor is retrieved and stored in the correct variables. Failure to do so may result in data loss or incorrect data retrieval.

Bug Critical Uninitialized NOT NULL Variables

The Uninitialized NOT NULL Variables rule states that all NOT NULL variables must be initialized before use. This rule ensures that all variables are properly initialized and that the code does not attempt to use a variable that has not been initialized. This rule helps to prevent errors and unexpected behavior in the code. It also helps to ensure that the code is more readable and maintainable.

Bug Critical Unsupported Syntax Errors

Unsupported Syntax Errors are errors that occur when a PL/SQL code contains syntax that is not supported by the version of the PL/SQL compiler being used. These errors are usually caused by using a feature that is not available in the version of the compiler being used. Examples of unsupported syntax errors include using a feature that was introduced in a later version of the compiler, or using a feature that has been deprecated in the current version of the compiler.

Bug Critical Variables Declared multiple times in nested scope

When using PL/SQL code, it is important to remember that variables declared multiple times in nested scope will override the original declaration. This means that if a variable is declared in an outer scope and then again in a nested scope, the nested declaration will take precedence. This can lead to unexpected results if the programmer is not aware of the precedence rules. It is important to ensure that variables are only declared once in a given scope to avoid any potential issues.

Maintainability Critical Weak REF CURSOR types should not be used

The rule "Weak REF CURSOR types should not be used" states that weak REF CURSOR types should not be used in PL/SQL code. A weak REF CURSOR type is a type of cursor that is not strongly typed, meaning that it can return any type of data. This can lead to unexpected results and can make code more difficult to debug. It is therefore recommended to use strongly typed REF CURSOR types instead, which are more reliable and easier to debug.

Maintainability Critical WHEN OTHERS clauses should be used for exception handling

The WHEN OTHERS clauses should be used for exception handling in PL/SQL code. This clause is used to catch any exceptions that are not explicitly handled by the code. It is important to use this clause as it allows the code to handle unexpected errors and prevents the code from crashing. This clause should be used in conjunction with other exception handling techniques such as using the RAISE statement and using the EXCEPTION_INIT pragma. This clause should also be used to log any errors that occur during execution of the code.

Maintainability Critical WHEN OTHERS should not be the only exception handler

The rule "WHEN OTHERS should not be the only exception handler" states that when writing PL/SQL code, you should not rely solely on the WHEN OTHERS exception handler. Instead, you should create specific exception handlers for each exception that you anticipate. This will allow you to handle each exception in a specific way, rather than relying on a generic exception handler. This will also make your code more efficient, as it will not have to process each exception in the same way. By creating specific exception handlers, you can also provide more meaningful error messages to the user, which will help them to understand and fix the issue more quickly.