SqlServer
SqlServer Code Rules
Category | Severity | Name | Description |
---|---|---|---|
Maintainability | Major | @@IDENTITY should not be used |
The code rule "@@IDENTITY should not be used" states that the global variable @@IDENTITY should not be used in SQL Server code. This variable is often used to retrieve the last identity value generated in the current session, but it can be unreliable and lead to unexpected results. Instead, the SCOPE_IDENTITY() function should be used to retrieve the last identity value generated in the current scope. |
Maintainability | Critical | A primary key should be specified during table creation |
The rule that a primary key should be specified during table creation ensures that each record in a database table is uniquely identified. This is done by assigning a unique value, or combination of values, to each record. This makes it easier to locate and update individual records, as well as ensuring data integrity and preventing duplicate records. Specifying a primary key during table creation also helps to improve query performance by allowing the database engine to quickly identify and retrieve records. |
Bug | Major | All branches in a conditional structure should not have exactly the same implementation |
The rule "All branches in a conditional structure should not have exactly the same implementation" states that when a conditional structure is used in SQL Server code, the branches should not have identical implementations. This means that each branch should have a unique implementation that is tailored to the specific conditions of that branch. This helps to ensure that the code is efficient and that it produces the desired results. Additionally, this rule helps to prevent potential errors or unexpected behavior that could occur if the same implementation were used for all branches. |
Maintainability | Major | ANSI_NULLS, ANSI_PADDING and CONCAT_NULL_YIELDS_NULL should not be configured | The ANSI_NULLS, ANSI_PADDING and CONCAT_NULL_YIELDS_NULL code rules indicate that the SQL Server should not be configured to use these settings. ANSI_NULLS defines how to handle comparisons involving NULL values. When set to ON, two NULL values are considered equal. When set to OFF, two NULL values are considered unequal. ANSI_PADDING defines how to handle trailing spaces in character data. When set to ON, trailing spaces are retained. When set to OFF, trailing spaces are removed. CONCAT_NULL_YIELDS_NULL defines how to handle the concatenation of NULL values. When set to ON, the result of the concatenation is NULL. When set to OFF, the result of the concatenation is an empty string. For optimal performance, it is recommended that these settings not be configured as they can lead to unexpected results and can affect the performance of the SQL Server. |
Maintainability | Minor | Boolean checks should not be inverted |
The rule "Boolean checks should not be inverted" means that when writing code for SQL Server, boolean checks should not be written in a way that inverts the logic of the check. For example, a check for a value less than 10 should not be written as "value greater than or equal to 10". This is because inverting the logic of the check can cause confusion and make the code harder to read and understand. Additionally, it can lead to errors in the code and can be difficult to debug. Therefore, it is best practice to write boolean checks in the most straightforward way. |
Maintainability | Critical | CASE expressions should end with ELSE clauses |
The "CASE expressions should end with ELSE clauses" rule states that all CASE expressions used in SQL Server code should include an ELSE clause. This ensures that all possible values are accounted for, and helps to prevent unexpected results. The ELSE clause should include an appropriate action, such as setting a value to NULL, or returning a default value. This helps to ensure that all possible cases are handled in a consistent manner, and that no unexpected results occur. |
Maintainability | Major | CASE expressions should not have too many WHEN clauses |
The "CASE expressions should not have too many WHEN clauses" rule states that when using CASE expressions in SQL Server, the number of WHEN clauses should be limited to improve readability and maintainability of the code. Having too many WHEN clauses can make the code difficult to read and understand, and can also lead to potential performance issues. This rule encourages developers to use simpler alternatives such as IF/ELSE or WHILE loops when multiple WHEN clauses are needed. Additionally, it is recommended to use meaningful names for each WHEN clause to make the code easier to read and maintain. |
Bug | Critical | CASE input expressions should be invariant |
The CASE input expressions should be invariant rule states that when using the CASE statement in SQL Server, the input expressions should remain the same throughout the statement. This means that any variables used in the input expressions should not be changed or modified, as this could lead to unexpected results. This rule is important to ensure that the CASE statement produces the expected output. |
Maintainability | Minor | CATCH clauses should do more than rethrow |
This code rule states that any CATCH clauses used in a SQL Server script should not simply rethrow the exception, but should also do something else, such as logging the error, or performing some other action. This helps to ensure that exceptions are handled properly, and that errors are not simply ignored. |
Maintainability | Major | COALESCE, IIF, and CASE input expressions should not contain subqueries |
This rule states that when using the COALESCE, IIF, and CASE functions in SQL Server, the input expressions should not contain subqueries. Subqueries should not be used because they can cause performance issues, as well as make the code more difficult to read and maintain. Instead, use a simple expression or variable. |
Maintainability | Minor | Code elements must not be unused |
The "Code elements must not be unused" rule states that all code elements must be used in a SQL Server database. This includes all variables, functions, stored procedures, views, and other objects. Unused code elements can lead to errors and unexpected behavior, and can also make it difficult to troubleshoot issues. This rule ensures that all code elements are used in a meaningful way and that all objects are properly maintained. It also helps to ensure that the code is efficient and well-structured. |
Maintainability | Major | Collapsible if statements should be merged |
The "Collapsible if statements should be merged" code rule states that when multiple if statements are logically connected, they should be merged into a single if statement to improve readability and maintainability of the code. This helps to reduce the complexity of the code and make it easier to understand what the code is doing. Additionally, merging the if statements can help to reduce the number of lines of code, making it easier to debug and maintain. |
Maintainability | Major | Column names should be used in an ORDER BY clause |
This rule states that when using the ORDER BY clause in SQL Server, column names should be used instead of column numbers. This ensures that the ordering of the results is based on the columns that are specified, and not on the order of the columns in the table. For example, if you wanted to order a table by the columns "FirstName" and "LastName", you should use the following code: ORDER BY FirstName, LastName Instead of using the column numbers, which may change in the future, this rule ensures that the ordering of the results is always based on the specified columns. |
Maintainability | Minor | Column references should not have more than two-parts |
The "Column references should not have more than two-parts" rule states that when referencing columns in a SQL Server query, the column name should not contain more than two parts. This means that a column name should not contain any dot notation or any other type of delimiter which would create multiple parts. For example, a column name such as "dbo.users.name" would not be allowed, while "users.name" would be allowed. This rule is in place to ensure that queries are as simple and efficient as possible. Having multiple parts in a column reference can lead to confusion and can make it difficult to read and understand the query. It can also lead to errors if the wrong column is referenced. |
Maintainability | Major | Columns to be read with a SELECT statement should be clearly defined |
This SQL Server code rule states that when using a SELECT statement, the columns that are to be read should be explicitly defined. This helps to ensure that only the data that is required is read, and that the query is more efficient. Additionally, it ensures that the query is more readable, as the columns that are being read are clearly defined. |
Maintainability | Critical | Conditionally executed code should be denoted by either indentation or BEGIN...END block |
The rule "Conditionally executed code should be denoted by either indentation or BEGIN...END block" is used to ensure that code is properly organized and easily readable. This rule states that any code that is conditionally executed should be denoted either by indentation or by using a BEGIN...END block. Indentation helps make code easier to read and understand, while BEGIN...END blocks clearly denote the start and end of a conditionally executed block of code. This rule helps ensure that code is properly structured and organized, making it easier to maintain and debug. |
Maintainability | Critical | Conditionals should start on new lines |
This rule states that when writing a conditional statement in SQL Server, the condition should start on a new line. This helps to improve readability and make it easier to spot errors. For example, instead of writing: IF (condition) THEN It should be written as: IF |
Maintainability | Critical | Control flow statements IF, WHILE and TRY should not be nested too deeply |
This code rule states that control flow statements such as IF, WHILE and TRY should not be nested too deeply. This means that when writing code, it is important to keep the number of nested control flow statements to a minimum. Too many nested control flow statements can make code difficult to read and debug, and can lead to performance issues. It is therefore important to keep the number of nested control flow statements to a reasonable level. |
Maintainability | Critical | Control structures should use BEGIN...END blocks |
The "Control structures should use BEGIN...END blocks" rule for SQL Server requires that all control structures (e.g. IF, WHILE, etc.) should be enclosed in BEGIN and END statements. This helps to ensure that all statements within the control structure are executed as a single unit, which is important for ensuring the integrity of the data. It also makes the code easier to read and debug, as the start and end of each control structure is clearly marked. This rule is enforced by the SQL Server query optimizer, and any violation of this rule will result in an error. |
Bug | Critical | DELETE and UPDATE statements should contain WHERE clauses |
The DELETE and UPDATE statements should contain WHERE clauses in order to limit the scope of the changes to only the rows that meet the specified criteria. This is important to ensure that the changes are only applied to the intended rows and that no unintended changes are made. Without a WHERE clause, the entire table or set of records will be affected, which could have serious consequences. Therefore, it is important to always include a WHERE clause when using DELETE and UPDATE statements in order to limit the scope of the changes. |
Maintainability | Major | Deprecated features should not be used |
The SqlServer code rule "Deprecated features should not be used" states that any deprecated features of the SqlServer platform should not be used in code. Deprecated features are features that have been superseded by newer versions or features, and are no longer supported by the platform. Using deprecated features can lead to security vulnerabilities, performance issues, and compatibility problems, so it is important to avoid using them in code. It is also important to ensure that any code written is up to date with the latest version of SqlServer, as new features may be available that can improve the code's performance or security. |
Maintainability | Major | Deprecated system tables and views should not be used |
The rule "Deprecated system tables and views should not be used" states that any system tables or views that have been marked as deprecated, or are no longer supported, should not be used by developers when writing SQL Server code. This rule is important because deprecated system tables and views can contain outdated or inaccurate data, and using them in code can lead to unexpected results or errors. Additionally, using deprecated system tables and views can also cause performance issues if the code is not optimized properly. |
Maintainability | Major | Duplicate values should not be passed as arguments |
The "Duplicate values should not be passed as arguments" SQL Server code rule states that when passing arguments to a stored procedure or function, any duplicate values should not be included. This is to avoid any potential issues with the code, such as an unexpected result or an error. By not including duplicate values, the code will be more reliable and efficient. In some cases, it may also be necessary to check the data type of the argument to ensure that they are compatible with the data type of the parameter. This code rule helps to ensure that the code is robust and reliable. |
SecurityWarning | Critical | Dynamically executing code is security-sensitive |
The "Dynamically executing code is security-sensitive" rule for SQL Server code states that dynamically executing code can be a security risk due to the possibility of malicious code being injected into the system. It is recommended that code be validated and tested before being executed to ensure that it is safe and secure. Additionally, developers should be aware of the potential security risks associated with dynamic execution and take steps to minimize them. This includes using stored procedures, parameterized queries, and input validation to prevent malicious code from being injected into the system. |
Maintainability | Minor | Empty statements should be removed |
The Empty Statements should be removed code rule in SQL Server states that any empty statements in a SQL script should be removed. Empty statements are those that do not contain any content and are not required for the code to execute. Examples of empty statements include blank lines, comments, and empty IF, WHILE, and BEGIN/END blocks. Removing empty statements can help reduce the complexity of the code and make it easier to read and understand. Additionally, it can help reduce the number of errors that may occur during execution. |
Maintainability | Critical | Expressions should not be too complex |
The "Expressions should not be too complex" rule is a best practice for writing SQL Server code. It suggests that developers should avoid writing complex expressions that are hard to read and understand. Such expressions can lead to unexpected results and can cause performance issues. This rule encourages developers to break down complex expressions into simpler parts to make them easier to read and understand. Additionally, it encourages developers to use simpler expressions that are more efficient and easier to debug. Following this rule can help ensure that the code is readable and maintainable, and that it performs well. |
Maintainability | Major | Files should not have too many lines of code |
This rule states that files should not contain an excessive amount of code. This is to ensure that files are easier to read and understand. It is also important to keep code organized and manageable. Too much code can lead to confusion and difficulty in debugging and maintaining the code. This rule helps to keep code organized and maintainable. It is important to keep the code as concise as possible and to split up large files into smaller, more manageable chunks. This will ensure that the code is easier to read and understand. |
Maintainability | Major | Function and procedure names should comply with a naming convention |
The "Function and Procedure Names Should Comply with a Naming Convention" rule states that all functions and procedures within a SQL Server database should be named according to a predetermined naming convention. This naming convention should be consistent across all databases and should be used to make it easier for developers and administrators to identify the purpose of a particular function or procedure. This naming convention should also be documented and used to ensure that all functions and procedures are consistently named. |
Maintainability | Major | Functions and procedures should not have too many parameters |
The code rule "Functions and procedures should not have too many parameters" states that functions and procedures should be kept as simple as possible, with a limited number of parameters. Having too many parameters can make the code difficult to read, understand, and maintain. It can also lead to increased complexity and a greater chance of errors. When designing functions and procedures, it is important to keep the number of parameters to a minimum, and to use descriptive names for each parameter. This will make the code easier to read and maintain, and will reduce the chances of errors. |
Maintainability | Major | Functions and stored procedure should not have too many lines of code |
The SQL Server code rule "Functions and stored procedures should not have too many lines of code" is a best practice for developers to follow when creating functions and stored procedures. This rule is designed to help maintain code readability and reduce the complexity of the code. It is important to keep the code concise and easy to understand, as too many lines of code can lead to confusion and difficulty in debugging. Additionally, too much code can lead to an increase in the amount of time it takes to execute the code. By following this rule, developers can ensure their code is efficient and maintainable. |
Maintainability | Major | GOTO statements should not be used |
The GOTO statements should not be used rule states that GOTO statements should not be used when writing SQL Server code. GOTO statements are a type of unconditional jump which can make code difficult to read and maintain. They should be avoided in favor of more structured programming techniques, such as using IF-ELSE statements. Using GOTO statements can also lead to unintended results, as the code may not execute as intended. This rule encourages developers to use more structured programming techniques to ensure that code is more readable and maintainable. |
Bug | Major | Identical expressions should not be used on both sides of a binary operator |
This rule states that when using a binary operator (such as an equals sign or a less than sign) the same expression should not be used on both sides of the operator. For example, in the following statement: x = x The expression "x" is used on both sides of the equals sign, which is not allowed according to this rule. Instead, the statement should be written as: x = 5 or some other expression that is not the same on both sides of the equals sign. |
Maintainability | Critical | IF ... ELSEIF constructs should end with ELSE clauses |
The "IF ... ELSEIF constructs should end with ELSE clauses" rule states that when writing IF ... ELSEIF code in SQL Server, the last condition should always be an ELSE clause. This ensures that all possible conditions are accounted for, and helps to prevent unexpected results. The ELSE clause should be added even if no action is required, as this will make the code more readable and easier to maintain. |
Maintainability | Critical | INSERT statements should explicitly list the columns to be set |
The "INSERT statements should explicitly list the columns to be set" rule states that when inserting data into a table, the columns that are being set should be explicitly listed in the INSERT statement. This ensures that the data is being inserted into the correct columns, and that no data is being inserted into columns that are not intended to be set. This rule also helps to prevent any potential errors that may occur if the wrong data is inserted into the wrong column. |
Bug | Major | Jump statements should not be followed by dead code |
The "Jump statements should not be followed by dead code" rule states that any statement that causes the execution to jump to another part of the code, such as a loop or an IF statement, should not be followed by any code that will not be executed. This is because such code is unnecessary and can lead to confusion and errors when debugging or maintaining the code. This rule helps ensure that the code is clean and efficient, and that any code that is written is actually being used. |
Maintainability | Minor | Jump statements should not be redundant |
The "Jump statements should not be redundant" rule states that SQL Server code should not contain redundant jump statements. Jump statements are commands that cause an immediate exit from a loop or block of code. Examples of jump statements include "BREAK", "GOTO", and "RETURN". Redundant jump statements are those that are unnecessary, as they do not add any value to the code and can lead to confusion. The use of redundant jump statements should be avoided in SQL Server code, as they can lead to unexpected behavior and can make the code difficult to understand. |
Maintainability | Minor | LIKE clauses should not be used without wildcards |
The "LIKE clauses should not be used without wildcards" code rule for SQL Server dictates that any LIKE clause used within a query should include a wildcard character. Wildcards are special characters used to represent one or more characters in a string. The two most common wildcard characters are the percent sign (%) and the underscore (_). For example, a LIKE clause used to search for all customers whose last name starts with "Mc" would be written as "LIKE 'Mc%'". Without the wildcard character, the query would only return results for customers whose last name is exactly "Mc". |
Maintainability | Major | LIKE clauses should not start with wildcard characters |
The rule "LIKE clauses should not start with wildcard characters" means that when using the LIKE clause in SQL Server, wildcard characters such as % and _ should not be used as the first character in the clause. This is because wildcards are used to match any character or string of characters, so starting with one will cause the query to return too many results. This can cause performance issues and make it difficult to interpret the results. |
Maintainability | Minor | Lines should not be too long |
The "Lines should not be too long" code rule for SQL Server states that lines of code should not exceed 80 characters in length. This is to ensure that the code is easier to read and understand. Longer lines can make it difficult to read and understand the code, and can also make it difficult to debug or modify the code. By limiting the length of lines, code is more manageable and easier to work with. |
Maintainability | Minor | Local variable and parameter names should comply with a naming convention |
The "Local variable and parameter names should comply with a naming convention" code rule states that all local variables and parameters used in a SQL Server database should be named in accordance with a specific naming convention. This helps to ensure better readability and maintainability of the code. For instance, a naming convention might require that all local variables start with a lowercase letter, and all parameters start with an uppercase letter. Additionally, the naming convention might also include rules for how to name objects, such as tables, stored procedures, etc. By following a naming convention, it becomes easier for developers to quickly identify the purpose of a variable or parameter. |
Bug | Major | Loops with at most one iteration should be refactored |
The "Loops with at most one iteration should be refactored" code rule for SQL Server suggests that any loop that has a single iteration should be refactored into a simpler code structure. This is because, in most cases, a loop with a single iteration can be replaced with a simpler code structure that can be more easily understood and maintained. By refactoring the code, it can improve the readability and maintainability of the code and reduce the risk of errors. Additionally, it can improve the performance of the code by reducing the amount of unnecessary looping operations. |
Maintainability | Minor | Methods must not be empty |
The SQL Server code rule "Methods must not be empty" requires that all methods in a SQL Server program must contain code and not be left empty. This rule is in place to ensure that all methods are properly defined and implemented, and that they are not left empty or incomplete. This rule also helps to ensure that all methods are properly tested and debugged, as an empty method would not be able to be tested or debugged. This rule is important for maintaining code quality and ensuring that all methods are properly implemented. |
Maintainability | Major | Multiline blocks should be enclosed in BEGIN...END blocks |
The Multiline blocks should be enclosed in BEGIN...END blocks rule states that any SQL Server code containing multiple lines of code should be enclosed with a BEGIN...END block. This is to ensure that all lines of code are executed together as a single unit and that any errors that occur are handled in the same way. It also helps to make code easier to read and debug. |
Maintainability | Minor | Multiple variables should not be declared on the same line | The code rule "Multiple variables should not be declared on the same line" states that when declaring multiple variables in a SQL Server script, each variable should be declared on a separate line. This helps to improve readability and maintainability of the code, and can also help to detect errors, such as typos, more easily. Additionally, when debugging code, it can be easier to identify which line a specific variable is declared on. |
Maintainability | Minor | Naming conventions must be applied |
The "Naming conventions must be applied" code rule for SQL Server requires that all database objects, such as tables and columns, must be named according to a specific set of conventions. These conventions are designed to improve the readability of the code and to make it easier to identify the purpose of each object. The conventions may include the use of upper and lower case letters, underscores, and other formatting rules. Following these conventions will help ensure that the code is easier to read and maintain. |
Maintainability | Critical | NOCOUNT should be activated on PROCEDURE and TRIGGER definitions |
The "NOCOUNT should be activated on PROCEDURE and TRIGGER definitions" rule states that the NOCOUNT option should be enabled for all stored procedures and triggers. This option prevents the query processor from returning the number of rows affected by each statement in a batch or stored procedure. This can help improve performance by reducing the amount of data sent over the network. It is recommended to enable this option for all stored procedures and triggers to ensure optimal performance. |
Maintainability | Minor | Non-standard comparison operators should not be used |
The rule "Non-standard comparison operators should not be used" states that any comparison operators other than the standard ones provided by SQL Server should not be used. This includes operators such as <, >, =, !=, <>, etc. These operators should only be used for comparing values in the same type, and not for comparing values between different types. This rule is important for ensuring that queries are properly formed and that data is accurately compared. |
Bug | Major | NULL should not be compared directly |
The SQL Server code rule "NULL should not be compared directly" means that when comparing two values, an explicit comparison operator should be used instead of just comparing the values directly. This is because a direct comparison of two NULL values will always return true, which may not be the desired result. Instead, an explicit comparison operator should be used to ensure the comparison is done correctly. For example, instead of writing "IF x = NULL", the code should be written as "IF x IS NULL". |
Bug | Critical | Nullable subqueries should not be used in NOT IN conditions |
This rule states that subqueries that produce NULL values should not be used in NOT IN conditions. This is because when a subquery produces a NULL value, it is not considered an element of the set that is being compared, and thus the comparison will always return false. This can lead to unexpected results, and should be avoided. To ensure that the comparison works as expected, use a NOT EXISTS condition instead. |
Maintainability | Minor | Objects should not be duplicated (same name and same type) |
The rule "Objects should not be duplicated (same name and same type)" states that within a SQL Server database, objects should not have the same name and type. This means that if an object of a certain type (e.g. table) with a certain name already exists, then an additional object of the same type and name should not be created. This is important to ensure that the database is organized and efficient, and that objects are not unnecessarily duplicated. |
Bug | Major | Output parameters should be assigned |
The "Output parameters should be assigned" rule states that any output parameters declared in a SQL Server stored procedure should be assigned a value before the procedure is executed. This ensures that the output parameters are not left unassigned, which can lead to unexpected behavior and errors. Additionally, this rule helps to make the code more readable and maintainable by making it clear which output parameters are being used and what values they should be assigned. |
Maintainability | Major | Queries should not join too many tables |
The "Queries should not join too many tables" code rule states that when writing SQL queries, it is important to limit the number of tables that are joined in the query. Joining too many tables can lead to complex queries that are difficult to read, debug, and maintain. Additionally, joining too many tables can lead to decreased performance, as the query optimizer must process more data to return the desired result set. Therefore, it is recommended to limit the number of tables joined in a query to improve readability and performance. |
Bug | Major | Queries that use TOP should have an ORDER BY |
The SQL Server code rule "Queries that use TOP should have an ORDER BY" requires that when using the TOP clause in a query, an ORDER BY clause must also be included. This ensures that the results of the query are in a predictable order. Without an ORDER BY clause, the order of the results is not guaranteed. This rule is in place to ensure that the results of the query are consistent and predictable. |
Maintainability | Major | Redundant pairs of parentheses should be removed |
The "Redundant pairs of parentheses should be removed" SQL Server code rule aims to reduce unnecessary complexity in code and improve readability by removing redundant parentheses. This rule applies to all SQL Server code, including SELECT, INSERT, UPDATE, and DELETE statements. Redundant parentheses are those that are not required to determine the order of operations in the code. Removing these parentheses can help make the code easier to read and understand, as well as reducing the amount of code needed to accomplish a given task. Additionally, removing redundant parentheses can help improve the performance of the code by reducing the amount of time needed to parse the code. |
Bug | Major | Related IF/ELSE IF statements and WHEN clauses in a CASE should not have the same condition |
The "Related IF/ELSE IF statements and WHEN clauses in a CASE should not have the same condition" SQL Server code rule states that when using IF/ELSE IF statements and WHEN clauses in a CASE statement, the conditions should be different. This ensures that the correct logic is being used and that the code is not redundant. If the same condition is used for multiple IF/ELSE IF statements or WHEN clauses, then the code will not be as efficient as it could be and could lead to unexpected results. It is important to ensure that the conditions are different for each IF/ELSE IF statement and WHEN clause in order to ensure that the code is efficient and that the results are as expected. |
Maintainability | Minor | Reserved keywords should not be used as identifiers or object names |
The rule "Reserved keywords should not be used as identifiers or object names" in SQL Server means that any words that are part of the SQL Server language should not be used as identifiers or object names. This includes words like SELECT, INSERT, UPDATE, DELETE, WHERE, and ORDER BY. Using these words as identifiers or object names can cause confusion and lead to errors. It is best to use more descriptive names for identifiers and object names to avoid any potential confusion or errors. |
Maintainability | Minor | Scripts must be commented |
The "Scripts must be commented" rule for SQL Server code states that all scripts must include comments that explain the purpose of the code and the actions it is taking. This is important for the readability of the code, as well as for maintenance and debugging. It is also important for ensuring that the code is understandable by other developers who may need to work with it in the future. The comments should be clear and concise, and should include any assumptions that have been made when writing the script, as well as any potential pitfalls that may be encountered. By following this rule, developers can ensure that their code is well documented and easily understandable by others. |
Maintainability | Minor | Scripts must not exceed a certain size |
This SQL Server code rule states that scripts should not exceed a certain size. This is to ensure that scripts are manageable and maintainable. It also helps to reduce the risk of errors and improve performance. Scripts that are too large can be difficult to debug and can cause performance issues. By limiting the size of scripts, developers can ensure that scripts are manageable and maintainable. This rule should be enforced to ensure that scripts are well-structured and optimized for performance. |
Maintainability | Critical | SELECT statements used as argument of EXISTS statements should be selective |
The SELECT statements used as argument of EXISTS statements should be selective rule states that when using SELECT statements as part of an EXISTS statement, the SELECT statement should be designed to return a small number of results. This means that the SELECT statement should include a WHERE clause with conditions that will limit the number of rows that are returned from the query. This will help ensure that the EXISTS statement runs quickly and efficiently. |
Vulnerability | Critical | SHA-1 and Message-Digest hash algorithms should not be used in secure contexts |
This rule states that the SHA-1 and Message-Digest hash algorithms should not be used in secure contexts, as they are no longer considered secure and have been replaced by more secure algorithms. These algorithms can still be used for non-secure purposes, such as verifying file integrity or generating checksums, but should not be used for authentication or other secure operations. It is important to ensure that any applications or systems that use these algorithms are updated to use a more secure algorithm. |
Maintainability | Critical | Size should be specified for varchar variables and parameters |
The "Size should be specified for varchar variables and parameters" rule for SQL Server code states that when declaring variables and parameters of the varchar data type, the size of the variable or parameter should be specified. This helps ensure that the data stored in the variable or parameter is of the correct size and that it does not exceed the maximum size of the data type. Without specifying a size, the data stored in the variable or parameter could be truncated or cause an error when it exceeds the maximum size of the data type. |
Maintainability | Major | Statements should be on separate lines |
The "Statements should be on separate lines" code rule for SQL Server means that each individual statement should be written on its own line. This helps to improve readability and maintainability of code. It also helps to ensure that any changes to the code are easier to identify and modify, as each statement is clearly separated from the other statements. This rule helps to ensure that SQL code is easier to read and understand, and can help to reduce the chances of errors or typos occurring. |
Maintainability | Minor | String literals should not be duplicated |
The "String literals should not be duplicated" code rule for SQL Server ensures that string literals are not used multiple times in a query or stored procedure. This rule helps to reduce code complexity, as well as improve readability and maintainability of the code. It also helps to minimize the amount of code that needs to be written, as well as reduce the chances of errors being introduced as a result of duplicate strings. For example, if a query contains the same string literal multiple times, it can be replaced with a single reference. This can help to improve the performance of the query, as well as reduce the amount of code that needs to be written and maintained. |
Bug | Critical | Syntax Errors |
The SQL Server Code Rule "Syntax Errors" checks for syntax errors in Transact-SQL code. It ensures that the code is syntactically correct and that it can be parsed and compiled without any errors. This rule helps identify any syntax errors that may exist in the code and provides suggestions on how to fix them. It also flags any code that may be syntactically correct but may not produce the expected results. This rule is useful for ensuring that the code runs as expected and does not cause any unexpected errors. |
Maintainability | Minor | Tabulation characters should not be used |
The "Tabulation characters should not be used" rule in SQL Server states that tab characters should not be used to define or separate elements in a query, such as keywords, identifiers, literals, or operators. Instead, spaces should be used as the separator. This is to ensure that the query is readable and consistent across different platforms. |
Bug | Critical | The number of variables in a FETCH statement should match the number of columns in the cursor |
The FETCH statement in SQL Server should have the same number of variables as the number of columns in the cursor. This ensures that the correct data is retrieved from the database. If the number of variables does not match the number of columns, then the query will fail. This rule helps to ensure that the data being retrieved is accurate and complete. |
Maintainability | Major | Track lack of SQL Server session configuration | The Track lack of SQL Server session configuration code rule checks whether SQL Server session settings are configured correctly. It will detect any lack of configuration that could lead to degraded performance or security issues. This code rule is part of the Microsoft Security Code Analysis extension and is used to identify any configuration settings that are not properly set. The rule checks for the following session settings: - Max Degree of Parallelism - Cost Threshold for Parallelism - Remote Query Timeout - Lock Timeout - Deadlock Priority - Query Wait - Security Settings The rule will detect any lack of configuration that could lead to degraded performance or security issues. It is important to ensure that these settings are properly configured to ensure optimal performance and security. |
Maintainability | Major | Track uses of FIXME tags | The Track uses of FIXME tags code rule tracks the use of FIXME tags in SQL Server code. FIXME tags are used to indicate that certain portions of code need to be addressed or fixed. The rule scans the code for any occurrences of the tag and reports them as potential problems. This rule helps developers to identify areas of code that need to be addressed before deployment. |
Maintainability | Information | Track uses of TODO tags | The "Track uses of TODO tags" rule in SQL Server code checks for the presence of TODO tags in the code. This rule is used to identify sections of code that require additional work or need to be revisited in the future. The rule will flag any code that contains the words "TODO" or "FIXME" so that developers can easily identify sections of code that need additional attention. This rule can help ensure that code is written in a maintainable way and that any incomplete or potentially problematic code is addressed in a timely manner. |
Maintainability | Minor | Triggers should not PRINT, SELECT, or FETCH |
The "Triggers should not PRINT, SELECT, or FETCH" rule states that triggers should not use the PRINT, SELECT, or FETCH commands when executing code. These commands are used to display data from a database, and should not be used in triggers because they can cause unexpected results. Instead, triggers should use the INSERT, UPDATE, and DELETE commands to modify data in a database. This rule ensures that triggers are used properly and do not cause unexpected results. |
Maintainability | Major | Two branches in a conditional structure should not have exactly the same implementation |
The "Two branches in a conditional structure should not have exactly the same implementation" rule for SQL Server code states that when a conditional structure is used, such as an "IF/ELSE" statement, the two branches must have different implementations. This rule is important for ensuring that the code is optimized and that redundant code is avoided. The two branches should be distinct and have different implementations to ensure that the code is efficient and maintainable. |
Bug | Major | Unary prefix operators should not be repeated |
The rule "Unary prefix operators should not be repeated" states that unary prefix operators should not be used more than once in a statement. Unary prefix operators are operators that operate on one value, such as the minus sign (-) or the plus sign (+). Repeating these operators can lead to confusion and errors in the code, and should be avoided. |
Maintainability | Minor | Unused local variables should be removed |
The "Unused Local Variables Should Be Removed" code rule for SQL Server requires that any unused local variables be removed from the code. Unused local variables are variables that are declared but not used in the code. This rule is designed to help keep code clean and efficient by removing unnecessary variables that are declared but not used. Removing unused variables can help improve the readability of the code and reduce the amount of memory and processor resources used by the code. This rule can be enforced by a code analysis tool or manually by a developer. |
Maintainability | Major | Unused procedure and function parameters should be removed |
This rule states that any procedure or function parameters that are not used within the code should be removed. This helps to reduce unnecessary clutter and complexity in the code, while also making it easier to read and understand. Additionally, it can help to ensure that the code is performing optimally by eliminating any unused parameters that may be slowing down the execution time. Removing unused parameters can also help to reduce the risk of potential security vulnerabilities, as any potential attackers would have fewer parameters to exploit. |
SecurityWarning | Minor | Using hardcoded IP addresses is security-sensitive |
Using hardcoded IP addresses in SQL Server code is considered to be security-sensitive because it can easily be exploited by malicious actors. This is because hardcoded IP addresses are static and can be easily identified by hackers, which makes them vulnerable to attack. Additionally, hardcoded IP addresses can be used to bypass authentication and authorization checks, allowing malicious actors to access sensitive data or gain unauthorized access to a system. To prevent this, developers should avoid using hardcoded IP addresses in their code and instead use dynamic IP addresses that change regularly. Additionally, developers should always use secure protocols and encryption when communicating with external systems. |
Bug | Major | Variables should not be self-assigned |
The rule "Variables should not be self-assigned" states that variables should not be assigned a value that is equal to its own existing value. This rule is important when writing SQL Server code, as assigning a variable to itself can lead to unexpected results. Self-assigning variables can also lead to poor performance, as the server will need to evaluate and assign the same value multiple times. In order to ensure optimal performance and accuracy, variables should only be assigned values that differ from their existing value. |
Maintainability | Major | WHEN clauses should not have too many lines of code | The WHEN clauses should not have too many lines of code rule is a best practice for SQL Server code. This rule states that when writing a SQL Server query, each WHEN clause should contain no more than a few lines of code. This will help to improve readability and reduce complexity, while also making it easier to debug and maintain the query. Additionally, having too many lines of code in a WHEN clause can lead to performance issues. |
Bug | Major | WHERE clause conditions should not be contradictory |
This SQL Server code rule states that conditions in the WHERE clause of a query should not be contradictory. This means that the conditions should not be mutually exclusive or logically impossible. Contradictory conditions can lead to incorrect results and should be avoided. For example, if a query contains the following WHERE clause: WHERE age > 18 AND age < 18 This would be considered a contradictory condition as it is logically impossible for a person to be both older than 18 and younger than 18 at the same time. Therefore, this condition should be avoided. |
Bug | Major | WHERE clauses should not contain redundant conditions |
The "WHERE clauses should not contain redundant conditions" code rule states that WHERE clauses should not contain conditions that are unnecessary or redundant. This means that the WHERE clause should only contain conditions that are necessary for the query to return the desired results. Redundant conditions can lead to inefficient query execution as the engine will need to process them unnecessarily. Furthermore, redundant conditions can lead to incorrect query results if the conditions are not logically equivalent. It is therefore important to ensure that the WHERE clause contains only the necessary conditions. |