Critical

Code Rules in Critical Severity

Category Severity Name Description
Maintainability Critical A primary key should be specified during table creation

The rule that a primary key should be specified during table creation ensures that each record in a database table is uniquely identified. This is done by assigning a unique value, or combination of values, to each record. This makes it easier to locate and update individual records, as well as ensuring data integrity and preventing duplicate records. Specifying a primary key during table creation also helps to improve query performance by allowing the database engine to quickly identify and retrieve records.

Maintainability Critical CASE expressions should end with ELSE clauses

The "CASE expressions should end with ELSE clauses" rule states that all CASE expressions used in SQL Server code should include an ELSE clause. This ensures that all possible values are accounted for, and helps to prevent unexpected results. The ELSE clause should include an appropriate action, such as setting a value to NULL, or returning a default value. This helps to ensure that all possible cases are handled in a consistent manner, and that no unexpected results occur.

Bug Critical CASE input expressions should be invariant

The CASE input expressions should be invariant rule states that when using the CASE statement in SQL Server, the input expressions should remain the same throughout the statement. This means that any variables used in the input expressions should not be changed or modified, as this could lead to unexpected results. This rule is important to ensure that the CASE statement produces the expected output.

Maintainability Critical Conditionally executed code should be denoted by either indentation or BEGIN...END block

The rule "Conditionally executed code should be denoted by either indentation or BEGIN...END block" is used to ensure that code is properly organized and easily readable. This rule states that any code that is conditionally executed should be denoted either by indentation or by using a BEGIN...END block. Indentation helps make code easier to read and understand, while BEGIN...END blocks clearly denote the start and end of a conditionally executed block of code. This rule helps ensure that code is properly structured and organized, making it easier to maintain and debug.

Maintainability Critical Conditionals should start on new lines

This rule states that when writing a conditional statement in SQL Server, the condition should start on a new line. This helps to improve readability and make it easier to spot errors. For example, instead of writing:

IF (condition) THEN

It should be written as:

IF
(condition)
THEN

Maintainability Critical Control flow statements IF, WHILE and TRY should not be nested too deeply

This code rule states that control flow statements such as IF, WHILE and TRY should not be nested too deeply. This means that when writing code, it is important to keep the number of nested control flow statements to a minimum. Too many nested control flow statements can make code difficult to read and debug, and can lead to performance issues. It is therefore important to keep the number of nested control flow statements to a reasonable level.

Maintainability Critical Control structures should use BEGIN...END blocks

The "Control structures should use BEGIN...END blocks" rule for SQL Server requires that all control structures (e.g. IF, WHILE, etc.) should be enclosed in BEGIN and END statements. This helps to ensure that all statements within the control structure are executed as a single unit, which is important for ensuring the integrity of the data. It also makes the code easier to read and debug, as the start and end of each control structure is clearly marked. This rule is enforced by the SQL Server query optimizer, and any violation of this rule will result in an error.

Bug Critical DELETE and UPDATE statements should contain WHERE clauses

The DELETE and UPDATE statements should contain WHERE clauses in order to limit the scope of the changes to only the rows that meet the specified criteria. This is important to ensure that the changes are only applied to the intended rows and that no unintended changes are made. Without a WHERE clause, the entire table or set of records will be affected, which could have serious consequences. Therefore, it is important to always include a WHERE clause when using DELETE and UPDATE statements in order to limit the scope of the changes.

SecurityWarning Critical Dynamically executing code is security-sensitive

The "Dynamically executing code is security-sensitive" rule for SQL Server code states that dynamically executing code can be a security risk due to the possibility of malicious code being injected into the system. It is recommended that code be validated and tested before being executed to ensure that it is safe and secure. Additionally, developers should be aware of the potential security risks associated with dynamic execution and take steps to minimize them. This includes using stored procedures, parameterized queries, and input validation to prevent malicious code from being injected into the system.

Maintainability Critical Expressions should not be too complex

The "Expressions should not be too complex" rule is a best practice for writing SQL Server code. It suggests that developers should avoid writing complex expressions that are hard to read and understand. Such expressions can lead to unexpected results and can cause performance issues. This rule encourages developers to break down complex expressions into simpler parts to make them easier to read and understand. Additionally, it encourages developers to use simpler expressions that are more efficient and easier to debug. Following this rule can help ensure that the code is readable and maintainable, and that it performs well.

Maintainability Critical IF ... ELSEIF constructs should end with ELSE clauses

The "IF ... ELSEIF constructs should end with ELSE clauses" rule states that when writing IF ... ELSEIF code in SQL Server, the last condition should always be an ELSE clause. This ensures that all possible conditions are accounted for, and helps to prevent unexpected results. The ELSE clause should be added even if no action is required, as this will make the code more readable and easier to maintain.

Maintainability Critical INSERT statements should explicitly list the columns to be set

The "INSERT statements should explicitly list the columns to be set" rule states that when inserting data into a table, the columns that are being set should be explicitly listed in the INSERT statement. This ensures that the data is being inserted into the correct columns, and that no data is being inserted into columns that are not intended to be set. This rule also helps to prevent any potential errors that may occur if the wrong data is inserted into the wrong column.

Maintainability Critical NOCOUNT should be activated on PROCEDURE and TRIGGER definitions

The "NOCOUNT should be activated on PROCEDURE and TRIGGER definitions" rule states that the NOCOUNT option should be enabled for all stored procedures and triggers. This option prevents the query processor from returning the number of rows affected by each statement in a batch or stored procedure. This can help improve performance by reducing the amount of data sent over the network. It is recommended to enable this option for all stored procedures and triggers to ensure optimal performance.

Bug Critical Nullable subqueries should not be used in NOT IN conditions

This rule states that subqueries that produce NULL values should not be used in NOT IN conditions. This is because when a subquery produces a NULL value, it is not considered an element of the set that is being compared, and thus the comparison will always return false. This can lead to unexpected results, and should be avoided. To ensure that the comparison works as expected, use a NOT EXISTS condition instead.

Maintainability Critical SELECT statements used as argument of EXISTS statements should be selective

The SELECT statements used as argument of EXISTS statements should be selective rule states that when using SELECT statements as part of an EXISTS statement, the SELECT statement should be designed to return a small number of results. This means that the SELECT statement should include a WHERE clause with conditions that will limit the number of rows that are returned from the query. This will help ensure that the EXISTS statement runs quickly and efficiently.

Vulnerability Critical SHA-1 and Message-Digest hash algorithms should not be used in secure contexts

This rule states that the SHA-1 and Message-Digest hash algorithms should not be used in secure contexts, as they are no longer considered secure and have been replaced by more secure algorithms. These algorithms can still be used for non-secure purposes, such as verifying file integrity or generating checksums, but should not be used for authentication or other secure operations. It is important to ensure that any applications or systems that use these algorithms are updated to use a more secure algorithm.

Maintainability Critical Size should be specified for varchar variables and parameters

The "Size should be specified for varchar variables and parameters" rule for SQL Server code states that when declaring variables and parameters of the varchar data type, the size of the variable or parameter should be specified. This helps ensure that the data stored in the variable or parameter is of the correct size and that it does not exceed the maximum size of the data type. Without specifying a size, the data stored in the variable or parameter could be truncated or cause an error when it exceeds the maximum size of the data type.

Bug Critical Syntax Errors

The SQL Server Code Rule "Syntax Errors" checks for syntax errors in Transact-SQL code. It ensures that the code is syntactically correct and that it can be parsed and compiled without any errors. This rule helps identify any syntax errors that may exist in the code and provides suggestions on how to fix them. It also flags any code that may be syntactically correct but may not produce the expected results. This rule is useful for ensuring that the code runs as expected and does not cause any unexpected errors.

Bug Critical The number of variables in a FETCH statement should match the number of columns in the cursor

The FETCH statement in SQL Server should have the same number of variables as the number of columns in the cursor. This ensures that the correct data is retrieved from the database. If the number of variables does not match the number of columns, then the query will fail. This rule helps to ensure that the data being retrieved is accurate and complete.