Home

Sensitive SYS owned functions should not be used

Rule description

  • Sensitive SYS owned functions should not be used

 

Non-compliant Code Example

DECLARE
 input NUMBER;
 result NUMBER;
 sys_user_id NUMBER;
BEGIN
	sys_user_id:=0;
	input:=sys.dbms_sql.open_cursor();
	--Non compliant code (SYS owned function is used sys.dbms_sys_sql)
	sys.dbms_sys_sql.parse_as_user(input, 'begin
										dbms_output.put_line(sys_context(''userenv'',''current_user''));
									   end;', dbms_sql.native, sys_user_id);
	result:=dbms_sql.execute(input);
	dbms_sql.close_cursor(input);
END;
Visual Expert 2020
 VEPLSQLRULE138