Home
Sensitive SYS owned functions should not be used
Description
The rule "Sensitive SYS owned functions should not be used" in PL/SQL code means that functions owned by the SYS user should not be used in PL/SQL code. These functions are considered sensitive because they can have a significant impact on the system, and can be used to access sensitive information. Therefore, it is important to ensure that these functions are used only when absolutely necessary, and with the proper security measures in place.
Key Benefits
- Increased Security: Sensitive SYS owned functions should not be used to help protect against malicious attacks and unauthorized access.
- Reduced Risk: By avoiding the use of sensitive SYS owned functions, the risk of data loss or corruption is minimized.
- Improved Performance: Using less sensitive SYS owned functions can help improve system performance.
Non-compliant Code Example
DECLARE
input NUMBER;
result NUMBER;
sys_user_id NUMBER;
BEGIN
sys_user_id:=0;
input:=sys.dbms_sql.open_cursor();
--Non compliant code (SYS owned function is used sys.dbms_sys_sql)
sys.dbms_sys_sql.parse_as_user(input, 'begin
dbms_output.put_line(sys_context(''userenv'',''current_user''));
end;', dbms_sql.native, sys_user_id);
result:=dbms_sql.execute(input);
dbms_sql.close_cursor(input);
END;