Home

Dynamically executing code is security-sensitive

Rule description

  • Dynamically executing code is security-sensitive

 

Non-compliant Code Example

USE master;
declare @Id int;
EXEC ('USE AdventureWorks2012; SELECT BusinessEntityID, JobTitle FROM HumanResources.Employee WHERE Id = ''' + @Id + ''' ;');   --Non compliant code
Visual Expert 2020
 VETSQLRULE6