Maxim Integrated
Maxim Integrated's IoT development kit.
Dependencies: MAX30101 MAX30003 MAX113XX_Pixi MAX30205 max32630fthr USBDevice
tools/VisualCodeGrepper-2.1.0/plsqlfunctions.conf@1:efe9cad8942f, 2018-03-13 (annotated)
- Committer:
- Mahir Ozturk
- Date:
- Tue Mar 13 14:52:59 2018 +0300
- Revision:
- 1:efe9cad8942f
Commit project files
Change-Id: I2188228f2a27e9a13e2407846e48b38c2596caa0
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| Mahir Ozturk |
1:efe9cad8942f | 1 | // Functions known to cause issues in PL/SQL code. |
| Mahir Ozturk |
1:efe9cad8942f | 2 | // To add new issues use the format: function name[=>][[N]][description] |
| Mahir Ozturk |
1:efe9cad8942f | 3 | // (where N is a severity rating of 1 (Critical) to 3 (Medium) (or optionally, 0 for 'normal')) |
| Mahir Ozturk |
1:efe9cad8942f | 4 | // |
| Mahir Ozturk |
1:efe9cad8942f | 5 | // NB - function names are *not* case-sensitive for this file |
| Mahir Ozturk |
1:efe9cad8942f | 6 | // |
| Mahir Ozturk |
1:efe9cad8942f | 7 | // Potential SQL Injection (uncomment the following two lines if you wish to identify every use of 'EXECUTE IMMEDIATE' and 'OPEN FOR') |
| Mahir Ozturk |
1:efe9cad8942f | 8 | // With these lines commented, VCG will only report on use of these functions in conjunction with user-supplied variables. |
| Mahir Ozturk |
1:efe9cad8942f | 9 | //EXECUTE IMMEDIATE=>[3]Allows the use of dynamic SQL statements which are potentially vulnerable to SQL injection, depending on the origin of input variables and opportunities for an attacker to modify them before they reach the procedure. |
| Mahir Ozturk |
1:efe9cad8942f | 10 | //OPEN FOR=>[3]Allows the use of dynamic SQL statements which are potentially vulnerable to SQL injection, depending on the origin of input variables and opportunities for an attacker to modify them before they reach the procedure. |
| Mahir Ozturk |
1:efe9cad8942f | 11 | |
| Mahir Ozturk |
1:efe9cad8942f | 12 | // Poor error handling |
| Mahir Ozturk |
1:efe9cad8942f | 13 | WHEN OTHERS THEN=>[3]The code contains catch-all error blocks which can result in unpredictable outcomes during processing, resulting in an increased risk of data corruption. |
| Mahir Ozturk |
1:efe9cad8942f | 14 | |
| Mahir Ozturk |
1:efe9cad8942f | 15 |