File content as of revision 1:efe9cad8942f:

// Functions known to cause issues in PL/SQL code.
// To add new issues use the format: function name[=>][[N]][description]
//	(where N is a severity rating of 1 (Critical) to 3 (Medium) (or optionally, 0 for 'normal'))
//
// NB - function names are *not* case-sensitive for this file
//
// Potential SQL Injection (uncomment the following two lines if you wish to identify every use of 'EXECUTE IMMEDIATE' and 'OPEN FOR')
// With these lines commented, VCG will only report on use of these functions in conjunction with user-supplied variables.
//EXECUTE IMMEDIATE=>[3]Allows the use of dynamic SQL statements which are potentially vulnerable to SQL injection, depending on the origin of input variables and opportunities for an attacker to modify them before they reach the procedure.
//OPEN FOR=>[3]Allows the use of dynamic SQL statements which are potentially vulnerable to SQL injection, depending on the origin of input variables and opportunities for an attacker to modify them before they reach the procedure.

// Poor error handling
WHEN OTHERS THEN=>[3]The code contains catch-all error blocks which can result in unpredictable outcomes during processing, resulting in an increased risk of data corruption.