SQL> help codescan
SET CODESCAN
---------
set CODESCAN ALL | NONE
|SQLINJECTION [ON | OFF]
Controls warning messages issued for code quality issues.
ALL or SQLINJECTION ON turns on warnings for possible SQL injection vulnerabilities.
NONE or SQLINJECTION OFF disables warnings.
Default is ALL.
SQL> create or replace procedure p(name in varchar2)
2 as
3 begin
4 execute immediate 'select * from t1 where id1='''||name||'''';
5 end;
6* /
SQLcl security warning: SQL injection NAME line 1 -> NAME line 4
Procedure P compiled
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment