Skip to content

Commit

Permalink
S3921 Use data_dictionary.adoc and LaYC format
Browse files Browse the repository at this point in the history
  • Loading branch information
@sebastien-marichal
sebastien-marichal committed Nov 27, 2024
1 parent 8a7e7cf commit dc6f324
Showing 1 changed file with 42 additions and 22 deletions.
64 changes: 42 additions & 22 deletions rules/S3921/plsql/rule.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,41 +2,61 @@

Trying to assign a large character value to a smaller variable or column will raise an error.

=== Noncompliant code example
include::../../../shared_content/plsql/data_dictionary.adoc[]

[source,sql]
----
create table persons (id number, name varchar2(4));
== How to fix it

insert into persons (id, name) values (1, 'Alice'); -- Noncompliant, raises ORA-12899
Ensure that the size of the variable or column is large enough to hold the value.

create or replace procedure sp1
is
foo varchar2(2);
begin
select name into foo from persons where id = 1; -- Noncompliant, may raise ORA-06502
end;
----
=== Code examples

=== Compliant solution
==== Noncompliant code example

[source,sql]
[source,sql,diff-id=1,diff-type=noncompliant]
----
CREATE TABLE Persons
(
Id NUMBER,
Name VARCHAR2(4)
);
INSERT INTO Persons (Id, Name) VALUES (1, 'Alice'); -- Noncompliant, raises ORA-12899
CREATE OR REPLACE PROCEDURE sp1
IS
foo VARCHAR2(2);
BEGIN
SELECT Name INTO foo FROM Persons WHERE Id = 1; -- Noncompliant, may raise ORA-06502
END;
----
create table persons (id number, name varchar2(8));

insert into persons (id, name) values (1, 'Alice');
==== Compliant solution

create or replace procedure sp1
is
foo varchar2(8);
begin
select name into foo from persons where id = 1;
end;
[source,sql,diff-id=1,diff-type=compliant]
----
CREATE TABLE Persons
(
Id NUMBER,
Name VARCHAR2(8)
);
INSERT INTO Persons (Id, Name) VALUES (1, 'Alice');
CREATE OR REPLACE PROCEDURE sp1
IS
foo VARCHAR2(8);
BEGIN
SELECT Name INTO foo FROM Persons WHERE Id = 1;
END;
----

== Resources

=== Documentation

* CWE - https://cwe.mitre.org/data/definitions/704[CWE-704 - Incorrect Type Conversion or Cast]
* Oracle Database - https://docs.oracle.com/en/error-help/db/ora-12899[ORA-12899]
* Oracle Database - https://docs.oracle.com/en/error-help/db/ora-06502[ORA-06502]


ifdef::env-github,rspecator-view[]
Expand Down

0 comments on commit dc6f324

Please sign in to comment.