SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
ABAP

ABAP static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your ABAP code

  • All rules 94
  • Vulnerability4
  • Bug14
  • Security Hotspot7
  • Code Smell69
Filtered: 18 rules found
performance
    Impact
      Clean code attribute
        1. "JOIN" should be used instead of nested "SELECT" statements

           Code Smell
        2. "SELECT INTO TABLE" should be used

           Code Smell
        3. "EXIT" and "CHECK" statements should not be used in "SELECT" loops

           Code Smell
        4. Duplications in driver tables should deleted before the tables are used

           Code Smell
        5. SQL "LIKE" clauses should not start with wildcard characters

           Code Smell
        6. Mass operations should be used with internal tables instead of loops

           Code Smell
        7. "SORTED" or "HASHED" internal tables should be accessed with a key

           Code Smell
        8. A SQL "SELECT" statement should not involve too many tables

           Code Smell
        9. Native SQL should not be statically embedded

           Code Smell
        10. SQL aggregate functions should not be used to prevent bypassing the SAP buffer

           Code Smell
        11. To "SELECT", "INSERT" or "DELETE" several lines in databases, internal tables should be used in place of loop control structure

           Code Smell
        12. SQL "DISTINCT" operator should not be used to prevent bypassing the SAP buffering

           Code Smell
        13. Columns to be read with a "SELECT" statement should be clearly defined

           Code Smell
        14. The "LIKE" operator should be used very carefully in SQL "WHERE" condition

           Code Smell
        15. Subqueries and "JOIN" clauses should not be used

           Code Smell
        16. Having SQL "SELECT" statements without "WHERE" conditions is security-sensitive

           Security Hotspot
        17. Subroutine parameters should be passed by reference rather than by value

           Code Smell
        18. SQL EXISTS subqueries should not be used

           Code Smell

        SQL EXISTS subqueries should not be used

        intentionality - efficient
        maintainability
        Code Smell
        • performance
        • sql

        Why is this an issue?

        SQL queries that use EXISTS subqueries are inefficient because the subquery is re-run for every row in the outer query’s table. There are more efficient ways to write most queries, ways that do not use the EXISTS condition.

        Noncompliant code example

        SELECT name
        FROM employee
        WHERE EXISTS (SELECT * FROM department WHERE department_id = id AND name = 'Marketing');
        

        Compliant solution

        SELECT name
        FROM employee INNER JOIN department AS d
          ON department_id = d.id AND d.name = 'Marketing';
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use