SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
ABAP

ABAP static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your ABAP code

  • All rules 94
  • Vulnerability4
  • Bug14
  • Security Hotspot7
  • Code Smell69
 
Tags
    Impact
      Clean code attribute
        1. Standard tables should be searched using "BINARY SEARCH"

           Code Smell
        2. "WHEN OTHERS" clauses should be last

           Code Smell
        3. Cognitive Complexity of functions should not be too high

           Code Smell
        4. "LIKE" clauses should not be used without wildcards

           Code Smell
        5. Jump statements should not be redundant

           Code Smell
        6. "JOIN" should be used instead of nested "SELECT" statements

           Code Smell
        7. "SELECT INTO TABLE" should be used

           Code Smell
        8. "EXIT" and "CHECK" statements should not be used in "SELECT" loops

           Code Smell
        9. Duplications in driver tables should deleted before the tables are used

           Code Smell
        10. Two branches in a conditional structure should not have exactly the same implementation

           Code Smell
        11. SQL "LIKE" clauses should not start with wildcard characters

           Code Smell
        12. Unnecessary chain syntax should not be used

           Code Smell
        13. Asterisks should be used for headers and to comment out code

           Code Smell
        14. "CX_ROOT" should not be caught

           Code Smell
        15. Mass operations should be used with internal tables instead of loops

           Code Smell
        16. "SORTED" or "HASHED" internal tables should be accessed with a key

           Code Smell
        17. Keywords should not be used as variable names

           Code Smell
        18. "FORM... ENDFORM" and "PERFORM" should not be used

           Code Smell
        19. "NOT IN" should not be used

           Code Smell
        20. A SQL "SELECT" statement should not involve too many tables

           Code Smell
        21. Macros should be documented

           Code Smell
        22. Functions should be documented

           Code Smell
        23. Forms should be documented

           Code Smell
        24. Classes should be documented

           Code Smell
        25. "DATA" variable names should comply with a naming convention

           Code Smell
        26. Report names should comply with a naming convention

           Code Smell
        27. Macro names should comply with a naming convention

           Code Smell
        28. Function names should comply with a naming convention

           Code Smell
        29. Cyclomatic Complexity of functions should not be too high

           Code Smell
        30. "REFRESH itab FROM TABLE" should not be used

           Code Smell
        31. "%_HINTS" should not be used

           Code Smell
        32. "SY-SUBRC" should be tested after each statement setting it.

           Code Smell
        33. Form names should comply with a naming convention

           Code Smell
        34. Internal source code processing statements should not be used

           Code Smell
        35. System C functions should not be used

           Code Smell
        36. Native SQL should not be statically embedded

           Code Smell
        37. SQL aggregate functions should not be used to prevent bypassing the SAP buffer

           Code Smell
        38. To "SELECT", "INSERT" or "DELETE" several lines in databases, internal tables should be used in place of loop control structure

           Code Smell
        39. SQL "DISTINCT" operator should not be used to prevent bypassing the SAP buffering

           Code Smell
        40. Columns to be read with a "SELECT" statement should be clearly defined

           Code Smell
        41. The "LIKE" operator should be used very carefully in SQL "WHERE" condition

           Code Smell
        42. Subqueries and "JOIN" clauses should not be used

           Code Smell
        43. "REFRESH itab" should not be used

           Code Smell
        44. "SYSTEM-CALL" statement should not be used

           Code Smell
        45. "DATA BEGIN OF OCCURS" should not be used

           Code Smell
        46. Unused local variables should be removed

           Code Smell
        47. Loops should not contain more than a single "CONTINUE", "EXIT", "CHECK" statement

           Code Smell
        48. Control flow statements "IF", "CASE", "DO", "LOOP", "SELECT", "WHILE" and "PROVIDE" should not be nested too deeply

           Code Smell
        49. Cyclomatic Complexity of methods should not be too high

           Code Smell
        50. Cyclomatic Complexity of classes should not be too high

           Code Smell
        51. "CASE" statements should have "WHEN OTHERS" clauses

           Code Smell
        52. "CASE statements should have at least 3 "WHEN" clauses

           Code Smell
        53. "IF ... ELSEIF" constructs should end with "ELSE" clauses

           Code Smell
        54. Sections of code should not be commented out

           Code Smell
        55. Subroutine parameters should be passed by reference rather than by value

           Code Smell
        56. Statements should be on separate lines

           Code Smell
        57. String literals should not be duplicated

           Code Smell
        58. Interface names should comply with a naming convention

           Code Smell
        59. SQL EXISTS subqueries should not be used

           Code Smell
        60. Redundant pairs of parentheses should be removed

           Code Smell
        61. Magic numbers should not be used

           Code Smell
        62. Nested blocks of code should not be left empty

           Code Smell
        63. Expressions should not be too complex

           Code Smell
        64. Mergeable "if" statements should be combined

           Code Smell
        65. Tabulation characters should not be used

           Code Smell
        66. Files should not have too many lines of code

           Code Smell
        67. Lines should not be too long

           Code Smell
        68. Class names should comply with a naming convention

           Code Smell
        69. Method names should comply with a naming convention

           Code Smell

        System C functions should not be used

        consistency - conventional
        maintainability
        Code Smell
        • lock-in

        Why is this an issue?

        According to the SAP documentation:

        System functions are only intended for internal usage. Incompatible changes and further development is possible at any time and without warning or notice.

        So calling system C functions using a CALL statement should be avoided.

        Noncompliant code example

        CALL 'MULTIPLY' ID 'P1'  FIELD '9999'
                        ID 'P2'  FIELD '9999'
                        ID 'RES' FIELD RESULT.
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use