Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
Go
HTML
Java
JavaScript
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

COBOL static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your COBOL code

Filtered: 47 rules found

sql

Impact

Clean code attribute

Inserts should include values for non-null columns
Bug
"DELETE" and "UPDATE" statements should contain "WHERE" clauses
Bug
SQL statements should not contain dynamic clauses
Security Hotspot
DDL statements should not be used
Code Smell
"INSERT" statements should not set the values of identity columns
Bug
SQL "UPDATE" statements should not change primary key values
Bug
"LIKE" clauses should not be used without wildcards
Code Smell
Cursors should not be opened inside loops
Code Smell
Cursors should not be declared inside loops
Code Smell
Cursors should not be closed inside loops
Code Smell
Queries that use "FETCH FIRST" should have an "ORDER BY"
Bug
"WHERE" clause conditions should not be contradictory
Bug
Selects should include null indicators for nullable columns
Bug
Fetches should not select more columns than their cursors
Bug
"NULL" should not be compared directly
Bug
Having SQL "SELECT" statements without "WHERE" conditions is security-sensitive
Security Hotspot
SQL "LIKE" clauses should not start with wildcard characters
Code Smell
Column names should be used in a SQL "ORDER BY" clause
Code Smell
SQL statements should not join too many tables
Code Smell
Columns to be read with a "SELECT" statement should be clearly defined
Code Smell
Nested SQL "SELECT" statements should not be used
Code Smell
SQL EXISTS subqueries should not be used
Code Smell
Unused "TABLE" declarations should be removed
Code Smell
Arithmetic expressions and scalar functions should not be used in "WHERE" conditions
Code Smell
"UPDATE" and "DELETE" statements should not impact multiple rows
Code Smell
"LOCK TABLE" should not be used
Code Smell
"INSERT" statements should explicitly list the columns to be set
Code Smell
"ORDER BY" should be specified for cursors
Bug
"SELECT" statements should not lead to full table scans
Code Smell
SQL "OR" clauses testing equality on the same identifier should be replaced by an "IN" clause
Code Smell
A SQL "BETWEEN" clause should be used instead of "X>=Y AND X<=Z"
Code Smell
"FOR READ ONLY" or "FOR UPDATE" should be specified for DB2 cursors
Code Smell
"WHERE" clauses should not contain too many lines of code
Code Smell
"UNION" should not be used in "SELECT" statements
Code Smell
"GROUP BY" should not be used in SQL "SELECT" statements
Code Smell
"DISTINCT" should not be used in SQL "SELECT" statements
Code Smell
Track uses of SQL
Code Smell
The "LIKE" operator should be used very carefully in SQL "WHERE" condition
Code Smell
Sections and paragraphs should not perform more than one SQL operation
Code Smell
Explicitly opened cursors should be closed
Bug
"SQLCODE" or "SQLSTATE" should be tested after each SQL statement
Code Smell
Default column values should not be set explicitly in inserts
Code Smell
Fetches should use all of the columns selected in their cursors
Code Smell
SQL "UPDATE" statements should not impact columns included in partitioning indexes
Code Smell
SQL "WHERE" clauses should use ANSI standard operators
Code Smell
SQL tables should be joined with the "JOIN" keyword
Code Smell
"CURSORs" should not be declared inside procedure divisions
Code Smell

"UPDATE" and "DELETE" statements should not impact multiple rows

intentionality - complete

maintainability

Code Smell

BlockerSonarSource default severity
click to learn more

suspicious
sql

Why is this an issue?

Since databases don’t offer "Are you sure?" dialogs, it’s best to be very certain of what you’re changing before you do it. UPDATE and DELETE statements that don’t precisely limit their effects to single rows risk changing more than was intended. That’s why they should be reviewed carefully.

This rule raises an issue when an UPDATE or DELETE statement’s WHERE clause does not use precisely either a unique index or all parts of the table’s primary key. That includes both cases where they are omitted in whole or in part, and when they are used but could still describe multiple rows. E.G. WHERE AGE = 34, and WHERE TABLE_ID > 0 AND TABLE_ID < 40.

Note That this rule raises issues only when a database catalog is provided during the SonarQube analysis.

Noncompliant code example

CREATE table my_table (
     compound_a integer not null,
     compound_b integer not null,
     column_c varchar(50),
     primary key (compound_a, compound_b)
);

DELETE FROM my_table
WHERE compound_b=4;  -- Noncompliant

Exceptions

Statements using a cursor and WHERE CURRENT OF are ignored.

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Enterprise
Edition

© 2008-2024 SonarSource SA. All rights reserved. SONAR, SONARSOURCE, SONARQUBE, and CLEAN AS YOU CODE are trademarks of SonarSource SA.

Sonar helps developers write Clean Code.
Privacy Policy | Cookie Policy

In-IDE

SaaS

Self-Hosted