SonarSource Rules

Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

COBOL static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your COBOL code

Security Hotspot3

Tags

Impact

Clean code attribute

SQL statements should not contain dynamic clauses
Security Hotspot
Having SQL "SELECT" statements without "WHERE" conditions is security-sensitive
Security Hotspot
Delivering code in production with debug features activated is security-sensitive
Security Hotspot

Having SQL "SELECT" statements without "WHERE" conditions is security-sensitive

intentionality - efficient

security

Security Hotspot

MajorSonarSource default severity
click to learn more

Although the WHERE condition is optional in a SELECT statement, for performance and security reasons, a WHERE clause should always be specified to prevent reading the whole table.

Ask Yourself Whether

The whole table is not required.
The table contains sensitive information.

There is a risk if you answered yes to any of those questions.

Recommended Secure Coding Practices

Add a "WHERE" condition to "SELECT" statements.

Sensitive Code Example

SELECT * FROM db_persons INTO us_persons

Compliant Solution

SELECT * FROM db_persons INTO us_persons WHERE country IS 'US'

Exceptions

Not having a WHERE clause is acceptable in read-only cursors as results are generally sorted and it is possible to stop processing in the middle.

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Enterprise
Edition