ABAP Scan rules
Contrast Scan supports these rules for ABAP.
Severity | Contrast rule | Engine rule ID | Description |
|---|---|---|---|
Medium | Access B Din Loop | OPT.ABAP.AMR.AccessBDinLoop | AccessBDinLoop: Avoid massive database operations inside a loop |
High | Alter Layout Dinamically | OPT.ABAP.AWD.AlterLayoutDinamically | AlterLayoutDinamically: WebDynpro Layout should be modified only in wdDoModifyView method |
High | Assign I D Element | OPT.ABAP.AWD.AssignIDElement | AssignIDElement: Attributes for Web Dynpro elements must be unique |
Info | Authority Checks | OPT.ABAP.SEC.AuthorityChecks | AuthorityChecks: Authority checks (informative) |
Medium | Avoid Batch Input | OPT.ABAP.AMR.AvoidBatchInput | AvoidBatchInput: Do not call transactions using batch input |
Medium | Avoid Call No Def Module | OPT.ABAP.APBR.AvoidCallNoDefModule | AvoidCallNoDefModule: Avoid call modules that have not been declared |
High | Avoid Client Specified | OPT.ABAP.ASR.AvoidClientSpecified | AvoidClientSpecified: Avoid CLIENT SPECIFIED option |
Low | Avoid Commented Out Code | OPT.ABAP.MAINT.AvoidCommentedOutCode | AvoidCommentedOutCode: Avoid commented out code blocks |
Medium | Avoid Complex Context | OPT.ABAP.AWD.AvoidComplexContext | AvoidComplexContext: Too deeply nested nodes in Web Dynpro context |
Medium | Avoid Controller With Code | OPT.ABAP.AWD.AvoidControllerWithCode | AvoidControllerWithCode: Too much code in Web Dynpro view |
High | Avoid Database Hints | OPT.ABAP.PORTABILITY.AvoidDatabaseHints | AvoidDatabaseHints: Avoid %_HINTS in SELECT |
Medium | Avoid Declare Vars In Mod | OPT.ABAP.AGR.AvoidDeclareVarsInMod | AvoidDeclareVarsInMod: Avoid declarations inside a dialog module |
Medium | Avoid Duplicate Events | OPT.ABAP.AGR.AvoidDuplicateEvents | AvoidDuplicateEvents: Avoid duplicate declarations for same event block |
Info | Avoid Duplicate Includes In Programs | OPT.ABAP.APFR.AvoidDuplicateIncludesInPrograms | AvoidDuplicateIncludesInPrograms: Avoid same INCLUDE in different programs |
Low | Avoid Elementi I U Tree | OPT.ABAP.AWD.AvoidElementiIUTree | AvoidElementiIUTree: In Web Dynpro, do not use the Tree UI element |
Low | Avoid Empty Blocks In Loop Or If | OPT.ABAP.MAINT.AvoidEmptyBlocksInLoopOrIf | AvoidEmptyBlocksInLoopOrIf: Avoid using loops and conditional statements with empty blocks |
Medium | Avoid Empty Catch Blocks | OPT.ABAP.APBR.AvoidEmptyCatchBlocks | AvoidEmptyCatchBlocks: Avoid use empty CATCH blocks |
Low | Avoid Empty Subroutine Or Function | OPT.ABAP.MAINT.AvoidEmptySubroutineOrFunction | AvoidEmptySubroutineOrFunction: Avoid using functions or subroutines with empty blocks |
Medium | Avoid Empty When Others | OPT.ABAP.APBR.AvoidEmptyWhenOthers | AvoidEmptyWhenOthers: If used, WHEN OTHERS clause should not be empty |
Low | Avoid Form Param Without Type | OPT.ABAP.AGR.AvoidFormParamWithoutType | AvoidFormParamWithoutType: Avoid subroutines with untyped or too generic type parameters |
Critical | Avoid Free Memory | OPT.ABAP.AGR.AvoidFreeMemory | AvoidFreeMemory: Avoid using FREE MEMORY without explicit data cluster |
Low | Avoid From Dynamic | OPT.ABAP.ASR.AvoidFromDynamic | AvoidFromDynamic: Avoid subqueries in FROM clauses |
Medium | Avoid Literal Wit Add | OPT.ABAP.AGR.AvoidLiteralWitAdd | AvoidLiteralWitAdd: In the sentece Add is better use variables instead of literal |
Low | Avoid Logic DB | OPT.ABAP.ASR.AvoidLogicDB | AvoidLogicDB: Do not to use logical databases |
High | Avoid Macro | OPT.ABAP.AGR.AvoidMacro | AvoidMacro: Do not define custom macros |
Low | Avoid Modify Context | OPT.ABAP.AWD.AvoidModifyContext | AvoidModifyContext: Avoid programmatic modification of a Web Dynpro context |
Low | Avoid Modify Elements Directly | OPT.ABAP.AWD.AvoidModifyElementsDirectly | AvoidModifyElementsDirectly: Do not modify programmatically the layout for Web Dynpro context nodes |
Low | Avoid Module Messed Up | OPT.ABAP.APBR.AvoidModuleMessedUp | AvoidModuleMessedUp: Avoid call a module from a program |
Low | Avoid Multiple Dynamic Attributes | OPT.ABAP.AWD.AvoidMultipleDynamicAttributes | AvoidMultipleDynamicAttributes: Avoid assigning multiple attributes dynamically in a WebDynpro element |
Low | Avoid Nested Layout | OPT.ABAP.AWD.AvoidNestedLayout | AvoidNestedLayout: To avoid to nest layouts |
Low | Avoid Non Transp Table | OPT.ABAP.AGR.AvoidNonTranspTable | AvoidNonTranspTable: Do not create tables that are not transparent |
Medium | Avoid Non Used Declared Module | OPT.ABAP.AMR.AvoidNonUsedDeclaredModule | AvoidNonUsedDeclaredModule: Avoid declaring dialog modules that are not used |
Info | Avoid No Standard Page Heading | OPT.ABAP.ADR.AvoidNoStandardPageHeading | AvoidNoStandardPageHeading: The standard SAP report header should not be disabled (NO STANDARD PAGE HEADING) |
Medium | Avoid No Use Fields | OPT.ABAP.AGR.AvoidNoUseFields | AvoidNoUseFields: Avoid declare fields on internal tables that are not used |
High | Avoid Percentage Var | OPT.ABAP.AMR.AvoidPercentage_Var | AvoidPercentage_Var: Avoid identifier names starting with %_ |
Medium | Avoid Pool And Include | OPT.ABAP.AWD.AvoidPoolAndInclude | AvoidPoolAndInclude: Do not use TYPE-POOL and INCLUDE TYPE/STRUCTURE |
High | Avoid Read S A P Tables | OPT.ABAP.ASR.AvoidReadSAPTables | AvoidReadSAPTables: READ TABLE on database table |
Medium | Avoid S A P Queries | OPT.ABAP.ASR.AvoidSAPQueries | AvoidSAPQueries: Do not call SAP Query |
Medium | Avoid Sap Script | OPT.ABAP.AGR.AvoidSapScript | AvoidSapScript: Avoid SAP Script |
High | Avoid SQL Exist Subqueries | OPT.ABAP.EFFICIENCY.AvoidSqlExistSubqueries | AvoidSqlExistSubqueries: Avoid using the EXISTS clause |
Medium | Avoid Stop Messed Up | OPT.ABAP.APBR.AvoidStopMessedUp | AvoidStopMessedUp: Avoid STOP statement out of the event blocks START-OF-SELECTION, GET or AT SELECTION-SCREEN |
High | Avoid Stretched Vertically | OPT.ABAP.AWD.AvoidStretchedVertically | AvoidStretchedVertically: Do not set StretchedVertically in MatrixLayout |
Medium | Avoid Sub Select Queries | OPT.ABAP.APFR.AvoidSubSelectQueries | AvoidSubSelectQueries: Avoid subqueries in WHERE |
High | Avoid Trace On | OPT.ABAP.APFR.AvoidTraceOn | AvoidTraceOn: Avoid use sentences that activate the trace generator |
Critical | Avoid Up To Rows With For All Entries | OPT.ABAP.EFFICIENCY.AvoidUpToRowsWithForAllEntries | AvoidUpToRowsWithForAllEntries: Avoid using UP TO ROWS clause in combination with FOR ALL ENTRIES in SELECT statements |
Info | Avoid Vble Message | OPT.ABAP.ADR.AvoidVbleMessage | AvoidVbleMessage: Do not use variables as parameters for messages |
Low | Avoid Where Dynamic | OPT.ABAP.ASR.AvoidWhereDynamic | AvoidWhereDynamic: Avoid subqueries in WHERE |
Info | Avoid Write To | OPT.ABAP.AGR.AvoidWriteTo | AvoidWriteTo: Replace WRITE TO sentence with MOVE TO |
Critical | Backdoors | OPT.ABAP.SEC.Backdoors | Backdoors: Avoid development/test backdoors in production code |
High | Bad Authorization Check | OPT.ABAP.SEC.BadAuthorizationCheck | BadAuthorizationCheck: Improper implementation of authorization check |
High | Call Editor Call | OPT.ABAP.AGR.CallEditorCall | CallEditorCall: Avoid EDITOR-CALL |
Medium | Call F M In Group | OPT.ABAP.AGR.CallFMInGroup | CallFMInGroup: Unused function |
Info | Calls2 Critical Functions | OPT.ABAP.SEC.Calls2CriticalFunctions | Calls2CriticalFunctions: Calls to Critical ABAP functions |
Critical | Call Sys Function | OPT.ABAP.AGR.CallSysFunction | CallSysFunction: Do not call system / kernel functions from ABAP application code |
Low | Call S Y S U B R C | OPT.ABAP.APBR.CallSYSUBRC | CallSYSUBRC: Check the value of SY-SUBRC after certain operations |
High | Call Tx | OPT.ABAP.AGR.CallTx | CallTx: Avoid called transactions corresponding to a certain module |
Medium | Case No Repeat When | OPT.ABAP.AGR.CaseNoRepeatWhen | CaseNoRepeatWhen: Avoid repeat WHEN conditions in a CASE sentence |
Low | Case Should Have At Least3 When | OPT.ABAP.MAINT.CaseShouldHaveAtLeast3When | CaseShouldHaveAtLeast3When: A CASE statement should have at least 3 WHEN clauses |
Low | Check Atr No Exist Dynpro | OPT.ABAP.APBR.CheckAtrNoExistDynpro | CheckAtrNoExistDynpro: Avoid checking attributes of a non-existing dynpro |
Medium | Check Auth In All Programs | OPT.ABAP.SEC.CheckAuthInAllPrograms | CheckAuthInAllPrograms: Any report must perform an authority check |
High | Check Authority | OPT.ABAP.APBR.CheckAuthority | CheckAuthority: Invalid authorization fields in AUTHORITY-CHECK |
High | Check Dlg Modules | OPT.ABAP.APBR.CheckDlgModules | CheckDlgModules: Avoid work with non-existing dynpros |
Medium | Check F Don't use masterpage filesaram | OPT.ABAP.APBR.CheckFMParam | CheckFMParam: Avoid use an incorrect category for a function module parameters |
High | Check Fn Module | OPT.ABAP.APBR.CheckFnModule | CheckFnModule: Avoid working with non-existing functions |
Low | Check Includes | OPT.ABAP.APBR.CheckIncludes | CheckIncludes: Avoid call files from include sentece that are not type I |
High | Check Load Table | OPT.ABAP.APBR.CheckLoadTable | CheckLoadTable: Load only existing tables in SAP system |
High | Check Messages | OPT.ABAP.APBR.CheckMessages | CheckMessages: Use only existing messages in the table T100 |
Info | Check Status P F | OPT.ABAP.AGR.CheckStatusPF | CheckStatusPF: Check if the program program personalizes the STATUS PF |
Medium | Check Submit With Param | OPT.ABAP.APBR.CheckSubmitWithParam | CheckSubmitWithParam: Avoid undeclared selection criteria in SUBMIT |
Info | Check Titlebar | OPT.ABAP.AGR.CheckTitlebar | CheckTitlebar: Check if the program program personalizes the TITLEBAR |
High | Check Tx | OPT.ABAP.APBR.CheckTx | CheckTx: Only use existing transactions |
High | Close All Open Resources | OPT.ABAP.APFR.CloseAllOpenResources | CloseAllOpenResources: Every open resource (cursor or dataset) should be closed |
Low | Cmd Table Out Loop | OPT.ABAP.ASR.CmdTableOutLoop | CmdTableOutLoop: Avoid to use commands of table with implicit use of index out of the LOOP |
Critical | Command Injection | OPT.ABAP.SEC.CommandInjection | CommandInjection: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Low | Comments Before Classes | OPT.ABAP.MAINT.CommentsBeforeClasses | CommentsBeforeClasses: Check if there are comment lines before a class |
High | Comments Before Programs Or Reports | OPT.ABAP.ADR.CommentsBeforeProgramsOrReports | CommentsBeforeProgramsOrReports: Check if there are comment lines before programs and reports |
Low | Comments Before Subroutines | OPT.ABAP.ADR.CommentsBeforeSubroutines | CommentsBeforeSubroutines: Check if there are comment lines before functions, method, forms or macro |
Medium | Compatible Form Params | OPT.ABAP.APBR.CompatibleFormParams | CompatibleFormParams: With PERFORM, arguments should match subroutine formal parameters |
Medium | Complex Layout Use Matrix Layout | OPT.ABAP.AWD.ComplexLayoutUseMatrixLayout | ComplexLayoutUseMatrixLayout: Avoid too many elements in Web Dynpro views |
High | Control Fields Client Tables | OPT.ABAP.ASR.ControlFieldsClientTables | ControlFieldsClientTables: Include audit fields in custom tables |
Low | Correct Naming Meth | OPT.ABAP.ADR.CorrectNamingMeth | CorrectNamingMeth: Methods must follow a standard naming convention |
High | Correspond Raise Excep | OPT.ABAP.APBR.CorrespondRaiseExcep | CorrespondRaiseExcep: EXCEPTIONS and RAISE must match |
Critical | Cross Client Database Access | OPT.ABAP.SEC.CrossClientDatabaseAccess | CrossClientDatabaseAccess: Do not bypass SAP client separation mechanism |
Critical | Cross Site Scripting | OPT.ABAP.SEC.CrossSiteScripting | CrossSiteScripting: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
High | Cx Root Caught | OPT.ABAP.RELIABILITY.CxRootCaught | CxRootCaught: Do not catch CX_ROOT |
High | Cyclomatic Complexity | OPT.ABAP.AMTR.CyclomaticComplexity | CyclomaticComplexity: Avoid functions/forms/methods....¬° with high cyclomatic complexity |
Info | Dangerous File Download | OPT.ABAP.SEC.DangerousFileDownload | DangerousFileDownload: Dangerous file download |
Info | Dangerous File Upload | OPT.ABAP.SEC.DangerousFileUpload | DangerousFileUpload: Dangerous file upload |
Low | Data Definition At The Beginning | OPT.ABAP.AMR.DataDefinitionAtTheBeginning | DataDefinitionAtTheBeginning: Do not insert declarations after the first executable line |
Medium | Deeply Nested Statements | OPT.ABAP.MAINT.DeeplyNestedStatements | DeeplyNestedStatements: Avoid too deeply nested statements |
High | Delete From Table Without Where | OPT.ABAP.RELIABILITY.DeleteFromTableWithoutWhere | DeleteFromTableWithoutWhere: DELETE FROM statement must have WHERE condition |
High | Deprecated Asyncronous R F C | OPT.ABAP.PORTABILITY.DeprecatedAsyncronousRFC | DeprecatedAsyncronousRFC: Use Background RFC instead of older Transactional or Queue RFC |
High | Direct Recursive Call | OPT.ABAP.RELIABILITY.DirectRecursiveCall | DirectRecursiveCall: Avoid recursive calls |
High | Direct Update | OPT.ABAP.SEC.DirectUpdate | DirectUpdate: SQL Bad Practices - Direct Update |
Critical | Dynamic Code | OPT.ABAP.SEC.DynamicCode | DynamicCode: Avoid Dynamic Code constructs |
High | Dynamic Constructs | OPT.ABAP.SEC.DynamicConstructs | DynamicConstructs: Avoid dynamic constructs controlled by external input |
Medium | Dynpro Non Exist Atr | OPT.ABAP.APBR.DynproNonExistAtr | DynproNonExistAtr: Avoid references to non-existing attributes for a dynpro screen element |
Low | Elseif With Else | OPT.ABAP.RELIABILITY.ElseifWithElse | ElseifWithElse: IF ... ELSEIF statements must be terminated with ELSE |
Critical | Empty Select Endselect | OPT.ABAP.EFFICIENCY.EmptySelectEndselect | EmptySelectEndselect: Avoid empty SELECT-ENDSELECT statements |
Critical | Enqueue Instead Of Select Single For Update | OPT.ABAP.ASR.EnqueueInsteadOfSelectSingleForUpdate | EnqueueInsteadOfSelectSingleForUpdate: Use SAP locking mechanism instead of SELECT SINGLE FOR UPDATE |
Low | Equal Number Param | OPT.ABAP.APBR.EqualNumberParam | EqualNumberParam: Avoid call a FORM with diferent number of parameters as declared |
Low | Excess Of Parameters | OPT.ABAP.AMTR.ExcessOfParameters | ExcessOfParameters: Avoid functions/forms/methods with an excess of parameters |
Low | Excess Of Responsibility | OPT.ABAP.AMTR.ExcessOfResponsibility | ExcessOfResponsibility: Avoid programs with excess of responsibility |
Low | Excess Of Return | OPT.ABAP.AMTR.ExcessOfReturn | ExcessOfReturn: Avoid an excess of RETURN statements |
Low | Exist Prog Form Decl | OPT.ABAP.APBR.ExistProgFormDecl | ExistProgFormDecl: Avoid declare FORMS in programs that do not exists in the analyzed system |
Medium | Exists Form | OPT.ABAP.AGR.ExistsForm | ExistsForm: Avoid call non-declared FORMS |
Medium | Extract Code Into Subroutines | OPT.ABAP.AMR.ExtractCodeIntoSubroutines | ExtractCodeIntoSubroutines: Organize big code sections in smaller ones |
Low | Fan In | OPT.ABAP.AMTR.FanIn | FanIn: Limit the number of calls to each routine in programs, reports and classes |
Medium | Fan Out | OPT.ABAP.AMTR.FanOut | FanOut: Limit number of calls (fan-out) from each processing block |
Info | Fields Curr Quan | OPT.ABAP.AGR.FieldsCurrQuan | FieldsCurrQuan: CURR and QUAN fields must have asociated unit fields |
Critical | First Stmt Return Select Endselect | OPT.ABAP.EFFICIENCY.FirstStmtReturnSelectEndselect | FirstStmtReturnSelectEndselect: Avoid using a RETURN statement as the first statement into a SELECT-ENDSELECT block |
High | Form Corresponds Perform | OPT.ABAP.AGR.FormCorrespondsPerform | FormCorrespondsPerform: Avoid declaring unused subroutines |
Low | Harcoded Text In Message | OPT.ABAP.MAINT.HarcodedTextInMessage | HarcodedTextInMessage: Avoid hardcoding text in message |
High | Hardcoded Client Check | OPT.ABAP.SEC.HardcodedClientCheck | HardcodedClientCheck: Hardcoded SAP client check (sy-mandt) |
Low | Hardcoded Date Check | OPT.ABAP.SEC.HardcodedDateCheck | HardcodedDateCheck: Avoid hardcoding into the code current server date checks (sy-datum) |
Medium | Hardcoded Host Check | OPT.ABAP.MAINT.HardcodedHostCheck | HardcodedHostCheck: Avoid hardcoding sy-host checks |
Low | Hardcoded OS Check | OPT.ABAP.MAINT.HardcodedOSCheck | HardcodedOSCheck: Avoid hardcoding sy-opsys checks |
Medium | Hardcoded Rfc Destination | OPT.ABAP.RELIABILITY.HardcodedRfcDestination | HardcodedRfcDestination: Avoid hardcoding the RFC destination parameter |
Low | Hardcoded Sensitive Data | OPT.ABAP.SEC.HardcodedSensitiveData | HardcodedSensitiveData: Avoid hardcoding sensitive information |
High | Hardcoded System Id Check | OPT.ABAP.SEC.HardcodedSystemIdCheck | HardcodedSystemIdCheck: Hardcoded System ID check (sy-sysid) |
High | Hardcoded Username Check | OPT.ABAP.SEC.HardcodedUsernameCheck | HardcodedUsernameCheck: Hard-coded user name in check (potential backdoor) |
Critical | Http Header Manipulation | OPT.ABAP.SEC.HttpHeaderManipulation | HttpHeaderManipulation: Unvalidated data in HTTP response header |
Medium | Implement Layout | OPT.ABAP.AWD.ImplementLayout | ImplementLayout: All Web Dynpro views must have a layout |
Low | Import Export Dynpro | OPT.ABAP.AMR.ImportExportDynpro | ImportExportDynpro: Avoid using import/export dynpro |
Critical | Import Export Nametab | OPT.ABAP.AGR.ImportExportNametab | ImportExportNametab: Avoid IMPORT / EXPORT NAMETAB |
High | Insecure Randomness | OPT.ABAP.SEC.InsecureRandomness | InsecureRandomness: Standard pseudo-random number generators cannot withstand cryptographic attacks |
High | Join Instead Of Select In Loop | OPT.ABAP.EFFICIENCY.JoinInsteadOfSelectInLoop | JoinInsteadOfSelectInLoop: Use join instead of select + loop + nested select |
High | Key Select Option | OPT.ABAP.AGR.KeySelectOption | KeySelectOption: SELECT-OPTIONS must always include key or indexed fields |
Info | Keywords For User Identifiers | OPT.ABAP.MAINT.KeywordsForUserIdentifiers | KeywordsForUserIdentifiers: ABAP keywords should not be used as identifiers |
Info | Limited Number Of Includes | OPT.ABAP.APFR.LimitedNumberOfIncludes | LimitedNumberOfIncludes: Too many included source files |
High | Limited Number Of Tables In Queries | OPT.ABAP.ASR.LimitedNumberOfTablesInQueries | LimitedNumberOfTablesInQueries: Try to limit the number of tables used in a SELECT query |
Medium | Limit Indexes | OPT.ABAP.ASR.LimitIndexes | LimitIndexes: Do not to create too many indexes in a table |
Medium | Logic Depending On Text Symbols | OPT.ABAP.RELIABILITY.LogicDependingOnTextSymbols | LogicDependingOnTextSymbols: Logic depending on text symbols |
Info | Loop At Into | OPT.ABAP.EFFICIENCY.LoopAtInto | LoopAtInto: Avoid LOOP AT itab INTO |
Low | Loop At Where Inside Loop | OPT.ABAP.APFR.LoopAtWhereInsideLoop | LoopAtWhereInsideLoop: Avoid using LOOP AT with WHERE inside another LOOP AT |
Info | Loop Where Instead Of Loop Check | OPT.ABAP.APFR.LoopWhereInsteadOfLoopCheck | LoopWhereInsteadOfLoopCheck: Use LOOP + WHERE instead of LOOP + CHECK |
High | Mark Buffering If Necessary | OPT.ABAP.ASR.MarkBufferingIfNecessary | MarkBufferingIfNecessary: Activate table buffering when needed |
Medium | Match Layout With View Controller | OPT.ABAP.AWD.MatchLayoutWithViewController | MatchLayoutWithViewController: Without associated layout, view controller code is stored in wdDoModifyView method |
Low | Maximum Joins Per Query | OPT.ABAP.APFR.MaximumJoinsPerQuery | MaximumJoinsPerQuery: Restrict the number of tables that can be used in a SELECT |
Low | Max Long Line Size | OPT.ABAP.APTR.MaxLongLineSize | MaxLongLineSize: Avoid width parameter LINE-SIZE greater than 255 |
Medium | Max Number DB Op | OPT.ABAP.APFR.MaxNumberDBOp | MaxNumberDBOp: Too many DB operations in a report or procedure |
Low | Max One Append Struct | OPT.ABAP.ASR.MaxOneAppendStruct | MaxOneAppendStruct: Table or standard structure with multiple append structures |
Low | Message Language | OPT.ABAP.ADR.MessageLanguage | MessageLanguage: The messages must be translated into the necessary languages |
Low | Message Param | OPT.ABAP.APBR.MessageParam | MessageParam: Check that messages have the correct number of parameters |
High | Modified Input Parameter | OPT.ABAP.RELIABILITY.ModifiedInputParameter | ModifiedInputParameter: Modification of input parameter passed by reference |
Info | Move Instead Of Move Corresponding | OPT.ABAP.AGR.MoveInsteadOfMoveCorresponding | MoveInsteadOfMoveCorresponding: Use MOVE instead of MOVE-CORRESPONDING |
High | Naming Components | OPT.ABAP.AWD.NamingComponents | NamingComponents: To control the nomenclature of the components |
Low | Naming Conventions | OPT.ABAP.ADR.NamingConventions | NamingConventions: Standard naming conventions should be followed |
Low | Nested Case Statement | OPT.ABAP.AMR.NestedCaseStatement | NestedCaseStatement: Avoid CASE sentences with many nested levels |
Low | Nested If Statement | OPT.ABAP.AMR.NestedIfStatement | NestedIfStatement: Try to limit nested IF |
Medium | Nested Loops | OPT.ABAP.AMR.NestedLoops | NestedLoops: Avoid using nested loops |
Medium | Nested Only Data Def | OPT.ABAP.AGR.NestedOnlyDataDef | NestedOnlyDataDef: Avoid declaring a redundant nested structure |
Critical | Nested Select Statement | OPT.ABAP.EFFICIENCY.NestedSelectStatement | NestedSelectStatement: Avoid nested SELECT statements |
Critical | No Absolute Paths | OPT.ABAP.APTR.NoAbsolutePaths | NoAbsolutePaths: There should not be an absolute path |
High | No Access Model From Mths | OPT.ABAP.AWD.NoAccessModelFromMths | NoAccessModelFromMths: No direct access to assistance classes from Web Dynpro view controller methods |
Medium | No Append Sorted By | OPT.ABAP.APFR.NoAppendSortedBy | NoAppendSortedBy: Do not use APPEND ... SORTED BY |
High | No Assert With Side Effects Condition | OPT.ABAP.RELIABILITY.NoAssertWithSideEffectsCondition | NoAssertWithSideEffectsCondition: Avoid configurable ASSERTs with side-effects |
Critical | No Authorization Check Call Transaction | OPT.ABAP.SEC.NoAuthorizationCheckCallTransaction | NoAuthorizationCheckCallTransaction: Authorization check must be done explicitely before CALL TRANSACTION |
Critical | No Authorization Check R F C | OPT.ABAP.SEC.NoAuthorizationCheckRFC | NoAuthorizationCheckRFC: Authorization check must be done explicitly in RFC-enabled functions |
High | No Authorization Check SQL | OPT.ABAP.SEC.NoAuthorizationCheckSQL | NoAuthorizationCheckSQL: Authorization check must be done explicitely on SQL statements |
High | No Authorization Group4 Table | OPT.ABAP.SEC.NoAuthorizationGroup4Table | NoAuthorizationGroup4Table: Table without authorization group |
Critical | No Break Point Statements | OPT.ABAP.APBR.NoBreakPointStatements | NoBreakPointStatements: Remove BREAK-POINT statements from production code |
Medium | No Check Or Continue Within Select Loops | OPT.ABAP.APFR.NoCheckOrContinueWithinSelectLoops | NoCheckOrContinueWithinSelectLoops: Do not use CHECK, EXIT or CONTINUE statements inside a SELECT loop |
High | No Control Break Within Loop At Where | OPT.ABAP.APBR.NoControlBreakWithinLoopAtWhere | NoControlBreakWithinLoopAtWhere: Do not use WHERE/FROM/TO in LOOP AT with control level processing blocks (AT FIRST, AT NEW, AT END, AT LAST) |
Low | No Corresponding Fields | OPT.ABAP.APFR.NoCorrespondingFields | NoCorrespondingFields: Do not use CORRESPONDING FIELDS in SELECT * |
Medium | No Data Definitions Within Events | OPT.ABAP.AGR.NoDataDefinitionsWithinEvents | NoDataDefinitionsWithinEvents: Avoid declarations inside an event block |
Medium | No Data Or Object Creation Inside Loops | OPT.ABAP.APFR.NoDataOrObjectCreationInsideLoops | NoDataOrObjectCreationInsideLoops: Avoid creating objects or declaring data inside a loop |
Low | No Dead Data Definitions | OPT.ABAP.AMR.NoDeadDataDefinitions | NoDeadDataDefinitions: In a program, all information defined is in use |
Info | No Declared Field | OPT.ABAP.ASR.NoDeclaredField | NoDeclaredField: Avoid referencing undeclared fields in internal tables or structures |
High | No Exec SQL Statements | OPT.ABAP.APTR.NoExecSqlStatements | NoExecSqlStatements: There should not be an EXEC SQL statements |
Info | No Exist Context | OPT.ABAP.APBR.NoExistContext | NoExistContext: Do not use fields from non declared tables or structures |
Medium | No Field As Operator | OPT.ABAP.ADR.NoFieldAsOperator | NoFieldAsOperator: Avoid using operators as field names |
Low | No Hyphen In Name | OPT.ABAP.AGR.NoHyphenInName | NoHyphenInName: Not use hyphens in the name of the internal table fields |
Medium | No Ids Other Type | OPT.ABAP.ADR.NoIdsOtherType | NoIdsOtherType: Field name is identical to a primitive type but it is declared as another type |
Info | No Literals | OPT.ABAP.AMR.NoLiterals | NoLiterals: Do not use literals in the code |
Low | No Long Ids | OPT.ABAP.ADR.NoLongIds | NoLongIds: Do not use large identifier names |
Info | No Lost Cursor | OPT.ABAP.ASR.NoLostCursor | NoLostCursor: Avoid in a loop SELECT to call to a sentence because of which the cursor gets lost |
High | No Over Write Sys Var | OPT.ABAP.AGR.NoOverWriteSysVar | NoOverWriteSysVar: Avoid overwrite system-variables |
Medium | No Raise Out Of Function Group | OPT.ABAP.APBR.NoRaiseOutOfFunctionGroup | NoRaiseOutOfFunctionGroup: RAISE exception statements inside improper processing block |
Medium | No Select All | OPT.ABAP.ASR.NoSelectAll | NoSelectAll: Avoid SELECT * in SQL queries |
High | No Select Inside Loop | OPT.ABAP.APFR.NoSelectInsideLoop | NoSelectInsideLoop: Avoid include SELECT sentences inside a loop |
Medium | No Sentence After Exit | OPT.ABAP.AGR.NoSentenceAfterExit | NoSentenceAfterExit: Avoid other senteces after STOP, LEAVE PROGRAM, EXIT, RETURN, RAISE, REJECT or SUBMIT |
High | Not In Subquery | OPT.ABAP.EFFICIENCY.NotInSubquery | NotInSubquery: Avoid NOT IN subquery in SELECT |
Critical | No Update Config Tables | OPT.ABAP.ASR.NoUpdateConfigTables | NoUpdateConfigTables: Avoid write operations on sensitive database tables from ABAP code |
High | No Use S Y Uname | OPT.ABAP.AGR.NoUseSYUname | NoUseSYUname: Avoid using system variable SY-UNAME inside a condition |
High | No Wildcards At The Beginning Of Like Literals | OPT.ABAP.APFR.NoWildcardsAtTheBeginningOfLikeLiterals | NoWildcardsAtTheBeginningOfLikeLiterals: Do not use wildcards (% or _) at the beginning of the literal used in LIKE comparisons in SQL statements |
Medium | Number View In W D | OPT.ABAP.AWD.NumberViewInWD | NumberViewInWD: Control the number of views |
Medium | Obsolete Code | OPT.ABAP.PORTABILITY.ObsoleteCode | ObsoleteCode: Obsolete code in SAP 7+ |
Info | One Statement Per Line | OPT.ABAP.AMR.OneStatementPerLine | OneStatementPerLine: Place each sentence in one line |
Low | Only Client Fields In Append Str | OPT.ABAP.ASR.OnlyClientFieldsInAppendStr | OnlyClientFieldsInAppendStr: Always use custom fields in Append structures |
High | Only One Commit And Rollback | OPT.ABAP.APFR.OnlyOneCommitAndRollback | OnlyOneCommitAndRollback: There should be only one COMMIT and ROLLBACK inside a programme |
Medium | Open Close Resources Only Once | OPT.ABAP.APFR.OpenCloseResourcesOnlyOnce | OpenCloseResourcesOnlyOnce: Every resource (cursor or dataset) should be opened and closed only once |
Critical | Open Redirect | OPT.ABAP.SEC.OpenRedirect | OpenRedirect: URL Redirection to Untrusted Site ('Open Redirect') |
Low | Output File Extension | OPT.ABAP.AGR.OutputFileExtension | OutputFileExtension: Output files must have appropiate extensions |
Medium | Output Files With Header | OPT.ABAP.AGR.OutputFilesWithHeader | OutputFilesWithHeader: Output datasets must have a header record |
High | Overwrite System Fields | OPT.ABAP.SEC.OverwriteSystemFields | OverwriteSystemFields: Inadequate usage of ABAP System field |
High | Password Management | OPT.ABAP.SEC.PasswordManagement | PasswordManagement: Avoid hard-coded or in-comment credentials (username / password) in code |
Critical | Path Manipulation | OPT.ABAP.SEC.PathManipulation | PathManipulation: External Control of File Name or Path |
Medium | Path Output File | OPT.ABAP.AMR.PathOutputFile | PathOutputFile: Output files must be stored in file system |
Medium | Percentage Of Comment Lines Per File | OPT.ABAP.ADR.PercentageOfCommentLinesPerFile | PercentageOfCommentLinesPerFile: Check the global amount of comment lines per file |
Medium | Percentage Of Comment Lines Per Method | OPT.ABAP.MAINT.PercentageOfCommentLinesPerMethod | PercentageOfCommentLinesPerMethod: Check the global amount of comment lines per method |
Medium | Recommendable Dynpro Size | OPT.ABAP.AWD.RecommendableDynproSize | RecommendableDynproSize: Use correct sizes in Web Dynpro fields |
Medium | Recommend A L Vwith Report | OPT.ABAP.AGR.RecommendALVwithReport | RecommendALVwithReport: Use ALV (Abap List Viewer) instead of classic list generation in reports |
Low | Recommend Case When Others | OPT.ABAP.AGR.RecommendCaseWhenOthers | RecommendCaseWhenOthers: WHEN OTHERS clause should appear in every CASE statement |
Info | Recommend Start Of Selection | OPT.ABAP.AGR.RecommendStartOfSelection | RecommendStartOfSelection: START-OF-SELECTION event handler should appear in every ABAP report |
High | Recommend Where With Indexes | OPT.ABAP.ASR.RecommendWhereWithIndexes | RecommendWhereWithIndexes: Use indexed columns in WHERE condition on large tables |
Critical | Regex Injection | OPT.ABAP.SEC.RegexInjection | RegexInjection: Prevent denial of service attack through malicious regular expression ('Regex Injection') |
Medium | Replace If With Case | OPT.ABAP.APFR.ReplaceIfWithCase | ReplaceIfWithCase: Replace IF ... ENDIF with CASE ... ENDCASE when possible |
High | Rfc Callback Attack | OPT.ABAP.SEC.RfcCallbackAttack | RfcCallbackAttack: RFC call without callback attack protection |
Critical | Rfc Destination Injection | OPT.ABAP.SEC.RfcDestinationInjection | RfcDestinationInjection: Destination injection in RFC call |
Medium | Security Select Tables | OPT.ABAP.ASR.SecuritySelectTables | SecuritySelectTables: Avoid queries on sensitive tables from ABAP code |
Low | Select Into Instead Of Select Appending | OPT.ABAP.APFR.SelectIntoInsteadOfSelectAppending | SelectIntoInsteadOfSelectAppending: Use SELECT + INTO instead of SELECT APPENDING |
Low | Select Into Table Instead Of Select End Select | OPT.ABAP.APFR.SelectIntoTableInsteadOfSelectEndSelect | SelectIntoTableInsteadOfSelectEndSelect: Do not use SELECT...ENDSELECT for loading an internal table |
Low | Set Get Sys Param | OPT.ABAP.APBR.SetGetSysParam | SetGetSysParam: Use existing parameters in the system |
High | Sort Before Removing Duplicates | OPT.ABAP.RELIABILITY.SortBeforeRemovingDuplicates | SortBeforeRemovingDuplicates: Sort internal tables before removing duplicates |
Low | Sort Instead Of Order By | OPT.ABAP.ASR.SortInsteadOfOrderBy | SortInsteadOfOrderBy: Use ABAP SORT instead of ORDER BY in SELECT |
Critical | Sort Stmt In A Loop | OPT.ABAP.EFFICIENCY.SortStmtInALoop | SortStmtInALoop: Avoid declaring SORT statements inside a LOOP |
Critical | SQL Injection | OPT.ABAP.SEC.SqlInjection | SqlInjection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Medium | Stand Comment Form | OPT.ABAP.ADR.StandCommentForm | StandCommentForm: In the FORM it is advisable to use the comments with standard format |
High | Submit Report | OPT.ABAP.AGR.SubmitReport | SubmitReport: Avoid too many SUBMIT calls in a report |
Low | Submit Report Type1 | OPT.ABAP.APBR.SubmitReportType1 | SubmitReportType1: Avoid call reports that are not type 1 |
Critical | Submit Stmt In A Loop | OPT.ABAP.EFFICIENCY.SubmitStmtInALoop | SubmitStmtInALoop: Avoid declaring SUBMIT statements inside a LOOP |
Low | Subroutine Definitions After Events | OPT.ABAP.AGR.SubroutineDefinitionsAfterEvents | SubroutineDefinitionsAfterEvents: Every subroutine should be declared after events |
Low | Suggest Append Lines Instead Of Append | OPT.ABAP.APFR.SuggestAppendLinesInsteadOfAppend | SuggestAppendLinesInsteadOfAppend: For efficiency, use APPEND LINES OF instead of APPEND |
Medium | Suggest Others Exceptions | OPT.ABAP.APBR.SuggestOthersExceptions | SuggestOthersExceptions: Call with no OTHERS option in EXCEPTIONS |
High | Suggest Select Where | OPT.ABAP.ASR.SuggestSelectWhere | SuggestSelectWhere: SELECT without WHERE |
Low | Suggest Typed Parameters | OPT.ABAP.AGR.SuggestTypedParameters | SuggestTypedParameters: Avoid procedures with untyped or too generic type parameters |
High | Suggest While Instead Of Do | OPT.ABAP.APFR.SuggestWhileInsteadOfDo | SuggestWhileInsteadOfDo: Use WHILE instead of unconditional DO loops |
Low | Too Many Attributes In A Class | OPT.ABAP.MAINT.TooManyAttributesInAClass | TooManyAttributesInAClass: Avoid declaring too many class attributes |
Low | Too Many Database Operations In Block | OPT.ABAP.MAINT.TooManyDatabaseOperationsInBlock | TooManyDatabaseOperationsInBlock: Avoid too many database operations in a behavioral unit |
Low | Too Many Lines By File | OPT.ABAP.MAINT.TooManyLinesByFile | TooManyLinesByFile: Avoid files with too many lines |
Medium | Too Nested Macro Calls | OPT.ABAP.MAINT.TooNestedMacroCalls | TooNestedMacroCalls: Avoid too nested macro calls |
High | Uncaught Exception In Rfc Call | OPT.ABAP.RELIABILITY.UncaughtExceptionInRfcCall | UncaughtExceptionInRfcCall: Uncaught exception in RFC call |
Medium | Unicode Programs | OPT.ABAP.ADR.UnicodePrograms | UnicodePrograms: The code must guard compatibility with UNICODE |
High | Update Dbtable Without Where | OPT.ABAP.RELIABILITY.UpdateDbtableWithoutWhere | UpdateDbtableWithoutWhere: UPDATE on database table without WHERE |
High | Update Delete Without Where | OPT.ABAP.EFFICIENCY.UpdateDeleteWithoutWhere | UpdateDeleteWithoutWhere: UPDATE / DELETE without WHERE |
Info | Usages Of Sy Sysid | OPT.ABAP.SEC.UsagesOfSySysid | UsagesOfSySysid: Usage of sy-sysid (informative) |
Info | Usages Of Sy Uname | OPT.ABAP.SEC.UsagesOfSyUname | UsagesOfSyUname: Usage of sy-uname (informative) |
Medium | Use Attributes Controller Class | OPT.ABAP.AWD.UseAttributesControllerClass | UseAttributesControllerClass: Web Dynpro controller classes must have the attributes WDTHIS and WDCONTEXT |
Medium | Use Class Based Exceptions | OPT.ABAP.MAINT.UseClassBasedExceptions | UseClassBasedExceptions: Use class-based exception handling |
High | Use For All Entries | OPT.ABAP.APFR.UseForAllEntries | UseForAllEntries: Ensure that internal table in FOR ALL ENTRIES clause is not empty |
Medium | Use Local Instead Of Tables In Subroutines | OPT.ABAP.AGR.UseLocalInsteadOfTablesInSubroutines | UseLocalInsteadOfTablesInSubroutines: Do not declare TABLES/NODES in procedures, modules or event blocks |
High | Use Read With Binary Search If With Key | OPT.ABAP.APFR.UseReadWithBinarySearchIfWithKey | UseReadWithBinarySearchIfWithKey: Use BINARY SEARCH with WITH KEY when reading tables |
High | Warn Scroll | OPT.ABAP.AWD.WarnScroll | WarnScroll: Avoid Web Dynpro elements with scrollingMode {} |
Low | Warn Without Adobe Print Form | OPT.ABAP.ADR.WarnWithoutAdobePrintForm | WarnWithoutAdobePrintForm: Warning if Print Forms is not in use Adobe as form |
High | Weak Hash Algorithm | OPT.ABAP.SEC.WeakHashAlgorithm | WeakHashAlgorithm: Weak cryptographic hashes cannot guarantee data integrity |
Low | Where Clauses Without Not Or | OPT.ABAP.ASR.WhereClausesWithoutNotOr | WhereClausesWithoutNotOr: Avoid NOT / OR operators inside WHERE clauses in database operations |
Low | Working With Report | OPT.ABAP.AGR.WorkingWithReport | WorkingWithReport: Avoid dynamic operations (READ, INSERT or DELETE) with reports |
Low | Working With Text Pool | OPT.ABAP.AGR.WorkingWithTextPool | WorkingWithTextPool: Avoid read, insert or delete textpools |
Select | Generate | Header | Row |
|---|---|---|---|
But don't use a table title | |||
Use a table as a table |