Oracle Forms Scan rules
Contrast Scan supports these rules for Oracle Forms.
Severity | Engine rule ID | Contrast rule | Description |
|---|---|---|---|
Critical | OPT.ORACLEFORMS.SqlInjection | SQL Injection | SqlInjection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Critical | OPT.ORACLEFORMS.AvoidGoto | Avoid Goto | AvoidGoto: Do not use GOTO statement |
Critical | OPT.ORACLEFORMS.DeleteWithoutWhere | Delete Without Where | DSW: Find DELETE queries without WHERE |
Critical | OPT.ORACLEFORMS.DoNotUseCallOpenForm | Do Not Use Call Open Form | DoNotUseCallOpenForm: Do not use CALL_FORM or OPEN_FORM built-in in Oracle Applications |
Critical | OPT.ORACLEFORMS.GroupByWithFieldsNotInSelect | Group By With Fields Not In Select | TotalGroupAgr: Do not use GROUP BY in fields that are not present in the select |
Critical | OPT.ORACLEFORMS.GroupByWithoutAggregationFunction | Group By Without Aggregation Function | TotalGroup: Do not use GROUP BY in selects without aggregation functions |
Critical | OPT.ORACLEFORMS.QueriesAfterRaise | Queries After Raise | ESPR: Do not put queries after RAISE and RAISE_APPLICATION_ERROR |
High | OPT.ORACLEFORMS.UseBindVariables | Use Bind Variables | UVB: Use BIND variables |
High | OPT.ORACLEFORMS.AvoidJoinsOnTooManyTables | Avoid Joins On Too Many Tables | AvoidJoinsOnTooManyTables: Avoid joins between too many tables |
High | OPT.ORACLEFORMS.AvoidMultipleOrInWhere | Avoid Multiple Or In Where | TooMuchOr: Do not perform several OR checks over the same field |
High | OPT.ORACLEFORMS.AvoidNegatedWhereClauses | Avoid Negated Where Clauses | AvoidNeg: Do not use negations in the WHERE clauses |
High | OPT.ORACLEFORMS.AvoidSelectAsterisk | Avoid Select Asterisk | ICT: Put columns of the table to query |
High | OPT.ORACLEFORMS.AvoidSqlInTriggers | Avoid SQL In Triggers | AvoidSqlInTriggers: Avoid having SQL code in certain trigger types |
High | OPT.ORACLEFORMS.AvoidStartingPercentInLike | Avoid Starting Percent In Like | AvoidPercent: Warns about queries that use LIKE filters and '%' patterns |
High | OPT.ORACLEFORMS.AvoidTooLargePlsqlCode | Avoid Too Large Plsql Code | NLSM: Find PLSQL with more than 1000 lines |
High | OPT.ORACLEFORMS.AvoidTooLargeRoutines | Avoid Too Large Routines | BigSize: Detects functions and procedures too large |
High | OPT.ORACLEFORMS.CheckNoDataFound | Check No Data Found | NDFException: Check NO_DATA_FOUND exception when SELECT with INTO statement is used |
High | OPT.ORACLEFORMS.CloseOpenedCursors | Close Opened Cursors | CC: Close all opened cursors |
High | OPT.ORACLEFORMS.CloseOpenedRefCursors | Close Opened Ref Cursors | CRC: Close all opened ref cursors |
High | OPT.ORACLEFORMS.DoNotCallHost | Do Not Call Host | DoNotCallHost: Do not call HOST built-in |
High | OPT.ORACLEFORMS.DoNotRaiseApplicationError | Do Not Raise Application Error | DoNotRaiseApplicationError: Do not use RAISE_APPLICATION_ERROR |
High | OPT.ORACLEFORMS.DoNotRepeatSqlCode | Do Not Repeat SQL Code | DoNotRepeatSqlCode: Do not copy and paste SQL code |
High | OPT.ORACLEFORMS.DoNotUseGlobalVariables | Do Not Use Global Variables | DoNotUseGlobalVariables: Do not use Forms Global Variables |
High | OPT.ORACLEFORMS.DoNotUseSqlControlVarsOutsideException | Do Not Use SQL Control Vars Outside Exception | OracleVar: Do not use control variables outside EXCEPTION blocks |
High | OPT.ORACLEFORMS.ParametersByReferenceInCalls | Parameters By Reference In Calls | PPR: Use reference parameters |
High | OPT.ORACLEFORMS.RoutineMustControlExceptions | Routine Must Control Exceptions | GER1: Must be at least a block of exceptions by routine |
High | OPT.ORACLEFORMS.UpdateWithoutWhere | Update Without Where | USW: Find UPDATE queries without WHERE |
High | OPT.ORACLEFORMS.UseInInsteadOfOr | Use In Instead Of Or | UILO: Use IN instead of OR |
High | OPT.ORACLEFORMS.UseProperCoordinateSystem | Use Proper Coordinate System | UseProperCoordinateSystem: Use proper coordinate system |
High | OPT.ORACLEFORMS.UseWhileInsteadOfExitWhen | Use While Instead Of Exit When | WL: Use WHILE instead of EXIT WHEN |
High | OPT.ORACLEFORMS.WhenOthersInExceptionControl | When Others In Exception Control | GER2: WHEN OTHERS clause must be included in exceptions |
Info | OPT.ORACLEFORMS.AliasInSelectFields | Alias In Select Fields | JOIN2: Use the specific alias for JOINS |
Info | OPT.ORACLEFORMS.AvoidDatabaseLinks | Avoid Database Links | DBL: Find @dblink |
Info | OPT.ORACLEFORMS.NamingConvention | Naming Convention | NamingConvention: Name of Oracle Forms/Reports elements must match naming conventions |
Info | OPT.ORACLEFORMS.UseConsistentJoinSyntax | Use Consistent Join Syntax | DefSintax: Defines the syntax in the SELECT statements |
Info | OPT.ORACLEFORMS.UseTableAlias | Use Table Alias | TableAlias: Define an alias for each table |
Low | OPT.ORACLEFORMS.AvoidSubqueries | Avoid Subqueries | InSelects: Do not use SELECT with subqueries in the FROM or WHERE clauses |
Low | OPT.ORACLEFORMS.Comment | Comment | Comment: Avoid objects without comment property |
Low | OPT.ORACLEFORMS.ElementNameMustEqualDatabaseName | Element Name Must Equal Database Name | ElementNameMustEqualDatabaseName: Blocks and Items should have the same table and column as the element name |
Medium | OPT.ORACLEFORMS.AvoidForInCursors | Avoid For In Cursors | NDCF: Avoid declaring cursors 'on the fly' |
Medium | OPT.ORACLEFORMS.AvoidNonBlockingInteractionMode | Avoid Non Blocking Interaction Mode | AvoidNonBlockingInteractionMode: Avoid Non-Blocking Interaction Mode in forms |
Medium | OPT.ORACLEFORMS.AvoidUnusedLocalVars | Avoid Unused Local Vars | UselessVar: Detects local variables declared but not used |
Medium | OPT.ORACLEFORMS.AvoidUsingDataDictionary | Avoid Using Data Dictionary | OracleTables: Avoid using tables and views of the Oracle Data Dictionary |
Medium | OPT.ORACLEFORMS.CaseWithoutExcludingConditions | Case Without Excluding Conditions | UndefCase: Checks WHEN clauses are using the same control variable |
Medium | OPT.ORACLEFORMS.DoNotReferenceFormObjectsInLibraries | Do Not Reference Form Objects In Libraries | DoNotReferenceFormObjectsInLibraries: Do not reference Form objects in libraries |
Medium | OPT.ORACLEFORMS.FunctionsInWhere | Functions In Where | EFCW: Avoid use of functions in WHERE clause |
Medium | OPT.ORACLEFORMS.UselessParam | Useless Param | UselessParam: Detects parameters declared but not used |