Archive for the ‘Analysis Rules’ Category


CR0003: Non-ISO standard comparison operator found

Thursday, January 15th, 2015

Message

Non-ISO standard comparison operator found

Description

It is adviseable to use ISO standard comparison operators instead of non-ISO standard operators to help ensure optimal cross-platform and future version compatibility.

  • Not equal to: Use <> instead of !=
  • Greater than or equal to: Use >= instead of !<
  • Less than or equal to: Use <= instead of !>

While it is currently acceptable to use such non-ISO operators, you should consider that statements that you create might not be supported on other ISO-compliant database management systems.

Also, non-ISO standard comparison operators may not be supported on future versions of SQL Server.

Author

Phil Streiff

Example

-- Test Case 1: The violation should be reported
SELECT Column1 FROM Table1 WHERE Column1 != 1
-- Test Case 2: The violation should be reported
SELECT Column1 FROM Table1 WHERE Column1 !< 1
-- Test Case 3: The violation should be reported
SELECT Column1 FROM Table1 WHERE Column1 !> 1

-- Test Case 4: A violation should not be reported
SELECT Column1 FROM Table1 WHERE Column1 <> 1
-- Test Case 5: A violation should not be reported
SELECT Column1 FROM Table1 WHERE Column1 >= 1
-- Test Case 6: A violation should no be reported
SELECT Column1 FROM Table1 WHERE Column1 <= 1

Download
The rule can be downloaded here.

CR0002: Avoid altering security within stored procedures

Wednesday, March 12th, 2014

Message

Avoid altering security within stored procedures

Description

The rule checks and alerts for usage of GRANT, REVOKE, or DENY statements within the body of a stored procedure.
Avoid altering security within stored procedures, functions, and triggers. This can lead to unnecessary database calls, or it can hinder troubleshooting security permissions.

Author

Jeff Foushee

Example

CREATE PROCEDURE testsp_CR0002 (
    @Code VARCHAR(30) = NULL
)
AS

BEGIN
    IF @Code IS NULL
        SELECT * FROM Table1
    ELSE
        SELECT * FROM Table1 WHERE Code like @Code + '%'

    UPDATE MyTable SET Col1 = 'myvalue'

    BEGIN TRAN
        GRANT EXEC ON testsp_CR0002 to myuser
    COMMIT TRAN

    GRANT EXEC ON testsp_CR0002 to myuser  --IGNORE:CR0002

    REVOKE SELECT ON dbo.Table1 TO myuser

    DENY EXECUTE ON testsp_CR0002 to myuser

END

-- this is fine because it is outside of the stored procedure
GRANT EXEC ON testsp_CR0002 to myuser  

Download
The rule can be downloaded here.

CR0001: TOP (100) PERCENT

Wednesday, March 12th, 2014

Message

TOP (100) PERCENT found

Description

This rule checks for the phrase “TOP (100) PERCENT”.
This phrase has no bearing unless the percentage is less than 100.
This phrase is commonly generated by creating a view in the SQL Server View Designer.

Author

Jeff Foushee

Example

SELECT TOP 100 PERCENT
           LastName, FirstName, JobTitle, Department
FROM       HumanResources.vEmployeeDepartment
ORDER BY LastName ASC

Download
The rule can be downloaded here.

How to get a free license of SQL Enlight

Tuesday, February 25th, 2014

 

Until now, only MVPs and trainers are entitled to free SQL Enlight Licenses.  Now everyone who authors a custom analysis rule and shares it with the SQL Server Community can also get a free personal license of SQL Enlight For SSMS worth $145.

What you will have to do?

1. Think of a new useful custom analysis rule and implement it.

2. Write a blog post that describes the practice, which it is enforcing and share the rule’s xml file.

You have your rule and post ready, what’s next?

Simply email your rule to rules@ubitsoft.com or send us link to a blog post describing the rule. Once we check the rule we will give you a free SQL Enlight For SSMS license.

Wondering where to start?

First download and install the latest version of SQL Enlight or SQL Enlight For SSMS.

The Analysis Rule Designer which comes with the tools is not limited by the trial period and you can freely use it to learn create and test your analysis rules.

Here is some resources, which you can use:

More Resources:
We are preparing a step by step tutorial for how to create a custom rule with SQL Enlight and will add a link to it in this post as soon as we have the tutorial published.

If you have any questions, please feel free to contact us.

List of the new analysis rules in version 1.9.0.587

Monday, October 3rd, 2011

These are the new rules added in the analysis template of SQL Enlight 1.9.0.587:

  1. SA0060 : The sp_xml_preparedocument procedure call is not paired with a following sp_xml_removedocument call.
  2. SA0061A : Check all Tables in the current database for following specified naming convention.(Context Only)
  3. SA0061B : Check table names used in CREATE TABLE statements for table name following specified naming convention.(Batch)
  4. SA0062A : Check all Functions in the current database for following specified naming convention.(Context Only)
  5. SA0062B : Check function names used in CREATE FUNCTION statements for following specified naming convention. (Batch)
  6. SA0063A : Check all Views in the current database for following specified naming convention.(Context Only)
  7. SA0063B : Check view names used in CREATE VIEW statements for following specified naming convention. (Batch)
  8. SA0064A : Check all Stored Procedures in the current database for following specified naming convention.(Context Only)
  9. SA0064B : Check stored procedure names used in CREATE PROCEDURE statements for following specified naming convention. (Batch)
  10. SA0065A : Check all Triggers for for following specified naming convention.(Context Only)
  11. SA0065B : Check trigger names used in CREATE TRIGGER statements for for following specified naming convention. (Batch)
  12. SA0066A : Check all Columns for following specified naming convention.(Context Only)
  13. SA0067A : Check all Unique Key Constraints in the current database for following specified naming convention.(Context Only)
  14. SA0068A : Check all Check Constraints in the current database for following specified naming convention.(Context Only)
  15. SA0069A : Check all Default Constraints in the current database for following specified naming convention.(Context Only)
  16. SA0070A : Check all Primary Key Constraints in the current database for following specified naming convention.(Context Only)
  17. SA0071A : Check all Foreign Key Constraints in the current database for following specified naming convention.(Context Only)
  18. SA0072A : Check all Non-Key Indexes in the current database for following specified naming convention.(Context Only)
  19. SA0073A : Check all User-Defined Types in the current database for following specified naming convention.(Context Only)
  20. SA0074A : Check all Schemas in the current database for following specified naming convention.(Context Only)
  21. SA0075 : Avoid constraints created with system generated name.
  22. SA0076 : Check UPDATE and DELETE statements for not filtering using all the PRIMAR KEY columns of the target table.
  23. SA0077 : Avoid executing dynamic code using EXECUTE statement.
  24. SA0078 : Statement is not terminated with semicolon.
  25. SA0079 : Avoid using column numbers in ORDER BY clause.
  26. SA0080 : Do not use VARCHAR or NVARCHAR data types without specifying length.
  27. SA0081 : Do not use DECIMAL or NUMERIC data types without specifying precision and scale.
  28. SA0082 : Consider prefixing column names with table name or table alias.
  29. SA0085 : Check database objects for missing specific extended properties.