- DBMS_ASSERT is an Oracle-supplied PL/SQL package containing seven functions that can be used to filter and sanitize input strings, particularly those that are meant to be used as Oracle identifiers.
- NOOP: NOOP does not perform any validation and returns the string unchanged. Allows developers to mark some data as trusted, and thereby, disable some SQL injection checks in the source scanning tools. Avoid using this function unless approved by the product security compliance team.
- ENQUOTE_LITERAL: ENQUOTE_LITERAL encloses string literal in single quotes
- ENQUOTE_NAME: ENQUOTE_NAME encloses string literal in double quotes
- SIMPLE_SQL_NAME: SIMPLE_SQL_NAME verifies that the string is a simple SQL name
- QUALIFIED_SQL_NAME: QUALIFIED_SQL_NAME verifies that the string is a qualified SQL name
- SCHEMA_NAME: SCHEMA_NAME verifies that the string is an existing schema name
- SQL_OBJECT_NAME: SQL_OBJECT_NAME verifies that the string is a qualified identifier of an existing SQL object
- While two of these functions can be used to filter and sanitize any input strings, the majority of them are specifically crafted to validate Oracle identifiers. These are the ENQUOTE_LITERAL and the ENQUOTE_NAME functions. The other functions either do nothing i.e. the NOOP function or return the input string unchanged if the verification algorithm does not raise any exceptions.
- When using the DBMS_ASSERT package, always specify the SYS schema rather than relying on a public synonym.
Friday, May 14, 2021
DBMS_ASSERT in Oracle
Subscribe to:
Post Comments (Atom)
Optumflex Solutions for your ERP business needs. Visit Optumflex.com for more information.
ReplyDeleteVery Good info.,helpful in my learning s. Keep sharing more, appreciated team on blogs writing s sharing info.,
ReplyDeleteAmazing write-up
ReplyDeleteWow
ReplyDeleteSuper
ReplyDeleteNice
ReplyDelete