rspec/rules/S5119/abap/rule.adoc

== Why is this an issue?

Modifying SAP standard tables via an Open SQL statement can result in data corruption and unexpected behavior. This is because a direct modification bypasses all validation mechanisms.

Instead, the use of standard functions or SAP Business Add-Ins (BAdIs) is recommended.


This rule raises an issue on Open SQL statements ``++INSERT++``, ``++UPDATE++``, ``++MODIFY++``, or ``++SELECT ... FOR UPDATE++`` which target an SAP table, i.e. a table with a name starting with a character between "A" and "X", case insensitive.


=== Noncompliant code example

[source,abap]
----
SELECT my_col FROM my_system_table WHERE my_id = 123 FOR UPDATE. " Noncompliant

SELECT my_col FROM z_custom_table WHERE my_id = 123 FOR UPDATE. " Ignored; modifies a custom table
----


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Replace this Open SQL statement with a standard function call or an SAP BAdI


=== Highlighting

The table name


'''
== Comments And Links
(visible only on this page)

=== on 2 Jan 2019, 14:56:43 Ann Campbell wrote:
\[~nicolas.harraudeau] it wasn't clear to me until I got to the code sample that the targeted characters are case-insensitive. 


Also, is the second line in the code sample intended to be the Compliant solution, or just an example of something that's ignored by the rule? If the former, it should be moved into a separate, "Compliant Solution" sample, where no "compliant" comment is needed because everything in it is compliant by definition. (And really, even in the Noncompliant example I wouldn't use a "compliant" comment.)

=== on 4 Jan 2019, 10:00:23 Nicolas Harraudeau wrote:
\[~ann.campbell.2] Thanks for the review. The second example is just something ignored by the rule. I changed the "Compliant" comment into something more explicit. Let me know if it is still not clear.

=== on 7 Jan 2019, 08:55:39 Alexandre Gigleux wrote:
\[~nicolas.harraudeau] 

* I renamed "OpenSQL" and "OpenSql" into "Open SQL" because it looks to be the format used by SAP: \https://help.sap.com/doc/saphelp_nw70/7.0.31/en-US/fc/eb3969358411d1829f0000e829fbfe/content.htm?no_cache=true
* Could you add a link here, as a comment, to SAP Badis, because I can't find what it is and I would like to learn more about it? Thx

endif::env-github,rspecator-view[]
-												migrate rule descriptions to new education format

											
										
										
											2023-05-03 11:06:20 +02:00
+								== Why is this an issue?
-												Restructure one-lang rspecs

											
										
										
											2021-04-28 16:49:39 +02:00
+								Modifying SAP standard tables via an Open SQL statement can result in data corruption and unexpected behavior. This is because a direct modification bypasses all validation mechanisms.
 								Instead, the use of standard functions or SAP Business Add-Ins (BAdIs) is recommended.
 								This rule raises an issue on Open SQL statements ``++INSERT++``, ``++UPDATE++``, ``++MODIFY++``, or ``++SELECT ... FOR UPDATE++`` which target an SAP table, i.e. a table with a name starting with a character between "A" and "X", case insensitive.
-												Fix the missing default metadata fields

											
										
										
											2021-04-28 18:08:03 +02:00
-												migrate rule descriptions to new education format

											
										
										
											2023-05-03 11:06:20 +02:00
+								=== Noncompliant code example
-												Restructure one-lang rspecs

											
										
										
											2021-04-28 16:49:39 +02:00
-												RULEAPI-661: Add syntax coloring


											
										
										
											2022-02-04 17:28:24 +01:00
+								[source,abap]
-												Restructure one-lang rspecs

											
										
										
											2021-04-28 16:49:39 +02:00
+								----
 								SELECT my_col FROM my_system_table WHERE my_id = 123 FOR UPDATE. " Noncompliant
 								SELECT my_col FROM z_custom_table WHERE my_id = 123 FOR UPDATE. " Ignored; modifies a custom table
 								----
-												Fix the missing default metadata fields

											
										
										
											2021-04-28 18:08:03 +02:00
-												Export comments and rspec-to-rspec links from jira

											
										
										
											2021-06-02 20:44:38 +02:00
-												Fix the comment display: rule-id, timestamp, GH visibility, link direction

											
										
										
											2021-06-03 09:05:38 +02:00
+								ifdef::env-github,rspecator-view[]
-												RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346)


											
										
										
											2021-09-20 15:38:42 +02:00
 								'''
 								== Implementation Specification
 								(visible only on this page)
-												Inline adoc when include has no additional value (#1940)

Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
											
										
										
											2023-05-25 14:18:12 +02:00
+								=== Message
 								Replace this Open SQL statement with a standard function call or an SAP BAdI
 								=== Highlighting
 								The table name
-												RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346)


											
										
										
											2021-09-20 15:38:42 +02:00
-												RULEAPI-576: add a horizontal rule between rule description and comments


											
										
										
											2021-06-08 15:52:13 +02:00
+								'''
-												Export comments and rspec-to-rspec links from jira

											
										
										
											2021-06-02 20:44:38 +02:00
+								== Comments And Links
 								(visible only on this page)
-												Inline adoc when include has no additional value (#1940)

Inline adoc files when they are included exactly once.

Also fix language tags because this inlining gives us better information
on what language the code is written in.
											
										
										
											2023-05-25 14:18:12 +02:00
+								=== on 2 Jan 2019, 14:56:43 Ann Campbell wrote:
 								\[~nicolas.harraudeau] it wasn't clear to me until I got to the code sample that the targeted characters are case-insensitive.
 								Also, is the second line in the code sample intended to be the Compliant solution, or just an example of something that's ignored by the rule? If the former, it should be moved into a separate, "Compliant Solution" sample, where no "compliant" comment is needed because everything in it is compliant by definition. (And really, even in the Noncompliant example I wouldn't use a "compliant" comment.)
 								=== on 4 Jan 2019, 10:00:23 Nicolas Harraudeau wrote:
 								\[~ann.campbell.2] Thanks for the review. The second example is just something ignored by the rule. I changed the "Compliant" comment into something more explicit. Let me know if it is still not clear.
 								=== on 7 Jan 2019, 08:55:39 Alexandre Gigleux wrote:
 								\[~nicolas.harraudeau]
 								* I renamed "OpenSQL" and "OpenSql" into "Open SQL" because it looks to be the format used by SAP: \https://help.sap.com/doc/saphelp_nw70/7.0.31/en-US/fc/eb3969358411d1829f0000e829fbfe/content.htm?no_cache=true
 								* Could you add a link here, as a comment, to SAP Badis, because I can't find what it is and I would like to learn more about it? Thx
-												Fix the comment display: rule-id, timestamp, GH visibility, link direction

											
										
										
											2021-06-03 09:05:38 +02:00
+								endif::env-github,rspecator-view[]